Re: sparse warnings related to kref_put_lock() and refcount_dec_and_lock()
From: Alexander Aring
Date: Tue Jun 28 2022 - 09:29:16 EST
Hi Luc,
On Tue, Jun 28, 2022 at 4:58 AM Luc Van Oostenryck
<luc.vanoostenryck@xxxxxxxxx> wrote:
>
> On Mon, Jun 27, 2022 at 09:06:43PM -0400, Alexander Aring wrote:
> > >
> > > If we change the refcount code to _never_ calling unlock() for the
> > > specific lock, then all those foo_and_lock_bar() functions can be
> > > annotated with "__acquires()". This should also end in the same code?
> >
> > sorry, this will not work because of the first condition of "if
> > (refcount_dec_not_one(r))" which will never hold the lock if true...
> > that's what the optimization is all about. However, maybe somebody has
> > another idea...
>
> I would certainly not recommend this but ...
> if it's OK to cheat and lie then you can do:
> + bool refcount_dec_and_lock(refcount_t *r, spinlock_t *lock) __acquires(lock);
> +
> bool refcount_dec_and_lock(refcount_t *r, spinlock_t *lock)
> {
> - if (refcount_dec_not_one(r))
> - return false;
> + if (refcount_dec_not_one(r)) {
> + __acquire(lock);
> + return false;
> + }
>
> spin_lock(lock);
> if (!refcount_dec_and_test(r)) {
> spin_unlock(lock);
> + __acquire(lock);
> return false;
> }
>
> return true;
> }
>
> In other word, pretend that the lock is always taken but ...
> 1) it's ugly
> 2) it's lying and can be confusing
> 3) now all the users of this function will have an imbalance problem
> (but they probably already have one since refcount_dec_and_lock()
> is not annotated).
>
> What is needed is some kind of annotation for conditional locks.
> I've tried a few time and in itself it was working but in most
> cases the usage pattern was so that there was a imbalance anyway.
>
may we can add something like __may_acquires() in the sense of
ignoring imbalances for the specific lock. This will not check
anything and probably ends in the same, but at least will stop
dropping warnings... my alternative would be to add a #ifdef
__CHECKER__ around my lock unlock().
Maybe just for now as no better option exists to validate such code
during compile time _at the moment_?
- Alex