Re: [RFC] LKMM: Add volatile_if()

[Alan Stern]

On Fri, Jun 04, 2021 at 10:10:29AM -0700, Linus Torvalds wrote:
> On Fri, Jun 4, 2021 at 9:37 AM Peter Zijlstra <peterz@xxxxxxxxxxxxx> wrote:
> >
> > >
> > > Why is "volatile_if()" not just
> > >
> > >        #define barier_true() ({ barrier(); 1; })
> > >
> > >        #define volatile_if(x) if ((x) && barrier_true())
> >
> > Because we weren't sure compilers weren't still allowed to optimize the
> > branch away.
> 
> This isn't about some "compiler folks think".
> 
> The above CANNOT be compiled any other way than with a branch.
> 
> A compiler that optimizes a branch away is simply broken.
> 
> Of course, the actual condition (ie "x" above) has to be something
> that the compiler cannot statically determine is a constant, but since
> the whole - and only - point is that there will be a READ_ONCE() or
> similar there, that's not an issue.

In fact there is one weird case where it is an issue (mentioned in 
memory-barriers.txt):

If some obscure arch-specific header file does:

	#define FOO	1

and an unwitting programmer writes:

	volatile_if (READ_ONCE(*y) % FOO == 0)
		WRITE_ONCE(*z, 5);

then the compiler _can_ statically determine that the condition is a 
constant, in spite of the READ_ONCE, but this fact isn't apparent to the 
programmer.  The generated object code will include both the read and 
the write, but there won't necessarily be any ordering between them.

I don't know if cases like this exist in the kernel.  It wouldn't be 
surprising if they did though, particularly in situations where a 
feature (like multi-level page tables) may be compiled away.

Alan