On Fri, Aug 18, 2017 at 06:17:15PM +0300, Anton Volkov wrote: > Hello. > > While searching for races in the Linux kernel I've come across > "drivers/infiniband/hw/mlx5/mlx5_ib.ko" module. Here are questions that I > came up with while analyzing results. Lines are given using the info from > Linux v4.12. > > Consider the following case: > > Thread 1: Thread 2: > size_write > ->remove_keys limit_write > ent->cur--; if (ent->cur < ent->limit) > (mr.c: line 234) (mr.c: line 335) > err = add_keys(... ent->limit - ent->cur); > > If size_write and limit_write are able to work concurrently with the same > ent then there is a possibility of a race between the accesses to ent->cur. > In worst case in limit_write new keys wouldn't be added. Is it feasible from > your point of view? If so, is it a benign race or a serious one? Technically yes, it can race, but it gives a little value to protect the ent->check with lock, because the limit_eize instruction is triggered by debugfs write and is used for the debug. Thanks > > Thank you for your time. > > -- Anton Volkov > Linux Verification Center, ISPRAS > web: http://linuxtesting.org > e-mail: avolkov@xxxxxxxxx > -- > To unsubscribe from this list: send the line "unsubscribe linux-rdma" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html
Attachment:
signature.asc
Description: PGP signature
