Re: [PATCH] driver core: fix shutdown races with probe/remove

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: "Paul E. McKenney" <paulmck@linux.vnet.ibm.com>
To: Alan Stern <stern@rowland.harvard.edu>
Cc: Ming Lei <ming.lei@canonical.com>,
	Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	USB list <linux-usb@vger.kernel.org>,
	Kernel development list <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH] driver core: fix shutdown races with probe/remove
Date: Wed, 6 Jun 2012 08:55:15 -0700	[thread overview]
Message-ID: <20120606155515.GM19601@linux.vnet.ibm.com> (raw)
In-Reply-To: <Pine.LNX.4.44L0.1206061143170.1788-100000@iolanthe.rowland.org>

On Wed, Jun 06, 2012 at 11:44:50AM -0400, Alan Stern wrote:
> On Wed, 6 Jun 2012, Paul E. McKenney wrote:
> 
> > > That just seems wrong.  By the same reasoning, the compiler is within 
> > > its rights to transform either the original code or the code using 
> > > ACCESS_ONCE into:
> > > 
> > > 	b = 999;
> > > 	if (a)
> > > 		b = 9;
> > > 	else
> > > 		b = 42;
> > > 
> > > and again, other code would be confused.  The simple fact is that 
> > > SMP-safe code is not likely to be produced by a compiler that assumes 
> > > everything is single-threaded.
> > 
> > If you use ACCESS_ONCE(), the compiler is prohibited from inserting
> > the "b = 999".
> 
> What prohibits it?

The compiler cannot move a volatile access across a sequence point, for
example, across a statement boundary.

That said, yes, there might be code preceding the "if" that allowed the
spurious store to "b" to be generated.  And the compiler would definitely
be permitted to do something like this:

	tmp = ACCESS_ONCE(a);
	b = 999;
	if (tmp)
		b = 9;
	else
		b = 42;

I am having some difficulty coming up with a reasonable rationale for
this transformation, but it might happen if there was a variable "c"
adjacent to "b" in memory that was accessed after the "if" statement.

> >  If you don't use ACCESS_ONCE(), the compiler really
> > is permitted to insert the "b = 999".  So, why would the compiler do
> > such a thing?  One possible reason would be from optimizations using
> > large registers to hold multiple values.  A store from such a register
> > could clobber unrelated variables, but as long as the compiler fixes
> > up the clobbering after the fact, it is within its rights to do so.
> > 
> > The sad fact is that the C standard really does permit the compiler
> > to assume that it is generating sequential code.
> 
> Compiling the kernel requires quite a few extensions to the C standard.  
> Assumptions about generating sequential code may well be among them.

Yep.  We are making do with gcc extensions for the moment, imperfect though
they are.

							Thanx, Paul

next prev parent reply	other threads:[~2012-06-06 15:57 UTC|newest]

Thread overview: 21+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-06-05  8:59 [PATCH] driver core: fix shutdown races with probe/remove Ming Lei
2012-06-05  9:18 ` Greg Kroah-Hartman
2012-06-05  9:38   ` Ming Lei
2012-06-05 14:47 ` Alan Stern
2012-06-05 15:17   ` Ming Lei
2012-06-05 17:09     ` Alan Stern
2012-06-05 20:21       ` Greg Kroah-Hartman
2012-06-05 20:44         ` Alan Stern
2012-06-06  2:27       ` Ming Lei
2012-06-06 13:42         ` Paul E. McKenney
2012-06-06 15:21           ` Alan Stern
2012-06-06 15:48             ` Paul E. McKenney
2012-06-06 16:05               ` Alan Stern
2012-06-06 16:24                 ` Paul E. McKenney
2012-06-06 14:44         ` Alan Stern
2012-06-06 15:14           ` Paul E. McKenney
2012-06-06 15:44             ` Alan Stern
2012-06-06 15:55               ` Paul E. McKenney [this message]
2012-06-06 16:58                 ` Alan Stern
2012-06-06 23:24                   ` Paul E. McKenney
2012-06-07  9:30           ` Ming Lei

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20120606155515.GM19601@linux.vnet.ibm.com \
    --to=paulmck@linux.vnet.ibm.com \
    --cc=gregkh@linuxfoundation.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-usb@vger.kernel.org \
    --cc=ming.lei@canonical.com \
    --cc=stern@rowland.harvard.edu \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox