lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CALOAHbBh4=yxX5c2_TK8-uf14KKg=Vp1NoHAEZGxS2wAxCnZWA@mail.gmail.com>
Date:   Sat, 13 Aug 2022 07:56:54 +0800
From:   Yafang Shao <laoar.shao@...il.com>
To:     Roman Gushchin <roman.gushchin@...ux.dev>
Cc:     Alexei Starovoitov <ast@...nel.org>,
        Daniel Borkmann <daniel@...earbox.net>,
        Andrii Nakryiko <andrii@...nel.org>, Martin Lau <kafai@...com>,
        Song Liu <songliubraving@...com>, Yonghong Song <yhs@...com>,
        john fastabend <john.fastabend@...il.com>,
        KP Singh <kpsingh@...nel.org>,
        Stanislav Fomichev <sdf@...gle.com>,
        Hao Luo <haoluo@...gle.com>, jolsa@...nel.org,
        Johannes Weiner <hannes@...xchg.org>,
        Michal Hocko <mhocko@...nel.org>,
        Shakeel Butt <shakeelb@...gle.com>,
        Muchun Song <songmuchun@...edance.com>,
        Andrew Morton <akpm@...ux-foundation.org>,
        netdev <netdev@...r.kernel.org>, bpf <bpf@...r.kernel.org>,
        Linux MM <linux-mm@...ck.org>
Subject: Re: [PATCH bpf-next 13/15] mm, memcg: Add new helper get_obj_cgroup_from_cgroup

On Sat, Aug 13, 2022 at 1:40 AM Roman Gushchin <roman.gushchin@...ux.dev> wrote:
>
> On Fri, Aug 12, 2022 at 08:35:19AM +0800, Yafang Shao wrote:
> > On Fri, Aug 12, 2022 at 12:16 AM Roman Gushchin
> > <roman.gushchin@...ux.dev> wrote:
> > >
> > > On Wed, Aug 10, 2022 at 03:18:38PM +0000, Yafang Shao wrote:
> > > > Introduce new helper get_obj_cgroup_from_cgroup() to get obj_cgroup from
> > > > a specific cgroup.
> > > >
> > > > Signed-off-by: Yafang Shao <laoar.shao@...il.com>
> > > > ---
> > > >  include/linux/memcontrol.h |  1 +
> > > >  mm/memcontrol.c            | 41 +++++++++++++++++++++++++++++++++++++++++
> > > >  2 files changed, 42 insertions(+)
> > > >
> > > > diff --git a/include/linux/memcontrol.h b/include/linux/memcontrol.h
> > > > index 2f0a611..901a921 100644
> > > > --- a/include/linux/memcontrol.h
> > > > +++ b/include/linux/memcontrol.h
> > > > @@ -1713,6 +1713,7 @@ static inline void set_shrinker_bit(struct mem_cgroup *memcg,
> > > >  int __memcg_kmem_charge_page(struct page *page, gfp_t gfp, int order);
> > > >  void __memcg_kmem_uncharge_page(struct page *page, int order);
> > > >
> > > > +struct obj_cgroup *get_obj_cgroup_from_cgroup(struct cgroup *cgrp);
> > > >  struct obj_cgroup *get_obj_cgroup_from_current(void);
> > > >  struct obj_cgroup *get_obj_cgroup_from_page(struct page *page);
> > > >
> > > > diff --git a/mm/memcontrol.c b/mm/memcontrol.c
> > > > index 618c366..762cffa 100644
> > > > --- a/mm/memcontrol.c
> > > > +++ b/mm/memcontrol.c
> > > > @@ -2908,6 +2908,47 @@ static struct obj_cgroup *__get_obj_cgroup_from_memcg(struct mem_cgroup *memcg)
> > > >       return objcg;
> > > >  }
> > > >
> > > > +static struct obj_cgroup *get_obj_cgroup_from_memcg(struct mem_cgroup *memcg)
> > > > +{
> > > > +     struct obj_cgroup *objcg;
> > > > +
> > > > +     if (memcg_kmem_bypass())
> > > > +             return NULL;
> > > > +
> > > > +     rcu_read_lock();
> > > > +     objcg = __get_obj_cgroup_from_memcg(memcg);
> > > > +     rcu_read_unlock();
> > > > +     return objcg;
> > >
> > > This code doesn't make sense to me. What does rcu read lock protect here?
> >
> > To protect rcu_dereference(memcg->objcg);.
> > Doesn't it need the read rcu lock ?
>
> No, it's not how rcu works. Please, take a look at the docs here:
> https://docs.kernel.org/RCU/whatisRCU.html#whatisrcu .
> In particular, it describes this specific case very well.
>
> In 2 words, you don't protect the rcu_dereference() call, you protect the pointer

I just copied and pasted rcu_dereference(memcg->objcg) there to make it clear.
Actually it protects memcg->objcg, doesn't it ?

> you get, cause it's valid only inside the rcu read section. After rcu_read_unlock()
> it might point at a random data, because the protected object can be already freed.
>

Are you sure?
Can't the obj_cgroup_tryget(objcg) prevent it from being freed ?

-- 
Regards
Yafang

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ