On Tue, Feb 08, 2022 at 09:48:58PM +0100, Ingo Rohloff wrote:
> While the fromer code imposes a limit on the used memory, it might be over
By "fromer", you probably mean "former". But that's an uncommon usage which
might confuse people (I was confused when I first read it). It would be
better to say "existing code".
> pessimistic (even if this is unlikely).
>
> Example scenario:
> 8 threads running in parallel, all entering
> "usbfs_increase_memory_usage()" at the same time.
> The atomic accesses in "usbfs_increase_memory_usage()" could be
> serialized like this:
> 8 x "atomic64_add"
> 8 x "atomic64_read"
> If the 8 x "atomic64_add" raise "usbfs_memory_usage" above the limit,
> then all 8 calls of "usbfs_increase_memory_usage()" will return with
> -ENOMEM. If you instead serialize over the whole access to
> "usbfs_memory_usage" by using a spinlock, some of these calls will
> succeed.
>
> Signed-off-by: Ingo Rohloff <ingo.rohloff@xxxxxxxxxxxxxx>
> ---
> drivers/usb/core/devio.c | 35 ++++++++++++++++++++++++-----------
> 1 file changed, 24 insertions(+), 11 deletions(-)
>
> diff --git a/drivers/usb/core/devio.c b/drivers/usb/core/devio.c
> index fa66e6e58792..522b170c42de 100644
> --- a/drivers/usb/core/devio.c
> +++ b/drivers/usb/core/devio.c
> @@ -139,30 +139,43 @@ MODULE_PARM_DESC(usbfs_memory_mb,
> /* Hard limit, necessary to avoid arithmetic overflow */
> #define USBFS_XFER_MAX (UINT_MAX / 2 - 1000000)
>
> -static atomic64_t usbfs_memory_usage; /* Total memory currently allocated */
> +static DEFINE_SPINLOCK(usbfs_memory_usage_lock);
> +static u64 usbfs_memory_usage; /* Total memory currently allocated */
>
> /* Check whether it's okay to allocate more memory for a transfer */
> static int usbfs_increase_memory_usage(u64 amount)
> {
> - u64 lim;
> + u64 lim, total_mem;
> + unsigned long flags;
> + int ret;
>
> - lim = READ_ONCE(usbfs_memory_mb);
> + lim = usbfs_memory_mb;
Don't eliminate this READ_ONCE(). It is needed because usbfs_memory_mb is a
writable module parameter. If the value is changed by another process at
the same time you read it, you could get a nonsense value unless you use
READ_ONCE().
> lim <<= 20;
>
> - atomic64_add(amount, &usbfs_memory_usage);
> -
> - if (lim > 0 && atomic64_read(&usbfs_memory_usage) > lim) {
> - atomic64_sub(amount, &usbfs_memory_usage);
> - return -ENOMEM;
> - }
> + ret = 0;
> + spin_lock_irqsave(&usbfs_memory_usage_lock, flags);
> + total_mem = usbfs_memory_usage + amount;
> + if (lim > 0 && total_mem > lim)
> + ret = -ENOMEM;
> + else
> + usbfs_memory_usage = total_mem;
> + spin_unlock_irqrestore(&usbfs_memory_usage_lock, flags);
>
> - return 0;
> + return ret;
> }
>
> /* Memory for a transfer is being deallocated */
> static void usbfs_decrease_memory_usage(u64 amount)
> {
> - atomic64_sub(amount, &usbfs_memory_usage);
> + u64 total_mem;
> + unsigned long flags;
> +
> + spin_lock_irqsave(&usbfs_memory_usage_lock, flags);
> + total_mem = usbfs_memory_usage;
> + if (amount > total_mem)
> + amount = total_mem;
> + usbfs_memory_usage = total_mem - amount;
As a matter of personal taste, I prefer:
if (amount > usbfs_memory_usage)
usbfs_memory_usage = 0;
else
usbfs_memory_usage -= amount;
> + spin_unlock_irqrestore(&usbfs_memory_usage_lock, flags);
> }
>
> static int connected(struct usb_dev_state *ps)
Alan Stern
