lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <cc66a5aa-b9b4-8085-f6f7-02009b391389@gmail.com>
Date:   Thu, 3 Feb 2022 23:54:46 +0000
From:   Pavel Begunkov <asml.silence@...il.com>
To:     Usama Arif <usama.arif@...edance.com>, io-uring@...r.kernel.org,
        axboe@...nel.dk, linux-kernel@...r.kernel.org
Cc:     fam.zheng@...edance.com
Subject: Re: [PATCH v5 2/4] io_uring: avoid ring quiesce while
 registering/unregistering eventfd

On 2/3/22 23:46, Pavel Begunkov wrote:
> On 2/3/22 23:34, Usama Arif wrote:
>> This is done by creating a new RCU data structure (io_ev_fd) as part of
>> io_ring_ctx that holds the eventfd_ctx.
>>
>> The function io_eventfd_signal is executed under rcu_read_lock with a
>> single rcu_dereference to io_ev_fd so that if another thread unregisters
>> the eventfd while io_eventfd_signal is still being executed, the
>> eventfd_signal for which io_eventfd_signal was called completes
>> successfully.
>>
>> The process of registering/unregistering eventfd is done under a lock
>> so multiple threads don't enter a race condition while
>> registering/unregistering eventfd.
>>
>> With the above approach ring quiesce can be avoided which is much more
>> expensive then using RCU lock. On the system tested, io_uring_reigster with
>> IORING_REGISTER_EVENTFD takes less than 1ms with RCU lock, compared to 15ms
>> before with ring quiesce.
>>
>> Signed-off-by: Usama Arif <usama.arif@...edance.com>
>> ---
>>   fs/io_uring.c | 116 ++++++++++++++++++++++++++++++++++++++++----------
>>   1 file changed, 93 insertions(+), 23 deletions(-)
>>
[...]
>> +
>> +static void io_eventfd_put(struct rcu_head *rcu)
>> +{
>> +    struct io_ev_fd *ev_fd = container_of(rcu, struct io_ev_fd, rcu);
>> +    struct io_ring_ctx *ctx = ev_fd->ctx;
>> +
>> +    eventfd_ctx_put(ev_fd->cq_ev_fd);
>> +    kfree(ev_fd);
>> +    rcu_assign_pointer(ctx->io_ev_fd, NULL);
>>   }
> 
> Emm, it happens after the grace period, so you have a gap where a
> request may read a freed eventfd... What I think you wanted to do
> is more like below:
> 
> 
> io_eventfd_put() {
>      evfd = ...;
>      eventfd_ctx_put(evfd->evfd);
>      kfree(io_ev_fd);
> }
> 
> register() {

s/register/unregister/

>      mutex_lock();
>      ev_fd = rcu_deref();
>      if (ev_fd) {
>          rcu_assign_pointer(ctx->evfd, NULL);
>          call_rcu(&ev_fd->evfd, io_eventfd_put);
>      }
>      mutex_unlock();
> }
> 
> 
> Note, there's no need in ->unregistering. I also doubt you need
> ->ev_fd_lock, how about just using already taken ->uring_lock?

-- 
Pavel Begunkov

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ