On Mon, Apr 6, 2020 at 8:10 PM Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> wrote:
>
> From: Chris Wilson <chris@xxxxxxxxxxxxxxxxxx>
> Subject: lib/list: prevent compiler reloads inside 'safe' list iteration
>
> Instruct the compiler to read the next element in the list iteration
> once, and that it is not allowed to reload the value from the stale
> element later. This is important as during the course of the safe
> iteration, the stale element may be poisoned (unbeknownst to the
> compiler).
Andrew, Chris, this one looks rather questionable to me.
How the heck would the ->next pointer be changed without the compiler
being aware of it? That implies a bug to begin with - possibly an
inline asm that changes kernel memory without having a memory clobber.
Quite fundamentally, the READ_ONCE() doesn't seem to fix anything. If
something else can change the list _concurrently_, it's still
completely broken, and hiding the KASAN report is just hiding a bug.
What and where was the actual KASAN issue? The commit log doesn't say...
Linus
