lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <Y+EupX1jX1c5BAHv@kadam>
Date:   Mon, 6 Feb 2023 19:45:25 +0300
From:   Dan Carpenter <error27@...il.com>
To:     Julia Lawall <julia.lawall@...ia.fr>
Cc:     Luis Chamberlain <mcgrof@...nel.org>,
        Linus Torvalds <torvalds@...ux-foundation.org>,
        Hongchen Zhang <zhanghongchen@...ngson.cn>,
        Alexander Viro <viro@...iv.linux.org.uk>,
        Andrew Morton <akpm@...ux-foundation.org>,
        "Christian Brauner (Microsoft)" <brauner@...nel.org>,
        David Howells <dhowells@...hat.com>,
        Mauro Carvalho Chehab <mchehab@...nel.org>,
        Eric Dumazet <edumazet@...gle.com>,
        "Fabio M. De Francesco" <fmdefrancesco@...il.com>,
        Christophe JAILLET <christophe.jaillet@...adoo.fr>,
        linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org,
        maobibo <maobibo@...ngson.cn>,
        Matthew Wilcox <willy@...radead.org>,
        Sedat Dilek <sedat.dilek@...il.com>
Subject: Re: [PATCH v4] pipe: use __pipe_{lock,unlock} instead of spinlock

On Mon, Feb 06, 2023 at 05:13:02PM +0100, Julia Lawall wrote:
> An analysis with Coccinelle may be highly prone to false positives if the
> issue is very interprocedural.  Maybe smatch would be better suited for
> this?

I have a very good Smatch check for sleeping with preempt disabled
which would have detected this bug.

Where my check falls down is when the call tree is quite long.
Especially if the call tree is very long and there is some kind of
a MAY_SLEEP flag which is set and then checked several functions calls
down the call tree.

The unfortunate thing is that there are lot of sleeping in atomic bugs
and they are quite complicated to analyze because the call trees are
long so I'm not up to date on reviewing the warnings...  You need the
cross function database to review these warnings.  The warning looks
like:

drivers/accel/habanalabs/common/context.c:112 hl_ctx_fini() warn: sleeping in atomic context

That code looks like:
   111                  if (hdev->in_debug)
   112                          hl_device_set_debug_mode(hdev, ctx, false);
   113  

hl_device_set_debug_mode() take a mutex.  Then you do
`smdb.py preempt hl_ctx_fini` and it prints out the call tree which
disables preemption.

cs_ioctl_unreserve_signals() <- disables preempt
-> hl_ctx_put()
   -> hl_ctx_do_release()
      -> hl_ctx_fini()

And so on.  The unreviewed list is going to have more bugs and the other
list is probably mostly false positives outside of the staging/
directory.

regards,
dan carpenter


View attachment "errs-complete" of type "text/plain" (30558 bytes)

View attachment "errs-unreviewed" of type "text/plain" (6356 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ