Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1757376AbcJSR5S (ORCPT <rfc822;w@1wt.eu>);
        Wed, 19 Oct 2016 13:57:18 -0400
Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]:55263 "EHLO
        mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S1753095AbcJSR5P (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 19 Oct 2016 13:57:15 -0400
Date: Wed, 19 Oct 2016 04:45:48 -0700
From: "Paul E. McKenney" <paulmck@linux.vnet.ibm.com>
To: "Michael S. Tsirkin" <mst@redhat.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>, Nadav Amit <nadav.amit@gmail.com>,
        LKML <linux-kernel@vger.kernel.org>, KVM <kvm@vger.kernel.org>,
        Radim =?utf-8?B?S3LEjW3DocWZ?= <rkrcmar@redhat.com>,
        Yang Zhang <yang.zhang.wz@gmail.com>, feng wu <feng.wu@intel.com>,
        Jonathan Corbet <corbet@lwn.net>
Subject: Re: [PATCH 1/5] KVM: x86: avoid atomic operations on APICv vmentry
Reply-To: paulmck@linux.vnet.ibm.com
References: <1476469291-5039-1-git-send-email-pbonzini@redhat.com>
 <1476469291-5039-2-git-send-email-pbonzini@redhat.com>
 <4B0C832B-BB75-40BD-85A9-9DC84DEB44E2@gmail.com>
 <770436977.3704467.1476471398385.JavaMail.zimbra@redhat.com>
 <9B7F4808-2294-426D-B463-CEB188CED2E0@gmail.com>
 <119879133.3749907.1476517665517.JavaMail.zimbra@redhat.com>
 <20161016052132-mutt-send-email-mst@kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <20161016052132-mutt-send-email-mst@kernel.org>
User-Agent: Mutt/1.5.21 (2010-09-15)
X-TM-AS-GCONF: 00
X-Content-Scanned: Fidelis XPS MAILER
x-cbid: 16101917-0028-0000-0000-000005D88DBC
X-IBM-SpamModules-Scores: 
X-IBM-SpamModules-Versions: BY=3.00005941; HX=3.00000240; KW=3.00000007;
 PH=3.00000004; SC=3.00000187; SDB=6.00770271; UDB=6.00369195; IPR=6.00546776;
 BA=6.00004820; NDR=6.00000001; ZLA=6.00000005; ZF=6.00000009; ZB=6.00000000;
 ZP=6.00000000; ZH=6.00000000; ZU=6.00000002; MB=3.00013046; XFM=3.00000011;
 UTC=2016-10-19 17:57:12
X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused
x-cbparentid: 16101917-0029-0000-0000-0000302A19E2
Message-Id: <20161019114548.GL3716@linux.vnet.ibm.com>
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:,, definitions=2016-10-19_14:,,
 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 suspectscore=2
 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam
 adjust=0 reason=mlx scancount=1 engine=8.0.1-1609300000
 definitions=main-1610190319
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 1848
Lines: 44

On Sun, Oct 16, 2016 at 05:29:24AM +0300, Michael S. Tsirkin wrote:
> On Sat, Oct 15, 2016 at 03:47:45AM -0400, Paolo Bonzini wrote:
> > 
> > > > On Oct 14, 2016, at 11:56 AM, Paolo Bonzini <pbonzini@redhat.com> wrote:
> > > >>> 
> > > >>> 	for (i = 0; i <= 7; i++) {
> > > >>> -		pir_val = xchg(&pir[i], 0);
> > > >>> -		if (pir_val)
> > > >>> +		pir_val = READ_ONCE(pir[i]);
> > > >> 
> > > >> Out of curiosity, do you really need this READ_ONCE?
> > > > 
> > > > The answer can only be "depends on the compiler's whims". :)
> > > > If you think of READ_ONCE as a C11 relaxed atomic load, then yes.
> > > 
> > > Hm.. So the idea is to make the code "race-free” in the sense
> > > that every concurrent memory access is done using READ_ONCE/WRITE_ONCE?
> > > 
> > > If that is the case, I think there are many other cases that need to be
> > > changed, for example apic->irr_pending and vcpu->arch.pv.pv_unhalted.
> > 
> > There is no documentation for this in the kernel tree unfortunately.
> > But yes, I think we should do that.  Using READ_ONCE/WRITE_ONCE around
> > memory barriers is a start.
> > 
> > Paolo
> 
> I'm beginning to think that if a value is always (maybe except for init
> where we don't much care about the code size anyway) accessed through
> *_ONCE macros, we should just mark it volatile and be done with it. The
> code will look cleaner, and there will be less space for errors
> like forgetting *_ONCE macros.
> 
> Would such code (where all accesses are done through
> READ_ONCE/WRITE_ONCE otherwise) be an exception to
> volatile-considered-harmful.txt rules?
> 
> Cc Paul and Jonathan (for volatile-considered-harmful.txt).

One concern would be the guy reading the code, to whom it might not
be obvious that the underlying access was volatile, especially if
the reference was a few levels down.

							Thanx, Paul