On Fri, Aug 28, 2020 at 06:13:41PM +0900, Masami Hiramatsu wrote:
> On Fri, 28 Aug 2020 10:48:51 +0200
> peterz@xxxxxxxxxxxxx wrote:
>
> > On Thu, Aug 27, 2020 at 06:12:44PM +0200, Peter Zijlstra wrote:
> > > struct kretprobe_instance {
> > > union {
> > > + /*
> > > + * Dodgy as heck, this relies on not clobbering freelist::refs.
> > > + * llist: only clobbers freelist::next.
> > > + * rcu: clobbers both, but only after rp::freelist is gone.
> > > + */
> > > + struct freelist_node freelist;
> > > struct llist_node llist;
> > > - struct hlist_node hlist;
> > > struct rcu_head rcu;
> > > };
> >
> > Masami, make sure to make this something like:
> >
> > union {
> > struct freelist_node freelist;
> > struct rcu_head rcu;
> > };
> > struct llist_node llist;
> >
> > for v4, because after some sleep I'm fairly sure what I wrote above was
> > broken.
> >
> > We'll only use RCU once the freelist is gone, so sharing that storage
> > should still be okay.
>
> Hmm, would you mean there is a chance that an instance belongs to
> both freelist and llist?
So the freelist->refs thing is supposed to pin freelist->next for
concurrent usage, but if we instantly stick it on the
current->kretprobe_instances llist while it's still elevated, we'll
overwrite ->next, which would be bad.
