Received: by 10.223.185.116 with SMTP id b49csp752926wrg; Tue, 20 Feb 2018 07:20:22 -0800 (PST) X-Google-Smtp-Source: AH8x2248/Gv8sPMZ5+5xBEJbGlEcVZ0i2PAMcQx3/LKG9c4Ev7xJrWUtJ/lnt5fPzuEX2TmHyo4g X-Received: by 10.99.140.70 with SMTP id q6mr15057587pgn.51.1519140022291; Tue, 20 Feb 2018 07:20:22 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1519140022; cv=none; d=google.com; s=arc-20160816; b=f+6/rfRFI9EOMOi0AFCrDjTOaDY4A4E6SfvZPQh6jJr736dusDzslSGkaS1OAgk76U jwG8UeKJl0olqVX2lgN4ip7tJ+m4u746IkPkC/XjohmUtoBv/SlQgo9QCHbWkQGJQqMD w7Vp10dKBnijj+sTSLHJPFxlwaBDCmoW6Ci2Lz4BkB9zxbiZEnta127n0LJ5u/XnCLP4 JXdz6DXIBfnwl17DaOJdCdme1aREYNpTzyaqxGvg7PR5PkH87H8KIHdAUxFuHBZ96RYR qc10f1JM0jJz89kldf4m24gd0jwnKXBVFzx1iYUYUSukXfdkXZk2BLJD7hAoaIgsHGxq yocA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature:arc-authentication-results; bh=v1lbXnemylnWTnwpK/uGOsMAZpiGHXjWisu4HdfV3kY=; b=DIHKgYXnLswB8iDVtMVmHpIPy4u+eHfCneW9CcUiOekUlp/hFUfgz7uaFjqt5XKbAM qyec+aIznkL4V8oaqVoJrNWJYsDvvJoj7+76Td/wMlqj5Ma70ALm1rnp6U3kuI3H7ESw vvADln7pLNAC1cBCwNPCEnqxYxDizDByInxuUWPTKDTNZzdgeANG9tDAG+Asrj+4Jnn+ dwDO9qrRriZ1HIM7PD9wn1VPd7P96Qsx1SLWwfonkXYJsOgL1sC1f9kr0hJfvpINiPLz KrI3ynX1YggMekW46U1GHGT5LszNUU78yTm4TZc5gPmUfA3uuYTNgwIN+OhTzZ2EbN5W Rmkw== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@infradead.org header.s=bombadil.20170209 header.b=auM36oBt; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id v10si4830074pge.759.2018.02.20.07.20.07; Tue, 20 Feb 2018 07:20:22 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@infradead.org header.s=bombadil.20170209 header.b=auM36oBt; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752584AbeBTPTB (ORCPT + 99 others); Tue, 20 Feb 2018 10:19:01 -0500 Received: from bombadil.infradead.org ([198.137.202.133]:41726 "EHLO bombadil.infradead.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752184AbeBTPS6 (ORCPT ); Tue, 20 Feb 2018 10:18:58 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=bombadil.20170209; h=In-Reply-To:Content-Type:MIME-Version :References:Message-ID:Subject:Cc:To:From:Date:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=v1lbXnemylnWTnwpK/uGOsMAZpiGHXjWisu4HdfV3kY=; b=auM36oBtQPvZLsSFYFVDDzM88 uhwt1jVAcl+1j42XIfIOlbLDXc0b22144J5CxTrnO6fLogwz+yRR6u0lIM4hBTqvWLl1Sp9uP1Cnc Tdq/jLm8ttMVFSDGwBpdJKmrj1tGxX/KQfPrDJow3r8933DkY70GkV+bYQbHPpBsDzgAvqdvHihsj 4IzmeB7gDxI/XDIC54P638nVX7YbDPi8DVrtXq1T67rzZbVhSTT1EXDg66JRmoW2oOC+wJdLMxuEV Ec32XQmnj6tx6Cw0g3H2k0vrdl2w9Tnvw/PEnvL1wGpmrY9O1AJYuM02f5cBJb/NPF+8XDrK4gnaX gAcbtIOkw==; Received: from j217100.upc-j.chello.nl ([24.132.217.100] helo=hirez.programming.kicks-ass.net) by bombadil.infradead.org with esmtpsa (Exim 4.89 #1 (Red Hat Linux)) id 1eo9gx-0005eO-PW; Tue, 20 Feb 2018 15:18:52 +0000 Received: by hirez.programming.kicks-ass.net (Postfix, from userid 1000) id D2D2620274D65; Tue, 20 Feb 2018 16:18:49 +0100 (CET) Date: Tue, 20 Feb 2018 16:18:49 +0100 From: Peter Zijlstra To: Paul Moore Cc: Greg Kroah-Hartman , linux-kernel@vger.kernel.org, stable@vger.kernel.org, Dmitry Vyukov , linux-audit@redhat.com Subject: Re: [PATCH 4.10 070/111] audit: fix auditd/kernel connection state tracking Message-ID: <20180220151849.GG25201@hirez.programming.kicks-ass.net> References: <20170328122915.640228468@linuxfoundation.org> <20170328122918.597715642@linuxfoundation.org> <20180220123757.GE25314@hirez.programming.kicks-ass.net> <20180220140640.GE25201@hirez.programming.kicks-ass.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.9.2 (2017-12-15) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Feb 20, 2018 at 09:51:08AM -0500, Paul Moore wrote: > On Tue, Feb 20, 2018 at 9:06 AM, Peter Zijlstra wrote: > > It's not at all clear to me what that code does, I just stumbled upon > > __mutex_owner() outside of the mutex code itself and went WTF. > > If you don't want people to use __mutex_owner() outside of the mutex > code I might suggest adding a rather serious comment at the top of the > function, because right now I don't see anything suggesting that > function shouldn't be used. Yes, there is the double underscore > prefix, but that can mean a few different things these days. Find below. > > The comment (aside from having the most horribly style) ... > > Yeah, your dog is ugly too. Notice how neither comment is constructive? I'm sure you've seen this one: https://lkml.org/lkml/2016/7/8/625 It's all about reading code; inconsistent and unbalanced styles are just _really_ hard on the brain. > > ... is wrong too, because it claims it will not block when we hold that lock, while, > > afaict, it will in fact do just that. > > A mutex blocks when it is held, but the audit_log_start() function > should not block for the task that currently holds the > audit_cmd_mutex; that is what the comment is meant to convey. I > believe the comment makes sense, but I did write it so I'll concede > that I'm probably the not best judge. If anyone would like to offer a > different wording I'm happy to consider it. The comment uses 'sleep' which is typically used to mean anything that schedules, but then it does the schedule_timeout() thing. > > Maybe if you could explain how that code is supposed to work and why it > > doesn't know if it holds a lock I could make a suggestion... > > I just spent a few minutes looking back over the bits available in > include/linux/mutex.h and I'm not seeing anything beyond > __mutex_owner() which would allow us to determine the mutex owning > task. It's probably easiest for us to just track ownership ourselves. > I'll put together a patch later today. Note that up until recently the mutex implementation didn't even have a consistent owner field. And the thing is, it's very easy to use wrong, only today I've seen a patch do: "__mutex_owner() == task", where task was allowed to be !current, which is just wrong. Looking through kernel/audit.c I'm not even sure I see how you would end up in audit_log_start() with audit_cmd_mutex held. Can you give me a few code paths that trigger this? Simple git-grep is failing me. --- Subject: mutex: Add comment to __mutex_owner() From: Peter Zijlstra Date: Tue Feb 20 16:01:36 CET 2018 Attempt to deter usage, this is not a public interface. It is entirely possibly to implement a conformant mutex without having this owner field (in fact, we used to have that). Signed-off-by: Peter Zijlstra (Intel) --- --- a/include/linux/mutex.h +++ b/include/linux/mutex.h @@ -66,6 +66,11 @@ struct mutex { #endif }; +/* + * Internal helper function; C doesn't allow us to hide it :/ + * + * DO NOT USE (outside of mutex code). + */ static inline struct task_struct *__mutex_owner(struct mutex *lock) { return (struct task_struct *)(atomic_long_read(&lock->owner) & ~0x07);