| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 20 Jan 2012 17:56:15 +0000 From: "Luck, Tony" <tony.luck@...el.com> To: Seiji Aguchi <seiji.aguchi@....com>, Don Zickus <dzickus@...hat.com>, Chen Gong <gong.chen@...ux.intel.com> CC: "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, Matthew Garrett <mjg@...hat.com>, Vivek Goyal <vgoyal@...hat.com>, "Chen, Gong" <gong.chen@...el.com>, "akpm@...ux-foundation.org" <akpm@...ux-foundation.org>, "Brown, Len" <len.brown@...el.com>, "'ying.huang@...el.com'" <'ying.huang@...el.com'>, "'ak@...ux.intel.com'" <'ak@...ux.intel.com'>, "'hughd@...omium.org'" <'hughd@...omium.org'>, "'mingo@...e.hu'" <'mingo@...e.hu'>, "jmorris@...ei.org" <jmorris@...ei.org>, "a.p.zijlstra@...llo.nl" <a.p.zijlstra@...llo.nl>, "namhyung@...il.com" <namhyung@...il.com>, "dle-develop@...ts.sourceforge.net" <dle-develop@...ts.sourceforge.net>, Satoru Moriya <satoru.moriya@....com> Subject: RE: [RFC][PATCH v4 -next 1/4] Move kmsg_dump(KMSG_DUMP_PANIC) below smp_send_stop() > Do you have any comments? I'm stuck in because I don't know how assign probabilities to the failure cases with kmsg_dump() before and after the smp_send_stop(). There's a well documented tendency in humans to stick with the status quo in such situations. I'm definitely finding it hard to provide a positive recommendation (ACK). So I'll just talk out loud here for a bit in case someone sees something obviously flawed in my understanding. Problem statement: We'd like to maximize our chances of saving the tail of the kernel log when the system goes down. With the current ordering there is a concern that other cpus will interfere with the one that is saving the log. Problems in current code flow: *) Other cpus might hold locks that we need. Our options are to fail, or to "bust" the locks (but busting the locks may lead to other problems in the code path - those locks were there for a reason). There are only a couple of ways that this could be an issue. 1) The lock is held because someone is doing some other pstore filesystem operation (reading and erasing records). This has a very low probability. Normal code flow will have some process harvest records from pstore in some /etc/rc.d/* script - this process should take much less than a second. 2) The lock is held because some other kmsg_dump() store is in progress. This one seems more worrying - think of an OOPS (or several) right before we panic Problems in proposed code flow: *) smp_send_stop() fails: 1) doesn't actually stop other cpus (we are no worse off than before we made this change) 2) doesn't return - so we don't even try to dump to pstore back end. x86 code has recently been hardened (though I can still imagine a pathological case where in a crash the cpu calling this is uncertain of its own identity, and somehow manages to stop itself - perhaps we are so screwed up in this case that we have no hope anyway) *) Even if it succeeds - we may still run into problems busting locks because even though the cpu that held them isn't executing, the data structures or device registers protected by the lock may be in an inconsistent state. *) If we had just let this other cpus keep running, they'd have finished their operation and freed up the problem lock anyway -Tony -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists