From mboxrd@z Thu Jan 1 00:00:00 1970 From: Peter Zijlstra Subject: Re: [RFC PATCH] lib: Introduce generic __cmpxchg_u64() and use it where needed Date: Thu, 1 Nov 2018 17:32:12 +0100 Message-ID: <20181101163212.GF3159@hirez.programming.kicks-ass.net> References: <1541015538-11382-1-git-send-email-linux@roeck-us.net> <20181031213240.zhh7dfcm47ucuyfl@pburton-laptop> <20181031220253.GA15505@roeck-us.net> <20181031233235.qbedw3pinxcuk7me@pburton-laptop> <4e2438a23d2edf03368950a72ec058d1d299c32e.camel@hammerspace.com> <20181101131846.biyilr2msonljmij@lakrids.cambridge.arm.com> <20181101145926.GE3178@hirez.programming.kicks-ass.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: "mark.rutland@arm.com" , "linux-kernel@vger.kernel.org" , "ralf@linux-mips.org" , "jlayton@kernel.org" , "linuxppc-dev@lists.ozlabs.org" , "bfields@fieldses.org" , "linux-mips@linux-mips.org" , "linux@roeck-us.net" , "linux-nfs@vger.kernel.org" , "akpm@linux-foundation.org" , "will.deacon@arm.com" , "boqun.feng@gmail.com" , "paul.burton@mips.com" , "anna.schumaker@netapp.com" , "jhogan@kernel.org" , "netdev@vger.ke To: Trond Myklebust Return-path: Received: from bombadil.infradead.org ([198.137.202.133]:41986 "EHLO bombadil.infradead.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726042AbeKBBi5 (ORCPT ); Thu, 1 Nov 2018 21:38:57 -0400 Content-Disposition: inline In-Reply-To: Sender: netdev-owner@vger.kernel.org List-ID: On Thu, Nov 01, 2018 at 03:22:15PM +0000, Trond Myklebust wrote: > On Thu, 2018-11-01 at 15:59 +0100, Peter Zijlstra wrote: > > On Thu, Nov 01, 2018 at 01:18:46PM +0000, Mark Rutland wrote: > > > > My one question (and the reason why I went with cmpxchg() in the > > > > first place) would be about the overflow behaviour for > > > > atomic_fetch_inc() and friends. I believe those functions should > > > > be OK on x86, so that when we overflow the counter, it behaves > > > > like an unsigned value and wraps back around. Is that the case > > > > for all architectures? > > > > > > > > i.e. are atomic_t/atomic64_t always guaranteed to behave like > > > > u32/u64 on increment? > > > > > > > > I could not find any documentation that explicitly stated that > > > > they should. > > > > > > Peter, Will, I understand that the atomic_t/atomic64_t ops are > > > required to wrap per 2's-complement. IIUC the refcount code relies > > > on this. > > > > > > Can you confirm? > > > > There is quite a bit of core code that hard assumes 2s-complement. > > Not only for atomics but for any signed integer type. Also see the > > kernel using -fno-strict-overflow which implies -fwrapv, which > > defines signed overflow to behave like 2s-complement (and rids us of > > that particular UB). > > Fair enough, but there have also been bugfixes to explicitly fix unsafe > C standards assumptions for signed integers. See, for instance commit > 5a581b367b5d "jiffies: Avoid undefined behavior from signed overflow" > from Paul McKenney. Yes, I feel Paul has been to too many C/C++ committee meetings and got properly paranoid. Which isn't always a bad thing :-) But for us using -fno-strict-overflow which actually defines signed overflow, I myself am really not worried. I'm also not sure if KASAN has been taught about this, or if it will still (incorrectly) warn about UB for signed types. > Anyhow, if the atomic maintainers are willing to stand up and state for > the record that the atomic counters are guaranteed to wrap modulo 2^n > just like unsigned integers, then I'm happy to take Paul's patch. I myself am certainly relying on it.