27 lines
1.0 KiB
Diff
27 lines
1.0 KiB
Diff
|
diff -Nrup a/include/linux-i386/sysdep.h b/include/linux-i386/sysdep.h
|
||
|
|
--- a/include/linux-i386/sysdep.h 2019-10-03 20:00:29.000000000 -0600
|
||
|
|
+++ b/include/linux-i386/sysdep.h 2020-10-19 16:10:45.680585173 -0600
|
||
|
|
@@ -139,12 +139,18 @@ static __inline__ uint32_t ips_cmpxchg(v
|
||
|
|
uint32_t old_val, uint32_t new_val)
|
||
|
|
{
|
||
|
|
uint32_t prev;
|
||
|
|
- struct xchg_dummy {
|
||
|
|
- uint32_t a[100];
|
||
|
|
- };
|
||
|
|
|
||
|
|
+ /* This code used to cast PTR to a type which was an array of 100
|
||
|
|
+ uint32_t objects. That makes no sense as the cmpxchgl's side
|
||
|
|
+ effect can be covered by an single int.
|
||
|
|
+
|
||
|
|
+ The semantics of GCC's ASMs for memory is that it clobbers the
|
||
|
|
+ whole pointed-to object. Thus analyzers saw a 100 uint32_t sized
|
||
|
|
+ store which triggers diagnostics for out of bounds array writes.
|
||
|
|
+
|
||
|
|
+ The cast to the dummy type has been removed. */
|
||
|
|
asm volatile (LOCK_PREFIX "cmpxchgl %1,%2" : "=a"(prev)
|
||
|
|
- : "q"(new_val), "m"(*(struct xchg_dummy *)ptr), "0"(old_val)
|
||
|
|
+ : "q"(new_val), "m"(*ptr), "0"(old_val)
|
||
|
|
: "memory");
|
||
|
|
|
||
|
|
return prev;
|