lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20220926130808.GD12777@breakpoint.cc>
Date:   Mon, 26 Sep 2022 15:08:08 +0200
From:   Florian Westphal <fw@...len.de>
To:     Michal Hocko <mhocko@...e.com>
Cc:     Florian Westphal <fw@...len.de>, linux-mm@...ck.org,
        linux-kernel@...r.kernel.org, vbabka@...e.cz,
        akpm@...ux-foundation.org, urezki@...il.com,
        netdev@...r.kernel.org, netfilter-devel@...r.kernel.org,
        Martin Zaharinov <micron10@...il.com>
Subject: Re: [PATCH mm] mm: fix BUG with kvzalloc+GFP_ATOMIC

Michal Hocko <mhocko@...e.com> wrote:
> On Mon 26-09-22 12:08:00, Florian Westphal wrote:
> > Michal Hocko <mhocko@...e.com> wrote:
> > > +		old_tbl = rht_dereference_rcu(ht->tbl, ht);
> > > +		size = tbl->size;
> > > +
> > > +		data = ERR_PTR(-EBUSY);
> > > +
> > > +		if (rht_grow_above_75(ht, tbl))
> > > +			size *= 2;
> > > +		/* Do not schedule more than one rehash */
> > > +		else if (old_tbl != tbl)
> > > +			return data;
> > > +
> > > +		data = ERR_PTR(-ENOMEM);
> > > +
> > > +		rcu_read_unlock();
> > > +		new_tbl = bucket_table_alloc(ht, size, GFP_KERNEL);
> > > +		rcu_read_lock();
> > 
> > I don't think this is going to work, there can be callers that
> > rely on rcu protected data structures getting free'd.
> 
> The caller of this function drops RCU for each retry, why should be the
> called function any special?

I was unfortunately never able to fully understand rhashtable.
AFAICS the rcu_read_lock/unlock in the caller is pointless,
or at least dubious.

To the best of my knowledge there are users of this interface that
invoke it with rcu read lock held, and since those always nest, the
rcu_read_unlock() won't move us to GFP_KERNEL territory.

I guess you can add a might_sleep() and ask kernel to barf at runtime.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ