lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <a9ef4575-bfb9-c854-ea71-0a5e1af97f5d@codeaurora.org>
Date:   Tue, 17 Apr 2018 11:59:44 +0530
From:   "Kohli, Gaurav" <gkohli@...eaurora.org>
To:     Tejun Heo <tj@...nel.org>
Cc:     gregkh@...uxfoundation.org, nborisov@...e.com,
        akpm@...ux-foundation.org, linux-arm-msm@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH] percpu_counter: Remove debug_object_free call twice

On 4/17/2018 3:18 AM, Tejun Heo wrote:

> On Fri, Apr 13, 2018 at 03:05:03PM +0530, Gaurav Kohli wrote:
>> During percpu_counter destroy, debug_object_free is calling
>> twice which may create race. So removing once instance of call
>> from debug_percpu_counter_deactivate.
> I don't quite follow.  Can you please elaborate how it can be called
> twice?

Hi Tejun,

In percpu_counter_fixup_free function, first call is percpu_counter_destroy -> debug_percpu_counter_deactivate (this will set inactive and free the debug object as well for percpu counter) -> free_percpu (finally freeing the counters).

Below is the code snippet:

         case DEBUG_STATE_ACTIVE:

                 percpu_counter_destroy(fbc); -> first call

                 debug_object_free(fbc, &percpu_counter_debug_descr); -> this will again call the same debug object free, if somehow counters will reinitialize between these two calls.

                 

We are seeing one race condition issue where one object of db list is corrupted and just before object of that corrupted node is percpu_counter, Still i am not sure the reason of race as it is very

difficult to reproduce. But i have found this during code review. Please correct me, if i misunderstood this.

>
> Thanks.
>
>
-- 
Qualcomm India Private Limited, on behalf of Qualcomm Innovation Center, Inc. is a member of the Code Aurora Forum,
a Linux Foundation Collaborative Project.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ