Re: [RFC] LKMM: Add volatile_if()

From: Linus Torvalds
Date: Fri Jun 04 2021 - 18:20:47 EST

Next message: Laurent Pinchart: "Re: [PATCH v2] media: uvcvideo: Fix pixel format change for Elgato Cam Link 4K"
Previous message: Borislav Petkov: "Re: [RFC v2-fix-v2 1/1] x86: Introduce generic protected guest abstractionn"
In reply to: Paul E. McKenney: "Re: [RFC] LKMM: Add volatile_if()"
Next in thread: Alan Stern: "Re: [RFC] LKMM: Add volatile_if()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Jun 4, 2021 at 2:40 PM Paul E. McKenney <paulmck@xxxxxxxxxx> wrote:
>
> Here is one use case:
>
> volatile_if(READ_ONCE(A)) {
> WRITE_ONCE(B, 1);
> do_something();
> } else {
> WRITE_ONCE(B, 1);
> do_something_else();
> }
>
> With plain "if", the compiler is within its rights to do this:
>
> tmp = READ_ONCE(A);
> WRITE_ONCE(B, 1);
> if (tmp)
> do_something();
> else
> do_something_else();
>
> On x86, still no problem. But weaker hardware could now reorder the
> store to B before the load from A. With volatile_if(), this reordering
> would be prevented.

But *should* it be prevented? For code like the above?

I'm not really seeing that the above is a valid code sequence.

Sure, that "WRITE_ONCE(B, 1)" could be seen as a lock release, and
then it would be wrong to have the read of 'A' happen after the lock
has actually been released. But if that's the case, then it should
have used a smp_store_release() in the first place, not a
WRITE_ONCE().

So I don't see the above as much of a valid example of actual
READ/WRITE_ONCE() use.

If people use READ/WRITE_ONCE() like the above, and they actually
depend on that kind of ordering, I think that code is likely wrong to
begin with. Using "volatile_if()" doesn't make it more valid.

Now, part of this is that I do think that in *general* we should never
use this very suble load-cond-store pattern to begin with. We should
strive to use more smp_load_acquire() and smp_store_release() if we
care about ordering of accesses. They are typically cheap enough, and
if there's much of an ordering issue, they are the right things to do.

I think the whole "load-to-store ordering" subtle non-ordered case is
for very very special cases, when you literally don't have a general
memory ordering, you just have an ordering for *one* very particular
access. Like some of the very magical code in the rw-semaphore case,
or that smp_cond_load_acquire().

IOW, I would expect that we have a handful of uses of this thing. And
none of them have that "the conditional store is the same on both
sides" pattern, afaik.

And immediately when the conditional store is different, you end up
having a dependency on it that orders it.

But I guess I can accept the above made-up example as an "argument",
even though I feel it is entirely irrelevant to the actual issues and
uses we have.

Linus

Next message: Laurent Pinchart: "Re: [PATCH v2] media: uvcvideo: Fix pixel format change for Elgato Cam Link 4K"
Previous message: Borislav Petkov: "Re: [RFC v2-fix-v2 1/1] x86: Introduce generic protected guest abstractionn"
In reply to: Paul E. McKenney: "Re: [RFC] LKMM: Add volatile_if()"
Next in thread: Alan Stern: "Re: [RFC] LKMM: Add volatile_if()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]