| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20190523135013.GL28207@linux.ibm.com>
Date: Thu, 23 May 2019 06:50:13 -0700
From: "Paul E. McKenney" <paulmck@...ux.ibm.com>
To: Andrea Parri <andrea.parri@...rulasolutions.com>
Cc: linux-kernel@...r.kernel.org,
Josh Triplett <josh@...htriplett.org>,
Steven Rostedt <rostedt@...dmis.org>,
Mathieu Desnoyers <mathieu.desnoyers@...icios.com>,
Lai Jiangshan <jiangshanlai@...il.com>,
Joel Fernandes <joel@...lfernandes.org>, rcu@...r.kernel.org,
Peter Zijlstra <peterz@...radead.org>,
Will Deacon <will.deacon@....com>,
Mark Rutland <mark.rutland@....com>
Subject: Re: [RFC PATCH] rcu: Make 'rcu_assign_pointer(p, v)' of type
'typeof(p)'
On Thu, May 23, 2019 at 03:32:20PM +0200, Andrea Parri wrote:
> The expression
>
> rcu_assign_pointer(p, typeof(p) v)
>
> is reported to be of type 'typeof(p)' in the documentation (c.f., e.g.,
> Documentation/RCU/whatisRCU.txt) but this is not the case: for example,
> the following snippet
>
> int **y;
> int *x;
> int *r0;
>
> ...
>
> r0 = rcu_assign_pointer(*y, x);
>
> can currently result in the compiler warning
>
> warning: assignment to ‘int *’ from ‘uintptr_t’ {aka ‘long unsigned int’} makes pointer from integer without a cast [-Wint-conversion]
>
> Cast the uintptr_t value to a typeof(p) value.
>
> Signed-off-by: Andrea Parri <andrea.parri@...rulasolutions.com>
> Cc: "Paul E. McKenney" <paulmck@...ux.ibm.com>
> Cc: Josh Triplett <josh@...htriplett.org>
> Cc: Steven Rostedt <rostedt@...dmis.org>
> Cc: Mathieu Desnoyers <mathieu.desnoyers@...icios.com>
> Cc: Lai Jiangshan <jiangshanlai@...il.com>
> Cc: Joel Fernandes <joel@...lfernandes.org>
> Cc: rcu@...r.kernel.org
> Cc: Peter Zijlstra <peterz@...radead.org>
> Cc: Will Deacon <will.deacon@....com>
> Cc: Mark Rutland <mark.rutland@....com>
> ---
> NOTE:
>
> TBH, I'm not sure this is 'the right patch' (hence the RFC...): in
> fact, I'm currently missing the motivations for allowing assignments
> such as the "r0 = ..." assignment above in generic code. (BTW, it's
> not currently possible to use such assignments in litmus tests...)
Given that a quick (and perhaps error-prone) search of the uses of
rcu_assign_pointer() in v5.1 didn't find a single use of the return
value, let's please instead change the documentation and implementation
to eliminate the return value.
> The usual concern is, of course, that if something is allowed (read
> 'compile!' ;/) then people will soon or later use it and they'll do
> it in all sorts of 'creative' ways, such as 'to extend dependencies
> across rcu_assign_pointer() calls' as in
>
> x = READ_ONCE(*z);
> r0 = rcu_assign_pointer(*y, x);
> WRITE_ONCE(*w, r0);
>
> Notice that using a 'do { ... } while (0)', say, would prevent such
> tricks/rvalues. (The same approach is used by smp_store_release().)
As you in fact suggest here. ;-)
Thanx, Paul
> For a related discussion, please see:
>
> https://lkml.kernel.org/r/20190523083013.GA4616@andrea
>
> Thoughts?
>
> Andrea
> ---
> include/linux/rcupdate.h | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/include/linux/rcupdate.h b/include/linux/rcupdate.h
> index 915460ec08722..b94ba5de78fba 100644
> --- a/include/linux/rcupdate.h
> +++ b/include/linux/rcupdate.h
> @@ -375,7 +375,7 @@ static inline void rcu_preempt_sleep_check(void) { }
> WRITE_ONCE((p), (typeof(p))(_r_a_p__v)); \
> else \
> smp_store_release(&p, RCU_INITIALIZER((typeof(p))_r_a_p__v)); \
> - _r_a_p__v; \
> + ((typeof(p))_r_a_p__v); \
> })
>
> /**
> --
> 2.7.4
>
Powered by blists - more mailing lists