lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20180723122438.423181742@linuxfoundation.org>
Date:   Mon, 23 Jul 2018 14:24:55 +0200
From:   Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To:     linux-kernel@...r.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        stable@...r.kernel.org, Prasad Sodagudi <psodagud@...eaurora.org>,
        Pavankumar Kondeti <pkondeti@...eaurora.org>,
        "Isaac J. Manjarres" <isaacm@...eaurora.org>,
        Thomas Gleixner <tglx@...utronix.de>, peterz@...radead.org,
        matt@...eblueprint.co.uk, bigeasy@...utronix.de
Subject: [PATCH 4.14 19/44] stop_machine: Disable preemption when waking two stopper threads

4.14-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Isaac J. Manjarres <isaacm@...eaurora.org>

commit 9fb8d5dc4b649dd190e1af4ead670753e71bf907 upstream.

When cpu_stop_queue_two_works() begins to wake the stopper threads, it does
so without preemption disabled, which leads to the following race
condition:

The source CPU calls cpu_stop_queue_two_works(), with cpu1 as the source
CPU, and cpu2 as the destination CPU. When adding the stopper threads to
the wake queue used in this function, the source CPU stopper thread is
added first, and the destination CPU stopper thread is added last.

When wake_up_q() is invoked to wake the stopper threads, the threads are
woken up in the order that they are queued in, so the source CPU's stopper
thread is woken up first, and it preempts the thread running on the source
CPU.

The stopper thread will then execute on the source CPU, disable preemption,
and begin executing multi_cpu_stop(), and wait for an ack from the
destination CPU's stopper thread, with preemption still disabled. Since the
worker thread that woke up the stopper thread on the source CPU is affine
to the source CPU, and preemption is disabled on the source CPU, that
thread will never run to dequeue the destination CPU's stopper thread from
the wake queue, and thus, the destination CPU's stopper thread will never
run, causing the source CPU's stopper thread to wait forever, and stall.

Disable preemption when waking the stopper threads in
cpu_stop_queue_two_works().

Fixes: 0b26351b910f ("stop_machine, sched: Fix migrate_swap() vs. active_balance() deadlock")
Co-Developed-by: Prasad Sodagudi <psodagud@...eaurora.org>
Signed-off-by: Prasad Sodagudi <psodagud@...eaurora.org>
Co-Developed-by: Pavankumar Kondeti <pkondeti@...eaurora.org>
Signed-off-by: Pavankumar Kondeti <pkondeti@...eaurora.org>
Signed-off-by: Isaac J. Manjarres <isaacm@...eaurora.org>
Signed-off-by: Thomas Gleixner <tglx@...utronix.de>
Cc: peterz@...radead.org
Cc: matt@...eblueprint.co.uk
Cc: bigeasy@...utronix.de
Cc: gregkh@...uxfoundation.org
Cc: stable@...r.kernel.org
Link: https://lkml.kernel.org/r/1530655334-4601-1-git-send-email-isaacm@codeaurora.org
Signed-off-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org>

---
 kernel/stop_machine.c |    6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

--- a/kernel/stop_machine.c
+++ b/kernel/stop_machine.c
@@ -270,7 +270,11 @@ unlock:
 		goto retry;
 	}
 
-	wake_up_q(&wakeq);
+	if (!err) {
+		preempt_disable();
+		wake_up_q(&wakeq);
+		preempt_enable();
+	}
 
 	return err;
 }


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ