lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Wed, 30 Jun 2010 12:51:21 -0700
From:	Andrew Morton <akpm@...ux-foundation.org>
To:	Manfred Spraul <manfred@...orfullife.com>
Cc:	Christoph Lameter <cl@...ux-foundation.org>,
	Pekka Enberg <penberg@...helsinki.fi>, linux-mm@...ck.org,
	Nick Piggin <npiggin@...e.de>, Matt Mackall <mpm@...enic.com>,
	LKML <linux-kernel@...r.kernel.org>
Subject: Re: [S+Q 01/16] [PATCH] ipc/sem.c: Bugfix for semop() not reporting
 successful operation

On Wed, 30 Jun 2010 21:38:43 +0200
Manfred Spraul <manfred@...orfullife.com> wrote:

> Hi Andrew,
> 
> On 06/29/2010 09:08 PM, Andrew Morton wrote:
> > On Tue, 29 Jun 2010 10:42:42 -0500 (CDT)
> > Christoph Lameter<cl@...ux-foundation.org>  wrote:
> >
> >    
> >> This is a patch from Manfred. Required to make 2.6.35-rc3 work.
> >>
> >>      
> > My current version of the patch is below.
> >
> > I believe that Luca has still seen problems with this patch applied so
> > its current status is "stuck, awaiting developments".
> >
> > Is that a correct determination?
> >    
> 
> I would propose that you forward a patch to Linus - either the one you 
> have in your tree or the v2 that I've just posted.

OK, I added the incremental change:

--- a/ipc/sem.c~ipc-semc-bugfix-for-semop-not-reporting-successful-operation-update
+++ a/ipc/sem.c
@@ -1440,7 +1440,14 @@ SYSCALL_DEFINE4(semtimedop, int, semid, 
 
 	if (error != -EINTR) {
 		/* fast path: update_queue already obtained all requested
-		 * resources */
+		 * resources.
+		 * Perform a smp_mb(): User space could assume that semop()
+		 * is a memory barrier: Without the mb(), the cpu could
+		 * speculatively read in user space stale data that was
+		 * overwritten by the previous owner of the semaphore.
+		 */
+		smp_mb();
+
 		goto out_free;
 	}
 
_

> With stock 2.6.35-rc3, my semtimedop() stress tests produces an oops or 
> an invalid return value (i.e.:semtimedop() returns with "1") within a 
> fraction of a second.
> 
> With either of the patches applied, my test apps show the expected behavior.

OK, I'll queue it up.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ