| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 25 Jun 2013 11:23:30 -0700
From: Darren Hart <dvhart@...ux.intel.com>
To: Zhang Yi <wetpzy@...il.com>
Cc: linux-kernel@...r.kernel.org, 'Mel Gorman' <mgorman@...e.de>,
'Ingo Molnar' <mingo@...nel.org>,
'Peter Zijlstra' <peterz@...radead.org>,
'Thomas Gleixner' <tglx@...utronix.de>, zhang.yi20@....com.cn
Subject: Re: Re: [PATCH] futex: bugfix for futex-key conflict when futex use
hugepage
Hi Zhang Yi,
Thanks for turning around an update so quickly. The code itself looks
ready to me. We try to maintain a high level of quality in the commit
message as well to help with understanding complex systems such as
futexes.
On Tue, 2013-06-25 at 21:19 +0800, Zhang Yi wrote:
> The futex-keys of processes share futex determined by page-offset,
"share futex" is rather confusing to me. Maybe:
The futex-key is determined by page-offset, ...
> mapping-host, and mapping-index of the user space address. User
> appications using hugepage for futex may lead to futex-key conflict.
Please take care with spelling. Grammar issues aren't as critical, but
please enable spell checking in your editor.
applications
hugepages for futexes
conflicts
>
> Assume there are two or more futexes in diffrent normal pages of the
different
> hugepage, and each futex has the same offset in its normal page,
> causing all the futexes have the same futex-key.
then all the futexes will have the same futex-key.
>
> This patch adds the normal page index in the compound page into
> the pgoff of futex-key.
of the futex_key.
>
> Steps to reproduce the bug:
> 1. The 1st thread map a file of hugetlbfs, and use the return address
maps
uses
> as the 1st mutex's address, and use the return address with PAGE_SIZE
uses
> added as the 2nd mutex's address.
> 2. The 1st thread initialize the two mutexes with pshared attribute,
initializes
the pshared attribute,
> and lock the two mutexes.
locks
> 3. The 1st thread create the 2nd thread, and the 2nd thread block on
creates
blocks
> the 1st mutex.
> 4. The 1st thread create the 3rd thread, and the 3rd thread block on
creates
blocks
> the 2nd mutex.
> 5. The 1st thread unlock the 2nd mutex, the 3rd thread cannot take
unlocks
> the 2nd mutex, and may block forever.
>
> Signed-off-by: Zhang Yi <zhang.yi20@....com.cn>
> Tested-by: Ma Chenggong <ma.chenggong@....com.cn>
> Reviewed-by: Jiang Biao <jiang.biao2@....com.cn>
>
Otherwise this looks ready to me. Thomas, do you want a resend with
commit message corrections or do you prefer to integrate those
yourself?
With the above fixes:
Acked-by: Darren Hart <dvhart@...ux.intel.com>
> diff -uprN linux-3.10-rc7.org/include/linux/hugetlb.h linux-3.10-rc7/include/linux/hugetlb.h
> --- linux-3.10-rc7.org/include/linux/hugetlb.h 2013-06-22 19:47:31.000000000 +0000
> +++ linux-3.10-rc7/include/linux/hugetlb.h 2013-06-25 09:40:06.256556000 +0000
> @@ -358,6 +358,17 @@ static inline int hstate_index(struct hs
> return h - hstates;
> }
>
> +pgoff_t __basepage_index(struct page *page);
> +
> +/* Return page->index in PAGE_SIZE units */
> +static inline pgoff_t basepage_index(struct page *page)
> +{
> + if (!PageCompound(page))
> + return page->index;
> +
> + return __basepage_index(page);
> +}
> +
> #else /* CONFIG_HUGETLB_PAGE */
> struct hstate {};
> #define alloc_huge_page_node(h, nid) NULL
> @@ -378,6 +389,11 @@ static inline unsigned int pages_per_hug
> }
> #define hstate_index_to_shift(index) 0
> #define hstate_index(h) 0
> +
> +static inline pgoff_t basepage_index(struct page *page)
> +{
> + return page->index;
> +}
> #endif /* CONFIG_HUGETLB_PAGE */
>
> #endif /* _LINUX_HUGETLB_H */
> diff -uprN linux-3.10-rc7.org/kernel/futex.c linux-3.10-rc7/kernel/futex.c
> --- linux-3.10-rc7.org/kernel/futex.c 2013-06-22 19:47:31.000000000 +0000
> +++ linux-3.10-rc7/kernel/futex.c 2013-06-25 09:35:59.615425000 +0000
> @@ -61,6 +61,7 @@
> #include <linux/nsproxy.h>
> #include <linux/ptrace.h>
> #include <linux/sched/rt.h>
> +#include <linux/hugetlb.h>
>
> #include <asm/futex.h>
>
> @@ -365,7 +366,7 @@ again:
> } else {
> key->both.offset |= FUT_OFF_INODE; /* inode-based key */
> key->shared.inode = page_head->mapping->host;
> - key->shared.pgoff = page_head->index;
> + key->shared.pgoff = basepage_index(page);
> }
>
> get_futex_key_refs(key);
> diff -uprN linux-3.10-rc7.org/mm/hugetlb.c linux-3.10-rc7/mm/hugetlb.c
> --- linux-3.10-rc7.org/mm/hugetlb.c 2013-06-25 09:38:53.435151000 +0000
> +++ linux-3.10-rc7/mm/hugetlb.c 2013-06-25 09:39:30.375701000 +0000
> @@ -690,6 +690,23 @@ int PageHuge(struct page *page)
> }
> EXPORT_SYMBOL_GPL(PageHuge);
>
> +pgoff_t __basepage_index(struct page *page)
> +{
> + struct page *page_head = compound_head(page);
> + pgoff_t index = page_index(page_head);
> + unsigned long compound_idx;
> +
> + if (!PageHuge(page_head))
> + return page_index(page);
> +
> + if (compound_order(page_head) >= MAX_ORDER)
> + compound_idx = page_to_pfn(page) - page_to_pfn(page_head);
> + else
> + compound_idx = page - page_head;
> +
> + return (index << compound_order(page_head)) + compound_idx;
> +}
> +
> static struct page *alloc_fresh_huge_page_node(struct hstate *h, int nid)
> {
> struct page *page;
>
>
--
Darren Hart
Intel Open Source Technology Center
Yocto Project - Technical Lead - Linux Kernel
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists