From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1751428AbeA2El1 (ORCPT <rfc822;w@1wt.eu>);
        Sun, 28 Jan 2018 23:41:27 -0500
Received: from mx1.redhat.com ([209.132.183.28]:40260 "EHLO mx1.redhat.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1751127AbeA2ElZ (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Sun, 28 Jan 2018 23:41:25 -0500
Date: Mon, 29 Jan 2018 06:41:18 +0200
From: "Michael S. Tsirkin" <mst@redhat.com>
To: Jason Wang <jasowang@redhat.com>
Cc: linux-kernel@vger.kernel.org, netdev@vger.kernel.org,
        John Fastabend <john.fastabend@gmail.com>,
        David Miller <davem@davemloft.net>
Subject: Re: [PATCH net-next 05/12] ptr_ring: disallow lockless
 __ptr_ring_full
Message-ID: <20180129064001-mutt-send-email-mst@kernel.org>
References: <1516923320-16959-1-git-send-email-mst@redhat.com>
 <1516923320-16959-6-git-send-email-mst@redhat.com>
 <4bd89514-062c-dadf-53db-e6fac59512b1@redhat.com>
 <20180126044421-mutt-send-email-mst@kernel.org>
 <2c1b1348-08b3-a8b3-5d59-37db6257cda9@redhat.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <2c1b1348-08b3-a8b3-5d59-37db6257cda9@redhat.com>
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Mon, Jan 29, 2018 at 11:36:09AM +0800, Jason Wang wrote:
> 
> 
> On 2018年01月26日 10:46, Michael S. Tsirkin wrote:
> > > On 2018年01月26日 07:36, Michael S. Tsirkin wrote:
> > > > Similar to bcecb4bbf88a ("net: ptr_ring: otherwise safe empty checks can
> > > > overrun array bounds") a lockless use of __ptr_ring_full might
> > > > cause an out of bounds access.
> > > > 
> > > > We can fix this, but it's easier to just disallow lockless
> > > > __ptr_ring_full for now.
> > > It looks to me that just fix this is better than disallow through doc (which
> > > is easily to be ignored ...).
> > > 
> > > Thanks
> > lockless is tricky, and I'd rather not sprinkle READ/WRITE_ONCE where
> > they aren't necessary.
> > 
> 
> The problem is then API looks a little bit strange. Lockless were only
> allowed to be done at __ptr_ring_empty() but not __ptr_ring_full().
> 
> Thanks

So __ptr_ring_empty doesn't really work lockless. It merely does not crash.
I don't believe we can do anything to remove the need to read the
docs unless people use the safe non __ variants.

-- 
MST