Received: by 2002:a05:6a10:5bc5:0:0:0:0 with SMTP id os5csp883724pxb;
        Wed, 27 Oct 2021 14:25:53 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJyzcFQb4FBw/1KvBp3xpTw7ei7hesR8sYGIhX+AVTpvCcmibkCYpoxKkUq4SKHrfJusDEYY
X-Received: by 2002:a17:906:3956:: with SMTP id g22mr74489eje.572.1635369953398;
        Wed, 27 Oct 2021 14:25:53 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1635369953; cv=none;
        d=google.com; s=arc-20160816;
        b=PkdYhUr9UKFIf13axFwdlIMGLtT8+o/14BgbkDunt1ueAHtnWzAv4gdNCa7nehjckL
         yVOdxzYPA/SkrtLhTZfxc8Fp73PUBBFoW9gJuaNY8m22xjt2Astt34DETKRwLxQrPVO3
         fph7ss/yi+xt96D3xI2pCpXTKVswiQER+hxG+N0tyZsjjWJYM4JPI9XELJxT2C67B3qo
         nqJN33DoxyaIfwATxT560rLscqvXyiDPKRK9cVoA6Tv6DNr35EbFT2RCyEokL4+OuJsH
         zDhj/MUks+UD2NGhY91ok6HEIsI3Ez90eYdA83Eegh6uWCdMyVfHVoTRGm/tuqGnQRxK
         bXaA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-disposition:mime-version:message-id
         :subject:cc:to:from:date;
        bh=+VQgQst2y0953BQrkDJ71d2qVSS0Fge6mexzPWltjg0=;
        b=CT+Q/6goXruy3lL5sfsD523q5+7ixsQEDrIAdBQ9nr1X4d2mqdAkEoQNpZnAvT4zyD
         6yyrb7NSuQwbw34i31/FwFoeyUKbSrduNq/IgmwjN2qxkouEMgg3n1QLHDRCBjFcf3iy
         rLTtTF4+oY13eSzsvY4AdrXbOJFYCxwC4aNjn8RWXtnWGnU6IK+qIOZ9eqn5r6BYX4Pc
         ChrDgkpxhRsPuytZh99fpOyyhQmcrkB7ZTGlNJT6FSWSZLAQnGKAk57D7R8LkTmmbQf1
         Y+uZoN3iI2clq3MGUZYgGsqxMkzDslUzAG1OvPvlMT4UHqP8URIF2cn97bt14hzzyUcY
         cmxg==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=tum.de
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id c19si1122011edv.476.2021.10.27.14.25.24;
        Wed, 27 Oct 2021 14:25:53 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=tum.de
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S239293AbhJ0Kb2 (ORCPT <rfc822;lunatang2017@gmail.com>
        + 97 others); Wed, 27 Oct 2021 06:31:28 -0400
Received: from mail-out1.in.tum.de ([131.159.0.8]:46884 "EHLO
        mail-out1.informatik.tu-muenchen.de" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S231643AbhJ0Kb2 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 27 Oct 2021 06:31:28 -0400
X-Greylist: delayed 550 seconds by postgrey-1.27 at vger.kernel.org; Wed, 27 Oct 2021 06:31:27 EDT
Received: from mailrelay1.rbg.tum.de (mailrelay1.in.tum.de [131.159.254.14])
        by mail-out1.informatik.tu-muenchen.de (Postfix) with ESMTP id C77A12401CC;
        Wed, 27 Oct 2021 12:19:51 +0200 (CEST)
Received: by mailrelay1.rbg.tum.de (Postfix, from userid 112)
        id C482F172; Wed, 27 Oct 2021 12:19:51 +0200 (CEST)
Received: from mailrelay1.rbg.tum.de (localhost [127.0.0.1])
        by mailrelay1.rbg.tum.de (Postfix) with ESMTP id A18D216F;
        Wed, 27 Oct 2021 12:19:51 +0200 (CEST)
Received: from mail.in.tum.de (mailproxy.in.tum.de [IPv6:2a09:80c0::78])
        by mailrelay1.rbg.tum.de (Postfix) with ESMTPS id 9E068B7;
        Wed, 27 Oct 2021 12:19:51 +0200 (CEST)
Received: by mail.in.tum.de (Postfix, from userid 112)
        id 99BF84A046E; Wed, 27 Oct 2021 12:19:51 +0200 (CEST)
Received: (Authenticated sender: heidekrp)
        by mail.in.tum.de (Postfix) with ESMTPSA id 836554A040D;
        Wed, 27 Oct 2021 12:19:50 +0200 (CEST)
        (Extended-Queue-bit tech_zfnoy@fff.in.tum.de)
Date:   Wed, 27 Oct 2021 12:19:48 +0200
From:   Paul =?iso-8859-1?Q?Heidekr=FCger?= <paul.heidekrueger@in.tum.de>
To:     paulmck@kernel.org, will@kernel.org, peterz@infradead.org,
        boqun.feng@gmail.com, stern@rowland.harvard.edu,
        parri.andrea@gmail.com, linux-kernel@vger.kernel.org,
        llvm@lists.linux.dev
Cc:     elver@google.com, charalampos.mainas@gmail.com,
        pramod.bhatotia@in.tum.de
Subject: Potentially Broken Address Dependency via test_bit() When Compiling
 With Clang
Message-ID: <YXknxGFjvaB46d/p@Pauls-MacBook-Pro>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Hi all,

For my bachelor thesis, I have been working on the infamous problem of 
potentially broken dependency orderings in the Linux kernel. I'm being 
advised by Marco Elver, Charalampos Mainas, Pramod Bhatotia (Cc'd).

For context, see: 
https://linuxplumbersconf.org/event/7/contributions/821/attachments/598/1075/LPC_2020_--_Dependency_ordering.pdf

Our approach consists of two LLVM compiler passes which annotate 
dependencies in unoptimised intermediate representation (IR) and verify 
the annotated dependencies in optimised IR. ATM, the passes only 
recognise a subset of address dependencies - everything is still WIP ;-)

We have been cross-compiling with a slightly modified version of 
allyesconfig for arm64, and the passes have now found a case that we 
would like to share with LKML for feedback: an address dependency being 
broken (?) through compiler optimisations in 
fs/afs/addr_list.c::afs_iterate_addresses().

Address dependency in source code, lines 373 - 375 in fs/afs/addr_list.c:

> [...]
>   index = READ_ONCE(ac->alist->preferred);
>   if (test_bit(index, &set))
>     goto selected;
> [...]

where test_bit() expands to the following in 
include/asm-generic/bitops/non-atomic.h, lines 115 - 122:

> static __always_inline int
> arch_test_bit(unsigned int nr, const volatile unsigned long *addr)
> {
>   return 1UL & (addr[BIT_WORD(nr)] >> (nr & (BITS_PER_LONG-1)));
> }
> #define test_bit arch_test_bit

The address dependency gets preserved in unoptimised IR since the virtual register %33 transitively depends on %28:

> %28 = load volatile i8, i8* %preferred, align 2, !annotation !15
> store i8 %28, i8* %tmp21, align 1
> %29 = load i8, i8* %tmp21, align 1
> %conv23 = zext i8 %29 to i32
> store i32 %conv23, i32* %index, align 4
> %30 = load i32, i32* %index, align 4
> store i32 %30, i32* %nr.addr.i, align 4
> store i64* %set, i64** %addr.addr.i, align 8
> %31 = load i64*, i64** %addr.addr.i, align 8
> %32 = load i32, i32* %nr.addr.i, align 4
> %div.i = udiv i32 %32, 64
> %idxprom.i = zext i32 %div.i to i64
> %arrayidx.i = getelementptr i64, i64* %31, i64 %idxprom.i
> %33 = load volatile i64, i64* %arrayidx.i, align 8, !annotation !16

In optimised IR, there is no dependency between the two volatile loads 
anymore:

> %11 = load volatile i8, i8* %preferred, align 2, !annotation !19
> %conv25 = zext i8 %11 to i32
> %set.0. = load volatile i64, i64* %set, align 8

Now, since @nr traces back to the READ_ONCE() to @index, does this make 
the load from @addr in test_bit() address-dependent on that READ_ONCE()? 
Should the load from @addr therefore be ordered against the READ_ONCE()?

Many thanks,
Paul