lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Wed, 4 Nov 2020 17:34:00 -0400
From:   Jason Gunthorpe <jgg@...pe.ca>
To:     Matthew Wilcox <willy@...radead.org>
Cc:     "xiaofeng.yan" <xiaofeng.yan2012@...il.com>,
        linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org,
        dledford@...hat.com, oulijun@...wei.com, yanxiaofeng7@...com
Subject: Re: [PATCH 2/2] infiniband: Modify the reference to xa_store_irq()
 because the parameter of this function  has changed

On Wed, Nov 04, 2020 at 07:30:36PM +0000, Matthew Wilcox wrote:
> On Wed, Nov 04, 2020 at 02:58:43PM -0400, Jason Gunthorpe wrote:
> > >  static void cm_finalize_id(struct cm_id_private *cm_id_priv)
> > >  {
> > >  	xa_store_irq(&cm.local_id_table, cm_local_id(cm_id_priv->id.local_id),
> > > -		     cm_id_priv, GFP_KERNEL);
> > > +		     cm_id_priv);
> > >  }
> > 
> > This one is almost a bug, the entry is preallocated with NULL though:
> > 
> > 	ret = xa_alloc_cyclic_irq(&cm.local_id_table, &id, NULL, xa_limit_32b,
> > 				  &cm.local_id_next, GFP_KERNEL);
> > 
> > so it should never allocate here:
> > 
> > static int cm_req_handler(struct cm_work *work)
> > {
> > 	spin_lock_irq(&cm_id_priv->lock);
> > 	cm_finalize_id(cm_id_priv);
> 
> Uhm.  I think you want a different debugging check from this.  The actual
> bug here is that you'll get back from calling cm_finalize_id() with
> interrupts enabled. 

Ooh, that is just no fun too :\

Again surprised some lockdep didn't catch wrongly nesting irq locks

> Can you switch to xa_store(), or do we need an
> xa_store_irqsave()?

Yes, it looks like there is no reason for this, all users of the
xarray are from sleeping contexts, so it shouldn't need the IRQ
version.. I made a patch for this thanks

The cm_id_priv->lock is probably also not needing to be irq either,
but that is much harder to tell for sure

> > Still, woops.
> > 
> > Matt, maybe a might_sleep is deserved in here someplace?
> >
> > @@ -1534,6 +1534,8 @@ void *__xa_store(struct xarray *xa, unsigned long index, void *entry, gfp_t gfp)
> >         XA_STATE(xas, xa, index);
> >         void *curr;
> >  
> > +       might_sleep_if(gfpflags_allow_blocking(gfp));
> > +
> >         if (WARN_ON_ONCE(xa_is_advanced(entry)))
> >                 return XA_ERROR(-EINVAL);
> >         if (xa_track_free(xa) && !entry)
> > 
> > And similar in the other places that conditionally call __xas_nomem()
> > ?

But this debugging would still catch the wrong nesting of a GFP_KERNEL
inside a spinlock, you don't like it?

> > I also still wish there was a proper 'xa store in already allocated
> > but null' idiom - I remember you thought about using gfp flags == 0 at
> > one point.
> 
> An xa_replace(), perhaps?

Make sense.. But I've also done this with cmpxchg. A magic GFP flag,
as you tried to do with 0, is appealing in many ways

Jason

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ