Re: [PATCH locking/Documentation 1/2] Add note of release-acquire store vulnerability

From: Peter Zijlstra
Date: Thu Sep 29 2016 - 14:44:56 EST


On Thu, Sep 29, 2016 at 11:10:15AM -0700, Paul E. McKenney wrote:
> > >
> > > P0(int *x, int *y)
> > > {
> > > WRITE_ONCE(*x, 1);
> > > smp_wmb();
> > > smp_store_release(y, 1);
> > > }
> > >
> > > P1(int *y)
> > > {
> > > WRITE_ONCE(*y, 2);
> > > }
> > >
> > > P2(int *x, int *y)
> > > {
> > > r1 = smp_load_acquire(y);
> > > r2 = READ_ONCE(*x);
> > > }
> > >
> > > Both ARM and powerpc allow the "after the dust settles" outcome (r1=2 &&
> > > r2=0), as does the current version of the early prototype Linux-kernel
> >
> > And the above needs to be (r1!=2 || r2 != 0)... Sigh!
>
> Make that (y==2 && r1==2 && r2 == 0).
>
> Any further bids? ;-)

Isn't that the trivial P1,P2,P0 order again?

How about something like so on PPC?

P0(int *x, int *y)
{
WRITE_ONCE(*x, 1);
smp_store_release(y, 1);
}

P1(int *x, int *y)
{
WRITE_ONCE(x, 2);
smp_store_release(y, 2);
}

P2(int *x, int *y)
{
r1 = smp_load_acquire(y);
r2 = READ_ONCE(*x);
}

(((x==1 && y==2) | (x==2 && y==1)) && (r1==1 || r1==2) && r2==0)

If you execute P0 and P1 concurrently and one store of each 'wins' the
LWSYNC of either is null and void, and therefore P2 is unordered and can
observe r2==0.