From: Eric Biggers <ebiggers@kernel.org>
To: Gao Xiang <hsiangkao@aol.com>
Cc: linux-ext4@vger.kernel.org, linux-fsdevel@vger.kernel.org,
linux-f2fs-devel@lists.sourceforge.net,
Alexander Viro <viro@zeniv.linux.org.uk>,
Daniel Rosenberg <drosen@google.com>,
Gabriel Krisman Bertazi <krisman@collabora.com>
Subject: Re: [PATCH] ext4: fix race conditions in ->d_compare() and ->d_hash()
Date: Fri, 24 Jan 2020 10:12:54 -0800 [thread overview]
Message-ID: <20200124181253.GA41762@gmail.com> (raw)
In-Reply-To: <20200124061525.GA2407@hsiangkao-HP-ZHAN-66-Pro-G1>
On Fri, Jan 24, 2020 at 02:15:31PM +0800, Gao Xiang wrote:
> On Thu, Jan 23, 2020 at 09:42:56PM -0800, Eric Biggers wrote:
> > On Fri, Jan 24, 2020 at 01:34:23PM +0800, Gao Xiang wrote:
> > > On Thu, Jan 23, 2020 at 09:16:01PM -0800, Eric Biggers wrote:
> > >
> > > []
> > >
> > > > So we need READ_ONCE() to ensure that a consistent value is used.
> > >
> > > By the way, my understanding is all pointer could be accessed
> > > atomicly guaranteed by compiler. In my opinion, we generally
> > > use READ_ONCE() on pointers for other uses (such as, avoid
> > > accessing a variable twice due to compiler optimization and
> > > it will break some logic potentially or need some data
> > > dependency barrier...)
> > >
> > > Thanks,
> > > Gao Xiang
> >
> > But that *is* why we need READ_ONCE() here. Without it, there's no guarantee
> > that the compiler doesn't load the variable twice. Please read:
> > https://github.com/google/ktsan/wiki/READ_ONCE-and-WRITE_ONCE
>
> After scanning the patch, it seems the parent variable (dentry->d_parent)
> only referenced once as below:
>
> - struct inode *inode = dentry->d_parent->d_inode;
> + const struct dentry *parent = READ_ONCE(dentry->d_parent);
> + const struct inode *inode = READ_ONCE(parent->d_inode);
>
> So I think it is enough as
>
> const struct inode *inode = READ_ONCE(dentry->d_parent->d_inode);
>
> to access parent inode once to avoid parent inode being accessed
> for more time (and all pointers dereference should be in atomic
> by compilers) as one reason on
>
> if (!inode || !IS_CASEFOLDED(inode) || ...
>
> or etc.
>
> Thanks for your web reference, I will look into it. I think there
> is no worry about dentry->d_parent here because of this only one
> dereference on dentry->d_parent.
>
> You could ignore my words anyway, just my little thought though.
> Other part of the patch is ok.
>
While that does make it really unlikely to cause a real-world problem, it's
still undefined behavior to not properly annotate a data race, it would make the
code harder to understand as there would be no indication that there's a data
race, and it would confuse tools that try to automatically detect data races.
So let's keep the READ_ONCE() on d_parent.
- Eric
WARNING: multiple messages have this Message-ID (diff)
From: Eric Biggers <ebiggers@kernel.org>
To: Gao Xiang <hsiangkao@aol.com>
Cc: Daniel Rosenberg <drosen@google.com>,
linux-f2fs-devel@lists.sourceforge.net,
Alexander Viro <viro@zeniv.linux.org.uk>,
linux-fsdevel@vger.kernel.org, linux-ext4@vger.kernel.org,
Gabriel Krisman Bertazi <krisman@collabora.com>
Subject: Re: [f2fs-dev] [PATCH] ext4: fix race conditions in ->d_compare() and ->d_hash()
Date: Fri, 24 Jan 2020 10:12:54 -0800 [thread overview]
Message-ID: <20200124181253.GA41762@gmail.com> (raw)
In-Reply-To: <20200124061525.GA2407@hsiangkao-HP-ZHAN-66-Pro-G1>
On Fri, Jan 24, 2020 at 02:15:31PM +0800, Gao Xiang wrote:
> On Thu, Jan 23, 2020 at 09:42:56PM -0800, Eric Biggers wrote:
> > On Fri, Jan 24, 2020 at 01:34:23PM +0800, Gao Xiang wrote:
> > > On Thu, Jan 23, 2020 at 09:16:01PM -0800, Eric Biggers wrote:
> > >
> > > []
> > >
> > > > So we need READ_ONCE() to ensure that a consistent value is used.
> > >
> > > By the way, my understanding is all pointer could be accessed
> > > atomicly guaranteed by compiler. In my opinion, we generally
> > > use READ_ONCE() on pointers for other uses (such as, avoid
> > > accessing a variable twice due to compiler optimization and
> > > it will break some logic potentially or need some data
> > > dependency barrier...)
> > >
> > > Thanks,
> > > Gao Xiang
> >
> > But that *is* why we need READ_ONCE() here. Without it, there's no guarantee
> > that the compiler doesn't load the variable twice. Please read:
> > https://github.com/google/ktsan/wiki/READ_ONCE-and-WRITE_ONCE
>
> After scanning the patch, it seems the parent variable (dentry->d_parent)
> only referenced once as below:
>
> - struct inode *inode = dentry->d_parent->d_inode;
> + const struct dentry *parent = READ_ONCE(dentry->d_parent);
> + const struct inode *inode = READ_ONCE(parent->d_inode);
>
> So I think it is enough as
>
> const struct inode *inode = READ_ONCE(dentry->d_parent->d_inode);
>
> to access parent inode once to avoid parent inode being accessed
> for more time (and all pointers dereference should be in atomic
> by compilers) as one reason on
>
> if (!inode || !IS_CASEFOLDED(inode) || ...
>
> or etc.
>
> Thanks for your web reference, I will look into it. I think there
> is no worry about dentry->d_parent here because of this only one
> dereference on dentry->d_parent.
>
> You could ignore my words anyway, just my little thought though.
> Other part of the patch is ok.
>
While that does make it really unlikely to cause a real-world problem, it's
still undefined behavior to not properly annotate a data race, it would make the
code harder to understand as there would be no indication that there's a data
race, and it would confuse tools that try to automatically detect data races.
So let's keep the READ_ONCE() on d_parent.
- Eric
_______________________________________________
Linux-f2fs-devel mailing list
Linux-f2fs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
next prev parent reply other threads:[~2020-01-24 18:12 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-01-24 4:12 [PATCH] ext4: fix race conditions in ->d_compare() and ->d_hash() Eric Biggers
2020-01-24 4:12 ` [f2fs-dev] " Eric Biggers
2020-01-24 5:04 ` Gao Xiang
2020-01-24 5:04 ` [f2fs-dev] " Gao Xiang via Linux-f2fs-devel
2020-01-24 5:16 ` Eric Biggers
2020-01-24 5:16 ` [f2fs-dev] " Eric Biggers
2020-01-24 5:27 ` Gao Xiang
2020-01-24 5:27 ` [f2fs-dev] " Gao Xiang via Linux-f2fs-devel
2020-01-24 5:53 ` Eric Biggers
2020-01-24 5:53 ` [f2fs-dev] " Eric Biggers
2020-01-24 5:34 ` Gao Xiang
2020-01-24 5:34 ` [f2fs-dev] " Gao Xiang via Linux-f2fs-devel
2020-01-24 5:42 ` Eric Biggers
2020-01-24 5:42 ` [f2fs-dev] " Eric Biggers
2020-01-24 6:15 ` Gao Xiang
2020-01-24 6:15 ` [f2fs-dev] " Gao Xiang via Linux-f2fs-devel
2020-01-24 18:12 ` Eric Biggers [this message]
2020-01-24 18:12 ` Eric Biggers
2020-01-24 18:31 ` Al Viro
2020-01-24 18:31 ` [f2fs-dev] " Al Viro
2020-01-25 3:35 ` Theodore Y. Ts'o
2020-01-25 3:35 ` [f2fs-dev] " Theodore Y. Ts'o
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200124181253.GA41762@gmail.com \
--to=ebiggers@kernel.org \
--cc=drosen@google.com \
--cc=hsiangkao@aol.com \
--cc=krisman@collabora.com \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-f2fs-devel@lists.sourceforge.net \
--cc=linux-fsdevel@vger.kernel.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.