lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20210225091738.GC641347@dell>
Date:   Thu, 25 Feb 2021 09:17:38 +0000
From:   Lee Jones <lee.jones@...aro.org>
To:     Xiaoming Ni <nixiaoming@...wei.com>
Cc:     linux-kernel@...r.kernel.org, stable@...r.kernel.org,
        gregkh@...uxfoundation.org, sashal@...nel.org, tglx@...utronix.de,
        wangle6@...wei.com, zhengyejian1@...wei.com
Subject: Re: [PATCH 4.9.258] futex: fix dead code in attach_to_pi_owner()

On Wed, 24 Feb 2021, Xiaoming Ni wrote:

> The handle_exit_race() function is defined in commit 9c3f39860367
>  ("futex: Cure exit race"), which never returns -EBUSY. This results
> in a small piece of dead code in the attach_to_pi_owner() function:
> 
> 	int ret = handle_exit_race(uaddr, uval, p); /* Never return -EBUSY */
> 	...
> 	if (ret == -EBUSY)
> 		*exiting = p; /* dead code */
> 
> The return value -EBUSY is added to handle_exit_race() in upsteam
> commit ac31c7ff8624409 ("futex: Provide distinct return value when
> owner is exiting"). This commit was incorporated into v4.9.255, before
> the function handle_exit_race() was introduced, whitout Modify
> handle_exit_race().
> 
> To fix dead code, extract the change of handle_exit_race() from
> commit ac31c7ff8624409 ("futex: Provide distinct return value when owner
>  is exiting"), re-incorporated.
> 
> Fixes: 9c3f39860367 ("futex: Cure exit race")
> Cc: stable@...r.kernel.org # v4.9.258
> Signed-off-by: Xiaoming Ni <nixiaoming@...wei.com>
> ---
>  kernel/futex.c | 6 +++---
>  1 file changed, 3 insertions(+), 3 deletions(-)

To clarify, this is not a wholesale back-port from Mainline.

It takes the remaining functional snippet of:

 ac31c7ff8624409 ("futex: Provide distinct return value when owner is exiting")

... and is the correct fix for this issue.

Reviewed-by: Lee Jones <lee.jones@...aro.org>

> diff --git a/kernel/futex.c b/kernel/futex.c
> index b65dbb5d60bb..0fd785410150 100644
> --- a/kernel/futex.c
> +++ b/kernel/futex.c
> @@ -1207,11 +1207,11 @@ static int handle_exit_race(u32 __user *uaddr, u32 uval,
>  	u32 uval2;
>  
>  	/*
> -	 * If the futex exit state is not yet FUTEX_STATE_DEAD, wait
> -	 * for it to finish.
> +	 * If the futex exit state is not yet FUTEX_STATE_DEAD, tell the
> +	 * caller that the alleged owner is busy.
>  	 */
>  	if (tsk && tsk->futex_state != FUTEX_STATE_DEAD)
> -		return -EAGAIN;
> +		return -EBUSY;
>  
>  	/*
>  	 * Reread the user space value to handle the following situation:

-- 
Lee Jones [李琼斯]
Senior Technical Lead - Developer Services
Linaro.org │ Open source software for Arm SoCs
Follow Linaro: Facebook | Twitter | Blog

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ