Re: [PATCH locking/Documentation 1/2] Add note of release-acquire store vulnerability

From: Will Deacon
Date: Thu Sep 29 2016 - 12:03:15 EST


On Thu, Sep 29, 2016 at 05:58:17PM +0200, Peter Zijlstra wrote:
> On Thu, Sep 29, 2016 at 08:54:01AM -0700, Paul E. McKenney wrote:
> > If two processes are related by a RELEASE+ACQUIRE pair, ordering can be
> > broken if a third process overwrites the value written by the RELEASE
> > operation before the ACQUIRE operation has a chance of reading it.
> > This commit therefore updates the documentation to call this vulnerability
> > out explicitly.
> >
> > Reported-by: Alan Stern <stern@xxxxxxxxxxxxxxxxxxx>
> > Signed-off-by: Paul E. McKenney <paulmck@xxxxxxxxxxxxxxxxxx>
>
> > + However, please note that a chain of RELEASE+ACQUIRE pairs may be
> > + broken by a store by another thread that overwrites the RELEASE
> > + operation's store before the ACQUIRE operation's read.
>
> This is the powerpc lwsync quirk, right? Where the barrier disappears
> when it looses the store.
>
> Or is there more to it? Its not entirely clear from the Changelog, which
> I feel should describe the reason for the behaviour.

If I've groked it correctly, it's for cases like:


PO:
Wx=1
WyRel=1

P1:
Wy=2

P2:
RyAcq=2
Rx=0

Final value of y is 2.


This is permitted on arm64. If you make P1's store a store-release, then
it's forbidden, but I suspect that's not generally true of the kernel
memory model.

Will