On Monday, October 28, 2019 7:31:14 PM CET Kangjie Lu wrote:
> "obj" is a local variable. Elements are deep-copied from external
> package to obj and security-checked. The original code is
> seemingly fine; however, compilers optimize the deep copies into
> shallow copies, introducing potential race conditions. For
> example, the checks for type and length may be bypassed.
How exactly?
What compiler(s) do such optimizations in this particular case?
> The fix tells compilers to not optimize the deep copy by inserting
> "volatile".
Have you actually analyzed the object code produced by the compiler with and
without the volatile to determine whether or not it has an effect as expected
on code generation?
> Signed-off-by: Kangjie Lu <kjlu@xxxxxxx>
> ---
> drivers/acpi/processor_throttling.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/acpi/processor_throttling.c b/drivers/acpi/processor_throttling.c
> index 532a1ae3595a..6f4d86f8a9ce 100644
> --- a/drivers/acpi/processor_throttling.c
> +++ b/drivers/acpi/processor_throttling.c
> @@ -413,7 +413,7 @@ static int acpi_processor_get_throttling_control(struct acpi_processor *pr)
> acpi_status status = 0;
> struct acpi_buffer buffer = { ACPI_ALLOCATE_BUFFER, NULL };
> union acpi_object *ptc = NULL;
> - union acpi_object obj = { 0 };
> + volatile union acpi_object obj = { 0 };
> struct acpi_processor_throttling *throttling;
>
> status = acpi_evaluate_object(pr->handle, "_PTC", NULL, &buffer);
>
