| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 10 Dec 2018 09:50:43 +1100
From: NeilBrown <neilb@...e.com>
To: Herbert Xu <herbert@...dor.apana.org.au>
Cc: Thomas Graf <tgraf@...g.ch>, Tom Herbert <tom@...ntonium.net>,
David Miller <davem@...emloft.net>, netdev@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH net-next] rhashtable: further improve stability of rhashtable_walk
On Fri, Dec 07 2018, Herbert Xu wrote:
> On Wed, Dec 05, 2018 at 02:51:02PM +1100, NeilBrown wrote:
>>
>> If the sequence:
>> obj = rhashtable_walk_next(iter);
>> rhashtable_walk_stop(iter);
>> rhashtable_remove_fast(ht, &obj->head, params);
>> rhashtable_walk_start(iter);
>>
>> races with another thread inserting or removing
>> an object on the same hash chain, a subsequent
>> rhashtable_walk_next() is not guaranteed to get the "next"
>> object. It is possible that an object could be
>> repeated, or missed.
>>
>> This can be made more reliable by keeping the objects in a hash chain
>> sorted by memory address. A subsequent rhashtable_walk_next()
>> call can reliably find the correct position in the list, and thus
>> find the 'next' object.
>>
>> It is not possible to take this approach with an rhltable as keeping
>> the hash chain in order is not so easy. When the first object with a
>> given key is removed, it is replaced in the chain with the next
>> object with the same key, and the address of that object may not be
>> correctly ordered.
>> I have not yet found any way to achieve the same stability
>> with rhltables, that doesn't have a major impact on lookup
>> or insert. No code currently in Linux would benefit from
>> such extra stability.
>>
>> With this patch:
>> - a new object is always inserted after the last object with a
>> smaller address, or at the start.
>> - when rhashtable_walk_start() is called, it records that 'p' is not
>> 'safe', meaning that it cannot be dereferenced. The revalidation
>> that was previously done here is moved to rhashtable_walk_next()
>> - when rhashtable_walk_next() is called while p is not NULL and not
>> safe, it walks the chain looking for the first object with an
>> address greater than p and returns that. If there is none, it moves
>> to the next hash chain.
>>
>> Signed-off-by: NeilBrown <neilb@...e.com>
>> ---
>>
>> This is a resend of a patch that I sent back in July. I couldn't
>> applied then because it assumed another rhashtable patch which hadn't
>> landed yet - it now has.
>
> I thought we had agreed to drop this because nobody needs it
> currently and it doesn't handle rhlist?
Hi Herbert,
I think it was agreed that I would not pursue features that were only
of use to out-of-tree code, but I don't think that applies here. This
is not a feature, this is a quality-of-implementation improvement.
There are users in the kernel today which use
rhashtable_walk_stop()/rhashtable_walk_start()
to drop out of RCU protection for periods during the walk.
Any such user might miss seeing an object that has been in the table
for a while - sure that is less than optimal, and should be fixed if
the cost is small.
There are currently no rhlist users which use stop/start to drop out
of RCU, so there is no clear value in fixing that case, or cost in not
fixing it.
Thanks,
NeilBrown
>
> Cheers,
> --
> Email: Herbert Xu <herbert@...dor.apana.org.au>
> Home Page: http://gondor.apana.org.au/~herbert/
> PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Download attachment "signature.asc" of type "application/pgp-signature" (833 bytes)
Powered by blists - more mailing lists