From: Stefano Brivio <sbrivio@redhat.com>
To: Nicolai Stange <nstange@suse.de>
Cc: "David S. Miller" <davem@davemloft.net>,
Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>,
Hideaki YOSHIFUJI <yoshfuji@linux-ipv6.org>,
Mohamed Ghannam <simo.ghannam@gmail.com>,
Michal Kubecek <mkubecek@suse.cz>,
Miroslav Benes <mbenes@suse.cz>,
netdev@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH v2] net: ipv4: emulate READ_ONCE() on ->hdrincl bit-field in raw_sendmsg()
Date: Mon, 8 Jan 2018 16:11:40 +0100 [thread overview]
Message-ID: <20180108161140.796eb4cf@elisabeth> (raw)
In-Reply-To: <20180108145444.19457-1-nstange@suse.de>
On Mon, 8 Jan 2018 15:54:44 +0100
Nicolai Stange <nstange@suse.de> wrote:
> Commit 8f659a03a0ba ("net: ipv4: fix for a race condition in
> raw_sendmsg") fixed the issue of possibly inconsistent ->hdrincl handling
> due to concurrent updates by reading this bit-field member into a local
> variable and using the thus stabilized value in subsequent tests.
>
> However, aforementioned commit also adds the (correct) comment that
>
> /* hdrincl should be READ_ONCE(inet->hdrincl)
> * but READ_ONCE() doesn't work with bit fields
> */
>
> because as it stands, the compiler is free to shortcut or even eliminate
> the local variable at its will.
>
> Note that I have not seen anything like this happening in reality and thus,
> the concern is a theoretical one.
>
> However, in order to be on the safe side, emulate a READ_ONCE() on the
> bit-field by doing it on the local 'hdrincl' variable itself:
>
> int hdrincl = inet->hdrincl;
> hdrincl = READ_ONCE(hdrincl);
>
> This breaks the chain in the sense that the compiler is not allowed
> to replace subsequent reads from hdrincl with reloads from inet->hdrincl.
>
> Fixes: 8f659a03a0ba ("net: ipv4: fix for a race condition in raw_sendmsg")
> Signed-off-by: Nicolai Stange <nstange@suse.de>
Reviewed-by: Stefano Brivio <sbrivio@redhat.com>
--
Stefano
next prev parent reply other threads:[~2018-01-08 15:11 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-01-02 16:30 [PATCH] net: ipv4: emulate READ_ONCE() on ->hdrincl bit-field in raw_sendmsg() Nicolai Stange
2018-01-02 21:12 ` Stefano Brivio
2018-01-03 9:28 ` Nicolai Stange
2018-01-03 10:37 ` Stefano Brivio
2018-01-08 14:54 ` [PATCH v2] " Nicolai Stange
2018-01-08 15:11 ` Stefano Brivio [this message]
2018-01-09 16:59 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180108161140.796eb4cf@elisabeth \
--to=sbrivio@redhat.com \
--cc=davem@davemloft.net \
--cc=kuznet@ms2.inr.ac.ru \
--cc=linux-kernel@vger.kernel.org \
--cc=mbenes@suse.cz \
--cc=mkubecek@suse.cz \
--cc=netdev@vger.kernel.org \
--cc=nstange@suse.de \
--cc=simo.ghannam@gmail.com \
--cc=yoshfuji@linux-ipv6.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.