lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Wed, 1 Sep 2021 19:28:33 -0700
From:   Eric Dumazet <eric.dumazet@...il.com>
To:     jiasheng <jiasheng@...as.ac.cn>, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 10/10] seqlock: Add do_read_seqcount_retry() in front of
 seqcount_lockdep_reader_access() in read_seqbegin()



On 9/1/21 7:16 PM, jiasheng wrote:
> We have found that in the complied files seqcount_lockdep_reader_access()
> appear more than 20 times, and under at least 90% circumstances
> that do_read_seqcount_retry() and seqcount_lockdep_reader_access()
> appear in pairs.
> For example, they appear together in the irqfd_wakeup()
> of the file complie from 'virt/kvm/eventfd.c'.
> But we have found that in the read_seqbegin(), there is only
> seqcount_lockdep_reader_access() instead of the pair.
> Therefore, we consider that the do_read_seqcount_retry()
> might be forgotten.
> 
> Signed-off-by: jiasheng <jiasheng@...as.ac.cn>
> ---
>  include/linux/seqlock.h | 6 ++++--
>  1 file changed, 4 insertions(+), 2 deletions(-)
> 
> diff --git a/include/linux/seqlock.h b/include/linux/seqlock.h
> index f61e34f..14169ce 100644
> --- a/include/linux/seqlock.h
> +++ b/include/linux/seqlock.h
> @@ -837,8 +837,10 @@ typedef struct {
>   */
>  static inline unsigned read_seqbegin(const seqlock_t *sl)
>  {
> -	unsigned ret = read_seqcount_begin(&sl->seqcount);
> -
> +	unsigned int ret;

ret contains garbage at this point.

Calling read_seqcount_retry() with garbage is not going to fly.

Have you really compiled and tested this patch ?

A sane compiler would have complained.

> +
> +	if (read_seqcount_retry(&sl->seqcount, ret))
> +		ret = read_seqcount_begin(&sl->seqcount);
>  	kcsan_atomic_next(0);  /* non-raw usage, assume closing read_seqretry() */
>  	kcsan_flat_atomic_begin();
>  	return ret;
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ