lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 24 Mar 2015 14:17:53 +0000 (UTC) From: Ville Syrjälä <ville.syrjala@...ux.intel.com> To: linux-kernel@...r.kernel.org Subject: Re: [PATCHv2] mm/slub: fix lockups on PREEMPT && !SMP kernels Mark Rutland <mark.rutland <at> arm.com> writes: > > Commit 9aabf810a67cd97e ("mm/slub: optimize alloc/free fastpath by > removing preemption on/off") introduced an occasional hang for kernels > built with CONFIG_PREEMPT && !CONFIG_SMP. > > The problem is the following loop the patch introduced to > slab_alloc_node and slab_free: > > do { > tid = this_cpu_read(s->cpu_slab->tid); > c = raw_cpu_ptr(s->cpu_slab); > } while (IS_ENABLED(CONFIG_PREEMPT) && unlikely(tid != c->tid)); > > GCC 4.9 has been observed to hoist the load of c and c->tid above the > loop for !SMP kernels (as in this case raw_cpu_ptr(x) is compile-time > constant and does not force a reload). On arm64 the generated assembly > looks like: > > ffffffc00016d3c4: f9400404 ldr x4, [x0,#8] > ffffffc00016d3c8: f9400401 ldr x1, [x0,#8] > ffffffc00016d3cc: eb04003f cmp x1, x4 > ffffffc00016d3d0: 54ffffc1 b.ne ffffffc00016d3c8 <slab_alloc_node.constprop.82+0x30> Just FYI I've hit this problem on x86. I think I used gcc 4.7 and 4.8, and maybe also 4.6 earlier. Here's the diff in asm after applying the fix: 240a: 0f 85 ce 00 00 00 jne 24de <kmem_cache_free+0x10e> 2410: 89 75 f0 mov %esi,-0x10(%ebp) 2413: 8b 07 mov (%edi),%eax - 2415: 8b 50 04 mov 0x4(%eax),%edx - 2418: 8b 48 04 mov 0x4(%eax),%ecx - 241b: 39 d1 cmp %edx,%ecx - 241d: 75 f9 jne 2418 <kmem_cache_free+0x48> + 2415: 8b 48 04 mov 0x4(%eax),%ecx + 2418: 8b 50 04 mov 0x4(%eax),%edx + 241b: 39 ca cmp %ecx,%edx + 241d: 75 f6 jne 2415 <kmem_cache_free+0x45> 241f: 8b 4d f0 mov -0x10(%ebp),%ecx 2422: 39 48 08 cmp %ecx,0x8(%eax) 2425: 0f 85 9a 00 00 00 jne 24c5 <kmem_cache_free+0xf5> As 3.19+ is broken now, this should go into stable. Cc: stable@...r.kernel.org -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists