tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

rcu: Replace list_first_entry_rcu() with list_first_or_null_rcu()

The list_first_entry_rcu() macro is inherently unsafe because it cannot
be applied to an empty list. But because RCU readers do not exclude
updaters, a list might become empty between the time that list_empty()
claimed it was non-empty and the time that list_first_entry_rcu() is
invoked. Therefore, the list_empty() test cannot be separated from the
list_first_entry_rcu() call. This commit therefore combines these to
macros to create a new list_first_or_null_rcu() macro that replaces
the old (and unsafe) list_first_entry_rcu() macro.

This patch incorporates Paul's review comments on the previous version of
this patch available here:

https://lkml.org/lkml/2012/4/2/536

This patch cannot break any upstream code because list_first_entry_rcu()
is not being used anywhere in the kernel (tested with grep(1)), and any
external code using it is probably broken as a result of using it.

Signed-off-by: Michel Machado <michel@digirati.com.br>
CC: "Paul E. McKenney" <paulmck@linux.vnet.ibm.com>
CC: Dipankar Sarma <dipankar@in.ibm.com>
Signed-off-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>

authored by

Michel Machado and committed by
Paul E. McKenney f88022a4 559f9bad

+29 -4
+29 -4
include/linux/rculist.h
··· 233 233 }) 234 234 235 235 /** 236 - * list_first_entry_rcu - get the first element from a list 236 + * Where are list_empty_rcu() and list_first_entry_rcu()? 237 + * 238 + * Implementing those functions following their counterparts list_empty() and 239 + * list_first_entry() is not advisable because they lead to subtle race 240 + * conditions as the following snippet shows: 241 + * 242 + * if (!list_empty_rcu(mylist)) { 243 + * struct foo *bar = list_first_entry_rcu(mylist, struct foo, list_member); 244 + * do_something(bar); 245 + * } 246 + * 247 + * The list may not be empty when list_empty_rcu checks it, but it may be when 248 + * list_first_entry_rcu rereads the ->next pointer. 249 + * 250 + * Rereading the ->next pointer is not a problem for list_empty() and 251 + * list_first_entry() because they would be protected by a lock that blocks 252 + * writers. 253 + * 254 + * See list_first_or_null_rcu for an alternative. 255 + */ 256 + 257 + /** 258 + * list_first_or_null_rcu - get the first element from a list 237 259 * @ptr: the list head to take the element from. 238 260 * @type: the type of the struct this is embedded in. 239 261 * @member: the name of the list_struct within the struct. 240 262 * 241 - * Note, that list is expected to be not empty. 263 + * Note that if the list is empty, it returns NULL. 242 264 * 243 265 * This primitive may safely run concurrently with the _rcu list-mutation 244 266 * primitives such as list_add_rcu() as long as it's guarded by rcu_read_lock(). 245 267 */ 246 - #define list_first_entry_rcu(ptr, type, member) \ 247 - list_entry_rcu((ptr)->next, type, member) 268 + #define list_first_or_null_rcu(ptr, type, member) \ 269 + ({struct list_head *__ptr = (ptr); \ 270 + struct list_head __rcu *__next = list_next_rcu(__ptr); \ 271 + likely(__ptr != __next) ? container_of(__next, type, member) : NULL; \ 272 + }) 248 273 249 274 /** 250 275 * list_for_each_entry_rcu - iterate over rcu list of given type