lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 1 Jul 2009 10:20:38 -0700 (PDT)
From:	Linus Torvalds <torvalds@...ux-foundation.org>
To:	David Howells <dhowells@...hat.com>
cc:	mingo@...e.hu, akpm@...ux-foundation.org, paulus@...ba.org,
	arnd@...db.de, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 1/2] FRV: Implement atomic64_t



On Wed, 1 Jul 2009, David Howells wrote:
> +
> +#define ATOMIC64_INIT(i)	{ (i) }
> +#define atomic64_read(v)	((v)->counter)
> +#define atomic64_set(v, i)	(((v)->counter) = (i))

These seem to be buggy.

At least "atomic64_read()" needs to make sure to actually read it 
atomically - otherwise you'll do two 32-bit reads, and that just gets 
crap. Imagine if somebody is adding 1 to 0x00000000ffffffff, and then 
"atomic64_read()" reads it as two accesses in the wrong place, and gets 
either 0, or 0x00000001ffffffff, both of which are totally incorrect.

The case of 'atomic64_set()' is _slightly_ less clear, because I think we 
use it mostly for initializers, so atomicity is often not strictly 
required. But at least on x86, we do guarantee that it sets it atomically 
too.

Btw, Ingo: I looked at the x86-32 versions to be sure, and noticed a 
couple of buglets:

 - atomic64_xchg uses "atomic_read()". Sure, it happens to work, since 
   the "atomic_read()" is not type-safe, and gets a non-atomic 64-bit 
   read, but that looks really really bogus.

   It _should_ use __atomic64_read(), and the 64-bit versions should use a 
   different counter name ("counter64"?) or we should use an inline 
   function for atomic_read(), so that the type safety issue gets fixed.

 - atomic64_read() is being stupid with the whole loop thing. It _should_ 
   just do

	static inline unsigned long long atomic64_read(atomic64_t *ptr)
	{
		unsigned long long old = __atomic64_read(ptr);
		return cmpxchg8b(ptr, old, old);
	}

   and that's it. No loop. cmpxchg8b() will return the right thing.

 - Similarly, atomic64_add_return() is bogus for the same reasons: using 
   the wrong 'atomic_read()', and unnecessarily ignoring the returned old 
   value. It probably should do

	static inline unsigned long long
	atomic64_add_return(unsigned long long delta, atomic64_t *ptr)
	{
		unsigned long long old;

		old = __atomic_read64(ptr);
		for (;;) {
			unsigned long long tmp, new;
			new = old + delta;
			tmp = atomic64_cmpxchg(ptr, old, new);
			if (tmp == old)
				return new;
			old = tmp;
		}
	}

   or something. NOTE NOTE NOTE! Not tested!

Those functions also almost certainly should _not_ be inlined. They need 
so many registers that inlining them is crazy.

			Linus
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ