From: Jarkko Sakkinen <jarkko@kernel.org>
To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: keyrings@vger.kernel.org, David Howells <dhowells@redhat.com>,
Lukas Wunner <lukas@wunner.de>,
Ignat Korchagin <ignat@cloudflare.com>,
"David S. Miller" <davem@davemloft.net>,
Peter Huewe <peterhuewe@gmx.de>, Jason Gunthorpe <jgg@ziepe.ca>,
Paul Moore <paul@paul-moore.com>,
James Morris <jmorris@namei.org>,
"Serge E. Hallyn" <serge@hallyn.com>,
James Bottomley <James.Bottomley@hansenpartnership.com>,
Mimi Zohar <zohar@linux.ibm.com>,
linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-integrity@vger.kernel.org,
linux-security-module@vger.kernel.org
Subject: Re: [PATCH] KEYS: Reduce smp_mb() calls in key_put()
Date: Sun, 4 May 2025 19:55:58 +0300 [thread overview]
Message-ID: <aBecHr6jBLWmJcyP@kernel.org> (raw)
In-Reply-To: <aBYwIcy5JCOamAkj@gondor.apana.org.au>
On Sat, May 03, 2025 at 11:02:57PM +0800, Herbert Xu wrote:
> On Sat, May 03, 2025 at 05:39:16PM +0300, Jarkko Sakkinen wrote:
> > On Wed, Apr 30, 2025 at 06:25:53PM +0300, Jarkko Sakkinen wrote:
> > > Rely only on the memory ordering of spin_unlock() when setting
> > > KEY_FLAG_FINAL_PUT under key->user->lock in key_put().
> > >
> > > Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
> > > ---
> > > security/keys/key.c | 6 ++++--
> > > 1 file changed, 4 insertions(+), 2 deletions(-)
> > >
> > > diff --git a/security/keys/key.c b/security/keys/key.c
> > > index 7198cd2ac3a3..aecbd624612d 100644
> > > --- a/security/keys/key.c
> > > +++ b/security/keys/key.c
> > > @@ -656,10 +656,12 @@ void key_put(struct key *key)
> > > spin_lock_irqsave(&key->user->lock, flags);
> > > key->user->qnkeys--;
> > > key->user->qnbytes -= key->quotalen;
> > > + set_bit(KEY_FLAG_FINAL_PUT, &key->flags);
> > > spin_unlock_irqrestore(&key->user->lock, flags);
> > > + } else {
> > > + set_bit(KEY_FLAG_FINAL_PUT, &key->flags);
> > > + smp_mb(); /* key->user before FINAL_PUT set. */
> > > }
> > > - smp_mb(); /* key->user before FINAL_PUT set. */
> > > - set_bit(KEY_FLAG_FINAL_PUT, &key->flags);
> >
> > Oops, my bad (order swap), sorry. Should have been:
> >
> > spin_unlock_irqrestore(&key->user->lock, flags);
> > } else {
> > smp_mb(); /* key->user before FINAL_PUT set. */
>
> You can use smp_mb__before_atomic here as it is equivalent to
> smp_mb in this situation.
>
> > }
> > set_bit(KEY_FLAG_FINAL_PUT, &key->flags);
> >
> > Should spin_lock()/unlock() be good enough or what good does smp_mb() do
> > in that branch? Just checking if I'm missing something before sending
> > fixed version.
>
> I don't think spin_unlock alone is enough to replace an smp_mb.
> A spin_lock + spin_unlock would be enough though.
>
> However, looking at the bigger picture this smp_mb looks bogus.
> What exactly is it protecting against?
>
> The race condition that this is supposed to fix should have been
> dealt with by the set_bit/test_bit of FINAL_PUT alone. I don't
> see any point in having this smb_mb at all.
smp_mb() there makes sure that key->user change don't spill between
key_put() and gc.
GC pairs smp_mb() in key_put() after FINAL_PUT to make sure that also
in its side key->user changes have been walled before moving the key
as part of unrefenced keys.
See also [1]. It cleared this up for me. Here user->lock easily misleads
to overlook the actual synchronization scheme.
>
> Cheers,
> --
> Email: Herbert Xu <herbert@gondor.apana.org.au>
> Home Page: http://gondor.apana.org.au/~herbert/
> PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
[1] https://lore.kernel.org/keyrings/1121543.1746310761@warthog.procyon.org.uk/
BR, Jarkko
next prev parent reply other threads:[~2025-05-04 16:56 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-04-30 15:25 [PATCH] KEYS: Reduce smp_mb() calls in key_put() Jarkko Sakkinen
2025-05-03 14:39 ` Jarkko Sakkinen
2025-05-03 15:02 ` Herbert Xu
2025-05-04 16:55 ` Jarkko Sakkinen [this message]
2025-05-03 22:19 ` David Howells
2025-05-04 0:35 ` Herbert Xu
2025-05-04 5:36 ` [PATCH] KEYS: Invert FINAL_PUT bit Herbert Xu
2025-05-04 7:44 ` David Howells
2025-05-04 7:52 ` [v2 PATCH] " Herbert Xu
2025-05-09 9:34 ` kernel test robot
2025-05-09 9:45 ` [v3 " Herbert Xu
2025-05-12 9:19 ` David Howells
2025-05-12 11:42 ` Jarkko Sakkinen
2025-05-12 12:01 ` David Howells
2025-05-12 12:07 ` Herbert Xu
2025-05-04 16:42 ` [PATCH] KEYS: Reduce smp_mb() calls in key_put() Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aBecHr6jBLWmJcyP@kernel.org \
--to=jarkko@kernel.org \
--cc=James.Bottomley@hansenpartnership.com \
--cc=davem@davemloft.net \
--cc=dhowells@redhat.com \
--cc=herbert@gondor.apana.org.au \
--cc=ignat@cloudflare.com \
--cc=jgg@ziepe.ca \
--cc=jmorris@namei.org \
--cc=keyrings@vger.kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=lukas@wunner.de \
--cc=paul@paul-moore.com \
--cc=peterhuewe@gmx.de \
--cc=serge@hallyn.com \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.