Received: by 2002:a5b:505:0:0:0:0:0 with SMTP id o5csp7237010ybp; Wed, 16 Oct 2019 05:57:56 -0700 (PDT) X-Google-Smtp-Source: APXvYqzgt7uF9iE6e6gDiB/PD2Nqjz/LZXvnWc2IJE+r0HQ5eAiYfyW0G/C2rpKhaUi2VQkqKV6B X-Received: by 2002:a17:906:f258:: with SMTP id gy24mr40468914ejb.25.1571230676394; Wed, 16 Oct 2019 05:57:56 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1571230676; cv=none; d=google.com; s=arc-20160816; b=k5odnrp+yIGT6k8DIqLvyTRL0JA5FtVbkSoBeW1gnyvGFmeq6ryWtiGbmPdCD9sUP1 GWAFpHZU6f0BoTj9awg52EwkcB2k3S0aAWxitdha9WMsOkfFHghEnMvKwgZUdzRm3W4x L9fMhgyr7HGPIBtlgOeQn4cX+m3es9FmZ10at5Sm2rGjfoH4l5jdtYMQg56psgQs4iSE VAVTYehaCjy+kvnEs5jvP8aBAfslncZqC37DTJjF275GplIvRirIXSN04/6sajraov5/ 5w0KY7JJSutRLc3o2pqdGnQRQqq/el0FC9eRFXETB9XQRdFn5pONSeBfFqdSYX8qvx8L rMFA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date; bh=Uu415mfoGCNCBqsBgRsRD1h+Dni8vndTnySyealvSeA=; b=KdvD3UulSb6Zh2VVRSoVVV5TAEO/lbzlzGI4GIDXctNJCbLY3CkmJbJXHlT5ZZA9fv rjn/NKsDdWxqyCeYAkron3tLqQHKxZK0c+IHKfZVfqg+lN77gfrQ6zG3dITw2/dgOJPz 8w7xmrGNcZwH3HxPr83gxXzscjFN9XByNuHt6g0ImV72n4KF8/XpONiR6aRb1wi4vQjE Hg+X1Geaf6W50FQTWk8Tj+I7Jx5ixBRKCv4ZQsAhNGzj0I3+6DiEm8DgdDAERN2sD9Hy gyxWNcIUlnx1r/Wg2QyT/UociqMD6jxy9Y7Y6zSwGH3rKJTYmm/yTpkfYqszWsO8Vpft dh0Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id ay2si14626234edb.343.2019.10.16.05.57.33; Wed, 16 Oct 2019 05:57:56 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2389009AbfJPIcj (ORCPT + 99 others); Wed, 16 Oct 2019 04:32:39 -0400 Received: from mx2a.mailbox.org ([80.241.60.219]:28169 "EHLO mx2a.mailbox.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729236AbfJPIcj (ORCPT ); Wed, 16 Oct 2019 04:32:39 -0400 Received: from smtp2.mailbox.org (smtp2.mailbox.org [IPv6:2001:67c:2050:105:465:1:2:0]) (using TLSv1.2 with cipher ECDHE-RSA-CHACHA20-POLY1305 (256/256 bits)) (No client certificate requested) by mx2a.mailbox.org (Postfix) with ESMTPS id 5201CA1F82; Wed, 16 Oct 2019 10:32:34 +0200 (CEST) X-Virus-Scanned: amavisd-new at heinlein-support.de Received: from smtp2.mailbox.org ([80.241.60.241]) by spamfilter02.heinlein-hosting.de (spamfilter02.heinlein-hosting.de [80.241.56.116]) (amavisd-new, port 10030) with ESMTP id VpkJpA2e4UPE; Wed, 16 Oct 2019 10:32:29 +0200 (CEST) Date: Wed, 16 Oct 2019 19:32:19 +1100 From: Aleksa Sarai To: Tejun Heo Cc: Li Zefan , Johannes Weiner , cgroups@vger.kernel.org, linux-kernel@vger.kernel.org, stable@vger.kernel.org Subject: Re: [PATCH] cgroup: pids: use {READ,WRITE}_ONCE for pids->limit operations Message-ID: <20191016083218.ttsaqnxpjh5i5bgv@yavin.dot.cyphar.com> References: <20191012010539.6131-1-cyphar@cyphar.com> <20191014154136.GF18794@devbig004.ftw2.facebook.com> <20191014155931.jl7idjebhqxb3ck3@yavin.dot.cyphar.com> <20191014163307.GG18794@devbig004.ftw2.facebook.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="jvbscg62ooyqvvh3" Content-Disposition: inline In-Reply-To: <20191014163307.GG18794@devbig004.ftw2.facebook.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org --jvbscg62ooyqvvh3 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2019-10-14, Tejun Heo wrote: > Hello, Aleksa. >=20 > On Tue, Oct 15, 2019 at 02:59:31AM +1100, Aleksa Sarai wrote: > > On 2019-10-14, Tejun Heo wrote: > > > On Sat, Oct 12, 2019 at 12:05:39PM +1100, Aleksa Sarai wrote: > > > > Because pids->limit can be changed concurrently (but we don't want = to > > > > take a lock because it would be needlessly expensive), use the > > > > appropriate memory barriers. > > >=20 > > > I can't quite tell what problem it's fixing. Can you elaborate a > > > scenario where the current code would break that your patch fixes? > >=20 > > As far as I can tell, not using *_ONCE() here means that if you had a > > process changing pids->limit from A to B, a process might be able to > > temporarily exceed pids->limit -- because pids->limit accesses are not > > protected by mutexes and the C compiler can produce confusing > > intermediate values for pids->limit[1]. > > > > But this is more of a correctness fix than one fixing an actually > > exploitable bug -- given the kernel memory model work, it seems like a > > good idea to just use READ_ONCE() and WRITE_ONCE() for shared memory > > access. >=20 > READ/WRITE_ONCE provides protection against compiler generating > multiple accesses for a single operation. It won't prevent split > writes / reads of 64bit variables on 32bit machines. For that, you'd > have to switch them to atomic64_t's. Maybe I'm misunderstanding Documentation/atomic_t.txt, but it looks to me like it's explicitly saying that I shouldn't use atomic64_t if I'm just using it for fetching and assignment. > The non-RMW ops are (typically) regular LOADs and STOREs and are > canonically implemented using READ_ONCE(), WRITE_ONCE(), > smp_load_acquire() and smp_store_release() respectively. Therefore, if > you find yourself only using the Non-RMW operations of atomic_t, you > do not in fact need atomic_t at all and are doing it wrong. As for 64-bit on 32-bit machines -- that is a separate issue, but from [1] it seems to me like there are more problems that *_ONCE() fixes than just split reads and writes. [1]: https://lwn.net/Articles/793253/ --=20 Aleksa Sarai Senior Software Engineer (Containers) SUSE Linux GmbH --jvbscg62ooyqvvh3 Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iHUEABYIAB0WIQSxZm6dtfE8gxLLfYqdlLljIbnQEgUCXabVjwAKCRCdlLljIbnQ Eo+bAP4twCdIzc/3irINS1h8+SDHb5Id/IYDo/ool67sAVKdmAD/ddb+01/LuSQE N1Ie5O8BQm/MY6wpbxlAT69EyW1n8QY= =rCSZ -----END PGP SIGNATURE----- --jvbscg62ooyqvvh3--