lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 19 Jan 2012 10:54:45 -0500
From:	Vivek Goyal <vgoyal@...hat.com>
To:	Tejun Heo <tj@...nel.org>
Cc:	axboe@...nel.dk, ctalbott@...gle.com, rni@...gle.com,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH 01/12] blkcg: obtaining blkg should be enclosed inside
 rcu_read_lock()

On Thu, Jan 19, 2012 at 07:39:38AM -0800, Tejun Heo wrote:
> Hello, Vivek.
> 
> On Thu, Jan 19, 2012 at 05:07:29AM -0500, Vivek Goyal wrote:
> > On Wed, Jan 18, 2012 at 05:11:19PM -0800, Tejun Heo wrote:
> > > When looking up or creating blkg's, both blk-throttle and cfq-iosched
> > > drops rcu_read_lock() right after lookup is complete.  This isn't
> > > safe.  Refcnt isn't incremented at that point and rcu lock is the only
> > > thing holding the blkg.  It shouldn't be dropped until after refcnt is
> > > incremented by the caller.
> > 
> > throtl_get_tg() and cfq_get_cfqg() are called with queue lock held and
> > tg and cfqg are protected by queue lock as they can not go away as long
> > as queue lock is held.
> 
> Ah, right.
> 
> > I had used rcu read lock to access blkcg pointer here. That's why when
> > we are done with accessing blkcg, we drop rcu read lock and return back
> > to caller with group pointer, which is aready holding either a queue
> > lock or rcu read lock to protect returned group pointer.
> >
> > So if we are protecting blkcg using rcu, then it should make sense to
> > take that lock inside throtl_get_tg() and cfq_get_cfqg() respectively and
> > it should not be left to the caller?
> 
> No, no matter whatever synchronization scheme is in use, the code is
> seriously screwed up if it's doing something like,
> 
> 	lock();
> 	a = lookup();
> 	unlock();
> 	return a;
> 
> You should *NEVER* be doing that.

I guess ioc_lookup_icq() is doing something similar. We call it under
queue lock. Take rcu lock inside for sanity of radix tree and then 
release rcu lock and return icq.

Thanks
Vivek
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ