From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751852AbeAZCiR (ORCPT ); Thu, 25 Jan 2018 21:38:17 -0500 Received: from mx1.redhat.com ([209.132.183.28]:36880 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751816AbeAZCiN (ORCPT ); Thu, 25 Jan 2018 21:38:13 -0500 Subject: Re: [PATCH net-next 05/12] ptr_ring: disallow lockless __ptr_ring_full To: "Michael S. Tsirkin" , linux-kernel@vger.kernel.org Cc: netdev@vger.kernel.org, John Fastabend , David Miller References: <1516923320-16959-1-git-send-email-mst@redhat.com> <1516923320-16959-6-git-send-email-mst@redhat.com> From: Jason Wang Message-ID: <4bd89514-062c-dadf-53db-e6fac59512b1@redhat.com> Date: Fri, 26 Jan 2018 10:38:05 +0800 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.5.0 MIME-Version: 1.0 In-Reply-To: <1516923320-16959-6-git-send-email-mst@redhat.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-US Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 2018年01月26日 07:36, Michael S. Tsirkin wrote: > Similar to bcecb4bbf88a ("net: ptr_ring: otherwise safe empty checks can > overrun array bounds") a lockless use of __ptr_ring_full might > cause an out of bounds access. > > We can fix this, but it's easier to just disallow lockless > __ptr_ring_full for now. It looks to me that just fix this is better than disallow through doc (which is easily to be ignored ...). Thanks > > Signed-off-by: Michael S. Tsirkin > --- > include/linux/ptr_ring.h | 7 ++++--- > 1 file changed, 4 insertions(+), 3 deletions(-) > > diff --git a/include/linux/ptr_ring.h b/include/linux/ptr_ring.h > index 9a72d8f..f175846 100644 > --- a/include/linux/ptr_ring.h > +++ b/include/linux/ptr_ring.h > @@ -45,9 +45,10 @@ struct ptr_ring { > }; > > /* Note: callers invoking this in a loop must use a compiler barrier, > - * for example cpu_relax(). If ring is ever resized, callers must hold > - * producer_lock - see e.g. ptr_ring_full. Otherwise, if callers don't hold > - * producer_lock, the next call to __ptr_ring_produce may fail. > + * for example cpu_relax(). > + * > + * NB: this is unlike __ptr_ring_empty in that callers must hold producer_lock: > + * see e.g. ptr_ring_full. > */ > static inline bool __ptr_ring_full(struct ptr_ring *r) > {