From nobody Mon Feb 9 01:46:08 2026 Received: from mail-ej1-f73.google.com (mail-ej1-f73.google.com [209.85.218.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DC8182FFF9C for ; Thu, 29 Jan 2026 00:57:08 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.218.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1769648230; cv=none; b=MY5/sOVuY8LMMsUHKHuPwL+dzBLd3M+XuYdoxhDOyHuHUB7+nxy4Oyt+c+N16giDX72rAvIvRJ9/ZLV8Yc1wOeP4Au8Xqjq5ohhqykKaT2G3Vxka4X/JRblIXXhSE+qVGYShUVlIVX20cSpoxptz0fDV3hZjq+NjsqFsPRs56gE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1769648230; c=relaxed/simple; bh=/t4AF7jnqhigQgZ2d4Fnqr4JkIMVuJcFMzzqPuGlCDA=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=unWXtMLk3qlLIFdTLlvqXRtpCgsiVPQMLlzL4UQ7XXm309VP6rQ07jw2BCfeMf4bsZD9aXfmAKCbTTTWnie/6Ulk5B9rQ/MAa78JbnVvkHPpgvBbMVamiZTVKNZ2DDfBR90N9N/0vJ0SCYocji70iHKi9DHzP+EsjF5/ki0GGOo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--elver.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=HpuI5PSs; arc=none smtp.client-ip=209.85.218.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--elver.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="HpuI5PSs" Received: by mail-ej1-f73.google.com with SMTP id a640c23a62f3a-b885979bfa9so32104266b.1 for ; Wed, 28 Jan 2026 16:57:08 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1769648227; x=1770253027; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=mEepWOxCVSc1aX29GPbB6p8VltBEKBk11LnhK9lypjY=; b=HpuI5PSs0rYDV2HjyYvQgQUHtDl2A3VUGAJ114hRV+1/0M4LXZ2v7A/hfXUWUEQ2UG vNxi+2n0PJ3Pd+VOMKG4JyR5gm2ywFPf9gt6XBhK67lVDwcstv9MKFspx9LSUKyH1PFA 53+9HQlHn3cpMl2zk9NWElAB40cVnQuAeK+fWFIaOmQH4p89B07TnADzDtIsEByFPy9W uBQRii1MYLv7Zi0G+ugK4lybBKCJZdrX7et02pvxkr4Sq22WNOi/gmJAudFr3sFL9iq7 4AAlYbaZXUwREUp34QMl6rcPIUR0jkZzS005G9DRRuWlt7oFJ/9d76VAt1lewbsQ05b3 C04Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1769648227; x=1770253027; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=mEepWOxCVSc1aX29GPbB6p8VltBEKBk11LnhK9lypjY=; b=mkKKEX98HMFgvZN5eAmT9kXPyJEGJlQTxjzXkbFGrI3SNx1SfnkwRJILvR1A2VkL3B WoHxebZGfx/17QbTq1X7p0XlqbkXDYjDnimwULQm9knRCJeAI1d3aoulT2rWYWfmNYiz NFTMOGO+50FsVkZfnuoPwbABrv8HCF3T3uLAvlEjyZc0UFSS/5s4K0TtSTjiOXLhOb+Y /UCu46HG8M1er3HnpsOhNJqTbjRizPcdZOMiy9RH6b6CfA2Kon87fWvGLMBytWGjPgbe ETEUf1/XgkwQJnbT1vsILRST1SgGpHijr8ukctoyxQRXhM4Ox3WqLz5Kt7h1hVbEEk9Q Yn6w== X-Forwarded-Encrypted: i=1; AJvYcCV9kNdO/qk8EAAZahWXf9hxtFH9XEZDqYgpa+udUA7ESFIjcf3vEEB+GZFK9QpmQsGNJQWh1QUeIHoSluU=@vger.kernel.org X-Gm-Message-State: AOJu0YyfoAWsQfGovn8VFxY15nPl6k1VU9dl5g9AFv74i6Cterqw7Lvw YSS4/6r9ZNJK8gHWR2RvMmRIo3ewd3s6JeKpZxh2/6Up8iWxtxVKJCI5BgIjwUudo/0RWGjhkU7 FFg== X-Received: from ejbdt12.prod.google.com ([2002:a17:906:b78c:b0:b87:2981:bb4b]) (user=elver job=prod-delivery.src-stubby-dispatcher) by 2002:a17:907:97d1:b0:b87:1d79:bef4 with SMTP id a640c23a62f3a-b8dab130284mr439369266b.9.1769648227185; Wed, 28 Jan 2026 16:57:07 -0800 (PST) Date: Thu, 29 Jan 2026 01:52:34 +0100 In-Reply-To: <20260129005645.747680-1-elver@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20260129005645.747680-1-elver@google.com> X-Mailer: git-send-email 2.53.0.rc1.217.geba53bf80e-goog Message-ID: <20260129005645.747680-4-elver@google.com> Subject: [PATCH v2 3/3] arm64, compiler-context-analysis: Permit alias analysis through __READ_ONCE() with CONFIG_LTO=y From: Marco Elver To: elver@google.com, Peter Zijlstra , Will Deacon Cc: Ingo Molnar , Thomas Gleixner , Boqun Feng , Waiman Long , Bart Van Assche , llvm@lists.linux.dev, Catalin Marinas , Arnd Bergmann , linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, kernel test robot Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" When enabling Clang's Context Analysis (aka. Thread Safety Analysis) on kernel/futex/core.o (see Peter's changes at [1]), in arm64 LTO builds we could see: | kernel/futex/core.c:982:1: warning: spinlock 'atomic ? __u.__val : q->loc= k_ptr' is still held at the end of function [-Wthread-safety-analysis] | 982 | } | | ^ | kernel/futex/core.c:976:2: note: spinlock acquired here | 976 | spin_lock(lock_ptr); | | ^ | kernel/futex/core.c:982:1: warning: expecting spinlock 'q->lock_ptr' to b= e held at the end of function [-Wthread-safety-analysis] | 982 | } | | ^ | kernel/futex/core.c:966:6: note: spinlock acquired here | 966 | void futex_q_lockptr_lock(struct futex_q *q) | | ^ | 2 warnings generated. Where we have: extern void futex_q_lockptr_lock(struct futex_q *q) __acquires(q->lock_ptr= ); .. void futex_q_lockptr_lock(struct futex_q *q) { spinlock_t *lock_ptr; /* * See futex_unqueue() why lock_ptr can change. */ guard(rcu)(); retry: >> lock_ptr =3D READ_ONCE(q->lock_ptr); spin_lock(lock_ptr); ... } The READ_ONCE() above is expanded to arm64's LTO __READ_ONCE(). Here, Clang Thread Safety Analysis's alias analysis resolves 'lock_ptr' to 'atomic ? __u.__val : q->lock_ptr', and considers this the identity of the context lock given it can't see through the inline assembly; however, we simply want 'q->lock_ptr' as the canonical context lock. While for code generation the compiler simplified to __u.__val for pointers (8 byte case -> atomic), TSA's analysis (a) happens much earlier on the AST, and (b) would be the wrong deduction. Now that we've gotten rid of the 'atomic' ternary comparison, we can return '__u.__val' through a pointer that we initialize with '&x', but then change with a pointer-to-pointer. When READ_ONCE()'ing a context lock pointer, TSA's alias analysis does not invalidate the initial alias when updated through the pointer-to-pointer, and we make it effectively "see through" the __READ_ONCE(). Code generation is unchanged. Link: https://lkml.kernel.org/r/20260121110704.221498346@infradead.org [1] Reported-by: kernel test robot Closes: https://lore.kernel.org/oe-kbuild-all/202601221040.TeM0ihff-lkp@int= el.com/ Cc: Peter Zijlstra Signed-off-by: Marco Elver Tested-by: Boqun Feng --- v2: * Rebase. --- arch/arm64/include/asm/rwonce.h | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/arch/arm64/include/asm/rwonce.h b/arch/arm64/include/asm/rwonc= e.h index 712de3238f9a..3a50a1d0d17e 100644 --- a/arch/arm64/include/asm/rwonce.h +++ b/arch/arm64/include/asm/rwonce.h @@ -48,8 +48,11 @@ */ #define __READ_ONCE(x) \ ({ \ - typeof(&(x)) __x =3D &(x); \ + auto __x =3D &(x); \ + auto __ret =3D (__rwonce_typeof_unqual(*__x) *)__x; \ + auto __retp =3D &__ret; \ union { __rwonce_typeof_unqual(*__x) __val; char __c[1]; } __u; \ + *__retp =3D &__u.__val; \ switch (sizeof(x)) { \ case 1: \ asm volatile(__LOAD_RCPC(b, %w0, %1) \ @@ -74,7 +77,7 @@ default: \ __u.__val =3D *(volatile typeof(*__x) *)__x; \ } \ - __u.__val; \ + *__ret; \ }) =20 #endif /* !BUILD_VDSO */ --=20 2.53.0.rc1.217.geba53bf80e-goog