On 2020/3/17 1:26, Linus Torvalds wrote:
On Mon, Mar 16, 2020 at 4:07 AM Jeff Layton <jlayton@xxxxxxxxxx> wrote:
+ÂÂÂÂÂÂ /*
+ÂÂÂÂÂÂÂ * If fl_blocker is NULL, it won't be set again as this thread "owns"
+ÂÂÂÂÂÂÂ * the lock and is the only one that might try to claim the lock.
+ÂÂÂÂÂÂÂ * Because fl_blocker is explicitly set last during a delete, it's
+ÂÂÂÂÂÂÂ * safe to locklessly test to see if it's NULL. If it is, then we know
+ÂÂÂÂÂÂÂ * that no new locks can be inserted into its fl_blocked_requests list,
+ÂÂÂÂÂÂÂ * and we can therefore avoid doing anything further as long as that
+ÂÂÂÂÂÂÂ * list is empty.
+ÂÂÂÂÂÂÂ */
+ÂÂÂÂÂÂ if (!smp_load_acquire(&waiter->fl_blocker) &&
+ÂÂÂÂÂÂÂÂÂÂ list_empty(&waiter->fl_blocked_requests))
+ÂÂÂÂÂÂÂÂÂÂÂÂÂÂ return status;
Ack. This looks sane to me now.
yangerkun - how did you find the original problem?\
While try to fix CVE-2019-19769, add some log in __locks_wake_up_blocks help me to rebuild the problem soon. This help me to discern the problem soon.
Would you mind using whatever stress test that caused commit
6d390e4b5d48 ("locks: fix a potential use-after-free problem when
wakeup a waiter") with this patch? And if you did it analytically,
you're a champ and should look at this patch too!
I will try to understand this patch, and if it's looks good to me, will do the performance test!