| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20100307031151.GA7546@linux.vnet.ibm.com> Date: Sat, 6 Mar 2010 19:11:52 -0800 From: "Paul E. McKenney" <paulmck@...ux.vnet.ibm.com> To: Herbert Xu <herbert@...dor.apana.org.au> Cc: "David S. Miller" <davem@...emloft.net>, netdev@...r.kernel.org, Stephen Hemminger <shemminger@...tta.com>, arnd@...db.de Subject: Re: [PATCH 6/13] bridge: Add core IGMP snooping support On Sun, Mar 07, 2010 at 10:45:00AM +0800, Herbert Xu wrote: > On Sat, Mar 06, 2010 at 11:00:00AM -0800, Paul E. McKenney wrote: > > > > > Hmmm... rcu_barrier() definitely does -not- imply rcu_barrier_bh(), > > > because there are separate sets of callbacks whose execution can > > > be throttled separately. So, while you would expect RCU-bh grace > > > periods to complete more quickly, if there was a large number of > > > RCU-bh callbacks on a given CPU but very few RCU callbacks, it might > > > well take longer for the RCU-bh callbacks to be invoked. > > > > > > With TREE_PREEMPT_RCU, if there were no RCU readers but one long-running > > > RCU-bh reader, then synchronize_rcu_bh() could return before > > > synchronize_rcu() does. > > OK, then we definitely do have some issues under net/ with respect > to the two types of RCU usage. As you can see, we use the RCU-BH > variant on the read-side in various places, and call_rcu_bh on the > write-side too, but we only ever use the non-BH version of the > functions rcu_barrier and synchronize_rcu. > > Now there is a possibility that the places where we use synchronize > and rcu_barrier don't really care about the BH variant, but an > audit wouldn't hurt. > > > You really are talking about code like the following, correct? > > > > rcu_read_lock(); > > p = rcu_dereference(global_p); > > do_something_with(p); > > rcu_read_unlock(); > > > > . . . > > > > rcu_read_lock_bh(); > > p = rcu_dereference(global_p); > > do_something_else_with(p); > > rcu_read_unlock_bh(); > > > > . . . > > > > spin_lock(&my_lock); > > p = global_p; > > rcu_assign_pointer(global_p, NULL); > > synchronize_rcu(); /* BUG -- also need synchronize_rcu_bh(). */ > > kfree(p); > > spin_unlock(&my_lock); > > > > In other words, different readers traversing the same data structure > > under different flavors of RCU protection, but then using only one > > flavor of RCU grace period during the update? > > We usually don't use synchronize_rcu/rcu_barrier on the update side, > but rather they are used in the tear-down process. > > But otherwise yes this is exactly my concern. > > Note that we may have a problem on the update side too if we used > the wrong call_rcu variant, but it would require a thorough audit > to reveal those. OK, just re-checked your patch, and it looks OK. Also adding Arnd to CC. Arnd, would it be reasonable to extend your RCU-sparse changes to have four different pointer namespaces, one for each flavor of RCU? (RCU, RCU-bh, RCU-sched, and SRCU)? Always a fan of making the computer do the auditing where reasonable. ;-) This could potentially catch the mismatched call_rcu()s, at least if the rcu_head could be labeled. Other thoughts? Thanx, Paul -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists