Re: dcache locking question

["Paul E. McKenney" <paulmck@linux.ibm.com>]

On Mon, Mar 18, 2019 at 10:11:06AM -0700, Paul E. McKenney wrote:
> On Mon, Mar 18, 2019 at 09:26:18AM -0700, James Bottomley wrote:
> > On Sun, 2019-03-17 at 17:35 -0700, Paul E. McKenney wrote:
> > > On Sat, Mar 16, 2019 at 09:23:16PM -0700, James Bottomley wrote:
> > > > On Sun, 2019-03-17 at 03:06 +0000, Al Viro wrote:
> > > > > On Sat, Mar 16, 2019 at 07:20:20PM -0700, James Bottomley wrote:
> > > > > > On Sat, 2019-03-16 at 17:50 -0700, Paul E. McKenney wrote:
> > > > > > [...]
> > > > > > >  I -have- seen stores of constant values be torn, but not
> > > > > > > stores of runtime-variable values and not loads.  Still, such
> > > > > > > tearing is permitted, and including the READ_ONCE() is making
> > > > > > > it easier for things like thread sanitizers.  In addition,
> > > > > > > the READ_ONCE() makes it clear that the value being loaded is
> > > > > > > unstable, which can be useful documentation.
> > > > > > 
> > > > > > Um, just so I'm clear, because this assumption permeates all
> > > > > > our code: load or store tearing can never occur if we're doing
> > > > > > load or store of a 32 bit value which is naturally
> > > > > > aligned.  Where naturally aligned is within the gift of the CPU
> > > > > > to determine but which the compiler or kernel will always
> > > > > > ensure for us unless we pack the structure or deliberately
> > > > > > misalign the allocation.
> > > 
> > > A non-volatile store of certain 32-bit constants can and does tear
> > > on some architectures.  These architectures would be the ones with a
> > > store-immediate instruction with a small immediate field, and where
> > > the 32-bit constant is such that a pair of 16-bit immediate store
> > > instructions can store that value.
> > 
> > Understood: PA-RISC is one such architecture: our ldil (load immediate
> > long) can only take 21 bits of immediate data and you have to use a
> > second instruction (ldo) to get the remaining 11 bits. However, the
> > compiler guarantees no tearing in memory visibility for PA by doing the
> > lidl/ldo sequence on a register and then writing the register to memory
> > which I believe is an architectural guarantee.
> 
> Good to know, thank you!
> 
> > > There was a bug in an old version of GCC where even volatile 32-bit
> > > stores of these constants would tear.  They did fix the bug, but it
> > > took some time to find a GCC person who understood that this was in
> > > fact a bug.
> > > 
> > > Hence my preference for READ_ONCE() and WRITE_ONCE() for data-racing
> > > loads and stores.
> > 
> > OK, but didn't everyone eventually agree this was a compiler bug?
> 
> They did agree, but only in the case where the store was volatile,
> as in WRITE_ONCE(), and -not- in the case of a plain store.
> 
> At least the kernel doesn't make general use of vector instructions.
> If it did, I would not be surprised to see compilers use three 32-bit
> vector stores to store to a 32-bit int adjacent to a 64-bit pointer.  :-/

And it turns out that the CPU architecture in question was x86-64, for
whatever that is worth.  https://gcc.gnu.org/bugzilla/show_bug.cgi?id=55981

(There is also a later bug report dealing strictly with volatile, but
my search-engine skills are failing me this morning.)

							Thanx, Paul

> > > > > Wait a sec; are there any 64bit architectures where the same is
> > > > > not guaranteed for dereferencing properly aligned void **?
> > > > 
> > > > Yes, naturally alligned void * dereference shouldn't tear
> > > > either.  Iwas just using 32 bit as my example because 64 bit
> > > > accesses will tear on 32 bit architectures but 64 bit naturally
> > > > aligned accesses shouldn't tear on 64 bit architectures.  However,
> > > > since we can't guarantee the 64 bitness of the architecture 32 bit
> > > > or void * is our gold standard for not tearing.
> > > 
> > > For stores of quantities not known at compiler time, agreed.  But
> > > that same store-immediate situation could happen on 64-bit systems.
> > > 
> > > > James
> > > > 
> > > > 
> > > > > If that's the case, I can think of quite a few places that are
> > > > > rather dubious, and I don't see how READ_ONCE() could help in
> > > > > those - e.g. if an architecture only has 32bit loads, rcu list
> > > > > traversals are not going to be doable without one hell of an
> > > > > extra headache.
> > > 
> > > All the 64-bit systems that run the Linux kernel do have 64-bit load
> > > instructions and rcu_dereference() uses READ_ONCE() internally, so we
> > > should be fine with RCU list traverals.
> > 
> > I really don't think it's possible to get the same immediate constant
> > tearing bug on 64 bit.  If you look at PA, we have no 64 bit
> > equivalent of the ldil/ldo pair so all 64 bit immediate stores come
> > straight from the global data table via a register, so no tearing.  I
> > bet every 64 bit architecture has a similar approach because 64 bit
> > immediate data just requires too many bits to stuff into an instruction
> > pair.
> > 
> > James
> >