[Lguest] [PATCH 4/8] lguest: update commentry

[Paul E. McKenney]

On Sun, Jul 26, 2009 at 09:09:16AM +0930, Rusty Russell wrote:
> On Sat, 25 Jul 2009 01:20:05 am Paul E. McKenney wrote:
> > On Fri, Jul 24, 2009 at 08:12:14PM +0930, Rusty Russell wrote:
> > > 	 * rcu_dereference is the counter-side of rcu_assign_pointer(); it
> > > 	 * makes sure we don't access the memory pointed to by
> > > 	 * cpu->lg->eventfds before cpu->lg->eventfds is set.  As you might
> > > 	 * expect, that's impossible on almost every architecture anyway.
> > 
> > Perhaps add a sentence about how aggressive optimizing compilers can
> > get this effect?  For whatever it is worth, one such optimization is as
> > follows:
> > 
> > 1.	Compiler guesses the value of the pointer, and also issues a
> > 	load of the pointer value.  Note that if the pointer almost
> > 	never changes, the guess will almost always be correct.
> > 	But to keep things interesting, let's assume that the guess
> > 	is -not- correct.
> > 
> > 2.	The compiler dereferences its guess, picking up garbage.
> > 
> > 3.	Meanwhile, the updater allocates new memory, just happening
> > 	to get memory whose address matches the compiler's incorrect
> > 	guess.  The updater initializes this new memory and updates
> > 	the pointer.
> 
> Ah, if the "guess" is a previously cached copy of the pointer (thus an
> indefinite number of allocs behind us) this is indeed possible.

Yep!  ;-)

> Here's the new version:
> 
> 	/*
> 	 * rcu_dereference is the counter-side of rcu_assign_pointer(); it
> 	 * makes sure we don't access the memory pointed to by
> 	 * cpu->lg->eventfds before cpu->lg->eventfds is set.  Sounds crazy,
> 	 * but Alpha allows this!  Paul McKenney points out that a really
> 	 * aggressive compiler could have the same effect:
> 	 *   http://lists.ozlabs.org/pipermail/lguest/2009-July/001560.html
> 	 *
> 	 * So play safe, use rcu_dereference to get the rcu-protected pointer:
> 	 */
> 	map = rcu_dereference(cpu->lg->eventfds);

Looks good to me!

							Thanx, Paul