BUG? a suspected race bug due to the absence of memory barrier
홍신 shin hong
hongshin at gmail.com
Mon Dec 7 06:43:45 EST 2009
Hi. I am reporting a type of suspected bugs
due the absence of proper memory barrier.
Please examine this issue of the possibility of occurring
error in real executions. This report is not from real errors
but from my code inspection so that it might be faulty.
We often allocate an object, initialize it,
and then link it to a data structure so that any thread can access the object.
For this pattern of programming, it seems to be necessary that
memory barrier should confirm that the initializations and the linking
to global data structures are not disordered by CPU or compilers.
For example, add_to_list() at ubi/scan.c of Linux 2.6.32
has the following code:
86 seb = kmalloc(sizeof(struct ubi_scan_leb), GFP_KERNEL);
87 if (!seb)
88 return -ENOMEM;
90 seb->pnum = pnum;
91 seb->ec = ec;
92 list_add_tail(&seb->u.list, list);
By compilers and CPU, 92 might be executed earlier than 90 or 91.
In that situation, if there is other concurrent thread which iterates
the list might read uninitialized value on the newly linked objects.
Please examine this issue and let me know your opinions.
Thank you.
Sincerely
Shin Hong
More information about the linux-mtd
mailing list