From: Will Deacon <will.deacon@arm.com>
To: Mark Rutland <mark.rutland@arm.com>
Cc: linux-kernel@vger.kernel.org, Ingo Molnar <mingo@redhat.com>,
Peter Zijlstra <peterz@infradead.org>
Subject: Re: [PATCH] perf/ring_buffer: ensure atomicity and order of updates
Date: Wed, 23 May 2018 17:42:34 +0100 [thread overview]
Message-ID: <20180523164234.GJ2983@arm.com> (raw)
In-Reply-To: <20180510130632.34497-1-mark.rutland@arm.com>
On Thu, May 10, 2018 at 02:06:32PM +0100, Mark Rutland wrote:
> Userspace can read/write the user page at any point in time, and in
> perf_output_put_handle() we're very careful to use memory barriers to
> ensure ordering between updates to data and the user page.
>
> We don't use barriers when updating aux_head, where similar ordering
> constraints apply. This could result in userspace seeing stale data, or
> data being overwritten while userspace was still consuming it.
>
> Further, we update data_head and aux_head with plain assignments, which
> the compiler can tear, potentially resulting in userspace seeing
> erroneous values.
>
> We can solve both of these problems by using smp_store_release to update
> data_head and aux_head, so let's do so.
>
> Signed-off-by: Mark Rutland <mark.rutland@arm.com>
> Cc: Ingo Molnar <mingo@redhat.com>
> Cc: Peter Zijlstra <peterz@infradead.org>
> Cc: Will Deacon <will.deacon@arm.com>
> ---
> kernel/events/ring_buffer.c | 13 ++++++-------
> 1 file changed, 6 insertions(+), 7 deletions(-)
>
> diff --git a/kernel/events/ring_buffer.c b/kernel/events/ring_buffer.c
> index 6c6b3c48db71..839b207e4c77 100644
> --- a/kernel/events/ring_buffer.c
> +++ b/kernel/events/ring_buffer.c
> @@ -63,10 +63,10 @@ static void perf_output_put_handle(struct perf_output_handle *handle)
> * kernel user
> *
> * if (LOAD ->data_tail) { LOAD ->data_head
> - * (A) smp_rmb() (C)
> + * (A) smp_rmb() (C)
> * STORE $data LOAD $data
> - * smp_wmb() (B) smp_mb() (D)
> - * STORE ->data_head STORE ->data_tail
> + * smp_mb() (D)
> + * RELEASE ->data_head (B) STORE ->data_tail
> * }
One thing to be aware of here is that the choice of ordering primitive (e.g.
using fences vs acquire/release operations) has the potential to create
ABI with userspace. I don't know of any architectures which currently care,
but if were were to merge a non multi-copy atomic architecture with native
acquire/release instructions, you could see issues if e.g. userspace used
smp_rmb(); READ_ONCE but the kernel used a RELEASE store.
Anyway, that's currently theoretical, but I think it's an argument for
putting these accessors in a uapi header.
Will
prev parent reply other threads:[~2018-05-23 16:42 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-05-10 13:06 [PATCH] perf/ring_buffer: ensure atomicity and order of updates Mark Rutland
2018-05-11 1:19 ` kbuild test robot
2018-05-11 1:19 ` kbuild test robot
2018-05-11 10:59 ` Mark Rutland
2018-05-11 16:22 ` Peter Zijlstra
2018-05-14 11:05 ` Mark Rutland
2018-05-14 11:28 ` Peter Zijlstra
2018-05-14 15:02 ` Peter Zijlstra
2018-05-14 15:20 ` Mark Rutland
2018-05-14 15:24 ` Peter Zijlstra
2018-05-23 16:42 ` Will Deacon [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180523164234.GJ2983@arm.com \
--to=will.deacon@arm.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mark.rutland@arm.com \
--cc=mingo@redhat.com \
--cc=peterz@infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.