[BUG] in i386 semaphores.

From: Aleksey Gorelov
Date: Mon Oct 18 2004 - 11:12:03 EST

Next message: Andi Kleen: "Re: [PATCH] allow kernel compile with native ppc64 compiler"
Previous message: Christoph Lameter: "Re: page fault scalability patch V10: [2/7] defer/omit takingpage_table_lock"
Next in thread: Richard B. Johnson: "Re: [BUG] in i386 semaphores."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi.

I sent this yesterday, but seems like it missed the list somehow :

There are several assembly 'helpers' in arch/i386/semaphore.c, for
example, __up_wakeup. __up_wakeup's purpose is to call C function:
asmlinkage void __up(struct semaphore *sem)

this is how it does it:

pushl %eax
pushl %edx
pushl %ecx
call __up
popl %ecx
popl %edx
popl %eax

As one can see, actual parameter in %ecx is not only being copied in
formal parameter sem (which is correct), but also being restored from it
after function call via %ecx (which is incorrect). Since formal
parameter is not a constant one, it may be overwritten inside C
function, or gcc may (and in fact does that in some cases) use it for
something else.
If we want to keep %ecx, correct behavior would be

pushl %ecx
pushl %ecx
call _up
add $4, %ecx
popl %ecx

Above applies for other functions in semaphore.c in latest 2.6 kernels.
2.4 might also be affected.

Thanks,
Aleks.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Andi Kleen: "Re: [PATCH] allow kernel compile with native ppc64 compiler"
Previous message: Christoph Lameter: "Re: page fault scalability patch V10: [2/7] defer/omit takingpage_table_lock"
Next in thread: Richard B. Johnson: "Re: [BUG] in i386 semaphores."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]