lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <4122ef0d-1508-8ce2-df80-874565a612ce@redhat.com>
Date:   Thu, 26 Jan 2023 20:46:45 -0500
From:   Waiman Long <longman@...hat.com>
To:     David Laight <David.Laight@...LAB.COM>,
        'Hernan Ponce de Leon' <hernan.poncedeleon@...weicloud.com>,
        Peter Zijlstra <peterz@...radead.org>
Cc:     "paulmck@...nel.org" <paulmck@...nel.org>,
        Arjan van de Ven <arjan@...ux.intel.com>,
        "mingo@...hat.com" <mingo@...hat.com>,
        "will@...nel.org" <will@...nel.org>,
        "boqun.feng@...il.com" <boqun.feng@...il.com>,
        "akpm@...l.org" <akpm@...l.org>,
        "tglx@...utronix.de" <tglx@...utronix.de>,
        "joel@...lfernandes.org" <joel@...lfernandes.org>,
        "stern@...land.harvard.edu" <stern@...land.harvard.edu>,
        "diogo.behrens@...wei.com" <diogo.behrens@...wei.com>,
        "jonas.oberhauser@...wei.com" <jonas.oberhauser@...wei.com>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        Hernan Ponce de Leon <hernanl.leon@...wei.com>,
        "stable@...r.kernel.org" <stable@...r.kernel.org>,
        Jonas Oberhauser <jonas.oberhauser@...weicloud.com>
Subject: Re: [PATCH] Fix data race in mark_rt_mutex_waiters


On 1/26/23 17:10, David Laight wrote:
> From: Hernan Ponce de Leon
>> Sent: 26 January 2023 21:07
> ...
>>    static __always_inline void rt_mutex_clear_owner(struct rt_mutex_base
>> *lock)
>> @@ -232,12 +232,7 @@ static __always_inline bool
>> rt_mutex_cmpxchg_release(struct rt_mutex_base *lock,
>>     */
>>    static __always_inline void mark_rt_mutex_waiters(struct rt_mutex_base
>> *lock)
>>    {
>> -	unsigned long owner, *p = (unsigned long *) &lock->owner;
>> -
>> -	do {
>> -		owner = *p;
>> -	} while (cmpxchg_relaxed(p, owner,
>> -				 owner | RT_MUTEX_HAS_WAITERS) != owner);
>> +	atomic_long_or(RT_MUTEX_HAS_WAITERS, (atomic_long_t *)&lock->owner);
> These *(int_type *)&foo accesses (quite often just plain wrong)
> made me look up the definitions.
>
> All one big accident waiting to happen...
> RT_MUTEX_HAS_WAITERS is defined in a different header to the structure.
> The explanatory comment is in a 3rd file.
>
> It would all be safer if lock->owner were atomic_long_t with a comment
> that it was the waiting task_struct | RT_MUTEX_HAS_WAITERS.
>
> Given the actual definition is rt_mutex_base_is_locked() even correct?

It is arguable if it should be considered locked if a waiter is waiting 
but the lock is at an unlock state at the moment. Mutex has a narrower 
definition of locked while others have a broader one.

Cheers,
Longman

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ