From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from out-176.mta1.migadu.com (out-176.mta1.migadu.com [95.215.58.176]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 91F4D18871F for ; Fri, 28 Feb 2025 15:41:22 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=95.215.58.176 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740757284; cv=none; b=I0BTEjSwuPc7qBZWT3nf/UMhp4BMtxBxAY47nq8LQNdMMRdnvd0cEiWbPBLbMzlJK1o+KxSizVSBHqbwp8R7mj8Vqg3nFgkJkZYoSIeAuGa6nmfwj5V0dVuOx0hzJXnFLIkNAV0pymF5QknVAjqpk5s0QMo/1hGDvAaiXD9q3Mg= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740757284; c=relaxed/simple; bh=Q8+BEVuZf0CNh/0XFWqDI26OHG6DDCW3PBnqoaUpeP4=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=WOgs38+H20BWUz5nex7khW0DGgcLFy67aqnrp9pkeiD2nXHha7IMsn22HamIF3TAf6kqx0kYv3za2JKqUHwlRF5ZXCkv6XbmbwUGrNEkBg+IWe+idbIlBMkzCXO1yir5onyRQ4k+N33f5k3wzI+PpM9hRmrwl/m29yrxZEW6atA= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.dev; spf=pass smtp.mailfrom=linux.dev; dkim=pass (1024-bit key) header.d=linux.dev header.i=@linux.dev header.b=cPoiAauP; arc=none smtp.client-ip=95.215.58.176 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.dev Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.dev Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux.dev header.i=@linux.dev header.b="cPoiAauP" Date: Fri, 28 Feb 2025 10:41:12 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1740757280; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=2Fm63nDsheZS+DvKLr7F9z1D5v1N6a2uxGHZfV6AVEE=; b=cPoiAauPiyLLHJmiPyvk4jwmh3iCvrZjeS13il8qLCJ3HERFwkTRGXdGwwwjYMvD5p5aDf wsfAZB8RsA4B+FzVDFHSJJWDYaKo3w1xlkbyAJG9xfJvoTX2dZ6E90KOlvUYzxbrhCu71P Oh8WAUg30CioZVUd0QeRwAfRElFRUc4= X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. From: Kent Overstreet To: Ralf Jung Cc: David Laight , Steven Rostedt , Linus Torvalds , Martin Uecker , "Paul E. McKenney" , Alice Ryhl , Ventura Jack , Gary Guo , airlied@gmail.com, boqun.feng@gmail.com, ej@inai.de, gregkh@linuxfoundation.org, hch@infradead.org, hpa@zytor.com, ksummit@lists.linux.dev, linux-kernel@vger.kernel.org, miguel.ojeda.sandonis@gmail.com, rust-for-linux@vger.kernel.org Subject: Re: C aggregate passing (Rust kernel policy) Message-ID: References: <20250226162655.65ba4b51@gandalf.local.home> <20250226165619.64998576@gandalf.local.home> <20250226171321.714f3b75@gandalf.local.home> <20250226173534.44b42190@gandalf.local.home> <20250227204722.653ce86b@pumpkin> <07acc636-75d9-4e4b-9e99-9a784d88e188@ralfj.de> Precedence: bulk X-Mailing-List: ksummit@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <07acc636-75d9-4e4b-9e99-9a784d88e188@ralfj.de> X-Migadu-Flow: FLOW_OUT On Fri, Feb 28, 2025 at 08:44:58AM +0100, Ralf Jung wrote: > Hi, > > > > I guess you can sum this up to: > > > > > > The compiler should never assume it's safe to read a global more than the > > > code specifies, but if the code reads a global more than once, it's fine > > > to cache the multiple reads. > > > > > > Same for writes, but I find WRITE_ONCE() used less often than READ_ONCE(). > > > And when I do use it, it is more to prevent write tearing as you mentioned. > > > > Except that (IIRC) it is actually valid for the compiler to write something > > entirely unrelated to a memory location before writing the expected value. > > (eg use it instead of stack for a register spill+reload.) > > Not gcc doesn't do that - but the standard lets it do it. > > Whether the compiler is permitted to do that depends heavily on what exactly > the code looks like, so it's hard to discuss this in the abstract. > If inside some function, *all* writes to a given location are atomic (I > think that's what you call WRITE_ONCE?), then the compiler is *not* allowed > to invent any new writes to that memory. The compiler has to assume that > there might be concurrent reads from other threads, whose behavior could > change from the extra compiler-introduced writes. The spec (in C, C++, and > Rust) already works like that. > > OTOH, the moment you do a single non-atomic write (i.e., a regular "*ptr = > val;" or memcpy or so), that is a signal to the compiler that there cannot > be any concurrent accesses happening at the moment, and therefore it can > (and likely will) introduce extra writes to that memory. Is that how it really works? I'd expect the atomic writes to have what we call "compiler barriers" before and after; IOW, the compiler can do whatever it wants with non atomic writes, provided it doesn't cross those barriers.