lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20140102203320.GA27615@linux.vnet.ibm.com>
Date:	Thu, 2 Jan 2014 12:33:20 -0800
From:	"Paul E. McKenney" <paulmck@...ux.vnet.ibm.com>
To:	linux-mm@...ck.org, linux-kernel@...r.kernel.org
Cc:	cl@...ux-foundation.org, penberg@...nel.org, mpm@...enic.com
Subject: Memory allocator semantics

Hello!

>From what I can see, the Linux-kernel's SLAB, SLOB, and SLUB memory
allocators would deal with the following sort of race:

A.	CPU 0: r1 = kmalloc(...); ACCESS_ONCE(gp) = r1;

	CPU 1: r2 = ACCESS_ONCE(gp); if (r2) kfree(r2);

However, my guess is that this should be considered an accident of the
current implementation rather than a feature.  The reason for this is
that I cannot see how you would usefully do (A) above without also allowing
(B) and (C) below, both of which look to me to be quite destructive:

B.	CPU 0: r1 = kmalloc(...);  ACCESS_ONCE(shared_x) = r1;

        CPU 1: r2 = ACCESS_ONCE(shared_x); if (r2) kfree(r2);

	CPU 2: r3 = ACCESS_ONCE(shared_x); if (r3) kfree(r3);

	This results in the memory being on two different freelists.

C.      CPU 0: r1 = kmalloc(...);  ACCESS_ONCE(shared_x) = r1;

	CPU 1: r2 = ACCESS_ONCE(shared_x); r2->a = 1; r2->b = 2;

	CPU 2: r3 = ACCESS_ONCE(shared_x); if (r3) kfree(r3);

	CPU 3: r4 = kmalloc(...);  r4->s = 3; r4->t = 4;

	This results in the memory being used by two different CPUs,
	each of which believe that they have sole access.

But I thought I should ask the experts.

So, am I correct that kernel hackers are required to avoid "drive-by"
kfree()s of kmalloc()ed memory?

							Thanx, Paul

PS.  To the question "Why would anyone care about (A)?", then answer
     is "Inquiring programming-language memory-model designers want
     to know."

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ