| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 25 Oct 2021 09:50:48 +0200 (CEST)
From: Christoph Lameter <cl@...two.de>
To: Yuanzheng Song <songyuanzheng@...wei.com>
cc: dennis@...nel.org, tj@...nel.org, akpm@...ux-foundation.org,
linux-mm@...ck.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH -next] mm/percpu: fix data-race with
pcpu_nr_empty_pop_pages
On Mon, 25 Oct 2021, Yuanzheng Song wrote:
> When reading the pcpu_nr_empty_pop_pages in pcpu_alloc()
> and writing the pcpu_nr_empty_pop_pages in
> pcpu_update_empty_pages() at the same time,
> the data-race occurs.
Looks like a use case for the atomic RMV instructions.
> To fix this issue, use READ_ONCE() and WRITE_ONCE() to
> read and write the pcpu_nr_empty_pop_pages.
Never thought that READ_ONCE and WRITE_ONCE can fix races like
this. Really?
> diff --git a/mm/percpu.c b/mm/percpu.c
> index 293009cc03ef..e8ef92e698ab 100644
> --- a/mm/percpu.c
> +++ b/mm/percpu.c
> @@ -574,7 +574,9 @@ static void pcpu_isolate_chunk(struct pcpu_chunk *chunk)
>
> if (!chunk->isolated) {
> chunk->isolated = true;
> - pcpu_nr_empty_pop_pages -= chunk->nr_empty_pop_pages;
> + WRITE_ONCE(pcpu_nr_empty_pop_pages,
> + READ_ONCE(pcpu_nr_empty_pop_pages) -
> + chunk->nr_empty_pop_pages);
atomic_sub()?
> }
> list_move(&chunk->list, &pcpu_chunk_lists[pcpu_to_depopulate_slot]);
> }
> @@ -585,7 +587,9 @@ static void pcpu_reintegrate_chunk(struct pcpu_chunk *chunk)
>
> if (chunk->isolated) {
> chunk->isolated = false;
> - pcpu_nr_empty_pop_pages += chunk->nr_empty_pop_pages;
> + WRITE_ONCE(pcpu_nr_empty_pop_pages,
> + READ_ONCE(pcpu_nr_empty_pop_pages) +
> + chunk->nr_empty_pop_pages);
atomic_add()?
Powered by blists - more mailing lists