lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <1333417354.2412.7.camel@Thor>
Date:	Mon, 02 Apr 2012 21:42:34 -0400
From:	Michel Machado <michel@...irati.com.br>
To:	Dipankar Sarma <dipankar@...ibm.com>,
	"Paul E. McKenney" <paulmck@...ux.vnet.ibm.com>,
	linux-kernel@...r.kernel.org
Subject: [PATCH 1/1] rculist: Made list_first_entry_rcu usable

The macro list_first_entry_rcu assumed that the passed list is not empty
as its counterpart list_first_entry does. However, one can test that a
list is not empty with list_empty before calling list_first_entry,
whereas neither exists list_empty_rcu, nor is advisable to add it as the
example below shows.

Assuming that list_empty_rcu is available, one could write the following
snippet:

if (!list_empty_rcu(mylist)) {
	struct foo *bar = list_first_entry_rcu(mylist, struct foo,
		list_member);
	do_something(bar);
}

The problem with this snippet is the following racing condition: the
list may not be empty when list_empty_rcu checks it, but it may be when
list_first_entry_rcu rereads the ->next pointer.

This patch cannot break any upstream code because list_first_entry_rcu
is not being used anywhere in the kernel (tested with grep(1)), and
external code that uses it is probably broken already.

Signed-off-by: Michel Machado <michel@...irati.com.br>
CC: Dipankar Sarma <dipankar@...ibm.com>
CC: "Paul E. McKenney" <paulmck@...ux.vnet.ibm.com>
---
Please CC my e-mail address while replying this message because I don't
subscribe this mailing list due to its high volume; thanks.

diff --git a/include/linux/rculist.h b/include/linux/rculist.h
index d079290..866d3ec 100644
--- a/include/linux/rculist.h
+++ b/include/linux/rculist.h
@@ -233,13 +233,16 @@ static inline void list_splice_init_rcu(struct
list_head *list,
  * @type:       the type of the struct this is embedded in.
  * @member:     the name of the list_struct within the struct.
  *
- * Note, that list is expected to be not empty.
+ * Note that if the list is empty, it returns NULL.
  *
  * This primitive may safely run concurrently with the _rcu
list-mutation
  * primitives such as list_add_rcu() as long as it's guarded by
rcu_read_lock().
  */
 #define list_first_entry_rcu(ptr, type, member) \
-	list_entry_rcu((ptr)->next, type, member)
+	({struct list_head *__ptr = ptr; \
+	  struct list_head __rcu *__next = list_next_rcu(__ptr); \
+	  likely(__ptr != __next) ? container_of(__next, type, member) : NULL;
\
+	})
 
 /**
  * list_for_each_entry_rcu	-	iterate over rcu list of given type


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ