Re: [RFC] tools/memory-model: Rule out OOTA

From: Peter Zijlstra
Date: Thu Jan 09 2025 - 15:37:25 EST

Next message: Kees Cook: "Re: [linus:master] [fortify] 239d87327d: vm-scalability.throughput 17.3% improvement"
Previous message: Andreas Hindborg: "Re: [PATCH v11 2/8] mm: rust: add vm_area_struct methods that require read access"
In reply to: Paul E. McKenney: "Re: [RFC] tools/memory-model: Rule out OOTA"
Next in thread: Paul E. McKenney: "Re: [RFC] tools/memory-model: Rule out OOTA"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Jan 09, 2025 at 09:54:28AM -0800, Paul E. McKenney wrote:
> > P0(int *a, int *b, int *x, int *y) {
> > int r1;
> > int r2 = 0;
> > r1 = READ_ONCE(*x);
> > smp_rmb();
> > if (r1 == 1) {
> > r2 = *b;
> > }
> > WRITE_ONCE(*a, r2);
> > smp_wmb();
> > WRITE_ONCE(*y, 1);
> > }
> >
> > P1(int *a, int *b, int *x, int *y) {
> > int r1;
> >
> > int r2 = 0;
> >
> > r1 = READ_ONCE(*y);
> > smp_rmb();
> > if (r1 == 1) {
> > r2 = *a;
> > }
> > WRITE_ONCE(*b, r2);
> > smp_wmb();
> > WRITE_ONCE(*x, 1);
> > }
> >
> >
> > The reason that the WRITE_ONCE helps in the speculative store case is that
> > both its ctrl dependency and the wmb provide ordering, which together
> > creates ordering between *x and *y.
>
> Ah, and that is because LKMM does not enforce control dependencies past
> the end of the "if" statement. Cute!

I think the reason we hesitated on that was CMOV and similar conditional
instructions. If the body of the branch is a CMOV, then there no
conditionality on the common path after the body.

Next message: Kees Cook: "Re: [linus:master] [fortify] 239d87327d: vm-scalability.throughput 17.3% improvement"
Previous message: Andreas Hindborg: "Re: [PATCH v11 2/8] mm: rust: add vm_area_struct methods that require read access"
In reply to: Paul E. McKenney: "Re: [RFC] tools/memory-model: Rule out OOTA"
Next in thread: Paul E. McKenney: "Re: [RFC] tools/memory-model: Rule out OOTA"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]