lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20190711094626.snph3c5mgs62q2ps@willie-the-truck>
Date:   Thu, 11 Jul 2019 10:46:27 +0100
From:   Will Deacon <will@...nel.org>
To:     Sebastian Andrzej Siewior <bigeasy@...utronix.de>
Cc:     linux-kernel@...r.kernel.org,
        Peter Zijlstra <peterz@...radead.org>,
        Ingo Molnar <mingo@...hat.com>, tglx@...utronix.de
Subject: Re: [PATCH] locking/mutex: Test for initialized mutex

On Wed, Jul 10, 2019 at 09:15:49PM +0200, Sebastian Andrzej Siewior wrote:
> On 2019-07-10 17:50:54 [+0100], Will Deacon wrote:
> > On Wed, Jul 03, 2019 at 11:21:26AM +0200, Sebastian Andrzej Siewior wrote:
> > > An uninitialized/ zeroed mutex will go unnoticed because there is no
> > > check for it. There is a magic check in the unlock's slowpath path which
> > > might go unnoticed if the unlock happens in the fastpath.
> > > 
> > > Add a ->magic check early in the mutex_lock() and mutex_trylock() path.
> > > 
> > > Signed-off-by: Sebastian Andrzej Siewior <bigeasy@...utronix.de>
> > > ---
> > > Nothing screamed during uninitialized usage of init_mm's context->lock
> > >   https://git.kernel.org/tip/32232b350d7cd93cdc65fe5a453e6a40b539e9f9
> > > 
> > >  kernel/locking/mutex.c | 11 ++++++++++-
> > >  1 file changed, 10 insertions(+), 1 deletion(-)
> > > 
> > > diff --git a/kernel/locking/mutex.c b/kernel/locking/mutex.c
> > > index 0c601ae072b3f..fb1f6f1e1cc61 100644
> > > --- a/kernel/locking/mutex.c
> > > +++ b/kernel/locking/mutex.c
> > > @@ -908,6 +908,10 @@ __mutex_lock_common(struct mutex *lock, long state, unsigned int subclass,
> > >  
> > >  	might_sleep();
> > >  
> > > +#ifdef CONFIG_DEBUG_MUTEXES
> > > +	DEBUG_LOCKS_WARN_ON(lock->magic != lock);
> > > +#endif
> > 
> > Why do we need to check this so early, or could we move it into
> > debug_mutex_lock_common() instead?
> 
> debug_mutex_lock_common() is too late. A few lines later, before
> "preempt_disable()" would be possible. After that, there is
> __mutex_trylock() which would succeed so you don't catch the
> uninitialized case. By the time you get to debug_mutex_lock_common() you
> need contention and then acquire ->wait_lock which should complain about
> missing magic.

Right you are; thanks for the explanation. I don't see a better approach
than what you've done, so:

Acked-by: Will Deacon <will@...nel.org>

Will

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ