From: Peter Zijlstra <peterz@infradead.org>
To: Ingo Molnar <mingo@kernel.org>
Cc: "Linus Torvalds" <torvalds@linux-foundation.org>,
"Linux Kernel Mailing List" <linux-kernel@vger.kernel.org>,
"Frédéric Weisbecker" <fweisbec@gmail.com>,
"Thomas Gleixner" <tglx@linutronix.de>,
"Andrew Morton" <akpm@linux-foundation.org>
Subject: Re: [PATCH] atomic: Fix bugs in 'fetch_or()' and rename it to 'xchg_or()'
Date: Tue, 15 Mar 2016 12:59:20 +0100 [thread overview]
Message-ID: <20160315115920.GW6344@twins.programming.kicks-ass.net> (raw)
In-Reply-To: <20160315093245.GA7943@gmail.com>
On Tue, Mar 15, 2016 at 10:32:45AM +0100, Ingo Molnar wrote:
> +#ifndef xchg_or
> +# define xchg_or(ptr, mask) \
> +({ \
> + typeof(ptr) __ptr = (ptr); \
> + typeof(mask) __mask = (mask); \
> + \
> + typeof(*(__ptr)) __old, __val = *__ptr; \
> + \
> for (;;) { \
> + __old = cmpxchg(__ptr, __val, __val | __mask); \
> if (__old == __val) \
> break; \
> __val = __old; \
> } \
> + \
> __old; \
> })
As reported by you this explodes, and it obvious from the generated asm
why:
48e1: 89 c2 mov %eax,%edx
48e3: 41 89 d0 mov %edx,%r8d
48e6: 31 c9 xor %ecx,%ecx
48e8: 89 d0 mov %edx,%eax
48ea: 41 83 c8 08 or $0x8,%r8d
48ee: f0 44 0f b1 01 lock cmpxchg %r8d,(%rcx)
48f3: 39 c2 cmp %eax,%edx
48f5: 75 ea jne 48e1 <resched_curr+0x31>
That's an unconditional NULL deref.
What happens is that __ptr from xchg_or() aliasses with __ptr from
cmpxchg() and weird stuff happens.
If you do: s/__ptr/_ptr/ or similar on the xchg_or() code it all works
again.
next prev parent reply other threads:[~2016-03-15 12:22 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-03-14 12:32 [GIT PULL] NOHZ updates for v4.6 Ingo Molnar
2016-03-15 2:44 ` Linus Torvalds
2016-03-15 8:42 ` Peter Zijlstra
2016-03-15 9:49 ` Ingo Molnar
2016-03-15 9:32 ` [PATCH] atomic: Fix bugs in 'fetch_or()' and rename it to 'xchg_or()' Ingo Molnar
2016-03-15 10:50 ` Peter Zijlstra
2016-03-15 12:08 ` Ingo Molnar
2016-03-15 12:42 ` Peter Zijlstra
2016-03-15 11:06 ` Peter Zijlstra
2016-03-15 11:59 ` Peter Zijlstra [this message]
2016-03-15 12:01 ` Ingo Molnar
2016-03-15 12:32 ` Ingo Molnar
2016-03-15 12:37 ` Ingo Molnar
2016-03-15 13:17 ` Peter Zijlstra
2016-03-15 12:21 ` [PATCH v2] " Ingo Molnar
2016-03-15 13:26 ` Peter Zijlstra
2016-03-16 8:04 ` Ingo Molnar
2016-03-16 8:29 ` Peter Zijlstra
2016-03-15 17:08 ` Frederic Weisbecker
2016-03-16 8:14 ` Ingo Molnar
2016-03-17 0:54 ` Frederic Weisbecker
2016-03-15 16:18 ` [PATCH] " Linus Torvalds
2016-03-15 9:53 ` [PATCH] nohz: Change tick_dep_mask from 'unsigned long' to 'unsigned int' Ingo Molnar
2016-03-15 12:15 ` Ingo Molnar
2016-03-15 16:30 ` Linus Torvalds
2016-03-15 17:28 ` Frederic Weisbecker
2016-03-15 17:36 ` Linus Torvalds
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160315115920.GW6344@twins.programming.kicks-ass.net \
--to=peterz@infradead.org \
--cc=akpm@linux-foundation.org \
--cc=fweisbec@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@kernel.org \
--cc=tglx@linutronix.de \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox