lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Tue,  8 Apr 2014 10:47:15 +0200
From:	Jan Stancek <jstancek@...hat.com>
To:	linux-kernel@...r.kernel.org
Cc:	jstancek@...hat.com, srikar@...ux.vnet.ibm.com, davidlohr@...com,
	torvalds@...ux-foundation.org, mingo@...nel.org,
	lwoodman@...hat.com
Subject: [PATCH] futex: avoid race between requeue and wake

pthread_cond_broadcast/4-1.c testcase from openposix testsuite (LTP)
occasionally fails, because some threads fail to wake up.

Testcase creates 5 threads, which are all waiting on same condition.
Main thread then calls pthread_cond_broadcast() without holding mutex,
which calls:
  futex(uaddr1, FUTEX_CMP_REQUEUE_PRIVATE, 1, 2147483647, uaddr2, ..)
This immediately wakes up single thread A, which unlocks mutex and
tries to wake up another thread:
  futex(uaddr2, FUTEX_WAKE_PRIVATE, 1)
If thread A manages to call futex_wake() before any waiters are requeued
for uaddr2, no other thread is woken up.

This patch is re-introducing check removed by:
  commit 11d4616bd07f38d496bd489ed8fad1dc4d928823
  futex: revert back to the explicit waiter counting code

Taking hb->lock in this situation will ensure that thread A needs to wait
in futex_wake() until main thread finishes requeue operation.

Signed-off-by: Jan Stancek <jstancek@...hat.com>
---
 kernel/futex.c |    5 ++++-
 1 files changed, 4 insertions(+), 1 deletions(-)

diff --git a/kernel/futex.c b/kernel/futex.c
index 67dacaf..5163899 100644
--- a/kernel/futex.c
+++ b/kernel/futex.c
@@ -284,7 +284,10 @@ static inline void hb_waiters_dec(struct futex_hash_bucket *hb)
 static inline int hb_waiters_pending(struct futex_hash_bucket *hb)
 {
 #ifdef CONFIG_SMP
-	return atomic_read(&hb->waiters);
+	if (spin_is_locked(&hb->lock))
+		return 1;
+	else
+		return atomic_read(&hb->waiters);
 #else
 	return 1;
 #endif
-- 
1.7.1

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ