Re: [BUG] usb: cdc-wdm: Missing barriers in ad-hoc lockless buffer

[Gui-Dong Han]

On Fri, Mar 6, 2026 at 5:25 PM Oliver Neukum <oneukum@xxxxxxxx> wrote:
>
>
>
> On 05.03.26 14:26, Gui-Dong Han wrote:
>
> Hi,
>
> > Based on my shallow understanding, reordering issues typically happen
> > between different memory addresses, not within the same one.
>
> Nevertheless, you've found the issue, hence I will ask you :-)
>
> Is that something we can depend on or is that just how it works
> on the architectures we are currently running on? If I go to the effort
> of checking for reordering effects, I want to do it right in all cases.

Yes, we can depend on it. Both the LKMM [1] and the documentation for
ARM [2] (the most widespread weak memory architecture) explicitly
require cache coherence. This guarantees the historical consistency of
modifications to any single memory address across all CPUs.

If a hardware architecture were actually that weird, it wouldn't offer
any benefits to sell, and Linux wouldn't support it anyway :)

>
> > The real danger of weak memory architectures lies in accessing
> > associated variables. For instance, if we write 1 to int a and then 2
> > to int b, another CPU might observe b == 2 before a == 1. This is
> > exactly the situation I pointed out in my original report regarding
> > the lack of barriers between desc->ubuf and desc->length.
>
> Yes. Hence I was looking. The results of a completed IO can be
>
> a) data
> b) an error
> c) a buffer overflow
>
> thus there must be ordering between recording any of these results
> and changing WDM_READ, right?

Yes, that seems correct.

>
> > Honestly, lockless algorithm design is incredibly hard, which is why
> > drivers should probably just rely on well-tested libraries instead of
> > rolling their own. I am definitely no expert in this dark art, just
> > know enough to be dangerous :)
>
> I agree. The issue is that lockless IO is also error handling, not
> just the buffer.

Agreed. The lockless buffer logic is entangled with the error
handling, which complicates things further.

Thanks.

[1] https://elixir.bootlin.com/linux/v7.0-rc1/source/tools/memory-model/Documentation/explanation.txt#L660
[2] https://developer.arm.com/documentation/102336/0100/Memory-ordering