lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <6d1c5a49-fc16-5fc7-e527-8cb91ec0d25c@oracle.com>
Date:   Mon, 13 Jun 2022 12:36:12 +1000
From:   Imran Khan <imran.f.khan@...cle.com>
To:     Tejun Heo <tj@...nel.org>
Cc:     viro@...iv.linux.org.uk, gregkh@...uxfoundation.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH RESEND v4 1/4] kernfs: make ->attr.open RCU protected.

Hello Tejun,

On 13/6/22 3:58 am, Tejun Heo wrote:
> Hello,
> 
> Sorry about the long delay.
>
No problem.

[...]
>> +/**
>> + * kernfs_check_open_node_protected - Get kernfs_open_node corresponding to @kn
>> + *
>> + * @kn: target kernfs_node.
>> + *
>> + * Fetch and return ->attr.open of @kn when caller(reader) holds
>> + * kernfs_open_file_mutex.
>> + *
>> + * Update of ->attr.open happens under kernfs_open_file_mutex. So as long as
>> + * the current reader (caller) is holding this mutex, updaters will not be
>> + * able to change ->attr.open and this means that we can safely deref
>> + * ->attr.open outside RCU read-side critical section.
>> + *
>> + * This should ONLY be used by readers of ->attr.open and caller needs to make
>> + * sure that kernfs_open_file_mutex is held.
>> + */
>> +static struct kernfs_open_node *
>> +kernfs_check_open_node_protected(struct kernfs_node *kn)
>> +{
>> +	return rcu_dereference_check(kn->attr.open,
>> +				      lockdep_is_held(&kernfs_open_file_mutex));
>> +}
> 
> I don't understand why the above is necessary. Whether you're a reader or
> writer, you can deref the pointer w/ _protected as long as you're holding
> the lock, right?

As per [1], we should use rcu_dereference_check() for the reader side when we
are holding the lock.

> If I'm mistaken and somehow a reader needs to use a
> deref_check, I don't see a reason for this to be a separate accessor. Why
> not just merge the condition into the kernfs_deref_open_node()?
>

I have not merged lockdep_is_held(&kernfs_open_file_mutex) in
kernfs_deref_open_node() because not all users of kernfs_deref_open_node() (i.e.
kernfs_seq_show(), kernfs_file_read_iter(), kernfs_generic_poll()) can guarantee
that kernfs_open_file_mutex has been acquired. So at the moment we have 2
helpers around rcu_dereference_check, kernfs_check_open_node_protected() for
readers under kernfs_open_file_mutex and kernfs_deref_open_node for readers that
rely on existence of kernfs_open_file by making sure that ->list is not empty.

Could you please let me know if this sounds reasonable to you ?

[1]:
https://www.kernel.org/doc/html/v5.6/RCU/rcu_dereference.html#which-member-of-the-rcu-dereference-family-should-you-use


Thanks again for your review.
  -- Imran

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ