From: Oleg Nesterov <oleg@redhat.com>
To: Andi Kleen <andi@firstfloor.org>
Cc: Andrew Morton <akpm@linux-foundation.org>,
Linus Torvalds <torvalds@linux-foundation.org>,
Lucas De Marchi <lucas.de.marchi@gmail.com>,
Benjamin Herrenschmidt <benh@kernel.crashing.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
Paul Mackerras <paulus@samba.org>,
david@gibson.dropbear.id.au, Kees Cook <keescook@chromium.org>,
Serge Hallyn <serge.hallyn@canonical.com>,
"Rafael J. Wysocki" <rjw@sisk.pl>,
Feng Hong <hongfeng@marvell.com>,
Lucas De Marchi <lucas.demarchi@profusion.mobi>
Subject: Re: [PATCH 0/2] finx argv_split() vs sysctl race
Date: Sun, 17 Mar 2013 15:15:55 +0100 [thread overview]
Message-ID: <20130317141555.GA25236@redhat.com> (raw)
In-Reply-To: <20130316215440.GV11268@two.firstfloor.org>
On 03/16, Andi Kleen wrote:
>
> On Sat, Mar 16, 2013 at 10:23:51PM +0100, Oleg Nesterov wrote:
> > >
> > > rcu strings has a helper function to copy the string for sleepy cases.
> >
> > Then you need to pre-allocate, take rcu_read_lock(), copy, and check
> > that it actually fits the pre-allocated buffer. Not sure why the simple
> > rwsem is worse.
>
> The reason I did it originally like that was that some of the sysctls weren't
> as "slow path" as power off.
OK, in this case rwsem is not fine, I agree.
> > > > To me 1/2 looks as a simplification anyway, but I won't argue if we
> > > > decide to add rcu/locking and avoid this patch.
> > >
> > > Ok I'll revisit.
> >
> > OK, but do you agree with 1/2?
>
> It doesn't solve the race alone because when the 0 byte can move it's
> not safe to run kstrndup() in parallel.
I don't think this is possible... To simplify, lets consider
poweroff_cmd[POWEROFF_CMD_PATH_LEN]. proc_dostring() or whatever can
never overwrite the last byte == 0, otherwise it will exceed this array
later to write the final zero.
But this doesn't matter,
> Ok given the n and that it
> force terminates it could only lead to some junk at the end.
Yes, kstrndup(max) is always safe even if the memory is not null
terminated.
> But it seems like a useful small optimization, although I don't know
> if it's used in any non slow paths.
Ah, I didn't mean the patch makes sense because of optimization. My
point was, we can fix the race without making this code worse (in fact
it tries to make the code better but this is subjective).
"fix the race" only means "make it safe" of course, a string in between
is unlikely useful.
> I assume you audited all callers that they comprehend that they need
> to free differently now.
Yes, /bin/grep shows that all callers use argv_free().
Oleg.
next prev parent reply other threads:[~2013-03-17 14:18 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-03-12 3:25 Regression with orderly_poweroff() Benjamin Herrenschmidt
2013-03-12 14:46 ` Linus Torvalds
2013-03-12 17:46 ` Oleg Nesterov
2013-03-12 17:54 ` Lucas De Marchi
2013-03-12 18:22 ` Oleg Nesterov
2013-03-12 18:42 ` Linus Torvalds
2013-03-12 19:11 ` Oleg Nesterov
2013-03-12 19:20 ` Linus Torvalds
2013-03-12 20:35 ` Oleg Nesterov
2013-03-13 17:46 ` [PATCH 0/1] poweroff: change orderly_poweroff() to use schedule_work() Oleg Nesterov
2013-03-13 17:47 ` [PATCH 1/1] " Oleg Nesterov
2013-03-14 22:28 ` Andrew Morton
2013-03-15 16:39 ` Oleg Nesterov
2013-03-16 20:23 ` [PATCH 0/2] finx argv_split() vs sysctl race Oleg Nesterov
2013-03-16 20:23 ` [PATCH 1/2] teach argv_split() to handle the mutable strings Oleg Nesterov
2013-03-18 16:03 ` [PATCH v2 " Oleg Nesterov
2013-03-18 21:53 ` [PATCH " Andrew Morton
2013-03-19 19:54 ` [PATCH -mm] argv_split-teach-it-to-handle-mutable-strings-fix-2 Oleg Nesterov
2013-03-16 20:24 ` [PATCH 2/2] set_task_comm: kill the pointless memset() + wmb() Oleg Nesterov
2013-03-16 20:32 ` [PATCH 0/2] finx argv_split() vs sysctl race Andi Kleen
2013-03-16 20:45 ` Oleg Nesterov
2013-03-16 20:56 ` Andi Kleen
2013-03-16 21:23 ` Oleg Nesterov
2013-03-16 21:54 ` Andi Kleen
2013-03-17 14:15 ` Oleg Nesterov [this message]
2013-03-18 16:03 ` Oleg Nesterov
2013-03-13 23:35 ` [PATCH 0/1] poweroff: change orderly_poweroff() to use schedule_work() Lucas De Marchi
2013-03-12 20:13 ` Regression with orderly_poweroff() Andi Kleen
2013-03-12 19:28 ` Benjamin Herrenschmidt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130317141555.GA25236@redhat.com \
--to=oleg@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=andi@firstfloor.org \
--cc=benh@kernel.crashing.org \
--cc=david@gibson.dropbear.id.au \
--cc=hongfeng@marvell.com \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=lucas.de.marchi@gmail.com \
--cc=lucas.demarchi@profusion.mobi \
--cc=paulus@samba.org \
--cc=rjw@sisk.pl \
--cc=serge.hallyn@canonical.com \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox