diff options
| author | Michael Ellerman | 2017-07-11 14:10:54 +0200 |
|---|---|---|
| committer | Michael Ellerman | 2017-07-12 13:49:55 +0200 |
| commit | 01e6a61aceb82e13bec29502a8eb70d9574f97ad (patch) | |
| tree | 02ef53f39e886855fbc54e0a482bbcd46378106b /arch/powerpc/kernel | |
| parent | powerpc: Fix emulation of mfocrf in emulate_step() (diff) | |
| download | kernel-qcow2-linux-01e6a61aceb82e13bec29502a8eb70d9574f97ad.tar.gz kernel-qcow2-linux-01e6a61aceb82e13bec29502a8eb70d9574f97ad.tar.xz kernel-qcow2-linux-01e6a61aceb82e13bec29502a8eb70d9574f97ad.zip | |
powerpc/64: Fix atomic64_inc_not_zero() to return an int
Although it's not documented anywhere, there is an expectation that
atomic64_inc_not_zero() returns a result which fits in an int. This is
the behaviour implemented on all arches except powerpc.
This has caused at least one bug in practice, in the percpu-refcount
code, where the long result from our atomic64_inc_not_zero() was
truncated to an int leading to lost references and stuck systems. That
was worked around in that code in commit 966d2b04e070 ("percpu-refcount:
fix reference leak during percpu-atomic transition").
To the best of my grepping abilities there are no other callers
in-tree which truncate the value, but we should fix it anyway. Because
the breakage is subtle and potentially very harmful I'm also tagging
it for stable.
Code generation is largely unaffected because in most cases the
callers are just using the result for a test anyway. In particular the
case of fget() that was mentioned in commit a6cf7ed5119f
("powerpc/atomic: Implement atomic*_inc_not_zero") generates exactly
the same code.
Fixes: a6cf7ed5119f ("powerpc/atomic: Implement atomic*_inc_not_zero")
Cc: stable@vger.kernel.org # v3.4
Noticed-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Diffstat (limited to 'arch/powerpc/kernel')
0 files changed, 0 insertions, 0 deletions