~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/Documentation/process/volatile-considered-harmful.rst

Version: ~ [ linux-6.12-rc7 ] ~ [ linux-6.11.7 ] ~ [ linux-6.10.14 ] ~ [ linux-6.9.12 ] ~ [ linux-6.8.12 ] ~ [ linux-6.7.12 ] ~ [ linux-6.6.60 ] ~ [ linux-6.5.13 ] ~ [ linux-6.4.16 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.116 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.171 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.229 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.285 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.323 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.336 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.12 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

Diff markup

Differences between /Documentation/process/volatile-considered-harmful.rst (Version linux-6.12-rc7) and /Documentation/process/volatile-considered-harmful.rst (Version linux-6.7.12)


  1                                                     1 
  2 .. _volatile_considered_harmful:                    2 .. _volatile_considered_harmful:
  3                                                     3 
  4 Why the "volatile" type class should not be us      4 Why the "volatile" type class should not be used
  5 ----------------------------------------------      5 ------------------------------------------------
  6                                                     6 
  7 C programmers have often taken volatile to mea      7 C programmers have often taken volatile to mean that the variable could be
  8 changed outside of the current thread of execu      8 changed outside of the current thread of execution; as a result, they are
  9 sometimes tempted to use it in kernel code whe      9 sometimes tempted to use it in kernel code when shared data structures are
 10 being used.  In other words, they have been kn     10 being used.  In other words, they have been known to treat volatile types
 11 as a sort of easy atomic variable, which they      11 as a sort of easy atomic variable, which they are not.  The use of volatile in
 12 kernel code is almost never correct; this docu     12 kernel code is almost never correct; this document describes why.
 13                                                    13 
 14 The key point to understand with regard to vol     14 The key point to understand with regard to volatile is that its purpose is
 15 to suppress optimization, which is almost neve     15 to suppress optimization, which is almost never what one really wants to
 16 do.  In the kernel, one must protect shared da     16 do.  In the kernel, one must protect shared data structures against
 17 unwanted concurrent access, which is very much     17 unwanted concurrent access, which is very much a different task.  The
 18 process of protecting against unwanted concurr     18 process of protecting against unwanted concurrency will also avoid almost
 19 all optimization-related problems in a more ef     19 all optimization-related problems in a more efficient way.
 20                                                    20 
 21 Like volatile, the kernel primitives which mak     21 Like volatile, the kernel primitives which make concurrent access to data
 22 safe (spinlocks, mutexes, memory barriers, etc     22 safe (spinlocks, mutexes, memory barriers, etc.) are designed to prevent
 23 unwanted optimization.  If they are being used     23 unwanted optimization.  If they are being used properly, there will be no
 24 need to use volatile as well.  If volatile is      24 need to use volatile as well.  If volatile is still necessary, there is
 25 almost certainly a bug in the code somewhere.      25 almost certainly a bug in the code somewhere.  In properly-written kernel
 26 code, volatile can only serve to slow things d     26 code, volatile can only serve to slow things down.
 27                                                    27 
 28 Consider a typical block of kernel code::          28 Consider a typical block of kernel code::
 29                                                    29 
 30     spin_lock(&the_lock);                          30     spin_lock(&the_lock);
 31     do_something_on(&shared_data);                 31     do_something_on(&shared_data);
 32     do_something_else_with(&shared_data);          32     do_something_else_with(&shared_data);
 33     spin_unlock(&the_lock);                        33     spin_unlock(&the_lock);
 34                                                    34 
 35 If all the code follows the locking rules, the     35 If all the code follows the locking rules, the value of shared_data cannot
 36 change unexpectedly while the_lock is held.  A     36 change unexpectedly while the_lock is held.  Any other code which might
 37 want to play with that data will be waiting on     37 want to play with that data will be waiting on the lock.  The spinlock
 38 primitives act as memory barriers - they are e     38 primitives act as memory barriers - they are explicitly written to do so -
 39 meaning that data accesses will not be optimiz     39 meaning that data accesses will not be optimized across them.  So the
 40 compiler might think it knows what will be in      40 compiler might think it knows what will be in shared_data, but the
 41 spin_lock() call, since it acts as a memory ba     41 spin_lock() call, since it acts as a memory barrier, will force it to
 42 forget anything it knows.  There will be no op     42 forget anything it knows.  There will be no optimization problems with
 43 accesses to that data.                             43 accesses to that data.
 44                                                    44 
 45 If shared_data were declared volatile, the loc     45 If shared_data were declared volatile, the locking would still be
 46 necessary.  But the compiler would also be pre     46 necessary.  But the compiler would also be prevented from optimizing access
 47 to shared_data _within_ the critical section,      47 to shared_data _within_ the critical section, when we know that nobody else
 48 can be working with it.  While the lock is hel     48 can be working with it.  While the lock is held, shared_data is not
 49 volatile.  When dealing with shared data, prop     49 volatile.  When dealing with shared data, proper locking makes volatile
 50 unnecessary - and potentially harmful.             50 unnecessary - and potentially harmful.
 51                                                    51 
 52 The volatile storage class was originally mean     52 The volatile storage class was originally meant for memory-mapped I/O
 53 registers.  Within the kernel, register access     53 registers.  Within the kernel, register accesses, too, should be protected
 54 by locks, but one also does not want the compi     54 by locks, but one also does not want the compiler "optimizing" register
 55 accesses within a critical section.  But, with     55 accesses within a critical section.  But, within the kernel, I/O memory
 56 accesses are always done through accessor func     56 accesses are always done through accessor functions; accessing I/O memory
 57 directly through pointers is frowned upon and      57 directly through pointers is frowned upon and does not work on all
 58 architectures.  Those accessors are written to     58 architectures.  Those accessors are written to prevent unwanted
 59 optimization, so, once again, volatile is unne     59 optimization, so, once again, volatile is unnecessary.
 60                                                    60 
 61 Another situation where one might be tempted t     61 Another situation where one might be tempted to use volatile is
 62 when the processor is busy-waiting on the valu     62 when the processor is busy-waiting on the value of a variable.  The right
 63 way to perform a busy wait is::                    63 way to perform a busy wait is::
 64                                                    64 
 65     while (my_variable != what_i_want)             65     while (my_variable != what_i_want)
 66         cpu_relax();                               66         cpu_relax();
 67                                                    67 
 68 The cpu_relax() call can lower CPU power consu     68 The cpu_relax() call can lower CPU power consumption or yield to a
 69 hyperthreaded twin processor; it also happens      69 hyperthreaded twin processor; it also happens to serve as a compiler
 70 barrier, so, once again, volatile is unnecessa     70 barrier, so, once again, volatile is unnecessary.  Of course, busy-
 71 waiting is generally an anti-social act to beg     71 waiting is generally an anti-social act to begin with.
 72                                                    72 
 73 There are still a few rare situations where vo     73 There are still a few rare situations where volatile makes sense in the
 74 kernel:                                            74 kernel:
 75                                                    75 
 76   - The above-mentioned accessor functions mig     76   - The above-mentioned accessor functions might use volatile on
 77     architectures where direct I/O memory acce     77     architectures where direct I/O memory access does work.  Essentially,
 78     each accessor call becomes a little critic     78     each accessor call becomes a little critical section on its own and
 79     ensures that the access happens as expecte     79     ensures that the access happens as expected by the programmer.
 80                                                    80 
 81   - Inline assembly code which changes memory,     81   - Inline assembly code which changes memory, but which has no other
 82     visible side effects, risks being deleted      82     visible side effects, risks being deleted by GCC.  Adding the volatile
 83     keyword to asm statements will prevent thi     83     keyword to asm statements will prevent this removal.
 84                                                    84 
 85   - The jiffies variable is special in that it     85   - The jiffies variable is special in that it can have a different value
 86     every time it is referenced, but it can be     86     every time it is referenced, but it can be read without any special
 87     locking.  So jiffies can be volatile, but      87     locking.  So jiffies can be volatile, but the addition of other
 88     variables of this type is strongly frowned     88     variables of this type is strongly frowned upon.  Jiffies is considered
 89     to be a "stupid legacy" issue (Linus's wor     89     to be a "stupid legacy" issue (Linus's words) in this regard; fixing it
 90     would be more trouble than it is worth.        90     would be more trouble than it is worth.
 91                                                    91 
 92   - Pointers to data structures in coherent me     92   - Pointers to data structures in coherent memory which might be modified
 93     by I/O devices can, sometimes, legitimatel     93     by I/O devices can, sometimes, legitimately be volatile.  A ring buffer
 94     used by a network adapter, where that adap     94     used by a network adapter, where that adapter changes pointers to
 95     indicate which descriptors have been proce     95     indicate which descriptors have been processed, is an example of this
 96     type of situation.                             96     type of situation.
 97                                                    97 
 98 For most code, none of the above justification     98 For most code, none of the above justifications for volatile apply.  As a
 99 result, the use of volatile is likely to be se     99 result, the use of volatile is likely to be seen as a bug and will bring
100 additional scrutiny to the code.  Developers w    100 additional scrutiny to the code.  Developers who are tempted to use
101 volatile should take a step back and think abo    101 volatile should take a step back and think about what they are truly trying
102 to accomplish.                                    102 to accomplish.
103                                                   103 
104 Patches to remove volatile variables are gener    104 Patches to remove volatile variables are generally welcome - as long as
105 they come with a justification which shows tha    105 they come with a justification which shows that the concurrency issues have
106 been properly thought through.                    106 been properly thought through.
107                                                   107 
108                                                   108 
109 References                                        109 References
110 ==========                                        110 ==========
111                                                   111 
112 [1] https://lwn.net/Articles/233481/              112 [1] https://lwn.net/Articles/233481/
113                                                   113 
114 [2] https://lwn.net/Articles/233482/              114 [2] https://lwn.net/Articles/233482/
115                                                   115 
116 Credits                                           116 Credits
117 =======                                           117 =======
118                                                   118 
119 Original impetus and research by Randy Dunlap     119 Original impetus and research by Randy Dunlap
120                                                   120 
121 Written by Jonathan Corbet                        121 Written by Jonathan Corbet
122                                                   122 
123 Improvements via comments from Satyam Sharma,     123 Improvements via comments from Satyam Sharma, Johannes Stezenbach, Jesper
124 Juhl, Heikki Orsila, H. Peter Anvin, Philipp H    124 Juhl, Heikki Orsila, H. Peter Anvin, Philipp Hahn, and Stefan
125 Richter.                                          125 Richter.
                                                      

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

sflogo.php