[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAHk-=wide=L5-UK34Rh11=H8wjWKJ9icmqtB3jSmUwCMQH=Spw@mail.gmail.com>
Date: Mon, 13 Dec 2021 10:21:03 -0800
From: Linus Torvalds <torvalds@...ux-foundation.org>
To: Peter Zijlstra <peterz@...radead.org>
Cc: Will Deacon <will@...nel.org>, Boqun Feng <boqun.feng@...il.com>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
"the arch/x86 maintainers" <x86@...nel.org>,
Mark Rutland <mark.rutland@....com>,
Marco Elver <elver@...gle.com>,
Kees Cook <keescook@...omium.org>,
Christoph Hellwig <hch@...radead.org>,
Jens Axboe <axboe@...nel.dk>
Subject: Re: [PATCH v2 8/9] atomic,x86: Alternative atomic_*_overflow() scheme
On Mon, Dec 13, 2021 at 10:11 AM Linus Torvalds
<torvalds@...ux-foundation.org> wrote:
>
> But then on x86 - and other architectures that might prefer to use
> that offset trick because they have flags - I'm not sure it even makes
> sense to have anything to do with 'atomic_t' at all [..]
Side note: it might not be just about flags, and not just about things
like "offset-by-one".
We used to have special code for old 32-bit sparc because there you
couldn't actually sanely do 32-bit atomics: you could only really do
24 bits, because the whole first (upper) byte was the atomic lock
byte.
Now, that was too painful because nobody else did that, so these days
32-bit sparc just uses a hashed spinlock instead.
But I think it would be lovely to _design_ the atomic_ref_t to be able
to deal with that odd sparc32 issue too. Not because anybody cares
about 32-bit sparc any more, and not because I think anybody would
ever actually bother to write such code, but because I think it's a
good design goal to kind of aim for: if we're doing an actual
ref-counting data structure, where we do *not* have "int" semantics,
and very much have a concept of overflow, then I think it should
conceptually also work with that odd sparc32 24-byte atomic integer
model.
Was it a broken model? Was it stupid? Yes. Do I ever expect to see it
again? No. But I do think that conceptually we should strive to have
that as a _possible_ model.
In fact, it might be interesting to have something like that as a
debug model, where you have a smaller range for ref-counting, just to
make it easier to test that the code does the right thing for
overflow. 24 bits is a lot easier to overflow, while still being big
enough to work in practice.
So I do think that having a separate type system that simply does not
_work_ with somebody trying to do "atomic_xyz()" on it is the right
way to go.
Linus
Powered by blists - more mailing lists