On Wed, Aug 21, 2019 at 11:32:01AM +0100, Will Deacon wrote: > On Tue, Aug 20, 2019 at 01:29:32PM -0700, Paul E. McKenney wrote: > > On Tue, Aug 20, 2019 at 03:56:12PM +0200, Peter Zijlstra wrote: > > > On Sat, Aug 17, 2019 at 01:08:02AM -0700, Linus Torvalds wrote: > > > > > > > The data tearing issue is almost a non-issue. We're not going to add > > > > WRITE_ONCE() to these kinds of places for no good reason. > > > > > > Paulmck actually has an example of that somewhere; ISTR that particular > > > case actually got fixed by GCC, but I'd really _love_ for some compiler > > > people (both GCC and LLVM) to state that their respective compilers will > > > not do load/store tearing for machine word sized load/stores. > > > > I do very much recall such an example, but I am now unable to either > > find it or reproduce it. :-/ > > > > If I cannot turn it up in a few days, I will ask the LWN editors to > > make appropriate changes to the "Who is afraid" article. > > > > > Without this written guarantee (which supposedly was in older GCC > > > manuals but has since gone missing), I'm loathe to rely on it. > > > > > > Yes, it is very rare, but it is a massive royal pain to debug if/when it > > > does do happen. > > > > But from what I can see, Linus is OK with use of WRITE_ONCE() for data > > races on any variable for which there is at least one READ_ONCE(). > > So we can still use WRITE_ONCE() as we would like in our own code. > > Yes, you or I might be hit by someone else's omission of WRITE_ONCE(), > > it is better than the proverbial kick in the teeth. > > > > Of course, if anyone knows of a compiler/architecture combination that > > really does tear stores of 32-bit constants, please do not keep it > > a secret! After all, it would be good to get that addressed easily > > starting now rather than after a difficult and painful series of > > debugging sessions. > > It's not quite what you asked for, but if you look at the following > silly code: > > typedef unsigned long long u64; > > struct data { > u64 arr[1023]; > u64 flag; > }; > > void foo(struct data *x) > { > int i; > > for (i = 0; i < 1023; ++i) > x->arr[i] = 0; > > x->flag = 0; > } > > void bar(u64 *x) > { > *x = 0xabcdef10abcdef10; > } > > Then arm64 clang (-O2) generates the following for foo: > > foo: // @foo > stp x29, x30, [sp, #-16]! // 16-byte Folded Spill > orr w2, wzr, #0x2000 > mov w1, wzr > mov x29, sp > bl memset > ldp x29, x30, [sp], #16 // 16-byte Folded Reload > ret > > and so the store to 'flag' has become part of the memset, which could > easily be bytewise in terms of atomicity (and this isn't unlikely given > we have a DC ZVA instruction which only guaratees bytewise atomicity). > > GCC (also -O2) generates the following for bar: > > bar: > mov w1, 61200 > movk w1, 0xabcd, lsl 16 > stp w1, w1, [x0] > ret > > and so it is using a store-pair instruction to reduce the complexity in > the immediate generation. Thus, the 64-bit store will only have 32-bit > atomicity. In fact, this is scary because if I change bar to: > > void bar(u64 *x) > { > *(volatile u64 *)x = 0xabcdef10abcdef10; > } > > then I get: > > bar: > mov w1, 61200 > movk w1, 0xabcd, lsl 16 > str w1, [x0] > str w1, [x0, 4] > ret > > so I'm not sure that WRITE_ONCE would even help :/
Well, I can have the LWN article cite your email, then. So thank you very much! Is generation of this code for a 64-bit volatile store considered a bug? Or does ARMv8 exclude the possibility of 64-bit MMIO registers? And I would guess that Thomas and Linus would ask a similar bugginess question for normal stores. ;-) > It's worth noting that: > > void baz(atomic_long *x) > { > atomic_store_explicit(x, 0xabcdef10abcdef10, memory_order_relaxed) > } > > does the right thing: > > baz: > mov x1, 61200 > movk x1, 0xabcd, lsl 16 > movk x1, 0xef10, lsl 32 > movk x1, 0xabcd, lsl 48 > str x1, [x0] > ret OK, the C11 and C++11 guys should be happy with this. > Whilst these examples may be contrived, I do thing they illustrate that > we can't simply say "stores to aligned, word-sized pointers are atomic". And thank you again! Thanx, Paul