On Fri, Jul 17, 2020 at 09:25:55PM -0400, Alan Stern wrote: > On Fri, Jul 17, 2020 at 05:58:57PM -0700, Eric Biggers wrote: > > On Fri, Jul 17, 2020 at 01:53:40PM -0700, Darrick J. Wong wrote: > > > > +There are also cases in which the smp_load_acquire() can be replaced by > > > > +the more lightweight READ_ONCE(). (smp_store_release() is still > > > > +required.) Specifically, if all initialized memory is transitively > > > > +reachable from the pointer itself, then there is no control dependency > > > > > > I don't quite understand what "transitively reachable from the pointer > > > itself" means? Does that describe the situation where all the objects > > > reachable through the object that the global struct foo pointer points > > > at are /only/ reachable via that global pointer? > > > > > > > The intent is that "transitively reachable" means that all initialized memory > > can be reached by dereferencing the pointer in some way, e.g. p->a->b[5]->c. > > > > It could also be the case that allocating the object initializes some global or > > static data, which isn't reachable in that way. Access to that data would then > > be a control dependency, which a data dependency barrier wouldn't work for. > > > > It's possible I misunderstood something. (Note the next paragraph does say that > > using READ_ONCE() is discouraged, exactly for this reason -- it can be hard to > > tell whether it's correct.) Suggestions of what to write here are appreciated. > > Perhaps something like this: > > Specifically, if the only way to reach the initialized memory > involves dereferencing the pointer itself then READ_ONCE() is > sufficient. This is because there will be an address dependency > between reading the pointer and accessing the memory, which will > ensure proper ordering. But if some of the initialized memory > is reachable some other way (for example, if it is global or > static data) then there need not be an address dependency, > merely a control dependency (checking whether the pointer is > non-NULL). Control dependencies do not always ensure ordering > -- certainly not for reads, and depending on the compiler, > possibly not for some writes -- and therefore a load-acquire is > necessary. > > Perhaps this is more wordy than you want, but it does get the important > ideas across. > How about: There are also cases in which the smp_load_acquire() can be replaced by the more lightweight READ_ONCE(). (smp_store_release() is still required.) Specifically, if the only way to reach the initialized memory involves dereferencing the pointer itself, then the data dependency barrier provided by READ_ONCE() is sufficient. However, if some of the initialized memory is reachable some other way (for example, if it is global or static data) then there need not be an address dependency, merely a control dependency (checking whether the pointer is non-NULL). READ_ONCE() is *not* sufficient in that case. The optimization of replacing smp_load_acquire() with READ_ONCE() is discouraged for nontrivial data structures, since it can be difficult to determine if it is correct. In particular, for complex data structures the correctness of the READ_ONCE() optimization may depend on internal implementation details of other kernel subsystems.