The expression
rcu_assign_pointer(p, typeof(p) v)
is reported to be of type 'typeof(p)' in the documentation (c.f., e.g.,
Documentation/RCU/whatisRCU.txt) but this is not the case: for example,
the following snippet
int **y;
int *x;
int *r0;
...
r0 = rcu_assign_pointer(*y, x);
can currently result in the compiler warning
warning: assignment to ‘int *’ from ‘uintptr_t’ {aka ‘long unsigned int’} makes pointer from integer without a cast [-Wint-conversion]
Cast the uintptr_t value to a typeof(p) value.
Signed-off-by: Andrea Parri <[email protected]>
Cc: "Paul E. McKenney" <[email protected]>
Cc: Josh Triplett <[email protected]>
Cc: Steven Rostedt <[email protected]>
Cc: Mathieu Desnoyers <[email protected]>
Cc: Lai Jiangshan <[email protected]>
Cc: Joel Fernandes <[email protected]>
Cc: [email protected]
Cc: Peter Zijlstra <[email protected]>
Cc: Will Deacon <[email protected]>
Cc: Mark Rutland <[email protected]>
---
NOTE:
TBH, I'm not sure this is 'the right patch' (hence the RFC...): in
fact, I'm currently missing the motivations for allowing assignments
such as the "r0 = ..." assignment above in generic code. (BTW, it's
not currently possible to use such assignments in litmus tests...)
The usual concern is, of course, that if something is allowed (read
'compile!' ;/) then people will soon or later use it and they'll do
it in all sorts of 'creative' ways, such as 'to extend dependencies
across rcu_assign_pointer() calls' as in
x = READ_ONCE(*z);
r0 = rcu_assign_pointer(*y, x);
WRITE_ONCE(*w, r0);
Notice that using a 'do { ... } while (0)', say, would prevent such
tricks/rvalues. (The same approach is used by smp_store_release().)
For a related discussion, please see:
https://lkml.kernel.org/r/20190523083013.GA4616@andrea
Thoughts?
Andrea
---
include/linux/rcupdate.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/linux/rcupdate.h b/include/linux/rcupdate.h
index 915460ec08722..b94ba5de78fba 100644
--- a/include/linux/rcupdate.h
+++ b/include/linux/rcupdate.h
@@ -375,7 +375,7 @@ static inline void rcu_preempt_sleep_check(void) { }
WRITE_ONCE((p), (typeof(p))(_r_a_p__v)); \
else \
smp_store_release(&p, RCU_INITIALIZER((typeof(p))_r_a_p__v)); \
- _r_a_p__v; \
+ ((typeof(p))_r_a_p__v); \
})
/**
--
2.7.4
On Thu, May 23, 2019 at 03:32:20PM +0200, Andrea Parri wrote:
> The expression
>
> rcu_assign_pointer(p, typeof(p) v)
>
> is reported to be of type 'typeof(p)' in the documentation (c.f., e.g.,
> Documentation/RCU/whatisRCU.txt) but this is not the case: for example,
> the following snippet
>
> int **y;
> int *x;
> int *r0;
>
> ...
>
> r0 = rcu_assign_pointer(*y, x);
>
> can currently result in the compiler warning
>
> warning: assignment to ‘int *’ from ‘uintptr_t’ {aka ‘long unsigned int’} makes pointer from integer without a cast [-Wint-conversion]
>
> Cast the uintptr_t value to a typeof(p) value.
>
> Signed-off-by: Andrea Parri <[email protected]>
> Cc: "Paul E. McKenney" <[email protected]>
> Cc: Josh Triplett <[email protected]>
> Cc: Steven Rostedt <[email protected]>
> Cc: Mathieu Desnoyers <[email protected]>
> Cc: Lai Jiangshan <[email protected]>
> Cc: Joel Fernandes <[email protected]>
> Cc: [email protected]
> Cc: Peter Zijlstra <[email protected]>
> Cc: Will Deacon <[email protected]>
> Cc: Mark Rutland <[email protected]>
> ---
> NOTE:
>
> TBH, I'm not sure this is 'the right patch' (hence the RFC...): in
> fact, I'm currently missing the motivations for allowing assignments
> such as the "r0 = ..." assignment above in generic code. (BTW, it's
> not currently possible to use such assignments in litmus tests...)
Given that a quick (and perhaps error-prone) search of the uses of
rcu_assign_pointer() in v5.1 didn't find a single use of the return
value, let's please instead change the documentation and implementation
to eliminate the return value.
> The usual concern is, of course, that if something is allowed (read
> 'compile!' ;/) then people will soon or later use it and they'll do
> it in all sorts of 'creative' ways, such as 'to extend dependencies
> across rcu_assign_pointer() calls' as in
>
> x = READ_ONCE(*z);
> r0 = rcu_assign_pointer(*y, x);
> WRITE_ONCE(*w, r0);
>
> Notice that using a 'do { ... } while (0)', say, would prevent such
> tricks/rvalues. (The same approach is used by smp_store_release().)
As you in fact suggest here. ;-)
Thanx, Paul
> For a related discussion, please see:
>
> https://lkml.kernel.org/r/20190523083013.GA4616@andrea
>
> Thoughts?
>
> Andrea
> ---
> include/linux/rcupdate.h | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/include/linux/rcupdate.h b/include/linux/rcupdate.h
> index 915460ec08722..b94ba5de78fba 100644
> --- a/include/linux/rcupdate.h
> +++ b/include/linux/rcupdate.h
> @@ -375,7 +375,7 @@ static inline void rcu_preempt_sleep_check(void) { }
> WRITE_ONCE((p), (typeof(p))(_r_a_p__v)); \
> else \
> smp_store_release(&p, RCU_INITIALIZER((typeof(p))_r_a_p__v)); \
> - _r_a_p__v; \
> + ((typeof(p))_r_a_p__v); \
> })
>
> /**
> --
> 2.7.4
>
On Thu, May 23, 2019 at 06:50:13AM -0700, Paul E. McKenney wrote:
> On Thu, May 23, 2019 at 03:32:20PM +0200, Andrea Parri wrote:
> > The expression
> >
> > rcu_assign_pointer(p, typeof(p) v)
> >
> > is reported to be of type 'typeof(p)' in the documentation (c.f., e.g.,
> > Documentation/RCU/whatisRCU.txt) but this is not the case: for example,
> > the following snippet
> >
> > int **y;
> > int *x;
> > int *r0;
> >
> > ...
> >
> > r0 = rcu_assign_pointer(*y, x);
> >
> > can currently result in the compiler warning
> >
> > warning: assignment to ‘int *’ from ‘uintptr_t’ {aka ‘long unsigned int’} makes pointer from integer without a cast [-Wint-conversion]
> >
> > Cast the uintptr_t value to a typeof(p) value.
> >
> > Signed-off-by: Andrea Parri <[email protected]>
> > Cc: "Paul E. McKenney" <[email protected]>
> > Cc: Josh Triplett <[email protected]>
> > Cc: Steven Rostedt <[email protected]>
> > Cc: Mathieu Desnoyers <[email protected]>
> > Cc: Lai Jiangshan <[email protected]>
> > Cc: Joel Fernandes <[email protected]>
> > Cc: [email protected]
> > Cc: Peter Zijlstra <[email protected]>
> > Cc: Will Deacon <[email protected]>
> > Cc: Mark Rutland <[email protected]>
> > ---
> > NOTE:
> >
> > TBH, I'm not sure this is 'the right patch' (hence the RFC...): in
> > fact, I'm currently missing the motivations for allowing assignments
> > such as the "r0 = ..." assignment above in generic code. (BTW, it's
> > not currently possible to use such assignments in litmus tests...)
>
> Given that a quick (and perhaps error-prone) search of the uses of
> rcu_assign_pointer() in v5.1 didn't find a single use of the return
> value, let's please instead change the documentation and implementation
> to eliminate the return value.
FWIW, I completely agree, and for similar reasons I'd say we should do
the same to WRITE_ONCE(), where this 'cool feature' has been inherited
from.
For WRITE_ONCE() there's at least one user that needs to be cleaned up
first (relying on non-portable implementation detaisl of atomic*_set()),
but I suspect rcu_assign_pointer() isn't used as much as a building
block for low-level macros.
Thanks,
Mark.
> > TBH, I'm not sure this is 'the right patch' (hence the RFC...): in
> > fact, I'm currently missing the motivations for allowing assignments
> > such as the "r0 = ..." assignment above in generic code. (BTW, it's
> > not currently possible to use such assignments in litmus tests...)
>
> Given that a quick (and perhaps error-prone) search of the uses of
> rcu_assign_pointer() in v5.1 didn't find a single use of the return
> value, let's please instead change the documentation and implementation
> to eliminate the return value.
Thanks for the confirmation, Paul; I'll prepare the new patch shortly...
Andrea
> > > TBH, I'm not sure this is 'the right patch' (hence the RFC...): in
> > > fact, I'm currently missing the motivations for allowing assignments
> > > such as the "r0 = ..." assignment above in generic code. (BTW, it's
> > > not currently possible to use such assignments in litmus tests...)
> >
> > Given that a quick (and perhaps error-prone) search of the uses of
> > rcu_assign_pointer() in v5.1 didn't find a single use of the return
> > value, let's please instead change the documentation and implementation
> > to eliminate the return value.
>
> FWIW, I completely agree, and for similar reasons I'd say we should do
> the same to WRITE_ONCE(), where this 'cool feature' has been inherited
> from.
>
> For WRITE_ONCE() there's at least one user that needs to be cleaned up
> first (relying on non-portable implementation detaisl of atomic*_set()),
> but I suspect rcu_assign_pointer() isn't used as much as a building
> block for low-level macros.
Thanks for the confirmation, Mark.
I can look at the WRITE_ONCE() issues (user and implementation); it will
probably be a separate patchset...
Thanks,
Andrea
On Thu, May 23, 2019 at 03:19:19PM +0100, Mark Rutland wrote:
> On Thu, May 23, 2019 at 06:50:13AM -0700, Paul E. McKenney wrote:
> > On Thu, May 23, 2019 at 03:32:20PM +0200, Andrea Parri wrote:
> > > The expression
> > >
> > > rcu_assign_pointer(p, typeof(p) v)
> > >
> > > is reported to be of type 'typeof(p)' in the documentation (c.f., e.g.,
> > > Documentation/RCU/whatisRCU.txt) but this is not the case: for example,
> > > the following snippet
> > >
> > > int **y;
> > > int *x;
> > > int *r0;
> > >
> > > ...
> > >
> > > r0 = rcu_assign_pointer(*y, x);
> > >
> > > can currently result in the compiler warning
> > >
> > > warning: assignment to ‘int *’ from ‘uintptr_t’ {aka ‘long unsigned int’} makes pointer from integer without a cast [-Wint-conversion]
> > >
> > > Cast the uintptr_t value to a typeof(p) value.
> > >
> > > Signed-off-by: Andrea Parri <[email protected]>
> > > Cc: "Paul E. McKenney" <[email protected]>
> > > Cc: Josh Triplett <[email protected]>
> > > Cc: Steven Rostedt <[email protected]>
> > > Cc: Mathieu Desnoyers <[email protected]>
> > > Cc: Lai Jiangshan <[email protected]>
> > > Cc: Joel Fernandes <[email protected]>
> > > Cc: [email protected]
> > > Cc: Peter Zijlstra <[email protected]>
> > > Cc: Will Deacon <[email protected]>
> > > Cc: Mark Rutland <[email protected]>
> > > ---
> > > NOTE:
> > >
> > > TBH, I'm not sure this is 'the right patch' (hence the RFC...): in
> > > fact, I'm currently missing the motivations for allowing assignments
> > > such as the "r0 = ..." assignment above in generic code. (BTW, it's
> > > not currently possible to use such assignments in litmus tests...)
> >
> > Given that a quick (and perhaps error-prone) search of the uses of
> > rcu_assign_pointer() in v5.1 didn't find a single use of the return
> > value, let's please instead change the documentation and implementation
> > to eliminate the return value.
>
> FWIW, I completely agree, and for similar reasons I'd say we should do
> the same to WRITE_ONCE(), where this 'cool feature' has been inherited
> from.
>
> For WRITE_ONCE() there's at least one user that needs to be cleaned up
> first (relying on non-portable implementation detaisl of atomic*_set()),
> but I suspect rcu_assign_pointer() isn't used as much as a building
> block for low-level macros.
Agreed, for rcu_assign_pointer(), there were only a couple, and I checked
them as well. Doesn't mean I didn't miss something, of course!
I also got an offlist report of rcu_assign_pointer() not working for
pointers to incomplete structures. Which can be fixed by removing
the RCU_INITIALIZER() from the second argument of the smp_store_release().
Which destroys sparse's ability to check for __rcu.
One approach would be to have a separate rcu_assign_pointer_opaque()
for opaque pointers, and people would just ignore the sparse warnings.
Other suggestions?
Thanx, Paul