| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Yo3pq6RngBH9iBOu@localhost.localdomain>
Date: Wed, 25 May 2022 10:32:43 +0200
From: Oscar Salvador <osalvador@...e.de>
To: Miaohe Lin <linmiaohe@...wei.com>
Cc: akpm@...ux-foundation.org, mike.kravetz@...cle.com,
naoya.horiguchi@....com, peterx@...hat.com, apopple@...dia.com,
ying.huang@...el.com, david@...hat.com, songmuchun@...edance.com,
hch@....de, dhowells@...hat.com, cl@...ux.com, linux-mm@...ck.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH v3 1/4] mm: reduce the rcu lock duration
On Wed, May 25, 2022 at 04:18:19PM +0800, Miaohe Lin wrote:
> Commit 3268c63eded4 ("mm: fix move/migrate_pages() race on task struct")
> extends the period of the rcu_read_lock until after the permissions checks
> are done to prevent the task pointed to from changing from under us. But
> the task_struct refcount is also taken at that time, the reference to task
> is guaranteed to be stable. So it's unnecessary to extend the period of
> the rcu_read_lock. Release the rcu lock after task refcount is successfully
> grabbed to reduce the rcu holding time.
>
> Reviewed-by: Muchun Song <songmuchun@...edance.com>
> Reviewed-by: Christoph Hellwig <hch@....de>
> Signed-off-by: Miaohe Lin <linmiaohe@...wei.com>
> Cc: Huang Ying <ying.huang@...el.com>
> Cc: David Howells <dhowells@...hat.com>
> Cc: Christoph Lameter <cl@...ux.com>
Reviewed-by: Oscar Salvador <osalvador@...e.de>
> ---
> mm/mempolicy.c | 3 +--
> mm/migrate.c | 3 +--
> 2 files changed, 2 insertions(+), 4 deletions(-)
>
> diff --git a/mm/mempolicy.c b/mm/mempolicy.c
> index 0b4ba3ee810e..2dad094177bf 100644
> --- a/mm/mempolicy.c
> +++ b/mm/mempolicy.c
> @@ -1609,6 +1609,7 @@ static int kernel_migrate_pages(pid_t pid, unsigned long maxnode,
> goto out;
> }
> get_task_struct(task);
> + rcu_read_unlock();
>
> err = -EINVAL;
>
> @@ -1617,11 +1618,9 @@ static int kernel_migrate_pages(pid_t pid, unsigned long maxnode,
> * Use the regular "ptrace_may_access()" checks.
> */
> if (!ptrace_may_access(task, PTRACE_MODE_READ_REALCREDS)) {
> - rcu_read_unlock();
> err = -EPERM;
> goto out_put;
> }
> - rcu_read_unlock();
>
> task_nodes = cpuset_mems_allowed(task);
> /* Is the user allowed to access the target nodes? */
> diff --git a/mm/migrate.c b/mm/migrate.c
> index e51588e95f57..e88ebb88fa6f 100644
> --- a/mm/migrate.c
> +++ b/mm/migrate.c
> @@ -1902,17 +1902,16 @@ static struct mm_struct *find_mm_struct(pid_t pid, nodemask_t *mem_nodes)
> return ERR_PTR(-ESRCH);
> }
> get_task_struct(task);
> + rcu_read_unlock();
>
> /*
> * Check if this process has the right to modify the specified
> * process. Use the regular "ptrace_may_access()" checks.
> */
> if (!ptrace_may_access(task, PTRACE_MODE_READ_REALCREDS)) {
> - rcu_read_unlock();
> mm = ERR_PTR(-EPERM);
> goto out;
> }
> - rcu_read_unlock();
>
> mm = ERR_PTR(security_task_movememory(task));
> if (IS_ERR(mm))
> --
> 2.23.0
>
>
--
Oscar Salvador
SUSE Labs
Powered by blists - more mailing lists