Re: [PATCH 18/18] arm64: lto: Strengthen READ_ONCE() to acquire when CLANG_LTO=y

[PATCH 00/18] Allow architectures to override __READ_ONCE() · Will Deacon <will@kernel.org> · 2020-06-30
[PATCH 01/18] tools: bpf: Use local copy of headers including uapi/linux/filter.h · Will Deacon <will@kernel.org> · 2020-06-30
Re: [PATCH 01/18] tools: bpf: Use local copy of headers including uapi/linux/filter.h · Alexei Starovoitov <hidden> · 2020-07-01
[PATCH 02/18] compiler.h: Split {READ,WRITE}_ONCE definitions out into rwonce.h · Will Deacon <will@kernel.org> · 2020-06-30
Re: [PATCH 02/18] compiler.h: Split {READ,WRITE}_ONCE definitions out into rwonce.h · Arnd Bergmann <arnd@arndb.de> · 2020-06-30
Re: [PATCH 02/18] compiler.h: Split {READ,WRITE}_ONCE definitions out into rwonce.h · Will Deacon <will@kernel.org> · 2020-07-01
Re: [PATCH 02/18] compiler.h: Split {READ,WRITE}_ONCE definitions out into rwonce.h · Arnd Bergmann <arnd@arndb.de> · 2020-07-01
[PATCH 03/18] asm/rwonce: Allow __READ_ONCE to be overridden by the architecture · Will Deacon <will@kernel.org> · 2020-06-30
[PATCH 04/18] alpha: Override READ_ONCE() with barriered implementation · Will Deacon <will@kernel.org> · 2020-06-30
Re: [PATCH 04/18] alpha: Override READ_ONCE() with barriered implementation · Mark Rutland <mark.rutland@arm.com> · 2020-07-02
Re: [PATCH 04/18] alpha: Override READ_ONCE() with barriered implementation · Will Deacon <will@kernel.org> · 2020-07-02
Re: [PATCH 04/18] alpha: Override READ_ONCE() with barriered implementation · Arnd Bergmann <arnd@arndb.de> · 2020-07-02
Re: [PATCH 04/18] alpha: Override READ_ONCE() with barriered implementation · Will Deacon <will@kernel.org> · 2020-07-02
Re: [PATCH 04/18] alpha: Override READ_ONCE() with barriered implementation · Arnd Bergmann <arnd@arndb.de> · 2020-07-02
Re: [PATCH 04/18] alpha: Override READ_ONCE() with barriered implementation · Joel Fernandes <hidden> · 2020-07-02
Re: [PATCH 04/18] alpha: Override READ_ONCE() with barriered implementation · Will Deacon <will@kernel.org> · 2020-07-02
Re: [PATCH 04/18] alpha: Override READ_ONCE() with barriered implementation · Joel Fernandes <hidden> · 2020-07-02
[PATCH 05/18] asm/rwonce: Remove smp_read_barrier_depends() invocation · Will Deacon <will@kernel.org> · 2020-06-30
[PATCH 06/18] vhost: Remove redundant use of read_barrier_depends() barrier · Will Deacon <will@kernel.org> · 2020-06-30
[PATCH 07/18] alpha: Replace smp_read_barrier_depends() usage with smp_[r]mb() · Will Deacon <will@kernel.org> · 2020-06-30
[PATCH 08/18] locking/barriers: Remove definitions for [smp_]read_barrier_depends() · Will Deacon <will@kernel.org> · 2020-06-30
[PATCH 09/18] Documentation/barriers: Remove references to [smp_]read_barrier_depends() · Will Deacon <will@kernel.org> · 2020-06-30
[PATCH 10/18] Documentation/barriers/kokr: Remove references to [smp_]read_barrier_depends() · Will Deacon <will@kernel.org> · 2020-06-30
[PATCH 11/18] tools/memory-model: Remove smp_read_barrier_depends() from informal doc · Will Deacon <will@kernel.org> · 2020-06-30
[PATCH 12/18] include/linux: Remove smp_read_barrier_depends() from comments · Will Deacon <will@kernel.org> · 2020-06-30
[PATCH 13/18] checkpatch: Remove checks relating to [smp_]read_barrier_depends() · Will Deacon <will@kernel.org> · 2020-06-30
[PATCH 14/18] arm64: Reduce the number of header files pulled into vmlinux.lds.S · Will Deacon <will@kernel.org> · 2020-06-30
[PATCH 15/18] arm64: alternatives: Split up alternative.h · Will Deacon <will@kernel.org> · 2020-06-30
[PATCH 17/18] arm64: alternatives: Remove READ_ONCE() usage during patch operation · Will Deacon <will@kernel.org> · 2020-06-30
[PATCH 16/18] arm64: cpufeatures: Add capability for LDAPR instruction · Will Deacon <will@kernel.org> · 2020-06-30
[PATCH 18/18] arm64: lto: Strengthen READ_ONCE() to acquire when CLANG_LTO=y · Will Deacon <will@kernel.org> · 2020-06-30
Re: [PATCH 18/18] arm64: lto: Strengthen READ_ONCE() to acquire when CLANG_LTO=y · Arnd Bergmann <arnd@arndb.de> · 2020-06-30
Re: [PATCH 18/18] arm64: lto: Strengthen READ_ONCE() to acquire when CLANG_LTO=y · Will Deacon <will@kernel.org> · 2020-07-01
Re: [PATCH 18/18] arm64: lto: Strengthen READ_ONCE() to acquire when CLANG_LTO=y · Arnd Bergmann <arnd@arndb.de> · 2020-07-01
Re: [PATCH 18/18] arm64: lto: Strengthen READ_ONCE() to acquire when CLANG_LTO=y · Marco Elver <elver@google.com> · 2020-06-30
Re: [PATCH 18/18] arm64: lto: Strengthen READ_ONCE() to acquire when CLANG_LTO=y · Peter Zijlstra <peterz@infradead.org> · 2020-06-30
Re: [PATCH 18/18] arm64: lto: Strengthen READ_ONCE() to acquire when CLANG_LTO=y · Sami Tolvanen <samitolvanen@google.com> · 2020-06-30
Re: [PATCH 18/18] arm64: lto: Strengthen READ_ONCE() to acquire when CLANG_LTO=y · Will Deacon <will@kernel.org> · 2020-07-01
Re: [PATCH 18/18] arm64: lto: Strengthen READ_ONCE() to acquire when CLANG_LTO=y · Will Deacon <will@kernel.org> · 2020-07-01
Re: [PATCH 18/18] arm64: lto: Strengthen READ_ONCE() to acquire when CLANG_LTO=y · Dave P Martin <dave.martin@arm.com> · 2020-07-01
Re: [PATCH 18/18] arm64: lto: Strengthen READ_ONCE() to acquire when CLANG_LTO=y · Will Deacon <will@kernel.org> · 2020-07-02
Re: [PATCH 18/18] arm64: lto: Strengthen READ_ONCE() to acquire when CLANG_LTO=y · Dave Martin <Dave.Martin@arm.com> · 2020-07-06
Re: [PATCH 18/18] arm64: lto: Strengthen READ_ONCE() to acquire when CLANG_LTO=y · "Paul E. McKenney" <paulmck@kernel.org> · 2020-07-06
Re: [PATCH 18/18] arm64: lto: Strengthen READ_ONCE() to acquire when CLANG_LTO=y · Dave Martin <Dave.Martin@arm.com> · 2020-07-06
Re: [PATCH 18/18] arm64: lto: Strengthen READ_ONCE() to acquire when CLANG_LTO=y · "Paul E. McKenney" <paulmck@kernel.org> · 2020-07-06
Re: [PATCH 18/18] arm64: lto: Strengthen READ_ONCE() to acquire when CLANG_LTO=y · Dave Martin <Dave.Martin@arm.com> · 2020-07-07
Re: [PATCH 18/18] arm64: lto: Strengthen READ_ONCE() to acquire when CLANG_LTO=y · "Paul E. McKenney" <paulmck@kernel.org> · 2020-07-07
Re: [PATCH 18/18] arm64: lto: Strengthen READ_ONCE() to acquire when CLANG_LTO=y · Nick Desaulniers <hidden> · 2020-07-07
Re: [PATCH 18/18] arm64: lto: Strengthen READ_ONCE() to acquire when CLANG_LTO=y · Marco Elver <elver@google.com> · 2020-07-08
Re: [PATCH 18/18] arm64: lto: Strengthen READ_ONCE() to acquire when CLANG_LTO=y · Peter Zijlstra <peterz@infradead.org> · 2020-07-08
Re: [PATCH 18/18] arm64: lto: Strengthen READ_ONCE() to acquire when CLANG_LTO=y · "Paul E. McKenney" <paulmck@kernel.org> · 2020-07-08
Re: [PATCH 18/18] arm64: lto: Strengthen READ_ONCE() to acquire when CLANG_LTO=y · Will Deacon <will@kernel.org> · 2020-07-06
Re: [PATCH 18/18] arm64: lto: Strengthen READ_ONCE() to acquire when CLANG_LTO=y · Marco Elver <elver@google.com> · 2020-07-06
Re: [PATCH 18/18] arm64: lto: Strengthen READ_ONCE() to acquire when CLANG_LTO=y · "Paul E. McKenney" <paulmck@kernel.org> · 2020-07-06
Re: [PATCH 18/18] arm64: lto: Strengthen READ_ONCE() to acquire when CLANG_LTO=y · Dave Martin <Dave.Martin@arm.com> · 2020-07-06
Re: [PATCH 18/18] arm64: lto: Strengthen READ_ONCE() to acquire when CLANG_LTO=y · Will Deacon <will@kernel.org> · 2020-07-06
Re: [PATCH 18/18] arm64: lto: Strengthen READ_ONCE() to acquire when CLANG_LTO=y · Dave Martin <Dave.Martin@arm.com> · 2020-07-07
Re: [PATCH 00/18] Allow architectures to override __READ_ONCE() · Josh Triplett <josh@joshtriplett.org> · 2020-07-01

From: Nick Desaulniers <hidden>
Date: 2020-07-07 23:01:45
Also in: linux-alpha, lkml, virtualization

I'm trying to put together a Micro Conference for Linux Plumbers
conference focused on "make LLVM slightly less shitty."  Do you all
plan on attending the conference? Would it be worthwhile to hold a
session focused on discussing this (LTO and memory models) be
worthwhile?


On Tue, Jul 7, 2020 at 3:51 PM Paul E. McKenney [off-list ref] wrote:

On Tue, Jul 07, 2020 at 11:29:15AM +0100, Dave Martin wrote:

quoted

On Mon, Jul 06, 2020 at 10:36:28AM -0700, Paul E. McKenney wrote:

quoted

On Mon, Jul 06, 2020 at 06:05:57PM +0100, Dave Martin wrote:

[ . . . ]

quoted

The underlying problem here seems to be that the necessary ordering
rule is not part of what passes for the C memory model prior to C11.
If we want to control the data flow, don't we have to wrap the entire
dereference in a macro?

Yes, exactly.  Because we are relying on things that are not guaranteed
by the C memory model, we need to pay attention to the implementations.
As I have said elsewhere, the price of control dependencies is eternal
vigilance.

And this also applies, to a lesser extent, to address and data
dependencies, which are also not well supported by the C standard.

There is one important case in which the C memory model -does- support
control dependencies, and that is when the dependent write is a normal
C-language write that is not involved in a data race.  In that case,
if the compiler broke the control dependency, it might have introduced
a data race, which it is forbidden to do.  However, this rule can also
be broken when the compiler knows too much, as it might be able to prove
that breaking the dependency won't introduce a data race.  In that case,
according to the standard, it is free to break the dependency.

Which only matters because the C abstract machine may not match reality.

LTO has no bearing on the abstract machine though.

If specific compiler options etc. can be added to inhibit the
problematic optimisations, that would be ideal.  I guess that can't
happen overnight though.

Sadly, I must agree.

quoted

We likely won't realise if/when this goes wrong, other than impossible to
debug, subtle breakage that crops up seemingly randomly. Ideally, we'd be
able to detect this sort of thing happening at build time, and perhaps
even prevent it with compiler options or annotations, but none of that is
close to being available and I'm keen to progress the LTO patches in the
meantime because they are a requirement for CFI.

My concern was not so much why LTO makes things dangerous, as why !LTO
makes things safe...

Because ignorant compilers are safe compilers!  ;-)

AFAICT ignorance is no gurantee of ordering in general -- the compiler
is free to speculatively invent knowledge any place that the language
spec allows it to.  !LTO doesn't stop this happening.

Agreed, according to the standard, the compiler has great freedom.

We have two choices: (1) Restrict ourselves to live within the confines of
the standard or (2) Pay continued close attention to the implementation.
We have made different choices at different times, but for many ordering
situations we have gone with door #2.

Me, I have been working to get the standard to better support our
use case.  This is at best slow going.  But don't take my word for it,
ask Will.

I can believe it.  They want to enable optimisations rather than prevent
them...

Right in one!  ;-)

quoted

Hopefully some of the knowledge I invented in my reply is valid...

It is.  It is just that there are multiple valid strategies, and the
Linux kernel is currently taking a mixed-strategy approach.

Ack.  The hope that there is a correct way to fix everything dies
hard ;)

Either that, or one slowly degrades ones definition of "correct".  :-/

quoted

Life was cosier before I started trying to reason about language specs.

Same here!

                                                        Thanx, Paul



-- 
Thanks,
~Nick Desaulniers

_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help