RE: Potentially Broken Address Dependency via test_bit() When Compiling With Clang

From: David Laight
Date: Wed Oct 27 2021 - 07:56:24 EST


From: Paul Heidekrüger
> Sent: 27 October 2021 11:20
>
> For my bachelor thesis, I have been working on the infamous problem of
> potentially broken dependency orderings in the Linux kernel. I'm being
> advised by Marco Elver, Charalampos Mainas, Pramod Bhatotia (Cc'd).
>
> For context, see:
> https://linuxplumbersconf.org/event/7/contributions/821/attachments/598/1075/LPC_2020_--
> _Dependency_ordering.pdf
>
> Our approach consists of two LLVM compiler passes which annotate
> dependencies in unoptimised intermediate representation (IR) and verify
> the annotated dependencies in optimised IR. ATM, the passes only
> recognise a subset of address dependencies - everything is still WIP ;-)
>
> We have been cross-compiling with a slightly modified version of
> allyesconfig for arm64, and the passes have now found a case that we
> would like to share with LKML for feedback: an address dependency being
> broken (?) through compiler optimisations in
> fs/afs/addr_list.c::afs_iterate_addresses().
>
> Address dependency in source code, lines 373 - 375 in fs/afs/addr_list.c:
>
> > [...]
> > index = READ_ONCE(ac->alist->preferred);
> > if (test_bit(index, &set))
> > goto selected;
> > [...]
>
> where test_bit() expands to the following in
> include/asm-generic/bitops/non-atomic.h, lines 115 - 122:
>
> > static __always_inline int
> > arch_test_bit(unsigned int nr, const volatile unsigned long *addr)
> > {
> > return 1UL & (addr[BIT_WORD(nr)] >> (nr & (BITS_PER_LONG-1)));
> > }
> > #define test_bit arch_test_bit

I don't think there is expected to be an address dependency.
The READ_ONCE() is needed to ensure the generated code doesn't use
two different values for 'index' - eg for 'nr' inside arch_test_bit().

David

-
Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
Registration No: 1397386 (Wales)