On Tue, Jun 15, 2021 at 09:42:07PM -0300, Jason Gunthorpe wrote: > On Tue, Jun 15, 2021 at 10:46:39AM +0100, Will Deacon wrote: > > > Then the compiler can allocate the same register for x and z, but will > > issue an additional load for y. If a concurrent update takes place to the > > pmd which transitions from Invalid -> Valid, then it will look as though > > things went back in time, because z will be stale. We actually hit this > > on arm64 in practice [1]. > > The fact you actually hit this in the real world just seem to confirm > my thinking that the mm's lax use of the memory model is something > that deserves addressing. > > Honestly I'm not sure the fix to stick a READ_ONCE in the macros is > very robust. I prefer the gup_fast pattern of: > > pmd_t pmd = READ_ONCE(*pmdp); > pte_offset_phys(&pmd, addr); > > To correctly force the READ_ONCE under unlocked access and the > consistently use the single read of the unstable data. > > It seems more maintainable 'hey look at me, I have no locks!' and has > fewer possibilities for obscure order related bugs to creep in. Oh, no objection to cleaning this up. It was a "issuing msync(2) causes data loss argh!" issue, so adding READ_ONCE() to all the macros was the most straightforward way to solve the immediate problem. Generally speaking, I think all accesses to live page-tables should be using READ_ONCE(), as there's also hardware updates from the CPU table walker to contend with. If that's done in the caller and the macros are changed to operate on the loaded value, all the better (although this probably doesn't work so well once you get into rmw operations such as ptep_test_and_clear_young()). Will