From: Vlastimil Babka <vbabka@suse.cz>
To: Christoph Lameter <cl@gentwo.de>, "Gong, Sishuai" <sishuai@purdue.edu>
Cc: "penberg@kernel.org" <penberg@kernel.org>,
"rientjes@google.com" <rientjes@google.com>,
"iamjoonsoo.kim@lge.com" <iamjoonsoo.kim@lge.com>,
"akpm@linux-foundation.org" <akpm@linux-foundation.org>,
"linux-mm@kvack.org" <linux-mm@kvack.org>
Subject: Re: A racy reading spot on n->free_objects in slab.c
Date: Wed, 14 Apr 2021 13:06:52 +0200 [thread overview]
Message-ID: <86da47d1-6f68-a6fb-0101-69e706e30e7d@suse.cz> (raw)
In-Reply-To: <alpine.DEB.2.22.394.2104140930030.592014@gentwo.de>
On 4/14/21 9:32 AM, Christoph Lameter wrote:
> On Tue, 13 Apr 2021, Gong, Sishuai wrote:
>
>> We found a racy reading spot on shared variable n->free_objects in
I'm assuming this was found with some research tool you're developing?
Did it also flag the line "shared = READ_ONCE(n->shared);" as that's basically
the same thing.
>> slab.c and it can be data-racing with several writers that update this
>> variable. As shown below, in function cache_alloc_refill(),
>> n->free_objects will be read without any protection. It could be
>> possible that the read value immediately becomes out-of-date when
>> another writer is changing it (e.g. free_block())
>
> Ok that is fine. If we mistakenly fill up the per cpu cache with new
> objects to the slab then so be it.
> If we mistakenly take the lock and fail to get an object then we can still
> reverse that decision and do the other thing.
Agreed. It's common in the kernel to do optimistic reads outside of lock to
decide what to do and avoid locking at all in some cases. This may sacrifice
some precision of these decisions. but not correctness, as locks are taken later
for the critical parts.
> Maybe we need to add a comment there?
Or maybe some construct that makes no difference for the compiler, but does for
the tool? READ_ONCE() maybe?
next prev parent reply other threads:[~2021-04-14 11:06 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-13 22:06 Gong, Sishuai
2021-04-14 7:32 ` Christoph Lameter
2021-04-14 11:06 ` Vlastimil Babka [this message]
2021-04-14 15:09 ` Gong, Sishuai
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=86da47d1-6f68-a6fb-0101-69e706e30e7d@suse.cz \
--to=vbabka@suse.cz \
--cc=akpm@linux-foundation.org \
--cc=cl@gentwo.de \
--cc=iamjoonsoo.kim@lge.com \
--cc=linux-mm@kvack.org \
--cc=penberg@kernel.org \
--cc=rientjes@google.com \
--cc=sishuai@purdue.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox