On Sat, Mar 16, 2019 at 09:23:16PM -0700, James Bottomley wrote: > On Sun, 2019-03-17 at 03:06 +0000, Al Viro wrote: > > On Sat, Mar 16, 2019 at 07:20:20PM -0700, James Bottomley wrote: > > > On Sat, 2019-03-16 at 17:50 -0700, Paul E. McKenney wrote: > > > [...] > > > > I -have- seen stores of constant values be torn, but not stores > > > > of runtime-variable values and not loads. Still, such tearing is > > > > permitted, and including the READ_ONCE() is making it easier for > > > > things like thread sanitizers. In addition, the READ_ONCE() > > > > makes it clear that the value being loaded is unstable, which can > > > > be useful documentation. > > > > > > Um, just so I'm clear, because this assumption permeates all our > > > code: load or store tearing can never occur if we're doing load or > > > store of a 32 bit value which is naturally aligned. Where > > > naturally aligned is within the gift of the CPU to determine but > > > which the compiler or kernel will always ensure for us unless we > > > pack the structure or deliberately misalign the allocation. A non-volatile store of certain 32-bit constants can and does tear on some architectures. These architectures would be the ones with a store-immediate instruction with a small immediate field, and where the 32-bit constant is such that a pair of 16-bit immediate store instructions can store that value. There was a bug in an old version of GCC where even volatile 32-bit stores of these constants would tear. They did fix the bug, but it took some time to find a GCC person who understood that this was in fact a bug. Hence my preference for READ_ONCE() and WRITE_ONCE() for data-racing loads and stores. > > Wait a sec; are there any 64bit architectures where the same is not > > guaranteed for dereferencing properly aligned void **? > > Yes, naturally alligned void * dereference shouldn't tear either. I > was just using 32 bit as my example because 64 bit accesses will tear > on 32 bit architectures but 64 bit naturally aligned accesses shouldn't > tear on 64 bit architectures. However, since we can't guarantee the 64 > bitness of the architecture 32 bit or void * is our gold standard for > not tearing. For stores of quantities not known at compiler time, agreed. But that same store-immediate situation could happen on 64-bit systems. > James > > > > If that's the case, I can think of quite a few places that are rather > > dubious, and I don't see how READ_ONCE() could help in those - e.g. > > if an architecture only has 32bit loads, rcu list traversals are > > not going to be doable without one hell of an extra headache. All the 64-bit systems that run the Linux kernel do have 64-bit load instructions and rcu_dereference() uses READ_ONCE() internally, so we should be fine with RCU list traverals. Thanx, Paul
