Re: [PATCH] net: fix race in the receive/select
From: Jarek Poplawski <hidden>
Date: 2009-06-28 11:22:39
Also in:
lkml
Jarek Poplawski wrote, On 06/28/2009 01:10 PM:
Oleg Nesterov wrote, On 06/26/2009 04:50 PM:quoted
On 06/26, Davide Libenzi wrote:quoted
On Fri, 26 Jun 2009, Oleg Nesterov wrote:quoted
And if we remove waitqueue_active() in xxx_update(), then lock/unlock is not needed too. If xxx_poll() takes q->lock first, it can safely miss the changes in ->status and schedule(): xxx_update() will take q->lock, notice the sleeper and wake it up (ok, it will set ->triggered but this doesn't matter). If xxx_update() takes q->lock first, xxx_poll() must see the changes in status after poll_wait()->unlock(&q->lock) (in fact, after lock, not unlock).Sure. The snippet above was just to show what typically the code does, not a suggestion on how to solve the socket case.Yes, yes. I just meant you are right imho, we shouldn't add mb() into add_wait_queue().quoted
But yeah, the problem in this case is the waitqueue_active() call. Without that, the wait queue lock/unlock in poll_wait() and the one in wake_up() guarantees the necessary barriers. Some might argue the costs of the lock/unlock of q->lock, and wonder if MBs are a more efficient solution. This is something I'm not going into. To me, it just looked not right having cross-matching MB in different subsystems.This is subjective and thus up to maintainers, but personally I think you are very, very right. Perhaps we can add void sock_poll_wait(struct file *file, struct sock *sk, poll_table *pt) { if (pt) { poll_wait(file, sk->sk_sleep, pt); /* * fat comment */ smp_mb(); // or smp_mb__after_unlock(); } } Oleg.Maybe 'a bit' further?: static inline void __poll_wait(struct file * filp, wait_queue_head_t * wait_address, poll_table *p) { p->qproc(filp, wait_address, p); } static inline void poll_wait(struct file * filp, wait_queue_head_t * wait_address, poll_table *p) { if (p && wait_address) __poll_wait(filp, wait_address, p); } static inline void sock_poll_wait(struct file * filp, wait_queue_head_t * wait_address, poll_table *p) { if (p && wait_address) { __poll_wait(filp, wait_address, p); /* * fat comment */ smp_mb(); // or smp_mb__after_unlock(); } }
Hmm... of course:
static inline void sock_poll_wait(struct file * filp, struct sock *sk, poll_table *p)
{
if (p && sk->sk_sleep) {
__poll_wait(filp, sk->sk_sleep, p);
/*
* fat comment
*/
smp_mb(); // or smp_mb__after_unlock();
}
}
Jarek P.