[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Xen-devel] [PATCH v2] MCE: Fix race condition in mctelem_reserve
On 02/19/2014 09:53 AM, Frediano Ziglio wrote:
On Tue, 2014-02-18 at 12:47 +0000, George Dunlap wrote:
On Wed, Jan 22, 2014 at 5:17 PM, Frediano Ziglio
<frediano.ziglio@xxxxxxxxxx> wrote:
These lines (in mctelem_reserve)
newhead = oldhead->mcte_next;
if (cmpxchgptr(freelp, oldhead, newhead) == oldhead) {
are racy. After you read the newhead pointer it can happen that another
flow (thread or recursive invocation) change all the list but set head
with same value. So oldhead is the same as *freelp but you are setting
a new head that could point to whatever element (even already used).
This patch use instead a bit array and atomic bit operations.
Signed-off-by: Frediano Ziglio <frediano.ziglio@xxxxxxxxxx>
What is this like from a release perspective? When is this code run,
and how often is the bug triggered?
-George
The code handle MCE situation. So if your hardware is good is not a big
deal. If your hardware start to have some problems in some situation is
possible that cpu raise a mce quite often causing the race to happen.
I think that the probability is not that high. The test was finely
tested (not that easy to do even now) and solve a real bug.
OK thanks -- at this point then, I think I'd just as soon hold this off
until 4.4.1, unless we get some other blocking bugs, just so that we can
minimize the changes.
-George
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel
|
