[Lguest] [PATCH 4/8] lguest: update commentry
Rusty Russell
rusty at rustcorp.com.au
Sun Jul 26 09:39:16 EST 2009
On Sat, 25 Jul 2009 01:20:05 am Paul E. McKenney wrote:
> On Fri, Jul 24, 2009 at 08:12:14PM +0930, Rusty Russell wrote:
> > * rcu_dereference is the counter-side of rcu_assign_pointer(); it
> > * makes sure we don't access the memory pointed to by
> > * cpu->lg->eventfds before cpu->lg->eventfds is set. As you might
> > * expect, that's impossible on almost every architecture anyway.
>
> Perhaps add a sentence about how aggressive optimizing compilers can
> get this effect? For whatever it is worth, one such optimization is as
> follows:
>
> 1. Compiler guesses the value of the pointer, and also issues a
> load of the pointer value. Note that if the pointer almost
> never changes, the guess will almost always be correct.
> But to keep things interesting, let's assume that the guess
> is -not- correct.
>
> 2. The compiler dereferences its guess, picking up garbage.
>
> 3. Meanwhile, the updater allocates new memory, just happening
> to get memory whose address matches the compiler's incorrect
> guess. The updater initializes this new memory and updates
> the pointer.
Ah, if the "guess" is a previously cached copy of the pointer (thus an
indefinite number of allocs behind us) this is indeed possible.
Here's the new version:
/*
* rcu_dereference is the counter-side of rcu_assign_pointer(); it
* makes sure we don't access the memory pointed to by
* cpu->lg->eventfds before cpu->lg->eventfds is set. Sounds crazy,
* but Alpha allows this! Paul McKenney points out that a really
* aggressive compiler could have the same effect:
* http://lists.ozlabs.org/pipermail/lguest/2009-July/001560.html
*
* So play safe, use rcu_dereference to get the rcu-protected pointer:
*/
map = rcu_dereference(cpu->lg->eventfds);
Thanks!
Rusty.
More information about the Lguest
mailing list