Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit f88022a4 authored by Michel Machado's avatar Michel Machado Committed by Paul E. McKenney
Browse files

rcu: Replace list_first_entry_rcu() with list_first_or_null_rcu() 

The list_first_entry_rcu() macro is inherently unsafe because it cannot
be applied to an empty list.  But because RCU readers do not exclude
updaters, a list might become empty between the time that list_empty()
claimed it was non-empty and the time that list_first_entry_rcu() is
invoked.  Therefore, the list_empty() test cannot be separated from the
list_first_entry_rcu() call.  This commit therefore combines these to
macros to create a new list_first_or_null_rcu() macro that replaces
the old (and unsafe) list_first_entry_rcu() macro.

This patch incorporates Paul's review comments on the previous version of
this patch available here:

https://lkml.org/lkml/2012/4/2/536



This patch cannot break any upstream code because list_first_entry_rcu()
is not being used anywhere in the kernel (tested with grep(1)), and any
external code using it is probably broken as a result of using it.

Signed-off-by: default avatarMichel Machado <michel@digirati.com.br>
CC: "Paul E. McKenney" <paulmck@linux.vnet.ibm.com>
CC: Dipankar Sarma <dipankar@in.ibm.com>
Signed-off-by: default avatarPaul E. McKenney <paulmck@linux.vnet.ibm.com>
parent 559f9bad

include/linux/rculist.h

+29 −4
Original line number Diff line number Diff line
@@ -233,18 +233,43 @@ static inline void list_splice_init_rcu(struct list_head *list, 
	})



/**

 * list_first_entry_rcu - get the first element from a list

 * Where are list_empty_rcu() and list_first_entry_rcu()?

 *

 * Implementing those functions following their counterparts list_empty() and

 * list_first_entry() is not advisable because they lead to subtle race

 * conditions as the following snippet shows:

 *

 * if (!list_empty_rcu(mylist)) {

 *	struct foo *bar = list_first_entry_rcu(mylist, struct foo, list_member);

 *	do_something(bar);

 * }

 *

 * The list may not be empty when list_empty_rcu checks it, but it may be when

 * list_first_entry_rcu rereads the ->next pointer.

 *

 * Rereading the ->next pointer is not a problem for list_empty() and

 * list_first_entry() because they would be protected by a lock that blocks

 * writers.

 *

 * See list_first_or_null_rcu for an alternative.

 */



/**

 * list_first_or_null_rcu - get the first element from a list

 * @ptr:        the list head to take the element from.

 * @type:       the type of the struct this is embedded in.

 * @member:     the name of the list_struct within the struct.

 *

 * Note, that list is expected to be not empty.

 * Note that if the list is empty, it returns NULL.

 *

 * This primitive may safely run concurrently with the _rcu list-mutation

 * primitives such as list_add_rcu() as long as it's guarded by rcu_read_lock().

 */

#define list_first_entry_rcu(ptr, type, member) \

	list_entry_rcu((ptr)->next, type, member)

#define list_first_or_null_rcu(ptr, type, member) \

	({struct list_head *__ptr = (ptr); \

	  struct list_head __rcu *__next = list_next_rcu(__ptr); \

	  likely(__ptr != __next) ? container_of(__next, type, member) : NULL; \

	})



/**

 * list_for_each_entry_rcu	-	iterate over rcu list of given type