Re: [PATCH REPOST net v2] atm/fore200e: Fix possible data race in fore200e_open()

Next message: Manivannan Sadhasivam: "Re: [PATCH 1/4 v5] dt-bindings: PCI: s32g: Add NXP PCIe controller"
Previous message: Yao Zihong: "Re: [PATCH v5 2/2] selftests/riscv: Add Zicbop prefetch test"
In reply to: Gui-Dong Han: "[PATCH REPOST net v2] atm/fore200e: Fix possible data race in fore200e_open()"
Next in thread: Gui-Dong Han: "Re: [PATCH REPOST net v2] atm/fore200e: Fix possible data race in fore200e_open()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Paolo Abeni

Date: Thu Nov 20 2025 - 06:27:00 EST

On 11/18/25 4:33 AM, Gui-Dong Han wrote:
> Protect access to fore200e->available_cell_rate with rate_mtx lock to
> prevent potential data race.
>
> In this case, since the update depends on a prior read, a data race
> could lead to a wrong fore200e.available_cell_rate value.
>
> The field fore200e.available_cell_rate is generally protected by the lock
> fore200e.rate_mtx when accessed. In all other read and write cases, this
> field is consistently protected by the lock, except for this case and
> during initialization.
>
> This potential bug was detected by our experimental static analysis tool,
> which analyzes locking APIs and paired functions to identify data races
> and atomicity violations.
>
> Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
> Cc: stable@xxxxxxxxxxxxxxx
> Signed-off-by: Gui-Dong Han <hanguidong02@xxxxxxxxx>
> Reviewed-by: Simon Horman <horms@xxxxxxxxxx>
> ---
> v2:
> * Added a description of the data race hazard in fore200e_open(), as
> suggested by Jakub Kicinski and Simon Horman.

It looks like you missed Jakub's reply on v2:

https://lore.kernel.org/netdev/20250123071201.3d38d8f6@xxxxxxxxxx/

The above comment is still not sufficient: you should describe
accurately how 2 (or more) CPUs could actually race causing the
corruption, reporting the relevant call paths leading to the race.

Thanks,

Paolo