On Wed, 2015-04-22 at 15:31 +0200, Mateusz Guzik wrote: > On Tue, Apr 21, 2015 at 02:06:53PM -0700, Eric Dumazet wrote: > > On Tue, 2015-04-21 at 22:12 +0200, Mateusz Guzik wrote: > > > > > in dup_fd: > > > for (i = open_files; i != 0; i--) { > > > struct file *f = *old_fds++; > > > if (f) { > > > get_file(f); > > > > > > > I see no new requirement here. f is either NULL or not. > > multi threaded programs never had a guarantee dup_fd() would catch a non > > NULL pointer here. > > > > It's not about seeing NULL f or not, but using the right address for > dereference. > > If I read memory-barriers.txt right (see 'DATA DEPENDENCY BARRIERS'), it > is possible that cpus like alpha will see a non-NULL pointer and then > proceed to dereference *the old* (here: NULL) value. > > Hence I suspect this needs smp_read_barrier_depends (along with > ACCESS_ONCE). > > Other consumers (e.g. procfs code) use rcu_dereference macro which does > ends up using lockless_dereference macro, which in turn does: > #define lockless_dereference(p) \ > ({ \ > typeof(p) _________p1 = ACCESS_ONCE(p); \ > smp_read_barrier_depends(); /* Dependency order vs. p > above. */ \ > (_________p1); \ > }) > > That said memory barriers are not exactly my strong suit, but I do > believe my suspicion here is justified enough to ask someone with solid > memory barrier-fu to comment. Again, your comment has nothing to do with the patch. If there is old data, it only can be a NULL. And it is fine, case was _already_ handled. It can not be an 'old' file pointer, because close() takes the spinlock. spin_unlock() contains a write memory barrier, so the NULL pointer put by close() would have been committed to memory. This works also on alpha cpus. -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html