From mboxrd@z Thu Jan 1 00:00:00 1970 From: Stefano Brivio Subject: Re: [PATCH v2] net: ipv4: emulate READ_ONCE() on ->hdrincl bit-field in raw_sendmsg() Date: Mon, 8 Jan 2018 16:11:40 +0100 Message-ID: <20180108161140.796eb4cf@elisabeth> References: <20180103113700.049f7558@elisabeth> <20180108145444.19457-1-nstange@suse.de> Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Cc: "David S. Miller" , Alexey Kuznetsov , Hideaki YOSHIFUJI , Mohamed Ghannam , Michal Kubecek , Miroslav Benes , netdev@vger.kernel.org, linux-kernel@vger.kernel.org To: Nicolai Stange Return-path: In-Reply-To: <20180108145444.19457-1-nstange@suse.de> Sender: linux-kernel-owner@vger.kernel.org List-Id: netdev.vger.kernel.org On Mon, 8 Jan 2018 15:54:44 +0100 Nicolai Stange wrote: > Commit 8f659a03a0ba ("net: ipv4: fix for a race condition in > raw_sendmsg") fixed the issue of possibly inconsistent ->hdrincl handling > due to concurrent updates by reading this bit-field member into a local > variable and using the thus stabilized value in subsequent tests. > > However, aforementioned commit also adds the (correct) comment that > > /* hdrincl should be READ_ONCE(inet->hdrincl) > * but READ_ONCE() doesn't work with bit fields > */ > > because as it stands, the compiler is free to shortcut or even eliminate > the local variable at its will. > > Note that I have not seen anything like this happening in reality and thus, > the concern is a theoretical one. > > However, in order to be on the safe side, emulate a READ_ONCE() on the > bit-field by doing it on the local 'hdrincl' variable itself: > > int hdrincl = inet->hdrincl; > hdrincl = READ_ONCE(hdrincl); > > This breaks the chain in the sense that the compiler is not allowed > to replace subsequent reads from hdrincl with reloads from inet->hdrincl. > > Fixes: 8f659a03a0ba ("net: ipv4: fix for a race condition in raw_sendmsg") > Signed-off-by: Nicolai Stange Reviewed-by: Stefano Brivio -- Stefano