From patchwork Wed May 1 01:12:41 2013 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Dumazet X-Patchwork-Id: 240714 Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from ozlabs.org (localhost [IPv6:::1]) by ozlabs.org (Postfix) with ESMTP id 1709C2C0219 for ; Wed, 1 May 2013 11:13:18 +1000 (EST) Received: from mail-da0-x232.google.com (mail-da0-x232.google.com [IPv6:2607:f8b0:400e:c00::232]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority" (not verified)) by ozlabs.org (Postfix) with ESMTPS id DFB9E2C00CC for ; Wed, 1 May 2013 11:12:50 +1000 (EST) Received: by mail-da0-f50.google.com with SMTP id a4so481472dad.9 for ; Tue, 30 Apr 2013 18:12:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=x-received:message-id:subject:from:to:cc:date:content-type:x-mailer :content-transfer-encoding:mime-version; bh=Ain2GO79Yd86723fxyte17ir1M4SRYlr0c1ylsFHr1o=; b=C/Gfr2re5XmGhYpkH4+35b19EfBn7zJN1WkNEOT61Pk06Mzgu+q2JDhrQziFIRqPQi JJ0TkoYQdH2Y+5P8IVFjBMlN7TGPI61Mku2C+1PTIyWSryT3KYE7iyb+/ZHzNzVHvbZo 8ClWR+hFU9VPZlkIZoE0nI3zEgWEK7chVh2CY9YP8m26zQgfSftM4x+aVwYDpCl9YbKw E22BkARyxOePiHYOuzm9Sl8X1I4+L0+tlZhiffNHVC/Y4AeK7gPDTMpfawSoCHKxWS4x XWoy4hJNtH/cARHjaWK2zprLXqSXGZ9ln03kExJ1OIT14u4o1PmsU5NJbhsG/z+b5oOo iMwQ== X-Received: by 10.66.161.33 with SMTP id xp1mr2218013pab.36.1367370767130; Tue, 30 Apr 2013 18:12:47 -0700 (PDT) Received: from [172.26.48.63] ([172.26.48.63]) by mx.google.com with ESMTPSA id ux10sm1346826pab.1.2013.04.30.18.12.44 for (version=SSLv3 cipher=RC4-SHA bits=128/128); Tue, 30 Apr 2013 18:12:46 -0700 (PDT) Message-ID: <1367370761.11020.22.camel@edumazet-glaptop> Subject: [PATCH net-next] af_unix: fix a fatal race with bit fields From: Eric Dumazet To: David Miller Date: Tue, 30 Apr 2013 18:12:41 -0700 X-Mailer: Evolution 3.2.3-0ubuntu6 Mime-Version: 1.0 Cc: netdev , linuxppc-dev@lists.ozlabs.org, Paul Mackerras , Ambrose Feinstein X-BeenThere: linuxppc-dev@lists.ozlabs.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Linux on PowerPC Developers Mail List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: linuxppc-dev-bounces+patchwork-incoming=ozlabs.org@lists.ozlabs.org Sender: "Linuxppc-dev" From: Eric Dumazet Using bit fields is dangerous on ppc64, as the compiler uses 64bit instructions to manipulate them. If the 64bit word includes any atomic_t or spinlock_t, we can lose critical concurrent changes. This is happening in af_unix, where unix_sk(sk)->gc_candidate/ gc_maybe_cycle/lock share the same 64bit word. This leads to fatal deadlock, as one/several cpus spin forever on a spinlock that will never be available again. Reported-by: Ambrose Feinstein Signed-off-by: Eric Dumazet Cc: Benjamin Herrenschmidt Cc: Paul Mackerras --- Could ppc64 experts confirm using byte is safe, or should we really add a 32bit hole after the spinlock ? If so, I wonder how many other places need a change... include/net/af_unix.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/net/af_unix.h b/include/net/af_unix.h index a8836e8..4520a23f 100644 --- a/include/net/af_unix.h +++ b/include/net/af_unix.h @@ -57,8 +57,8 @@ struct unix_sock { struct list_head link; atomic_long_t inflight; spinlock_t lock; - unsigned int gc_candidate : 1; - unsigned int gc_maybe_cycle : 1; + unsigned char gc_candidate; + unsigned char gc_maybe_cycle; unsigned char recursion_level; struct socket_wq peer_wq; };