| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <0807e0cc-457b-49bd-bce5-a961ad7f0ffb@semidynamics.com>
Date: Mon, 17 Mar 2025 18:01:07 +0100
From: Ignacio Encinas Rubio <ignacio.encinas@...idynamics.com>
To: Dominique Martinet <asmadeus@...ewreck.org>,
Ignacio Encinas <ignacio@...cinas.com>
Cc: linux-kernel-mentees@...ts.linux.dev, skhan@...uxfoundation.org,
Eric Van Hensbergen <ericvh@...nel.org>, Latchesar Ionkov
<lucho@...kov.net>, Christian Schoenebeck <linux_oss@...debyte.com>,
Sishuai Gong <sishuai.system@...il.com>, Marco Elver <elver@...gle.com>,
v9fs@...ts.linux.dev, linux-kernel@...r.kernel.org,
syzbot+d69a7cc8c683c2cb7506@...kaller.appspotmail.com,
syzbot+483d6c9b9231ea7e1851@...kaller.appspotmail.com
Subject: Re: [PATCH v2] 9p/trans_fd: mark concurrent read and writes to
p9_conn->err
On 16/3/25 22:24, Dominique Martinet wrote:
> Ignacio Encinas wrote on Thu, Mar 13, 2025 at 07:08:19PM +0100:
>> Changes in v2:
>>
>> Drop unnecessary READ_ONCE in p9_fd_request (that I added in v1)
>
> Ah, sorry; I think you misread my comment for v1 (or perhaps you
> disagreed in the response and I misread that!)
Yeah, I disagreed. Sorry about the misunderstanding. As these are not
strictly necessary I thought it would be best to not add them.
> I was thinking that style-wise it's better to access the err field
> through READ/WRITE_ONCE everywhere, even if it's locked; so suggested
> this diff from v1:
> ----
> diff --git a/net/9p/trans_fd.c b/net/9p/trans_fd.c
> index f163f6fc7354..65270c028f52 100644
> --- a/net/9p/trans_fd.c
> +++ b/net/9p/trans_fd.c
> @@ -192,7 +192,7 @@ static void p9_conn_cancel(struct p9_conn *m, int err)
>
> spin_lock(&m->req_lock);
>
> - if (m->err) {
> + if (READ_ONCE(m->err)) {
> spin_unlock(&m->req_lock);
> return;
> }
> ----
Got it. I'll follow your recommendation for the v3. I'll reflect it in
the commit message just in case someone does a git blame and wonders
about these couple of READ_ONCEs.
>
> OTOH, looking at this again:
>> -- if (m->err < 0) {
>> -+ if (READ_ONCE(m->err) < 0) {
>> - spin_unlock(&m->req_lock);
>> - return m->err;
>
> There's this access out of the lock so perhaps this should look like
> this instead (with or without the READ_ONCE)
>
> + err = READ_ONCE(m->err);
> + if (err < 0) {
> spin_unlock(&m->req_lock);
> - return m->err;
> + return err;
Oops, this is embarrassing... Thanks for catching it.
> Anyway, m->err is only written exactly once so it doesn't matter the
> least in practice,
I think this one deserves a fix, I disagree :)
> and it looks like gcc generates exactly the same
> thing (... even if I make that `return READ_ONCE(m->err)` which
> surprises me a bit..), so this is just yak shaving.
This is weird... I'll double check because it shouldn't generate the
same code as far as I know.
> I don't care all that much so I'll just pick this v2 as it's more
> consistent, but feel free to send a v3 if you have an opinion, or if
> someone else chips in.
To summarize, my plan is sending a v3 with the couple of READ_ONCE you
suggested and fixing the unlocked plain access.
Thanks!
Powered by blists - more mailing lists