lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <Y3IqrCrDNdM5LDFt@dhcp22.suse.cz>
Date:   Mon, 14 Nov 2022 12:46:52 +0100
From:   Michal Hocko <mhocko@...e.com>
To:     Zhongkun He <hezhongkun.hzk@...edance.com>
Cc:     Andrew Morton <akpm@...ux-foundation.org>, corbet@....net,
        linux-mm@...ck.org, linux-kernel@...r.kernel.org,
        linux-api@...r.kernel.org, linux-doc@...r.kernel.org
Subject: Re: [External] Re: [PATCH v2] mm: add new syscall
 pidfd_set_mempolicy().

On Mon 14-11-22 12:44:48, Michal Hocko wrote:
> On Mon 14-11-22 00:41:21, Zhongkun He wrote:
> > Hi Andrew, thanks for your replay.
> > 
> > > This sounds a bit suspicious.  Please share much more detail about
> > > these races.  If we proced with this design then mpol_put_async()
> > > shouild have comments which fully describe the need for the async free.
> > > 
> > > How do we *know* that these races are fully prevented with this
> > > approach?  How do we know that mpol_put_async() won't free the data
> > > until the race window has fully passed?
> > 
> > A mempolicy can be either associated with a process or with a VMA.
> > All vma manipulation is somewhat protected by a down_read on
> > mmap_lock.In process context there is no locking because only
> > the process accesses its own state before.
> 
> We shouldn't really rely on mmap_sem for this IMO. There is alloc_lock
> (aka task lock) that makes sure the policy is stable so that caller can
> atomically take a reference and hold on the policy. And we do not do
> that consistently and this should be fixed. E.g. just looking at some
> random places like allowed_mems_nr (relying on get_task_policy) is
> completely lockless and some paths (like fadvise) do not use any of the
> explicit (alloc_lock) or implicit (mmap_lock) locking. That means that
> the task_work based approach cannot really work in this case, right?

Just to be more explicit. Task work based approach still requires an
additional synchronization among different threads unless I miss
something so this is really fragile synchronization model.
-- 
Michal Hocko
SUSE Labs

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ