Re: [PATCH] usbnet: Fix two races between usbnet_stop() and the BH

[Eugene Shatokhin]

24.08.2015 20:43, David Miller ÐÐÑÐÑ:
> From: Eugene Shatokhin <eugene.shatokhin@xxxxxxxxxx>
> Date: Wed, 19 Aug 2015 14:59:01 +0300
>
> > So the following might be possible, although unlikely:
> >
> > CPU0             CPU1
> >                   clear_bit: read dev->flags
> >                   clear_bit: clear EVENT_RX_KILL in the read value
> >
> > dev->flags=0;
> >
> >                   clear_bit: write updated dev->flags
> >
> > As a result, dev->flags may become non-zero again.
>
> Is this really possible?

On x86, it is not possible, so this is not a problem. Perhaps, for ARM 
too. As for the other architectures supported by the kernel - not sure, 
no common guarantees, it seems. Anyway, this is not a critical issue, I 
agree.

OK, let us leave things as they are for this one and fix the rest.

> Stores really are "atomic" in the sense that the do their update
> in one indivisible operation.
>
> Atomic operations like clear_bit also will behave that way.
>
> If a clear_bit is in progress, the "dev->flags=0" store will not be
> able to grab the cache line exclusively until the clear_bit is done.
>
> So I think the above sequent of events is completely impossible.  Once
> a clear_bit starts, a write by another foreign agent on the bus is
> absolutely impossible to legally occur until the clear_bit completes.
>
> I think this is a non-issue.

Regards,
Eugene

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/