lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 10 Jul 2019 21:15:49 +0200
From:   Sebastian Andrzej Siewior <bigeasy@...utronix.de>
To:     Will Deacon <will@...nel.org>
Cc:     linux-kernel@...r.kernel.org,
        Peter Zijlstra <peterz@...radead.org>,
        Ingo Molnar <mingo@...hat.com>, tglx@...utronix.de
Subject: Re: [PATCH] locking/mutex: Test for initialized mutex

On 2019-07-10 17:50:54 [+0100], Will Deacon wrote:
> On Wed, Jul 03, 2019 at 11:21:26AM +0200, Sebastian Andrzej Siewior wrote:
> > An uninitialized/ zeroed mutex will go unnoticed because there is no
> > check for it. There is a magic check in the unlock's slowpath path which
> > might go unnoticed if the unlock happens in the fastpath.
> > 
> > Add a ->magic check early in the mutex_lock() and mutex_trylock() path.
> > 
> > Signed-off-by: Sebastian Andrzej Siewior <bigeasy@...utronix.de>
> > ---
> > Nothing screamed during uninitialized usage of init_mm's context->lock
> >   https://git.kernel.org/tip/32232b350d7cd93cdc65fe5a453e6a40b539e9f9
> > 
> >  kernel/locking/mutex.c | 11 ++++++++++-
> >  1 file changed, 10 insertions(+), 1 deletion(-)
> > 
> > diff --git a/kernel/locking/mutex.c b/kernel/locking/mutex.c
> > index 0c601ae072b3f..fb1f6f1e1cc61 100644
> > --- a/kernel/locking/mutex.c
> > +++ b/kernel/locking/mutex.c
> > @@ -908,6 +908,10 @@ __mutex_lock_common(struct mutex *lock, long state, unsigned int subclass,
> >  
> >  	might_sleep();
> >  
> > +#ifdef CONFIG_DEBUG_MUTEXES
> > +	DEBUG_LOCKS_WARN_ON(lock->magic != lock);
> > +#endif
> 
> Why do we need to check this so early, or could we move it into
> debug_mutex_lock_common() instead?

debug_mutex_lock_common() is too late. A few lines later, before
"preempt_disable()" would be possible. After that, there is
__mutex_trylock() which would succeed so you don't catch the
uninitialized case. By the time you get to debug_mutex_lock_common() you
need contention and then acquire ->wait_lock which should complain about
missing magic.

> Will

Sebastian

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ