----- On Oct 5, 2021, at 11:58 AM, rostedt rostedt@xxxxxxxxxxx wrote: > On Tue, 5 Oct 2021 11:15:12 -0400 (EDT) > Mathieu Desnoyers <mathieu.desnoyers@xxxxxxxxxxxx> wrote: > >> ----- On Oct 5, 2021, at 9:47 AM, rostedt rostedt@xxxxxxxxxxx wrote: >> [...] >> > #define rcu_dereference_raw(p) \ >> > ({ \ >> > /* Dependency order vs. p above. */ \ >> > typeof(p) ________p1 = READ_ONCE(p); \ >> > - ((typeof(*p) __force __kernel *)(________p1)); \ >> > + ((typeof(p) __force __kernel)(________p1)); \ >> > }) >> >> AFAIU doing so removes validation that @p is indeed a pointer, so a user might >> mistakenly >> try to use rcu_dereference() on an integer, and get away with it. I'm not sure >> we want to >> loosen this check. I wonder if there might be another way to achieve the same >> check without >> requiring the structure to be declared, e.g. with __builtin_types_compatible_p ? > > Is that really an issue? Because you would be assigning it to an integer. > > > x = rcu_dereference_raw(y); > > And that just makes 'x' a copy of 'y' and not really a reference to it, thus > if you don't have a pointer, it's just a fancy READ_ONCE(y). See Documentation/RCU/arrayRCU.rst: "It might be tempting to consider use of RCU to instead protect the index into an array, however, this use case is **not** supported. The problem with RCU-protected indexes into arrays is that compilers can play way too many optimization games with integers, which means that the rules governing handling of these indexes are far more trouble than they are worth. If RCU-protected indexes into arrays prove to be particularly valuable (which they have not thus far), explicit cooperation from the compiler will be required to permit them to be safely used." So AFAIU validation that rcu_dereference receives a pointer as parameter is done on purpose. Thanks, Mathieu -- Mathieu Desnoyers EfficiOS Inc. http://www.efficios.com