| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20150513130912.GY6776@linux.vnet.ibm.com>
Date: Wed, 13 May 2015 06:09:12 -0700
From: "Paul E. McKenney" <paulmck@...ux.vnet.ibm.com>
To: josh@...htriplett.org
Cc: linux-kernel@...r.kernel.org, mingo@...nel.org,
laijs@...fujitsu.com, dipankar@...ibm.com,
akpm@...ux-foundation.org, mathieu.desnoyers@...icios.com,
tglx@...utronix.de, peterz@...radead.org, rostedt@...dmis.org,
dhowells@...hat.com, edumazet@...gle.com, dvhart@...ux.intel.com,
fweisbec@...il.com, oleg@...hat.com, bobby.prani@...il.com,
stable@...r.kernel.org
Subject: Re: [PATCH tip/core/rcu 3/3] rcu: Correctly handle non-empty Tiny
RCU callback list with none ready
On Tue, May 12, 2015 at 05:58:21PM -0700, josh@...htriplett.org wrote:
> On Tue, May 12, 2015 at 03:49:13PM -0700, Paul E. McKenney wrote:
> > From: "Paul E. McKenney" <paulmck@...ux.vnet.ibm.com>
> >
> > If, at the time __rcu_process_callbacks() is invoked, there are callbacks
> > in Tiny RCU's callback list, but none of them are ready to be invoked,
> > the current list-management code will knit the non-ready callbacks out
> > of the list. This can result in hangs and possibly worse. This commit
> > therefore inserts a check for there being no callbacks that can be
> > invoked immediately.
> >
> > This bug is unlikely to occur -- you have to get a new callback between
> > the time rcu_sched_qs() or rcu_bh_qs() was called, but before we get to
> > __rcu_process_callbacks(). It was detected by the addition of RCU-bh
> > testing to rcutorture, which in turn was instigated by Iftekhar Ahmed's
> > mutation testing. Although this bug was made much more likely by
> > 915e8a4fe45e (rcu: Remove fastpath from __rcu_process_callbacks()), this
> > did not cause the bug, but rather made it much more probable. That
> > said, it takes more than 40 hours of rcutorture testing, on average,
> > for this bug to appear, so this fix cannot be considered an emergency.
> >
> > Signed-off-by: Paul E. McKenney <paulmck@...ux.vnet.ibm.com>
> > Cc: <stable@...r.kernel.org>
>
> Ouch, subtle.
Indeed! A bit of a cautionary tale for those who believe that bugs occur
only in concurrent code. Of course, they could respond that this bug
was in fact due to a concurrent interrupt handler. Still, I must confess
that this bug is a bit embarrassing. ;-)
> Reviewed-by: Josh Triplett <josh@...htriplett.org>
Thank you, applied!
Thanx, Paul
> > kernel/rcu/tiny.c | 5 +++++
> > 1 file changed, 5 insertions(+)
> >
> > diff --git a/kernel/rcu/tiny.c b/kernel/rcu/tiny.c
> > index a501b4ab9b1c..591af0cb7b9f 100644
> > --- a/kernel/rcu/tiny.c
> > +++ b/kernel/rcu/tiny.c
> > @@ -137,6 +137,11 @@ static void __rcu_process_callbacks(struct rcu_ctrlblk *rcp)
> >
> > /* Move the ready-to-invoke callbacks to a local list. */
> > local_irq_save(flags);
> > + if (rcp->donetail == &rcp->rcucblist) {
> > + /* No callbacks ready, so just leave. */
> > + local_irq_restore(flags);
> > + return;
> > + }
> > RCU_TRACE(trace_rcu_batch_start(rcp->name, 0, rcp->qlen, -1));
> > list = rcp->rcucblist;
> > rcp->rcucblist = *rcp->donetail;
> > --
> > 1.8.1.5
> >
>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists