From: Davidlohr Bueso <dave@stgolabs.net>
To: Waiman Long <longman@redhat.com>
Cc: Alexander Viro <viro@zeniv.linux.org.uk>,
Jan Kara <jack@suse.com>, Jeff Layton <jlayton@poochiereds.net>,
"J. Bruce Fields" <bfields@fieldses.org>,
Tejun Heo <tj@kernel.org>,
Christoph Lameter <cl@linux-foundation.org>,
linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org,
Ingo Molnar <mingo@redhat.com>,
Peter Zijlstra <peterz@infradead.org>,
Andi Kleen <andi@firstfloor.org>,
Dave Chinner <dchinner@redhat.com>,
Boqun Feng <boqun.feng@gmail.com>
Subject: Re: [PATCH v7 10/10] lib/dlock-list: Fix use-after-unlock problem in dlist_for_each_entry_safe()
Date: Mon, 30 Oct 2017 07:11:48 -0700 [thread overview]
Message-ID: <20171030141147.leqcsaxebwiq6dq6@linux-n805> (raw)
In-Reply-To: <1509135053-19214-1-git-send-email-longman@redhat.com>
On Fri, 27 Oct 2017, Waiman Long wrote:
>The dlist_for_each_entry_safe() macro in include/linux/dlock-list has
>a use-after-unlock problem where racing condition can happen because
>of a lack of spinlock protection. Fortunately, this macro is not
>currently being used in the kernel.
>
>This patch changes the dlist_for_each_entry_safe() macro so that the
>call to __dlock_list_next_list() is deferred until the next entry is
>being used. That should eliminate the use-after-unlock problem.
>
>Reported-by: Boqun Feng <boqun.feng@gmail.com>
>Signed-off-by: Waiman Long <longman@redhat.com>
Reviewed-by: Davidlohr Bueso <dbueso@suse.de>
But would it not be better to merge this patch (among others) into 1/N?
Specifically the newer patches 7-10 should be in the original dlock
implementation instead of adding fixes to incorrect code in the original
commit. Also less of a pita for backporting.
Thanks,
Davidlohr
>---
> include/linux/dlock-list.h | 28 +++++++++++++++++-----------
> 1 file changed, 17 insertions(+), 11 deletions(-)
>
>diff --git a/include/linux/dlock-list.h b/include/linux/dlock-list.h
>index 02c5f4d..f4b7657 100644
>--- a/include/linux/dlock-list.h
>+++ b/include/linux/dlock-list.h
>@@ -191,17 +191,17 @@ extern void dlock_list_add(struct dlock_list_node *node,
> }
>
> /**
>- * dlock_list_first_entry - get the first element from a list
>+ * dlock_list_next_list_entry - get first element from next list in iterator
> * @iter : The dlock list iterator.
>- * @type : The type of the struct this is embedded in.
>+ * @pos : A variable of the struct that is embedded in.
> * @member: The name of the dlock_list_node within the struct.
>- * Return : Pointer to the next entry or NULL if all the entries are iterated.
>+ * Return : Pointer to first entry or NULL if all the lists are iterated.
> */
>-#define dlock_list_first_entry(iter, type, member) \
>+#define dlock_list_next_list_entry(iter, pos, member) \
> ({ \
> struct dlock_list_node *_n; \
> _n = __dlock_list_next_entry(NULL, iter); \
>- _n ? list_entry(_n, type, member) : NULL; \
>+ _n ? list_entry(_n, typeof(*pos), member) : NULL; \
> })
>
> /**
>@@ -231,7 +231,7 @@ extern void dlock_list_add(struct dlock_list_node *node,
> * This iteration function is designed to be used in a while loop.
> */
> #define dlist_for_each_entry(pos, iter, member) \
>- for (pos = dlock_list_first_entry(iter, typeof(*(pos)), member);\
>+ for (pos = dlock_list_next_list_entry(iter, pos, member); \
> pos != NULL; \
> pos = dlock_list_next_entry(pos, iter, member))
>
>@@ -245,14 +245,20 @@ extern void dlock_list_add(struct dlock_list_node *node,
> * This iteration macro is safe with respect to list entry removal.
> * However, it cannot correctly iterate newly added entries right after the
> * current one.
>+ *
>+ * The call to __dlock_list_next_list() is deferred until the next entry
>+ * is being iterated to avoid use-after-unlock problem.
> */
> #define dlist_for_each_entry_safe(pos, n, iter, member) \
>- for (pos = dlock_list_first_entry(iter, typeof(*(pos)), member);\
>+ for (pos = NULL; \
> ({ \
>- bool _b = (pos != NULL); \
>- if (_b) \
>- n = dlock_list_next_entry(pos, iter, member); \
>- _b; \
>+ if (!pos || \
>+ (&(pos)->member.list == &(iter)->entry->list)) \
>+ pos = dlock_list_next_list_entry(iter, pos, \
>+ member); \
>+ if (pos) \
>+ n = list_next_entry(pos, member.list); \
>+ pos; \
> }); \
> pos = n)
>
>--
>1.8.3.1
>
next prev parent reply other threads:[~2017-10-30 14:12 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-10-05 18:43 [PATCH v7 0/6] vfs: Use dlock list for SB's s_inodes list Waiman Long
2017-10-05 18:43 ` [PATCH v7 1/6] lib/dlock-list: Distributed and lock-protected lists Waiman Long
2017-10-10 5:35 ` Boqun Feng
2017-10-13 21:10 ` Waiman Long
2017-10-18 8:55 ` Boqun Feng
2017-10-05 18:43 ` [PATCH v7 2/6] vfs: Remove unnecessary list_for_each_entry_safe() variants Waiman Long
2017-10-05 18:43 ` [PATCH v7 3/6] vfs: Use dlock list for superblock's inode list Waiman Long
2017-10-05 18:43 ` [PATCH v7 4/6] lib/dlock-list: Make sibling CPUs share the same linked list Waiman Long
2017-10-09 15:40 ` Jan Kara
2017-10-09 16:14 ` Waiman Long
2017-10-05 18:43 ` [PATCH v7 5/6] lib/dlock-list: Enable faster lookup with hashing Waiman Long
2017-10-09 13:08 ` Davidlohr Bueso
2017-10-09 14:16 ` Waiman Long
2017-10-09 16:03 ` Davidlohr Bueso
2017-10-09 16:11 ` Waiman Long
2017-10-05 18:43 ` [PATCH v7 6/6] lib/dlock-list: Add an IRQ-safe mode to be used in interrupt handler Waiman Long
2017-10-13 15:45 ` [PATCH v7 7/6] fs/epoll: scale nested callbacks Davidlohr Bueso
2017-10-16 19:30 ` Jason Baron
2017-10-17 15:53 ` Davidlohr Bueso
2017-10-18 14:06 ` Jason Baron
2017-10-18 15:44 ` Davidlohr Bueso
2017-10-17 19:36 ` [PATCH v7 8/9] lib/dlock-list: Export symbols and add warnings Waiman Long
2017-10-17 19:36 ` [PATCH v7 9/9] lib/dlock-list: Unique lock class key for each allocation call site Waiman Long
2017-10-26 18:28 ` [PATCH v7 0/6] vfs: Use dlock list for SB's s_inodes list Waiman Long
2017-10-27 0:58 ` Boqun Feng
2017-10-27 20:19 ` Waiman Long
2017-10-27 20:10 ` [PATCH v7 10/10] lib/dlock-list: Fix use-after-unlock problem in dlist_for_each_entry_safe() Waiman Long
2017-10-30 9:06 ` Jan Kara
2017-10-30 14:06 ` Boqun Feng
2017-10-30 14:11 ` Davidlohr Bueso [this message]
2017-10-30 14:15 ` Waiman Long
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20171030141147.leqcsaxebwiq6dq6@linux-n805 \
--to=dave@stgolabs.net \
--cc=andi@firstfloor.org \
--cc=bfields@fieldses.org \
--cc=boqun.feng@gmail.com \
--cc=cl@linux-foundation.org \
--cc=dchinner@redhat.com \
--cc=jack@suse.com \
--cc=jlayton@poochiereds.net \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=longman@redhat.com \
--cc=mingo@redhat.com \
--cc=peterz@infradead.org \
--cc=tj@kernel.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.