Fix assertions in crypto reference helpers
The assertions are racy and the use of `membar_exit()` did nothing to fix that. The helpers use atomic functions, so we cleverly get values from the atomics that we can use to ensure that the assertions operate on the correct values. We also use `membar_producer()` prior to decrementing reference counts so that operations that happened prior to a decrement to 0 will be guaranteed to happen before the decrement on architectures that reorder atomics. This also slightly improves performance by eliminating unnecessary reads, although I doubt it would be measurable in any benchmark. Reviewed-by: Mateusz Guzik <mjguzik@gmail.com> Signed-off-by: Richard Yao <richard.yao@alumni.stonybrook.edu> Closes #13880
This commit is contained in:
parent
dc2fe24ca2
commit
e949d36040
|
@ -126,28 +126,26 @@ typedef struct kcf_provider_desc {
|
||||||
crypto_provider_id_t pd_prov_id;
|
crypto_provider_id_t pd_prov_id;
|
||||||
} kcf_provider_desc_t;
|
} kcf_provider_desc_t;
|
||||||
|
|
||||||
/* atomic operations in linux implicitly form a memory barrier */
|
|
||||||
#define membar_exit()
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* If a component has a reference to a kcf_provider_desc_t,
|
* If a component has a reference to a kcf_provider_desc_t,
|
||||||
* it REFHOLD()s. A new provider descriptor which is referenced only
|
* it REFHOLD()s. A new provider descriptor which is referenced only
|
||||||
* by the providers table has a reference counter of one.
|
* by the providers table has a reference counter of one.
|
||||||
*/
|
*/
|
||||||
#define KCF_PROV_REFHOLD(desc) { \
|
#define KCF_PROV_REFHOLD(desc) { \
|
||||||
atomic_add_32(&(desc)->pd_refcnt, 1); \
|
int newval = atomic_add_32_nv(&(desc)->pd_refcnt, 1); \
|
||||||
ASSERT((desc)->pd_refcnt != 0); \
|
ASSERT(newval != 0); \
|
||||||
}
|
}
|
||||||
|
|
||||||
#define KCF_PROV_IREFHOLD(desc) { \
|
#define KCF_PROV_IREFHOLD(desc) { \
|
||||||
atomic_add_32(&(desc)->pd_irefcnt, 1); \
|
int newval = atomic_add_32_nv(&(desc)->pd_irefcnt, 1); \
|
||||||
ASSERT((desc)->pd_irefcnt != 0); \
|
ASSERT(newval != 0); \
|
||||||
}
|
}
|
||||||
|
|
||||||
#define KCF_PROV_IREFRELE(desc) { \
|
#define KCF_PROV_IREFRELE(desc) { \
|
||||||
ASSERT((desc)->pd_irefcnt != 0); \
|
membar_producer(); \
|
||||||
membar_exit(); \
|
int newval = atomic_add_32_nv(&(desc)->pd_irefcnt, -1); \
|
||||||
if (atomic_add_32_nv(&(desc)->pd_irefcnt, -1) == 0) { \
|
ASSERT(newval != -1); \
|
||||||
|
if (newval == 0) { \
|
||||||
cv_broadcast(&(desc)->pd_remove_cv); \
|
cv_broadcast(&(desc)->pd_remove_cv); \
|
||||||
} \
|
} \
|
||||||
}
|
}
|
||||||
|
@ -155,9 +153,10 @@ typedef struct kcf_provider_desc {
|
||||||
#define KCF_PROV_REFHELD(desc) ((desc)->pd_refcnt >= 1)
|
#define KCF_PROV_REFHELD(desc) ((desc)->pd_refcnt >= 1)
|
||||||
|
|
||||||
#define KCF_PROV_REFRELE(desc) { \
|
#define KCF_PROV_REFRELE(desc) { \
|
||||||
ASSERT((desc)->pd_refcnt != 0); \
|
membar_producer(); \
|
||||||
membar_exit(); \
|
int newval = atomic_add_32_nv(&(desc)->pd_refcnt, -1); \
|
||||||
if (atomic_add_32_nv(&(desc)->pd_refcnt, -1) == 0) { \
|
ASSERT(newval != -1); \
|
||||||
|
if (newval == 0) { \
|
||||||
kcf_provider_zero_refcnt((desc)); \
|
kcf_provider_zero_refcnt((desc)); \
|
||||||
} \
|
} \
|
||||||
}
|
}
|
||||||
|
@ -193,9 +192,9 @@ typedef struct kcf_mech_entry {
|
||||||
* it REFHOLD()s. A new policy descriptor which is referenced only
|
* it REFHOLD()s. A new policy descriptor which is referenced only
|
||||||
* by the policy table has a reference count of one.
|
* by the policy table has a reference count of one.
|
||||||
*/
|
*/
|
||||||
#define KCF_POLICY_REFHOLD(desc) { \
|
#define KCF_POLICY_REFHOLD(desc) { \
|
||||||
atomic_add_32(&(desc)->pd_refcnt, 1); \
|
int newval = atomic_add_32_nv(&(desc)->pd_refcnt, 1); \
|
||||||
ASSERT((desc)->pd_refcnt != 0); \
|
ASSERT(newval != 0); \
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
@ -203,9 +202,10 @@ typedef struct kcf_mech_entry {
|
||||||
* reference is released, the descriptor is freed.
|
* reference is released, the descriptor is freed.
|
||||||
*/
|
*/
|
||||||
#define KCF_POLICY_REFRELE(desc) { \
|
#define KCF_POLICY_REFRELE(desc) { \
|
||||||
ASSERT((desc)->pd_refcnt != 0); \
|
membar_producer(); \
|
||||||
membar_exit(); \
|
int newval = atomic_add_32_nv(&(desc)->pd_refcnt, -1); \
|
||||||
if (atomic_add_32_nv(&(desc)->pd_refcnt, -1) == 0) \
|
ASSERT(newval != -1); \
|
||||||
|
if (newval == 0) \
|
||||||
kcf_policy_free_desc(desc); \
|
kcf_policy_free_desc(desc); \
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -73,9 +73,10 @@ typedef struct kcf_context {
|
||||||
* context structure is freed along with the global context.
|
* context structure is freed along with the global context.
|
||||||
*/
|
*/
|
||||||
#define KCF_CONTEXT_REFRELE(ictx) { \
|
#define KCF_CONTEXT_REFRELE(ictx) { \
|
||||||
ASSERT((ictx)->kc_refcnt != 0); \
|
membar_producer(); \
|
||||||
membar_exit(); \
|
int newval = atomic_add_32_nv(&(ictx)->kc_refcnt, -1); \
|
||||||
if (atomic_add_32_nv(&(ictx)->kc_refcnt, -1) == 0) \
|
ASSERT(newval != -1); \
|
||||||
|
if (newval == 0) \
|
||||||
kcf_free_context(ictx); \
|
kcf_free_context(ictx); \
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue