> On Feb 6, 2020, at 7:27 PM, John Hubbard <jhubbard@xxxxxxxxxx> wrote: > > On 2/6/20 4:18 PM, Qian Cai wrote: >>> On Feb 6, 2020, at 6:34 PM, John Hubbard <jhubbard@xxxxxxxxxx> wrote: >>> On 2/6/20 7:23 AM, Qian Cai wrote: >>>>> On Feb 6, 2020, at 9:55 AM, Jan Kara <jack@xxxxxxx> wrote: >>>>> I don't think the problem is real. The question is how to make KCSAN happy >>>>> in a way that doesn't silence other possibly useful things it can find and >>>>> also which makes it most obvious to the reader what's going on... IMHO >>>>> using READ_ONCE() fulfills these targets nicely - it is free >>>>> performance-wise in this case, it silences the checker without impacting >>>>> other races on page->flags, its kind of obvious we don't want the load torn >>>>> in this case so it makes sense to the reader (although a comment may be >>>>> nice). >>>> >>>> Actually, use the data_race() macro there fulfilling the same purpose too, i.e, silence the splat here but still keep searching for other races. >>>> >>> >>> Yes, but both READ_ONCE() and data_race() would be saying untrue things about this code, >>> and that somewhat offends my sense of perfection... :) >>> >>> * READ_ONCE(): this field need not be restricted to being read only once, so the >>> name is immediately wrong. We're using side effects of READ_ONCE(). >>> >>> * data_race(): there is no race on the N bits worth of page zone number data. There >>> is only a perceived race, due to tools that look at word-level granularity. >>> >>> I'd propose one or both of the following: >>> >>> a) Hope that Marco (I've fixed the typo in his name. --jh) has an idea to enhance KCSAN so as to support this model of >>> access, and/or >> >> A similar thing was brought up before, i.e., anything compared to zero is immune to load-tearing >> issues, but it is rather difficult to implement it in the compiler, so it was settled to use data_race(), >> >> https://lore.kernel.org/lkml/CANpmjNN8J1oWtLPHTgCwbbtTuU_Js-8HD=cozW5cYkm8h-GTBg@xxxxxxxxxxxxxx/#r >> > > > Thanks for that link to the previous discussion, good context. > > >>> >>> b) Add a new, better-named macro to indicate what's going on. Initial bikeshed-able >>> candidates: >>> >>> READ_RO_BITS() >>> READ_IMMUTABLE_BITS() >>> ...etc... >>> >> >> Actually, Linus might hate those kinds of complication rather than a simple data_race() macro, >> >> https://lore.kernel.org/linux-fsdevel/CAHk-=wg5CkOEF8DTez1Qu0XTEFw_oHhxN98bDnFqbY7HL5AB2g@xxxxxxxxxxxxxx/ >> > > Another good link. However, my macros above haven't been proposed yet, and I'm perfectly > comfortable proposing something that Linus *might* (or might not!) hate. No point in > guessing about it, IMHO. > > If you want, I'll be happy to put on my flame suit and post a patchset proposing > READ_IMMUTABLE_BITS() (or a better-named thing, if someone has another name idea). :) > BTW, the current comment said (note, it is called “access” which in this case it does read the whole word rather than those 3 bits, even though it is only those bits are of interested for us), /* * data_race(): macro to document that accesses in an expression may conflict with * other concurrent accesses resulting in data races, but the resulting * behaviour is deemed safe regardless. * * This macro *does not* affect normal code generation, but is a hint to tooling * that data races here should be ignored. */ Macro might have more to say.
