Received: by 2002:a5b:505:0:0:0:0:0 with SMTP id o5csp4758323ybp; Mon, 14 Oct 2019 09:33:38 -0700 (PDT) X-Google-Smtp-Source: APXvYqw+zbv7+AyYqQMHYa5agGAgK72yBDYid/24AqoJ8QqRjUXqKph483kcAOGQm8CnYfAhunwi X-Received: by 2002:a17:906:48d4:: with SMTP id d20mr24766865ejt.246.1571070818784; Mon, 14 Oct 2019 09:33:38 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1571070818; cv=none; d=google.com; s=arc-20160816; b=V5D3Z7WEWRdik9PkvBN3pdhS/Mlo3HPC8iLo/tx2271oKH09u1ATBfOicE6EuiDwEG NFk3jIuvS7N1nlpFv3CfjNqUxFgeuX+LqMEHUUDeGxvCMFNtPunJIZGa/3MyqKlnB+QD eW2kPsvSrczQUmcHrTN1ygE2845UV0KhySpS4sfM6nk6jwQlN6RPYTAQDwCCDvI7OcyY vQ/2J+VyF5qh1TmWuJeoPA9w1ATzr0Yz9b8h5A9SQ3xJ3KShucp7hPozNvzaUMlNoJcZ Y+qgxlcT2GjUbaP6CeXsiaedjqESIR3K0yXqnHLf21aOmyQpsBnpLT0aqiEZMV35svXr ZDYQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date; bh=n7Hb/UdluT13A/MRbKpsiMCs2Fi0BAu2gpTEnqqQYLw=; b=f7ecWZ4qfolj1lnIMDO6eldpVeyjJ/45fm1fSmCbD09Jx5JAIFhNg9pzdbPZ/Y7axV sBMIAjomb381wPfYFCXUj/az4BAikg3rvrX24DLCV4WSMwFHNdDniDKp+L2RrFQnJ5D+ JKbtlWGpXaM0/fZxivN4PlqLJcuSmed+Hub+nyjlivlXebJR6DIWssQ+egqnFB3i5oBq e3yrJGuY05Yqw2h0jk8tXjUWQFvpJWFaiFj0GBQpt8XfLZLRdW6r6I6otPEu3rMV5tvd 7F1NhfTEJPgNUV5zvrprV4RBHsnSEA+oI1usqVwFmwxox33tNYM393zKylIOkCBCSfAN hZ7w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id n4si10600269ejj.132.2019.10.14.09.33.15; Mon, 14 Oct 2019 09:33:38 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732389AbfJNP7u (ORCPT + 99 others); Mon, 14 Oct 2019 11:59:50 -0400 Received: from mx2a.mailbox.org ([80.241.60.219]:58387 "EHLO mx2a.mailbox.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727038AbfJNP7t (ORCPT ); Mon, 14 Oct 2019 11:59:49 -0400 Received: from smtp1.mailbox.org (smtp1.mailbox.org [80.241.60.240]) (using TLSv1.2 with cipher ECDHE-RSA-CHACHA20-POLY1305 (256/256 bits)) (No client certificate requested) by mx2a.mailbox.org (Postfix) with ESMTPS id 42B24A12E1; Mon, 14 Oct 2019 17:59:45 +0200 (CEST) X-Virus-Scanned: amavisd-new at heinlein-support.de Received: from smtp1.mailbox.org ([80.241.60.240]) by hefe.heinlein-support.de (hefe.heinlein-support.de [91.198.250.172]) (amavisd-new, port 10030) with ESMTP id rzhkEBTLWgtf; Mon, 14 Oct 2019 17:59:40 +0200 (CEST) Date: Tue, 15 Oct 2019 02:59:31 +1100 From: Aleksa Sarai To: Tejun Heo Cc: Li Zefan , Johannes Weiner , cgroups@vger.kernel.org, linux-kernel@vger.kernel.org, stable@vger.kernel.org Subject: Re: [PATCH] cgroup: pids: use {READ,WRITE}_ONCE for pids->limit operations Message-ID: <20191014155931.jl7idjebhqxb3ck3@yavin.dot.cyphar.com> References: <20191012010539.6131-1-cyphar@cyphar.com> <20191014154136.GF18794@devbig004.ftw2.facebook.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="x7whfzqvnijraall" Content-Disposition: inline In-Reply-To: <20191014154136.GF18794@devbig004.ftw2.facebook.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org --x7whfzqvnijraall Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2019-10-14, Tejun Heo wrote: > On Sat, Oct 12, 2019 at 12:05:39PM +1100, Aleksa Sarai wrote: > > Because pids->limit can be changed concurrently (but we don't want to > > take a lock because it would be needlessly expensive), use the > > appropriate memory barriers. >=20 > I can't quite tell what problem it's fixing. Can you elaborate a > scenario where the current code would break that your patch fixes? As far as I can tell, not using *_ONCE() here means that if you had a process changing pids->limit from A to B, a process might be able to temporarily exceed pids->limit -- because pids->limit accesses are not protected by mutexes and the C compiler can produce confusing intermediate values for pids->limit[1]. But this is more of a correctness fix than one fixing an actually exploitable bug -- given the kernel memory model work, it seems like a good idea to just use READ_ONCE() and WRITE_ONCE() for shared memory access. [1]: https://github.com/google/ktsan/wiki/READ_ONCE-and-WRITE_ONCE --=20 Aleksa Sarai Senior Software Engineer (Containers) SUSE Linux GmbH --x7whfzqvnijraall Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iHUEABYIAB0WIQSxZm6dtfE8gxLLfYqdlLljIbnQEgUCXaSbYAAKCRCdlLljIbnQ ErlGAPwNNvA0NEl3lea4jocc7jw2pPmGBL5rg/Ogyourf6PDpgD+IJJGCeNm9CFT vQo8yItkhrGR/QEne2SQK5v1XqPseg8= =ZrpX -----END PGP SIGNATURE----- --x7whfzqvnijraall--