On Mon, Aug 28, 2023 at 10:04 AM Yu Kuai <[email protected]> wrote:
>
> From: Yu Kuai <[email protected]>
>
> Because reading 'suspend_lo' and 'suspend_hi' from md_handle_request()
> is not protected, use READ_ONCE/WRITE_ONCE to prevent reading abnormal
> value.
Hi Kuai
If we don't use READ_ONCE/WRITE_ONCE, What's the risk here? Could you
explain in detail or give an example?
Regards
Xiao
>
> Signed-off-by: Yu Kuai <[email protected]>
> ---
> drivers/md/md.c | 16 +++++++++-------
> 1 file changed, 9 insertions(+), 7 deletions(-)
>
> diff --git a/drivers/md/md.c b/drivers/md/md.c
> index 46badd13a687..9d8dff9d923c 100644
> --- a/drivers/md/md.c
> +++ b/drivers/md/md.c
> @@ -359,11 +359,11 @@ static bool is_suspended(struct mddev *mddev, struct bio *bio)
> return true;
> if (bio_data_dir(bio) != WRITE)
> return false;
> - if (mddev->suspend_lo >= mddev->suspend_hi)
> + if (READ_ONCE(mddev->suspend_lo) >= READ_ONCE(mddev->suspend_hi))
> return false;
> - if (bio->bi_iter.bi_sector >= mddev->suspend_hi)
> + if (bio->bi_iter.bi_sector >= READ_ONCE(mddev->suspend_hi))
> return false;
> - if (bio_end_sector(bio) < mddev->suspend_lo)
> + if (bio_end_sector(bio) < READ_ONCE(mddev->suspend_lo))
> return false;
> return true;
> }
> @@ -5171,7 +5171,8 @@ __ATTR(sync_max, S_IRUGO|S_IWUSR, max_sync_show, max_sync_store);
> static ssize_t
> suspend_lo_show(struct mddev *mddev, char *page)
> {
> - return sprintf(page, "%llu\n", (unsigned long long)mddev->suspend_lo);
> + return sprintf(page, "%llu\n",
> + (unsigned long long)READ_ONCE(mddev->suspend_lo));
> }
>
> static ssize_t
> @@ -5191,7 +5192,7 @@ suspend_lo_store(struct mddev *mddev, const char *buf, size_t len)
> return err;
>
> mddev_suspend(mddev);
> - mddev->suspend_lo = new;
> + WRITE_ONCE(mddev->suspend_lo, new);
> mddev_resume(mddev);
>
> mddev_unlock(mddev);
> @@ -5203,7 +5204,8 @@ __ATTR(suspend_lo, S_IRUGO|S_IWUSR, suspend_lo_show, suspend_lo_store);
> static ssize_t
> suspend_hi_show(struct mddev *mddev, char *page)
> {
> - return sprintf(page, "%llu\n", (unsigned long long)mddev->suspend_hi);
> + return sprintf(page, "%llu\n",
> + (unsigned long long)READ_ONCE(mddev->suspend_hi));
> }
>
> static ssize_t
> @@ -5223,7 +5225,7 @@ suspend_hi_store(struct mddev *mddev, const char *buf, size_t len)
> return err;
>
> mddev_suspend(mddev);
> - mddev->suspend_hi = new;
> + WRITE_ONCE(mddev->suspend_hi, new);
> mddev_resume(mddev);
>
> mddev_unlock(mddev);
> --
> 2.39.2
>
Hi,
在 2023/09/14 10:53, Xiao Ni 写道:
> On Mon, Aug 28, 2023 at 10:04 AM Yu Kuai <[email protected]> wrote:
>>
>> From: Yu Kuai <[email protected]>
>>
>> Because reading 'suspend_lo' and 'suspend_hi' from md_handle_request()
>> is not protected, use READ_ONCE/WRITE_ONCE to prevent reading abnormal
>> value.
>
> Hi Kuai
>
> If we don't use READ_ONCE/WRITE_ONCE, What's the risk here? Could you
> explain in detail or give an example?
Sorry for the late reply.
That depends on the architecture, a load/store may not be atomice,
for example:
// assume a is 10
t1 write 01
// write half first
a = 11
t2 read
//read
a = 11 -> read abnormal value.
// write other half
a = 01
READ_ONCE/WRITE_ONCE can guarantee that either old value or new value is
read.
Thanks,
Kuai
>
> Regards
> Xiao
>>
>> Signed-off-by: Yu Kuai <[email protected]>
>> ---
>> drivers/md/md.c | 16 +++++++++-------
>> 1 file changed, 9 insertions(+), 7 deletions(-)
>>
>> diff --git a/drivers/md/md.c b/drivers/md/md.c
>> index 46badd13a687..9d8dff9d923c 100644
>> --- a/drivers/md/md.c
>> +++ b/drivers/md/md.c
>> @@ -359,11 +359,11 @@ static bool is_suspended(struct mddev *mddev, struct bio *bio)
>> return true;
>> if (bio_data_dir(bio) != WRITE)
>> return false;
>> - if (mddev->suspend_lo >= mddev->suspend_hi)
>> + if (READ_ONCE(mddev->suspend_lo) >= READ_ONCE(mddev->suspend_hi))
>> return false;
>> - if (bio->bi_iter.bi_sector >= mddev->suspend_hi)
>> + if (bio->bi_iter.bi_sector >= READ_ONCE(mddev->suspend_hi))
>> return false;
>> - if (bio_end_sector(bio) < mddev->suspend_lo)
>> + if (bio_end_sector(bio) < READ_ONCE(mddev->suspend_lo))
>> return false;
>> return true;
>> }
>> @@ -5171,7 +5171,8 @@ __ATTR(sync_max, S_IRUGO|S_IWUSR, max_sync_show, max_sync_store);
>> static ssize_t
>> suspend_lo_show(struct mddev *mddev, char *page)
>> {
>> - return sprintf(page, "%llu\n", (unsigned long long)mddev->suspend_lo);
>> + return sprintf(page, "%llu\n",
>> + (unsigned long long)READ_ONCE(mddev->suspend_lo));
>> }
>>
>> static ssize_t
>> @@ -5191,7 +5192,7 @@ suspend_lo_store(struct mddev *mddev, const char *buf, size_t len)
>> return err;
>>
>> mddev_suspend(mddev);
>> - mddev->suspend_lo = new;
>> + WRITE_ONCE(mddev->suspend_lo, new);
>> mddev_resume(mddev);
>>
>> mddev_unlock(mddev);
>> @@ -5203,7 +5204,8 @@ __ATTR(suspend_lo, S_IRUGO|S_IWUSR, suspend_lo_show, suspend_lo_store);
>> static ssize_t
>> suspend_hi_show(struct mddev *mddev, char *page)
>> {
>> - return sprintf(page, "%llu\n", (unsigned long long)mddev->suspend_hi);
>> + return sprintf(page, "%llu\n",
>> + (unsigned long long)READ_ONCE(mddev->suspend_hi));
>> }
>>
>> static ssize_t
>> @@ -5223,7 +5225,7 @@ suspend_hi_store(struct mddev *mddev, const char *buf, size_t len)
>> return err;
>>
>> mddev_suspend(mddev);
>> - mddev->suspend_hi = new;
>> + WRITE_ONCE(mddev->suspend_hi, new);
>> mddev_resume(mddev);
>>
>> mddev_unlock(mddev);
>> --
>> 2.39.2
>>
>
> .
>