| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 08 Nov 2017 10:15:41 +0000
From: David Howells <dhowells@...hat.com>
To: tglx@...utronix.de
cc: dhowells@...hat.com, torvalds@...ux-foundation.org,
netdev@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Is there a race between __mod_timer() and del_timer()?
Is there a race between the optimisation for networking code in __mod_timer()
and del_timer() - or, at least, a race that matters?
Consider:
CPU A CPU B
=============================== ===============================
[timer X is active]
==>__mod_timer(X)
if (timer_pending(timer))
[Take the true path]
-- IRQ -- ==>del_timer(X)
<==
if (timer->expires == expires)
[Take the true path]
<==return 1
[timer X is not active]
There's no locking to prevent this, but __mod_timer() returns without
restarting the timer. I'm not sure this is a problem exactly, however, since
del_timer() *was* issued, and could've deleted the timer after __mod_timer()
returned.
A couple of possible alleviations:
(1) Recheck timer_pending() before returning from __mod_timer().
(2) Set timer->expires to jiffies in del_timer() - but since there's nothing
preventing the optimisation in __mod_timer() from occurring concurrently
with del_timer(), this probably won't help.
I think it might just be best to put a note in the comments in __mod_timer().
Thoughts?
David
Powered by blists - more mailing lists