* BUG? possible race due to the absence of barrier
@ 2010-01-13 4:35 홍신 shin hong
2010-01-13 9:24 ` Jarek Poplawski
0 siblings, 1 reply; 2+ messages in thread
From: 홍신 shin hong @ 2010-01-13 4:35 UTC (permalink / raw)
To: netdev
Hi. I am reporting a type of suspected bugs due to
the lack of enforcing operation order by memory barrier.
I found this issue while I read the code, so that
it might not be real. But, please examine this issue.
We often allocate an object, initialize it, and then link it to a data
structure.
Then any thread can access the object.
For this pattern of programming, it seems to be necessary that
memory barrier should confirm that the initializations and the linking
to global data structures are not disordered by CPU or compilers.
atm_add_addr() in /net/atm/addr.c has the following code:
88 this = kmalloc(sizeof(struct atm_dev_addr), GFP_ATOMIC);
89 if (!this) {
90 spin_unlock_irqrestore(&dev->lock, flags);
91 return -ENOMEM;
92 }
93 this->addr = *addr;
94 list_add(&this->entry, head);
The operation at line 93 might be executed earlier than that of line 94.
Then, the other thread might read uninitialized value of this
if there is other concurrent thread which iterates the list.
Please examine this issue and let me know your opinions.
Thank you.
Sincerely
Shin Hong
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: BUG? possible race due to the absence of barrier
2010-01-13 4:35 BUG? possible race due to the absence of barrier 홍신 shin hong
@ 2010-01-13 9:24 ` Jarek Poplawski
0 siblings, 0 replies; 2+ messages in thread
From: Jarek Poplawski @ 2010-01-13 9:24 UTC (permalink / raw)
To: =?ISO-8859-2?Q?=3F=3F_shin_hong?=; +Cc: netdev
On 13-01-2010 05:35, ?? shin hong wrote:
> Hi. I am reporting a type of suspected bugs due to
> the lack of enforcing operation order by memory barrier.
>
> I found this issue while I read the code, so that
> it might not be real. But, please examine this issue.
>
> We often allocate an object, initialize it, and then link it to a data
> structure.
> Then any thread can access the object.
>
> For this pattern of programming, it seems to be necessary that
> memory barrier should confirm that the initializations and the linking
> to global data structures are not disordered by CPU or compilers.
>
> atm_add_addr() in /net/atm/addr.c has the following code:
>
> 88 this = kmalloc(sizeof(struct atm_dev_addr), GFP_ATOMIC);
> 89 if (!this) {
> 90 spin_unlock_irqrestore(&dev->lock, flags);
> 91 return -ENOMEM;
> 92 }
> 93 this->addr = *addr;
> 94 list_add(&this->entry, head);
>
> The operation at line 93 might be executed earlier than that of line 94.
> Then, the other thread might read uninitialized value of this
> if there is other concurrent thread which iterates the list.
>
> Please examine this issue and let me know your opinions.
Should be safe under the spin_lock() (and its barriers).
Regards,
Jarek P.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2010-01-13 9:24 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-01-13 4:35 BUG? possible race due to the absence of barrier 홍신 shin hong
2010-01-13 9:24 ` Jarek Poplawski
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).