On Wed, Oct 09, 2013 at 02:29:20PM -0700, Paul E. McKenney wrote: > Hello! > > This series features updates to allow sparse to do a better job of > statically analyzing RCU usage: > > 1. Apply ACCESS_ONCE() to rcu_assign_pointer()'s target to prevent > comiler mischief. Also require that the source pointer be from > the kernel address space. Sometimes it can be from the RCU address > space, which necessitates the remaining patches in this series. > Which, it must be admitted, apply to a very small fraction of > the rcu_assign_pointer() invocations in the kernel. This commit > courtesy of Josh Triplett. > > 2-13. Apply rcu_access_pointer() to avoid a number of false positives. The use of rcu_access_pointer directly in the argument of rcu_assign_pointer does add a new constraint to rcu_assign_pointer, namely that it *must not* evaluate its argument more than once. Currently, it expands its argument three times, but one expansion is only visible to sparse (__CHECKER__), and one lives inside a typeof (where it'll never be evaluated), so this is safe. However, I'd add a comment to that effect above rcu_assign_pointer, explicitly saying that it must evaluate its argument exactly once; that way, if anyone ever changes it, they'll know they have to introduce an appropriate local temporary variable inside the macro. - Josh Triplett
