lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20181122134400.GA10327@andrea>
Date:   Thu, 22 Nov 2018 14:44:00 +0100
From:   Andrea Parri <andrea.parri@...rulasolutions.com>
To:     Oleg Nesterov <oleg@...hat.com>
Cc:     Peter Zijlstra <peterz@...radead.org>,
        Ingo Molnar <mingo@...hat.com>,
        Arnaldo Carvalho de Melo <acme@...nel.org>,
        Alexander Shishkin <alexander.shishkin@...ux.intel.com>,
        Jiri Olsa <jolsa@...hat.com>,
        Namhyung Kim <namhyung@...nel.org>,
        linux-kernel@...r.kernel.org
Subject: Re: [Question] smp_wmb() in prepare_uprobe()

On Thu, Nov 22, 2018 at 01:36:56PM +0100, Oleg Nesterov wrote:
> Hi,
> 
> On 11/21, Andrea Parri wrote:
> >
> > The comment for the smp_wmb() in prepare_uprobe() says:
> >
> >   "pairs with rmb() in find_active_uprobe()"
> 
> it seems that this comment was wrong from the very beginning,
> 
> 
> > but I see no (smp_)rmb() in find_active_uprobe(); I see the smp_rmb() in
> > handle_swbp(): is this the intended pairing barrier?
> 
> Yes, and the comment near this rmb() says "pairs with wmb() in install_breakpoint()",
> today this is not right too.

Thanks for the confirmation.  So, this is the easy part ;-), maybe
something like:

diff --git a/kernel/events/uprobes.c b/kernel/events/uprobes.c
index 96d4bee83489b..2d29977522017 100644
--- a/kernel/events/uprobes.c
+++ b/kernel/events/uprobes.c
@@ -829,7 +829,7 @@ static int prepare_uprobe(struct uprobe *uprobe, struct file *file,
 	BUG_ON((uprobe->offset & ~PAGE_MASK) +
 			UPROBE_SWBP_INSN_SIZE > PAGE_SIZE);
 
-	smp_wmb(); /* pairs with rmb() in find_active_uprobe() */
+	smp_wmb(); /* pairs with the smp_rmb() in handle_swbp() */
 	set_bit(UPROBE_COPY_INSN, &uprobe->flags);
 
  out:
@@ -2178,7 +2178,7 @@ static void handle_swbp(struct pt_regs *regs)
 	 * After we hit the bp, _unregister + _register can install the
 	 * new and not-yet-analyzed uprobe at the same address, restart.
 	 */
-	smp_rmb(); /* pairs with wmb() in install_breakpoint() */
+	smp_rmb(); /* pairs with the smp_wmb() in prepare_uprobe() */
 	if (unlikely(!test_bit(UPROBE_COPY_INSN, &uprobe->flags)))
 		goto out;
 

> 
> > Which memory accesses do you want to "order" with this pairing?
> 
> See 142b18ddc81439acda4bc4231b291e99fe67d507 ("uprobes: Fix handle_swbp()
> vs unregister() + register() race") and the comment above this rmb().

Mmh..., at first glance, this suggests me that the above set_bit() and
test_bit() to/from uprobe->flags are among these memory accesses.  But
this doesn't make sense to me: these accesses do not "alternate" (i.e.,
they both appear after the corresponding barrier..); instead I'd expect
something like (on top of the above diff):

diff --git a/kernel/events/uprobes.c b/kernel/events/uprobes.c
index 2d29977522017..a75b9a08dee54 100644
--- a/kernel/events/uprobes.c
+++ b/kernel/events/uprobes.c
@@ -2178,10 +2178,18 @@ static void handle_swbp(struct pt_regs *regs)
 	 * After we hit the bp, _unregister + _register can install the
 	 * new and not-yet-analyzed uprobe at the same address, restart.
 	 */
-	smp_rmb(); /* pairs with the smp_wmb() in prepare_uprobe() */
 	if (unlikely(!test_bit(UPROBE_COPY_INSN, &uprobe->flags)))
 		goto out;
 
+	/*
+	 * Pairs with the smp_wmb() in prepare_uprobe().
+	 *
+	 * Guarantees that if we see the UPROBE_COPY_INSN bit set, then
+	 * we must (can) also see the stores to &uprobe->arch performed
+	 * by prepare_uprobe() (say).
+	 */
+	smp_rmb();
+
 	/* Tracing handlers use ->utask to communicate with fetch methods */
 	if (!get_utask())
 		goto out;

Thoughts?

  Andrea


> 
> Oleg.
> 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ