From: Peter Zijlstra <peterz@infradead.org>
To: Dmitry Vyukov <dvyukov@google.com>
Cc: Andrew Morton <akpm@linux-foundation.org>,
Andy Lutomirski <luto@kernel.org>, Borislav Petkov <bp@alien8.de>,
Brian Gerst <brgerst@gmail.com>,
Denys Vlasenko <dvlasenk@redhat.com>,
"H. Peter Anvin" <hpa@zytor.com>,
Josh Poimboeuf <jpoimboe@redhat.com>,
Linus Torvalds <torvalds@linux-foundation.org>,
Paul McKenney <paulmck@linux.vnet.ibm.com>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@kernel.org>,
LKML <linux-kernel@vger.kernel.org>
Subject: Re: locking/atomic: Introduce atomic_try_cmpxchg()
Date: Fri, 24 Mar 2017 15:21:40 +0100 [thread overview]
Message-ID: <20170324142140.vpyzl755oj6rb5qv@hirez.programming.kicks-ass.net> (raw)
In-Reply-To: <CACT4Y+bG+a0w6j6v1AmBE7fqqMSPyPEm4QimCzCouicmHT8FqA@mail.gmail.com>
On Fri, Mar 24, 2017 at 01:44:00PM +0100, Dmitry Vyukov wrote:
>
> The primitive has subtle difference with all other implementation that
> I know of, and can lead to very subtle bugs. Some time ago I've spent
> several days debugging a memory corruption caused by similar
> implementation. Consider a classical lock-free stack push:
>
> node->next = atomic_read(&head);
> do {
> } while (!atomic_try_cmpxchg(&head, &node->next, node));
>
> This code is broken with the current implementation, the problem is
> with unconditional update of *__po here:
Indeed. I had only considered stack local variables when I wrote that.
> So I would suggest to change it to a safer and less surprising
> alternative:
>
> diff --git a/arch/x86/include/asm/cmpxchg.h b/arch/x86/include/asm/cmpxchg.h
> index fb961db51a2a..81fb985f51f4 100644
> --- a/arch/x86/include/asm/cmpxchg.h
> +++ b/arch/x86/include/asm/cmpxchg.h
> @@ -212,7 +212,8 @@ extern void __add_wrong_size(void)
> default: \
> __cmpxchg_wrong_size(); \
> } \
> - *_old = __old; \
> + if (!success) \
> + *_old = __old; \
> success; \
> })
I've no immediate objection, I'll double check what, if anything, it
does for code gen.
> diff --git a/include/linux/atomic.h b/include/linux/atomic.h
> index aae5953817d6..f8098157f7c8 100644
> --- a/include/linux/atomic.h
> +++ b/include/linux/atomic.h
> @@ -1023,8 +1023,11 @@ static inline int atomic_dec_if_positive(atomic_t *v)
> ({ \
> typeof(_po) __po = (_po); \
> typeof(*(_po)) __o = *__po; \
> - *__po = atomic64_cmpxchg##type((_p), __o, (_n)); \
> - (*__po == __o); \
> + typeof(*(_po)) __v = atomic64_cmpxchg##type((_p), __o, (_n)); \
> + if (__v == __o) \
> + return true; \
> + *__po = __v; \
> + return false; \
> })
Can you actually use return in statement-expressions?
next prev parent reply other threads:[~2017-03-24 14:22 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-03-24 12:44 locking/atomic: Introduce atomic_try_cmpxchg() Dmitry Vyukov
2017-03-24 14:21 ` Peter Zijlstra [this message]
2017-03-24 14:23 ` Dmitry Vyukov
2017-03-24 16:41 ` Peter Zijlstra
2017-03-24 16:54 ` Andy Lutomirski
2017-03-24 17:23 ` Peter Zijlstra
2017-03-24 17:51 ` Dmitry Vyukov
2017-03-24 18:08 ` Peter Zijlstra
2017-03-24 18:13 ` Peter Zijlstra
2017-03-24 19:16 ` Andy Lutomirski
2017-03-24 19:20 ` Linus Torvalds
2017-03-24 19:27 ` Andy Lutomirski
2017-03-24 20:15 ` Peter Zijlstra
2017-03-24 20:14 ` Peter Zijlstra
2017-03-24 20:21 ` Andy Lutomirski
2017-03-24 18:16 ` Dmitry Vyukov
2017-03-24 18:00 ` Peter Zijlstra
2017-03-24 18:04 ` Peter Zijlstra
2017-03-24 18:45 ` Andy Lutomirski
2017-03-24 19:17 ` Linus Torvalds
2017-03-24 21:23 ` Peter Zijlstra
2017-03-25 7:51 ` Peter Zijlstra
2017-03-25 18:00 ` Linus Torvalds
2017-03-25 18:20 ` Peter Zijlstra
2017-03-25 18:28 ` Linus Torvalds
2017-03-25 18:34 ` Linus Torvalds
2017-03-25 21:13 ` Peter Zijlstra
2017-03-25 22:08 ` Linus Torvalds
2017-03-27 9:48 ` Peter Zijlstra
2017-03-24 20:22 ` Peter Zijlstra
2017-03-24 20:27 ` Andy Lutomirski
2017-03-24 21:07 ` Peter Zijlstra
2017-03-24 19:08 ` Linus Torvalds
2017-03-24 20:46 ` Peter Zijlstra
2017-03-24 20:58 ` Linus Torvalds
2017-03-27 12:16 ` Peter Zijlstra
2017-03-27 13:45 ` Dmitry Vyukov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170324142140.vpyzl755oj6rb5qv@hirez.programming.kicks-ass.net \
--to=peterz@infradead.org \
--cc=akpm@linux-foundation.org \
--cc=bp@alien8.de \
--cc=brgerst@gmail.com \
--cc=dvlasenk@redhat.com \
--cc=dvyukov@google.com \
--cc=hpa@zytor.com \
--cc=jpoimboe@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@kernel.org \
--cc=mingo@kernel.org \
--cc=paulmck@linux.vnet.ibm.com \
--cc=tglx@linutronix.de \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.