Current futex atomic operations are implemented with ll/sc instructions
and clearing PSTATE.PAN.
Since Armv9.6, FEAT_LSUI supplies not only load/store instructions but
also atomic operation for user memory access in kernel it doesn't need
to clear PSTATE.PAN bit anymore.
With theses instructions some of futex atomic operations don't need to
be implmented with ldxr/stlxr pair instead can be implmented with
one atomic operation supplied by FEAT_LSUI.
However, some of futex atomic operation don't have matched
instructuion i.e) eor or cmpxchg with word size.
For those operation, uses cas{al}t to implement them.
Signed-off-by: Yeoreum Yun <yeoreum.yun@arm.com>
---
arch/arm64/include/asm/futex.h | 136 ++++++++++++++++++++++++++++++++-
1 file changed, 135 insertions(+), 1 deletion(-)
diff --git a/arch/arm64/include/asm/futex.h b/arch/arm64/include/asm/futex.h
index f8cb674bdb3f..683291700ff5 100644
--- a/arch/arm64/include/asm/futex.h
+++ b/arch/arm64/include/asm/futex.h
@@ -9,6 +9,8 @@
#include <linux/uaccess.h>
#include <linux/stringify.h>
+#include <asm/alternative.h>
+#include <asm/alternative-macros.h>
#include <asm/errno.h>
#define FUTEX_MAX_LOOPS 128 /* What's the largest number you can think of? */
@@ -86,11 +88,143 @@ __llsc_futex_cmpxchg(u32 __user *uaddr, u32 oldval, u32 newval, u32 *oval)
return ret;
}
+#ifdef CONFIG_AS_HAS_LSUI
+
+/*
+ * When the LSUI feature is present, the CPU also implements PAN, because
+ * FEAT_PAN has been mandatory since Armv8.1. Therefore, there is no need to
+ * call uaccess_ttbr0_enable()/uaccess_ttbr0_disable() around each LSUI
+ * operation.
+ */
+
+#define __LSUI_PREAMBLE ".arch_extension lsui\n"
+
+#define LSUI_FUTEX_ATOMIC_OP(op, asm_op, mb) \
+static __always_inline int \
+__lsui_futex_atomic_##op(int oparg, u32 __user *uaddr, int *oval) \
+{ \
+ int ret = 0; \
+ int oldval; \
+ \
+ asm volatile("// __lsui_futex_atomic_" #op "\n" \
+ __LSUI_PREAMBLE \
+"1: " #asm_op #mb " %w3, %w2, %1\n" \
+"2:\n" \
+ _ASM_EXTABLE_UACCESS_ERR(1b, 2b, %w0) \
+ : "+r" (ret), "+Q" (*uaddr), "=r" (oldval) \
+ : "r" (oparg) \
+ : "memory"); \
+ \
+ if (!ret) \
+ *oval = oldval; \
+ \
+ return ret; \
+}
+
+LSUI_FUTEX_ATOMIC_OP(add, ldtadd, al)
+LSUI_FUTEX_ATOMIC_OP(or, ldtset, al)
+LSUI_FUTEX_ATOMIC_OP(andnot, ldtclr, al)
+LSUI_FUTEX_ATOMIC_OP(set, swpt, al)
+
+static __always_inline int
+__lsui_cmpxchg64(u64 __user *uaddr, u64 *oldval, u64 newval)
+{
+ int ret = 0;
+
+ asm volatile("// __lsui_cmpxchg64\n"
+ __LSUI_PREAMBLE
+"1: casalt %x2, %x3, %1\n"
+"2:\n"
+ _ASM_EXTABLE_UACCESS_ERR(1b, 2b, %w0)
+ : "+r" (ret), "+Q" (*uaddr), "+r" (*oldval)
+ : "r" (newval)
+ : "memory");
+
+ return ret;
+}
+
+static __always_inline int
+__lsui_cmpxchg32(u32 __user *uaddr, u32 oldval, u32 newval, u32 *oval)
+{
+ u64 __user *uaddr_al;
+ u64 oval64, nval64, tmp;
+ static const u64 hi_mask = IS_ENABLED(CONFIG_CPU_LITTLE_ENDIAN) ?
+ GENMASK_U64(63, 32): GENMASK_U64(31, 0);
+ static const u8 hi_shift = IS_ENABLED(CONFIG_CPU_LITTLE_ENDIAN) ? 32 : 0;
+ static const u8 lo_shift = IS_ENABLED(CONFIG_CPU_LITTLE_ENDIAN) ? 0 : 32;
+
+ uaddr_al = (u64 __user *) PTR_ALIGN_DOWN(uaddr, sizeof(u64));
+ if (get_user(oval64, uaddr_al))
+ return -EFAULT;
+
+ if ((u32 __user *)uaddr_al != uaddr) {
+ nval64 = ((oval64 & ~hi_mask) | ((u64)newval << hi_shift));
+ oval64 = ((oval64 & ~hi_mask) | ((u64)oldval << hi_shift));
+ } else {
+ nval64 = ((oval64 & hi_mask) | ((u64)newval << lo_shift));
+ oval64 = ((oval64 & hi_mask) | ((u64)oldval << lo_shift));
+ }
+
+ tmp = oval64;
+
+ if (__lsui_cmpxchg64(uaddr_al, &oval64, nval64))
+ return -EFAULT;
+
+ if (tmp != oval64)
+ return -EAGAIN;
+
+ *oval = oldval;
+
+ return 0;
+}
+
+static __always_inline int
+__lsui_futex_atomic_and(int oparg, u32 __user *uaddr, int *oval)
+{
+ return __lsui_futex_atomic_andnot(~oparg, uaddr, oval);
+}
+
+static __always_inline int
+__lsui_futex_atomic_eor(int oparg, u32 __user *uaddr, int *oval)
+{
+ u32 oldval, newval;
+
+ /*
+ * there are no ldteor/stteor instructions...
+ */
+ if (get_user(oldval, uaddr))
+ return -EFAULT;
+
+ newval = oldval ^ oparg;
+
+ return __lsui_cmpxchg32(uaddr, oldval, newval, oval);
+
+}
+
+static __always_inline int
+__lsui_futex_cmpxchg(u32 __user *uaddr, u32 oldval, u32 newval, u32 *oval)
+{
+ return __lsui_cmpxchg32(uaddr, oldval, newval, oval);
+}
+
+#define __lsui_llsc_body(op, ...) \
+({ \
+ alternative_has_cap_likely(ARM64_HAS_LSUI) ? \
+ __lsui_##op(__VA_ARGS__) : __llsc_##op(__VA_ARGS__); \
+})
+
+#else /* CONFIG_AS_HAS_LSUI */
+
+#define __lsui_llsc_body(op, ...) __llsc_##op(__VA_ARGS__)
+
+#endif /* CONFIG_AS_HAS_LSUI */
+
+
#define FUTEX_ATOMIC_OP(op) \
static __always_inline int \
__futex_atomic_##op(int oparg, u32 __user *uaddr, int *oval) \
{ \
- return __llsc_futex_atomic_##op(oparg, uaddr, oval); \
+ return __lsui_llsc_body(futex_atomic_##op, oparg, uaddr, oval); \
}
FUTEX_ATOMIC_OP(add)
--
LEVI:{C3F47F37-75D8-414A-A8BA-3980EC8A46D7}On Wed, Sep 17, 2025 at 12:08:38PM +0100, Yeoreum Yun wrote:
> +static __always_inline int
> +__lsui_cmpxchg64(u64 __user *uaddr, u64 *oldval, u64 newval)
> +{
> + int ret = 0;
> +
> + asm volatile("// __lsui_cmpxchg64\n"
> + __LSUI_PREAMBLE
> +"1: casalt %x2, %x3, %1\n"
> +"2:\n"
> + _ASM_EXTABLE_UACCESS_ERR(1b, 2b, %w0)
> + : "+r" (ret), "+Q" (*uaddr), "+r" (*oldval)
> + : "r" (newval)
> + : "memory");
> +
> + return ret;
> +}
> +
> +static __always_inline int
> +__lsui_cmpxchg32(u32 __user *uaddr, u32 oldval, u32 newval, u32 *oval)
> +{
> + u64 __user *uaddr_al;
Please use 'uaddr64' to match the other 64-bit variables.
I assume that the '_al' suffix is meant to be short for 'aligned', but I
think using '64' is more consistent and clearer.
> + u64 oval64, nval64, tmp;
Likewise, 'orig64' would be clearer than 'tmp' here.
> + static const u64 hi_mask = IS_ENABLED(CONFIG_CPU_LITTLE_ENDIAN) ?
> + GENMASK_U64(63, 32): GENMASK_U64(31, 0);
> + static const u8 hi_shift = IS_ENABLED(CONFIG_CPU_LITTLE_ENDIAN) ? 32 : 0;
> + static const u8 lo_shift = IS_ENABLED(CONFIG_CPU_LITTLE_ENDIAN) ? 0 : 32;
> +
> + uaddr_al = (u64 __user *) PTR_ALIGN_DOWN(uaddr, sizeof(u64));
> + if (get_user(oval64, uaddr_al))
> + return -EFAULT;
> +
> + if ((u32 __user *)uaddr_al != uaddr) {
> + nval64 = ((oval64 & ~hi_mask) | ((u64)newval << hi_shift));
> + oval64 = ((oval64 & ~hi_mask) | ((u64)oldval << hi_shift));
> + } else {
> + nval64 = ((oval64 & hi_mask) | ((u64)newval << lo_shift));
> + oval64 = ((oval64 & hi_mask) | ((u64)oldval << lo_shift));
> + }
> +
> + tmp = oval64;
> +
> + if (__lsui_cmpxchg64(uaddr_al, &oval64, nval64))
> + return -EFAULT;
> +
> + if (tmp != oval64)
> + return -EAGAIN;
This means that we'll immediately return -EAGAIN upon a spurious failure
(where the adjacent 4 bytes have changed), whereas the LL/SC ops would
retry FUTEX_MAX_LOOPS before returning -EGAIN.
I suspect we want to retry here (or in the immediate caller).
> +
> + *oval = oldval;
> +
> + return 0;
> +}
Aside from the retry issue, I *think* you can simplify this to something
like:
static __always_inline int
__lsui_cmpxchg32(u32 __user *uaddr, u32 oldval, u32 newval, u32 *oval)
{
uaddr64 = (u64 __user *)PTR_ALIGN_DOWN(uaddr, sizeof(u64));
u64 oval64, nval64, orig64;
if (get_user(oval64, uaddr64)
return -EFAULT;
if (IS_ALIGNED(addr, sizeof(u64)) == IS_ENABLED(CONFIG_CPU_LITTLE_ENDIAN)) {
FIELD_MODIFY(GENMASK_U64(31, 0), &oval64, oldval);
FIELD_MODIFY(GENMASK_U64(31, 0), &nval64, newval);
} else {
FIELD_MODIFY(GENMASK_U64(63, 32), &oval64, oldval);
FIELD_MODIFY(GENMASK_U64(63, 32), &nval64, newval);
}
orig64 = oval64;
if (__lsui_cmpxchg64(uaddr_al, &oval64, nval64))
return -EFAULT;
if (oval64 != orig64)
return -EAGAIN;
*oval = oldval;
return 0;
}
Mark.
> +
> +static __always_inline int
> +__lsui_futex_atomic_and(int oparg, u32 __user *uaddr, int *oval)
> +{
> + return __lsui_futex_atomic_andnot(~oparg, uaddr, oval);
> +}
> +
> +static __always_inline int
> +__lsui_futex_atomic_eor(int oparg, u32 __user *uaddr, int *oval)
> +{
> + u32 oldval, newval;
> +
> + /*
> + * there are no ldteor/stteor instructions...
> + */
> + if (get_user(oldval, uaddr))
> + return -EFAULT;
> +
> + newval = oldval ^ oparg;
> +
> + return __lsui_cmpxchg32(uaddr, oldval, newval, oval);
> +
> +}
> +
> +static __always_inline int
> +__lsui_futex_cmpxchg(u32 __user *uaddr, u32 oldval, u32 newval, u32 *oval)
> +{
> + return __lsui_cmpxchg32(uaddr, oldval, newval, oval);
> +}
> +
> +#define __lsui_llsc_body(op, ...) \
> +({ \
> + alternative_has_cap_likely(ARM64_HAS_LSUI) ? \
> + __lsui_##op(__VA_ARGS__) : __llsc_##op(__VA_ARGS__); \
> +})
> +
> +#else /* CONFIG_AS_HAS_LSUI */
> +
> +#define __lsui_llsc_body(op, ...) __llsc_##op(__VA_ARGS__)
> +
> +#endif /* CONFIG_AS_HAS_LSUI */
> +
> +
> #define FUTEX_ATOMIC_OP(op) \
> static __always_inline int \
> __futex_atomic_##op(int oparg, u32 __user *uaddr, int *oval) \
> { \
> - return __llsc_futex_atomic_##op(oparg, uaddr, oval); \
> + return __lsui_llsc_body(futex_atomic_##op, oparg, uaddr, oval); \
> }
>
> FUTEX_ATOMIC_OP(add)
> --
> LEVI:{C3F47F37-75D8-414A-A8BA-3980EC8A46D7}
>
[...]
> static __always_inline int
> __lsui_cmpxchg32(u32 __user *uaddr, u32 oldval, u32 newval, u32 *oval)
> {
> uaddr64 = (u64 __user *)PTR_ALIGN_DOWN(uaddr, sizeof(u64));
> u64 oval64, nval64, orig64;
>
> if (get_user(oval64, uaddr64)
> return -EFAULT;
>
> if (IS_ALIGNED(addr, sizeof(u64)) == IS_ENABLED(CONFIG_CPU_LITTLE_ENDIAN)) {
> FIELD_MODIFY(GENMASK_U64(31, 0), &oval64, oldval);
> FIELD_MODIFY(GENMASK_U64(31, 0), &nval64, newval);
> } else {
> FIELD_MODIFY(GENMASK_U64(63, 32), &oval64, oldval);
> FIELD_MODIFY(GENMASK_U64(63, 32), &nval64, newval);
> }
> orig64 = oval64;
>
> if (__lsui_cmpxchg64(uaddr_al, &oval64, nval64))
> return -EFAULT;
>
> if (oval64 != orig64)
> return -EAGAIN;
>
> *oval = oldval;
> return 0;
> }
Oh, I misread the condition. Thanks for your suggetion.
Please ignore my previous email.
--
Sincerely,
Yeoreum Yun
Hi Mark,
> On Wed, Sep 17, 2025 at 12:08:38PM +0100, Yeoreum Yun wrote:
> > +static __always_inline int
> > +__lsui_cmpxchg64(u64 __user *uaddr, u64 *oldval, u64 newval)
> > +{
> > + int ret = 0;
> > +
> > + asm volatile("// __lsui_cmpxchg64\n"
> > + __LSUI_PREAMBLE
> > +"1: casalt %x2, %x3, %1\n"
> > +"2:\n"
> > + _ASM_EXTABLE_UACCESS_ERR(1b, 2b, %w0)
> > + : "+r" (ret), "+Q" (*uaddr), "+r" (*oldval)
> > + : "r" (newval)
> > + : "memory");
> > +
> > + return ret;
> > +}
> > +
> > +static __always_inline int
> > +__lsui_cmpxchg32(u32 __user *uaddr, u32 oldval, u32 newval, u32 *oval)
> > +{
> > + u64 __user *uaddr_al;
>
> Please use 'uaddr64' to match the other 64-bit variables.
>
> I assume that the '_al' suffix is meant to be short for 'aligned', but I
> think using '64' is more consistent and clearer.
>
> > + u64 oval64, nval64, tmp;
>
> Likewise, 'orig64' would be clearer than 'tmp' here.
Thanks for your suggestion.
>
> > + static const u64 hi_mask = IS_ENABLED(CONFIG_CPU_LITTLE_ENDIAN) ?
> > + GENMASK_U64(63, 32): GENMASK_U64(31, 0);
> > + static const u8 hi_shift = IS_ENABLED(CONFIG_CPU_LITTLE_ENDIAN) ? 32 : 0;
> > + static const u8 lo_shift = IS_ENABLED(CONFIG_CPU_LITTLE_ENDIAN) ? 0 : 32;
> > +
> > + uaddr_al = (u64 __user *) PTR_ALIGN_DOWN(uaddr, sizeof(u64));
> > + if (get_user(oval64, uaddr_al))
> > + return -EFAULT;
> > +
> > + if ((u32 __user *)uaddr_al != uaddr) {
> > + nval64 = ((oval64 & ~hi_mask) | ((u64)newval << hi_shift));
> > + oval64 = ((oval64 & ~hi_mask) | ((u64)oldval << hi_shift));
> > + } else {
> > + nval64 = ((oval64 & hi_mask) | ((u64)newval << lo_shift));
> > + oval64 = ((oval64 & hi_mask) | ((u64)oldval << lo_shift));
> > + }
> > +
> > + tmp = oval64;
> > +
> > + if (__lsui_cmpxchg64(uaddr_al, &oval64, nval64))
> > + return -EFAULT;
> > +
> > + if (tmp != oval64)
> > + return -EAGAIN;
>
> This means that we'll immediately return -EAGAIN upon a spurious failure
> (where the adjacent 4 bytes have changed), whereas the LL/SC ops would
> retry FUTEX_MAX_LOOPS before returning -EGAIN.
>
> I suspect we want to retry here (or in the immediate caller).
Right. I've thought about it but at the time of writing,
I return -EAGAIN immediately. Let's wait for other people's comments.
>
> > +
> > + *oval = oldval;
> > +
> > + return 0;
> > +}
>
> Aside from the retry issue, I *think* you can simplify this to something
> like:
>
> static __always_inline int
> __lsui_cmpxchg32(u32 __user *uaddr, u32 oldval, u32 newval, u32 *oval)
> {
> uaddr64 = (u64 __user *)PTR_ALIGN_DOWN(uaddr, sizeof(u64));
> u64 oval64, nval64, orig64;
>
> if (get_user(oval64, uaddr64)
> return -EFAULT;
>
> if (IS_ALIGNED(addr, sizeof(u64)) == IS_ENABLED(CONFIG_CPU_LITTLE_ENDIAN)) {
> FIELD_MODIFY(GENMASK_U64(31, 0), &oval64, oldval);
> FIELD_MODIFY(GENMASK_U64(31, 0), &nval64, newval);
> } else {
> FIELD_MODIFY(GENMASK_U64(63, 32), &oval64, oldval);
> FIELD_MODIFY(GENMASK_U64(63, 32), &nval64, newval);
> }
> orig64 = oval64;
>
> if (__lsui_cmpxchg64(uaddr_al, &oval64, nval64))
> return -EFAULT;
>
> if (oval64 != orig64)
> return -EAGAIN;
>
> *oval = oldval;
> return 0;
> }
Hmm I think this wouldn'b cover the case below when big-endianess used.
struct {
u32 others 0x55667788;
u32 futex = 0x11223344;
};
In this case, memory layout would be:
55 66 77 88 11 22 33 44
So, the value of fetched oval64 is 0x5566778811223344;
So, it should modify the GENMASK_U64(31, 0) fields.
But, it tries to modify GENMASK_U64(63, 32) fields.
Thanks!
[...]
--
Sincerely,
Yeoreum Yun
Hi Mark,
[...]
> > > + static const u64 hi_mask = IS_ENABLED(CONFIG_CPU_LITTLE_ENDIAN) ?
> > > + GENMASK_U64(63, 32): GENMASK_U64(31, 0);
> > > + static const u8 hi_shift = IS_ENABLED(CONFIG_CPU_LITTLE_ENDIAN) ? 32 : 0;
> > > + static const u8 lo_shift = IS_ENABLED(CONFIG_CPU_LITTLE_ENDIAN) ? 0 : 32;
> > > +
> > > + uaddr_al = (u64 __user *) PTR_ALIGN_DOWN(uaddr, sizeof(u64));
> > > + if (get_user(oval64, uaddr_al))
> > > + return -EFAULT;
> > > +
> > > + if ((u32 __user *)uaddr_al != uaddr) {
> > > + nval64 = ((oval64 & ~hi_mask) | ((u64)newval << hi_shift));
> > > + oval64 = ((oval64 & ~hi_mask) | ((u64)oldval << hi_shift));
> > > + } else {
> > > + nval64 = ((oval64 & hi_mask) | ((u64)newval << lo_shift));
> > > + oval64 = ((oval64 & hi_mask) | ((u64)oldval << lo_shift));
> > > + }
> > > +
> > > + tmp = oval64;
> > > +
> > > + if (__lsui_cmpxchg64(uaddr_al, &oval64, nval64))
> > > + return -EFAULT;
> > > +
> > > + if (tmp != oval64)
> > > + return -EAGAIN;
> >
> > This means that we'll immediately return -EAGAIN upon a spurious failure
> > (where the adjacent 4 bytes have changed), whereas the LL/SC ops would
> > retry FUTEX_MAX_LOOPS before returning -EGAIN.
> >
> > I suspect we want to retry here (or in the immediate caller).
>
> Right. I've thought about it but at the time of writing,
> I return -EAGAIN immediately. Let's wait for other people's comments.
When I get step back, I found my thougt was wrong as you point out.
So, what about this?
static __always_inline int
__lsui_cmpxchg32(u32 __user *uaddr, u32 oldval, u32 newval, u32 *oval)
{
u64 __user *uaddr64;
bool futex_on_lo;
int ret = -EAGAIN, i;
u32 other, orig_other;
union {
struct futex_on_lo {
u32 val;
u32 other;
} lo_futex;
struct futex_on_hi {
u32 other;
u32 val;
} hi_futex;
u64 raw;
} oval64, orig64, nval64;
uaddr64 = (u64 __user *) PTR_ALIGN_DOWN(uaddr, sizeof(u64));
futex_on_lo = (IS_ALIGNED((unsigned long)uaddr, sizeof(u64)) ==
IS_ENABLED(CONFIG_CPU_LITTLE_ENDIAN));
for (i = 0; i < FUTEX_MAX_LOOPS; i++) {
if (get_user(oval64.raw, uaddr64))
return -EFAULT;
nval64.raw = oval64.raw;
if (futex_on_lo) {
oval64.lo_futex.val = oldval;
nval64.lo_futex.val = newval;
} else {
oval64.hi_futex.val = oldval;
nval64.hi_futex.val = newval;
}
orig64.raw = oval64.raw;
if (__lsui_cmpxchg64(uaddr64, &oval64.raw, nval64.raw))
return -EFAULT;
if (futex_on_lo) {
oldval = oval64.lo_futex.val;
other = oval64.lo_futex.other;
orig_other = orig64.lo_futex.other;
} else {
oldval = oval64.hi_futex.val;
other = oval64.hi_futex.other;
orig_other = orig64.hi_futex.other;
}
if (other == orig_other) {
ret = 0;
break;
}
}
if (!ret)
*oval = oldval;
return ret;
}
Unfortunately, if there was high competition on "other"
I think return -EAGAIN is the best efforts..
Am I missing something?
Thanks.
--
Sincerely,
Yeoreum Yun
On Wed, Sep 17, 2025 at 02:35:09PM +0100, Yeoreum Yun wrote:
> Hi Mark,
Hi Levi,
Please can you keep the relevant reply headers (i.e. the bit that says
"On ${DATE} ${PERSON} wrote:")? You kept yours from your first reply,
but dropped mine from the reply you're replying to, which is a bit
awkward for anyone following the thread.
> > Aside from the retry issue, I *think* you can simplify this to something
> > like:
> >
> > static __always_inline int
> > __lsui_cmpxchg32(u32 __user *uaddr, u32 oldval, u32 newval, u32 *oval)
> > {
> > uaddr64 = (u64 __user *)PTR_ALIGN_DOWN(uaddr, sizeof(u64));
> > u64 oval64, nval64, orig64;
> >
> > if (get_user(oval64, uaddr64)
> > return -EFAULT;
> >
> > if (IS_ALIGNED(addr, sizeof(u64)) == IS_ENABLED(CONFIG_CPU_LITTLE_ENDIAN)) {
Note: typo here, this should be 'uaddr', not 'addr'. Importantly it is
*NOT* 'uaddr64'
> > FIELD_MODIFY(GENMASK_U64(31, 0), &oval64, oldval);
> > FIELD_MODIFY(GENMASK_U64(31, 0), &nval64, newval);
> > } else {
> > FIELD_MODIFY(GENMASK_U64(63, 32), &oval64, oldval);
> > FIELD_MODIFY(GENMASK_U64(63, 32), &nval64, newval);
> > }
> > orig64 = oval64;
> >
> > if (__lsui_cmpxchg64(uaddr_al, &oval64, nval64))
> > return -EFAULT;
> >
> > if (oval64 != orig64)
> > return -EAGAIN;
> >
> > *oval = oldval;
> > return 0;
> > }
>
> Hmm I think this wouldn'b cover the case below when big-endianess used.
>
> struct {
> u32 others 0x55667788;
> u32 futex = 0x11223344;
> };
>
> In this case, memory layout would be:
>
> 55 66 77 88 11 22 33 44
>
> So, the value of fetched oval64 is 0x5566778811223344;
Ok, so the entire struct is aligned to 8 bytes, and the 'futex' field is
4 bytes after that (and not itself aligned to 8 bytes). In that case:
IS_ALIGNED(uaddr, sizeof(u64)) is false, becuase 'futex' is not
aligned to 8 bytes.
IS_ENABLED(CONFIG_CPU_LITTLE_ENDIAN) is false, since this is
big-endian.
... so the condition becomes:
if (false == false)
... which is true, and hence we execute the first branch:
FIELD_MODIFY(GENMASK_U64(31, 0), &oval64, oldval);
FIELD_MODIFY(GENMASK_U64(31, 0), &nval64, newval);
> So, it should modify the GENMASK_U64(31, 0) fields.
> But, it tries to modify GENMASK_U64(63, 32) fields.
As above, I think the code does the right thing in this case, but the
typo didn't help -- sorry about that.
Mark.
Hi Mark,
[...]
> > > FIELD_MODIFY(GENMASK_U64(31, 0), &oval64, oldval);
> > > FIELD_MODIFY(GENMASK_U64(31, 0), &nval64, newval);
> > > } else {
> > > FIELD_MODIFY(GENMASK_U64(63, 32), &oval64, oldval);
> > > FIELD_MODIFY(GENMASK_U64(63, 32), &nval64, newval);
> > > }
> > > orig64 = oval64;
> > >
> > > if (__lsui_cmpxchg64(uaddr_al, &oval64, nval64))
> > > return -EFAULT;
> > >
> > > if (oval64 != orig64)
> > > return -EAGAIN;
> > >
> > > *oval = oldval;
> > > return 0;
> > > }
> >
> > Hmm I think this wouldn'b cover the case below when big-endianess used.
> >
> > struct {
> > u32 others 0x55667788;
> > u32 futex = 0x11223344;
> > };
> >
> > In this case, memory layout would be:
> >
> > 55 66 77 88 11 22 33 44
> >
> > So, the value of fetched oval64 is 0x5566778811223344;
>
> Ok, so the entire struct is aligned to 8 bytes, and the 'futex' field is
> 4 bytes after that (and not itself aligned to 8 bytes). In that case:
[...]
Sorry and thanks for explation. I've misread the condition as
if (IS_ALIGNED(uaddr, sizeof(64) && IS_ENABLED(CONFIG_CPU_LITTLE_ENDIAN)
Again. sorry for my bad eyes :\
[...]
--
Sincerely,
Yeoreum Yun
Hi,
> +LSUI_FUTEX_ATOMIC_OP(add, ldtadd, al)
> +LSUI_FUTEX_ATOMIC_OP(or, ldtset, al)
> +LSUI_FUTEX_ATOMIC_OP(andnot, ldtclr, al)
> +LSUI_FUTEX_ATOMIC_OP(set, swpt, al)
> +
> +static __always_inline int
> +__lsui_cmpxchg64(u64 __user *uaddr, u64 *oldval, u64 newval)
> +{
> + int ret = 0;
> +
> + asm volatile("// __lsui_cmpxchg64\n"
> + __LSUI_PREAMBLE
> +"1: casalt %x2, %x3, %1\n"
> +"2:\n"
> + _ASM_EXTABLE_UACCESS_ERR(1b, 2b, %w0)
> + : "+r" (ret), "+Q" (*uaddr), "+r" (*oldval)
> + : "r" (newval)
> + : "memory");
> +
> + return ret;
> +}
> +
> +static __always_inline int
> +__lsui_cmpxchg32(u32 __user *uaddr, u32 oldval, u32 newval, u32 *oval)
> +{
> + u64 __user *uaddr_al;
> + u64 oval64, nval64, tmp;
> + static const u64 hi_mask = IS_ENABLED(CONFIG_CPU_LITTLE_ENDIAN) ?
> + GENMASK_U64(63, 32): GENMASK_U64(31, 0);
> + static const u8 hi_shift = IS_ENABLED(CONFIG_CPU_LITTLE_ENDIAN) ? 32 : 0;
> + static const u8 lo_shift = IS_ENABLED(CONFIG_CPU_LITTLE_ENDIAN) ? 0 : 32;
> +
> + uaddr_al = (u64 __user *) PTR_ALIGN_DOWN(uaddr, sizeof(u64));
> + if (get_user(oval64, uaddr_al))
> + return -EFAULT;
> +
> + if ((u32 __user *)uaddr_al != uaddr) {
> + nval64 = ((oval64 & ~hi_mask) | ((u64)newval << hi_shift));
> + oval64 = ((oval64 & ~hi_mask) | ((u64)oldval << hi_shift));
> + } else {
> + nval64 = ((oval64 & hi_mask) | ((u64)newval << lo_shift));
> + oval64 = ((oval64 & hi_mask) | ((u64)oldval << lo_shift));
> + }
> +
> + tmp = oval64;
> +
> + if (__lsui_cmpxchg64(uaddr_al, &oval64, nval64))
> + return -EFAULT;
> +
> + if (tmp != oval64)
> + return -EAGAIN;
> +
> + *oval = oldval;
> +
> + return 0;
> +}
> +
While I see the code I couldn't erase some suspicion
because of below questions...:
1. Suppose there is structure:
struct s_test {
u32 futex;
u32 others;
};
Before CPU0 executing casalt futex, CPU1 executes the store32_rel() on
others. Then, Can CPU0 can observe the CPU1's store32_rel()
since casalt operates with &futex, but CPU1 operates with &others.
CPU0 CPU1
... store32_rel(&s_test->others);
/// can this see CPU1's modification?
casalt(..., ..., &s_test->futex);
2. Suppose there is structure:
struct s_test {
u32 others;
u32 futex;
};
Then, can below "ldtr" be reordered after casalt?
ldtr(&s_test->futex);
...
casalt(..., ..., &s_test->others);
I think the both cases can break the memory consistency unintensionaly
in the view of user...
Well, the dmb ish; could be solved the above problem before casalt,
However, It seems it's much better to return former ll/sc method...?
Thanks!
--
Sincerely,
Yeoreum Yun
© 2016 - 2025 Red Hat, Inc.