lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20100609155041.GD6162@thunk.org>
Date:	Wed, 9 Jun 2010 11:50:41 -0400
From:	tytso@....edu
To:	Linus Torvalds <torvalds@...ux-foundation.org>
Cc:	Ingo Molnar <mingo@...e.hu>, Salman <sqazi@...gle.com>,
	Andrew Morton <akpm@...ux-foundation.org>,
	peterz@...radead.org, akpm@...x-foundation.org,
	linux-kernel@...r.kernel.org, tytso@...gle.com,
	Thomas Gleixner <tglx@...utronix.de>
Subject: Re: [PATCH] Fix a race in pid generation that causes pids to be
 reused immediately.

On Wed, Jun 09, 2010 at 08:39:00AM -0700, Linus Torvalds wrote:
> 
> So I had to read the patch _and_ go read the code it patched, in order to 
> at all understand what it did. I think the patch explanation should have 
> done it, and I also think this would need a bit comment at the top.
> 
> [ In fact, I'd argue that the _old_ code would have needed a big comment 
>   at the top about last_pid usage, but i somebody had done that, they'd 
>   probably also have seen the race while explaning how the code worked ;]
>

Salman had created a very nice ASCII art diagram of the race in the
mail thread with the internal bug reporter who noticed the problem.
We could include that, if you don't mind the commit description
growing by 30-40 lines.  :-) I agree though that better documentation
n the source code about _how_ alloc_pidmap was supposed to avoid all
possible races would have probably been a good idea.

> [ Or Ted's version: as mentioned, I don't think the complexity is actually 
>   in the final cmpxchg loop itself, but in the bigger picture, so I don't 
>   think the differences between Ted's and Salman's versions are that big ]

Yah, I had been staring at the code for a while, so I had the feeling
that my intuition of which patch would be clearer was probably biased.

We do need to deal with pid wrap possibility just to be completely
correct, although the chance of hitting _that_ are pretty remote.

	 	      	     		- Ted
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ