Re: [PATCH] driver core: fix shutdown races with probe/remove

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "Paul E. McKenney" <paulmck@linux.vnet.ibm.com>
To: Alan Stern <stern@rowland.harvard.edu>
Cc: Ming Lei <ming.lei@canonical.com>,
	Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	USB list <linux-usb@vger.kernel.org>,
	Kernel development list <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH] driver core: fix shutdown races with probe/remove
Date: Wed, 6 Jun 2012 09:24:29 -0700	[thread overview]
Message-ID: <20120606162429.GN19601@linux.vnet.ibm.com> (raw)
In-Reply-To: <Pine.LNX.4.44L0.1206061159020.1788-100000@iolanthe.rowland.org>

On Wed, Jun 06, 2012 at 12:05:08PM -0400, Alan Stern wrote:
> On Wed, 6 Jun 2012, Paul E. McKenney wrote:
> 
> > On Wed, Jun 06, 2012 at 11:21:52AM -0400, Alan Stern wrote:
> > > On Wed, 6 Jun 2012, Paul E. McKenney wrote:
> > > 
> > > > No sane compiler would change it to a byte-at-a-time store, but the
> > > > compiler would nevertheless be within its rights to do so.  And a quick
> > > > review of certain LKML threads could easily cause anyone to question gcc's
> > > > sanity.  Furthermore, the compiler is permitted to make transformations
> > > > like the following, which it might well do to save a branch:
> > > > 
> > > > 	if (b)				a = 0;
> > > > 		a = 1;			if (b)
> > > > 	else					a = 1;
> > > > 		a = 0;
> > > 
> > > The compiler would be forbidden if the original code were
> > > 
> > > 	if (b)
> > > 		ACCESS_ONCE(a) = 1;
> > > 	else
> > > 		ACCESS_ONCE(a) = 0;
> > > 
> > > But if I remember correctly, the code snippet we were talking was more 
> > > like:
> > > 
> > > 	if (ACCESS_ONCE(b))
> > > 		a = 1;
> > > 
> > > Isn't this use of ACCESS_ONCE unnecessary?
> > 
> > That would depend on what else is nearby.
> 
> Here's the relevant part of the original patch:
> 
> @@ -467,6 +473,12 @@ EXPORT_SYMBOL_GPL(driver_attach);
>  static void __device_release_driver(struct device *dev)
>  {
>  	struct device_driver *drv;
> +	int idx;
> +
> +	idx = srcu_read_lock(&driver_srcu);
> +
> +	if (ACCESS_ONCE(device_shutdown_started))
> +		goto exit;
> 
>  	drv = dev->driver;
>  	if (drv) {
> @@ -494,6 +506,8 @@ static void __device_release_driver(struct device *dev)
>  						     dev);
> 
>  	}
> +exit:
> +	srcu_read_unlock(&driver_srcu, idx);
>  }

In this case, the ACCESS_ONCE() prevents the compiler from speculatively
executing the stuff following the "goto exit", which I freely admit is
insane even for compiler writers.  But the documentation benefits still
stand.

> > There are some limitations because volatile accesses are not allowed to
> > move past "sequence points", but it would be possible to come up with
> > similar examples.  This sort of thing is why C1x has a memory model and
> > why it allows variables to be designated as needing to be SMP-safe.
> 
> Almost certainly the kernel won't use this facility.  Or else it will 
> just require that _all_ global variables be SMP-safe.

I will reserve judgment until after I see what effect requiring all
globals to be SMP-safe has on code generation.  ;-)

							Thanx, Paul

next prev parent reply	other threads:[~2012-06-06 16:26 UTC|newest]

Thread overview: 21+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-06-05  8:59 [PATCH] driver core: fix shutdown races with probe/remove Ming Lei
2012-06-05  9:18 ` Greg Kroah-Hartman
2012-06-05  9:38   ` Ming Lei
2012-06-05 14:47 ` Alan Stern
2012-06-05 15:17   ` Ming Lei
2012-06-05 17:09     ` Alan Stern
2012-06-05 20:21       ` Greg Kroah-Hartman
2012-06-05 20:44         ` Alan Stern
2012-06-06  2:27       ` Ming Lei
2012-06-06 13:42         ` Paul E. McKenney
2012-06-06 15:21           ` Alan Stern
2012-06-06 15:48             ` Paul E. McKenney
2012-06-06 16:05               ` Alan Stern
2012-06-06 16:24                 ` Paul E. McKenney [this message]
2012-06-06 14:44         ` Alan Stern
2012-06-06 15:14           ` Paul E. McKenney
2012-06-06 15:44             ` Alan Stern
2012-06-06 15:55               ` Paul E. McKenney
2012-06-06 16:58                 ` Alan Stern
2012-06-06 23:24                   ` Paul E. McKenney
2012-06-07  9:30           ` Ming Lei

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20120606162429.GN19601@linux.vnet.ibm.com \
    --to=paulmck@linux.vnet.ibm.com \
    --cc=gregkh@linuxfoundation.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-usb@vger.kernel.org \
    --cc=ming.lei@canonical.com \
    --cc=stern@rowland.harvard.edu \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.