[PATCH] powerpc/64: Fix atomic64_inc_not_zero() to return an int

[PATCH] powerpc/64: Fix atomic64_inc_not_zero() to return an int

[Michael Ellerman]

Although it's not documented anywhere, there is an expectation that
atomic64_inc_not_zero() returns a result which fits in an int. This is
the behaviour implemented on all arches except powerpc.

This has caused at least one bug in practice, in the percpu-refcount
code, where the long result from our atomic64_inc_not_zero() was
truncated to an int leading to lost references and stuck systems. That
was worked around in that code in commit 966d2b04e070 ("percpu-refcount:
fix reference leak during percpu-atomic transition").

To the best of my grepping abilities there are no other callers
in-tree which truncate the value, but we should fix it anyway. Because
the breakage is subtle and potentially very harmful I'm also tagging
it for stable.

Code generation is largely unaffected because in most cases the
callers are just using the result for a test anyway. In particular the
case of fget() that was mentioned in commit a6cf7ed5119f
("powerpc/atomic: Implement atomic*_inc_not_zero") generates exactly
the same code.

Fixes: a6cf7ed5119f ("powerpc/atomic: Implement atomic*_inc_not_zero")
Cc: stable@vger.kernel.org # v3.4
Noticed-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
---
 arch/powerpc/include/asm/atomic.h | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/arch/powerpc/include/asm/atomic.h b/arch/powerpc/include/asm/atomic.h
index 2b90335194a7..a2cc8010cd72 100644
--- a/arch/powerpc/include/asm/atomic.h
+++ b/arch/powerpc/include/asm/atomic.h
@@ -560,7 +560,7 @@ static __inline__ int atomic64_add_unless(atomic64_t *v, long a, long u)
  * Atomically increments @v by 1, so long as @v is non-zero.
  * Returns non-zero if @v was non-zero, and zero otherwise.
  */
-static __inline__ long atomic64_inc_not_zero(atomic64_t *v)
+static __inline__ int atomic64_inc_not_zero(atomic64_t *v)
 {
 	long t1, t2;
 
@@ -579,7 +579,7 @@ static __inline__ long atomic64_inc_not_zero(atomic64_t *v)
 	: "r" (&v->counter)
 	: "cc", "xer", "memory");
 
-	return t1;
+	return t1 != 0;
 }
 
 #endif /* __powerpc64__ */
-- 
2.7.4

Re: powerpc/64: Fix atomic64_inc_not_zero() to return an int

[Michael Ellerman]

On Tue, 2017-07-11 at 12:10:54 UTC, Michael Ellerman wrote:
> Although it's not documented anywhere, there is an expectation that
> atomic64_inc_not_zero() returns a result which fits in an int. This is
> the behaviour implemented on all arches except powerpc.
> 
> This has caused at least one bug in practice, in the percpu-refcount
> code, where the long result from our atomic64_inc_not_zero() was
> truncated to an int leading to lost references and stuck systems. That
> was worked around in that code in commit 966d2b04e070 ("percpu-refcount:
> fix reference leak during percpu-atomic transition").
> 
> To the best of my grepping abilities there are no other callers
> in-tree which truncate the value, but we should fix it anyway. Because
> the breakage is subtle and potentially very harmful I'm also tagging
> it for stable.
> 
> Code generation is largely unaffected because in most cases the
> callers are just using the result for a test anyway. In particular the
> case of fget() that was mentioned in commit a6cf7ed5119f
> ("powerpc/atomic: Implement atomic*_inc_not_zero") generates exactly
> the same code.
> 
> Fixes: a6cf7ed5119f ("powerpc/atomic: Implement atomic*_inc_not_zero")
> Cc: stable@vger.kernel.org # v3.4
> Noticed-by: Linus Torvalds <torvalds@linux-foundation.org>
> Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>

Applied to powerpc fixes.

https://git.kernel.org/powerpc/c/01e6a61aceb82e13bec29502a8eb70

cheers