From: "Paul E. McKenney" <paulmck@linux.vnet.ibm.com>
To: linux-kernel@vger.kernel.org
Cc: mingo@kernel.org, laijs@cn.fujitsu.com, dipankar@in.ibm.com,
akpm@linux-foundation.org, mathieu.desnoyers@efficios.com,
josh@joshtriplett.org, niv@us.ibm.com, tglx@linutronix.de,
peterz@infradead.org, rostedt@goodmis.org, dhowells@redhat.com,
edumazet@google.com, darren@dvhart.com, fweisbec@gmail.com,
sbw@mit.edu, "Paul E. McKenney" <paulmck@linux.vnet.ibm.com>
Subject: [PATCH tip/core/rcu 13/14] rcu: Make rcu_assign_pointer's assignment volatile and type-safe
Date: Fri, 15 Nov 2013 16:40:16 -0800 [thread overview]
Message-ID: <1384562417-817-13-git-send-email-paulmck@linux.vnet.ibm.com> (raw)
In-Reply-To: <1384562417-817-1-git-send-email-paulmck@linux.vnet.ibm.com>
From: Josh Triplett <josh@joshtriplett.org>
rcu_assign_pointer needs to use ACCESS_ONCE to make the assignment to
the destination pointer volatile, to protect against compilers too
clever for their own good.
In addition, since rcu_assign_pointer force-casts the source pointer to
add the __rcu address space (overriding any existing address space), add
an explicit check that the source pointer has the __kernel address space
to start with.
This new check produces warnings like this, when attempting to assign
from a __user pointer:
test.c:25:9: warning: incorrect type in argument 2 (different address spaces)
test.c:25:9: expected struct foo *<noident>
test.c:25:9: got struct foo [noderef] <asn:1>*badsrc
Signed-off-by: Josh Triplett <josh@joshtriplett.org>
Signed-off-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
---
include/linux/rcupdate.h | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/include/linux/rcupdate.h b/include/linux/rcupdate.h
index 00ad28168ef0..08c961fa7699 100644
--- a/include/linux/rcupdate.h
+++ b/include/linux/rcupdate.h
@@ -506,8 +506,17 @@ static inline void rcu_preempt_sleep_check(void)
#ifdef __CHECKER__
#define rcu_dereference_sparse(p, space) \
((void)(((typeof(*p) space *)p) == p))
+/* The dummy first argument in __rcu_assign_pointer_typecheck makes the
+ * typechecked pointer the second argument, matching rcu_assign_pointer itself;
+ * this avoids confusion about argument numbers in warning messages. */
+#define __rcu_assign_pointer_check_kernel(v) \
+ do { \
+ extern void __rcu_assign_pointer_typecheck(int, typeof(*(v)) __kernel *); \
+ __rcu_assign_pointer_typecheck(0, v); \
+ } while (0)
#else /* #ifdef __CHECKER__ */
#define rcu_dereference_sparse(p, space)
+#define __rcu_assign_pointer_check_kernel(v) do { } while (0)
#endif /* #else #ifdef __CHECKER__ */
#define __rcu_access_pointer(p, space) \
@@ -551,7 +560,8 @@ static inline void rcu_preempt_sleep_check(void)
#define __rcu_assign_pointer(p, v, space) \
do { \
smp_wmb(); \
- (p) = (typeof(*v) __force space *)(v); \
+ __rcu_assign_pointer_check_kernel(v); \
+ ACCESS_ONCE(p) = (typeof(*(v)) __force space *)(v); \
} while (0)
--
1.8.1.5
next prev parent reply other threads:[~2013-11-16 0:45 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-11-16 0:39 [PATCH tip/core/rcu 0/14] sparse improvements of rcu_assign_pointer() for 3.14 Paul E. McKenney
2013-11-16 0:40 ` [PATCH tip/core/rcu 01/14] rcu: Add comment on evaluate-once properties of rcu_assign_pointer() Paul E. McKenney
2013-11-16 0:40 ` [PATCH tip/core/rcu 02/14] notifiers: Apply ACCESS_ONCE() to avoid sparse false positive Paul E. McKenney
2013-11-16 0:40 ` [PATCH tip/core/rcu 03/14] bridge: " Paul E. McKenney
2013-11-16 0:40 ` [PATCH tip/core/rcu 04/14] decnet: " Paul E. McKenney
2013-11-16 0:40 ` [PATCH tip/core/rcu 05/14] ipv4/ip_socketglue: " Paul E. McKenney
2013-11-16 0:40 ` [PATCH tip/core/rcu 06/14] ipv6/ip6_tunnel: " Paul E. McKenney
2013-11-16 0:40 ` [PATCH tip/core/rcu 07/14] ipv6/ip6_gre: " Paul E. McKenney
2013-11-16 0:40 ` [PATCH tip/core/rcu 08/14] ipv6/sit: " Paul E. McKenney
2013-11-16 0:40 ` [PATCH tip/core/rcu 09/14] mac80211: " Paul E. McKenney
2013-11-16 0:40 ` [PATCH tip/core/rcu 10/14] bridge/br_mdb: " Paul E. McKenney
2013-11-16 0:40 ` [PATCH tip/core/rcu 11/14] bonding/bond_main: " Paul E. McKenney
2013-11-16 4:32 ` Ding Tianhong
2013-11-16 15:21 ` Paul E. McKenney
2013-11-16 0:40 ` [PATCH tip/core/rcu 12/14] bonding/bond_alb.c: " Paul E. McKenney
2013-11-16 0:40 ` Paul E. McKenney [this message]
2013-11-16 0:40 ` [PATCH tip/core/rcu 14/14] rcu: Add an RCU_INITIALIZER for global RCU-protected pointers Paul E. McKenney
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1384562417-817-13-git-send-email-paulmck@linux.vnet.ibm.com \
--to=paulmck@linux.vnet.ibm.com \
--cc=akpm@linux-foundation.org \
--cc=darren@dvhart.com \
--cc=dhowells@redhat.com \
--cc=dipankar@in.ibm.com \
--cc=edumazet@google.com \
--cc=fweisbec@gmail.com \
--cc=josh@joshtriplett.org \
--cc=laijs@cn.fujitsu.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mathieu.desnoyers@efficios.com \
--cc=mingo@kernel.org \
--cc=niv@us.ibm.com \
--cc=peterz@infradead.org \
--cc=rostedt@goodmis.org \
--cc=sbw@mit.edu \
--cc=tglx@linutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).