Re: [RFC][PATCH] rcu: Use typeof(p) instead of typeof(*p) *

From: Mathieu Desnoyers
Date: Tue Oct 05 2021 - 12:15:11 EST


----- On Oct 5, 2021, at 11:58 AM, rostedt rostedt@xxxxxxxxxxx wrote:

> On Tue, 5 Oct 2021 11:15:12 -0400 (EDT)
> Mathieu Desnoyers <mathieu.desnoyers@xxxxxxxxxxxx> wrote:
>
>> ----- On Oct 5, 2021, at 9:47 AM, rostedt rostedt@xxxxxxxxxxx wrote:
>> [...]
>> > #define rcu_dereference_raw(p) \
>> > ({ \
>> > /* Dependency order vs. p above. */ \
>> > typeof(p) ________p1 = READ_ONCE(p); \
>> > - ((typeof(*p) __force __kernel *)(________p1)); \
>> > + ((typeof(p) __force __kernel)(________p1)); \
>> > })
>>
>> AFAIU doing so removes validation that @p is indeed a pointer, so a user might
>> mistakenly
>> try to use rcu_dereference() on an integer, and get away with it. I'm not sure
>> we want to
>> loosen this check. I wonder if there might be another way to achieve the same
>> check without
>> requiring the structure to be declared, e.g. with __builtin_types_compatible_p ?
>
> Is that really an issue? Because you would be assigning it to an integer.
>
>
> x = rcu_dereference_raw(y);
>
> And that just makes 'x' a copy of 'y' and not really a reference to it, thus
> if you don't have a pointer, it's just a fancy READ_ONCE(y).

See Documentation/RCU/arrayRCU.rst:

"It might be tempting to consider use
of RCU to instead protect the index into an array, however, this use
case is **not** supported. The problem with RCU-protected indexes into
arrays is that compilers can play way too many optimization games with
integers, which means that the rules governing handling of these indexes
are far more trouble than they are worth. If RCU-protected indexes into
arrays prove to be particularly valuable (which they have not thus far),
explicit cooperation from the compiler will be required to permit them
to be safely used."

So AFAIU validation that rcu_dereference receives a pointer as parameter
is done on purpose.

Thanks,

Mathieu


--
Mathieu Desnoyers
EfficiOS Inc.
http://www.efficios.com