| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250812080046.GF4067720@noisy.programming.kicks-ass.net> Date: Tue, 12 Aug 2025 10:00:46 +0200 From: Peter Zijlstra <peterz@...radead.org> To: Christian Loehle <christian.loehle@....com> Cc: tj@...nel.org, arighi@...dia.com, void@...ifault.com, linux-kernel@...r.kernel.org, sched-ext@...ts.linux.dev, changwoo@...lia.com, hodgesd@...a.com, mingo@...hat.com, jake@...lion.co.uk Subject: Re: [PATCH v4 0/3] sched_ext: Harden scx_bpf_cpu_rq() On Mon, Aug 11, 2025 at 10:21:47PM +0100, Christian Loehle wrote: > scx_bpf_cpu_rq() currently allows accessing struct rq fields without > holding the associated rq. > It is being used by scx_cosmos, scx_flash, scx_lavd, scx_layered, and > scx_tickless. Fortunately it is only ever used to fetch rq->curr. > So provide an alternative scx_bpf_task_acquire_remote_curr() that > doesn't expose struct rq and provide a hardened scx_bpf_cpu_rq_locked() > by ensuring we hold the rq lock. > Add a deprecation warning to scx_bpf_cpu_rq_locked() that mentions the > two alternatives. > > This also simplifies scx code from: > > rq = scx_bpf_cpu_rq(cpu); > if (!rq) > return; > p = rq->curr > if (!p) > return; > /* ... Do something with p */ > > into: > > p = scx_bpf_task_acquire_remote_curr(cpu); > if (!p) > return; > /* ... Do something with p */ > bpf_task_release(p); Why do that mandatory refcount dance, rather than directly exposing the RCU-ness of that pointer? IIRC BPF was good with RCU.
Powered by blists - more mailing lists