From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.5 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_SANE_1 autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9F68EC433DF for ; Tue, 7 Jul 2020 22:53:31 +0000 (UTC) Received: from merlin.infradead.org (merlin.infradead.org [205.233.59.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 67AC120738 for ; Tue, 7 Jul 2020 22:53:31 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="2ag8tEtM"; dkim=fail reason="signature verification failed" (1024-bit key) header.d=kernel.org header.i=@kernel.org header.b="vft7wP4C" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 67AC120738 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=kernel.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:Reply-To:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:In-Reply-To:MIME-Version:References:Message-ID: Subject:To:From:Date:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=jK/3hfEz9JWneuEpw/e97cq1jaGaUa5sLH/TIcpo6Sk=; b=2ag8tEtM3ewgm+JwIasVgTq2bK Pz1yKJIOJKph0zQwY4VAeyH7NjzD/xI1xFE8JsZeDQ8uVUgnp2GrU8GpilWS06zLNjgjdRcQiAFYN Ap4bSX/wUSH6vXTk3/LdXC33kXUlRSEf32/7HFWVWVBPz1ZY+CUe2rnP2TMXJ3KDj1Y/eBRqxyW3E T3Ffqydr9byCRpZHx1Ndlzd1TGU7F50e8i5uMWL17QWVwxH0Go22/hedYcTceAcTUlJwN9JUjxThl wcD+Crw5yFZVC4C3zVTFoQJ/OWkwY6BCTdeqDVau5zG1TQNKAVXYjfRWTUpbkUKRjngWnRlBcx+xs iwH51sTg==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1jswQx-0006PP-Fm; Tue, 07 Jul 2020 22:51:27 +0000 Received: from mail.kernel.org ([198.145.29.99]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1jswQt-0006Ne-HN for linux-arm-kernel@lists.infradead.org; Tue, 07 Jul 2020 22:51:25 +0000 Received: from paulmck-ThinkPad-P72.home (50-39-111-31.bvtn.or.frontiernet.net [50.39.111.31]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id CE6882077D; Tue, 7 Jul 2020 22:51:22 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1594162282; bh=qIo6PpemCQ+WG0zoOl3DhnPnPq5fufAVnvuCuXl7avY=; h=Date:From:To:Cc:Subject:Reply-To:References:In-Reply-To:From; b=vft7wP4CGTu/pzkjM310cWRe9nFX1kueTyt1f6M2IB30J2j1PpTPgpsoiGegnaYlj 881JZtwKyNQerDXnE5Eff3Ao4RRD5V2rUIoj913s1rZys6ycR/YsU6Y1ZgvorjPp9v /Np+mb1EDtvMlz6TfBXgbsMv6vAE7D9WNVTuF1kM= Received: by paulmck-ThinkPad-P72.home (Postfix, from userid 1000) id B5C6C35234B0; Tue, 7 Jul 2020 15:51:22 -0700 (PDT) Date: Tue, 7 Jul 2020 15:51:22 -0700 From: "Paul E. McKenney" To: Dave Martin Subject: Re: [PATCH 18/18] arm64: lto: Strengthen READ_ONCE() to acquire when CLANG_LTO=y Message-ID: <20200707225122.GJ9247@paulmck-ThinkPad-P72> References: <20200630173734.14057-1-will@kernel.org> <20200630173734.14057-19-will@kernel.org> <20200701170722.4rte5ssnmrn2uqzg@bakewell.cambridge.arm.com> <20200702072301.GA15963@willie-the-truck> <20200706160023.GB10992@arm.com> <20200706163455.GV9247@paulmck-ThinkPad-P72> <20200706170556.GE10992@arm.com> <20200706173628.GZ9247@paulmck-ThinkPad-P72> <20200707102915.GI10992@arm.com> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <20200707102915.GI10992@arm.com> User-Agent: Mutt/1.9.4 (2018-02-28) X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20200707_185123_787037_8A25817E X-CRM114-Status: GOOD ( 35.77 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: paulmck@kernel.org Cc: Mark Rutland , "Michael S. Tsirkin" , Peter Zijlstra , Catalin Marinas , Jason Wang , virtualization@lists.linux-foundation.org, Will Deacon , Alan Stern , Sami Tolvanen , Matt Turner , kernel-team@android.com, Marco Elver , Kees Cook , Arnd Bergmann , Boqun Feng , Josh Triplett , Ivan Kokshaysky , linux-arm-kernel@lists.infradead.org, Richard Henderson , Nick Desaulniers , linux-kernel@vger.kernel.org, linux-alpha@vger.kernel.org Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org On Tue, Jul 07, 2020 at 11:29:15AM +0100, Dave Martin wrote: > On Mon, Jul 06, 2020 at 10:36:28AM -0700, Paul E. McKenney wrote: > > On Mon, Jul 06, 2020 at 06:05:57PM +0100, Dave Martin wrote: [ . . . ] > > > The underlying problem here seems to be that the necessary ordering > > > rule is not part of what passes for the C memory model prior to C11. > > > If we want to control the data flow, don't we have to wrap the entire > > > dereference in a macro? > > > > Yes, exactly. Because we are relying on things that are not guaranteed > > by the C memory model, we need to pay attention to the implementations. > > As I have said elsewhere, the price of control dependencies is eternal > > vigilance. > > > > And this also applies, to a lesser extent, to address and data > > dependencies, which are also not well supported by the C standard. > > > > There is one important case in which the C memory model -does- support > > control dependencies, and that is when the dependent write is a normal > > C-language write that is not involved in a data race. In that case, > > if the compiler broke the control dependency, it might have introduced > > a data race, which it is forbidden to do. However, this rule can also > > be broken when the compiler knows too much, as it might be able to prove > > that breaking the dependency won't introduce a data race. In that case, > > according to the standard, it is free to break the dependency. > > Which only matters because the C abstract machine may not match reality. > > LTO has no bearing on the abstract machine though. > > If specific compiler options etc. can be added to inhibit the > problematic optimisations, that would be ideal. I guess that can't > happen overnight though. Sadly, I must agree. > > > > > > We likely won't realise if/when this goes wrong, other than impossible to > > > > > > debug, subtle breakage that crops up seemingly randomly. Ideally, we'd be > > > > > > able to detect this sort of thing happening at build time, and perhaps > > > > > > even prevent it with compiler options or annotations, but none of that is > > > > > > close to being available and I'm keen to progress the LTO patches in the > > > > > > meantime because they are a requirement for CFI. > > > > > > > > > > My concern was not so much why LTO makes things dangerous, as why !LTO > > > > > makes things safe... > > > > > > > > Because ignorant compilers are safe compilers! ;-) > > > > > > AFAICT ignorance is no gurantee of ordering in general -- the compiler > > > is free to speculatively invent knowledge any place that the language > > > spec allows it to. !LTO doesn't stop this happening. > > > > Agreed, according to the standard, the compiler has great freedom. > > > > We have two choices: (1) Restrict ourselves to live within the confines of > > the standard or (2) Pay continued close attention to the implementation. > > We have made different choices at different times, but for many ordering > > situations we have gone with door #2. > > > > Me, I have been working to get the standard to better support our > > use case. This is at best slow going. But don't take my word for it, > > ask Will. > > I can believe it. They want to enable optimisations rather than prevent > them... Right in one! ;-) > > > Hopefully some of the knowledge I invented in my reply is valid... > > > > It is. It is just that there are multiple valid strategies, and the > > Linux kernel is currently taking a mixed-strategy approach. > > Ack. The hope that there is a correct way to fix everything dies > hard ;) Either that, or one slowly degrades ones definition of "correct". :-/ > Life was cosier before I started trying to reason about language specs. Same here! Thanx, Paul _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel