From: "Paul E. McKenney" <paulmck@linux.vnet.ibm.com>
To: "H. Peter Anvin" <hpa@zytor.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>,
Mathieu Desnoyers <mathieu.desnoyers@efficios.com>,
linux-kernel@vger.kernel.org
Subject: Re: sequence lock in Linux
Date: Fri, 11 Jun 2010 14:36:02 -0700 [thread overview]
Message-ID: <20100611213602.GI2394@linux.vnet.ibm.com> (raw)
In-Reply-To: <4C12A539.1000709@zytor.com>
On Fri, Jun 11, 2010 at 02:06:01PM -0700, H. Peter Anvin wrote:
> On 06/11/2010 01:36 PM, Paul E. McKenney wrote:
> >
> > The reason that the C standard permits this is to allow for things like
> > 8-bit CPUs, which are simply unable to load or store 32-bit quantities
> > except by doing it chunkwise. But I don't expect the Linux kernel to
> > boot on these, and certainly not on any of the ones that I have used!
> >
> > I most definitely remember seeing a gcc guarantee that loads and stores
> > would be done in one instruction whenever the hardware supported this,
> > but I am not finding it today. :-(
>
> What gcc does not -- and should not -- guarantee is that accessing a
> non-volatile member is done exactly once. As Mathieu pointed out, it
> can choose to drop it due to register pressure and load it again.
>
> What is possibly a much bigger risk -- since this is an inline -- is
> that the value is cached from a previous piece of code, *or* that since
> the structure is const(!) that the second read in the repeat loop is
> elided. Presumably current versions of gcc don't do that across a
> memory clobber, but that doesn't seem entirely out of the question.
Memory barriers in the sequence-lock code prevent this, assuming, as
you point out, that memory clobber works (but if it doesn't, it should
be fixed):
o write_seqlock() and write_tryseqlock() each have an smp_wmb()
following the increment. Ditto for write_seqcount_begin().
o write_sequnlock() has an smp_wmb() preceding the increment,
and ditto for write_seqcount_end(). There are thus two smp_wmb()
calls between the increments in the usual code sequence:
write_seqlock(&l);
do_something();
write_sequnlock();
o read_seqbegin() has an smp_rmb() following its read from
->sequence. Ditto for read_seqcount_begin().
o read_seqretry() has an smp_rmb() preceding its read from
->sequence, and ditto for read_seqcount_retry(). There are thus
two smp_wmb() calls between the reads in the usual code sequence:
do {
s = read_seqbegin(&l);
read_something();
} while read_seqretry(&l, s);
So sequence locks should be pretty safe, at least as far as this
vulnerability is concerned. ;-)
Thanx, Paul
next prev parent reply other threads:[~2010-06-11 21:36 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-06-11 19:40 sequence lock in Linux Mathieu Desnoyers
2010-06-11 20:07 ` Paul E. McKenney
2010-06-11 20:46 ` Mathieu Desnoyers
2010-06-11 20:07 ` Linus Torvalds
2010-06-11 20:36 ` Paul E. McKenney
2010-06-11 21:06 ` H. Peter Anvin
2010-06-11 21:36 ` Paul E. McKenney [this message]
2010-06-11 21:38 ` H. Peter Anvin
2010-06-11 22:04 ` Paul E. McKenney
2010-06-11 22:41 ` H. Peter Anvin
2010-06-11 21:09 ` Mathieu Desnoyers
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20100611213602.GI2394@linux.vnet.ibm.com \
--to=paulmck@linux.vnet.ibm.com \
--cc=hpa@zytor.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mathieu.desnoyers@efficios.com \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox