From: Jarkko Sakkinen <jarkko@kernel.org>
To: "Luck, Tony" <tony.luck@intel.com>
Cc: Reinette Chatre <reinette.chatre@intel.com>,
dave.hansen@linux.intel.com, tglx@linutronix.de, bp@alien8.de,
mingo@redhat.com, linux-sgx@vger.kernel.org, x86@kernel.org,
seanjc@google.com, hpa@zytor.com, linux-kernel@vger.kernel.org,
stable@vger.kernel.org
Subject: Re: [PATCH V2] x86/sgx: Fix free page accounting
Date: Thu, 11 Nov 2021 05:50:41 +0200 [thread overview]
Message-ID: <f99dca08d332b01daec9eed7e4a55f042b551a67.camel@kernel.org> (raw)
In-Reply-To: <YYyNeW28jqKwD0tF@agluck-desk2.amr.corp.intel.com>
On Wed, 2021-11-10 at 19:26 -0800, Luck, Tony wrote:
> On Thu, Nov 11, 2021 at 04:55:14AM +0200, Jarkko Sakkinen wrote:
> > On Wed, 2021-11-10 at 10:51 -0800, Reinette Chatre wrote:
> > > sgx_should_reclaim() would only succeed when sgx_nr_free_pages goes
> > > below the watermark. Once sgx_nr_free_pages becomes corrupted there is
> > > no clear way in which it can correct itself since it is only ever
> > > incremented or decremented.
> >
> > So one scenario would be:
> >
> > 1. CPU A does a READ of sgx_nr_free_pages.
> > 2. CPU B does a READ of sgx_nr_free_pages.
> > 3. CPU A does a STORE of sgx_nr_free_pages.
> > 4. CPU B does a STORE of sgx_nr_free_pages.
> >
> > ?
> >
> > That does corrupt the value, yes, but I don't see anything like this
> > in the commit message, so I'll have to check.
> >
> > I think the commit message is lacking a concurrency scenario, and the
> > current transcripts are a bit useless.
>
> What about this part:
>
> With sgx_nr_free_pages accessed and modified from a few places
> it is essential to ensure that these accesses are done safely but
> this is not the case. sgx_nr_free_pages is read without any
> protection and updated with inconsistent protection by any one
> of the spin locks associated with the individual NUMA nodes.
> For example:
>
> CPU_A CPU_B
> ----- -----
> spin_lock(&nodeA->lock); spin_lock(&nodeB->lock);
> ... ...
> sgx_nr_free_pages--; /* NOT SAFE */ sgx_nr_free_pages--;
>
> spin_unlock(&nodeA->lock); spin_unlock(&nodeB->lock);
>
> Maybe you missed the "NOT SAFE" hidden in the middle of
> the picture?
>
> -Tony
For me from that the ordering is not clear. E.g. compare to
https://www.kernel.org/doc/Documentation/memory-barriers.txt
/Jarkko
next prev parent reply other threads:[~2021-11-11 3:50 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-11-09 20:00 [PATCH V2] x86/sgx: Fix free page accounting Reinette Chatre
2021-11-10 15:11 ` Jarkko Sakkinen
2021-11-10 18:51 ` Reinette Chatre
2021-11-10 19:16 ` Luck, Tony
2021-11-11 2:56 ` Jarkko Sakkinen
2021-11-11 2:55 ` Jarkko Sakkinen
2021-11-11 3:26 ` Luck, Tony
2021-11-11 3:50 ` Jarkko Sakkinen [this message]
2021-11-11 4:01 ` Dave Hansen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=f99dca08d332b01daec9eed7e4a55f042b551a67.camel@kernel.org \
--to=jarkko@kernel.org \
--cc=bp@alien8.de \
--cc=dave.hansen@linux.intel.com \
--cc=hpa@zytor.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-sgx@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=reinette.chatre@intel.com \
--cc=seanjc@google.com \
--cc=stable@vger.kernel.org \
--cc=tglx@linutronix.de \
--cc=tony.luck@intel.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox