| Message ID | 20130901234251.GB25057@leaf (mailing list archive) |
|---|---|
| State | Not Applicable, archived |
| Headers | show |
On Sun, Sep 01, 2013 at 04:42:52PM -0700, Josh Triplett wrote: > rcu_assign_pointer needs to use ACCESS_ONCE to make the assignment to > the destination pointer volatile, to protect against compilers too > clever for their own good. > > In addition, since rcu_assign_pointer force-casts the source pointer to > add the __rcu address space (overriding any existing address space), add > an explicit check that the source pointer has the __kernel address space > to start with. > > This new check produces warnings like this, when attempting to assign > from a __user pointer: > > test.c:25:9: warning: incorrect type in argument 2 (different address spaces) > test.c:25:9: expected struct foo *<noident> > test.c:25:9: got struct foo [noderef] <asn:1>*badsrc > > Signed-off-by: Josh Triplett <josh@joshtriplett.org> Queued for 3.13, thank you very much! Thanx, Paul > --- > include/linux/rcupdate.h | 12 +++++++++++- > 1 file changed, 11 insertions(+), 1 deletion(-) > > diff --git a/include/linux/rcupdate.h b/include/linux/rcupdate.h > index 4b14bdc..3f62def 100644 > --- a/include/linux/rcupdate.h > +++ b/include/linux/rcupdate.h > @@ -510,8 +510,17 @@ static inline void rcu_preempt_sleep_check(void) > #ifdef __CHECKER__ > #define rcu_dereference_sparse(p, space) \ > ((void)(((typeof(*p) space *)p) == p)) > +/* The dummy first argument in __rcu_assign_pointer_typecheck makes the > + * typechecked pointer the second argument, matching rcu_assign_pointer itself; > + * this avoids confusion about argument numbers in warning messages. */ > +#define __rcu_assign_pointer_check_kernel(v) \ > + do { \ > + extern void __rcu_assign_pointer_typecheck(int, typeof(*(v)) __kernel *); \ > + __rcu_assign_pointer_typecheck(0, v); \ > + } while (0) > #else /* #ifdef __CHECKER__ */ > #define rcu_dereference_sparse(p, space) > +#define __rcu_assign_pointer_check_kernel(v) do { } while (0) > #endif /* #else #ifdef __CHECKER__ */ > > #define __rcu_access_pointer(p, space) \ > @@ -555,7 +564,8 @@ static inline void rcu_preempt_sleep_check(void) > #define __rcu_assign_pointer(p, v, space) \ > do { \ > smp_wmb(); \ > - (p) = (typeof(*v) __force space *)(v); \ > + __rcu_assign_pointer_check_kernel(v); \ > + ACCESS_ONCE(p) = (typeof(*(v)) __force space *)(v); \ > } while (0) > > > -- > To unsubscribe from this list: send the line "unsubscribe linux-kernel" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html > Please read the FAQ at http://www.tux.org/lkml/ > -- To unsubscribe from this list: send the line "unsubscribe linux-sparse" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/include/linux/rcupdate.h b/include/linux/rcupdate.h index 4b14bdc..3f62def 100644 --- a/include/linux/rcupdate.h +++ b/include/linux/rcupdate.h @@ -510,8 +510,17 @@ static inline void rcu_preempt_sleep_check(void) #ifdef __CHECKER__ #define rcu_dereference_sparse(p, space) \ ((void)(((typeof(*p) space *)p) == p)) +/* The dummy first argument in __rcu_assign_pointer_typecheck makes the + * typechecked pointer the second argument, matching rcu_assign_pointer itself; + * this avoids confusion about argument numbers in warning messages. */ +#define __rcu_assign_pointer_check_kernel(v) \ + do { \ + extern void __rcu_assign_pointer_typecheck(int, typeof(*(v)) __kernel *); \ + __rcu_assign_pointer_typecheck(0, v); \ + } while (0) #else /* #ifdef __CHECKER__ */ #define rcu_dereference_sparse(p, space) +#define __rcu_assign_pointer_check_kernel(v) do { } while (0) #endif /* #else #ifdef __CHECKER__ */ #define __rcu_access_pointer(p, space) \ @@ -555,7 +564,8 @@ static inline void rcu_preempt_sleep_check(void) #define __rcu_assign_pointer(p, v, space) \ do { \ smp_wmb(); \ - (p) = (typeof(*v) __force space *)(v); \ + __rcu_assign_pointer_check_kernel(v); \ + ACCESS_ONCE(p) = (typeof(*(v)) __force space *)(v); \ } while (0)
rcu_assign_pointer needs to use ACCESS_ONCE to make the assignment to the destination pointer volatile, to protect against compilers too clever for their own good. In addition, since rcu_assign_pointer force-casts the source pointer to add the __rcu address space (overriding any existing address space), add an explicit check that the source pointer has the __kernel address space to start with. This new check produces warnings like this, when attempting to assign from a __user pointer: test.c:25:9: warning: incorrect type in argument 2 (different address spaces) test.c:25:9: expected struct foo *<noident> test.c:25:9: got struct foo [noderef] <asn:1>*badsrc Signed-off-by: Josh Triplett <josh@joshtriplett.org> --- include/linux/rcupdate.h | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) -- To unsubscribe from this list: send the line "unsubscribe linux-sparse" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html