| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 16 Feb 2015 16:47:12 +0000
From: David Vrabel <dvrabel@...tab.net>
To: Raghavendra K T <raghavendra.kt@...ux.vnet.ibm.com>,
tglx@...utronix.de, mingo@...hat.com, hpa@...or.com,
peterz@...radead.org, torvalds@...ux-foundation.org,
konrad.wilk@...cle.com, pbonzini@...hat.com
CC: waiman.long@...com, jeremy@...p.org, ak@...ux.intel.com,
a.ryabinin@...sung.com, kvm@...r.kernel.org,
borntraeger@...ibm.com, jasowang@...hat.com, x86@...nel.org,
oleg@...hat.com, linux-kernel@...r.kernel.org,
paul.gortmaker@...driver.com, dave@...olabs.net,
xen-devel@...ts.xenproject.org, davej@...hat.com,
akpm@...ux-foundation.org, paulmck@...ux.vnet.ibm.com,
virtualization@...ts.linux-foundation.org, sasha.levin@...cle.com
Subject: Re: [Xen-devel] [PATCH V5] x86 spinlock: Fix memory corruption on
completing completions
On 15/02/15 17:30, Raghavendra K T wrote:
> --- a/arch/x86/xen/spinlock.c
> +++ b/arch/x86/xen/spinlock.c
> @@ -41,7 +41,7 @@ static u8 zero_stats;
> static inline void check_zero(void)
> {
> u8 ret;
> - u8 old = ACCESS_ONCE(zero_stats);
> + u8 old = READ_ONCE(zero_stats);
> if (unlikely(old)) {
> ret = cmpxchg(&zero_stats, old, 0);
> /* This ensures only one fellow resets the stat */
> @@ -112,6 +112,7 @@ __visible void xen_lock_spinning(struct arch_spinlock *lock, __ticket_t want)
> struct xen_lock_waiting *w = this_cpu_ptr(&lock_waiting);
> int cpu = smp_processor_id();
> u64 start;
> + __ticket_t head;
> unsigned long flags;
>
> /* If kicker interrupts not initialized yet, just spin */
> @@ -159,11 +160,15 @@ __visible void xen_lock_spinning(struct arch_spinlock *lock, __ticket_t want)
> */
> __ticket_enter_slowpath(lock);
>
> + /* make sure enter_slowpath, which is atomic does not cross the read */
> + smp_mb__after_atomic();
> +
> /*
> * check again make sure it didn't become free while
> * we weren't looking
> */
> - if (ACCESS_ONCE(lock->tickets.head) == want) {
> + head = READ_ONCE(lock->tickets.head);
> + if (__tickets_equal(head, want)) {
> add_stats(TAKEN_SLOW_PICKUP, 1);
> goto out;
> }
> @@ -204,8 +209,8 @@ static void xen_unlock_kick(struct arch_spinlock *lock, __ticket_t next)
> const struct xen_lock_waiting *w = &per_cpu(lock_waiting, cpu);
>
> /* Make sure we read lock before want */
> - if (ACCESS_ONCE(w->lock) == lock &&
> - ACCESS_ONCE(w->want) == next) {
> + if (READ_ONCE(w->lock) == lock &&
> + READ_ONCE(w->want) == next) {
> add_stats(RELEASED_SLOW_KICKED, 1);
> xen_send_IPI_one(cpu, XEN_SPIN_UNLOCK_VECTOR);
> break;
Acked-by: David Vrabel <david.vrabel@...rix.com>
Although some of the ACCESS_ONCE to READ_ONCE changes are cosmetic and
are perhaps best left out of a patch destined for stable.
David
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists