Received: by 2002:ac0:e350:0:0:0:0:0 with SMTP id g16csp1391516imn; Sun, 31 Jul 2022 05:20:56 -0700 (PDT) X-Google-Smtp-Source: AGRyM1t6EQWjBT3R7F8ijASxS/2YhTV2hvqw+Smh/WicFxub2hhHttFUYVQXVyF1REYCgrkpkjqX X-Received: by 2002:a63:5626:0:b0:41b:576d:6f33 with SMTP id k38-20020a635626000000b0041b576d6f33mr9940226pgb.131.1659270056016; Sun, 31 Jul 2022 05:20:56 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1659270056; cv=none; d=google.com; s=arc-20160816; b=Cp1UFcbGued7fmKPYVIzQnWPP300cAhAX7s9UleIuiXUWC008hpvihorzhGjmfEfE6 jP4081PbYx2qUvO+/WuAcVt2OHjBHFaRcS+BOhpCLFaRAOWKjJKFzQHV57/X+6FhtbRw ckRPStez2xx8nZ9eVqX8PpFHUgWtxI96WBA7tnA7s8xpObyNMQIzpTS/2OVSEv9QcXju gGeSvPyH8M6GNiuGd1i+0Yd9Zy2zR8SAp7Fcu3S4Hl3VcGCqw92INK37JO25pt4LctP4 2uHWI8OCepi1MOIk9UU7q9eyMSeDcsLJa4iRMDvlr7PRg10r6BG9AVIWpcgnLvA8fq3s rt6Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=Ie6lk3pHezedqnHvmzOfnsW9+MwY/qxujCF0cX5Qcvw=; b=R41OHCoqSrYMicdFQJKhrFnIFsPu3XJPPXYOLjSyxEYQVwxkbCrRy8W4l4W7v15iOr shsvHsVz4NRICWWwUsE2yImewFmtPhjYFmIxP2DqQyiqytk5zmqa++N2P4WOB8AK03rD Pu3BSI0YB8cqkrs955p12QvdRmfYSpT0GclXaw+gl6upIw0KhDzE/Uqhogz8S6u6vZzo OgVKbQbqMHp9pIc5WZiXH5PA+j9BeR6dJzoIRjiIf2oJzbqtUD/rScrI/fL/dYICwol5 j3fqMm2G9dbngx86T3PY5UHF9Gg3aGxu1xIt6xi3r9528Gvq3x772j9jQDwHGGZZ+TGN O+Yg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=e+tqWkAF; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id d13-20020a631d4d000000b004089d1b3912si10557440pgm.204.2022.07.31.05.20.41; Sun, 31 Jul 2022 05:20:55 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=e+tqWkAF; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236560AbiGaMAc (ORCPT + 99 others); Sun, 31 Jul 2022 08:00:32 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56560 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229992AbiGaMAa (ORCPT ); Sun, 31 Jul 2022 08:00:30 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E5AFCB1EC; Sun, 31 Jul 2022 05:00:29 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 8301F60C8A; Sun, 31 Jul 2022 12:00:28 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id E8FD9C433D7; Sun, 31 Jul 2022 12:00:27 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1659268827; bh=vjRGLx6dx+Emc3ytg5f776+VjuO33eUdDhjJQx2PtVM=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=e+tqWkAFJjj60N962+xAMnIENwH3HSOnIaMlqKZgvVH0+zsLfRk4+FImOVUgiqBIa ld/amFw0WbV6LU1xTTyt7isX7dp8o0qSxMjRdvi30axlzFCh31CbindFyYqCtOYy/u YGz2qMlJR7GM/oigbboutzmHEvzNYSYnlWCI2LiNp/bF8PQFdnROo7mP6MkVvCFVgs M+xUSA360abk4300VK1WWhokzHMWoPf/833gNMBCS4mnhpQ3NDegGo2KRko6T03d4W GeQ0f7968J8lFXxPZzOz1LiyuCfcLaaSOpjMR/nAzt2QwMJq1P0jK5uu88NfUnQ+UB ScdhElVnvI2Bg== Received: by mail-ot1-f41.google.com with SMTP id z12-20020a056830128c00b0061c8168d3faso6328733otp.7; Sun, 31 Jul 2022 05:00:27 -0700 (PDT) X-Gm-Message-State: AJIora/nHZyMfZQZja7C05J7MQkx+vEWWHDt2ObExxPfg+WangC7Di5w nxqZEca0jw6XgvTPNQiur2PIdqwnfJufjoiPFLs= X-Received: by 2002:a05:6830:441f:b0:61c:a5bb:9c6a with SMTP id q31-20020a056830441f00b0061ca5bb9c6amr4210686otv.265.1659268827066; Sun, 31 Jul 2022 05:00:27 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Ard Biesheuvel Date: Sun, 31 Jul 2022 14:00:16 +0200 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH] Add a read memory barrier to wait_on_buffer To: Mikulas Patocka Cc: Linus Torvalds , Alexander Viro , Alan Stern , Andrea Parri , Will Deacon , Peter Zijlstra , Boqun Feng , Nicholas Piggin , David Howells , Jade Alglave , Luc Maranget , "Paul E. McKenney" , Akira Yokosawa , Daniel Lustig , Joel Fernandes , Linux Kernel Mailing List , linux-arch , linux-fsdevel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-7.7 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Mikulas, On Sun, 31 Jul 2022 at 13:43, Mikulas Patocka wrote: > > Let's have a look at this piece of code in __bread_slow: > get_bh(bh); > bh->b_end_io = end_buffer_read_sync; > submit_bh(REQ_OP_READ, 0, bh); > wait_on_buffer(bh); > if (buffer_uptodate(bh)) > return bh; > Neither wait_on_buffer nor buffer_uptodate contain a memory barrier. > Consequently, if someone calls sb_bread and then reads the buffer data, > the read of buffer data may be speculatively executed before > wait_on_buffer(bh) and it may return invalid data. > This has little to do with speculation, so better to drop this S bomb from your commit message. This is about concurrency and weak memory ordering. > Also, there is this pattern present several times: > wait_on_buffer(bh); > if (!buffer_uptodate(bh)) > err = -EIO; > It may be possible that buffer_uptodate is executed before wait_on_buffer > and it may return spurious error. > > Fix these bugs by adding a read memory barrier to wait_on_buffer(). > > Signed-off-by: Mikulas Patocka > Cc: stable@vger.kernel.org > > Index: linux-2.6/include/linux/buffer_head.h > =================================================================== > --- linux-2.6.orig/include/linux/buffer_head.h > +++ linux-2.6/include/linux/buffer_head.h > @@ -353,6 +353,11 @@ static inline void wait_on_buffer(struct > might_sleep(); > if (buffer_locked(bh)) > __wait_on_buffer(bh); > + /* > + * Make sure that the following accesses to buffer state or buffer data > + * are not reordered with buffer_locked(bh). > + */ > + smp_rmb(); > } > > static inline int trylock_buffer(struct buffer_head *bh) > This doesn't seem like a very robust fix to me, tbh - I suppose this makes the symptom you encountered go away, but the underlying issue remains afaict. Given that the lock and uptodate fields etc are just bits in a bitfield, wouldn't it be better to use cmpxchg() with acquire/release semantics (as appropriate) to manage these bits?