Re: safety of *mutex_unlock() (Was: [BUG] signal: sighand unprotected when accessed by /proc)
From: Peter Zijlstra
Date: Tue Jun 10 2014 - 04:37:47 EST
On Mon, Jun 09, 2014 at 09:26:13AM -0700, Paul E. McKenney wrote:
> That would indeed be a bad thing, as it could potentially lead to
> use-after-free bugs. Though one could argue that any code that resulted
> in use-after-free would be quite aggressive. But still...
Let me hijack this thread for yet another issue... So I had an RCU
related use-after-free the other day, and while Sasha was able to
trigger it quite easily, I had a multi-day struggle to reproduce.
Once I figured out what the exact problem was it was also clear to me
why it was so hard for me to reproduce.
So normally its easier to trigger races on bigger machines, more cpus,
more concurrency, more races, all good.
_However_ with RCU the grace period machinery is slower the bigger the
machine, so bigger machine, slower grace period, slower RCU free, less
likely to hit use-after-free.
So I was thinking, and I know you all will go kick me for this because
the very last thing we need is what I'm about to propose: more RCU
flavours :-).
How about an rcu_read_unlock() reference counted RCU variant that's
ultra aggressive in doing the callbacks in order to better trigger such
issues?
Attachment:
pgpZlZcFm3TyG.pgp
Description: PGP signature