From: Ingo Molnar <mingo@kernel.org>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: "Linux Kernel Mailing List" <linux-kernel@vger.kernel.org>,
"Frédéric Weisbecker" <fweisbec@gmail.com>,
"Thomas Gleixner" <tglx@linutronix.de>,
"Peter Zijlstra" <a.p.zijlstra@chello.nl>,
"Andrew Morton" <akpm@linux-foundation.org>
Subject: Re: [PATCH] atomic: Fix bugs in 'fetch_or()' and rename it to 'xchg_or()'
Date: Tue, 15 Mar 2016 13:01:47 +0100 [thread overview]
Message-ID: <20160315120147.GA9742@gmail.com> (raw)
In-Reply-To: <20160315093245.GA7943@gmail.com>
* Ingo Molnar <mingo@kernel.org> wrote:
> Subject: [PATCH] atomic: Fix bugs in 'fetch_or()' and rename it to 'xchg_or()'
>
> Linus noticed a couple of problems with the fetch_or() implementation introduced
> by 5fd7a09cfb8c ("atomic: Export fetch_or()"):
>
> - Sloppy macro implementation: 'mask' and 'ptr' is evaluated multiple times,
> which will break if arguments have side effects.
So this shiny new patch manages to crash the x86 kernel with a NULL pointer
dereference:
[ 0.143027] BUG: unable to handle kernel NULL pointer dereference at (null)
[ 0.144000] IP: [<ffffffff8107c64c>] resched_curr+0x3c/0xc0
GCC manages to turn this:
static bool set_nr_and_not_polling(struct task_struct *p)
{
struct thread_info *ti = task_thread_info(p);
return !(xchg_or(&ti->flags, _TIF_NEED_RESCHED) & _TIF_POLLING_NRFLAG);
}
and this:
> /**
> + * xchg_or - perform *ptr |= mask atomically and return old value of *ptr
> + * @ptr: pointer to value (cmpxchg() compatible integer pointer type)
> * @mask: mask to OR on the value
> *
> + * cmpxchg() based, it's a macro so it works for different integer types.
> */
> +#ifndef xchg_or
> +# define xchg_or(ptr, mask) \
> +({ \
> + typeof(ptr) __ptr = (ptr); \
> + typeof(mask) __mask = (mask); \
> + \
> + typeof(*(__ptr)) __old, __val = *__ptr; \
> + \
> for (;;) { \
> + __old = cmpxchg(__ptr, __val, __val | __mask); \
> if (__old == __val) \
> break; \
> __val = __old; \
> } \
> + \
> __old; \
> })
into:
41c1: 89 c2 mov %eax,%edx
41c3: 89 d6 mov %edx,%esi
41c5: 31 c9 xor %ecx,%ecx
41c7: 89 d0 mov %edx,%eax
41c9: 83 ce 08 or $0x8,%esi
41cc: f0 0f b1 31 lock cmpxchg %esi,(%rcx)
note the RCX zeroing via XOR...
The original, working sequence is:
41c4: 89 c2 mov %eax,%edx
41c6: 89 d6 mov %edx,%esi
41c8: 89 d0 mov %edx,%eax
41ca: 83 ce 08 or $0x8,%esi
41cd: f0 0f b1 31 lock cmpxchg %esi,(%rcx)
The change that makes the difference is the 'ptr' part of:
> + __old = cmpxchg(__ptr, __val, __val | __mask); \
This variant works:
> + __old = cmpxchg((ptr), __val, __val | __mask); \
After a lot of staring PeterZ realized that __ptr aliases with the x86 cmpxchg()
macro-jungle's __ptr name!!
So if I do a s/__ptr/_ptr it all works...
But IMHO this really highlights a fundamental weakness of all this macro magic,
it's all way too fragile.
Why don't we introduce a boring family of APIs:
cmpxchg_8()
cmpxchg_16()
cmpxchg_32()
cmpxchg_64()
xchg_or_32()
xchg_or_64()
...
... with none of this pesky auto-typing property and none of the
macro-inside-a-macro crap? We could do clean types and would write them all in
proper C, not fragile CPP.
It's not like we migrate between the types all that frequently - and even if we
do, it's trivial.
hm?
Thanks,
Ingo
next prev parent reply other threads:[~2016-03-15 12:02 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-03-14 12:32 [GIT PULL] NOHZ updates for v4.6 Ingo Molnar
2016-03-15 2:44 ` Linus Torvalds
2016-03-15 8:42 ` Peter Zijlstra
2016-03-15 9:49 ` Ingo Molnar
2016-03-15 9:32 ` [PATCH] atomic: Fix bugs in 'fetch_or()' and rename it to 'xchg_or()' Ingo Molnar
2016-03-15 10:50 ` Peter Zijlstra
2016-03-15 12:08 ` Ingo Molnar
2016-03-15 12:42 ` Peter Zijlstra
2016-03-15 11:06 ` Peter Zijlstra
2016-03-15 11:59 ` Peter Zijlstra
2016-03-15 12:01 ` Ingo Molnar [this message]
2016-03-15 12:32 ` Ingo Molnar
2016-03-15 12:37 ` Ingo Molnar
2016-03-15 13:17 ` Peter Zijlstra
2016-03-15 12:21 ` [PATCH v2] " Ingo Molnar
2016-03-15 13:26 ` Peter Zijlstra
2016-03-16 8:04 ` Ingo Molnar
2016-03-16 8:29 ` Peter Zijlstra
2016-03-15 17:08 ` Frederic Weisbecker
2016-03-16 8:14 ` Ingo Molnar
2016-03-17 0:54 ` Frederic Weisbecker
2016-03-15 16:18 ` [PATCH] " Linus Torvalds
2016-03-15 9:53 ` [PATCH] nohz: Change tick_dep_mask from 'unsigned long' to 'unsigned int' Ingo Molnar
2016-03-15 12:15 ` Ingo Molnar
2016-03-15 16:30 ` Linus Torvalds
2016-03-15 17:28 ` Frederic Weisbecker
2016-03-15 17:36 ` Linus Torvalds
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160315120147.GA9742@gmail.com \
--to=mingo@kernel.org \
--cc=a.p.zijlstra@chello.nl \
--cc=akpm@linux-foundation.org \
--cc=fweisbec@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=tglx@linutronix.de \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.