From patchwork Sat Jun 25 22:11:12 2011 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jesper Juhl X-Patchwork-Id: 102045 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id CE88AB6F84 for ; Sun, 26 Jun 2011 08:20:35 +1000 (EST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752436Ab1FYWUP (ORCPT ); Sat, 25 Jun 2011 18:20:15 -0400 Received: from swampdragon.chaosbits.net ([90.184.90.115]:18883 "EHLO swampdragon.chaosbits.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751700Ab1FYWUN (ORCPT ); Sat, 25 Jun 2011 18:20:13 -0400 Received: by swampdragon.chaosbits.net (Postfix, from userid 1000) id 195C794051; Sun, 26 Jun 2011 00:11:13 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by swampdragon.chaosbits.net (Postfix) with ESMTP id 11FF99403E; Sun, 26 Jun 2011 00:11:13 +0200 (CEST) Date: Sun, 26 Jun 2011 00:11:12 +0200 (CEST) From: Jesper Juhl To: Arnaldo Carvalho de Melo cc: "David S. Miller" , netdev@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH] net, llc: Avoid undefined behaviour in llc_conn_ac_inc_vr_by_1() Message-ID: User-Agent: Alpine 2.00 (LNX 1167 2008-08-23) MIME-Version: 1.0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Introduce a sequence point (;) between two writes to llc_sk(sk)->vR in net/llc/llc_c_ac.c:llc_conn_ac_inc_vr_by_1() so that the order in which the writes happen become well defined. While the code may work fine now it may break at any time with a different compiler, a new version of current compiler or even just a different optimization level of the current compiler. Much better to clearly express what's intended in a way that guarantees the result. Signed-off-by: Jesper Juhl --- net/llc/llc_c_ac.c | 9 ++++++++- 1 files changed, 8 insertions(+), 1 deletions(-) diff --git a/net/llc/llc_c_ac.c b/net/llc/llc_c_ac.c index ea225bd..e535ca4 100644 --- a/net/llc/llc_c_ac.c +++ b/net/llc/llc_c_ac.c @@ -1296,7 +1296,14 @@ int llc_conn_ac_set_vr_0(struct sock *sk, struct sk_buff *skb) int llc_conn_ac_inc_vr_by_1(struct sock *sk, struct sk_buff *skb) { - llc_sk(sk)->vR = PDU_GET_NEXT_Vr(llc_sk(sk)->vR); + /* Do not consolidate this on one line. Since the PDU_GET_NEXT_Vr + macro increments its argument which is the same as what we are + writing to, then we'll have two writes to the same variable + without an intervening sequence point, which leads to the + situation where we can't really know what gets stored as the + result since the compiler is free to do those in any order. */ + const u8 new_vr = PDU_GET_NEXT_Vr(llc_sk(sk)->vR); + llc_sk(sk)->vR = new_vr; return 0; }