percpu_counter.counter is a 's64'. Accessing it in 32-bit system is racing.
we need some locking to protect it otherwise some very wrong value could be
accessed.
Signed-off-by: Shaohua Li <[email protected]>
---
include/linux/percpu_counter.h | 37 ++++++++++++++++++++++++++-----------
1 file changed, 26 insertions(+), 11 deletions(-)
Index: linux/include/linux/percpu_counter.h
===================================================================
--- linux.orig/include/linux/percpu_counter.h 2011-04-14 08:50:45.000000000 +0800
+++ linux/include/linux/percpu_counter.h 2011-04-14 09:09:14.000000000 +0800
@@ -89,9 +89,20 @@ struct percpu_counter {
s64 count;
};
-static inline int percpu_counter_init(struct percpu_counter *fbc, s64 amount)
+static inline void percpu_counter_set(struct percpu_counter *fbc, s64 amount)
{
+#if BITS_PER_LONG == 32
+ preempt_disable();
fbc->count = amount;
+ preempt_enable();
+#else
+ fbc->count = amount;
+#endif
+}
+
+static inline int percpu_counter_init(struct percpu_counter *fbc, s64 amount)
+{
+ percpu_counter_set(fbc, amount);
return 0;
}
@@ -99,16 +110,25 @@ static inline void percpu_counter_destro
{
}
-static inline void percpu_counter_set(struct percpu_counter *fbc, s64 amount)
+static inline s64 percpu_counter_read(struct percpu_counter *fbc)
{
- fbc->count = amount;
+#if BITS_PER_LONG == 32
+ s64 count;
+ preempt_disable();
+ count = fbc->count;
+ preempt_enable();
+ return count;
+#else
+ return fbc->count;
+#endif
}
static inline int percpu_counter_compare(struct percpu_counter *fbc, s64 rhs)
{
- if (fbc->count > rhs)
+ s64 count = percpu_counter_read(fbc);
+ if (count > rhs)
return 1;
- else if (fbc->count < rhs)
+ else if (count < rhs)
return -1;
else
return 0;
@@ -128,18 +148,13 @@ __percpu_counter_add(struct percpu_count
percpu_counter_add(fbc, amount);
}
-static inline s64 percpu_counter_read(struct percpu_counter *fbc)
-{
- return fbc->count;
-}
-
/*
* percpu_counter is intended to track positive number. In UP case, the number
* should never be negative.
*/
static inline s64 percpu_counter_read_positive(struct percpu_counter *fbc)
{
- return fbc->count;
+ return percpu_counter_read(fbc);
}
static inline s64 percpu_counter_sum_positive(struct percpu_counter *fbc)
Le jeudi 14 avril 2011 à 10:04 +0800, [email protected] a écrit :
> pièce jointe document texte brut (percpu-counter-32bits.patch)
> percpu_counter.counter is a 's64'. Accessing it in 32-bit system is racing.
> we need some locking to protect it otherwise some very wrong value could be
> accessed.
>
> Signed-off-by: Shaohua Li <[email protected]>
> ---
> include/linux/percpu_counter.h | 37 ++++++++++++++++++++++++++-----------
> 1 file changed, 26 insertions(+), 11 deletions(-)
>
> Index: linux/include/linux/percpu_counter.h
> ===================================================================
> --- linux.orig/include/linux/percpu_counter.h 2011-04-14 08:50:45.000000000 +0800
> +++ linux/include/linux/percpu_counter.h 2011-04-14 09:09:14.000000000 +0800
> @@ -89,9 +89,20 @@ struct percpu_counter {
> s64 count;
> };
>
> -static inline int percpu_counter_init(struct percpu_counter *fbc, s64 amount)
> +static inline void percpu_counter_set(struct percpu_counter *fbc, s64 amount)
> {
> +#if BITS_PER_LONG == 32
> + preempt_disable();
> fbc->count = amount;
> + preempt_enable();
> +#else
> + fbc->count = amount;
> +#endif
> +}
> +
> +static inline int percpu_counter_init(struct percpu_counter *fbc, s64 amount)
> +{
> + percpu_counter_set(fbc, amount);
> return 0;
> }
>
Please dont do this and obfuscate the code.
percpu_counter_init() cannot be racy.
Its like saying spin_lock_init() could be racy.
No other thread/cpu is supposed to use the object if not yet
initialized.
On Thu, 2011-04-14 at 10:35 +0800, Eric Dumazet wrote:
> Le jeudi 14 avril 2011 à 10:04 +0800, [email protected] a écrit :
> > pièce jointe document texte brut (percpu-counter-32bits.patch)
> > percpu_counter.counter is a 's64'. Accessing it in 32-bit system is racing.
> > we need some locking to protect it otherwise some very wrong value could be
> > accessed.
> >
> > Signed-off-by: Shaohua Li <[email protected]>
> > ---
> > include/linux/percpu_counter.h | 37 ++++++++++++++++++++++++++-----------
> > 1 file changed, 26 insertions(+), 11 deletions(-)
> >
> > Index: linux/include/linux/percpu_counter.h
> > ===================================================================
> > --- linux.orig/include/linux/percpu_counter.h 2011-04-14 08:50:45.000000000 +0800
> > +++ linux/include/linux/percpu_counter.h 2011-04-14 09:09:14.000000000 +0800
> > @@ -89,9 +89,20 @@ struct percpu_counter {
> > s64 count;
> > };
> >
> > -static inline int percpu_counter_init(struct percpu_counter *fbc, s64 amount)
> > +static inline void percpu_counter_set(struct percpu_counter *fbc, s64 amount)
> > {
> > +#if BITS_PER_LONG == 32
> > + preempt_disable();
> > fbc->count = amount;
> > + preempt_enable();
> > +#else
> > + fbc->count = amount;
> > +#endif
> > +}
> > +
> > +static inline int percpu_counter_init(struct percpu_counter *fbc, s64 amount)
> > +{
> > + percpu_counter_set(fbc, amount);
> > return 0;
> > }
> >
>
> Please dont do this and obfuscate the code.
>
> percpu_counter_init() cannot be racy.
>
> Its like saying spin_lock_init() could be racy.
>
> No other thread/cpu is supposed to use the object if not yet
> initialized.
that's true. I just want the code looks consistent and this doesn't
really obfuscate the code to me.
Thanks,
Shaohua
Le jeudi 14 avril 2011 à 10:44 +0800, Shaohua Li a écrit :
> that's true. I just want the code looks consistent and this doesn't
> really obfuscate the code to me.
Doing so gives a false sense of security to user.
percpu_counter_init() is unsafe by nature.
On Thu, 2011-04-14 at 10:54 +0800, Eric Dumazet wrote:
> Le jeudi 14 avril 2011 à 10:44 +0800, Shaohua Li a écrit :
> > that's true. I just want the code looks consistent and this doesn't
> > really obfuscate the code to me.
>
> Doing so gives a false sense of security to user.
>
> percpu_counter_init() is unsafe by nature.
I really don't think this matters, but since you insist, here is the
updated the patch.
Subject: percpu_counter: fix code for 32bit systems for UP
percpu_counter.counter is a 's64'. Accessing it in 32-bit system is racing.
we need some locking to protect it otherwise some very wrong value could be
accessed.
Signed-off-by: Shaohua Li <[email protected]>
---
include/linux/percpu_counter.h | 31 +++++++++++++++++++++++--------
1 file changed, 23 insertions(+), 8 deletions(-)
Index: linux/include/linux/percpu_counter.h
===================================================================
--- linux.orig/include/linux/percpu_counter.h 2011-04-18 15:36:31.000000000 +0800
+++ linux/include/linux/percpu_counter.h 2011-04-18 15:37:35.000000000 +0800
@@ -101,14 +101,34 @@ static inline void percpu_counter_destro
static inline void percpu_counter_set(struct percpu_counter *fbc, s64 amount)
{
+#if BITS_PER_LONG == 32
+ preempt_disable();
+ fbc->count = amount;
+ preempt_enable();
+#else
fbc->count = amount;
+#endif
+}
+
+static inline s64 percpu_counter_read(struct percpu_counter *fbc)
+{
+#if BITS_PER_LONG == 32
+ s64 count;
+ preempt_disable();
+ count = fbc->count;
+ preempt_enable();
+ return count;
+#else
+ return fbc->count;
+#endif
}
static inline int percpu_counter_compare(struct percpu_counter *fbc, s64 rhs)
{
- if (fbc->count > rhs)
+ s64 count = percpu_counter_read(fbc);
+ if (count > rhs)
return 1;
- else if (fbc->count < rhs)
+ else if (count < rhs)
return -1;
else
return 0;
@@ -128,18 +148,13 @@ __percpu_counter_add(struct percpu_count
percpu_counter_add(fbc, amount);
}
-static inline s64 percpu_counter_read(struct percpu_counter *fbc)
-{
- return fbc->count;
-}
-
/*
* percpu_counter is intended to track positive number. In UP case, the number
* should never be negative.
*/
static inline s64 percpu_counter_read_positive(struct percpu_counter *fbc)
{
- return fbc->count;
+ return percpu_counter_read(fbc);
}
static inline s64 percpu_counter_sum_positive(struct percpu_counter *fbc)