Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp1930415imm; Thu, 12 Jul 2018 10:06:11 -0700 (PDT) X-Google-Smtp-Source: AAOMgpchzfmqCTJuorSVR7GiM9j/hqWExcxW+JrSkyqOeNBV48JVbuYshrE1HBOlXLwBXHOhTFFp X-Received: by 2002:a63:db05:: with SMTP id e5-v6mr2847052pgg.152.1531415171150; Thu, 12 Jul 2018 10:06:11 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1531415171; cv=none; d=google.com; s=arc-20160816; b=1COReB2mXYFJVjJJZ6vftzqDZu4tqsVBuksfCWPxlCtCrNRfSpZTLOOb8fSHHjQjnL SXyYwKqodtPEju7js1Wdnn4LO1NLClm56oLeodUQONuCA8A9pkrs3UfgFmnWwz++FLr8 qRFUsgN4sPMceTUqWWtPw2F2o1jvqtCnyiTAOYBgNJzTIwjjXd/MRjkIuwjHCRr6IHDW GMSe1EZyGA3AH9mbIgDnGp4adouwwzIaOmDoBGzwX99w6ybu6tK4Pp4SbyyrSuPXv1/J ZJF2u7NgSxkYNTHLqO06nHbZDtzmof53QkkEul3QP+j3aQFXaCD165x2xLomW9qAoUhx zNow== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:message-id:in-reply-to :subject:cc:to:from:date:arc-authentication-results; bh=JvAJU6NAIpOyMBzOY95VZobQNmD+WepD5VEmyf2ImHI=; b=f0R3TcXe4Ms6utkXzTKKunPUQpe1yTMpTJ6A9ovIsZoYH4KdiAeaBKrMlSHc5PNgFw krH/PQN9JxIka3LESOlxmhtovecrC9FxWG51U50IXPNsIYOyBOSNgKJwsKk8y2AK20GP JRL5FCYqcS6m1x8Nf9r99+SW9UwSerEeP740Ao8Qfub2KPf3S+smQq+1tv85VxS4mpgB uNhdrFE/ddWop224s3NsIbyGcIcziF8k9Bx1nev8I3VcPEzrp79kDUz+c8SiL7r62edo GnKQ3XQZ9em3JbQyOwZmFPVO0uF1LOt9GN8QmeE7huQYuL3HC2LAUq14HFapll6U8Uiz FKew== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id a24-v6si1282597pgh.357.2018.07.12.10.05.56; Thu, 12 Jul 2018 10:06:11 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732487AbeGLROx (ORCPT + 99 others); Thu, 12 Jul 2018 13:14:53 -0400 Received: from iolanthe.rowland.org ([192.131.102.54]:54786 "HELO iolanthe.rowland.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with SMTP id S1727037AbeGLROx (ORCPT ); Thu, 12 Jul 2018 13:14:53 -0400 Received: (qmail 29054 invoked by uid 2102); 12 Jul 2018 13:04:27 -0400 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 12 Jul 2018 13:04:27 -0400 Date: Thu, 12 Jul 2018 13:04:27 -0400 (EDT) From: Alan Stern X-X-Sender: stern@iolanthe.rowland.org To: Peter Zijlstra cc: Andrea Parri , Will Deacon , "Paul E. McKenney" , LKMM Maintainers -- Akira Yokosawa , Boqun Feng , Daniel Lustig , David Howells , Jade Alglave , Luc Maranget , Nicholas Piggin , Kernel development list , Linus Torvalds Subject: Re: [PATCH v2] tools/memory-model: Add extra ordering for locks and remove it for ordinary release/acquire In-Reply-To: <20180712134821.GT2494@hirez.programming.kicks-ass.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, 12 Jul 2018, Peter Zijlstra wrote: > > But again, these are stuble patterns, and my guess is that several/ > > most kernel developers really won't care about such guarantees (and > > if some will do, they'll have the tools to figure out what they can > > actually rely on ...) > > Yes it is subtle, yes most people won't care, however the problem is > that it is subtly the wrong way around. People expect causality, this is > a human failing perhaps, but that's how it is. > > And I strongly feel we should have our locks be such that they don't > subtly break things. > > Take for instance the pattern where RCU relies on RCsc locks, this is an > entirely simple and straight forward use of locks, yet completely fails > on this subtle point. Do you happen to remember exactly where in the kernel source this occurs? > And people will not even try and use complicated tools for apparently > simple things. They'll say, oh of course this simple thing will work > right. > > I'm still hoping we can convince the PowerPC people that they're wrong, > and get rid of this wart and just call all locks RCsc. It seems reasonable to ask people to learn that locks have stronger ordering guarantees than RMW atomics do. Maybe not the greatest situation in the world, but one I think we could live with. > > OTOH (as I pointed out earlier) the strengthening we're configuring > > will prevent some arch. (riscv being just the example of today!) to > > go "full RCpc", and this will inevitably "complicate" both the LKMM > > and the reviewing process of related changes (atomics, locking, ...; > > c.f., this debate), apparently, just because you ;-) want to "care" > > about these guarantees. > > It's not just me btw, Linus also cares about these matters. Widely used > primitives such as spinlocks, should not have subtle and > counter-intuitive behaviour such as RCpc. Which raises the question of whether RCtso (adopting Daniel's suggested term) is also too subtle or counter-intuitive for spinlocks. I wonder what Linus would say... > Anyway, back to the problem of being able to use the memory model to > describe locks. This is I think a useful property. > > My earlier reasoning was that: > > - smp_store_release() + smp_load_acquire() := RCpc > > - we use smp_store_release() as unlock() > > Therefore, if we want unlock+lock to imply at least TSO (ideally > smp_mb()) we need lock to make up for whatever unlock lacks. > > Hence my proposal to strenghten rmw-acquire, because that is the basic > primitive used to implement lock. That was essentially what the v2 patch did. (And my reasoning was basically the same as what you have just outlined. There was one additional element: smp_store_release() is already strong enough for TSO; the acquire is what needs to be stronger in the memory model.) > But as you (and Will) point out, we don't so much care about rmw-acquire > semantics as much as that we care about unlock+lock behaviour. Another > way to look at this is to define: > > smp-store-release + rmw-acquire := TSO (ideally smp_mb) > > But then we also have to look at: > > rmw-release + smp-load-acquire > rmw-release + rmw-acquire Let's assume that rmw-release is equivalent, in terms of ordering strength, to smp_store_release(). Then we can focus our attention on just the acquire part. On PowerPC, for instance, if spin_lock() used a full HWSYNC fence then unlock+lock would become RCsc -- even with no changes to spin_unlock(). > for completeness sake, and I would suggest they result in (at least) the > same (TSO) ordering as the one we really care about. > > One alternative is to no longer use smp_store_release() for unlock(), > and say define atomic_set_release() to be in the rmw-release class > instead of being a simple smp_store_release(). > > Another, and I like this proposal least, is to introduce a new barrier > to make this all work. This apparently boils down to two questions: Should spin_lock/spin_unlock be RCsc? Should rmw-acquire be strong enough so that smp_store_release + rmw-acquire is RCtso? If both answers are No, we end up with the v3 patch. If the first answer is No and the second is Yes, we end up with the v2 patch. The problem is that different people seem to want differing answers. (The implicit third question, "Should spin_lock/spin_unlock be RCtso?", seems to be pretty well settled at this point -- by Peter's and Will's vociferousness if nothing else -- despite Andrea's reservations. However I admit it would be nice to have one or two examples showing that the kernel really needs this.) Alan