linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Catalin Marinas <catalin.marinas@arm.com>
To: Guo Ren <guoren@kernel.org>
Cc: "Christoph Müllner" <christophm30@gmail.com>,
	"Peter Zijlstra" <peterz@infradead.org>,
	"Palmer Dabbelt" <palmer@dabbelt.com>,
	"Anup Patel" <anup@brainfault.org>,
	linux-riscv <linux-riscv@lists.infradead.org>,
	"Linux Kernel Mailing List" <linux-kernel@vger.kernel.org>,
	"Guo Ren" <guoren@linux.alibaba.com>,
	"Will Deacon" <will.deacon@arm.com>,
	"Arnd Bergmann" <arnd@arndb.de>
Subject: Re: [PATCH] riscv: locks: introduce ticket-based spinlock implementation
Date: Wed, 14 Apr 2021 10:17:38 +0100	[thread overview]
Message-ID: <20210414091738.GA8320@arm.com> (raw)
In-Reply-To: <CAJF2gTSa8KO_iPn=05-YCHmAKNDkoESvATw+e434GY9eYy1LDw@mail.gmail.com>

On Wed, Apr 14, 2021 at 08:23:51AM +0800, Guo Ren wrote:
> On Tue, Apr 13, 2021 at 5:31 PM Catalin Marinas <catalin.marinas@arm.com> wrote:
> > On Tue, Apr 13, 2021 at 11:22:40AM +0200, Christoph Müllner wrote:
> > > On Tue, Apr 13, 2021 at 10:03 AM Peter Zijlstra <peterz@infradead.org> wrote:
> > > > On Mon, Apr 12, 2021 at 11:54:55PM +0200, Christoph Müllner wrote:
> > > > > On Mon, Apr 12, 2021 at 7:33 PM Palmer Dabbelt <palmer@dabbelt.com> wrote:
> > > > > > My plan is to add a generic ticket-based lock, which can be selected at
> > > > > > compile time.  It'll have no architecture dependencies (though it'll
> > > > > > likely have some hooks for architectures that can make this go faster).
> > > > > > Users can then just pick which spinlock flavor they want, with the idea
> > > > > > being that smaller systems will perform better with ticket locks and
> > > > > > larger systems will perform better with queued locks.  The main goal
> > > > > > here is to give the less widely used architectures an easy way to have
> > > > > > fair locks, as right now we've got a lot of code duplication because any
> > > > > > architecture that wants ticket locks has to do it themselves.
> > > > >
> > > > > In the case of LL/SC sequences, we have a maximum of 16 instructions
> > > > > on RISC-V. My concern with a pure-C implementation would be that
> > > > > we cannot guarantee this (e.g. somebody wants to compile with -O0)
> > > > > and I don't know of a way to abort the build in case this limit exceeds.
> > > > > Therefore I have preferred inline assembly for OpenSBI (my initial idea
> > > > > was to use closure-like LL/SC macros, where you can write the loop
> > > > > in form of C code).
> > > >
> > > > For ticket locks you really only needs atomic_fetch_add() and
> > > > smp_store_release() and an architectural guarantees that the
> > > > atomic_fetch_add() has fwd progress under contention and that a sub-word
> > > > store (through smp_store_release()) will fail the SC.
> > > >
> > > > Then you can do something like:
> > > >
> > > > void lock(atomic_t *lock)
> > > > {
> > > >         u32 val = atomic_fetch_add(1<<16, lock); /* SC, gives us RCsc */
> > > >         u16 ticket = val >> 16;
> > > >
> > > >         for (;;) {
> > > >                 if (ticket == (u16)val)
> > > >                         break;
> > > >                 cpu_relax();
> > > >                 val = atomic_read_acquire(lock);
> > > >         }
> > > > }
> > > >
> > > > void unlock(atomic_t *lock)
> > > > {
> > > >         u16 *ptr = (u16 *)lock + (!!__BIG_ENDIAN__);
> > > >         u32 val = atomic_read(lock);
> > > >
> > > >         smp_store_release(ptr, (u16)val + 1);
> > > > }
> > > >
> > > > That's _almost_ as simple as a test-and-set :-) It isn't quite optimal
> > > > on x86 for not being allowed to use a memop on unlock, since its being
> > > > forced into a load-store because of all the volatile, but whatever.
> > >
> > > What about trylock()?
> > > I.e. one could implement trylock() without a loop, by letting
> > > trylock() fail if the SC fails.
> > > That looks safe on first view, but nobody does this right now.
> 
> I think it's safe for riscv LR/SC, because in spec A 8.3 section:
> "As a consequence of the eventuality guarantee, if some harts in an
> execution environment are executing constrained LR/SC loops, and no
> other harts or devices in the execution environment execute an
> unconditional store or AMO to that reservation set, then at least one
> hart will eventually exit its constrained LR/SC loop."

This is clearly talking about _loops_ and that one hart will
_eventually_ exit the loop. It does not say that there is a guaranteed
LR/SC successful sequence or single iteration of the loop.

> So it guarantees LR/SC pair:
> 
> CPU0                   CPU1
> =======             =======
> LR addr1
>                             LR addr1
>                             SC addr1 // guarantee success.
> SC addr1

I don't see the RISC-V spec guaranteeing the (eventual) success of the
SC on CPU1 _without_ a loop.

> But not guarantee, another hart unconditional store (which I mentioned before):
> u32 a = 0x55aa66bb;
> u16 *ptr = &a;
> 
> CPU0                       CPU1
> =========             =========
> xchg16(ptr, new)     while(1)
>                                     WRITE_ONCE(*(ptr + 1), x);

If xchg16() is implemented with LR/SC, that's not guaranteed either. If
it implemented as some form of swap, the architecture may guarantee it's
success (or more like it won't deadlock).

> > Not familiar with RISC-V but I'd recommend that a trylock only fails if
> > the lock is locked (after LR). A SC may fail for other reasons
> > (cacheline eviction; depending on the microarchitecture) even if the
> > lock is unlocked. At least on arm64 we had this issue with an
> > implementation having a tendency to always fail the first STXR.
> 
> I think it's a broken implementation for riscv. SC couldn't fail by
> cache line bouncing and only could fail by another real write.
> That means the HW implementation should use a per-hart address monitor
> not just grab the cache line into the exclusive state without lockdown
> the SNOOP channel.
> I think the implementation of LR/SC you mentioned is a gambling style
> but broke the riscv spec.

Arm has the notion of exclusive monitors (local, global) but an
implementation may fake them by using cacheline states. And that's
allowed since the monitor doesn't need to guarantee success on the first
try but an eventual success of an ldxr/stxr loop.

> Is the patch of Will's would fix up the problem you mentioned?
> ----
> commit 9bb17be062de6f5a9c9643258951aa0935652ec3
> Author: Will Deacon <will.deacon@arm.com>
> Date:   Tue Jul 2 14:54:33 2013 +0100
> 
>     ARM: locks: prefetch the destination word for write prior to strex

No, that's only an optimisation. A prefetch would not guarantee that the
cacheline stays in certain state. There can be a long time between the
LR and SC, especially if interrupts are enabled or if you add
virtualisation into the mix.

The commit I was referring to is 4ecf7ccb1973 ("arm64: spinlock: retry
trylock operation if strex fails on free lock").

-- 
Catalin

  reply	other threads:[~2021-04-14  9:17 UTC|newest]

Thread overview: 49+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-03-24 10:14 [PATCH] riscv: locks: introduce ticket-based spinlock implementation guoren
2021-03-24 11:09 ` Peter Zijlstra
2021-03-24 12:10   ` Guo Ren
     [not found] ` <CAM4kBBK7_s9U2vJbq68yC8WdDEfPQTaCOvn1xds3Si5B-Wpw+A@mail.gmail.com>
2021-03-24 12:23   ` Peter Zijlstra
2021-03-24 12:24   ` Guo Ren
2021-03-24 12:31     ` Peter Zijlstra
2021-03-24 12:28 ` Anup Patel
2021-03-24 12:37   ` Peter Zijlstra
2021-03-24 12:53     ` Anup Patel
2021-04-11 21:11       ` Palmer Dabbelt
2021-04-12 13:32         ` Christoph Müllner
2021-04-12 14:51           ` Peter Zijlstra
2021-04-12 21:21             ` Christoph Müllner
2021-04-12 17:33           ` Palmer Dabbelt
2021-04-12 21:54             ` Christoph Müllner
2021-04-13  8:03               ` Peter Zijlstra
2021-04-13  8:17                 ` Peter Zijlstra
2021-04-14  2:26                   ` Guo Ren
2021-04-14  7:08                     ` Peter Zijlstra
2021-04-14  9:05                       ` Peter Zijlstra
2021-04-14 10:16                         ` [RFC][PATCH] locking: Generic ticket-lock Peter Zijlstra
2021-04-14 12:39                           ` Guo Ren
2021-04-14 12:55                             ` Peter Zijlstra
2021-04-14 13:08                               ` Peter Zijlstra
2021-04-14 15:59                               ` David Laight
2021-04-14 12:45                           ` Peter Zijlstra
2021-04-14 21:02                             ` Stafford Horne
2021-04-14 20:47                           ` Stafford Horne
2021-04-15  8:09                             ` Peter Zijlstra
2021-04-15  9:02                               ` Catalin Marinas
2021-04-15  9:22                                 ` Will Deacon
2021-04-15  9:24                                 ` Peter Zijlstra
2021-04-19 17:35                           ` Will Deacon
2021-04-23  6:44                           ` Palmer Dabbelt
2021-04-13  9:22                 ` [PATCH] riscv: locks: introduce ticket-based spinlock implementation Christoph Müllner
2021-04-13  9:30                   ` Catalin Marinas
2021-04-13  9:55                     ` Christoph Müllner
2021-04-14  0:23                     ` Guo Ren
2021-04-14  9:17                       ` Catalin Marinas [this message]
2021-04-13  9:35                   ` Peter Zijlstra
2021-04-13 10:25                     ` Christoph Müllner
2021-04-13 10:45                       ` Catalin Marinas
2021-04-13 10:54                         ` David Laight
2021-04-14  5:54                           ` Guo Ren
2021-04-13 11:04                         ` Christoph Müllner
2021-04-13 13:19                       ` Guo Ren
2021-09-19 16:53 guoren
2021-09-25 14:47 ` Guo Ren
2021-10-21 13:13   ` Peter Zijlstra

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20210414091738.GA8320@arm.com \
    --to=catalin.marinas@arm.com \
    --cc=anup@brainfault.org \
    --cc=arnd@arndb.de \
    --cc=christophm30@gmail.com \
    --cc=guoren@kernel.org \
    --cc=guoren@linux.alibaba.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-riscv@lists.infradead.org \
    --cc=palmer@dabbelt.com \
    --cc=peterz@infradead.org \
    --cc=will.deacon@arm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).