From: Al Viro <viro@ZenIV.linux.org.uk>
To: Ivan Kokshaysky <ink@jurassic.park.msu.ru>
Cc: Linus Torvalds <torvalds@linux-foundation.org>,
rth@twiddle.net, linux-kernel@vger.kernel.org
Subject: Re: alpha: potential race around hae_cache in RESTORE_ALL
Date: Mon, 27 Sep 2010 13:46:24 +0100 [thread overview]
Message-ID: <20100927124624.GC19804@ZenIV.linux.org.uk> (raw)
In-Reply-To: <20100927121227.GB19804@ZenIV.linux.org.uk>
On Mon, Sep 27, 2010 at 01:12:28PM +0100, Al Viro wrote:
> On Mon, Sep 27, 2010 at 11:58:28AM +0400, Ivan Kokshaysky wrote:
> > On Sat, Sep 25, 2010 at 08:25:09PM +0100, Al Viro wrote:
> > > BTW, am I right assuming that HAE modifications is UP-only thing? It would
> > > be obviously b0rken on any SMP box, since alpha_mv is not per-CPU thing...
> >
> > The only SMP system that does HAE modifications at runtime is T2, so it has
> > a spinlock protection around set_hae() - see core_t2.h. Others are either
> > limited to use HAE window 0 only, or do not have HAE hardware at all.
>
> Um? Pardon me, but that makes no sense; how would a spinlock taken in
> e.g. readl() stop another process from leaving a syscall, getting to
> RESTORE_ALL and overwriting HAE register while we are halfway through
> the spinlock-protected area?
AFAICS, we have 3 variants:
1) alpha_mv.hae_register == &alpha_mv.hae_cache; all that code
becomes a no-op.
2) UP boxen with hae_register pointing someplace real; we save
HAE in SAVE_ALL, restore it in RESTORE_ALL and disable interrupts around
the updates of hae_cache/*hae_register to keep them in sync. readl()
et.al. set HAE, then do memory access and rely on not giving CPU up between
these moments. Since alpha doesn't do PREEMPT, we are OK (otherwise we'd
needed to disable preempt in those places; also not a big deal)
3) SMP t2 boxen; we protect the entire sequence from setting HAE to
memory access with spinlock and with disabling interrupts. We don't rely on
interrupts not modifying the damn thing, but we *do* rely on other CPU not
messing with HAE on syscall paths outside of spinlock-protected area. And
we have RESTORE_ALL hit us on all exits to userland, interrupt, trap and
syscall alike.
Looks like (3) has always been broken...
next prev parent reply other threads:[~2010-09-27 12:46 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-09-25 18:13 alpha: potential race around hae_cache in RESTORE_ALL Al Viro
2010-09-25 18:42 ` Linus Torvalds
2010-09-25 19:18 ` Al Viro
2010-09-25 19:25 ` Al Viro
[not found] ` <AANLkTikEVr6wA6D_f2Z6OEFu6SCP_-89u0-k-K-wKgb=@mail.gmail.com>
2010-09-25 21:33 ` Linus Torvalds
2010-09-27 7:58 ` Ivan Kokshaysky
2010-09-27 12:12 ` Al Viro
2010-09-27 12:46 ` Al Viro [this message]
2010-09-27 16:26 ` Ivan Kokshaysky
2010-09-27 17:10 ` Linus Torvalds
2010-09-27 18:05 ` Richard Henderson
2010-09-27 19:01 ` Al Viro
2010-09-27 21:21 ` Ivan Kokshaysky
2010-09-25 20:07 ` [PATCH] alpha: fix hae_cache race " Al Viro
2010-09-25 20:07 ` [PATCH] alpha: fix usp value in multithreaded coredumps Al Viro
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20100927124624.GC19804@ZenIV.linux.org.uk \
--to=viro@zeniv.linux.org.uk \
--cc=ink@jurassic.park.msu.ru \
--cc=linux-kernel@vger.kernel.org \
--cc=rth@twiddle.net \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox