| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 27 May 2010 06:18:46 +0200 From: Eric Dumazet <eric.dumazet@...il.com> To: Anton Blanchard <anton@...ba.org> Cc: David Miller <davem@...emloft.net>, netdev@...r.kernel.org Subject: Re: Warning in net/ipv4/af_inet.c:154 Le jeudi 27 mai 2010 à 13:56 +1000, Anton Blanchard a écrit : > Hi Eric, > > > You are 100% right David, maybe we should add a test when changing > > sk_forward_alloc to test if socket is locked (lockdep only test), but > > that's for 2.6.36 :) > > Thanks for the patch, unfortunately I can still hit the WARN_ON. I'm somewhat > confused by the two stage locking in the socket lock (ie sk_lock.slock and > sk_lock.owned). > > What state should the socket lock be in for serialising updates of > sk_forward_alloc? In some cases we appear to update it with sk_lock.slock = > unlocked, sk_lock.owned = 1: > > NIP [c0000000005b4ad0] .sock_queue_rcv_skb > LR [c0000000005b4acc] .sock_queue_rcv_skb > Call Trace: > [c0000000005f9fcc] .ip_queue_rcv_skb > [c00000000061d604] .__udp_queue_rcv_skb > [c0000000005b1a38] .release_sock > [c0000000006205f0] .udp_sendmsg > [c0000000006290d4] .inet_sendmsg > [c0000000005abfb4] .sock_sendmsg > [c0000000005ae9dc] .SyS_sendto > [c0000000005ab6c0] .SyS_send > > And other times we update it with sk_lock.slock = locked, sk_lock.owned = 0: > > NIP [c0000000005b2b6c] .sock_rfree > LR [c0000000005b2b68] .sock_rfree > Call Trace: > [c0000000005bca10] .skb_free_datagram_locked > [c00000000061fe88] .udp_recvmsg > [c0000000006285e8] .inet_recvmsg > [c0000000005abe0c] .sock_recvmsg > [c0000000005ae358] .SyS_recvfrom > > I see we sometimes take sk_lock.slock then check the owned field, but we > aren't doing that all the time. > Old rule was : A Process context was using lock + test_and_set_or_sleep + unlock (sk_lock.slock = unlocked, sk_lock.owned = 1) softirq handler was using : (sk_lock.slock = locked, sk_lock.owned =0) I added a shortcut, but it seems wrong as is Process context : lock only (sk_lock.slock = locked, sk_lock.owned = ???) So I should add a test on owned. If set (by another thread), we should take the slow path. Thanks ! -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists