From: "Paul E. McKenney" <paulmck@linux.vnet.ibm.com>
To: "H. Peter Anvin" <hpa@zytor.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>,
Mathieu Desnoyers <mathieu.desnoyers@efficios.com>,
linux-kernel@vger.kernel.org
Subject: Re: sequence lock in Linux
Date: Fri, 11 Jun 2010 14:36:02 -0700 [thread overview]
Message-ID: <20100611213602.GI2394@linux.vnet.ibm.com> (raw)
In-Reply-To: <4C12A539.1000709@zytor.com>
On Fri, Jun 11, 2010 at 02:06:01PM -0700, H. Peter Anvin wrote:
> On 06/11/2010 01:36 PM, Paul E. McKenney wrote:
> >
> > The reason that the C standard permits this is to allow for things like
> > 8-bit CPUs, which are simply unable to load or store 32-bit quantities
> > except by doing it chunkwise. But I don't expect the Linux kernel to
> > boot on these, and certainly not on any of the ones that I have used!
> >
> > I most definitely remember seeing a gcc guarantee that loads and stores
> > would be done in one instruction whenever the hardware supported this,
> > but I am not finding it today. :-(
>
> What gcc does not -- and should not -- guarantee is that accessing a
> non-volatile member is done exactly once. As Mathieu pointed out, it
> can choose to drop it due to register pressure and load it again.
>
> What is possibly a much bigger risk -- since this is an inline -- is
> that the value is cached from a previous piece of code, *or* that since
> the structure is const(!) that the second read in the repeat loop is
> elided. Presumably current versions of gcc don't do that across a
> memory clobber, but that doesn't seem entirely out of the question.
Memory barriers in the sequence-lock code prevent this, assuming, as
you point out, that memory clobber works (but if it doesn't, it should
be fixed):
o write_seqlock() and write_tryseqlock() each have an smp_wmb()
following the increment. Ditto for write_seqcount_begin().
o write_sequnlock() has an smp_wmb() preceding the increment,
and ditto for write_seqcount_end(). There are thus two smp_wmb()
calls between the increments in the usual code sequence:
write_seqlock(&l);
do_something();
write_sequnlock();
o read_seqbegin() has an smp_rmb() following its read from
->sequence. Ditto for read_seqcount_begin().
o read_seqretry() has an smp_rmb() preceding its read from
->sequence, and ditto for read_seqcount_retry(). There are thus
two smp_wmb() calls between the reads in the usual code sequence:
do {
s = read_seqbegin(&l);
read_something();
} while read_seqretry(&l, s);
So sequence locks should be pretty safe, at least as far as this
vulnerability is concerned. ;-)
Thanx, Paul
next prev parent reply other threads:[~2010-06-11 21:36 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-06-11 19:40 sequence lock in Linux Mathieu Desnoyers
2010-06-11 20:07 ` Paul E. McKenney
2010-06-11 20:46 ` Mathieu Desnoyers
2010-06-11 20:07 ` Linus Torvalds
2010-06-11 20:36 ` Paul E. McKenney
2010-06-11 21:06 ` H. Peter Anvin
2010-06-11 21:36 ` Paul E. McKenney [this message]
2010-06-11 21:38 ` H. Peter Anvin
2010-06-11 22:04 ` Paul E. McKenney
2010-06-11 22:41 ` H. Peter Anvin
2010-06-11 21:09 ` Mathieu Desnoyers
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20100611213602.GI2394@linux.vnet.ibm.com \
--to=paulmck@linux.vnet.ibm.com \
--cc=hpa@zytor.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mathieu.desnoyers@efficios.com \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.