From: Mike Galbraith <efault@gmx.de>
To: Kees Cook <keescook@chromium.org>,
"David S. Miller" <davem@davemloft.net>,
Peter Zijlstra <peterz@infradead.org>
Cc: LKML <linux-kernel@vger.kernel.org>, Ingo Molnar <mingo@elte.hu>,
"Reshetova, Elena" <elena.reshetova@intel.com>,
Network Development <netdev@vger.kernel.org>
Subject: Re: tip -ENOBOOT - bisected to locking/refcounts, x86/asm: Implement fast refcount overflow protection
Date: Thu, 31 Aug 2017 06:38:18 +0200 [thread overview]
Message-ID: <1504154298.23109.23.camel@gmx.de> (raw)
In-Reply-To: <CAGXu5jKYPp5D+YxtqrJXsi48UUbjfeREngsys-dU1eP4RnnL+w@mail.gmail.com>
On Wed, 2017-08-30 at 21:10 -0700, Kees Cook wrote:
> On Wed, Aug 30, 2017 at 9:01 PM, Kees Cook <keescook@chromium.org> wrote:
> > On Wed, Aug 30, 2017 at 8:12 PM, Mike Galbraith <efault@gmx.de> wrote:
> >> On Wed, 2017-08-30 at 19:27 -0700, Kees Cook wrote:
> >>
> >>> Interesting! Can you try with 633547973ffc3 ("net: convert
> >>> sk_buff.users from atomic_t to refcount_t") reverted? I'll see if
> >>> running haveged will help me trigger this on my system...
> >>
> >> With that (plus 230cd1279d001 fix to it) reverted, vbox boots.
> >
> > Wonderful! Thank you so much for helping track this down.
> >
> > So, it seems that sk_buff.users will need some more special attention
> > before we can convert it to refcount.
> >
> > x86-refcount will saturate with refcount_dec_and_test() if the result
> > is negative. But that would mean at least starting at 0. FULL should
> > have WARNed in this case, so I remain slightly confused why it was
> > missed by FULL.
>
> Actually, if this is a race condition it's possible that FULL is slow
> enough to miss it...
>
> I bet something briefly takes the refcount negative, and with
> unchecked atomics, it come back up positive again during the race.
> FULL may miss the race, and x86-refcount will catch it and saturate...
Hm, I'll go have a stare.. not that that's likely to turn anything up,
memory ordering stares usually inducing a zombie like state.
-Mike
next prev parent reply other threads:[~2017-08-31 4:39 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-08-29 8:50 tip -ENOBOOT - bisected to locking/refcounts, x86/asm: Implement fast refcount overflow protection Mike Galbraith
2017-08-29 8:58 ` Ingo Molnar
2017-08-29 9:21 ` Mike Galbraith
2017-08-29 9:27 ` Ingo Molnar
2017-08-29 10:03 ` Mike Galbraith
2017-08-29 15:39 ` Kees Cook
2017-08-29 16:34 ` Mike Galbraith
2017-08-29 15:58 ` Kees Cook
2017-08-29 16:55 ` Mike Galbraith
2017-08-29 18:10 ` Mike Galbraith
2017-08-29 18:41 ` Kees Cook
2017-08-30 5:02 ` Mike Galbraith
2017-08-30 16:35 ` Kees Cook
2017-08-30 17:13 ` Mike Galbraith
2017-08-30 17:32 ` Kees Cook
2017-08-30 17:55 ` Mike Galbraith
2017-08-30 19:19 ` Kees Cook
2017-08-30 19:46 ` Kees Cook
2017-08-31 2:09 ` Mike Galbraith
2017-08-31 2:27 ` Kees Cook
2017-08-31 3:12 ` Mike Galbraith
2017-08-31 4:01 ` Kees Cook
2017-08-31 4:10 ` Kees Cook
2017-08-31 4:38 ` Mike Galbraith [this message]
2017-08-31 13:58 ` Mike Galbraith
2017-08-31 17:00 ` Kees Cook
2017-08-31 17:19 ` Mike Galbraith
2017-08-31 18:45 ` Kees Cook
2017-09-01 6:57 ` Mike Galbraith
2017-09-01 13:09 ` Mike Galbraith
2017-09-01 17:12 ` Kees Cook
2017-09-01 17:52 ` Mike Galbraith
2017-09-01 18:58 ` Kees Cook
2017-09-01 19:24 ` Mike Galbraith
2017-09-01 19:40 ` Kees Cook
2017-08-31 19:28 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1504154298.23109.23.camel@gmx.de \
--to=efault@gmx.de \
--cc=davem@davemloft.net \
--cc=elena.reshetova@intel.com \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@elte.hu \
--cc=netdev@vger.kernel.org \
--cc=peterz@infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.