READ_ONCE: Enforce atomicity for {READ,WRITE}_ONCE() memory accesses
[linux-2.6-microblaze.git] / include / linux / compiler.h
1 /* SPDX-License-Identifier: GPL-2.0 */
2 #ifndef __LINUX_COMPILER_H
3 #define __LINUX_COMPILER_H
4
5 #include <linux/compiler_types.h>
6
7 #ifndef __ASSEMBLY__
8
9 #ifdef __KERNEL__
10
11 /*
12  * Note: DISABLE_BRANCH_PROFILING can be used by special lowlevel code
13  * to disable branch tracing on a per file basis.
14  */
15 #if defined(CONFIG_TRACE_BRANCH_PROFILING) \
16     && !defined(DISABLE_BRANCH_PROFILING) && !defined(__CHECKER__)
17 void ftrace_likely_update(struct ftrace_likely_data *f, int val,
18                           int expect, int is_constant);
19
20 #define likely_notrace(x)       __builtin_expect(!!(x), 1)
21 #define unlikely_notrace(x)     __builtin_expect(!!(x), 0)
22
23 #define __branch_check__(x, expect, is_constant) ({                     \
24                         long ______r;                                   \
25                         static struct ftrace_likely_data                \
26                                 __aligned(4)                            \
27                                 __section(_ftrace_annotated_branch)     \
28                                 ______f = {                             \
29                                 .data.func = __func__,                  \
30                                 .data.file = __FILE__,                  \
31                                 .data.line = __LINE__,                  \
32                         };                                              \
33                         ______r = __builtin_expect(!!(x), expect);      \
34                         ftrace_likely_update(&______f, ______r,         \
35                                              expect, is_constant);      \
36                         ______r;                                        \
37                 })
38
39 /*
40  * Using __builtin_constant_p(x) to ignore cases where the return
41  * value is always the same.  This idea is taken from a similar patch
42  * written by Daniel Walker.
43  */
44 # ifndef likely
45 #  define likely(x)     (__branch_check__(x, 1, __builtin_constant_p(x)))
46 # endif
47 # ifndef unlikely
48 #  define unlikely(x)   (__branch_check__(x, 0, __builtin_constant_p(x)))
49 # endif
50
51 #ifdef CONFIG_PROFILE_ALL_BRANCHES
52 /*
53  * "Define 'is'", Bill Clinton
54  * "Define 'if'", Steven Rostedt
55  */
56 #define if(cond, ...) if ( __trace_if_var( !!(cond , ## __VA_ARGS__) ) )
57
58 #define __trace_if_var(cond) (__builtin_constant_p(cond) ? (cond) : __trace_if_value(cond))
59
60 #define __trace_if_value(cond) ({                       \
61         static struct ftrace_branch_data                \
62                 __aligned(4)                            \
63                 __section(_ftrace_branch)               \
64                 __if_trace = {                          \
65                         .func = __func__,               \
66                         .file = __FILE__,               \
67                         .line = __LINE__,               \
68                 };                                      \
69         (cond) ?                                        \
70                 (__if_trace.miss_hit[1]++,1) :          \
71                 (__if_trace.miss_hit[0]++,0);           \
72 })
73
74 #endif /* CONFIG_PROFILE_ALL_BRANCHES */
75
76 #else
77 # define likely(x)      __builtin_expect(!!(x), 1)
78 # define unlikely(x)    __builtin_expect(!!(x), 0)
79 #endif
80
81 /* Optimization barrier */
82 #ifndef barrier
83 # define barrier() __memory_barrier()
84 #endif
85
86 #ifndef barrier_data
87 # define barrier_data(ptr) barrier()
88 #endif
89
90 /* workaround for GCC PR82365 if needed */
91 #ifndef barrier_before_unreachable
92 # define barrier_before_unreachable() do { } while (0)
93 #endif
94
95 /* Unreachable code */
96 #ifdef CONFIG_STACK_VALIDATION
97 /*
98  * These macros help objtool understand GCC code flow for unreachable code.
99  * The __COUNTER__ based labels are a hack to make each instance of the macros
100  * unique, to convince GCC not to merge duplicate inline asm statements.
101  */
102 #define annotate_reachable() ({                                         \
103         asm volatile("%c0:\n\t"                                         \
104                      ".pushsection .discard.reachable\n\t"              \
105                      ".long %c0b - .\n\t"                               \
106                      ".popsection\n\t" : : "i" (__COUNTER__));          \
107 })
108 #define annotate_unreachable() ({                                       \
109         asm volatile("%c0:\n\t"                                         \
110                      ".pushsection .discard.unreachable\n\t"            \
111                      ".long %c0b - .\n\t"                               \
112                      ".popsection\n\t" : : "i" (__COUNTER__));          \
113 })
114 #define ASM_UNREACHABLE                                                 \
115         "999:\n\t"                                                      \
116         ".pushsection .discard.unreachable\n\t"                         \
117         ".long 999b - .\n\t"                                            \
118         ".popsection\n\t"
119
120 /* Annotate a C jump table to allow objtool to follow the code flow */
121 #define __annotate_jump_table __section(.rodata..c_jump_table)
122
123 #else
124 #define annotate_reachable()
125 #define annotate_unreachable()
126 #define __annotate_jump_table
127 #endif
128
129 #ifndef ASM_UNREACHABLE
130 # define ASM_UNREACHABLE
131 #endif
132 #ifndef unreachable
133 # define unreachable() do {             \
134         annotate_unreachable();         \
135         __builtin_unreachable();        \
136 } while (0)
137 #endif
138
139 /*
140  * KENTRY - kernel entry point
141  * This can be used to annotate symbols (functions or data) that are used
142  * without their linker symbol being referenced explicitly. For example,
143  * interrupt vector handlers, or functions in the kernel image that are found
144  * programatically.
145  *
146  * Not required for symbols exported with EXPORT_SYMBOL, or initcalls. Those
147  * are handled in their own way (with KEEP() in linker scripts).
148  *
149  * KENTRY can be avoided if the symbols in question are marked as KEEP() in the
150  * linker script. For example an architecture could KEEP() its entire
151  * boot/exception vector code rather than annotate each function and data.
152  */
153 #ifndef KENTRY
154 # define KENTRY(sym)                                            \
155         extern typeof(sym) sym;                                 \
156         static const unsigned long __kentry_##sym               \
157         __used                                                  \
158         __section("___kentry" "+" #sym )                        \
159         = (unsigned long)&sym;
160 #endif
161
162 #ifndef RELOC_HIDE
163 # define RELOC_HIDE(ptr, off)                                   \
164   ({ unsigned long __ptr;                                       \
165      __ptr = (unsigned long) (ptr);                             \
166     (typeof(ptr)) (__ptr + (off)); })
167 #endif
168
169 #ifndef OPTIMIZER_HIDE_VAR
170 /* Make the optimizer believe the variable can be manipulated arbitrarily. */
171 #define OPTIMIZER_HIDE_VAR(var)                                         \
172         __asm__ ("" : "=r" (var) : "0" (var))
173 #endif
174
175 /* Not-quite-unique ID. */
176 #ifndef __UNIQUE_ID
177 # define __UNIQUE_ID(prefix) __PASTE(__PASTE(__UNIQUE_ID_, prefix), __LINE__)
178 #endif
179
180 /*
181  * Prevent the compiler from merging or refetching reads or writes. The
182  * compiler is also forbidden from reordering successive instances of
183  * READ_ONCE and WRITE_ONCE, but only when the compiler is aware of some
184  * particular ordering. One way to make the compiler aware of ordering is to
185  * put the two invocations of READ_ONCE or WRITE_ONCE in different C
186  * statements.
187  *
188  * These two macros will also work on aggregate data types like structs or
189  * unions.
190  *
191  * Their two major use cases are: (1) Mediating communication between
192  * process-level code and irq/NMI handlers, all running on the same CPU,
193  * and (2) Ensuring that the compiler does not fold, spindle, or otherwise
194  * mutilate accesses that either do not require ordering or that interact
195  * with an explicit memory barrier or atomic instruction that provides the
196  * required ordering.
197  */
198 #include <asm/barrier.h>
199 #include <linux/kasan-checks.h>
200
201 /*
202  * Use __READ_ONCE() instead of READ_ONCE() if you do not require any
203  * atomicity or dependency ordering guarantees. Note that this may result
204  * in tears!
205  */
206 #define __READ_ONCE(x)  (*(const volatile typeof(x) *)&(x))
207
208 #define __READ_ONCE_SCALAR(x)                                           \
209 ({                                                                      \
210         typeof(x) __x = __READ_ONCE(x);                                 \
211         smp_read_barrier_depends();                                     \
212         __x;                                                            \
213 })
214
215 #define READ_ONCE(x)                                                    \
216 ({                                                                      \
217         compiletime_assert_rwonce_type(x);                              \
218         __READ_ONCE_SCALAR(x);                                          \
219 })
220
221 #define __WRITE_ONCE(x, val)                            \
222 do {                                                    \
223         *(volatile typeof(x) *)&(x) = (val);            \
224 } while (0)
225
226 #define WRITE_ONCE(x, val)                              \
227 do {                                                    \
228         compiletime_assert_rwonce_type(x);              \
229         __WRITE_ONCE(x, val);                           \
230 } while (0)
231
232 #ifdef CONFIG_KASAN
233 /*
234  * We can't declare function 'inline' because __no_sanitize_address conflicts
235  * with inlining. Attempt to inline it may cause a build failure.
236  *     https://gcc.gnu.org/bugzilla/show_bug.cgi?id=67368
237  * '__maybe_unused' allows us to avoid defined-but-not-used warnings.
238  */
239 # define __no_kasan_or_inline __no_sanitize_address notrace __maybe_unused
240 #else
241 # define __no_kasan_or_inline __always_inline
242 #endif
243
244 static __no_kasan_or_inline
245 unsigned long __read_once_word_nocheck(const void *addr)
246 {
247         return __READ_ONCE(*(unsigned long *)addr);
248 }
249
250 /*
251  * Use READ_ONCE_NOCHECK() instead of READ_ONCE() if you need to load a
252  * word from memory atomically but without telling KASAN. This is usually
253  * used by unwinding code when walking the stack of a running process.
254  */
255 #define READ_ONCE_NOCHECK(x)                                            \
256 ({                                                                      \
257         unsigned long __x = __read_once_word_nocheck(&(x));             \
258         smp_read_barrier_depends();                                     \
259         __x;                                                            \
260 })
261
262 static __no_kasan_or_inline
263 unsigned long read_word_at_a_time(const void *addr)
264 {
265         kasan_check_read(addr, 1);
266         return *(unsigned long *)addr;
267 }
268
269 #endif /* __KERNEL__ */
270
271 /*
272  * Force the compiler to emit 'sym' as a symbol, so that we can reference
273  * it from inline assembler. Necessary in case 'sym' could be inlined
274  * otherwise, or eliminated entirely due to lack of references that are
275  * visible to the compiler.
276  */
277 #define __ADDRESSABLE(sym) \
278         static void * __section(.discard.addressable) __used \
279                 __PASTE(__addressable_##sym, __LINE__) = (void *)&sym;
280
281 /**
282  * offset_to_ptr - convert a relative memory offset to an absolute pointer
283  * @off:        the address of the 32-bit offset value
284  */
285 static inline void *offset_to_ptr(const int *off)
286 {
287         return (void *)((unsigned long)off + *off);
288 }
289
290 #endif /* __ASSEMBLY__ */
291
292 /* Compile time object size, -1 for unknown */
293 #ifndef __compiletime_object_size
294 # define __compiletime_object_size(obj) -1
295 #endif
296 #ifndef __compiletime_warning
297 # define __compiletime_warning(message)
298 #endif
299 #ifndef __compiletime_error
300 # define __compiletime_error(message)
301 #endif
302
303 #ifdef __OPTIMIZE__
304 # define __compiletime_assert(condition, msg, prefix, suffix)           \
305         do {                                                            \
306                 extern void prefix ## suffix(void) __compiletime_error(msg); \
307                 if (!(condition))                                       \
308                         prefix ## suffix();                             \
309         } while (0)
310 #else
311 # define __compiletime_assert(condition, msg, prefix, suffix) do { } while (0)
312 #endif
313
314 #define _compiletime_assert(condition, msg, prefix, suffix) \
315         __compiletime_assert(condition, msg, prefix, suffix)
316
317 /**
318  * compiletime_assert - break build and emit msg if condition is false
319  * @condition: a compile-time constant condition to check
320  * @msg:       a message to emit if condition is false
321  *
322  * In tradition of POSIX assert, this macro will break the build if the
323  * supplied condition is *false*, emitting the supplied error message if the
324  * compiler has support to do so.
325  */
326 #define compiletime_assert(condition, msg) \
327         _compiletime_assert(condition, msg, __compiletime_assert_, __COUNTER__)
328
329 #define compiletime_assert_atomic_type(t)                               \
330         compiletime_assert(__native_word(t),                            \
331                 "Need native word sized stores/loads for atomicity.")
332
333 /*
334  * Yes, this permits 64-bit accesses on 32-bit architectures. These will
335  * actually be atomic in many cases (namely x86), but for others we rely on
336  * the access being split into 2x32-bit accesses for a 32-bit quantity (e.g.
337  * a virtual address) and a strong prevailing wind.
338  */
339 #define compiletime_assert_rwonce_type(t)                                       \
340         compiletime_assert(__native_word(t) || sizeof(t) == sizeof(long long),  \
341                 "Unsupported access size for {READ,WRITE}_ONCE().")
342
343 /* &a[0] degrades to a pointer: a different type from an array */
344 #define __must_be_array(a)      BUILD_BUG_ON_ZERO(__same_type((a), &(a)[0]))
345
346 #endif /* __LINUX_COMPILER_H */