From: Alexander Potapenko <glider@google.com>
To: Paul McKenney <paulmck@linux.ibm.com>,
Peter Zijlstra <peterz@infradead.org>,
"H. Peter Anvin" <hpa@zytor.com>, Ingo Molnar <mingo@kernel.org>
Cc: LKML <linux-kernel@vger.kernel.org>,
Dmitriy Vyukov <dvyukov@google.com>,
James Y Knight <jyknight@google.com>
Subject: Potentially missing "memory" clobbers in bitops.h for x86
Date: Thu, 28 Mar 2019 15:14:12 +0100 [thread overview]
Message-ID: <CAG_fn=X9tpSW6jvJd_COk_RU8zvcr-cxSWuJ05qcV0LotTxEEQ@mail.gmail.com> (raw)
Hello,
arch/x86/include/asm/bitops.h defines clear_bit(nr, addr) for
non-constant |nr| values as follows:
void clear_bit(long nr, volatile unsigned long *addr) {
asm volatile("lock; btr %1,%0"
: "+m"(*(volatile long *)addr)
: "Ir" (nr));
}
(https://elixir.bootlin.com/linux/latest/source/arch/x86/include/asm/bitops.h#L111)
According to the comments in the file, |nr| may be arbitrarily large.
However the assembly constraints only imply that the first unsigned
long value at |addr| is written to.
This may result in the compiler ignoring the effect of the asm directive.
Consider the following example (https://godbolt.org/z/naTmjn):
#include <stdio.h>
void clear_bit(long nr, volatile unsigned long *addr) {
asm volatile("lock; btr %1,%0"
: "+m"(*(volatile long *)addr)
: "Ir" (nr));
}
unsigned long foo() {
unsigned long addr[2] = {1, 2};
clear_bit(65, addr);
return addr[0] + addr[1];
}
int main() {
printf("foo: %lu\n", foo());
}
Depending on the optimization level, the program may print either 1
(for -O0 and -O1) or 3 (for -O2 and -O3).
This is because on higher optimization levels GCC assumes that addr[1]
is unchanged and directly propagates the constant to the result.
I suspect the definitions of clear_bit() and similar functions are
lacking the "memory" clobber.
But the whole file tends to be very picky about whether this clobber
needs to be applied in each case, so in the case of a performance
penalty we may need to consider alternative approaches to fixing this
code.
--
Alexander Potapenko
Software Engineer
Google Germany GmbH
Erika-Mann-Straße, 33
80636 München
Geschäftsführer: Paul Manicle, Halimah DeLaine Prado
Registergericht und -nummer: Hamburg, HRB 86891
Sitz der Gesellschaft: Hamburg
next reply other threads:[~2019-03-28 14:14 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-03-28 14:14 Alexander Potapenko [this message]
2019-03-28 16:22 ` Potentially missing "memory" clobbers in bitops.h for x86 Paul E. McKenney
2019-03-29 15:54 ` Alexander Potapenko
2019-03-29 20:52 ` H. Peter Anvin
2019-03-29 21:09 ` Paul E. McKenney
2019-03-29 21:51 ` H. Peter Anvin
2019-03-29 22:05 ` Paul E. McKenney
2019-03-29 22:30 ` hpa
2019-04-01 10:53 ` Peter Zijlstra
2019-04-01 15:44 ` Paul E. McKenney
2019-04-01 16:04 ` Peter Zijlstra
2019-04-01 15:00 ` Alexander Potapenko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAG_fn=X9tpSW6jvJd_COk_RU8zvcr-cxSWuJ05qcV0LotTxEEQ@mail.gmail.com' \
--to=glider@google.com \
--cc=dvyukov@google.com \
--cc=hpa@zytor.com \
--cc=jyknight@google.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@kernel.org \
--cc=paulmck@linux.ibm.com \
--cc=peterz@infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.