| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <b3c3cff5-5d47-7a32-9def-9f42640c9211@suse.cz>
Date: Wed, 7 Dec 2016 10:29:44 +0100
From: Vlastimil Babka <vbabka@...e.cz>
To: Michal Hocko <mhocko@...nel.org>
Cc: Xishi Qiu <qiuxishi@...wei.com>,
Andrew Morton <akpm@...ux-foundation.org>,
Mel Gorman <mgorman@...hsingularity.net>,
Yaowei Bai <baiyaowei@...s.chinamobile.com>,
Christian Borntraeger <borntraeger@...ibm.com>,
Linux MM <linux-mm@...ck.org>,
LKML <linux-kernel@...r.kernel.org>,
Yisheng Xie <xieyisheng1@...wei.com>
Subject: Re: [RFC PATCH v3] mm: use READ_ONCE in page_cpupid_xchg_last()
On 12/07/2016 09:58 AM, Michal Hocko wrote:
> On Wed 07-12-16 09:48:52, Vlastimil Babka wrote:
>> On 12/07/2016 09:43 AM, Michal Hocko wrote:
>>> On Tue 06-12-16 09:53:14, Xishi Qiu wrote:
>>>> A compiler could re-read "old_flags" from the memory location after reading
>>>> and calculation "flags" and passes a newer value into the cmpxchg making
>>>> the comparison succeed while it should actually fail.
>>>>
>>>> Signed-off-by: Xishi Qiu <qiuxishi@...wei.com>
>>>> Suggested-by: Christian Borntraeger <borntraeger@...ibm.com>
>>>> ---
>>>> mm/mmzone.c | 2 +-
>>>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>>>
>>>> diff --git a/mm/mmzone.c b/mm/mmzone.c
>>>> index 5652be8..e0b698e 100644
>>>> --- a/mm/mmzone.c
>>>> +++ b/mm/mmzone.c
>>>> @@ -102,7 +102,7 @@ int page_cpupid_xchg_last(struct page *page, int cpupid)
>>>> int last_cpupid;
>>>>
>>>> do {
>>>> - old_flags = flags = page->flags;
>>>> + old_flags = flags = READ_ONCE(page->flags);
>>>> last_cpupid = page_cpupid_last(page);
>>>
>>> what prevents compiler from doing?
>>> old_flags = READ_ONCE(page->flags);
>>> flags = READ_ONCE(page->flags);
>>
>> AFAIK, READ_ONCE tells the compiler that page->flags is volatile. It
>> can't read from volatile location more times than being told?
>
> But those are two different variables which we assign to so what
> prevents the compiler from applying READ_ONCE on each of them
> separately?
I would naively expect that it's assigned to flags first, and then from
flags to old_flags. But I don't know exactly the C standard evaluation
rules that apply here.
> Anyway, this could be addressed easily by
Yes, that way there should be no doubt.
> diff --git a/mm/mmzone.c b/mm/mmzone.c
> index 5652be858e5e..b4e093dd24c1 100644
> --- a/mm/mmzone.c
> +++ b/mm/mmzone.c
> @@ -102,10 +102,10 @@ int page_cpupid_xchg_last(struct page *page, int cpupid)
> int last_cpupid;
>
> do {
> - old_flags = flags = page->flags;
> + old_flags = READ_ONCE(page->flags);
> last_cpupid = page_cpupid_last(page);
>
> - flags &= ~(LAST_CPUPID_MASK << LAST_CPUPID_PGSHIFT);
> + flags = old_flags & ~(LAST_CPUPID_MASK << LAST_CPUPID_PGSHIFT);
> flags |= (cpupid & LAST_CPUPID_MASK) << LAST_CPUPID_PGSHIFT;
> } while (unlikely(cmpxchg(&page->flags, old_flags, flags) != old_flags));
>
>
>>> Or this doesn't matter?
>>
>> I think it would matter.
>>
>>>>
>>>> flags &= ~(LAST_CPUPID_MASK << LAST_CPUPID_PGSHIFT);
>>>> --
>>>> 1.8.3.1
>>>>
>>>
>
Powered by blists - more mailing lists