From: Ingo Molnar <mingo@kernel.org>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: "Linux Kernel Mailing List" <linux-kernel@vger.kernel.org>,
"Frédéric Weisbecker" <fweisbec@gmail.com>,
"Thomas Gleixner" <tglx@linutronix.de>,
"Peter Zijlstra" <a.p.zijlstra@chello.nl>,
"Andrew Morton" <akpm@linux-foundation.org>
Subject: Re: [PATCH] atomic: Fix bugs in 'fetch_or()' and rename it to 'xchg_or()'
Date: Tue, 15 Mar 2016 13:01:47 +0100 [thread overview]
Message-ID: <20160315120147.GA9742@gmail.com> (raw)
In-Reply-To: <20160315093245.GA7943@gmail.com>
* Ingo Molnar <mingo@kernel.org> wrote:
> Subject: [PATCH] atomic: Fix bugs in 'fetch_or()' and rename it to 'xchg_or()'
>
> Linus noticed a couple of problems with the fetch_or() implementation introduced
> by 5fd7a09cfb8c ("atomic: Export fetch_or()"):
>
> - Sloppy macro implementation: 'mask' and 'ptr' is evaluated multiple times,
> which will break if arguments have side effects.
So this shiny new patch manages to crash the x86 kernel with a NULL pointer
dereference:
[ 0.143027] BUG: unable to handle kernel NULL pointer dereference at (null)
[ 0.144000] IP: [<ffffffff8107c64c>] resched_curr+0x3c/0xc0
GCC manages to turn this:
static bool set_nr_and_not_polling(struct task_struct *p)
{
struct thread_info *ti = task_thread_info(p);
return !(xchg_or(&ti->flags, _TIF_NEED_RESCHED) & _TIF_POLLING_NRFLAG);
}
and this:
> /**
> + * xchg_or - perform *ptr |= mask atomically and return old value of *ptr
> + * @ptr: pointer to value (cmpxchg() compatible integer pointer type)
> * @mask: mask to OR on the value
> *
> + * cmpxchg() based, it's a macro so it works for different integer types.
> */
> +#ifndef xchg_or
> +# define xchg_or(ptr, mask) \
> +({ \
> + typeof(ptr) __ptr = (ptr); \
> + typeof(mask) __mask = (mask); \
> + \
> + typeof(*(__ptr)) __old, __val = *__ptr; \
> + \
> for (;;) { \
> + __old = cmpxchg(__ptr, __val, __val | __mask); \
> if (__old == __val) \
> break; \
> __val = __old; \
> } \
> + \
> __old; \
> })
into:
41c1: 89 c2 mov %eax,%edx
41c3: 89 d6 mov %edx,%esi
41c5: 31 c9 xor %ecx,%ecx
41c7: 89 d0 mov %edx,%eax
41c9: 83 ce 08 or $0x8,%esi
41cc: f0 0f b1 31 lock cmpxchg %esi,(%rcx)
note the RCX zeroing via XOR...
The original, working sequence is:
41c4: 89 c2 mov %eax,%edx
41c6: 89 d6 mov %edx,%esi
41c8: 89 d0 mov %edx,%eax
41ca: 83 ce 08 or $0x8,%esi
41cd: f0 0f b1 31 lock cmpxchg %esi,(%rcx)
The change that makes the difference is the 'ptr' part of:
> + __old = cmpxchg(__ptr, __val, __val | __mask); \
This variant works:
> + __old = cmpxchg((ptr), __val, __val | __mask); \
After a lot of staring PeterZ realized that __ptr aliases with the x86 cmpxchg()
macro-jungle's __ptr name!!
So if I do a s/__ptr/_ptr it all works...
But IMHO this really highlights a fundamental weakness of all this macro magic,
it's all way too fragile.
Why don't we introduce a boring family of APIs:
cmpxchg_8()
cmpxchg_16()
cmpxchg_32()
cmpxchg_64()
xchg_or_32()
xchg_or_64()
...
... with none of this pesky auto-typing property and none of the
macro-inside-a-macro crap? We could do clean types and would write them all in
proper C, not fragile CPP.
It's not like we migrate between the types all that frequently - and even if we
do, it's trivial.
hm?
Thanks,
Ingo
next prev parent reply other threads:[~2016-03-15 12:02 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-03-14 12:32 [GIT PULL] NOHZ updates for v4.6 Ingo Molnar
2016-03-15 2:44 ` Linus Torvalds
2016-03-15 8:42 ` Peter Zijlstra
2016-03-15 9:49 ` Ingo Molnar
2016-03-15 9:32 ` [PATCH] atomic: Fix bugs in 'fetch_or()' and rename it to 'xchg_or()' Ingo Molnar
2016-03-15 10:50 ` Peter Zijlstra
2016-03-15 12:08 ` Ingo Molnar
2016-03-15 12:42 ` Peter Zijlstra
2016-03-15 11:06 ` Peter Zijlstra
2016-03-15 11:59 ` Peter Zijlstra
2016-03-15 12:01 ` Ingo Molnar [this message]
2016-03-15 12:32 ` Ingo Molnar
2016-03-15 12:37 ` Ingo Molnar
2016-03-15 13:17 ` Peter Zijlstra
2016-03-15 12:21 ` [PATCH v2] " Ingo Molnar
2016-03-15 13:26 ` Peter Zijlstra
2016-03-16 8:04 ` Ingo Molnar
2016-03-16 8:29 ` Peter Zijlstra
2016-03-15 17:08 ` Frederic Weisbecker
2016-03-16 8:14 ` Ingo Molnar
2016-03-17 0:54 ` Frederic Weisbecker
2016-03-15 16:18 ` [PATCH] " Linus Torvalds
2016-03-15 9:53 ` [PATCH] nohz: Change tick_dep_mask from 'unsigned long' to 'unsigned int' Ingo Molnar
2016-03-15 12:15 ` Ingo Molnar
2016-03-15 16:30 ` Linus Torvalds
2016-03-15 17:28 ` Frederic Weisbecker
2016-03-15 17:36 ` Linus Torvalds
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160315120147.GA9742@gmail.com \
--to=mingo@kernel.org \
--cc=a.p.zijlstra@chello.nl \
--cc=akpm@linux-foundation.org \
--cc=fweisbec@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=tglx@linutronix.de \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).