Received: by 2002:a05:6358:9144:b0:117:f937:c515 with SMTP id r4csp1569864rwr;
        Fri, 5 May 2023 16:47:26 -0700 (PDT)
X-Google-Smtp-Source: ACHHUZ6SmXrMWgE1tBRWYhdNNXUSM3nrGBKos/RnXeq/LYeBQK966er08L7XmLNj0x9WMucQ8szL
X-Received: by 2002:a05:6a20:7347:b0:d6:7264:f44e with SMTP id v7-20020a056a20734700b000d67264f44emr4147578pzc.3.1683330446432;
        Fri, 05 May 2023 16:47:26 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1683330446; cv=none;
        d=google.com; s=arc-20160816;
        b=gbjnnjMyR/bpzIlsuirPaN5zP9E+OGG7ZkxcVXjkC2ZTnnMvTnUwb1EzHCoUoNRrVh
         o69fKWgJzaIt3Bes8O7UL5MIyYhe39YW0tqicnMFqEXkrNYzvTrVipuIwOa7NU7Y4Mm1
         +8ZpOonU39vlEzP7ui2hI5OZIuOobQh5wDf1ERoRRc9wMM56x7BWFC1eO0+m6LgXtaHf
         Leg15cYHCPRAPfmSll6tz7xLS1IS8aHOpxuFuN2fd4zDhVY97m+tFM1gJrmgktprbsZ7
         +ct85DgojxpQI+GhuW+3i6zv2vLn+O6rL8gMqc5M8BJysZl3+0l0fgw/ZWkEUM7Rg6/s
         HStw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:mime-version:message-id:date:references
         :in-reply-to:subject:cc:to:dkim-signature:dkim-signature:from;
        bh=BamJrSPKBUHXKJJzbzgKWvqXbwAVlB1h73t9LyzGtMs=;
        b=TZRoMkLZfkRRonxbAoRbVN3WX1lZLtRokzqT9sJ2ZGF0A+1vITSjs4yCpSGzKhYc3R
         5b+WWGU6EDAlckD5WhRNoqYhZH74rEVjLlbAashPtjqQ8VMsixNc6ePGhqRIdsyBQc/X
         bgJEA0H8wp2qRNKBSxd642bhtStms/lDlmj5lDgnJTh87Bjhqa0+qrdjayhhiO4pqIRn
         PK6hfue3UgOxD2TF5dW8zyuK5jKMt16u63YpNz9WeU7wDmTCCnYHTlRAgt3HUGdn0kV9
         /c6WV15mR7JfHYVyj8zusJUSfcWXbv0ZRQWmlZu++sa4UUcVfcKTzF8t0Dl56/Mq7AOP
         K78A==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linutronix.de header.s=2020 header.b=ZIc7dZB0;
       dkim=neutral (no key) header.i=@linutronix.de header.s=2020e header.b=qkAmRvTI;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id z19-20020aa79493000000b005e1cabb612fsi3056182pfk.67.2023.05.05.16.47.13;
        Fri, 05 May 2023 16:47:26 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linutronix.de header.s=2020 header.b=ZIc7dZB0;
       dkim=neutral (no key) header.i=@linutronix.de header.s=2020e header.b=qkAmRvTI;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S229967AbjEEXg1 (ORCPT <rfc822;stevenley.huang@gmail.com>
        + 99 others); Fri, 5 May 2023 19:36:27 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42010 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S229879AbjEEXg0 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 5 May 2023 19:36:26 -0400
Received: from galois.linutronix.de (Galois.linutronix.de [193.142.43.55])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1105C4EE0
        for <linux-kernel@vger.kernel.org>; Fri,  5 May 2023 16:36:25 -0700 (PDT)
From:   Thomas Gleixner <tglx@linutronix.de>
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de;
        s=2020; t=1683329783;
        h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
         to:to:cc:cc:mime-version:mime-version:content-type:content-type:
         in-reply-to:in-reply-to:references:references;
        bh=BamJrSPKBUHXKJJzbzgKWvqXbwAVlB1h73t9LyzGtMs=;
        b=ZIc7dZB0g6TBZVfo/PxTghYveNOAIMntT6q5CAe7llT4h/2kgMTP+suqdm4QZ/XmwWKe0y
        T5jvkpEss4wqVy+yAR/bcaMuzfJjnhBtc7D6OinQVOKc5p2eX+Jmn4D3cKxTQDmFoxbxaF
        Oguj8Rn3k4iNvdlQyWPHwzWvuDh+Yjf151gFszGIbxJ3VRYO67KJrQKdF9fC1gVbX+8kft
        uJAa95JZ85uAwukPsolaDks3R1PbFtgNvLUhTaQGLYtT4kzLsxx6FycVf+r2hWXl+quXYX
        2OpHYNKm90zsLBGcLYBe3x/2cd7GqsoW8RnhgcYfxxRwxn/kwCHu2AUY0XTY1g==
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de;
        s=2020e; t=1683329783;
        h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
         to:to:cc:cc:mime-version:mime-version:content-type:content-type:
         in-reply-to:in-reply-to:references:references;
        bh=BamJrSPKBUHXKJJzbzgKWvqXbwAVlB1h73t9LyzGtMs=;
        b=qkAmRvTIHd6q1u8j2V0mczvuK4bV7tRo+9wv8X30xn1MQs7E77BHwe+BNoXYyRNRFAa/US
        LzEETW/XYGZMqaCQ==
To:     Frederic Weisbecker <frederic@kernel.org>
Cc:     LKML <linux-kernel@vger.kernel.org>,
        Anna-Maria Behnsen <anna-maria@linutronix.de>,
        Peter Zijlstra <peterz@infradead.org>,
        syzbot+5c54bd3eb218bb595aa9@syzkaller.appspotmail.com,
        Dmitry Vyukov <dvyukov@google.com>,
        Sebastian Siewior <bigeasy@linutronix.de>,
        Michael Kerrisk <mtk.manpages@gmail.com>
Subject: Re: [patch 02/20] posix-timers: Ensure timer ID search-loop limit
 is valid
In-Reply-To: <87zg6i2xn3.ffs@tglx>
References: <20230425181827.219128101@linutronix.de>
 <20230425183312.932345089@linutronix.de> <ZFUXrCZtWyNG3Esi@lothringen>
 <87zg6i2xn3.ffs@tglx>
Date:   Sat, 06 May 2023 01:36:22 +0200
Message-ID: <87v8h62vwp.ffs@tglx>
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIM_SIGNED,
        DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE,
        SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no
        version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Sat, May 06 2023 at 00:58, Thomas Gleixner wrote:
> On Fri, May 05 2023 at 16:50, Frederic Weisbecker wrote:
> So the whole thing works like this:
>
>    start = READ_LOCKLESS(sig->next_id);
>
>    // Enfore that id and start are different to not terminate right away
>    id = ~start;
>
> loop:
>    if (id == start)
>    	goto fail;
>    lock()
>         id = sig->next_id;                      <-- stable readout
>         sig->next_id = (id + 1) & INT_MAX;      <-- prevent going negative
>
>         if (unused_id(id)) {
>            add_timer_to_hash(timer, id);
>            unlock();
>            return id;
>         }
>    id++;
>    unlock();
>    goto loop;
>
> As the initial lockless readout is guaranteed to be in the positive
> space, how is that supposed to be looping forever?

Unless you think about the theoretical case of an unlimited number of
threads sharing the signal_struct which all concurrently try to allocate
a timer id and then releasing it immediately again (to avoid resource
limit exhaustion). Theoretically possible, but is this a real concern
with a timer ID space of 2G?

I'm sure that it's incredibly hard to exploit this, but what's really
bothering me is the hash table itself. The only reason why we have that
is CRIU.

The only alternative solution I could come up with is a paritioned
xarray where the index space would be segmented for each TGID, i.e.

       segment.start = TGID * MAX_TIMERS_PER_PROCESS
       segment.end    = segment.start + MAX_TIMERS_PER_PROCESS - 1

where MAX_TIMERS_PER_PROCESS could be a copius 2^16 which would work for
both 32bit and 64bit TID limits.

That would avoid the hash table lookups and the related issues, but OTH
it would require to allocate one extra page per TGID if the application
uses a single posix timer.

Not sure whether that's worth it though.

Thanks,

        tglx