From: Christian Borntraeger <borntraeger@de.ibm.com>
To: Linus Torvalds <torvalds@linux-foundation.org>,
Peter Zijlstra <peterz@infradead.org>
Cc: Will Deacon <will.deacon@arm.com>,
Stephen Rothwell <sfr@canb.auug.org.au>,
Thomas Gleixner <tglx@linutronix.de>, Ingo Molnar <mingo@elte.hu>,
"H. Peter Anvin" <hpa@zytor.com>,
"linux-next@vger.kernel.org" <linux-next@vger.kernel.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
Davidlohr Bueso <dave@stgolabs.net>,
Paul McKenney <paulmck@linux.vnet.ibm.com>
Subject: Re: linux-next: build warnings after merge of the access_once tree
Date: Thu, 26 Mar 2015 18:24:21 +0100 [thread overview]
Message-ID: <551440C5.8040104@de.ibm.com> (raw)
In-Reply-To: <CA+55aFyLTc72-xTkjugVSMb3EQq=+__UcFe28agu086xf9d6ZA@mail.gmail.com>
Am 26.03.2015 um 17:15 schrieb Linus Torvalds:
> On Thu, Mar 26, 2015 at 7:22 AM, Peter Zijlstra <peterz@infradead.org> wrote:
>>
>> So we can either just remove the READ_ONCE(), or replace it with a
>> leading barrier() call just to be on the paranoid side of things.
>
> NOOO!
>
>> Any preferences?
>
> Not a preference: a _requirement_.
>
> Get rid of the f*cking size checks etc on READ_ONCE() and friends.
Oh I just added that check back then because some guy named
Linus suggested something like that ;-)
--- snip ---
(Btw, it's not just aggregate types, even non-aggregate types like
"long long" are not necessarily safe, to give the same 64-bit on
x86-32 example. So adding an assert that it's smaller or equal in size
to a "long" might also not be unreasonable)
--- snip ---
https://www.marc.info/?l=linux-kernel&m=141565366209769&w=1
I am fine with Peters patch :-)
Christian
>
> They are about - wait for it - "reading a value once".
>
> Note how it doesn't say ANYTHING about "atomic" or anything like that.
> It's about reading *ONCE*.
>
>> Something like so, but with a sensible comment I suppose.
>
> Hell f*cking no. The "something like so" is huge and utter crap,
> because the barrier is on the wrong side.
>
>> - old.lock_count = READ_ONCE(lockref->lock_count); \
>> + barrier(); \
>> + old.lock_count = lockref->lock_count; \
>> while (likely(arch_spin_value_unlocked(old.lock.rlock.raw_lock))) { \
>> struct lockref new = old, prev = old; \
>
> The WHOLE point of the READ_ONCE (formerly ACCESS_ONCE) is that it
> tells the compiler that it cannot reload the value.
>
> Notice how it is *not* about atomicitiy. The compiler can read the
> value in fifteen pieces, randomly mixing one bit or five. Nobody
> cares.
>
> But the important thing is that ONCE IT IS READ, it is never read
> again. That's the "once" part.
>
> Why is that important? It's important because we have to absolutely
> guartantee that the value we *test* is the same value we use later.
> That's a common concern with mutable variables, and is the only reason
> for READ_ONCE() in the first place.
>
> The whole atomicity etc crap was just that - crap. It was never about
> atomicitiy. It was about the compiler not reloading values.
>
> So no. No barriers. No "removal of READ_ONCE". Just get rid of the
> broken "sanity" checks in the READ_ONCE implementation that are just
> pure garbage.
>
> The checks in ACCESS_ONCE() were because apparently gcc got things
> wrong - dropping the volatile - for aggregate types. They were never
> supposed to be about atomicity, even if there clearly was some
> confusion about that.
>
> Really. Just get rid of the checks - they were wrong. They were
> clearly very close to *introducing* a bug, rather than fixing anything
> at all.
>
> Linus
>
next prev parent reply other threads:[~2015-03-26 17:24 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-03-26 8:31 linux-next: build warnings after merge of the access_once tree Stephen Rothwell
2015-03-26 10:11 ` Christian Borntraeger
2015-03-26 10:34 ` Peter Zijlstra
2015-03-26 13:27 ` Will Deacon
2015-03-26 14:22 ` Peter Zijlstra
2015-03-26 14:41 ` Will Deacon
2015-03-26 14:51 ` Peter Zijlstra
2015-03-26 15:08 ` Will Deacon
2015-03-26 16:15 ` Linus Torvalds
2015-03-26 16:21 ` Linus Torvalds
2015-03-26 16:36 ` Peter Zijlstra
2015-03-26 16:44 ` Peter Zijlstra
2015-03-26 16:45 ` Peter Zijlstra
[not found] ` <CA+55aFw1WHJqSj+z-mJGY-kxrg_OsGp9jK9VBi+wB4zPgCkv_w@mail.gmail.com>
2015-03-26 17:07 ` Peter Zijlstra
2015-03-26 17:17 ` Will Deacon
2015-03-26 17:23 ` Christian Borntraeger
2015-03-26 19:42 ` Christian Borntraeger
2015-03-26 16:28 ` Peter Zijlstra
[not found] ` <CA+55aFzUPPSHakwbp-Y-SaXB+o1=V6rOknz7L3AYNXNPU1MSfg@mail.gmail.com>
2015-03-26 17:12 ` Paul E. McKenney
2015-03-26 17:24 ` Christian Borntraeger [this message]
2015-03-26 17:52 ` Linus Torvalds
2015-03-26 18:54 ` Christian Borntraeger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=551440C5.8040104@de.ibm.com \
--to=borntraeger@de.ibm.com \
--cc=dave@stgolabs.net \
--cc=hpa@zytor.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-next@vger.kernel.org \
--cc=mingo@elte.hu \
--cc=paulmck@linux.vnet.ibm.com \
--cc=peterz@infradead.org \
--cc=sfr@canb.auug.org.au \
--cc=tglx@linutronix.de \
--cc=torvalds@linux-foundation.org \
--cc=will.deacon@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).