On Fri, 28 Aug 2020 11:18:13 +0200
peterz@xxxxxxxxxxxxx wrote:
> On Fri, Aug 28, 2020 at 06:13:41PM +0900, Masami Hiramatsu wrote:
> > On Fri, 28 Aug 2020 10:48:51 +0200
> > peterz@xxxxxxxxxxxxx wrote:
> >
> > > On Thu, Aug 27, 2020 at 06:12:44PM +0200, Peter Zijlstra wrote:
> > > > struct kretprobe_instance {
> > > > union {
> > > > + /*
> > > > + * Dodgy as heck, this relies on not clobbering freelist::refs.
> > > > + * llist: only clobbers freelist::next.
> > > > + * rcu: clobbers both, but only after rp::freelist is gone.
> > > > + */
> > > > + struct freelist_node freelist;
> > > > struct llist_node llist;
> > > > - struct hlist_node hlist;
> > > > struct rcu_head rcu;
> > > > };
> > >
> > > Masami, make sure to make this something like:
> > >
> > > union {
> > > struct freelist_node freelist;
> > > struct rcu_head rcu;
> > > };
> > > struct llist_node llist;
> > >
> > > for v4, because after some sleep I'm fairly sure what I wrote above was
> > > broken.
> > >
> > > We'll only use RCU once the freelist is gone, so sharing that storage
> > > should still be okay.
> >
> > Hmm, would you mean there is a chance that an instance belongs to
> > both freelist and llist?
>
> So the freelist->refs thing is supposed to pin freelist->next for
> concurrent usage, but if we instantly stick it on the
> current->kretprobe_instances llist while it's still elevated, we'll
> overwrite ->next, which would be bad.
OK, I'll pick these up for my v4 series with that fix.
Thank you,
--
Masami Hiramatsu <mhiramat@xxxxxxxxxx>
