lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Mon, 15 Jun 2015 16:24:22 -0700
From:	Eric Dumazet <eric.dumazet@...il.com>
To:	subashab@...eaurora.org
Cc:	netdev@...r.kernel.org
Subject: Re: [PATCH] rps: Handle double list_add at __napi_schedule

On Mon, 2015-06-15 at 21:46 +0000, subashab@...eaurora.org wrote:
> When NAPI_STATE_SCHED state is not set, enqueue_to_backlog()
> will queue an IPI and add the backlog queue to the poll list. A packet
> added by RPS onto the core could also add the NAPI backlog struct to the
> poll list. This double addition to the list causes a crash -
> 
> 2920.540304:   <2> list_add double add: new=ffffffc076ed2930,
> prev=ffffffc076ed2930, next=ffffffc076ed2850.
>    [<ffffffc000460dd4>] __list_add+0xcc/0xf0
> 2921.064962:   <2> [<ffffffc000b44880>] rps_trigger_softirq+0x1c/0x40
> 2921.070779:   <2> [<ffffffc000284a14>]
> generic_smp_call_function_single_interrupt+0xe8/0x12c
> 2921.078678:   <2> [<ffffffc00020d9ac>] handle_IPI+0x8c/0x1ec
> 2921.083796:   <2> [<ffffffc000200714>] gic_handle_irq+0x94/0xb0
> 
> Fix this race for double addition to list by checking the NAPI state.
> 
> Acked-by: Sharat Masetty <smasetty@....qualcomm.com>
> Signed-off-by: Subash Abhinov Kasiviswanathan <subashab@...eaurora.org>
> 
> diff --git a/net/core/dev.c b/net/core/dev.c
> index 6f561de..57d6d39 100644
> --- a/net/core/dev.c
> +++ b/net/core/dev.c
> @@ -3225,7 +3225,8 @@ static void rps_trigger_softirq(void *data)
>  {
>         struct softnet_data *sd = data;
> 
> -       ____napi_schedule(sd, &sd->backlog);
> +       if (!test_bit(NAPI_STATE_SCHED, &sd->backlog.state))
> +               ____napi_schedule(sd, &sd->backlog);
>         sd->received_rps++;
>  }
> 

I can not believe how many times you tried to send RPS patches.

I do not see how this condition triggers. This code path is run billions
of time per ms on our hosts and never got a single crash.

Please describe where is the race condition you want to fix.

Your test is racy by definition.





--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ