| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20190430115332.GB23020@redhat.com>
Date: Tue, 30 Apr 2019 13:53:33 +0200
From: Oleg Nesterov <oleg@...hat.com>
To: Joel Fernandes <joel@...lfernandes.org>
Cc: Christian Brauner <christian@...uner.io>,
linux-kernel@...r.kernel.org, luto@...capital.net,
rostedt@...dmis.org, dancol@...gle.com, sspatil@...gle.com,
jannh@...gle.com, surenb@...gle.com, timmurray@...gle.com,
Jonathan Kowalski <bl0pbl33p@...il.com>,
torvalds@...ux-foundation.org, kernel-team@...roid.com,
Andrew Morton <akpm@...ux-foundation.org>,
Arnd Bergmann <arnd@...db.de>,
"Eric W. Biederman" <ebiederm@...ssion.com>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Ingo Molnar <mingo@...nel.org>, Jann Horn <jann@...jh.net>,
linux-kselftest@...r.kernel.org, Michal Hocko <mhocko@...e.com>,
"Peter Zijlstra (Intel)" <peterz@...radead.org>,
Serge Hallyn <serge@...lyn.com>, Shuah Khan <shuah@...nel.org>,
Stephen Rothwell <sfr@...b.auug.org.au>,
Thomas Gleixner <tglx@...utronix.de>,
Tycho Andersen <tycho@...ho.ws>, viro@...iv.linux.org.uk,
linux-api@...r.kernel.org
Subject: Re: [PATCH v1 1/2] Add polling support to pidfd
On 04/29, Joel Fernandes wrote:
>
> On Mon, Apr 29, 2019 at 04:20:30PM +0200, Oleg Nesterov wrote:
> > On 04/29, Joel Fernandes wrote:
> > >
> > > However, in your code above, it is avoided because we get:
> > >
> > > Task A (poller) Task B (exiting task being polled)
> > > ------------ ----------------
> > > poll() called
> > > add_wait_queue()
> > > exit_state is set to non-zero
> > > read exit_state
> > > remove_wait_queue()
> > > wake_up_all()
> >
> > just to clarify... No, sys_poll() path doesn't do remove_wait_queue() until
> > it returns to user mode, and that is why we can't race with set-exit_code +
> > wake_up().
>
> I didn't follow what you mean, the removal from the waitqueue happens in
> free_poll_entry() called from poll_freewait() which happens from
> do_sys_poll() which is before the syscall returns to user mode. Could you
> explain more?
Hmm. I do not really understand the question... Sure, do_sys_poll() does
poll_freewait() before sysret or even before return from syscall, but why
does this matter? This is the exit path, it frees the memory, does fput(),
etc, f_op->poll() won't be call after that.
> > pidfd_poll() can race with the exiting task, miss exit_code != 0, and return
> > zero. However, do_poll() won't block after that and pidfd_poll() will be called
> > again.
>
> Here also I didn't follow what you mean. If exit_code is read as 0 in
> pidfd_poll(), then in do_poll() the count will be 0 and it will block in
> poll_schedule_timeout(). Right?
No. Please note the pwq->triggered check and please read __pollwake().
But if you want to understand this you can forget about poll/select. It is
a bit complicated, in particular because it has to do set_current_state()
right before schedule() and thus it plays games with pwq->triggered. But in
essence this doesn't differ too much from the plain wait_event-like code
(although you can also look at wait_woken/woken_wake_function).
If remove_wait_queue() could happem before wake_up_all() (like in your pseudo-
code above), then pidfd_poll() or any other ->poll() method could miss _both_
the condition and wakeup. But sys_poll() doesn't do this, so it is fine to miss
the condition and rely on wake_up_all() which ensures we won't block and the
next iteration must see condition == T.
Oleg.
Powered by blists - more mailing lists