On 64-bit architectures, u64_stats does rely on the load/store atomicity of 64-bit data.
However, users often mistakenly believe that the helpers could also protect/"lock" plain (64-bit) variables, which can lead to load/store tearing. Remove the misleading "non atomic operation" comments and add explicit examples of incorrect usage. Users may also be tempted to use memcpy() or struct copying. Doc the usage of u64_stats_reads() for this case. Signed-off-by: David Yang <[email protected]> --- include/linux/u64_stats_sync.h | 41 ++++++++++++++++++++++++++-------- 1 file changed, 32 insertions(+), 9 deletions(-) diff --git a/include/linux/u64_stats_sync.h b/include/linux/u64_stats_sync.h index 15ea4db2a77b..10f988170e51 100644 --- a/include/linux/u64_stats_sync.h +++ b/include/linux/u64_stats_sync.h @@ -39,21 +39,44 @@ * spin_lock_bh(...) or other synchronization to get exclusive access * ... * u64_stats_update_begin(&stats->syncp); - * u64_stats_add(&stats->bytes64, len); // non atomic operation - * u64_stats_inc(&stats->packets64); // non atomic operation + * u64_stats_add(&stats->bytes64, len); + * u64_stats_inc(&stats->packets64); * u64_stats_update_end(&stats->syncp); * * While a consumer (reader) should use following template to get consistent * snapshot for each variable (but no guarantee on several ones) * - * u64 tbytes, tpackets; - * unsigned int start; + * u64 tbytes, tpackets; + * unsigned int start; * - * do { - * start = u64_stats_fetch_begin(&stats->syncp); - * tbytes = u64_stats_read(&stats->bytes64); // non atomic operation - * tpackets = u64_stats_read(&stats->packets64); // non atomic operation - * } while (u64_stats_fetch_retry(&stats->syncp, start)); + * do { + * start = u64_stats_fetch_begin(&stats->syncp); + * tbytes = u64_stats_read(&stats->bytes64); + * tpackets = u64_stats_read(&stats->packets64); + * } while (u64_stats_fetch_retry(&stats->syncp, start)); + * + * Remember point #2: update_begin()/update_end() and + * fetch_begin()/fetch_retry() are no-ops on 64-bit architectures. u64_stats + * _cannot_ be used to protect plain variables against tearing. + * + * u64 stats64, cnt; + * struct { u64_stats_t stats[10]; } st, buf; + * + * u64_stats_update_begin(&stats->syncp); + * stats64 = cnt; // no + * stats64 += cnt; // no + * stats64++; // no + * st = buf; // no + * memcpy(&st, &buf, sizeof(st)); // no + * u64_stats_update_end(&stats->syncp); + * + * do { + * start = u64_stats_fetch_begin(&stats->syncp); + * cnt = stats64; // no + * buf = st; // no + * memcpy(&buf, &st, sizeof(st)); // no + * u64_stats_reads(&buf, &st, sizeof(st)); // use this instead + * } while (u64_stats_fetch_retry(&stats->syncp, start)); * * * Example of use in drivers/net/loopback.c, using per_cpu containers, -- 2.51.0 _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
