From: Norbert van Bolhuis <nvbolhuis@aimvalley.nl>
To: Paul Mackerras <paulus@samba.org>
Cc: linuxppc-dev@ozlabs.org, Richard Henderson <rth@twiddle.net>
Subject: Re: [PATCH] powerpc: Fix bug in __futex_atomic_op
Date: Wed, 15 Apr 2009 09:26:08 +0200 [thread overview]
Message-ID: <49E58C10.4080100@aimvalley.nl> (raw)
In-Reply-To: <18915.54309.632699.346771@cargo.ozlabs.ibm.com>
I'd like to understand the implications of this bug.
Obviously applications using the futex system can be affected, but
does anybody know whether GNU software packages suffer from this problem.
I mean glibc (nptl) uses futexes, so does gdb and gcc. will this bug hurt
them ?
Paul Mackerras wrote:
> Richard Henderson pointed out that the powerpc __futex_atomic_op has a
> bug: it will write the wrong value if the stwcx. fails and it has to
> retry the lwarx/stwcx. loop, since 'oparg' will have been overwritten
> by the result from the first time around the loop. This happens
> because it uses the same register for 'oparg' (an input) as it uses
> for the result.
>
> This fixes it by using separate registers for 'oparg' and 'ret'.
>
> Cc: stable@kernel.org
> Signed-off-by: Paul Mackerras <paulus@samba.org>
> ---
> Can anyone see any reason why the FUTEX_OP_SET case can't just do a
> __put_user?
>
> diff --git a/arch/powerpc/include/asm/futex.h b/arch/powerpc/include/asm/futex.h
> index 6d406c5..9696cc3 100644
> --- a/arch/powerpc/include/asm/futex.h
> +++ b/arch/powerpc/include/asm/futex.h
> @@ -27,7 +27,7 @@
> PPC_LONG "1b,4b,2b,4b\n" \
> ".previous" \
> : "=&r" (oldval), "=&r" (ret) \
> - : "b" (uaddr), "i" (-EFAULT), "1" (oparg) \
> + : "b" (uaddr), "i" (-EFAULT), "r" (oparg) \
> : "cr0", "memory")
>
> static inline int futex_atomic_op_inuser (int encoded_op, int __user *uaddr)
> @@ -47,19 +47,19 @@ static inline int futex_atomic_op_inuser (int encoded_op, int __user *uaddr)
>
> switch (op) {
> case FUTEX_OP_SET:
> - __futex_atomic_op("", ret, oldval, uaddr, oparg);
> + __futex_atomic_op("mr %1,%4\n", ret, oldval, uaddr, oparg);
> break;
> case FUTEX_OP_ADD:
> - __futex_atomic_op("add %1,%0,%1\n", ret, oldval, uaddr, oparg);
> + __futex_atomic_op("add %1,%0,%4\n", ret, oldval, uaddr, oparg);
> break;
> case FUTEX_OP_OR:
> - __futex_atomic_op("or %1,%0,%1\n", ret, oldval, uaddr, oparg);
> + __futex_atomic_op("or %1,%0,%4\n", ret, oldval, uaddr, oparg);
> break;
> case FUTEX_OP_ANDN:
> - __futex_atomic_op("andc %1,%0,%1\n", ret, oldval, uaddr, oparg);
> + __futex_atomic_op("andc %1,%0,%4\n", ret, oldval, uaddr, oparg);
> break;
> case FUTEX_OP_XOR:
> - __futex_atomic_op("xor %1,%0,%1\n", ret, oldval, uaddr, oparg);
> + __futex_atomic_op("xor %1,%0,%4\n", ret, oldval, uaddr, oparg);
> break;
> default:
> ret = -ENOSYS;
> _______________________________________________
> Linuxppc-dev mailing list
> Linuxppc-dev@ozlabs.org
> https://ozlabs.org/mailman/listinfo/linuxppc-dev
>
prev parent reply other threads:[~2009-04-15 7:32 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-04-14 0:09 [PATCH] powerpc: Fix bug in __futex_atomic_op Paul Mackerras
2009-04-14 16:17 ` Richard Henderson
2009-04-15 7:26 ` Norbert van Bolhuis [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=49E58C10.4080100@aimvalley.nl \
--to=nvbolhuis@aimvalley.nl \
--cc=linuxppc-dev@ozlabs.org \
--cc=paulus@samba.org \
--cc=rth@twiddle.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.