Re: [PATCH 8/8] membarrier: Rewrite sync_core_before_usermode() and improve documentation

From: Andy Lutomirski
Date: Sat Jun 19 2021 - 11:51:17 EST




On Fri, Jun 18, 2021, at 11:02 PM, Nicholas Piggin wrote:
> Excerpts from Mathieu Desnoyers's message of June 19, 2021 6:09 am:
> > ----- On Jun 18, 2021, at 3:58 PM, Andy Lutomirski luto@xxxxxxxxxx wrote:
> >
> >> On Fri, Jun 18, 2021, at 9:31 AM, Mathieu Desnoyers wrote:
> >>> ----- On Jun 17, 2021, at 8:12 PM, Andy Lutomirski luto@xxxxxxxxxx wrote:
> >>>
> >>> > On 6/17/21 7:47 AM, Mathieu Desnoyers wrote:
> >>> >
> >>> >> Please change back this #ifndef / #else / #endif within function for
> >>> >>
> >>> >> if (!IS_ENABLED(CONFIG_ARCH_HAS_MEMBARRIER_SYNC_CORE)) {
> >>> >> ...
> >>> >> } else {
> >>> >> ...
> >>> >> }
> >>> >>
> >>> >> I don't think mixing up preprocessor and code logic makes it more readable.
> >>> >
> >>> > I agree, but I don't know how to make the result work well.
> >>> > membarrier_sync_core_before_usermode() isn't defined in the !IS_ENABLED
> >>> > case, so either I need to fake up a definition or use #ifdef.
> >>> >
> >>> > If I faked up a definition, I would want to assert, at build time, that
> >>> > it isn't called. I don't think we can do:
> >>> >
> >>> > static void membarrier_sync_core_before_usermode()
> >>> > {
> >>> > BUILD_BUG_IF_REACHABLE();
> >>> > }
> >>>
> >>> Let's look at the context here:
> >>>
> >>> static void ipi_sync_core(void *info)
> >>> {
> >>> [....]
> >>> membarrier_sync_core_before_usermode()
> >>> }
> >>>
> >>> ^ this can be within #ifdef / #endif
> >>>
> >>> static int membarrier_private_expedited(int flags, int cpu_id)
> >>> [...]
> >>> if (!IS_ENABLED(CONFIG_ARCH_HAS_MEMBARRIER_SYNC_CORE))
> >>> return -EINVAL;
> >>> if (!(atomic_read(&mm->membarrier_state) &
> >>> MEMBARRIER_STATE_PRIVATE_EXPEDITED_SYNC_CORE_READY))
> >>> return -EPERM;
> >>> ipi_func = ipi_sync_core;
> >>>
> >>> All we need to make the line above work is to define an empty ipi_sync_core
> >>> function in the #else case after the ipi_sync_core() function definition.
> >>>
> >>> Or am I missing your point ?
> >>
> >> Maybe?
> >>
> >> My objection is that an empty ipi_sync_core is a lie — it doesn’t sync the core.
> >> I would be fine with that if I could have the compiler statically verify that
> >> it’s not called, but I’m uncomfortable having it there if the implementation is
> >> actively incorrect.
> >
> > I see. Another approach would be to implement a "setter" function to populate
> > "ipi_func". That setter function would return -EINVAL in its #ifndef CONFIG_ARCH_HAS_MEMBARRIER_SYNC_CORE
> > implementation.
>
> I still don't get the problem with my suggestion. Sure the
> ipi is a "lie", but it doesn't get used. That's how a lot of
> ifdef folding works out. E.g.,
>
> diff --git a/kernel/sched/membarrier.c b/kernel/sched/membarrier.c
> index b5add64d9698..54cb32d064af 100644
> --- a/kernel/sched/membarrier.c
> +++ b/kernel/sched/membarrier.c
> @@ -5,6 +5,15 @@
> * membarrier system call
> */
> #include "sched.h"
> +#ifdef CONFIG_ARCH_HAS_MEMBARRIER_SYNC_CORE
> +#include <asm/sync_core.h>
> +#else
> +static inline void membarrier_sync_core_before_usermode(void)
> +{
> + compiletime_assert(0, "architecture does not implement
> membarrier_sync_core_before_usermode");
> +}
> +

With the assert there, I’m fine with this. Let me see if the result builds.

> +#endif
>
> /*
> * For documentation purposes, here are some membarrier ordering
>