From: "Paul E. McKenney" <paulmck@linux.vnet.ibm.com>
To: Will Deacon <will.deacon@arm.com>
Cc: Peter Zijlstra <peterz@infradead.org>,
linux-kernel@vger.kernel.org, mingo@kernel.org,
dhowells@redhat.com, stern@rowland.harvard.edu
Subject: Re: [PATCH locking/Documentation 1/2] Add note of release-acquire store vulnerability
Date: Thu, 29 Sep 2016 09:43:53 -0700 [thread overview]
Message-ID: <20160929164353.GX14933@linux.vnet.ibm.com> (raw)
In-Reply-To: <20160929160307.GT13862@arm.com>
On Thu, Sep 29, 2016 at 05:03:08PM +0100, Will Deacon wrote:
> On Thu, Sep 29, 2016 at 05:58:17PM +0200, Peter Zijlstra wrote:
> > On Thu, Sep 29, 2016 at 08:54:01AM -0700, Paul E. McKenney wrote:
> > > If two processes are related by a RELEASE+ACQUIRE pair, ordering can be
> > > broken if a third process overwrites the value written by the RELEASE
> > > operation before the ACQUIRE operation has a chance of reading it.
> > > This commit therefore updates the documentation to call this vulnerability
> > > out explicitly.
> > >
> > > Reported-by: Alan Stern <stern@rowland.harvard.edu>
> > > Signed-off-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
> >
> > > + However, please note that a chain of RELEASE+ACQUIRE pairs may be
> > > + broken by a store by another thread that overwrites the RELEASE
> > > + operation's store before the ACQUIRE operation's read.
> >
> > This is the powerpc lwsync quirk, right? Where the barrier disappears
> > when it looses the store.
> >
> > Or is there more to it? Its not entirely clear from the Changelog, which
> > I feel should describe the reason for the behaviour.
>
> If I've groked it correctly, it's for cases like:
>
>
> PO:
> Wx=1
> WyRel=1
>
> P1:
> Wy=2
>
> P2:
> RyAcq=2
> Rx=0
>
> Final value of y is 2.
>
>
> This is permitted on arm64. If you make P1's store a store-release, then
> it's forbidden, but I suspect that's not generally true of the kernel
> memory model.
That is the one! And to Peter's point, powerpc does the same for the
example as shown. However, on powerpc, upgrading P1's store to release
has no effect because there is no earlier access for the resulting
lwsync to influence. For whatever it might be worth, C11 won't guarantee
ordering in that case, either. Nor will the current Linux-kernel memory
model. (Yes, I did just try it to make sure. Why do you ask?)
So you guys are fishing for an expanded commit log, for example, like
the following? ;-)
Thanx, Paul
------------------------------------------------------------------------
If two processes are related by a RELEASE+ACQUIRE pair, ordering can be
broken if a third process overwrites the value written by the RELEASE
operation before the ACQUIRE operation has a chance of reading it, for
example:
P0(int *x, int *y)
{
WRITE_ONCE(*x, 1);
smp_wmb();
smp_store_release(y, 1);
}
P1(int *y)
{
smp_store_release(y, 2);
}
P2(int *x, int *y)
{
r1 = smp_load_acquire(y);
r2 = READ_ONCE(*x);
}
Both ARM and powerpc allow the "after the dust settles" outcome (r1=2 &&
r2=0), as does the current version of the early prototype Linux-kernel
memory model.
This commit therefore updates the documentation to call this vulnerability
out explicitly.
next prev parent reply other threads:[~2016-09-29 16:44 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-09-29 15:54 [PATCH locking/Documentation 1/2] Add note of release-acquire store vulnerability Paul E. McKenney
2016-09-29 15:58 ` Peter Zijlstra
2016-09-29 16:03 ` Will Deacon
2016-09-29 16:17 ` Peter Zijlstra
2016-09-29 16:44 ` Paul E. McKenney
2016-09-29 16:43 ` Paul E. McKenney [this message]
2016-09-29 17:10 ` Will Deacon
2016-09-29 17:23 ` Paul E. McKenney
2016-09-29 18:04 ` Paul E. McKenney
2016-09-29 18:10 ` Paul E. McKenney
2016-09-29 18:44 ` Peter Zijlstra
2016-09-29 19:18 ` Paul E. McKenney
2016-09-29 19:36 ` Alan Stern
2016-09-29 20:26 ` Paul E. McKenney
2016-09-30 8:53 ` Peter Zijlstra
2016-09-30 9:00 ` Peter Zijlstra
2016-09-30 9:57 ` Peter Zijlstra
2016-09-30 12:14 ` Paul E. McKenney
2016-09-30 12:51 ` Peter Zijlstra
2016-09-30 13:35 ` Paul E. McKenney
2016-09-30 5:53 ` Boqun Feng
2016-09-30 9:20 ` Will Deacon
2016-09-30 11:35 ` Paul E. McKenney
2016-09-30 10:25 ` Peter Zijlstra
2016-09-30 12:17 ` Paul E. McKenney
2016-09-30 12:45 ` Peter Zijlstra
2016-09-30 13:10 ` Paul E. McKenney
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160929164353.GX14933@linux.vnet.ibm.com \
--to=paulmck@linux.vnet.ibm.com \
--cc=dhowells@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@kernel.org \
--cc=peterz@infradead.org \
--cc=stern@rowland.harvard.edu \
--cc=will.deacon@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox