On 12/19/25 7:40 AM, Marco Elver wrote:
+/*
+ * No-op helper to denote that ssp must be held. Because SRCU-protected
pointers
+ * should still be marked with __rcu_guarded, and we do not want to mark them
+ * with __guarded_by(ssp) as it would complicate annotations for writers, we
+ * choose the following strategy: srcu_dereference_check() calls this helper
+ * that checks that the passed ssp is held, and then fake-acquires 'RCU'.
+ */
+static inline void __srcu_read_lock_must_hold(const struct srcu_struct *ssp)
__must_hold_shared(ssp) { }
/**
* srcu_dereference_check - fetch SRCU-protected pointer for later
dereferencing
@@ -223,9 +233,15 @@ static inline int srcu_read_lock_held(const struct
srcu_struct *ssp)
* to 1. The @c argument will normally be a logical expression containing
* lockdep_is_held() calls.
*/
-#define srcu_dereference_check(p, ssp, c) \
- __rcu_dereference_check((p), __UNIQUE_ID(rcu), \
- (c) || srcu_read_lock_held(ssp), __rcu)
+#define srcu_dereference_check(p, ssp, c)
\
+({
\
+ __srcu_read_lock_must_hold(ssp);
\
+ __acquire_shared_ctx_lock(RCU); \
+ __auto_type __v = __rcu_dereference_check((p), __UNIQUE_ID(rcu),
\
+ (c) || srcu_read_lock_held(ssp), __rcu);
\
+ __release_shared_ctx_lock(RCU); \
+ __v;
\
+})
Hi Marco,
The above change is something I'm not happy about. The original
implementation of the srcu_dereference_check() macro shows that it is
sufficient to either hold an SRCU reader lock or the updater lock ('c').
The addition of "__srcu_read_lock_must_hold()" will cause compilation to
fail if the caller doesn't hold an SRCU reader lock. I'm concerned that
this will either lead to adding __no_context_analysis to SRCU updater
code that uses srcu_dereference_check() or to adding misleading
__assume_ctx_lock(ssp) annotations in SRCU updater code.
Thanks,
Bart.
