| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 1 May 2013 13:08:38 +0100 From: Ben Hutchings <bhutchings@...arflare.com> To: Benjamin Herrenschmidt <benh@...nel.crashing.org> CC: Eric Dumazet <eric.dumazet@...il.com>, David Miller <davem@...emloft.net>, netdev <netdev@...r.kernel.org>, Paul Mackerras <paulus@...ba.org>, "Ambrose Feinstein" <ambrose@...gle.com>, <linuxppc-dev@...ts.ozlabs.org> Subject: Re: [PATCH net-next] af_unix: fix a fatal race with bit fields On Wed, 2013-05-01 at 11:39 +1000, Benjamin Herrenschmidt wrote: > On Tue, 2013-04-30 at 18:12 -0700, Eric Dumazet wrote: > > From: Eric Dumazet <edumazet@...gle.com> > > > > Using bit fields is dangerous on ppc64, as the compiler uses 64bit > > instructions to manipulate them. If the 64bit word includes any > > atomic_t or spinlock_t, we can lose critical concurrent changes. > > > > This is happening in af_unix, where unix_sk(sk)->gc_candidate/ > > gc_maybe_cycle/lock share the same 64bit word. > > > > This leads to fatal deadlock, as one/several cpus spin forever > > on a spinlock that will never be available again. > > > > Reported-by: Ambrose Feinstein <ambrose@...gle.com> > > Signed-off-by: Eric Dumazet <edumazet@...gle.com> > > Cc: Benjamin Herrenschmidt <benh@...nel.crashing.org> > > Cc: Paul Mackerras <paulus@...ba.org> > > --- > > > > Could ppc64 experts confirm using byte is safe, or should we really add > > a 32bit hole after the spinlock ? If so, I wonder how many other places > > need a change... > > Wow, nice one ! > > I'm not even completely certain bytes are safe to be honest, though > probably more than bitfields. I'll poke our compiler people. There is a longstanding and hard-to-fix bug in gcc that is specific to bitfields. I think that the underlying type isn't propagated, so when it comes to code generation the compiler doesn't know the natural width for the memory access. As for bytes - early Alphas couldn't load/store less than 32 bits, but I doubt anyone cares any more. > The worry is of course how many more of these do we potentially have ? > We might be able to automate finding these issues with sparse, I > suppose. > > Also I'd be surprised if ppc64 is the only one with that problem... what > about sparc64 and arm64 ? I expect they can have the same general problem, but gcc may be more or less keen to generate 64-bit load/store instructions for bitfields on different architectures. Ben. -- Ben Hutchings, Staff Engineer, Solarflare Not speaking for my employer; that's the marketing department's job. They asked us to note that Solarflare product names are trademarked. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists