Re: [PATCH 07/10] module: __rcu annotations

From: Paul E. McKenney
Date: Thu Feb 25 2010 - 21:12:33 EST

Next message: Hank Janssen: "RE: Problem with auto-detecting a HV environment from within Linux"
Previous message: Stephen Rothwell: "linux-next: manual merge of the infiniband tree with the vfs tree"
In reply to: Paul E. McKenney: "Re: [PATCH 07/10] module: __rcu annotations"
Next in thread: Arnd Bergmann: "[PATCH 08/10] pid: __rcu annotations"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Feb 25, 2010 at 12:05:32PM -0800, Paul E. McKenney wrote:
> On Thu, Feb 25, 2010 at 07:10:34PM +0100, Arnd Bergmann wrote:

[ . . . ]

> > I've postponed that problem for now, and updated my series to split
> > the rculist annotations from the basic __rcu pointer annotations,
> > as well as to apply on top of your patches in tip/core/rcu,
> > see http://git.kernel.org/?p=linux/kernel/git/arnd/playground.git;\
> > a=shortlog;h=refs/heads/rcu-annotate-tip.

At first glance, this looks reasonably sane. I have looked up through
the "scheduler: __rcu annotations" commit.

Some comments:

o The name rcu_dereference_const() makes more sense to me than
does __rcu_dereference(), as it documents when you can safely
use it -- when something is preventing the RCU-protected
pointer in question from changing.

o Uses of __rcu_dereference() in your playground.git that are
safe because some lock is held should be changed to
rcu_dereference_check(), mentioning that lock. Ditto zero
reference counts.

For example, in your first change to put_ctx() in
kernel/perf_event.c, the:

put_ctx(__rcu_dereference(ctx->parent_ctx));

should instead be:

put_ctx(rcu_dereference_check(ctx->parent_ctx,
ctx->refcount == 0));

This does take a bit more space, but very clearly documents
the synchronization design and enables the combination of
sparse and lockdep to enforce it. And yes, this example has
the "if" right above the use, but many other cases are not
so easy to see so quickly. And a future change might well
rearrange the code so that the "if" is a long ways away from
the dereference.

o Whatever we choose for the name of what is __rcu_dereference()
in your tree, uses should be commented, just as things like
smp_mb() are commented. For example:

q = __rcu_dereference(p->next); /* Initialization. */

to indicate that the structure is still being initialized so
that no other CPU or task has access to it.

Again, looks promising!

Thanx, Paul

> > Should we merge the simple annotations in this merge window and
> > then think about rculist and trees separately?
>
> I haven't given up on the possibility of getting the whole thing into
> this merge window, but if that is not possible, it would be good to
> start on the annotations. Of course, the annotations would need to be
> done so that they don't rain false positives on people who are not
> actively looking to see them.
>
> Thanx, Paul
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Hank Janssen: "RE: Problem with auto-detecting a HV environment from within Linux"
Previous message: Stephen Rothwell: "linux-next: manual merge of the infiniband tree with the vfs tree"
In reply to: Paul E. McKenney: "Re: [PATCH 07/10] module: __rcu annotations"
Next in thread: Arnd Bergmann: "[PATCH 08/10] pid: __rcu annotations"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]