Re: [PATCH 0.5/5] alpha: remove custom dec_and_lock() implementation
From: Peter Zijlstra
Date: Wed Jun 06 2018 - 07:59:42 EST
On Wed, Jun 06, 2018 at 01:18:50PM +0200, Sebastian Andrzej Siewior wrote:
> - atomic_add_unless() adds more memory barriers compared to the custom
> assembly
> I can't tell if the different memory barriers
> are an issue but having the same barriers is probably good.
refcount decrement needs to be a RELEASE operation, such that all the
load/stores to the object happen before we decrement the refcount.
Otherwise things like:
obj-foo = 5;
refcnt_dec(&obj->ref);
can be re-ordered, which then allows fun scenarios like:
CPU0 CPU1
refcnt_dec(&obj->ref);
if (dec_and_test(&obj->ref))
free(obj);
obj->foo = 5; // oops UaF
This means (for alpha) that there should be a memory barrier _before_
the decrement, however the dec_and_lock asm thing only has one _after_,
which, per the above, is too late.
The generic version using add_unless will result in memory barrier
before and after (because that is the rule for atomic ops with a return
value) which is strictly too many barriers for the refcount story, but
who knows what other ordering requirements code has.
--
To unsubscribe from this list: send the line "unsubscribe linux-alpha" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html