| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 26 Oct 2023 17:03:26 +0200
From: Peter Zijlstra <peterz@...radead.org>
To: Abhinav Singh <singhabhinav9051571833@...il.com>
Cc: akpm@...ux-foundation.org, brauner@...nel.org, surenb@...gle.com,
mst@...hat.com, michael.christie@...cle.com,
mathieu.desnoyers@...icios.com, mjguzik@...il.com,
npiggin@...il.com, shakeelb@...gle.com,
linux-kernel@...r.kernel.org,
linux-kernel-mentees@...ts.linuxfoundation.org,
Oleg Nesterov <oleg@...hat.com>, dhowells@...hat.com
Subject: Re: [PATCH] Fixing directly deferencing a __rcu pointer warning
$Subject should indicate a subsystem, also you seem to have a somewhat
random collection of Cc. It looks like dhowells is the cred guy and he's
not on.
On Thu, Oct 26, 2023 at 05:57:48PM +0530, Abhinav Singh wrote:
> This patch fixes the warning about directly dereferencing a pointer
> tagged with __rcu annotation.
>
> Dereferencing the pointers tagged with __rcu directly should
> always be avoided according to the docs. There is a rcu helper
> functions rcu_dereference(...) to use when dereferencing a __rcu
> pointer. This functions returns the non __rcu tagged pointer which
> can be dereferenced just like a normal pointers.
>
> Signed-off-by: Abhinav Singh <singhabhinav9051571833@...il.com>
> ---
> kernel/fork.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/kernel/fork.c b/kernel/fork.c
> index 10917c3e1f03..802b7bbe3d92 100644
> --- a/kernel/fork.c
> +++ b/kernel/fork.c
> @@ -2369,7 +2369,7 @@ __latent_entropy struct task_struct *copy_process(
>
> retval = -EAGAIN;
> if (is_rlimit_overlimit(task_ucounts(p), UCOUNT_RLIMIT_NPROC, rlimit(RLIMIT_NPROC))) {
> - if (p->real_cred->user != INIT_USER &&
> + if (rcu_dereference(p->real_cred)->user != INIT_USER &&
> !capable(CAP_SYS_RESOURCE) && !capable(CAP_SYS_ADMIN))
> goto bad_fork_cleanup_count;
> }
This seems entirely misguided and only makes the code more confusing.
AFAICT at this point @p is not life, we're constructing the new task,
but it's not yet published, therefore no concurrency possible.
Additionally we're not actually in an RCU critical section afaict.
> @@ -2692,7 +2692,7 @@ __latent_entropy struct task_struct *copy_process(
> */
> p->signal->has_child_subreaper = p->real_parent->signal->has_child_subreaper ||
> p->real_parent->signal->is_child_subreaper;
> - list_add_tail(&p->sibling, &p->real_parent->children);
> + list_add_tail(&p->sibling, &(rcu_dereference(p->real_parent)->children));
> list_add_tail_rcu(&p->tasks, &init_task.tasks);
> attach_pid(p, PIDTYPE_TGID);
> attach_pid(p, PIDTYPE_PGID);
As to the real_parent, we hold the tasklist lock, which is the write
side lock for parent stuff, so rcu dereference is pointless here.
Powered by blists - more mailing lists