Re: Memory corruption due to word sharing
From: Alan Cox
Date: Wed Feb 01 2012 - 14:57:22 EST
> So here's basically what the kernel needs:
> - if we don't touch a field, the compiler doesn't touch it.
> This is the rule that gcc now violates with bitfields.
> This is a gcc bug. End of story. The "volatile" example proves it -
> anybody who argues otherwise is simply wrong, and is just trying to
> make excuses.
C historically didn't make this guarantee because a lot of processors
couldn't make it because they didn't have things like byte accessors (In
fact I suspect early ARM cannot make it for example).
Not meeting it for types where you can do is a bit rude however and
really ought to be an option (speed v sanity).
> See above: it's not the "state" that is accessed concurrently. It's
> the code. If you ever try to mark state, you've already lost. The same
> "state" can be atomic or not depending on context. It's not about the
> state or the data structures, and it never will be.
There are optimisation cases - where you can prove access properties are
safe (eg local variables some times) but they should be exactly that -
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/