| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 6 Mar 2024 19:58:50 -0800
From: "Paul E. McKenney" <paulmck@...nel.org>
To: linke li <lilinke99@...com>
Cc: Joel Fernandes <joel@...lfernandes.org>,
Davidlohr Bueso <dave@...olabs.net>,
Josh Triplett <josh@...htriplett.org>,
Frederic Weisbecker <frederic@...nel.org>,
Neeraj Upadhyay <quic_neeraju@...cinc.com>,
Boqun Feng <boqun.feng@...il.com>,
Steven Rostedt <rostedt@...dmis.org>,
Mathieu Desnoyers <mathieu.desnoyers@...icios.com>,
Lai Jiangshan <jiangshanlai@...il.com>,
Zqiang <qiang.zhang1211@...il.com>, linux-kernel@...r.kernel.org,
rcu@...r.kernel.org
Subject: Re: [PATCH v2] rcutorture: Reuse value read using READ_ONCE instead
of re-reading it
On Wed, Mar 06, 2024 at 10:05:20AM +0800, linke li wrote:
> rp->rtort_pipe_count is modified concurrently by rcu_torture_writer(). To
> prevent a data race, reuse i which is read using READ_ONCE before instead
> of re-reading it.
>
> Signed-off-by: linke li <lilinke99@...com>
> Reviewed-by: Joel Fernandes (Google) <joel@...lfernandes.org>
> ---
Thank you both!
This topic got quite a bit of discussion [1], with the result that I
took your patch, but edited your commit log. Could you please take a
look below and let me know if I messed anything up?
Thanx, Paul
[1] https://lore.kernel.org/all/20240306103719.1d241b93@gandalf.local.home/
------------------------------------------------------------------------
commit e3038bbf5d746fd4c72975b792abbb63fa3f3421
Author: linke li <lilinke99@...com>
Date: Wed Mar 6 19:51:10 2024 -0800
rcutorture: Re-use value stored to ->rtort_pipe_count instead of re-reading
Currently, the rcu_torture_pipe_update_one() writes the value (i + 1)
to rp->rtort_pipe_count, then immediately re-reads it in order to compare
it to RCU_TORTURE_PIPE_LEN. This re-read is pointless because no other
update to rp->rtort_pipe_count can occur at this point. This commit
therefore instead re-uses the (i + 1) value stored in the comparison
instead of re-reading rp->rtort_pipe_count.
Signed-off-by: linke li <lilinke99@...com>
Reviewed-by: Joel Fernandes (Google) <joel@...lfernandes.org>
Signed-off-by: Paul E. McKenney <paulmck@...nel.org>
Cc: Linus Torvalds <torvalds@...ux-foundation.org>
diff --git a/kernel/rcu/rcutorture.c b/kernel/rcu/rcutorture.c
index 0cb5452ecd945..dd7d5ba457409 100644
--- a/kernel/rcu/rcutorture.c
+++ b/kernel/rcu/rcutorture.c
@@ -467,7 +467,7 @@ rcu_torture_pipe_update_one(struct rcu_torture *rp)
atomic_inc(&rcu_torture_wcount[i]);
WRITE_ONCE(rp->rtort_pipe_count, i + 1);
ASSERT_EXCLUSIVE_WRITER(rp->rtort_pipe_count);
- if (rp->rtort_pipe_count >= RCU_TORTURE_PIPE_LEN) {
+ if (i + 1 >= RCU_TORTURE_PIPE_LEN) {
rp->rtort_mbtest = 0;
return true;
}
Powered by blists - more mailing lists