From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from e06smtp16.uk.ibm.com ([195.75.94.112]:48500 "EHLO e06smtp16.uk.ibm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754985AbcC3QeD (ORCPT ); Wed, 30 Mar 2016 12:34:03 -0400 Received: from localhost by e06smtp16.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Wed, 30 Mar 2016 17:34:00 +0100 Received: from b06cxnps3075.portsmouth.uk.ibm.com (d06relay10.portsmouth.uk.ibm.com [9.149.109.195]) by d06dlp03.portsmouth.uk.ibm.com (Postfix) with ESMTP id 27BA61B08061 for ; Wed, 30 Mar 2016 17:34:33 +0100 (BST) Received: from d06av09.portsmouth.uk.ibm.com (d06av09.portsmouth.uk.ibm.com [9.149.37.250]) by b06cxnps3075.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id u2UGXv5W54329454 for ; Wed, 30 Mar 2016 16:33:57 GMT Received: from d06av09.portsmouth.uk.ibm.com (localhost [127.0.0.1]) by d06av09.portsmouth.uk.ibm.com (8.14.4/8.14.4/NCO v10.0 AVout) with ESMTP id u2UGXvoM013987 for ; Wed, 30 Mar 2016 10:33:57 -0600 Subject: Re: [patch added to 3.12-stable] kernel: Provide READ_ONCE and ASSIGN_ONCE To: Jiri Slaby , stable@vger.kernel.org References: <1459347922-14737-1-git-send-email-jslaby@suse.cz> <1459347922-14737-5-git-send-email-jslaby@suse.cz> From: Christian Borntraeger Message-ID: <56FBFFF4.50607@de.ibm.com> Date: Wed, 30 Mar 2016 18:33:56 +0200 MIME-Version: 1.0 In-Reply-To: <1459347922-14737-5-git-send-email-jslaby@suse.cz> Content-Type: text/plain; charset=iso-8859-15 Content-Transfer-Encoding: 7bit Sender: stable-owner@vger.kernel.org List-ID: On 03/30/2016 04:25 PM, Jiri Slaby wrote: > From: Christian Borntraeger > > This patch has been added to the 3.12 stable tree. If you have any > objections, please let us know. > > =============== > > commit 230fa253df6352af12ad0a16128760b5cb3f92df upstream. > > ACCESS_ONCE does not work reliably on non-scalar types. For > example gcc 4.6 and 4.7 might remove the volatile tag for such > accesses during the SRA (scalar replacement of aggregates) step > https://gcc.gnu.org/bugzilla/show_bug.cgi?id=58145) > > Let's provide READ_ONCE/ASSIGN_ONCE that will do all accesses via > scalar types as suggested by Linus Torvalds. Accesses larger than > the machines word size cannot be guaranteed to be atomic. These > macros will use memcpy and emit a build warning. > > Signed-off-by: Christian Borntraeger > Signed-off-by: Jiri Slaby There have been several followup patches (e.g. 43239cbe79fc ("kernel: Change ASSIGN_ONCE(val, x) to WRITE_ONCE(x, val)") 7bd3e239d6c6d ("locking: Remove atomicy checks from {READ,WRITE}_ONCE") and others. I think this patch should not go alone. > --- > include/linux/compiler.h | 74 ++++++++++++++++++++++++++++++++++++++++++++++++ > 1 file changed, 74 insertions(+) > > diff --git a/include/linux/compiler.h b/include/linux/compiler.h > index 19a199414bd0..237063adbe1b 100644 > --- a/include/linux/compiler.h > +++ b/include/linux/compiler.h > @@ -179,6 +179,80 @@ void ftrace_likely_update(struct ftrace_branch_data *f, int val, int expect); > # define __UNIQUE_ID(prefix) __PASTE(__PASTE(__UNIQUE_ID_, prefix), __LINE__) > #endif > > +#include > + > +static __always_inline void data_access_exceeds_word_size(void) > +#ifdef __compiletime_warning > +__compiletime_warning("data access exceeds word size and won't be atomic") > +#endif > +; > + > +static __always_inline void data_access_exceeds_word_size(void) > +{ > +} > + > +static __always_inline void __read_once_size(volatile void *p, void *res, int size) > +{ > + switch (size) { > + case 1: *(__u8 *)res = *(volatile __u8 *)p; break; > + case 2: *(__u16 *)res = *(volatile __u16 *)p; break; > + case 4: *(__u32 *)res = *(volatile __u32 *)p; break; > +#ifdef CONFIG_64BIT > + case 8: *(__u64 *)res = *(volatile __u64 *)p; break; > +#endif > + default: > + barrier(); > + __builtin_memcpy((void *)res, (const void *)p, size); > + data_access_exceeds_word_size(); > + barrier(); > + } > +} > + > +static __always_inline void __assign_once_size(volatile void *p, void *res, int size) > +{ > + switch (size) { > + case 1: *(volatile __u8 *)p = *(__u8 *)res; break; > + case 2: *(volatile __u16 *)p = *(__u16 *)res; break; > + case 4: *(volatile __u32 *)p = *(__u32 *)res; break; > +#ifdef CONFIG_64BIT > + case 8: *(volatile __u64 *)p = *(__u64 *)res; break; > +#endif > + default: > + barrier(); > + __builtin_memcpy((void *)p, (const void *)res, size); > + data_access_exceeds_word_size(); > + barrier(); > + } > +} > + > +/* > + * Prevent the compiler from merging or refetching reads or writes. The > + * compiler is also forbidden from reordering successive instances of > + * READ_ONCE, ASSIGN_ONCE and ACCESS_ONCE (see below), but only when the > + * compiler is aware of some particular ordering. One way to make the > + * compiler aware of ordering is to put the two invocations of READ_ONCE, > + * ASSIGN_ONCE or ACCESS_ONCE() in different C statements. > + * > + * In contrast to ACCESS_ONCE these two macros will also work on aggregate > + * data types like structs or unions. If the size of the accessed data > + * type exceeds the word size of the machine (e.g., 32 bits or 64 bits) > + * READ_ONCE() and ASSIGN_ONCE() will fall back to memcpy and print a > + * compile-time warning. > + * > + * Their two major use cases are: (1) Mediating communication between > + * process-level code and irq/NMI handlers, all running on the same CPU, > + * and (2) Ensuring that the compiler does not fold, spindle, or otherwise > + * mutilate accesses that either do not require ordering or that interact > + * with an explicit memory barrier or atomic instruction that provides the > + * required ordering. > + */ > + > +#define READ_ONCE(x) \ > + ({ typeof(x) __val; __read_once_size(&x, &__val, sizeof(__val)); __val; }) > + > +#define ASSIGN_ONCE(val, x) \ > + ({ typeof(x) __val; __val = val; __assign_once_size(&x, &__val, sizeof(__val)); __val; }) > + > #endif /* __KERNEL__ */ > > #endif /* __ASSEMBLY__ */ >