lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 15 Jan 2016 16:49:40 +0100
From:	Vlastimil Babka <vbabka@...e.cz>
To:	Minchan Kim <minchan@...nel.org>, Junil Lee <junil0814.lee@....com>
Cc:	ngupta@...are.org, sergey.senozhatsky.work@...il.com,
	akpm@...ux-foundation.org, linux-mm@...ck.org,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2] zsmalloc: fix migrate_zspage-zs_free race condition

On 01/15/2016 03:34 PM, Minchan Kim wrote:
> On Fri, Jan 15, 2016 at 04:39:11PM +0900, Junil Lee wrote:
>>
>> Signed-off-by: Junil Lee <junil0814.lee@....com>
>
> Acked-by: Minchan Kim <minchan@...nel.org>
>
> Below comment.
>
>> ---
>>   mm/zsmalloc.c | 2 ++
>>   1 file changed, 2 insertions(+)
>>
>> diff --git a/mm/zsmalloc.c b/mm/zsmalloc.c
>> index e7414ce..a24ccb1 100644
>> --- a/mm/zsmalloc.c
>> +++ b/mm/zsmalloc.c
>> @@ -1635,6 +1635,8 @@ static int migrate_zspage(struct zs_pool *pool, struct size_class *class,
>>   		free_obj = obj_malloc(d_page, class, handle);
>>   		zs_object_copy(free_obj, used_obj, class);
>>   		index++;
>> +		/* Must not unlock before unpin_tag() */
>
> I want to make comment more clear.
>
> /*
>   * record_obj updates handle's value to free_obj and it will invalidate
>   * lock bit(ie, HANDLE_PIN_BIT) of handle, which breaks synchronization
>   * using pin_tag(e,g, zs_free) so let's keep the lock bit.
>   */
>
> Thanks.

Could you please also help making the changelog more clear?

>
>> +		free_obj |= BIT(HANDLE_PIN_BIT);
>>   		record_obj(handle, free_obj);

I think record_obj() should use WRITE_ONCE() or something like that.
Otherwise the compiler is IMHO allowed to reorder this, i.e. first to 
assign free_obj to handle, and then add the PIN bit there.

>>   		unpin_tag(handle);
>>   		obj_free(pool, class, used_obj);
>> --
>> 2.6.2
>>
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ