| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2b4aea8d-a038-e347-7f6f-10476d771b7e@redhat.com>
Date: Wed, 21 Jul 2021 12:59:39 +0200
From: Paolo Bonzini <pbonzini@...hat.com>
To: Hillf Danton <hdanton@...a.com>,
Thomas Gleixner <tglx@...utronix.de>
Cc: Sebastian Andrzej Siewior <bigeasy@...utronix.de>,
"Michael S. Tsirkin" <mst@...hat.com>, linux-mm@...ck.org,
LKML <linux-kernel@...r.kernel.org>,
Al Viro <viro@...iv.linux.org.uk>
Subject: Re: 5.13-rt1 + KVM = WARNING: at fs/eventfd.c:74 eventfd_signal()
On 21/07/21 12:11, Hillf Danton wrote:
> On Wed, 21 Jul 2021 09:25:32 +0200 Thomas Gleixner wrote:
>> On Wed, Jul 21 2021 at 15:04, Hillf Danton wrote:
>>>
>>> But the preempting waker can not make sense without the waiter who is bloody
>>> special. Why is it so in the first place? Or it is not at all but the race
>>> existing from Monday to Friday.
>>
>> See the large comment in eventfd_poll().
>
> Is it likely for a reader to make eventfd_poll() return 0?
>
> read * poll write
> ---- * ----------------- ------------
> * count = ctx->count (INVALID!)
> * lock ctx->qwh.lock
> * ctx->count += n
> * **waitqueue_active is false**
> * **no wake_up_locked_poll!**
> * unlock ctx->qwh.lock
>
> lock ctx->qwh.lock
> *cnt = (ctx->flags & EFD_SEMAPHORE) ? 1 : ctx->count;
> ctx->count -= *cnt;
> **waitqueue_active is false**
> unlock ctx->qwh.lock
>
> * lock ctx->wqh.lock (in poll_wait)
> * __add_wait_queue
> * unlock ctx->wqh.lock
> * eventfd_poll returns 0
> */
> count = READ_ONCE(ctx->count);
>
No, it's simply impossible. The same comment explains why: "count =
ctx->count" cannot move above poll_wait's locking of ctx->wqh.lock.
Paolo
Powered by blists - more mailing lists