On Tue, Oct 05, 2021 at 12:15:04PM -0400, Mathieu Desnoyers wrote: > ----- On Oct 5, 2021, at 11:58 AM, rostedt rostedt@xxxxxxxxxxx wrote: > > > On Tue, 5 Oct 2021 11:15:12 -0400 (EDT) > > Mathieu Desnoyers <mathieu.desnoyers@xxxxxxxxxxxx> wrote: > > > >> ----- On Oct 5, 2021, at 9:47 AM, rostedt rostedt@xxxxxxxxxxx wrote: > >> [...] > >> > #define rcu_dereference_raw(p) \ > >> > ({ \ > >> > /* Dependency order vs. p above. */ \ > >> > typeof(p) ________p1 = READ_ONCE(p); \ > >> > - ((typeof(*p) __force __kernel *)(________p1)); \ > >> > + ((typeof(p) __force __kernel)(________p1)); \ > >> > }) > >> > >> AFAIU doing so removes validation that @p is indeed a pointer, so a user might > >> mistakenly > >> try to use rcu_dereference() on an integer, and get away with it. I'm not sure > >> we want to > >> loosen this check. I wonder if there might be another way to achieve the same > >> check without > >> requiring the structure to be declared, e.g. with __builtin_types_compatible_p ? > > > > Is that really an issue? Because you would be assigning it to an integer. > > > > > > x = rcu_dereference_raw(y); > > > > And that just makes 'x' a copy of 'y' and not really a reference to it, thus > > if you don't have a pointer, it's just a fancy READ_ONCE(y). > > See Documentation/RCU/arrayRCU.rst: > > "It might be tempting to consider use > of RCU to instead protect the index into an array, however, this use > case is **not** supported. The problem with RCU-protected indexes into > arrays is that compilers can play way too many optimization games with > integers, which means that the rules governing handling of these indexes > are far more trouble than they are worth. If RCU-protected indexes into > arrays prove to be particularly valuable (which they have not thus far), > explicit cooperation from the compiler will be required to permit them > to be safely used." > > So AFAIU validation that rcu_dereference receives a pointer as parameter > is done on purpose. What Mathieu said! On the other hand, I am starting to believe that explicit cooperation from compilers might actually be forthcoming in my lifetime, so there might well be that... Thanx, Paul