Received: by 2002:a05:6358:9144:b0:117:f937:c515 with SMTP id r4csp1569864rwr; Fri, 5 May 2023 16:47:26 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ6SmXrMWgE1tBRWYhdNNXUSM3nrGBKos/RnXeq/LYeBQK966er08L7XmLNj0x9WMucQ8szL X-Received: by 2002:a05:6a20:7347:b0:d6:7264:f44e with SMTP id v7-20020a056a20734700b000d67264f44emr4147578pzc.3.1683330446432; Fri, 05 May 2023 16:47:26 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1683330446; cv=none; d=google.com; s=arc-20160816; b=gbjnnjMyR/bpzIlsuirPaN5zP9E+OGG7ZkxcVXjkC2ZTnnMvTnUwb1EzHCoUoNRrVh o69fKWgJzaIt3Bes8O7UL5MIyYhe39YW0tqicnMFqEXkrNYzvTrVipuIwOa7NU7Y4Mm1 +8ZpOonU39vlEzP7ui2hI5OZIuOobQh5wDf1ERoRRc9wMM56x7BWFC1eO0+m6LgXtaHf Leg15cYHCPRAPfmSll6tz7xLS1IS8aHOpxuFuN2fd4zDhVY97m+tFM1gJrmgktprbsZ7 +ct85DgojxpQI+GhuW+3i6zv2vLn+O6rL8gMqc5M8BJysZl3+0l0fgw/ZWkEUM7Rg6/s HStw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:message-id:date:references :in-reply-to:subject:cc:to:dkim-signature:dkim-signature:from; bh=BamJrSPKBUHXKJJzbzgKWvqXbwAVlB1h73t9LyzGtMs=; b=TZRoMkLZfkRRonxbAoRbVN3WX1lZLtRokzqT9sJ2ZGF0A+1vITSjs4yCpSGzKhYc3R 5b+WWGU6EDAlckD5WhRNoqYhZH74rEVjLlbAashPtjqQ8VMsixNc6ePGhqRIdsyBQc/X bgJEA0H8wp2qRNKBSxd642bhtStms/lDlmj5lDgnJTh87Bjhqa0+qrdjayhhiO4pqIRn PK6hfue3UgOxD2TF5dW8zyuK5jKMt16u63YpNz9WeU7wDmTCCnYHTlRAgt3HUGdn0kV9 /c6WV15mR7JfHYVyj8zusJUSfcWXbv0ZRQWmlZu++sa4UUcVfcKTzF8t0Dl56/Mq7AOP K78A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linutronix.de header.s=2020 header.b=ZIc7dZB0; dkim=neutral (no key) header.i=@linutronix.de header.s=2020e header.b=qkAmRvTI; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id z19-20020aa79493000000b005e1cabb612fsi3056182pfk.67.2023.05.05.16.47.13; Fri, 05 May 2023 16:47:26 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linutronix.de header.s=2020 header.b=ZIc7dZB0; dkim=neutral (no key) header.i=@linutronix.de header.s=2020e header.b=qkAmRvTI; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229967AbjEEXg1 (ORCPT + 99 others); Fri, 5 May 2023 19:36:27 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42010 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229879AbjEEXg0 (ORCPT ); Fri, 5 May 2023 19:36:26 -0400 Received: from galois.linutronix.de (Galois.linutronix.de [193.142.43.55]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1105C4EE0 for ; Fri, 5 May 2023 16:36:25 -0700 (PDT) From: Thomas Gleixner DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1683329783; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=BamJrSPKBUHXKJJzbzgKWvqXbwAVlB1h73t9LyzGtMs=; b=ZIc7dZB0g6TBZVfo/PxTghYveNOAIMntT6q5CAe7llT4h/2kgMTP+suqdm4QZ/XmwWKe0y T5jvkpEss4wqVy+yAR/bcaMuzfJjnhBtc7D6OinQVOKc5p2eX+Jmn4D3cKxTQDmFoxbxaF Oguj8Rn3k4iNvdlQyWPHwzWvuDh+Yjf151gFszGIbxJ3VRYO67KJrQKdF9fC1gVbX+8kft uJAa95JZ85uAwukPsolaDks3R1PbFtgNvLUhTaQGLYtT4kzLsxx6FycVf+r2hWXl+quXYX 2OpHYNKm90zsLBGcLYBe3x/2cd7GqsoW8RnhgcYfxxRwxn/kwCHu2AUY0XTY1g== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1683329783; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=BamJrSPKBUHXKJJzbzgKWvqXbwAVlB1h73t9LyzGtMs=; b=qkAmRvTIHd6q1u8j2V0mczvuK4bV7tRo+9wv8X30xn1MQs7E77BHwe+BNoXYyRNRFAa/US LzEETW/XYGZMqaCQ== To: Frederic Weisbecker Cc: LKML , Anna-Maria Behnsen , Peter Zijlstra , syzbot+5c54bd3eb218bb595aa9@syzkaller.appspotmail.com, Dmitry Vyukov , Sebastian Siewior , Michael Kerrisk Subject: Re: [patch 02/20] posix-timers: Ensure timer ID search-loop limit is valid In-Reply-To: <87zg6i2xn3.ffs@tglx> References: <20230425181827.219128101@linutronix.de> <20230425183312.932345089@linutronix.de> <87zg6i2xn3.ffs@tglx> Date: Sat, 06 May 2023 01:36:22 +0200 Message-ID: <87v8h62vwp.ffs@tglx> MIME-Version: 1.0 Content-Type: text/plain X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE, SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat, May 06 2023 at 00:58, Thomas Gleixner wrote: > On Fri, May 05 2023 at 16:50, Frederic Weisbecker wrote: > So the whole thing works like this: > > start = READ_LOCKLESS(sig->next_id); > > // Enfore that id and start are different to not terminate right away > id = ~start; > > loop: > if (id == start) > goto fail; > lock() > id = sig->next_id; <-- stable readout > sig->next_id = (id + 1) & INT_MAX; <-- prevent going negative > > if (unused_id(id)) { > add_timer_to_hash(timer, id); > unlock(); > return id; > } > id++; > unlock(); > goto loop; > > As the initial lockless readout is guaranteed to be in the positive > space, how is that supposed to be looping forever? Unless you think about the theoretical case of an unlimited number of threads sharing the signal_struct which all concurrently try to allocate a timer id and then releasing it immediately again (to avoid resource limit exhaustion). Theoretically possible, but is this a real concern with a timer ID space of 2G? I'm sure that it's incredibly hard to exploit this, but what's really bothering me is the hash table itself. The only reason why we have that is CRIU. The only alternative solution I could come up with is a paritioned xarray where the index space would be segmented for each TGID, i.e. segment.start = TGID * MAX_TIMERS_PER_PROCESS segment.end = segment.start + MAX_TIMERS_PER_PROCESS - 1 where MAX_TIMERS_PER_PROCESS could be a copius 2^16 which would work for both 32bit and 64bit TID limits. That would avoid the hash table lookups and the related issues, but OTH it would require to allocate one extra page per TGID if the application uses a single posix timer. Not sure whether that's worth it though. Thanks, tglx