lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <e4355e3f-95fb-47b6-b46e-daf0d5e60417@tu-dortmund.de>
Date: Wed, 3 Sep 2025 20:29:38 +0200
From: Simon Schippers <simon.schippers@...dortmund.de>
To: "Michael S. Tsirkin" <mst@...hat.com>
Cc: willemdebruijn.kernel@...il.com, jasowang@...hat.com, eperezma@...hat.com,
        stephen@...workplumber.org, netdev@...r.kernel.org,
        linux-kernel@...r.kernel.org, virtualization@...ts.linux.dev,
        kvm@...r.kernel.org, Tim Gebauer <tim.gebauer@...dortmund.de>
Subject: [PATCH 1/4] ptr_ring_spare: Helper to check if spare capacity of size
 cnt is available

Michael S. Tsirkin wrote:
> On Tue, Sep 02, 2025 at 10:09:54AM +0200, Simon Schippers wrote:
>> The implementation is inspired by ptr_ring_empty.
>>
>> Co-developed-by: Tim Gebauer <tim.gebauer@...dortmund.de>
>> Signed-off-by: Tim Gebauer <tim.gebauer@...dortmund.de>
>> Signed-off-by: Simon Schippers <simon.schippers@...dortmund.de>
>> ---
>>  include/linux/ptr_ring.h | 71 ++++++++++++++++++++++++++++++++++++++++
>>  1 file changed, 71 insertions(+)
>>
>> diff --git a/include/linux/ptr_ring.h b/include/linux/ptr_ring.h
>> index 551329220e4f..6b8cfaecf478 100644
>> --- a/include/linux/ptr_ring.h
>> +++ b/include/linux/ptr_ring.h
>> @@ -243,6 +243,77 @@ static inline bool ptr_ring_empty_bh(struct ptr_ring *r)
>>  	return ret;
>>  }
>>  
>> +/*
>> + * Check if a spare capacity of cnt is available without taking any locks.
> 
> Not sure what "spare" means here. I think you mean
> 
> Check if the ring has enough space to produce a given
> number of entries.
> 
>> + *
>> + * If cnt==0 or cnt > r->size it acts the same as __ptr_ring_empty.
> 
> Logically, cnt = 0 should always be true, cnt > size should always be
> false then?
> 
> Why do you want it to act as __ptr_ring_empty?
> 
> 
>> + *
>> + * The same requirements apply as described for __ptr_ring_empty.
> 
> 
> Which is:
> 
>  * However, if some other CPU consumes ring entries at the same time, the value
>  * returned is not guaranteed to be correct.
> 
> 
> but it's not right here yes? consuming entries will just add more
> space ...
> 
> Also:
>  * In this case - to avoid incorrectly detecting the ring
>  * as empty - the CPU consuming the ring entries is responsible
>  * for either consuming all ring entries until the ring is empty,
>  * or synchronizing with some other CPU and causing it to
>  * re-test __ptr_ring_empty and/or consume the ring enteries
>  * after the synchronization point.
> 
> how would you apply this here?
> 
> 
>> + */
>> +static inline bool __ptr_ring_spare(struct ptr_ring *r, int cnt)
>> +{
>> +	int size = r->size;
>> +	int to_check;
>> +
>> +	if (unlikely(!size || cnt < 0))
>> +		return true;
>> +
>> +	if (cnt > size)
>> +		cnt = 0;
>> +
>> +	to_check = READ_ONCE(r->consumer_head) - cnt;
>> +
>> +	if (to_check < 0)
>> +		to_check += size;
>> +
>> +	return !r->queue[to_check];
>> +}
>> +
> 
> I will have to look at how this is used to understand if it's
> correct. But I think we need better documentation.
> 
> 
>> +static inline bool ptr_ring_spare(struct ptr_ring *r, int cnt)
>> +{
>> +	bool ret;
>> +
>> +	spin_lock(&r->consumer_lock);
>> +	ret = __ptr_ring_spare(r, cnt);
>> +	spin_unlock(&r->consumer_lock);
>> +
>> +	return ret;
> 
> 
> I don't understand why you take the consumer lock here.
> If a producer is running it will make the value wrong,
> if consumer is running it will just create more space.
> 
>

I agree, I messed up the ptr_ring helper.
Your proposed approach is way superior and I will use that one instead.

The idea behind the cnt was to have an option if the producer may produce
multiple entries like tap_handle_frame with GSO. But of course this should
be in a different patch since I will not cover tap_handle_frame, which is
used by ipvtap and macvtap, in this patch series.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ