Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1755135AbbHXSMb (ORCPT <rfc822;w@1wt.eu>);
	Mon, 24 Aug 2015 14:12:31 -0400
Received: from collab.rosalab.ru ([195.19.76.181]:38116 "EHLO
	collab.rosalab.ru" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1753922AbbHXSM3 (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Mon, 24 Aug 2015 14:12:29 -0400
Subject: Re: [PATCH] usbnet: Fix two races between usbnet_stop() and the BH
To: David Miller <davem@davemloft.net>
References: <55D436D5.6010105@rosalab.ru> <87k2sreefu.fsf@nemi.mork.no>
 <55D46F85.50608@rosalab.ru>
 <20150824.104328.554582952440857559.davem@davemloft.net>
Cc: bjorn@mork.no, oneukum@suse.com, netdev@vger.kernel.org,
        linux-usb@vger.kernel.org, linux-kernel@vger.kernel.org
From: Eugene Shatokhin <eugene.shatokhin@rosalab.ru>
Organization: ROSA
Message-ID: <55DB5E8A.9040108@rosalab.ru>
Date: Mon, 24 Aug 2015 21:12:26 +0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101
 Thunderbird/38.0.1
MIME-Version: 1.0
In-Reply-To: <20150824.104328.554582952440857559.davem@davemloft.net>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 1627
Lines: 49

24.08.2015 20:43, David Miller пишет:
> From: Eugene Shatokhin <eugene.shatokhin@rosalab.ru>
> Date: Wed, 19 Aug 2015 14:59:01 +0300
>
>> So the following might be possible, although unlikely:
>>
>> CPU0             CPU1
>>                   clear_bit: read dev->flags
>>                   clear_bit: clear EVENT_RX_KILL in the read value
>>
>> dev->flags=0;
>>
>>                   clear_bit: write updated dev->flags
>>
>> As a result, dev->flags may become non-zero again.
>
> Is this really possible?

On x86, it is not possible, so this is not a problem. Perhaps, for ARM 
too. As for the other architectures supported by the kernel - not sure, 
no common guarantees, it seems. Anyway, this is not a critical issue, I 
agree.

OK, let us leave things as they are for this one and fix the rest.

>
> Stores really are "atomic" in the sense that the do their update
> in one indivisible operation.
>
> Atomic operations like clear_bit also will behave that way.
>
> If a clear_bit is in progress, the "dev->flags=0" store will not be
> able to grab the cache line exclusively until the clear_bit is done.
>
> So I think the above sequent of events is completely impossible.  Once
> a clear_bit starts, a write by another foreign agent on the bus is
> absolutely impossible to legally occur until the clear_bit completes.
>
> I think this is a non-issue.
>

Regards,
Eugene

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/