Re: [PATCH net-next 05/12] ptr_ring: disallow lockless __ptr_ring_full
From: Michael S. Tsirkin
Date: Sun Jan 28 2018 - 23:41:36 EST
On Mon, Jan 29, 2018 at 11:36:09AM +0800, Jason Wang wrote:
>
>
> On 2018å01æ26æ 10:46, Michael S. Tsirkin wrote:
> > > On 2018å01æ26æ 07:36, Michael S. Tsirkin wrote:
> > > > Similar to bcecb4bbf88a ("net: ptr_ring: otherwise safe empty checks can
> > > > overrun array bounds") a lockless use of __ptr_ring_full might
> > > > cause an out of bounds access.
> > > >
> > > > We can fix this, but it's easier to just disallow lockless
> > > > __ptr_ring_full for now.
> > > It looks to me that just fix this is better than disallow through doc (which
> > > is easily to be ignored ...).
> > >
> > > Thanks
> > lockless is tricky, and I'd rather not sprinkle READ/WRITE_ONCE where
> > they aren't necessary.
> >
>
> The problem is then API looks a little bit strange. Lockless were only
> allowed to be done at __ptr_ring_empty() but not __ptr_ring_full().
>
> Thanks
So __ptr_ring_empty doesn't really work lockless. It merely does not crash.
I don't believe we can do anything to remove the need to read the
docs unless people use the safe non __ variants.
--
MST