lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 28 Aug 2020 11:18:13 +0200
From:   peterz@...radead.org
To:     Masami Hiramatsu <mhiramat@...nel.org>
Cc:     linux-kernel@...r.kernel.org, Eddy_Wu@...ndmicro.com,
        x86@...nel.org, davem@...emloft.net, rostedt@...dmis.org,
        naveen.n.rao@...ux.ibm.com, anil.s.keshavamurthy@...el.com,
        linux-arch@...r.kernel.org, cameron@...dycamel.com,
        oleg@...hat.com, will@...nel.org, paulmck@...nel.org
Subject: Re: [RFC][PATCH 7/7] kprobes: Replace rp->free_instance with freelist

On Fri, Aug 28, 2020 at 06:13:41PM +0900, Masami Hiramatsu wrote:
> On Fri, 28 Aug 2020 10:48:51 +0200
> peterz@...radead.org wrote:
> 
> > On Thu, Aug 27, 2020 at 06:12:44PM +0200, Peter Zijlstra wrote:
> > >  struct kretprobe_instance {
> > >  	union {
> > > +		/*
> > > +		 * Dodgy as heck, this relies on not clobbering freelist::refs.
> > > +		 * llist: only clobbers freelist::next.
> > > +		 * rcu: clobbers both, but only after rp::freelist is gone.
> > > +		 */
> > > +		struct freelist_node freelist;
> > >  		struct llist_node llist;
> > > -		struct hlist_node hlist;
> > >  		struct rcu_head rcu;
> > >  	};
> > 
> > Masami, make sure to make this something like:
> > 
> > 	union {
> > 		struct freelist_node freelist;
> > 		struct rcu_head rcu;
> > 	};
> > 	struct llist_node llist;
> > 
> > for v4, because after some sleep I'm fairly sure what I wrote above was
> > broken.
> > 
> > We'll only use RCU once the freelist is gone, so sharing that storage
> > should still be okay.
> 
> Hmm, would you mean there is a chance that an instance belongs to
> both freelist and llist?

So the freelist->refs thing is supposed to pin freelist->next for
concurrent usage, but if we instantly stick it on the
current->kretprobe_instances llist while it's still elevated, we'll
overwrite ->next, which would be bad.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ