lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Wed, 27 Oct 2021 07:12:06 +0000
From:   songyuanzheng <songyuanzheng@...wei.com>
To:     Dennis Zhou <dennis@...nel.org>, Christoph Lameter <cl@...two.de>
CC:     "tj@...nel.org" <tj@...nel.org>,
        "akpm@...ux-foundation.org" <akpm@...ux-foundation.org>,
        "linux-mm@...ck.org" <linux-mm@...ck.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: RE: [PATCH -next] mm/percpu: fix data-race with
 pcpu_nr_empty_pop_pages

Hello,

Thanks for the advice, Dennis Zhou and Christoph Lameter. 
I really appreciate it.
I edited this patch by changing the pcpu_nr_empty_pop_pages to atomic_t variable.

Here is the v2 patch: https://patchwork.kernel.org/project/linux-mm/patch/20211026084312.2138852-1-songyuanzheng@huawei.com/.
Would you mind reviewing it again?

Thanks,
Yuanzheng Song

-----Original Message-----
From: Dennis Zhou [mailto:dennis@...nel.org] 
Sent: Tuesday, October 26, 2021 10:42 AM
To: Christoph Lameter <cl@...two.de>
Cc: songyuanzheng <songyuanzheng@...wei.com>; dennis@...nel.org; tj@...nel.org; akpm@...ux-foundation.org; linux-mm@...ck.org; linux-kernel@...r.kernel.org
Subject: Re: [PATCH -next] mm/percpu: fix data-race with pcpu_nr_empty_pop_pages

Hello,

On Mon, Oct 25, 2021 at 09:50:48AM +0200, Christoph Lameter wrote:
> On Mon, 25 Oct 2021, Yuanzheng Song wrote:
> 
> > When reading the pcpu_nr_empty_pop_pages in pcpu_alloc() and writing 
> > the pcpu_nr_empty_pop_pages in
> > pcpu_update_empty_pages() at the same time, the data-race occurs.
> 
> Looks like a use case for the atomic RMV instructions.
> 

Yeah. I see 2 options. Switch the variable over to an atomic or we can move the read behind pcpu_lock. All the writes are already behind it othewise that would actually be problematic. In this particular case, reading a wrong # of empty pages isn't a big deal as eventually the background work will get scheduled.

Thanks,
Dennis

> > To fix this issue, use READ_ONCE() and WRITE_ONCE() to read and 
> > write the pcpu_nr_empty_pop_pages.
> 
> Never thought that READ_ONCE and WRITE_ONCE can fix races like this. 
> Really?
> 
> > diff --git a/mm/percpu.c b/mm/percpu.c index 
> > 293009cc03ef..e8ef92e698ab 100644
> > --- a/mm/percpu.c
> > +++ b/mm/percpu.c
> > @@ -574,7 +574,9 @@ static void pcpu_isolate_chunk(struct pcpu_chunk 
> > *chunk)
> >
> >  	if (!chunk->isolated) {
> >  		chunk->isolated = true;
> > -		pcpu_nr_empty_pop_pages -= chunk->nr_empty_pop_pages;
> > +		WRITE_ONCE(pcpu_nr_empty_pop_pages,
> > +			   READ_ONCE(pcpu_nr_empty_pop_pages) -
> > +			   chunk->nr_empty_pop_pages);
> 
> atomic_sub()?
> 
> >  	}
> >  	list_move(&chunk->list, 
> > &pcpu_chunk_lists[pcpu_to_depopulate_slot]);
> >  }
> > @@ -585,7 +587,9 @@ static void pcpu_reintegrate_chunk(struct 
> > pcpu_chunk *chunk)
> >
> >  	if (chunk->isolated) {
> >  		chunk->isolated = false;
> > -		pcpu_nr_empty_pop_pages += chunk->nr_empty_pop_pages;
> > +		WRITE_ONCE(pcpu_nr_empty_pop_pages,
> > +			   READ_ONCE(pcpu_nr_empty_pop_pages) +
> > +			   chunk->nr_empty_pop_pages);
> 
> atomic_add()?
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ