| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20221021134309.GG5600@paulmck-ThinkPad-P17-Gen-1>
Date: Fri, 21 Oct 2022 06:43:09 -0700
From: "Paul E. McKenney" <paulmck@...nel.org>
To: Christoph Lameter <cl@...two.de>
Cc: rcu@...r.kernel.org, linux-kernel@...r.kernel.org,
kernel-team@...com, rostedt@...dmis.org,
Pekka Enberg <penberg@...nel.org>,
David Rientjes <rientjes@...gle.com>,
Joonsoo Kim <iamjoonsoo.kim@....com>,
Andrew Morton <akpm@...ux-foundation.org>,
Vlastimil Babka <vbabka@...e.cz>,
Roman Gushchin <roman.gushchin@...ux.dev>,
Hyeonggon Yoo <42.hyeyoo@...il.com>, linux-mm@...ck.org
Subject: Re: [PATCH rcu 5/8] slab: Explain why SLAB_DESTROY_BY_RCU reference
before locking
On Fri, Oct 21, 2022 at 09:44:23AM +0200, Christoph Lameter wrote:
> On Wed, 19 Oct 2022, Paul E. McKenney wrote:
>
> > It is not obvious to the casual user why it is absolutely necessary to
> > acquire a reference to a SLAB_DESTROY_BY_RCU structure before acquiring
> > a lock in that structure. Therefore, add a comment explaining this point.
>
> Sorry but this is not correct and difficult to comprehend.
>
> 1. You do not need a reference to a slab object after it was allocated.
> Objects must be properly protected by rcu_locks.
>
> 2. Locks are initialized once on slab allocation via a constructor (*not* on object allocation via kmem_cache_alloc)
>
> 3. Modifying locks at allocation/free is not possible since references to
> these objects may still persist after free and before alloc.
>
> 4. The old term SLAB_DESTROY_BY_RCU is used here.
Thank you for looking this over, but Vlastimil beat you to it. How does
the update below look?
Thanx, Paul
------------------------------------------------------------------------
commit ff4c536e6b44e2e185e38c3653851f92e07139da
Author: Paul E. McKenney <paulmck@...nel.org>
Date: Mon Sep 26 08:57:56 2022 -0700
slab: Explain why SLAB_TYPESAFE_BY_RCU reference before locking
It is not obvious to the casual user why it is absolutely necessary to
acquire a reference to a SLAB_TYPESAFE_BY_RCU structure before acquiring
a lock in that structure. Therefore, add a comment explaining this point.
[ paulmck: Apply Vlastimil Babka feedback. ]
Signed-off-by: Paul E. McKenney <paulmck@...nel.org>
Cc: Christoph Lameter <cl@...ux.com>
Cc: Pekka Enberg <penberg@...nel.org>
Cc: David Rientjes <rientjes@...gle.com>
Cc: Joonsoo Kim <iamjoonsoo.kim@....com>
Cc: Andrew Morton <akpm@...ux-foundation.org>
Cc: Vlastimil Babka <vbabka@...e.cz>
Cc: Roman Gushchin <roman.gushchin@...ux.dev>
Cc: Hyeonggon Yoo <42.hyeyoo@...il.com>
Cc: <linux-mm@...ck.org>
diff --git a/include/linux/slab.h b/include/linux/slab.h
index 90877fcde70bd..487418c7ea8cd 100644
--- a/include/linux/slab.h
+++ b/include/linux/slab.h
@@ -76,6 +76,17 @@
* rcu_read_lock before reading the address, then rcu_read_unlock after
* taking the spinlock within the structure expected at that address.
*
+ * Note that it is not possible to acquire a lock within a structure
+ * allocated with SLAB_TYPESAFE_BY_RCU without first acquiring a reference
+ * as described above. The reason is that SLAB_TYPESAFE_BY_RCU pages
+ * are not zeroed before being given to the slab, which means that any
+ * locks must be initialized after each and every kmem_struct_alloc().
+ * Alternatively, make the ctor passed to kmem_cache_create() initialize
+ * the locks at page-allocation time, as is done in __i915_request_ctor(),
+ * sighand_ctor(), and anon_vma_ctor(). Such a ctor permits readers
+ * to safely acquire those ctor-initialized locks under rcu_read_lock()
+ * protection.
+ *
* Note that SLAB_TYPESAFE_BY_RCU was originally named SLAB_DESTROY_BY_RCU.
*/
/* Defer freeing slabs to RCU */
Powered by blists - more mailing lists