lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-Id: <20171114225605.GG3624@linux.vnet.ibm.com>
Date:   Tue, 14 Nov 2017 14:56:05 -0800
From:   "Paul E. McKenney" <paulmck@...ux.vnet.ibm.com>
To:     Joe Perches <joe@...ches.com>
Cc:     Mark Rutland <mark.rutland@....com>, linux-kernel@...r.kernel.org,
        Arnaldo Carvalho de Melo <acme@...hat.com>,
        Ingo Molnar <mingo@...hat.com>,
        Peter Zijlstra <peterz@...radead.org>
Subject: Re: [PATCH] perf mmap: Convert ACCESS_ONCE() to READ_ONCE()

On Tue, Nov 14, 2017 at 02:21:56PM -0800, Joe Perches wrote:
> On Tue, 2017-11-14 at 14:08 -0800, Paul E. McKenney wrote:
> > On Tue, Nov 14, 2017 at 10:31:38AM +0000, Mark Rutland wrote:
> > > Recently there was a treewide conversion of ACCESS_ONCE() to
> > > {READ,WRITE}_ONCE(), but a new use was introduced concurrently by
> > > commit:
> > > 
> > >   1695849735752d2a ("perf mmap: Move perf_mmap and methods to separate mmap.[ch] files")
> > > 
> > > Let's convert this over to READ_ONCE() so that we can remove the
> > > ACCESS_ONCE() definitions in subsequent patches.
> > > 
> > > Signed-off-by: Mark Rutland <mark.rutland@....com>
> > > Cc: Arnaldo Carvalho de Melo <acme@...hat.com>
> > > Cc: Ingo Molnar <mingo@...hat.com>
> > > Cc: Paul E. McKenney <paulmck@...ux.vnet.ibm.com>
> > > Cc: Peter Zijlstra <peterz@...radead.org>
> > 
> > Reviewed-by: Paul E. McKenney <paulmck@...ux.vnet.ibm.com>
> > 
> > Woo-hoo!  Good to see that your Coccinelle script has already done
> > its magic!  ;-)
> 
> Might be nice to remove all the other references too

Agreed, and that is exactly what Mark was referring to in his "remove
the ACCESS_ONCE() definitions in subsequent patches".  ;-)

							Thanx, Paul

> $ git grep -w ACCESS_ONCE
> Documentation/RCU/RTFP.txt:     ACCESS_ONCE().
> include/linux/compiler.h: * READ_ONCE, WRITE_ONCE and ACCESS_ONCE (see below), but only when the
> include/linux/compiler.h: * WRITE_ONCE or ACCESS_ONCE() in different C statements.
> include/linux/compiler.h: * In contrast to ACCESS_ONCE these two macros will also work on aggregate
> include/linux/compiler.h: * is also forbidden from reordering successive instances of ACCESS_ONCE(),
> include/linux/compiler.h: * ACCESS_ONCE() in different C statements.
> include/linux/compiler.h: * ACCESS_ONCE will only work on scalar types. For union types, ACCESS_ONCE
> include/linux/compiler.h: * The major use cases of ACCESS_ONCE used to be (1) Mediating communication
> include/linux/compiler.h:#define ACCESS_ONCE(x) (*__ACCESS_ONCE(x))
> scripts/checkpatch.pl:# whine about ACCESS_ONCE
> scripts/checkpatch.pl:                                   "Prefer WRITE_ONCE(<FOO>, <BAR>) over ACCESS_ONCE(<FOO>) = <BAR>\n" . $herecurr) &&
> scripts/checkpatch.pl:                                   "Prefer READ_ONCE(<FOO>) over ACCESS_ONCE(<FOO>)\n" . $herecurr) &&
> tools/include/linux/compiler.h:#define ACCESS_ONCE(x) (*(volatile typeof(x) *)&(x))
> tools/include/linux/compiler.h: * READ_ONCE, WRITE_ONCE and ACCESS_ONCE (see below), but only when the
> tools/include/linux/compiler.h: * WRITE_ONCE or ACCESS_ONCE() in different C statements.
> tools/include/linux/compiler.h: * In contrast to ACCESS_ONCE these two macros will also work on aggregate
> tools/perf/util/mmap.h: u64 head = ACCESS_ONCE(pc->data_head);
> 
> ---
>  include/linux/compiler.h       | 45 ++++++++++--------------------------------
>  scripts/checkpatch.pl          | 22 ---------------------
>  tools/include/linux/compiler.h | 19 ++++++++----------
>  3 files changed, 18 insertions(+), 68 deletions(-)
> 
> diff --git a/include/linux/compiler.h b/include/linux/compiler.h
> index 3672353a0acd..f729154dae9b 100644
> --- a/include/linux/compiler.h
> +++ b/include/linux/compiler.h
> @@ -215,17 +215,17 @@ static __always_inline void __write_once_size(volatile void *p, void *res, int s
>  /*
>   * Prevent the compiler from merging or refetching reads or writes. The
>   * compiler is also forbidden from reordering successive instances of
> - * READ_ONCE, WRITE_ONCE and ACCESS_ONCE (see below), but only when the
> - * compiler is aware of some particular ordering.  One way to make the
> - * compiler aware of ordering is to put the two invocations of READ_ONCE,
> - * WRITE_ONCE or ACCESS_ONCE() in different C statements.
> + * READ_ONCE and WRITE_ONCE (see below), but only when the compiler is
> + * aware of some particular ordering.  One way to make the compiler aware
> + * of ordering is to put the two invocations of READ_ONCE and WRITE_ONCE
> + * in different C statements.
>   *
> - * In contrast to ACCESS_ONCE these two macros will also work on aggregate
> - * data types like structs or unions. If the size of the accessed data
> - * type exceeds the word size of the machine (e.g., 32 bits or 64 bits)
> - * READ_ONCE() and WRITE_ONCE() will fall back to memcpy(). There's at
> - * least two memcpy()s: one for the __builtin_memcpy() and then one for
> - * the macro doing the copy of variable - '__u' allocated on the stack.
> + * These two macros will work on aggregate data types like structs or unions.
> + * If the size of the accessed data type exceeds the word size of the machine
> + * (e.g., 32 bits or 64 bits) READ_ONCE() and WRITE_ONCE() will fall back to
> + * memcpy(). There are at least two memcpy()s: one for the __builtin_memcpy()
> + * and then one for the macro doing the copy of variable - '__u' allocated on
> + * the stack.
>   *
>   * Their two major use cases are: (1) Mediating communication between
>   * process-level code and irq/NMI handlers, all running on the same CPU,
> @@ -322,29 +322,4 @@ static __always_inline void __write_once_size(volatile void *p, void *res, int s
>  	compiletime_assert(__native_word(t),				\
>  		"Need native word sized stores/loads for atomicity.")
> 
> -/*
> - * Prevent the compiler from merging or refetching accesses.  The compiler
> - * is also forbidden from reordering successive instances of ACCESS_ONCE(),
> - * but only when the compiler is aware of some particular ordering.  One way
> - * to make the compiler aware of ordering is to put the two invocations of
> - * ACCESS_ONCE() in different C statements.
> - *
> - * ACCESS_ONCE will only work on scalar types. For union types, ACCESS_ONCE
> - * on a union member will work as long as the size of the member matches the
> - * size of the union and the size is smaller than word size.
> - *
> - * The major use cases of ACCESS_ONCE used to be (1) Mediating communication
> - * between process-level code and irq/NMI handlers, all running on the same CPU,
> - * and (2) Ensuring that the compiler does not  fold, spindle, or otherwise
> - * mutilate accesses that either do not require ordering or that interact
> - * with an explicit memory barrier or atomic instruction that provides the
> - * required ordering.
> - *
> - * If possible use READ_ONCE()/WRITE_ONCE() instead.
> - */
> -#define __ACCESS_ONCE(x) ({ \
> -	 __maybe_unused typeof(x) __var = (__force typeof(x)) 0; \
> -	(volatile typeof(x) *)&(x); })
> -#define ACCESS_ONCE(x) (*__ACCESS_ONCE(x))
> -
>  #endif /* __LINUX_COMPILER_H */
> diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl
> index 8b80bac055e4..fffe1e5895a2 100755
> --- a/scripts/checkpatch.pl
> +++ b/scripts/checkpatch.pl
> @@ -6242,28 +6242,6 @@ sub process {
>  			}
>  		}
> 
> -# whine about ACCESS_ONCE
> -		if ($^V && $^V ge 5.10.0 &&
> -		    $line =~ /\bACCESS_ONCE\s*$balanced_parens\s*(=(?!=))?\s*($FuncArg)?/) {
> -			my $par = $1;
> -			my $eq = $2;
> -			my $fun = $3;
> -			$par =~ s/^\(\s*(.*)\s*\)$/$1/;
> -			if (defined($eq)) {
> -				if (WARN("PREFER_WRITE_ONCE",
> -					 "Prefer WRITE_ONCE(<FOO>, <BAR>) over ACCESS_ONCE(<FOO>) = <BAR>\n" . $herecurr) &&
> -				    $fix) {
> -					$fixed[$fixlinenr] =~ s/\bACCESS_ONCE\s*\(\s*\Q$par\E\s*\)\s*$eq\s*\Q$fun\E/WRITE_ONCE($par, $fun)/;
> -				}
> -			} else {
> -				if (WARN("PREFER_READ_ONCE",
> -					 "Prefer READ_ONCE(<FOO>) over ACCESS_ONCE(<FOO>)\n" . $herecurr) &&
> -				    $fix) {
> -					$fixed[$fixlinenr] =~ s/\bACCESS_ONCE\s*\(\s*\Q$par\E\s*\)/READ_ONCE($par)/;
> -				}
> -			}
> -		}
> -
>  # check for mutex_trylock_recursive usage
>  		if ($line =~ /mutex_trylock_recursive/) {
>  			ERROR("LOCKING",
> diff --git a/tools/include/linux/compiler.h b/tools/include/linux/compiler.h
> index 07fd03c74a77..cb77706af769 100644
> --- a/tools/include/linux/compiler.h
> +++ b/tools/include/linux/compiler.h
> @@ -84,8 +84,6 @@
> 
>  #define uninitialized_var(x) x = *(&(x))
> 
> -#define ACCESS_ONCE(x) (*(volatile typeof(x) *)&(x))
> -
>  #include <linux/types.h>
> 
>  /*
> @@ -135,16 +133,15 @@ static __always_inline void __write_once_size(volatile void *p, void *res, int s
>  /*
>   * Prevent the compiler from merging or refetching reads or writes. The
>   * compiler is also forbidden from reordering successive instances of
> - * READ_ONCE, WRITE_ONCE and ACCESS_ONCE (see below), but only when the
> - * compiler is aware of some particular ordering.  One way to make the
> - * compiler aware of ordering is to put the two invocations of READ_ONCE,
> - * WRITE_ONCE or ACCESS_ONCE() in different C statements.
> + * READ_ONCE and WRITE_ONCE, but only when the compiler is aware of some
> + * particular ordering.  One way to make the compiler aware of ordering is
> + * to put the two invocations of READ_ONCE or WRITE_ONCE in different C
> + * statements.
>   *
> - * In contrast to ACCESS_ONCE these two macros will also work on aggregate
> - * data types like structs or unions. If the size of the accessed data
> - * type exceeds the word size of the machine (e.g., 32 bits or 64 bits)
> - * READ_ONCE() and WRITE_ONCE()  will fall back to memcpy and print a
> - * compile-time warning.
> + * These two macros will also work on aggregate data types like structs or
> + * unions. If the size of the accessed data type exceeds the word size of the
> + * machine (e.g., 32 bits or 64 bits) READ_ONCE() and WRITE_ONCE() will fall
> + * back to memcpy and print a compile-time warning.
>   *
>   * Their two major use cases are: (1) Mediating communication between
>   * process-level code and irq/NMI handlers, all running on the same CPU,
> 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ