From: Ben Hutchings <ben@decadent.org.uk>
To: John Stultz <johnstul@us.ibm.com>
Cc: Greg KH <gregkh@suse.de>,
linux-kernel@vger.kernel.org, stable@kernel.org,
Eric Dumazet <eric.dumazet@gmail.com>,
akpm@linux-foundation.org, torvalds@linux-foundation.org,
stable-review@kernel.org, alan@lxorguk.ukuu.org.uk
Subject: Re: [Stable-review] [05/21] Fix time() inconsistencies caused by intermediate xtime_cache values being read
Date: Thu, 19 May 2011 21:33:24 +0100 [thread overview]
Message-ID: <20110519203324.GN29924@decadent.org.uk> (raw)
In-Reply-To: <20110519182436.801262289@clark.kroah.org>
I couldn't see who the author of this was, but assuming John Stultz.
On Thu, May 19, 2011 at 11:23:35AM -0700, Greg KH wrote:
[...]
> In order to resolve this, we could add locking to get_seconds(), but it
> needs to be lock free, as it is called from the machine check handler,
> opening a possible deadlock.
>
> So instead, this patch introduces an intermediate value for the
> calculations, so that we only assign xtime_cache once with the correct
> time, using ACCESS_ONCE to make sure the compiler doesn't optimize out
> any intermediate values.
[...]
> --- a/kernel/time/timekeeping.c
> +++ b/kernel/time/timekeeping.c
> @@ -168,8 +168,15 @@ int __read_mostly timekeeping_suspended;
> static struct timespec xtime_cache __attribute__ ((aligned (16)));
> void update_xtime_cache(u64 nsec)
> {
> - xtime_cache = xtime;
> - timespec_add_ns(&xtime_cache, nsec);
> + /*
> + * Use temporary variable so get_seconds() cannot catch
> + * an intermediate xtime_cache.tv_sec value.
> + * The ACCESS_ONCE() keeps the compiler from optimizing
> + * out the intermediate value.
> + */
> + struct timespec ts = xtime;
> + timespec_add_ns(&ts, nsec);
> + ACCESS_ONCE(xtime_cache) = ts;
[...]
I think this use of ACCESS_ONCE() is bogus. What it does is to add
volatile-qualification to the write, and while we believe that has
a well-defined effect for int and long I don't think we can assume
that for structure assignment.
It probably works in practice, and I have no objection to this in
2.6.32.y, but I think it would be safer to assign each of the
structure fields separately with ACCESS_ONCE().
Ben.
--
Ben Hutchings
We get into the habit of living before acquiring the habit of thinking.
- Albert Camus
next prev parent reply other threads:[~2011-05-19 20:33 UTC|newest]
Thread overview: 51+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-05-19 18:24 [00/21] 2.6.32.41-longterm review Greg KH
2011-05-19 18:23 ` [01/21] cifs: check for bytes_remaining going to zero in CIFS_SessSetup Greg KH
2011-05-19 18:23 ` [02/21] Validate size of EFI GUID partition entries Greg KH
2011-05-19 18:23 ` [03/21] dccp: handle invalid feature options length Greg KH
2011-05-19 18:23 ` [04/21] CIFS: Fix memory over bound bug in cifs_parse_mount_options Greg KH
2011-05-19 18:23 ` [05/21] Fix time() inconsistencies caused by intermediate xtime_cache values being read Greg KH
2011-05-19 20:33 ` Ben Hutchings [this message]
2011-05-19 18:23 ` [06/21] ehea: fix wrongly reported speed and port Greg KH
2011-05-19 18:23 ` [07/21] NET: slip, fix ldisc->open retval Greg KH
2011-05-19 18:23 ` [08/21] ne-h8300: Fix regression caused during net_device_ops conversion Greg KH
2011-05-19 18:23 ` [09/21] hydra: " Greg KH
2011-05-19 18:23 ` [10/21] libertas: fix cmdpendingq locking Greg KH
2011-05-19 18:23 ` [11/21] zorro8390: Fix regression caused during net_device_ops conversion Greg KH
2011-05-19 18:23 ` [12/21] cifs: add fallback in is_path_accessible for old servers Greg KH
2011-05-19 18:23 ` [13/21] Revert "x86, AMD: Fix APIC timer erratum 400 affecting K8 Rev.A-E processors" Greg KH
2011-05-19 18:23 ` [14/21] x86, AMD: Fix ARAT feature setting again Greg KH
2011-05-19 18:23 ` [15/21] clocksource: Install completely before selecting Greg KH
2011-05-19 18:23 ` [16/21] tick: Clear broadcast active bit when switching to oneshot Greg KH
2011-05-19 18:23 ` [17/21] x86, apic: Fix spurious error interrupts triggering on all non-boot APs Greg KH
2011-05-19 18:23 ` [18/21] x86, mce, AMD: Fix leaving freed data in a list Greg KH
2011-05-19 18:23 ` [19/21] [SCSI] megaraid_sas: Sanity check user supplied length before passing it to dma_alloc_coherent() Greg KH
2011-05-19 18:23 ` [20/21] vmxnet3: Fix inconsistent LRO state after initialization Greg KH
2011-05-19 18:23 ` [21/21] netxen: Remove references to unified firmware file Greg KH
2011-05-19 18:30 ` [01/24] cifs: check for bytes_remaining going to zero in CIFS_SessSetup Greg KH
2011-05-19 18:30 ` [02/24] Validate size of EFI GUID partition entries Greg KH
2011-05-19 18:30 ` [03/24] x86, hw_breakpoints: Fix racy access to ptrace breakpoints Greg KH
2011-05-19 18:30 ` [04/24] ptrace: Prepare to fix racy accesses on task breakpoints Greg KH
2011-05-19 18:30 ` [05/24] dccp: handle invalid feature options length Greg KH
2011-05-19 18:30 ` [06/24] CIFS: Fix memory over bound bug in cifs_parse_mount_options Greg KH
2011-05-19 18:30 ` [07/24] tmpfs: fix race between umount and swapoff Greg KH
2011-05-21 4:52 ` Hugh Dickins
2011-05-19 18:30 ` [08/24] ehea: fix wrongly reported speed and port Greg KH
2011-05-19 18:30 ` [09/24] NET: slip, fix ldisc->open retval Greg KH
2011-05-19 18:30 ` [10/24] ne-h8300: Fix regression caused during net_device_ops conversion Greg KH
2011-05-19 18:30 ` [11/24] hydra: " Greg KH
2011-05-19 18:30 ` [12/24] libertas: fix cmdpendingq locking Greg KH
2011-05-19 18:30 ` [13/24] zorro8390: Fix regression caused during net_device_ops conversion Greg KH
2011-05-19 18:30 ` [14/24] fixes for using make 3.82 Greg KH
2011-05-19 18:30 ` [15/24] tmpfs: fix spurious ENOSPC when racing with unswap Greg KH
2011-05-20 17:49 ` Hugh Dickins
2011-05-21 21:49 ` Greg KH
2011-05-22 0:15 ` Hugh Dickins
2011-05-19 18:30 ` [16/24] cifs: add fallback in is_path_accessible for old servers Greg KH
2011-05-19 18:30 ` [17/24] Revert "x86, AMD: Fix APIC timer erratum 400 affecting K8 Rev.A-E processors" Greg KH
2011-05-19 18:30 ` [18/24] x86, AMD: Fix ARAT feature setting again Greg KH
2011-05-19 18:30 ` [19/24] clocksource: Install completely before selecting Greg KH
2011-05-19 18:30 ` [20/24] tick: Clear broadcast active bit when switching to oneshot Greg KH
2011-05-19 18:30 ` [21/24] x86, apic: Fix spurious error interrupts triggering on all non-boot APs Greg KH
2011-05-19 18:30 ` [22/24] x86, mce, AMD: Fix leaving freed data in a list Greg KH
2011-05-19 18:30 ` [23/24] [SCSI] megaraid_sas: Sanity check user supplied length before passing it to dma_alloc_coherent() Greg KH
2011-05-19 18:30 ` [24/24] vmxnet3: Fix inconsistent LRO state after initialization Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20110519203324.GN29924@decadent.org.uk \
--to=ben@decadent.org.uk \
--cc=akpm@linux-foundation.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=eric.dumazet@gmail.com \
--cc=gregkh@suse.de \
--cc=johnstul@us.ibm.com \
--cc=linux-kernel@vger.kernel.org \
--cc=stable-review@kernel.org \
--cc=stable@kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox