| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20110419094422.9375.A69D9226@jp.fujitsu.com> Date: Tue, 19 Apr 2011 09:44:14 +0900 (JST) From: KOSAKI Motohiro <kosaki.motohiro@...fujitsu.com> To: Dave Hansen <dave@...ux.vnet.ibm.com> Cc: kosaki.motohiro@...fujitsu.com, David Rientjes <rientjes@...gle.com>, linux-mm@...ck.org, linux-kernel@...r.kernel.org, Johannes Weiner <hannes@...xchg.org>, Michal Nazarewicz <mina86@...a86.com>, Andrew Morton <akpm@...ux-foundation.org> Subject: Re: [PATCH 1/2] break out page allocation warning code > On Mon, 2011-04-18 at 13:25 -0700, David Rientjes wrote: > > It shouldn't be a follow-on patch since you're introducing a new feature > > here (vmalloc allocation failure warnings) and what I'm identifying is a > > race in the access to current->comm. A bug fix for a race should always > > preceed a feature that touches the same code. > > So, what's the race here? kmemleak.c says? > > /* > * There is a small chance of a race with set_task_comm(), > * however using get_task_comm() here may cause locking > * dependency issues with current->alloc_lock. In the worst > * case, the command line is not correct. > */ > strncpy(object->comm, current->comm, sizeof(object->comm)); > > We're trying to make sure we don't print out a partially updated > tsk->comm? Or, is there a bigger issue here like potential oopses or > kernel information leaks. > > 1. We require that no memory allocator ever holds the task lock for the > current task, and we audit all the existing GFP_ATOMIC users in the > kernel to ensure they're not doing it now. In the case of a problem, > we end up with a hung kernel while trying to get a message out to the > console. > 2. We remove current->comm from the printk(), and deal with the > information loss. > 3. We live with corrupted output, like the other ~400 in-kernel users of > ->comm do. (I'm assuming that very few of them hold the task lock). > In the case of a race, we get junk on the console, but an otherwise > fine bug report (the way it is now). > 4. We come up with some way to print out current->comm, without holding > any task locks. We could do this by copying it somewhere safe on > each context switch. Could probably also do it with RCU. > > There's also a very, very odd message in fs/exec.c: > > /* > * Threads may access current->comm without holding > * the task lock, so write the string carefully. > * Readers without a lock may see incomplete new > * names but are safe from non-terminating string reads. > */ The rule is, 1) writing comm need task_lock 2) read _another_ thread's comm need task_lock 3) read own comm no need task_lock That's the reason why oom-kill.c need task_lock and other a lot of place don't need task_lock. I agree this is very strange. it's only historical reason. The comment of set_task_comm() explained a race against (3). Thanks. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists