Received: by 2002:a25:e7d8:0:0:0:0:0 with SMTP id e207csp690047ybh; Tue, 10 Mar 2020 06:32:06 -0700 (PDT) X-Google-Smtp-Source: ADFU+vskEYHT+FL5l7gA+CnGf/VcbqOFtoh9W7iPwBtn4PUkzmADaLoWo8BpvSQ/Nq5sO6mlor0q X-Received: by 2002:a9d:7cda:: with SMTP id r26mr5365776otn.64.1583847126388; Tue, 10 Mar 2020 06:32:06 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1583847126; cv=none; d=google.com; s=arc-20160816; b=xbsHqjL3mMIyoPp9bUFrCnv5vEwrfS6r+2WPfShlGoP1GmchmuVugYfbfJ2M6Lyf94 rE9MXMDNwPlq7RSIvf5SBtB0JjGGFMEmU9TEwfU2Wd5QSDN7QVsx2Bs23nBgux42Qv9I /EjH0esZNBSvAU0eu88NdbBMZs6EPMNAJ3tBwFy24FqDhkLKzIhGbDYOCR+py+Q/lVU+ bRrAvisxXfpxuL4tmlmtNN1agGPk5UrLEEAOn3XqYwkiJSrO0rvP0qvkwB8CUd955W2p JX18dD0wEXBNVmNMiwKfu8S8CG7SPA1eFlD+jfawaLHRxRchBosG1Fx4wsW6ub8mZWIT 4KUA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:reply-to:message-id :subject:cc:to:from:date:dkim-signature; bh=8vQznfeXtaWyMOYTehkyBqaDvm/usDEwLJq624cDI9Y=; b=FyCjJ/pnL3FlLATz/VR2NoPR66e0XEUQqnf1AikvTXQ4sWMCmMPCKJEBalaT1S5A6V ueIgUkwcChYvqWoCIEIF55svqcomM/qSHkEuDAZJbDm4M8HFCU+eKy0rf0lg8LOHlSx9 zEXZHsNBaaGDX410xpEmlnll3xKPKT3zznxgq0tpYZQI9iIIUvYjUX96qVIXJrU3N18U 90xaazgS/Gn7DDetn1YgRDATj5u0ymqZy/JaqYqP2dt2sOfRMaj/39Sx6tQtIgZf3LQm gYmKgapTCjyGc4hgGjAwspe8wa/DUEtlLEeWwvz8rQGDlhs2uNqlLqKQeUlaMFs0be0s fLaw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=LxJaWEYO; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id t24si8087202oth.319.2020.03.10.06.31.54; Tue, 10 Mar 2020 06:32:06 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=LxJaWEYO; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728665AbgCJMuj (ORCPT + 99 others); Tue, 10 Mar 2020 08:50:39 -0400 Received: from mail.kernel.org ([198.145.29.99]:55262 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728368AbgCJMuc (ORCPT ); Tue, 10 Mar 2020 08:50:32 -0400 Received: from paulmck-ThinkPad-P72.home (50-39-105-78.bvtn.or.frontiernet.net [50.39.105.78]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id AA3A12468D; Tue, 10 Mar 2020 12:50:31 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1583844631; bh=4nXPnykUsacARlS2dVosm+pERhdkOACkmujynfGKPDc=; h=Date:From:To:Cc:Subject:Reply-To:References:In-Reply-To:From; b=LxJaWEYOLamJTgK85rUm0S/gisC6gK1qb5rPeeF4ZttSvr+VX0xdaDonSnclURJVU Oy2hFi/tprPB5V1gzSnp2yfjyegJUdbpT81qPOYJlhED/knyJfBTC/PU3PI7ZVMup4 dhN3oqm5xBXAa4kcjPbXcmCra5t10+x/VnV3oK6c= Received: by paulmck-ThinkPad-P72.home (Postfix, from userid 1000) id 5558E35226CF; Tue, 10 Mar 2020 05:50:31 -0700 (PDT) Date: Tue, 10 Mar 2020 05:50:31 -0700 From: "Paul E. McKenney" To: David Laight Cc: 'Chris Wilson' , "linux-kernel@vger.kernel.org" , "intel-gfx@lists.freedesktop.org" , Andrew Morton , Randy Dunlap , "stable@vger.kernel.org" , elver@google.com Subject: Re: [PATCH] list: Prevent compiler reloads inside 'safe' list iteration Message-ID: <20200310125031.GY2935@paulmck-ThinkPad-P72> Reply-To: paulmck@kernel.org References: <20200310092119.14965-1-chris@chris-wilson.co.uk> <2e936d8fd2c445beb08e6dd3ee1f3891@AcuMS.aculab.com> <158384100886.16414.15741589015363013386@build.alporthouse.com> <723d527a4ad349b78bf11d52eba97c0e@AcuMS.aculab.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <723d527a4ad349b78bf11d52eba97c0e@AcuMS.aculab.com> User-Agent: Mutt/1.9.4 (2018-02-28) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Mar 10, 2020 at 12:23:34PM +0000, David Laight wrote: > From: Chris Wilson > > Sent: 10 March 2020 11:50 > > > > Quoting David Laight (2020-03-10 11:36:41) > > > From: Chris Wilson > > > > Sent: 10 March 2020 09:21 > > > > Instruct the compiler to read the next element in the list iteration > > > > once, and that it is not allowed to reload the value from the stale > > > > element later. This is important as during the course of the safe > > > > iteration, the stale element may be poisoned (unbeknownst to the > > > > compiler). > > > > > > Eh? > > > I thought any function call will stop the compiler being allowed > > > to reload the value. > > > The 'safe' loop iterators are only 'safe' against called > > > code removing the current item from the list. > > > > > > > This helps prevent kcsan warnings over 'unsafe' conduct in releasing the > > > > list elements during list_for_each_entry_safe() and friends. > > > > > > Sounds like kcsan is buggy ???? Adding Marco on CC for his thoughts. > > The warning kcsan gave made sense (a strange case where the emptying the > > list from inside the safe iterator would allow that list to be taken > > under a global mutex and have one extra request added to it. The > > list_for_each_entry_safe() should be ok in this scenario, so long as the > > next element is read before this element is dropped, and the compiler is > > instructed not to reload the element. > > Normally the loop iteration code has to hold the mutex. > I guess it can be released inside the loop provided no other > code can ever delete entries. > > > kcsan is a little more insistent on having that annotation :) > > > > In this instance I would say it was a false positive from kcsan, but I > > can see why it would complain and suspect that given a sufficiently > > aggressive compiler, we may be caught out by a late reload of the next > > element. > > If you have: > for (; p; p = next) { > next = p->next; > external_function_call(void); > } > the compiler must assume that the function call > can change 'p->next' and read it before the call. That "must assume" is a statement of current compiler technology. Given the progress over the past forty years, I would not expect this restriction to hold forever. Yes, we can and probably will get the compiler implementers to give us command-line flags to suppress global analysis. But given the progress in compilers that I have seen over the past 4+ decades, I would expect that the day will come when we won't want to be using those command-line flags. But if you want to ignore KCSAN's warnings, you are free to do so. > Is this a list with strange locking rules? > The only deletes are from within the loop. > Adds and deletes are locked. > The list traversal isn't locked. > > I suspect kcsan bleats because it doesn't assume the compiler > will use a single instruction/memory operation to read p->next. > That is just stupid. Heh! If I am still around, I will ask you for your evaluation of the above statement in 40 years. Actually, 10 years will likely suffice. ;-) Thanx, Paul