Add a new macro to test that a variable could be loaded atomically.

Check that the given variable is at most uintptr_t in size and that it is aligned. Note: ASSERT_ATOMIC_LOAD() uses ALIGN() to check for adequate alignment -- however, the function of ALIGN() is to guarantee alignment, and therefore may lead to stronger alignment enforcement than necessary for types that are smaller than sizeof(uintptr_t). Add checks to mtx, rw and sx locks init functions to detect possible breakage. This was used during debugging of the problem fixed with r196118 where a pointer was on an un-aligned address in the dpcpu area. In collaboration with: rwatson Reviewed by: rwatson Approved by: re (kib)
2009-08-14 21:46:54 +00:00 · 2009-08-14 21:46:54 +00:00 · bf6acf7985
commit bf6acf7985
parent d51166f15e
4 changed files with 10 additions and 0 deletions
--- a/sys/kern/kern_mutex.c
+++ b/sys/kern/kern_mutex.c
@ -783,6 +783,8 @@ mtx_init(struct mtx *m, const char *name, const char *type, int opts)

 	MPASS((opts & ~(MTX_SPIN | MTX_QUIET | MTX_RECURSE |
 		MTX_NOWITNESS | MTX_DUPOK | MTX_NOPROFILE)) == 0);
+	ASSERT_ATOMIC_LOAD(m->mtx_lock, ("%s: mtx_lock not aligned for %s: %p",
+	    __func__, name, &m->mtx_lock));

 #ifdef MUTEX_DEBUG
 	/* Diagnostic and error correction */
--- a/sys/kern/kern_rwlock.c
+++ b/sys/kern/kern_rwlock.c
@ -174,6 +174,8 @@ rw_init_flags(struct rwlock *rw, const char *name, int opts)

 	MPASS((opts & ~(RW_DUPOK | RW_NOPROFILE | RW_NOWITNESS | RW_QUIET |
 	    RW_RECURSE)) == 0);
+	ASSERT_ATOMIC_LOAD(rw->rw_lock, ("%s: rw_lock not aligned for %s: %p",
+	    __func__, name, &rw->rw_lock));

 	flags = LO_UPGRADABLE;
 	if (opts & RW_DUPOK)
--- a/sys/kern/kern_sx.c
+++ b/sys/kern/kern_sx.c
@ -205,6 +205,8 @@ sx_init_flags(struct sx *sx, const char *description, int opts)

 	MPASS((opts & ~(SX_QUIET | SX_RECURSE | SX_NOWITNESS | SX_DUPOK |
 	    SX_NOPROFILE | SX_NOADAPTIVE)) == 0);
+	ASSERT_ATOMIC_LOAD(sx->sx_lock, ("%s: sx_lock not aligned for %s: %p",
+	    __func__, description, &sx->sx_lock));

 	flags = LO_SLEEPABLE | LO_UPGRADABLE;
 	if (opts & SX_DUPOK)
--- a/sys/sys/systm.h
+++ b/sys/sys/systm.h
@ -89,6 +89,10 @@ extern int maxusers;		/* system tune hint */
 #define	__CTASSERT(x, y)	typedef char __assert ## y[(x) ? 1 : -1]
 #endif

+#define	ASSERT_ATOMIC_LOAD(var,msg)					\
+	KASSERT(sizeof(var) <= sizeof(uintptr_t) &&			\
+	    ALIGN(&(var)) == (uintptr_t)&(var), msg)
+
 /*
 * XXX the hints declarations are even more misplaced than most declarations
 * in this file, since they are needed in one file (per arch) and only used