| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20100805183140.0735a7b7@desktopvm.lvknet>
Date: Thu, 5 Aug 2010 18:31:40 +0400
From: Alexander Gordeev <lasaine@....cs.msu.su>
To: Vitezslav Samel <vitezslav@...el.cz>
Cc: linux-kernel@...r.kernel.org,
"Nikita V. Youshchenko" <yoush@...msu.su>,
linuxpps@...enneenne.com, Rodolfo Giometti <giometti@...eenne.com>,
john stultz <johnstul@...ibm.com>,
Andrew Morton <akpm@...ux-foundation.org>,
Tejun Heo <tj@...nel.org>, Joonwoo Park <joonwpark81@...il.com>
Subject: Re: [PATCHv3 03/16] pps: fix race in PPS_FETCH handler
В Thu, 5 Aug 2010 13:07:50 +0200
Vitezslav Samel <vitezslav@...el.cz> пишет:
> On Thu, Aug 05, 2010 at 02:19:51PM +0400, Alexander Gordeev wrote:
> > Hi Vitezslav,
> >
> > В Thu, 5 Aug 2010 07:19:29 +0200
> > Vitezslav Samel <vitezslav@...el.cz> пишет:
> >
> > > On Thu, Aug 05, 2010 at 01:06:40AM +0400, Alexander Gordeev wrote:
> > > > There was a race in PPS_FETCH ioctl handler when several processes want
> > > > to obtain PPS data simultaneously using sleeping PPS_FETCH. They all
> > > > sleep most of the time in the system call.
> > > > With the old approach when the first process waiting on the pps queue
> > > > is waken up it makes new system call right away and zeroes pps->go. So
> > > > other processes continue to sleep. This is a clear race condition
> > > > because of the global 'go' variable.
> > > > With the new approach pps->last_ev holds some value increasing at each
> > > > PPS event. PPS_FETCH ioctl handler saves current value to the local
> > > > variable at the very beginning so it can safely check that there is a
> > > > new event by just comparing both variables.
> > > >
> > > > Signed-off-by: Alexander Gordeev <lasaine@....cs.msu.su>
> > > > ---
> > > > drivers/pps/kapi.c | 4 ++--
> > > > drivers/pps/pps.c | 10 +++++++---
> > > > include/linux/pps_kernel.h | 2 +-
> > > > 3 files changed, 10 insertions(+), 6 deletions(-)
> > > >
> > > > diff --git a/drivers/pps/kapi.c b/drivers/pps/kapi.c
> > > > index 55f3961..3f89f5e 100644
> > > > --- a/drivers/pps/kapi.c
> > > > +++ b/drivers/pps/kapi.c
> > > > @@ -326,8 +326,8 @@ void pps_event(int source, struct pps_ktime *ts, int event, void *data)
> > > >
> > > > /* Wake up if captured something */
> > > > if (captured) {
> > > > - pps->go = ~0;
> > > > - wake_up_interruptible(&pps->queue);
> > > > + pps->last_ev++;
> > > > + wake_up_interruptible_all(&pps->queue);
> > >
> > > What happens if pps->last_ev overflows? Seems to me it would freeze
> > > pps.
> >
> > Yes, it will freeze the fds (if they don't use timeouts). But in normal
> > circumstances, i.e. when pps_event is called twice a second, it will
> > overflow after ~68 years of uninterrupted work. Well, it's the same
> > kind of problem as an overflow of struct timespec. I thought it's not
> > actually a problem. Should I use u64 instead of unsigned int or add a
> > runtime check somewhere?
>
> If we're using 1PPS it's ~68 years, but someone is trying 5PPS now
> (it would overflow in ~13.6 years) - what if someone tries e.g. 100PPS?
> It's not the same as overflow of struct timespec! I think it deserves
> some treatment.
You are right. :)
I'll use u64 here then which should be enough for sure, ok?
Thanks for the note!
--
Alexander
Download attachment "signature.asc" of type "application/pgp-signature" (490 bytes)
Powered by blists - more mailing lists