From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 20D0DCF8549 for ; Thu, 3 Oct 2024 00:08:49 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 7DCE76B04E7; Wed, 2 Oct 2024 20:08:48 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 765536B04E8; Wed, 2 Oct 2024 20:08:48 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 5DEAC6B04E9; Wed, 2 Oct 2024 20:08:48 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id 2CB516B04E7 for ; Wed, 2 Oct 2024 20:08:48 -0400 (EDT) Received: from smtpin11.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id 88E02140C5C for ; Thu, 3 Oct 2024 00:08:47 +0000 (UTC) X-FDA: 82630355094.11.2253494 Received: from mail-qk1-f169.google.com (mail-qk1-f169.google.com [209.85.222.169]) by imf05.hostedemail.com (Postfix) with ESMTP id 9AA2E100006 for ; Thu, 3 Oct 2024 00:08:45 +0000 (UTC) Authentication-Results: imf05.hostedemail.com; dkim=pass header.d=joelfernandes.org header.s=google header.b=xIcWuIJ+; dmarc=none; spf=pass (imf05.hostedemail.com: domain of joel@joelfernandes.org designates 209.85.222.169 as permitted sender) smtp.mailfrom=joel@joelfernandes.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1727914085; a=rsa-sha256; cv=none; b=f8sV78W2D4wDE48Pfqh4YRcTb336Db3981LjggztQJwdzcdnYRtqJpL/HzmIZkENCCI7+F UJ5ZthuMEkSLzkNeoUWM0myqfVtmWimcX5CRtFb2vRAGUk72wH92jPJ9eT464FaDnFPUyt M/o/D95qlPFRg62hAvREAmJgIso4xns= ARC-Authentication-Results: i=1; imf05.hostedemail.com; dkim=pass header.d=joelfernandes.org header.s=google header.b=xIcWuIJ+; dmarc=none; spf=pass (imf05.hostedemail.com: domain of joel@joelfernandes.org designates 209.85.222.169 as permitted sender) smtp.mailfrom=joel@joelfernandes.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1727914085; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=d3cwmVH4T8IqaLZrJPf4dN6HB0iRJ3ayFzGdEtNHxoA=; b=450QErrqk2Iw1Bk9FZBKWJKgRRYR8Nb126jQuJs98c29kVm8k17R9bdCd6f/2HpPNAngHZ uKFTZWKX4grax97aR09jY8agjR/DOKEtbZBBF1NECWz5X4+Xy3luErFSTcOCnEZLX2M9Nv P2EhlcxeezehjNLpxAUsK1AtokfySkU= Received: by mail-qk1-f169.google.com with SMTP id af79cd13be357-7a9a30a0490so39909385a.3 for ; Wed, 02 Oct 2024 17:08:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=joelfernandes.org; s=google; t=1727914124; x=1728518924; darn=kvack.org; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:references:message-id:subject:cc:to:from:date:from:to :cc:subject:date:message-id:reply-to; bh=d3cwmVH4T8IqaLZrJPf4dN6HB0iRJ3ayFzGdEtNHxoA=; b=xIcWuIJ+roubfsrUzxXSAFcQvI1COBCIgXpd5bwoLG0q2Es3Gu6pcNBTQ/7aLD0//X tnnySc/l9cB5enO5AnDQNLIXQeCVOVWe8zr0r5UaSy+752MhJbWov2ODq9Vv5fYyBOxB zGBbg+aPJF+LiQecyBKvBH9+ogA7pEf51w3gY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1727914124; x=1728518924; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=d3cwmVH4T8IqaLZrJPf4dN6HB0iRJ3ayFzGdEtNHxoA=; b=EjpmTJhWVNA0PPGb9LDAjNWtAMikrDf5q8aOcGbyT5fpQazc+VDiG0u10oix1AQ6Yf VgIpjZq3sv8HNL9hq0vlGWMJumtciehGf/+JjMWj1TnNfyqbGBI0jDnc+/8m9ASBL/jS v3pG68uezdYhMfZYqs/pYOhfsIlWZ0VYB5nSsz7tyJlmUSSgjMU3/gcK5Q7Sxawf2wJQ gt7FNDaOQ+ZUzo1XYuIwYPLodMpJyIJml1Bi5oo8wP4HF2AUFdsCSKOX9wKRBT56yhI3 UQNpIrYIszgqdGYcN5t432GTMG563bQB/qAIPE/xnDDf+yOzni0vv93RxFn28Q4UnCbo VhPQ== X-Forwarded-Encrypted: i=1; AJvYcCVvpVE6F+rPr+7Iep67jbn3bcyZWGxHYi/Fx30kyjzL9lO/8ZwUDEamYfkEnf2CKvwDe1Dd6S/FkA==@kvack.org X-Gm-Message-State: AOJu0Yynu+NwW4Cw7qTIOA+3mau0DNLPu1Aw2TlmKfdaJrSSpjXt/31t 0ssKH8/dGrbgRCaL8lOM3M+1J9c/43CV+7rCof5+2bjXL93Vr2/2pAu6Gvz46CA= X-Google-Smtp-Source: AGHT+IFyyGM2DUoFUWQ5HNQaWWB8/IaPvClgER78DCcGgoTY7+i7cDT8H5iX51KO9rlUJfwMgd+NTQ== X-Received: by 2002:a05:620a:2697:b0:7ac:dd3a:6787 with SMTP id af79cd13be357-7ae62732decmr738226785a.52.1727914124476; Wed, 02 Oct 2024 17:08:44 -0700 (PDT) Received: from localhost (129.177.85.34.bc.googleusercontent.com. [34.85.177.129]) by smtp.gmail.com with ESMTPSA id af79cd13be357-7ae3783f80bsm669783585a.123.2024.10.02.17.08.43 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 02 Oct 2024 17:08:43 -0700 (PDT) Date: Thu, 3 Oct 2024 00:08:43 +0000 From: Joel Fernandes To: Mathieu Desnoyers Cc: Linus Torvalds , Andrew Morton , Peter Zijlstra , linux-kernel@vger.kernel.org, Nicholas Piggin , Michael Ellerman , Greg Kroah-Hartman , Sebastian Andrzej Siewior , "Paul E. McKenney" , Will Deacon , Boqun Feng , Alan Stern , John Stultz , Neeraj Upadhyay , Frederic Weisbecker , Josh Triplett , Uladzislau Rezki , Steven Rostedt , Lai Jiangshan , Zqiang , Ingo Molnar , Waiman Long , Mark Rutland , Thomas Gleixner , Vlastimil Babka , maged.michael@gmail.com, Mateusz Guzik , Jonas Oberhauser , rcu@vger.kernel.org, linux-mm@kvack.org, lkmm@lists.linux.dev, Gary Guo , Nikita Popov , llvm@lists.linux.dev Subject: Re: [RFC PATCH 1/4] compiler.h: Introduce ptr_eq() to preserve address dependency Message-ID: <20241003000843.GA192403@google.com> References: <20241002010205.1341915-1-mathieu.desnoyers@efficios.com> <20241002010205.1341915-2-mathieu.desnoyers@efficios.com> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <20241002010205.1341915-2-mathieu.desnoyers@efficios.com> X-Rspam-User: X-Rspamd-Queue-Id: 9AA2E100006 X-Rspamd-Server: rspam01 X-Stat-Signature: imuz6aghrm79y7i5c8tks5pmxzmbhkwr X-HE-Tag: 1727914125-577304 X-HE-Meta: U2FsdGVkX1+FUkZrI8SwTZPaabx7wYiwWtuKzBFQIER9tVV+7DDXx0iWAz1hkGipZm8xOtdxx1WT6LJi8ytXALna35fibMpIckEzgh/GcmqQkQUOoX/NCPA4HtR+eYaTFM+I/vS8El4vVEqgcaNj4ughLdW0H5PJbgJ2Y6L+Up06pAGxfbBkuCltYNO6iL4kxO08I33vYhlMU9pTNO4qCgSzEUAj/7OgpEJltNLo57EXh1a8/yOt4YTgrC9F81LukauDZLehOWvOnw7GObf2xf1v7fN0mqzTBeN1xviIh7pJFyPEbsvq034saMbJloxK/8iVEFDWxWHVkrKR5vMCrOFwht2Hh66v9jWjmbXhVjZiqaNCr8A5uk1P6b+zdmTOUIdtaKL3LZy7oOVKYaj0qVbh4v77l0CwofY38McEVIQapgzAj0NCTsVUFtYo8SYV0lJzAp1zm/URAwGguyFww8bjpYBwr0syGr16kQ6phrYPGxfOtvB1QwXXT+jWy76Gyyl8Af1GiLgAAUuQCzcS1F7OWHWSQnEVCGiKNcLYO4suuw3ItEZSSuhoNTcmMSZxu/LPbaX1d+JDJP1BDtK6aEv9xJHQ6k09tyJkPaNBqoWqCtE9rpXpYfmxv4Ei9VawuM9kKANcKyOiWVfrsQP3v6jM7OMrDyv69Xupus6zdKK5mbRXwAgZ6n2fLkSk10MMONrn9PdEiK90e3WRPobV8tYsds5/urcrIRdKMbtSfwZ5GBGJs6823s//gf50Ev2Ya5/Vze8xtRdmb5QDV+jQ+79lj2eUl/xV3vYks5QheBq3/KLsPRDKpVdr5aHpplh79uxiUBsVg36Q7UtqtCUhGpjAM8mMOeQNdXfKvhF33yoILsB6DRPu+bkcz/u1QBFmPuCuw52gpn/+1OvjcZ3WEQS2H2e5izT2cR4jz1YBThhgwVWbEFagf3WBeA5TQ3vTqEvnGcMLt5/Zzeh9AVl sDrzIrX/ aUuLrSo6l+c+38j5wU7ZaLs/kOK0iWvFek2Rt1mrtU6wD8NUfQWt71j5i+3SpGSaXn+73WL2LJTuQdYOgaKfaEhXu2+Gz2HX1oQtCpGSE88rWp8RPuAAvbo2tDi48PvTk77JNHvqj9h2tp3pOb4FD+x4XYt21rZMDK6aQkLIrWGjKwSD7W4a4huSki4FT7SIoI/Y9lzHb3Cz3HroPiuanwuTK3Xz2jsAunFxR7ILyeQu5OvfxW7V+OpU2PyzPGwQnR/VBviG2DaFd+iMKoeNN7g3EcqBUj6HLz0349ZRM1ugygbxxO0ME4hh32R0BbOGYy1eOa7iOkFVNvLbWNnZmv3iUz2y9+JstYj+mXdiW5SZUgmef8GM7/39230YJMafi08/g3rp1N7SJiQq0bTfLZOLFphxxLMpdTjN1+6uTW0vQfP/OJaA1j3X6tnkBf8zhIW2X73a/+hToJjL2SIrXPZ6r+1o2xMR66VnR2QqBlS7yqe3NpwvoW0OMrc3aWmyPIMHIqY2Iwhk7uqaP4rnrKs19gFpWp2ynpExBqAGmUqgZUBQ= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Tue, Oct 01, 2024 at 09:02:02PM -0400, Mathieu Desnoyers wrote: > Compiler CSE and SSA GVN optimizations can cause the address dependency > of addresses returned by rcu_dereference to be lost when comparing those > pointers with either constants or previously loaded pointers. > > Introduce ptr_eq() to compare two addresses while preserving the address > dependencies for later use of the address. It should be used when > comparing an address returned by rcu_dereference(). > > This is needed to prevent the compiler CSE and SSA GVN optimizations > from using @a (or @b) in places where the source refers to @b (or @a) > based on the fact that after the comparison, the two are known to be > equal, which does not preserve address dependencies and allows the > following misordering speculations: > > - If @b is a constant, the compiler can issue the loads which depend > on @a before loading @a. > - If @b is a register populated by a prior load, weakly-ordered > CPUs can speculate loads which depend on @a before loading @a. > > The same logic applies with @a and @b swapped. > [...] > +/* > + * Compare two addresses while preserving the address dependencies for > + * later use of the address. It should be used when comparing an address > + * returned by rcu_dereference(). > + * > + * This is needed to prevent the compiler CSE and SSA GVN optimizations > + * from using @a (or @b) in places where the source refers to @b (or @a) > + * based on the fact that after the comparison, the two are known to be > + * equal, which does not preserve address dependencies and allows the > + * following misordering speculations: > + * > + * - If @b is a constant, the compiler can issue the loads which depend > + * on @a before loading @a. > + * - If @b is a register populated by a prior load, weakly-ordered > + * CPUs can speculate loads which depend on @a before loading @a. > + * > + * The same logic applies with @a and @b swapped. > + * > + * Return value: true if pointers are equal, false otherwise. > + * > + * The compiler barrier() is ineffective at fixing this issue. It does > + * not prevent the compiler CSE from losing the address dependency: > + * > + * int fct_2_volatile_barriers(void) > + * { > + * int *a, *b; > + * > + * do { > + * a = READ_ONCE(p); > + * asm volatile ("" : : : "memory"); > + * b = READ_ONCE(p); > + * } while (a != b); > + * asm volatile ("" : : : "memory"); <-- barrier() > + * return *b; > + * } > + * > + * With gcc 14.2 (arm64): > + * > + * fct_2_volatile_barriers: > + * adrp x0, .LANCHOR0 > + * add x0, x0, :lo12:.LANCHOR0 > + * .L2: > + * ldr x1, [x0] <-- x1 populated by first load. > + * ldr x2, [x0] > + * cmp x1, x2 > + * bne .L2 > + * ldr w0, [x1] <-- x1 is used for access which should depend on b. > + * ret > + * I could reproduce this in compiler explorer, but I'm curious what flags are you using? For me it does a bunch of usage of the stack for temporary storage (still incorrectly returns *a though as you pointed). Interestingly, if I just move the comparison into an an __always_inline__ function like below, but without the optimizer hide stuff, gcc 14.2 on arm64 does generate the correct code: static inline __attribute__((__always_inline__)) int ptr_eq(const volatile void *a, const volatile void *b) {     /* No OPTIMIZER_HIDE_VAR */     return a == b; } volatile int *p = 0; int fct_2_volatile_barriers() {     int *a, *b;     do {         a = READ_ONCE(p);         asm volatile ("" : : : "memory");         b = READ_ONCE(p);     } while (!ptr_eq(a, b));     asm volatile ("" : : : "memory");  // barrier()     return *b; } But not sure if it fixes the speculation issue you referred to. Putting back the OPTIMIZER_HIDE_VAR() then just seems to pass the a and b stored on the stack through a washing machine:         ldr     x0, [sp, 8]         str     x0, [sp, 8]         ldr     x0, [sp]         str     x0, [sp] And here I thought the "" in OPTIMIZER_HIDE_VAR was not supposed to generate any code but I guess it is still a NOOP. Anyway, as such this LGTM since whether OPTIMIZER_HIDE_VAR() used or not, it does fix the problem. Reviewed-by: Joel Fernandes (Google) thanks, - Joel