lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20150501201005.GA15557@linux.vnet.ibm.com>
Date:	Fri, 1 May 2015 13:10:05 -0700
From:	"Paul E. McKenney" <paulmck@...ux.vnet.ibm.com>
To:	Rik van Riel <riel@...hat.com>
Cc:	Linux kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: Re: RCU recursion? (code inspection)

On Fri, May 01, 2015 at 12:41:02PM -0700, Paul E. McKenney wrote:
> On Fri, May 01, 2015 at 03:18:28PM -0400, Rik van Riel wrote:
> > Hi Paul,
> > 
> > While looking at synchronize_rcu(), I noticed that
> > synchronize_rcu_expedited() calls synchronize_sched_expedited(),
> > which can call synchronize_sched() when it is worried about
> > the counter wrapping, which can call synchronize_sched_expedited()
> > 
> > The code is sufficiently convoluted that I am unsure whether this
> > recursion can actually happen in practice, but I also did not spot
> > anything that would stop it.
> 
> Hmmm...  Sounds like I should take a look!

And good catch!  The following patch should fix this.  Bad one on me,
given that all the other places in synchronize_sched_expedited() that
you would expect to invoke synchronize_sched() instead invoke
wait_rcu_gp(call_rcu_sched)...

							Thanx, Paul

------------------------------------------------------------------------

    rcu: Make synchronize_sched_expedited() call wait_rcu_gp()
    
    Currently, synchronize_sched_expedited() will call synchronize_sched()
    if there is danger of counter wrap.  But if configuration says to
    always do expedited grace periods, synchronize_sched() will just
    call synchronize_sched_expedited() right back again.  In theory,
    the old expedited operations will complete, the counters will
    get back in synch, and the recursion will end.  But we could
    easily run out of stack long before that time.  This commit
    therefore makes synchronize_sched_expedited() invoke the underlying
    wait_rcu_gp(call_rcu_sched) instead of synchronize_sched(), the same as
    all the other calls out from synchronize_sched_expedited().
    
    This bug was introduced by commit 1924bcb02597 (Avoid counter wrap in
    synchronize_sched_expedited()).
    
    Reported-by: Rik van Riel <riel@...hat.com>
    Signed-off-by: Paul E. McKenney <paulmck@...ux.vnet.ibm.com>

diff --git a/kernel/rcu/tree.c b/kernel/rcu/tree.c
index bcc59437fc93..4e6902005228 100644
--- a/kernel/rcu/tree.c
+++ b/kernel/rcu/tree.c
@@ -3310,7 +3310,7 @@ void synchronize_sched_expedited(void)
 	if (ULONG_CMP_GE((ulong)atomic_long_read(&rsp->expedited_start),
 			 (ulong)atomic_long_read(&rsp->expedited_done) +
 			 ULONG_MAX / 8)) {
-		synchronize_sched();
+		wait_rcu_gp(call_rcu_sched);
 		atomic_long_inc(&rsp->expedited_wrap);
 		return;
 	}

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ