1. 07 8月, 2014 2 次提交
    • J
      ./Makefile: tell gcc optimizer to never introduce new data races · 69102311
      Jiri Kosina 提交于
      We have been chasing a memory corruption bug, which turned out to be
      caused by very old gcc (4.3.4), which happily turned conditional load
      into a non-conditional one, and that broke correctness (the condition
      was met only if lock was held) and corrupted memory.
      
      This particular problem with that particular code did not happen when
      never gccs were used.  I've brought this up with our gcc folks, as I
      wanted to make sure that this can't really happen again, and it turns
      out it actually can.
      
      Quoting Martin Jambor <mjambor@suse.cz>:
       "More current GCCs are more careful when it comes to replacing a
        conditional load with a non-conditional one, most notably they check
        that a store happens in each iteration of _a_ loop but they assume
        loops are executed.  They also perform a simple check whether the
        store cannot trap which currently passes only for non-const
        variables.  A simple testcase demonstrating it on an x86_64 is for
        example the following:
      
        $ cat cond_store.c
      
        int g_1 = 1;
      
        int g_2[1024] __attribute__((section ("safe_section"), aligned (4096)));
      
        int c = 4;
      
        int __attribute__ ((noinline))
        foo (void)
        {
          int l;
          for (l = 0; (l != 4); l++) {
            if (g_1)
              return l;
            for (g_2[0] = 0; (g_2[0] >= 26); ++g_2[0])
              ;
          }
          return 2;
        }
      
        int main (int argc, char* argv[])
        {
          if (mprotect (g_2, sizeof(g_2), PROT_READ) == -1)
            {
              int e = errno;
              error (e, e, "mprotect error %i", e);
            }
          foo ();
          __builtin_printf("OK\n");
          return 0;
        }
        /* EOF */
        $ ~/gcc/trunk/inst/bin/gcc cond_store.c -O2 --param allow-store-data-races=0
        $ ./a.out
        OK
        $ ~/gcc/trunk/inst/bin/gcc cond_store.c -O2 --param allow-store-data-races=1
        $ ./a.out
        Segmentation fault
      
        The testcase fails the same at least with 4.9, 4.8 and 4.7.  Therefore
        I would suggest building kernels with this parameter set to zero. I
        also agree with Jikos that the default should be changed for -O2.  I
        have run most of the SPEC 2k6 CPU benchmarks (gamess and dealII
        failed, at -O2, not sure why) compiled with and without this option
        and did not see any real difference between respective run-times"
      
      Hopefully the default will be changed in newer gccs, but let's force it
      for kernel builds so that we are on a safe side even when older gcc are
      used.
      
      The code in question was out-of-tree printk-in-NMI (yeah, surprise
      suprise, once again) patch written by Petr Mladek, let me quote his
      comment from our internal bugzilla:
      
       "I have spent few days investigating inconsistent state of kernel ring buffer.
        It went out that it was caused by speculative store generated by
        gcc-4.3.4.
      
        The problem is in assembly generated for make_free_space(). The functions is
        called the following way:
      
        + vprintk_emit();
            + log = MAIN_LOG; // with logbuf_lock
               or
               log = NMI_LOG; // with nmi_logbuf_lock
               cont_add(log, ...);
                + cont_flush(log, ...);
                    + log_store(log, ...);
                          + log_make_free_space(log, ...);
      
        If called with log = NMI_LOG then only nmi_log_* global variables are safe to
        modify but the generated code does store also into (main_)log_* global
        variables:
      
        <log_make_free_space>:
               55                      push   %rbp
               89 f6                   mov    %esi,%esi
      
               48 8b 05 03 99 51 01    mov    0x1519903(%rip),%rax       # ffffffff82620868 <nmi_log_next_id>
               44 8b 1d ec 98 51 01    mov    0x15198ec(%rip),%r11d      # ffffffff82620858 <log_next_idx>
               8b 35 36 60 14 01       mov    0x1146036(%rip),%esi       # ffffffff8224cfa8 <log_buf_len>
               44 8b 35 33 60 14 01    mov    0x1146033(%rip),%r14d      # ffffffff8224cfac <nmi_log_buf_len>
               4c 8b 2d d0 98 51 01    mov    0x15198d0(%rip),%r13       # ffffffff82620850 <log_next_seq>
               4c 8b 25 11 61 14 01    mov    0x1146111(%rip),%r12       # ffffffff8224d098 <log_buf>
               49 89 c2                mov    %rax,%r10
               48 21 c2                and    %rax,%rdx
               48 8b 1d 0c 99 55 01    mov    0x155990c(%rip),%rbx       # ffffffff826608a0 <nmi_log_buf>
               49 c1 ea 20             shr    $0x20,%r10
               48 89 55 d0             mov    %rdx,-0x30(%rbp)
               44 29 de                sub    %r11d,%esi
               45 29 d6                sub    %r10d,%r14d
               4c 8b 0d 97 98 51 01    mov    0x1519897(%rip),%r9	# ffffffff82620840 <log_first_seq>
               eb 7e                   jmp    ffffffff81107029	<log_make_free_space+0xe9>
        [...]
               85 ff                   test   %edi,%edi                  # edi = 1 for NMI_LOG
               4c 89 e8                mov    %r13,%rax
               4c 89 ca                mov    %r9,%rdx
               74 0a                   je     ffffffff8110703d	<log_make_free_space+0xfd>
               8b 15 27 98 51 01       mov    0x1519827(%rip),%edx       # ffffffff82620860 <nmi_log_first_id>
               48 8b 45 d0             mov    -0x30(%rbp),%rax
               48 39 c2                cmp    %rax,%rdx                  # end of loop
               0f 84 da 00 00 00       je     ffffffff81107120 <log_make_free_space+0x1e0>
        [...]
               85 ff                   test   %edi,%edi                  # edi = 1 for NMI_LOG
               4c 89 0d 17 97 51 01    mov    %r9,0x1519717(%rip)        # ffffffff82620840 <log_first_seq>
                                       ^^^^^^^^^^^^^^^^^^^^^^^^^^
                                       KABOOOM
               74 35                   je     ffffffff81107160		 <log_make_free_space+0x220>
      
        It stores log_first_seq when edi == NMI_LOG. This instructions are used also
        when edi == MAIN_LOG but the store is done speculatively before the condition
        is decided.  It is unsafe because we do not have "logbuf_lock" in NMI context
        and some other process migh modify "log_first_seq" in parallel"
      
      I believe that the best course of action is both
      
       - building kernel (and anything multi-threaded, I guess) with that
         optimization turned off
       - persuade gcc folks to change the default for future releases
      Signed-off-by: NJiri Kosina <jkosina@suse.cz>
      Cc: Martin Jambor <mjambor@suse.cz>
      Cc: Petr Mladek <pmladek@suse.cz>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Marek Polacek <polacek@redhat.com>
      Cc: Jakub Jelinek <jakub@redhat.com>
      Cc: Steven Noonan <steven@uplinklabs.net>
      Cc: Richard Biener <richard.guenther@gmail.com>
      Cc: Dan Carpenter <dan.carpenter@oracle.com>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      69102311
    • K
      ./Makefile: explain stack-protector-strong CONFIG logic · 1332429b
      Kees Cook 提交于
      This adds a hopefully helpful comment above the (seemingly weird) compiler
      flag selection logic.
      Signed-off-by: NKees Cook <keescook@chromium.org>
      Suggested-by: NAndrew Morton <akpm@linux-foundation.org>
      Cc: Andi Kleen <ak@linux.intel.com>
      Cc: Randy Dunlap <rdunlap@infradead.org>
      Cc: Michal Marek <mmarek@suse.cz>
      Cc: Michal Hocko <mhocko@suse.cz>
      Cc: Stephen Rothwell <sfr@canb.auug.org.au>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      1332429b
  2. 04 8月, 2014 1 次提交
  3. 28 7月, 2014 1 次提交
  4. 27 7月, 2014 1 次提交
    • L
      Fix gcc-4.9.0 miscompilation of load_balance() in scheduler · 2062afb4
      Linus Torvalds 提交于
      Michel Dänzer and a couple of other people reported inexplicable random
      oopses in the scheduler, and the cause turns out to be gcc mis-compiling
      the load_balance() function when debugging is enabled.  The gcc bug
      apparently goes back to gcc-4.5, but slight optimization changes means
      that it now showed up as a problem in 4.9.0 and 4.9.1.
      
      The instruction scheduling problem causes gcc to schedule a spill
      operation to before the stack frame has been created, which in turn can
      corrupt the spilled value if an interrupt comes in.  There may be other
      effects of this bug too, but that's the code generation problem seen in
      Michel's case.
      
      This is fixed in current gcc HEAD, but the workaround as suggested by
      Markus Trippelsdorf is pretty simple: use -fno-var-tracking-assignments
      when compiling the kernel, which disables the gcc code that causes the
      problem.  This can result in slightly worse debug information for
      variable accesses, but that is infinitely preferable to actual code
      generation problems.
      
      Doing this unconditionally (not just for CONFIG_DEBUG_INFO) also allows
      non-debug builds to verify that the debug build would be identical: we
      can do
      
          export GCC_COMPARE_DEBUG=1
      
      to make gcc internally verify that the result of the build is
      independent of the "-g" flag (it will make the compiler build everything
      twice, toggling the debug flag, and compare the results).
      
      Without the "-fno-var-tracking-assignments" option, the build would fail
      (even with 4.8.3 that didn't show the actual stack frame bug) with a gcc
      compare failure.
      
      See also gcc bugzilla:
      
        https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61801Reported-by: NMichel Dänzer <michel@daenzer.net>
      Suggested-by: NMarkus Trippelsdorf <markus@trippelsdorf.de>
      Cc: Jakub Jelinek <jakub@redhat.com>
      Cc: stable@kernel.org
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      2062afb4
  5. 21 7月, 2014 1 次提交
  6. 14 7月, 2014 1 次提交
  7. 07 7月, 2014 1 次提交
  8. 05 7月, 2014 1 次提交
    • M
      kbuild: Fix packaging targets with relative $(srctree) · c79624c1
      Michal Marek 提交于
      All other users of Makefile.build set $(obj) to the name of the
      subdirectory to build. Do the same for the packaging targets, otherwise
      the build fails if $(srctree) is a relative directory:
      
          $ make O=build tar-pkg
          make[1]: Entering directory `/home/mmarek/linux-2.6/build'
            CHK     include/config/kernel.release
          ../scripts/Makefile.build:44: ../../scripts/package/Makefile: No such file or directory
          make[2]: *** No rule to make target `../../scripts/package/Makefile'.  Stop.
      
      Fixes: 9da0763b ("kbuild: Use relative path when building in a subdir of the source tree")
      Signed-off-by: NMichal Marek <mmarek@suse.cz>
      c79624c1
  9. 04 7月, 2014 1 次提交
  10. 03 7月, 2014 1 次提交
  11. 30 6月, 2014 1 次提交
  12. 22 6月, 2014 1 次提交
  13. 16 6月, 2014 1 次提交
  14. 10 6月, 2014 3 次提交
  15. 09 6月, 2014 1 次提交
  16. 08 6月, 2014 1 次提交
  17. 02 6月, 2014 1 次提交
  18. 26 5月, 2014 1 次提交
  19. 22 5月, 2014 1 次提交
  20. 15 5月, 2014 3 次提交
  21. 10 5月, 2014 1 次提交
  22. 05 5月, 2014 1 次提交
  23. 30 4月, 2014 3 次提交
  24. 28 4月, 2014 1 次提交
  25. 21 4月, 2014 1 次提交
  26. 17 4月, 2014 1 次提交
  27. 14 4月, 2014 1 次提交
  28. 10 4月, 2014 1 次提交
  29. 08 4月, 2014 1 次提交
    • J
      scripts: objdiff: detect object code changes between two commits · 79192ca8
      Jason Cooper 提交于
      objdiff is useful when doing large code cleanups.  For example, when
      removing checkpatch warnings and errors from new drivers in the staging
      tree.
      
      objdiff can be used in conjunction with a git rebase to confirm that
      each commit made no changes to the resulting object code.  It has the
      same return values as diff(1).
      
      This was written specifically to support adding the skein and threefish
      cryto drivers to the staging tree.  I needed a programmatic way to
      confirm that commits changing >90% of the lines didn't inadvertently
      change the code.
      
      Temporary files (objdump output) are stored in
      
        /path/to/linux/.tmp_objdiff
      
      'make mrproper' will remove this directory.
      Signed-off-by: NJason Cooper <jason@lakedaemon.net>
      Signed-off-by: NMichal Marek <mmarek@suse.cz>
      79192ca8
  30. 01 4月, 2014 2 次提交
  31. 31 3月, 2014 1 次提交
  32. 30 3月, 2014 1 次提交
    • P
      kbuild: unconditionally clobber include/linux/version.h on distclean · 9c8cdb71
      Paul Gortmaker 提交于
      As of v3.7, the UAPI changes relocated headers around such that the
      kernel version header lived in a new place.
      
      If a person is bisecting and if you go back to pre-UAPI days,
      you will create an include/linux/version.h  -- then if you checkout a
      post-UAPI kernel, and even run "make distclean" it still won't delete
      that old version file.  So you get a situation like this:
      
      $ grep -R LINUX_VERSION_CODE include/
      include/generated/uapi/linux/version.h:#define LINUX_VERSION_CODE 200192
      include/linux/version.h:#define LINUX_VERSION_CODE 132646
      
      The value in that second line is representative of a v2.6.38 version.
      And it will be sourced/used, hence leading to strange behaviours, such
      as drivers/staging content (which typically hasn't been purged of version
      ifdefs) failing to build.
      
      Since it is a subtle mode of failure, lets always clobber the old
      file when doing a distclean.
      Signed-off-by: NPaul Gortmaker <paul.gortmaker@windriver.com>
      Acked-by: NDavid Howells <dhowells@redhat.com>
      Signed-off-by: NMichal Marek <mmarek@suse.cz>
      9c8cdb71