On Tue, Nov 03, 2020 at 12:17:21PM +0000, Will Deacon wrote:
> When building with LTO, there is an increased risk of the compiler
> converting an address dependency headed by a READ_ONCE() invocation
> into a control dependency and consequently allowing for harmful
> reordering by the CPU.
>
> Ensure that such transformations are harmless by overriding the generic
> READ_ONCE() definition with one that provides acquire semantics when
> building with LTO.
>
> Acked-by: Peter Zijlstra (Intel) <pet...@infradead.org>
> Signed-off-by: Will Deacon <w...@kernel.org>
[...]
Could we add a note above __READ_ONCE() along the lines of the commit
message, e.g.
/*
* With LTO a compiler might convert an address dependency headed by a
* READ_ONCE() into a control dependency, allowing for harmful
* reordering by the CPU.
*
* To prevent this, upgrade READ_OONCE() to provide acquire semantics
* when building with LTO.
*/
Either way:
Acked-by: Mark Rutland <mark.rutl...@arm.com>
Mark
> +#define __READ_ONCE(x)
> \
> +({ \
> + typeof(&(x)) __x = &(x); \
> + int atomic = 1; \
> + union { __unqual_scalar_typeof(*__x) __val; char __c[1]; } __u; \
> + switch (sizeof(x)) { \
> + case 1: \
> + asm volatile(__LOAD_RCPC(b, %w0, %1) \
> + : "=r" (*(__u8 *)__u.__c) \
> + : "Q" (*__x) : "memory"); \
> + break; \
> + case 2: \
> + asm volatile(__LOAD_RCPC(h, %w0, %1) \
> + : "=r" (*(__u16 *)__u.__c) \
> + : "Q" (*__x) : "memory"); \
> + break; \
> + case 4: \
> + asm volatile(__LOAD_RCPC(, %w0, %1) \
> + : "=r" (*(__u32 *)__u.__c) \
> + : "Q" (*__x) : "memory"); \
> + break; \
> + case 8: \
> + asm volatile(__LOAD_RCPC(, %0, %1) \
> + : "=r" (*(__u64 *)__u.__c) \
> + : "Q" (*__x) : "memory"); \
> + break; \
> + default: \
> + atomic = 0; \
> + } \
> + atomic ? (typeof(*__x))__u.__val : (*(volatile typeof(__x))__x);\
> +})
