[kernel-hardening] Re: initcall dependency problem (ns vs. threads)

public inbox for kernel-hardening@lists.openwall.com
 help / color / mirror / Atom feed

From: Andrew Morton <akpm@linux-foundation.org>
To: Vasiliy Kulikov <segoon@openwall.com>
Cc: Ingo Molnar <mingo@elte.hu>,
	kernel-hardening@lists.openwall.com,
	"Paul E. McKenney" <paul.mckenney@linaro.org>,
	Manuel Lauss <manuel.lauss@googlemail.com>,
	linux-kernel@vger.kernel.org, Richard Weinberger <richard@nod.at>,
	torvalds@linux-foundation.org, Marc Zyngier <maz@misterjones.org>
Subject: [kernel-hardening] Re: initcall dependency problem (ns vs. threads)
Date: Mon, 1 Aug 2011 11:20:21 -0700	[thread overview]
Message-ID: <20110801112021.25ec9041.akpm@linux-foundation.org> (raw)
In-Reply-To: <20110801180151.GA26686@albatros>

On Mon, 1 Aug 2011 22:01:51 +0400 Vasiliy Kulikov <segoon@openwall.com> wrote:

> Hi,
> 
> There were reported problems with recent shm changes, by Manuel
> Lauss (on MIPS), Richard Weinberger (on UML), and Marc Zyngier (on ARM).
> 
> https://lkml.org/lkml/2011/8/1/149
> https://lkml.org/lkml/2011/8/1/162
> https://lkml.org/lkml/2011/8/1/210
> 
> The problem became visible on this patch:
> 
>     commit 5774ed014f02120db9a6945a1ecebeb97c2acccb
>     Author: Vasiliy Kulikov <segoon@openwall.com>
>     Date:   Fri Jul 29 03:55:31 2011 +0400
> 
>         shm: handle separate PID namespaces case
> 
> It started to use &shm_ids(ns).rw_mutex, which is not initialized yet.
> Init IPC namespace is initialized as initcall() and some threads are
> created as early_initcall().
> 
> I threat it is a dependency bug in the core kernel - kernel threads
> should be able to use any namespace information, but currently there is
> a race between namespace initialization code (which is initcall) and
> kernel threads (which are early_initcall).
> 
> I don't feel enough experienced in init code dependencies, so I report
> it to you.
> 
>     static int __init kernel_init(void * unused)
>     {
>         ...
>         do_pre_smp_initcalls(); << threads start here
>         ...
>         do_basic_setup();
> 
> 
>     static void __init do_basic_setup(void)
>     {
>         cpuset_init_smp();
>         usermodehelper_init();
>         init_tmpfs();
>         driver_init();
>         init_irq_proc();
>         do_ctors();
>         do_initcalls(); << namespace init here
>     }

There's not really enough detail here for me to suggest a fix without
actually doing some work.  Which ipc initialization function is being
called to late?  Which thread is using which data structures before
which initialization function has been run?

Are we talking about init_ipc_ns.ids[] here?  If so, did you try
initializing the three rwsems at compile-time?

That's rather a nasty hack though.  It'd be better to run the mystery
init function before starting the threads.

next prev parent reply	other threads:[~2011-08-01 18:20 UTC|newest]

Thread overview: 28+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2011-08-01 18:01 [kernel-hardening] initcall dependency problem (ns vs. threads) Vasiliy Kulikov
2011-08-01 18:20 ` Andrew Morton [this message]
2011-08-01 18:34   ` [kernel-hardening] " Vasiliy Kulikov
2011-08-01 19:03   ` Vasiliy Kulikov
2011-08-01 19:07     ` Andrew Morton
2011-08-01 19:22       ` Vasiliy Kulikov
2011-08-02  0:01     ` Linus Torvalds
2011-08-02 12:45       ` [kernel-hardening] [PATCH] shm: fix a race between shm_exit() and shm_init() Vasiliy Kulikov
2011-08-02 12:51         ` [kernel-hardening] " Manuel Lauss
2011-08-02 13:23         ` Richard Weinberger
2011-08-02 13:29         ` Marc Zyngier
2011-08-02 20:33         ` Andrew Morton
2011-08-02 20:55         ` Andrew Morton
2011-08-03  5:30           ` Manuel Lauss
2011-08-03  8:05           ` Marc Zyngier
2011-08-03  8:19             ` Linus Torvalds
2011-08-03 10:04               ` Manuel Lauss
2011-08-03 10:30               ` Marc Zyngier
2011-08-04  0:35                 ` Linus Torvalds
2011-08-04  0:50                   ` Andrew Morton
2011-08-04  1:01                     ` Linus Torvalds
2011-08-04  1:15                       ` Kay Sievers
2011-08-04  8:26                   ` Marc Zyngier
2011-08-03  7:43         ` Linus Torvalds
2011-08-03  7:50           ` Manuel Lauss
2011-08-03  8:00             ` Manuel Lauss
2011-08-03 19:33           ` Andrew Morton
2011-08-03 19:52             ` Vasiliy Kulikov

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20110801112021.25ec9041.akpm@linux-foundation.org \
    --to=akpm@linux-foundation.org \
    --cc=kernel-hardening@lists.openwall.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=manuel.lauss@googlemail.com \
    --cc=maz@misterjones.org \
    --cc=mingo@elte.hu \
    --cc=paul.mckenney@linaro.org \
    --cc=richard@nod.at \
    --cc=segoon@openwall.com \
    --cc=torvalds@linux-foundation.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox