| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20230812210830.qomi2jacnkc6ogfo@moria.home.lan>
Date: Sat, 12 Aug 2023 17:08:30 -0400
From: Kent Overstreet <kent.overstreet@...ux.dev>
To: Boqun Feng <boqun.feng@...il.com>
Cc: Linus Torvalds <torvalds@...ux-foundation.org>,
linux-bcachefs@...r.kernel.org, linux-kernel@...r.kernel.org,
Peter Zijlstra <peterz@...radead.org>
Subject: Re: [PATCH] bcachefs: six locks: Fix missing barrier on
wait->lock_acquired
On Sat, Aug 12, 2023 at 01:58:58PM -0700, Boqun Feng wrote:
> Given the whole percpu counters for readers thing is similar to
> percpu_rw_semaphore, I took a look at percpu_rwsem and wonder there is
> a path to combine that with SIX lock. And that makes me realize another
> fix may be needed here, considering the following case:
>
> Task A Task B
> ====== ======
> __six_lock_wakeup():
> task = w->task;
> ...
> smp_store_release(&w->locked_acquire, true);
> six_lock_slowpath():
> while (1) {
> if (smp_load_acquire(->lock_acquired))
> break;
> }
>
> six_unlock();
> do_exit(); // Task B ends its life :(
>
> wake_up_process(task); // @task is a dangling task pointer!!!
>
> Looks like get_task_struct() and put_task_struct() are needed here:
> similar to percpu_rwsem_wake_function().
yeah, looks like you're right. Shame about adding more atomics here,
maybe we can convert task->ref to a percpu refcount at some point.
Powered by blists - more mailing lists