From: Peter Zijlstra <peterz@infradead.org>
To: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Cc: linux-kernel@vger.kernel.org, tglx@linutronix.de,
Ingo Molnar <mingo@redhat.com>,
Anna-Maria Gleixner <anna-maria@linutronix.de>,
Richard Henderson <rth@twiddle.net>,
Ivan Kokshaysky <ink@jurassic.park.msu.ru>,
Matt Turner <mattst88@gmail.com>,
linux-alpha@vger.kernel.org
Subject: Re: [PATCH 0.5/5] alpha: remove custom dec_and_lock() implementation
Date: Wed, 6 Jun 2018 13:59:19 +0200 [thread overview]
Message-ID: <20180606115918.GG12198@hirez.programming.kicks-ass.net> (raw)
In-Reply-To: <20180606111849.4vr2ap2w4mlyqm23@linutronix.de>
On Wed, Jun 06, 2018 at 01:18:50PM +0200, Sebastian Andrzej Siewior wrote:
> - atomic_add_unless() adds more memory barriers compared to the custom
> assembly
> I can't tell if the different memory barriers
> are an issue but having the same barriers is probably good.
refcount decrement needs to be a RELEASE operation, such that all the
load/stores to the object happen before we decrement the refcount.
Otherwise things like:
obj-foo = 5;
refcnt_dec(&obj->ref);
can be re-ordered, which then allows fun scenarios like:
CPU0 CPU1
refcnt_dec(&obj->ref);
if (dec_and_test(&obj->ref))
free(obj);
obj->foo = 5; // oops UaF
This means (for alpha) that there should be a memory barrier _before_
the decrement, however the dec_and_lock asm thing only has one _after_,
which, per the above, is too late.
The generic version using add_unless will result in memory barrier
before and after (because that is the rule for atomic ops with a return
value) which is strictly too many barriers for the refcount story, but
who knows what other ordering requirements code has.
next prev parent reply other threads:[~2018-06-06 11:59 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-05-04 15:45 Introduce atomic_dec_and_lock_irqsave() Sebastian Andrzej Siewior
2018-05-04 15:45 ` [PATCH 1/5] spinlock: atomic_dec_and_lock: Add an irqsave variant Sebastian Andrzej Siewior
2018-06-04 10:25 ` [PATCH 1/5 v2] " Sebastian Andrzej Siewior
2018-06-04 10:27 ` [PATCH 1.5/5] alpha: atomic: provide asm for the fastpath for _atomic_dec_and_lock_irqsave Sebastian Andrzej Siewior
2018-06-04 11:48 ` Peter Zijlstra
2018-06-04 12:55 ` Sebastian Andrzej Siewior
2018-06-06 11:18 ` [PATCH 0.5/5] alpha: remove custom dec_and_lock() implementation Sebastian Andrzej Siewior
2018-06-06 11:21 ` Sebastian Andrzej Siewior
2018-06-06 11:59 ` Peter Zijlstra [this message]
2018-06-12 21:36 ` [tip:locking/urgent] alpha: Remove " tip-bot for Sebastian Andrzej Siewior
2018-05-04 15:45 ` [PATCH 2/5] mm/backing-dev: Use irqsave variant of atomic_dec_and_lock() Sebastian Andrzej Siewior
2018-05-04 15:45 ` [PATCH 3/5] kernel/user: " Sebastian Andrzej Siewior
2018-05-04 15:45 ` [PATCH 4/5] drivers/md/raid5: " Sebastian Andrzej Siewior
2018-05-04 15:45 ` [PATCH 5/5] drivers/md/raid5: Do not disable irq on release_inactive_stripe_list() call Sebastian Andrzej Siewior
2018-05-04 15:54 ` Introduce atomic_dec_and_lock_irqsave() Peter Zijlstra
2018-05-04 16:07 ` Sebastian Andrzej Siewior
2018-05-04 16:21 ` Peter Zijlstra
2018-05-04 16:26 ` Al Viro
2018-05-04 16:38 ` Peter Zijlstra
2018-05-23 13:02 ` Peter Zijlstra
2018-05-30 9:26 ` Sebastian Andrzej Siewior
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180606115918.GG12198@hirez.programming.kicks-ass.net \
--to=peterz@infradead.org \
--cc=anna-maria@linutronix.de \
--cc=bigeasy@linutronix.de \
--cc=ink@jurassic.park.msu.ru \
--cc=linux-alpha@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mattst88@gmail.com \
--cc=mingo@redhat.com \
--cc=rth@twiddle.net \
--cc=tglx@linutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).