About Kernel Documentation Linux Kernel Contact Linux Resources Linux Blog

Documentation / memory-barriers.txt




Custom Search

Based on kernel version 4.3. Page generated on 2015-11-02 12:50 EST.

1				 ============================
2				 LINUX KERNEL MEMORY BARRIERS
3				 ============================
4	
5	By: David Howells <dhowells@redhat.com>
6	    Paul E. McKenney <paulmck@linux.vnet.ibm.com>
7	
8	Contents:
9	
10	 (*) Abstract memory access model.
11	
12	     - Device operations.
13	     - Guarantees.
14	
15	 (*) What are memory barriers?
16	
17	     - Varieties of memory barrier.
18	     - What may not be assumed about memory barriers?
19	     - Data dependency barriers.
20	     - Control dependencies.
21	     - SMP barrier pairing.
22	     - Examples of memory barrier sequences.
23	     - Read memory barriers vs load speculation.
24	     - Transitivity
25	
26	 (*) Explicit kernel barriers.
27	
28	     - Compiler barrier.
29	     - CPU memory barriers.
30	     - MMIO write barrier.
31	
32	 (*) Implicit kernel memory barriers.
33	
34	     - Locking functions.
35	     - Interrupt disabling functions.
36	     - Sleep and wake-up functions.
37	     - Miscellaneous functions.
38	
39	 (*) Inter-CPU locking barrier effects.
40	
41	     - Locks vs memory accesses.
42	     - Locks vs I/O accesses.
43	
44	 (*) Where are memory barriers needed?
45	
46	     - Interprocessor interaction.
47	     - Atomic operations.
48	     - Accessing devices.
49	     - Interrupts.
50	
51	 (*) Kernel I/O barrier effects.
52	
53	 (*) Assumed minimum execution ordering model.
54	
55	 (*) The effects of the cpu cache.
56	
57	     - Cache coherency.
58	     - Cache coherency vs DMA.
59	     - Cache coherency vs MMIO.
60	
61	 (*) The things CPUs get up to.
62	
63	     - And then there's the Alpha.
64	
65	 (*) Example uses.
66	
67	     - Circular buffers.
68	
69	 (*) References.
70	
71	
72	============================
73	ABSTRACT MEMORY ACCESS MODEL
74	============================
75	
76	Consider the following abstract model of the system:
77	
78			            :                :
79			            :                :
80			            :                :
81			+-------+   :   +--------+   :   +-------+
82			|       |   :   |        |   :   |       |
83			|       |   :   |        |   :   |       |
84			| CPU 1 |<----->| Memory |<----->| CPU 2 |
85			|       |   :   |        |   :   |       |
86			|       |   :   |        |   :   |       |
87			+-------+   :   +--------+   :   +-------+
88			    ^       :       ^        :       ^
89			    |       :       |        :       |
90			    |       :       |        :       |
91			    |       :       v        :       |
92			    |       :   +--------+   :       |
93			    |       :   |        |   :       |
94			    |       :   |        |   :       |
95			    +---------->| Device |<----------+
96			            :   |        |   :
97			            :   |        |   :
98			            :   +--------+   :
99			            :                :
100	
101	Each CPU executes a program that generates memory access operations.  In the
102	abstract CPU, memory operation ordering is very relaxed, and a CPU may actually
103	perform the memory operations in any order it likes, provided program causality
104	appears to be maintained.  Similarly, the compiler may also arrange the
105	instructions it emits in any order it likes, provided it doesn't affect the
106	apparent operation of the program.
107	
108	So in the above diagram, the effects of the memory operations performed by a
109	CPU are perceived by the rest of the system as the operations cross the
110	interface between the CPU and rest of the system (the dotted lines).
111	
112	
113	For example, consider the following sequence of events:
114	
115		CPU 1		CPU 2
116		===============	===============
117		{ A == 1; B == 2 }
118		A = 3;		x = B;
119		B = 4;		y = A;
120	
121	The set of accesses as seen by the memory system in the middle can be arranged
122	in 24 different combinations:
123	
124		STORE A=3,	STORE B=4,	y=LOAD A->3,	x=LOAD B->4
125		STORE A=3,	STORE B=4,	x=LOAD B->4,	y=LOAD A->3
126		STORE A=3,	y=LOAD A->3,	STORE B=4,	x=LOAD B->4
127		STORE A=3,	y=LOAD A->3,	x=LOAD B->2,	STORE B=4
128		STORE A=3,	x=LOAD B->2,	STORE B=4,	y=LOAD A->3
129		STORE A=3,	x=LOAD B->2,	y=LOAD A->3,	STORE B=4
130		STORE B=4,	STORE A=3,	y=LOAD A->3,	x=LOAD B->4
131		STORE B=4, ...
132		...
133	
134	and can thus result in four different combinations of values:
135	
136		x == 2, y == 1
137		x == 2, y == 3
138		x == 4, y == 1
139		x == 4, y == 3
140	
141	
142	Furthermore, the stores committed by a CPU to the memory system may not be
143	perceived by the loads made by another CPU in the same order as the stores were
144	committed.
145	
146	
147	As a further example, consider this sequence of events:
148	
149		CPU 1		CPU 2
150		===============	===============
151		{ A == 1, B == 2, C = 3, P == &A, Q == &C }
152		B = 4;		Q = P;
153		P = &B		D = *Q;
154	
155	There is an obvious data dependency here, as the value loaded into D depends on
156	the address retrieved from P by CPU 2.  At the end of the sequence, any of the
157	following results are possible:
158	
159		(Q == &A) and (D == 1)
160		(Q == &B) and (D == 2)
161		(Q == &B) and (D == 4)
162	
163	Note that CPU 2 will never try and load C into D because the CPU will load P
164	into Q before issuing the load of *Q.
165	
166	
167	DEVICE OPERATIONS
168	-----------------
169	
170	Some devices present their control interfaces as collections of memory
171	locations, but the order in which the control registers are accessed is very
172	important.  For instance, imagine an ethernet card with a set of internal
173	registers that are accessed through an address port register (A) and a data
174	port register (D).  To read internal register 5, the following code might then
175	be used:
176	
177		*A = 5;
178		x = *D;
179	
180	but this might show up as either of the following two sequences:
181	
182		STORE *A = 5, x = LOAD *D
183		x = LOAD *D, STORE *A = 5
184	
185	the second of which will almost certainly result in a malfunction, since it set
186	the address _after_ attempting to read the register.
187	
188	
189	GUARANTEES
190	----------
191	
192	There are some minimal guarantees that may be expected of a CPU:
193	
194	 (*) On any given CPU, dependent memory accesses will be issued in order, with
195	     respect to itself.  This means that for:
196	
197		WRITE_ONCE(Q, P); smp_read_barrier_depends(); D = READ_ONCE(*Q);
198	
199	     the CPU will issue the following memory operations:
200	
201		Q = LOAD P, D = LOAD *Q
202	
203	     and always in that order.  On most systems, smp_read_barrier_depends()
204	     does nothing, but it is required for DEC Alpha.  The READ_ONCE()
205	     and WRITE_ONCE() are required to prevent compiler mischief.  Please
206	     note that you should normally use something like rcu_dereference()
207	     instead of open-coding smp_read_barrier_depends().
208	
209	 (*) Overlapping loads and stores within a particular CPU will appear to be
210	     ordered within that CPU.  This means that for:
211	
212		a = READ_ONCE(*X); WRITE_ONCE(*X, b);
213	
214	     the CPU will only issue the following sequence of memory operations:
215	
216		a = LOAD *X, STORE *X = b
217	
218	     And for:
219	
220		WRITE_ONCE(*X, c); d = READ_ONCE(*X);
221	
222	     the CPU will only issue:
223	
224		STORE *X = c, d = LOAD *X
225	
226	     (Loads and stores overlap if they are targeted at overlapping pieces of
227	     memory).
228	
229	And there are a number of things that _must_ or _must_not_ be assumed:
230	
231	 (*) It _must_not_ be assumed that the compiler will do what you want
232	     with memory references that are not protected by READ_ONCE() and
233	     WRITE_ONCE().  Without them, the compiler is within its rights to
234	     do all sorts of "creative" transformations, which are covered in
235	     the Compiler Barrier section.
236	
237	 (*) It _must_not_ be assumed that independent loads and stores will be issued
238	     in the order given.  This means that for:
239	
240		X = *A; Y = *B; *D = Z;
241	
242	     we may get any of the following sequences:
243	
244		X = LOAD *A,  Y = LOAD *B,  STORE *D = Z
245		X = LOAD *A,  STORE *D = Z, Y = LOAD *B
246		Y = LOAD *B,  X = LOAD *A,  STORE *D = Z
247		Y = LOAD *B,  STORE *D = Z, X = LOAD *A
248		STORE *D = Z, X = LOAD *A,  Y = LOAD *B
249		STORE *D = Z, Y = LOAD *B,  X = LOAD *A
250	
251	 (*) It _must_ be assumed that overlapping memory accesses may be merged or
252	     discarded.  This means that for:
253	
254		X = *A; Y = *(A + 4);
255	
256	     we may get any one of the following sequences:
257	
258		X = LOAD *A; Y = LOAD *(A + 4);
259		Y = LOAD *(A + 4); X = LOAD *A;
260		{X, Y} = LOAD {*A, *(A + 4) };
261	
262	     And for:
263	
264		*A = X; *(A + 4) = Y;
265	
266	     we may get any of:
267	
268		STORE *A = X; STORE *(A + 4) = Y;
269		STORE *(A + 4) = Y; STORE *A = X;
270		STORE {*A, *(A + 4) } = {X, Y};
271	
272	And there are anti-guarantees:
273	
274	 (*) These guarantees do not apply to bitfields, because compilers often
275	     generate code to modify these using non-atomic read-modify-write
276	     sequences.  Do not attempt to use bitfields to synchronize parallel
277	     algorithms.
278	
279	 (*) Even in cases where bitfields are protected by locks, all fields
280	     in a given bitfield must be protected by one lock.  If two fields
281	     in a given bitfield are protected by different locks, the compiler's
282	     non-atomic read-modify-write sequences can cause an update to one
283	     field to corrupt the value of an adjacent field.
284	
285	 (*) These guarantees apply only to properly aligned and sized scalar
286	     variables.  "Properly sized" currently means variables that are
287	     the same size as "char", "short", "int" and "long".  "Properly
288	     aligned" means the natural alignment, thus no constraints for
289	     "char", two-byte alignment for "short", four-byte alignment for
290	     "int", and either four-byte or eight-byte alignment for "long",
291	     on 32-bit and 64-bit systems, respectively.  Note that these
292	     guarantees were introduced into the C11 standard, so beware when
293	     using older pre-C11 compilers (for example, gcc 4.6).  The portion
294	     of the standard containing this guarantee is Section 3.14, which
295	     defines "memory location" as follows:
296	
297	     	memory location
298			either an object of scalar type, or a maximal sequence
299			of adjacent bit-fields all having nonzero width
300	
301			NOTE 1: Two threads of execution can update and access
302			separate memory locations without interfering with
303			each other.
304	
305			NOTE 2: A bit-field and an adjacent non-bit-field member
306			are in separate memory locations. The same applies
307			to two bit-fields, if one is declared inside a nested
308			structure declaration and the other is not, or if the two
309			are separated by a zero-length bit-field declaration,
310			or if they are separated by a non-bit-field member
311			declaration. It is not safe to concurrently update two
312			bit-fields in the same structure if all members declared
313			between them are also bit-fields, no matter what the
314			sizes of those intervening bit-fields happen to be.
315	
316	
317	=========================
318	WHAT ARE MEMORY BARRIERS?
319	=========================
320	
321	As can be seen above, independent memory operations are effectively performed
322	in random order, but this can be a problem for CPU-CPU interaction and for I/O.
323	What is required is some way of intervening to instruct the compiler and the
324	CPU to restrict the order.
325	
326	Memory barriers are such interventions.  They impose a perceived partial
327	ordering over the memory operations on either side of the barrier.
328	
329	Such enforcement is important because the CPUs and other devices in a system
330	can use a variety of tricks to improve performance, including reordering,
331	deferral and combination of memory operations; speculative loads; speculative
332	branch prediction and various types of caching.  Memory barriers are used to
333	override or suppress these tricks, allowing the code to sanely control the
334	interaction of multiple CPUs and/or devices.
335	
336	
337	VARIETIES OF MEMORY BARRIER
338	---------------------------
339	
340	Memory barriers come in four basic varieties:
341	
342	 (1) Write (or store) memory barriers.
343	
344	     A write memory barrier gives a guarantee that all the STORE operations
345	     specified before the barrier will appear to happen before all the STORE
346	     operations specified after the barrier with respect to the other
347	     components of the system.
348	
349	     A write barrier is a partial ordering on stores only; it is not required
350	     to have any effect on loads.
351	
352	     A CPU can be viewed as committing a sequence of store operations to the
353	     memory system as time progresses.  All stores before a write barrier will
354	     occur in the sequence _before_ all the stores after the write barrier.
355	
356	     [!] Note that write barriers should normally be paired with read or data
357	     dependency barriers; see the "SMP barrier pairing" subsection.
358	
359	
360	 (2) Data dependency barriers.
361	
362	     A data dependency barrier is a weaker form of read barrier.  In the case
363	     where two loads are performed such that the second depends on the result
364	     of the first (eg: the first load retrieves the address to which the second
365	     load will be directed), a data dependency barrier would be required to
366	     make sure that the target of the second load is updated before the address
367	     obtained by the first load is accessed.
368	
369	     A data dependency barrier is a partial ordering on interdependent loads
370	     only; it is not required to have any effect on stores, independent loads
371	     or overlapping loads.
372	
373	     As mentioned in (1), the other CPUs in the system can be viewed as
374	     committing sequences of stores to the memory system that the CPU being
375	     considered can then perceive.  A data dependency barrier issued by the CPU
376	     under consideration guarantees that for any load preceding it, if that
377	     load touches one of a sequence of stores from another CPU, then by the
378	     time the barrier completes, the effects of all the stores prior to that
379	     touched by the load will be perceptible to any loads issued after the data
380	     dependency barrier.
381	
382	     See the "Examples of memory barrier sequences" subsection for diagrams
383	     showing the ordering constraints.
384	
385	     [!] Note that the first load really has to have a _data_ dependency and
386	     not a control dependency.  If the address for the second load is dependent
387	     on the first load, but the dependency is through a conditional rather than
388	     actually loading the address itself, then it's a _control_ dependency and
389	     a full read barrier or better is required.  See the "Control dependencies"
390	     subsection for more information.
391	
392	     [!] Note that data dependency barriers should normally be paired with
393	     write barriers; see the "SMP barrier pairing" subsection.
394	
395	
396	 (3) Read (or load) memory barriers.
397	
398	     A read barrier is a data dependency barrier plus a guarantee that all the
399	     LOAD operations specified before the barrier will appear to happen before
400	     all the LOAD operations specified after the barrier with respect to the
401	     other components of the system.
402	
403	     A read barrier is a partial ordering on loads only; it is not required to
404	     have any effect on stores.
405	
406	     Read memory barriers imply data dependency barriers, and so can substitute
407	     for them.
408	
409	     [!] Note that read barriers should normally be paired with write barriers;
410	     see the "SMP barrier pairing" subsection.
411	
412	
413	 (4) General memory barriers.
414	
415	     A general memory barrier gives a guarantee that all the LOAD and STORE
416	     operations specified before the barrier will appear to happen before all
417	     the LOAD and STORE operations specified after the barrier with respect to
418	     the other components of the system.
419	
420	     A general memory barrier is a partial ordering over both loads and stores.
421	
422	     General memory barriers imply both read and write memory barriers, and so
423	     can substitute for either.
424	
425	
426	And a couple of implicit varieties:
427	
428	 (5) ACQUIRE operations.
429	
430	     This acts as a one-way permeable barrier.  It guarantees that all memory
431	     operations after the ACQUIRE operation will appear to happen after the
432	     ACQUIRE operation with respect to the other components of the system.
433	     ACQUIRE operations include LOCK operations and smp_load_acquire()
434	     operations.
435	
436	     Memory operations that occur before an ACQUIRE operation may appear to
437	     happen after it completes.
438	
439	     An ACQUIRE operation should almost always be paired with a RELEASE
440	     operation.
441	
442	
443	 (6) RELEASE operations.
444	
445	     This also acts as a one-way permeable barrier.  It guarantees that all
446	     memory operations before the RELEASE operation will appear to happen
447	     before the RELEASE operation with respect to the other components of the
448	     system. RELEASE operations include UNLOCK operations and
449	     smp_store_release() operations.
450	
451	     Memory operations that occur after a RELEASE operation may appear to
452	     happen before it completes.
453	
454	     The use of ACQUIRE and RELEASE operations generally precludes the need
455	     for other sorts of memory barrier (but note the exceptions mentioned in
456	     the subsection "MMIO write barrier").  In addition, a RELEASE+ACQUIRE
457	     pair is -not- guaranteed to act as a full memory barrier.  However, after
458	     an ACQUIRE on a given variable, all memory accesses preceding any prior
459	     RELEASE on that same variable are guaranteed to be visible.  In other
460	     words, within a given variable's critical section, all accesses of all
461	     previous critical sections for that variable are guaranteed to have
462	     completed.
463	
464	     This means that ACQUIRE acts as a minimal "acquire" operation and
465	     RELEASE acts as a minimal "release" operation.
466	
467	
468	Memory barriers are only required where there's a possibility of interaction
469	between two CPUs or between a CPU and a device.  If it can be guaranteed that
470	there won't be any such interaction in any particular piece of code, then
471	memory barriers are unnecessary in that piece of code.
472	
473	
474	Note that these are the _minimum_ guarantees.  Different architectures may give
475	more substantial guarantees, but they may _not_ be relied upon outside of arch
476	specific code.
477	
478	
479	WHAT MAY NOT BE ASSUMED ABOUT MEMORY BARRIERS?
480	----------------------------------------------
481	
482	There are certain things that the Linux kernel memory barriers do not guarantee:
483	
484	 (*) There is no guarantee that any of the memory accesses specified before a
485	     memory barrier will be _complete_ by the completion of a memory barrier
486	     instruction; the barrier can be considered to draw a line in that CPU's
487	     access queue that accesses of the appropriate type may not cross.
488	
489	 (*) There is no guarantee that issuing a memory barrier on one CPU will have
490	     any direct effect on another CPU or any other hardware in the system.  The
491	     indirect effect will be the order in which the second CPU sees the effects
492	     of the first CPU's accesses occur, but see the next point:
493	
494	 (*) There is no guarantee that a CPU will see the correct order of effects
495	     from a second CPU's accesses, even _if_ the second CPU uses a memory
496	     barrier, unless the first CPU _also_ uses a matching memory barrier (see
497	     the subsection on "SMP Barrier Pairing").
498	
499	 (*) There is no guarantee that some intervening piece of off-the-CPU
500	     hardware[*] will not reorder the memory accesses.  CPU cache coherency
501	     mechanisms should propagate the indirect effects of a memory barrier
502	     between CPUs, but might not do so in order.
503	
504		[*] For information on bus mastering DMA and coherency please read:
505	
506		    Documentation/PCI/pci.txt
507		    Documentation/DMA-API-HOWTO.txt
508		    Documentation/DMA-API.txt
509	
510	
511	DATA DEPENDENCY BARRIERS
512	------------------------
513	
514	The usage requirements of data dependency barriers are a little subtle, and
515	it's not always obvious that they're needed.  To illustrate, consider the
516	following sequence of events:
517	
518		CPU 1		      CPU 2
519		===============	      ===============
520		{ A == 1, B == 2, C = 3, P == &A, Q == &C }
521		B = 4;
522		<write barrier>
523		WRITE_ONCE(P, &B)
524				      Q = READ_ONCE(P);
525				      D = *Q;
526	
527	There's a clear data dependency here, and it would seem that by the end of the
528	sequence, Q must be either &A or &B, and that:
529	
530		(Q == &A) implies (D == 1)
531		(Q == &B) implies (D == 4)
532	
533	But!  CPU 2's perception of P may be updated _before_ its perception of B, thus
534	leading to the following situation:
535	
536		(Q == &B) and (D == 2) ????
537	
538	Whilst this may seem like a failure of coherency or causality maintenance, it
539	isn't, and this behaviour can be observed on certain real CPUs (such as the DEC
540	Alpha).
541	
542	To deal with this, a data dependency barrier or better must be inserted
543	between the address load and the data load:
544	
545		CPU 1		      CPU 2
546		===============	      ===============
547		{ A == 1, B == 2, C = 3, P == &A, Q == &C }
548		B = 4;
549		<write barrier>
550		WRITE_ONCE(P, &B);
551				      Q = READ_ONCE(P);
552				      <data dependency barrier>
553				      D = *Q;
554	
555	This enforces the occurrence of one of the two implications, and prevents the
556	third possibility from arising.
557	
558	[!] Note that this extremely counterintuitive situation arises most easily on
559	machines with split caches, so that, for example, one cache bank processes
560	even-numbered cache lines and the other bank processes odd-numbered cache
561	lines.  The pointer P might be stored in an odd-numbered cache line, and the
562	variable B might be stored in an even-numbered cache line.  Then, if the
563	even-numbered bank of the reading CPU's cache is extremely busy while the
564	odd-numbered bank is idle, one can see the new value of the pointer P (&B),
565	but the old value of the variable B (2).
566	
567	
568	Another example of where data dependency barriers might be required is where a
569	number is read from memory and then used to calculate the index for an array
570	access:
571	
572		CPU 1		      CPU 2
573		===============	      ===============
574		{ M[0] == 1, M[1] == 2, M[3] = 3, P == 0, Q == 3 }
575		M[1] = 4;
576		<write barrier>
577		WRITE_ONCE(P, 1);
578				      Q = READ_ONCE(P);
579				      <data dependency barrier>
580				      D = M[Q];
581	
582	
583	The data dependency barrier is very important to the RCU system,
584	for example.  See rcu_assign_pointer() and rcu_dereference() in
585	include/linux/rcupdate.h.  This permits the current target of an RCU'd
586	pointer to be replaced with a new modified target, without the replacement
587	target appearing to be incompletely initialised.
588	
589	See also the subsection on "Cache Coherency" for a more thorough example.
590	
591	
592	CONTROL DEPENDENCIES
593	--------------------
594	
595	A load-load control dependency requires a full read memory barrier, not
596	simply a data dependency barrier to make it work correctly.  Consider the
597	following bit of code:
598	
599		q = READ_ONCE(a);
600		if (q) {
601			<data dependency barrier>  /* BUG: No data dependency!!! */
602			p = READ_ONCE(b);
603		}
604	
605	This will not have the desired effect because there is no actual data
606	dependency, but rather a control dependency that the CPU may short-circuit
607	by attempting to predict the outcome in advance, so that other CPUs see
608	the load from b as having happened before the load from a.  In such a
609	case what's actually required is:
610	
611		q = READ_ONCE(a);
612		if (q) {
613			<read barrier>
614			p = READ_ONCE(b);
615		}
616	
617	However, stores are not speculated.  This means that ordering -is- provided
618	for load-store control dependencies, as in the following example:
619	
620		q = READ_ONCE_CTRL(a);
621		if (q) {
622			WRITE_ONCE(b, p);
623		}
624	
625	Control dependencies pair normally with other types of barriers.  That
626	said, please note that READ_ONCE_CTRL() is not optional!  Without the
627	READ_ONCE_CTRL(), the compiler might combine the load from 'a' with
628	other loads from 'a', and the store to 'b' with other stores to 'b',
629	with possible highly counterintuitive effects on ordering.
630	
631	Worse yet, if the compiler is able to prove (say) that the value of
632	variable 'a' is always non-zero, it would be well within its rights
633	to optimize the original example by eliminating the "if" statement
634	as follows:
635	
636		q = a;
637		b = p;  /* BUG: Compiler and CPU can both reorder!!! */
638	
639	Finally, the READ_ONCE_CTRL() includes an smp_read_barrier_depends()
640	that DEC Alpha needs in order to respect control depedencies.
641	
642	So don't leave out the READ_ONCE_CTRL().
643	
644	It is tempting to try to enforce ordering on identical stores on both
645	branches of the "if" statement as follows:
646	
647		q = READ_ONCE_CTRL(a);
648		if (q) {
649			barrier();
650			WRITE_ONCE(b, p);
651			do_something();
652		} else {
653			barrier();
654			WRITE_ONCE(b, p);
655			do_something_else();
656		}
657	
658	Unfortunately, current compilers will transform this as follows at high
659	optimization levels:
660	
661		q = READ_ONCE_CTRL(a);
662		barrier();
663		WRITE_ONCE(b, p);  /* BUG: No ordering vs. load from a!!! */
664		if (q) {
665			/* WRITE_ONCE(b, p); -- moved up, BUG!!! */
666			do_something();
667		} else {
668			/* WRITE_ONCE(b, p); -- moved up, BUG!!! */
669			do_something_else();
670		}
671	
672	Now there is no conditional between the load from 'a' and the store to
673	'b', which means that the CPU is within its rights to reorder them:
674	The conditional is absolutely required, and must be present in the
675	assembly code even after all compiler optimizations have been applied.
676	Therefore, if you need ordering in this example, you need explicit
677	memory barriers, for example, smp_store_release():
678	
679		q = READ_ONCE(a);
680		if (q) {
681			smp_store_release(&b, p);
682			do_something();
683		} else {
684			smp_store_release(&b, p);
685			do_something_else();
686		}
687	
688	In contrast, without explicit memory barriers, two-legged-if control
689	ordering is guaranteed only when the stores differ, for example:
690	
691		q = READ_ONCE_CTRL(a);
692		if (q) {
693			WRITE_ONCE(b, p);
694			do_something();
695		} else {
696			WRITE_ONCE(b, r);
697			do_something_else();
698		}
699	
700	The initial READ_ONCE_CTRL() is still required to prevent the compiler
701	from proving the value of 'a'.
702	
703	In addition, you need to be careful what you do with the local variable 'q',
704	otherwise the compiler might be able to guess the value and again remove
705	the needed conditional.  For example:
706	
707		q = READ_ONCE_CTRL(a);
708		if (q % MAX) {
709			WRITE_ONCE(b, p);
710			do_something();
711		} else {
712			WRITE_ONCE(b, r);
713			do_something_else();
714		}
715	
716	If MAX is defined to be 1, then the compiler knows that (q % MAX) is
717	equal to zero, in which case the compiler is within its rights to
718	transform the above code into the following:
719	
720		q = READ_ONCE_CTRL(a);
721		WRITE_ONCE(b, p);
722		do_something_else();
723	
724	Given this transformation, the CPU is not required to respect the ordering
725	between the load from variable 'a' and the store to variable 'b'.  It is
726	tempting to add a barrier(), but this does not help.  The conditional
727	is gone, and the barrier won't bring it back.  Therefore, if you are
728	relying on this ordering, you should make sure that MAX is greater than
729	one, perhaps as follows:
730	
731		q = READ_ONCE_CTRL(a);
732		BUILD_BUG_ON(MAX <= 1); /* Order load from a with store to b. */
733		if (q % MAX) {
734			WRITE_ONCE(b, p);
735			do_something();
736		} else {
737			WRITE_ONCE(b, r);
738			do_something_else();
739		}
740	
741	Please note once again that the stores to 'b' differ.  If they were
742	identical, as noted earlier, the compiler could pull this store outside
743	of the 'if' statement.
744	
745	You must also be careful not to rely too much on boolean short-circuit
746	evaluation.  Consider this example:
747	
748		q = READ_ONCE_CTRL(a);
749		if (q || 1 > 0)
750			WRITE_ONCE(b, 1);
751	
752	Because the first condition cannot fault and the second condition is
753	always true, the compiler can transform this example as following,
754	defeating control dependency:
755	
756		q = READ_ONCE_CTRL(a);
757		WRITE_ONCE(b, 1);
758	
759	This example underscores the need to ensure that the compiler cannot
760	out-guess your code.  More generally, although READ_ONCE() does force
761	the compiler to actually emit code for a given load, it does not force
762	the compiler to use the results.
763	
764	Finally, control dependencies do -not- provide transitivity.  This is
765	demonstrated by two related examples, with the initial values of
766	x and y both being zero:
767	
768		CPU 0                     CPU 1
769		=======================   =======================
770		r1 = READ_ONCE_CTRL(x);   r2 = READ_ONCE_CTRL(y);
771		if (r1 > 0)               if (r2 > 0)
772		  WRITE_ONCE(y, 1);         WRITE_ONCE(x, 1);
773	
774		assert(!(r1 == 1 && r2 == 1));
775	
776	The above two-CPU example will never trigger the assert().  However,
777	if control dependencies guaranteed transitivity (which they do not),
778	then adding the following CPU would guarantee a related assertion:
779	
780		CPU 2
781		=====================
782		WRITE_ONCE(x, 2);
783	
784		assert(!(r1 == 2 && r2 == 1 && x == 2)); /* FAILS!!! */
785	
786	But because control dependencies do -not- provide transitivity, the above
787	assertion can fail after the combined three-CPU example completes.  If you
788	need the three-CPU example to provide ordering, you will need smp_mb()
789	between the loads and stores in the CPU 0 and CPU 1 code fragments,
790	that is, just before or just after the "if" statements.  Furthermore,
791	the original two-CPU example is very fragile and should be avoided.
792	
793	These two examples are the LB and WWC litmus tests from this paper:
794	http://www.cl.cam.ac.uk/users/pes20/ppc-supplemental/test6.pdf and this
795	site: https://www.cl.cam.ac.uk/~pes20/ppcmem/index.html.
796	
797	In summary:
798	
799	  (*) Control dependencies must be headed by READ_ONCE_CTRL().
800	      Or, as a much less preferable alternative, interpose
801	      smp_read_barrier_depends() between a READ_ONCE() and the
802	      control-dependent write.
803	
804	  (*) Control dependencies can order prior loads against later stores.
805	      However, they do -not- guarantee any other sort of ordering:
806	      Not prior loads against later loads, nor prior stores against
807	      later anything.  If you need these other forms of ordering,
808	      use smp_rmb(), smp_wmb(), or, in the case of prior stores and
809	      later loads, smp_mb().
810	
811	  (*) If both legs of the "if" statement begin with identical stores
812	      to the same variable, a barrier() statement is required at the
813	      beginning of each leg of the "if" statement.
814	
815	  (*) Control dependencies require at least one run-time conditional
816	      between the prior load and the subsequent store, and this
817	      conditional must involve the prior load.  If the compiler is able
818	      to optimize the conditional away, it will have also optimized
819	      away the ordering.  Careful use of READ_ONCE_CTRL() READ_ONCE(),
820	      and WRITE_ONCE() can help to preserve the needed conditional.
821	
822	  (*) Control dependencies require that the compiler avoid reordering the
823	      dependency into nonexistence.  Careful use of READ_ONCE_CTRL()
824	      or smp_read_barrier_depends() can help to preserve your control
825	      dependency.  Please see the Compiler Barrier section for more
826	      information.
827	
828	  (*) Control dependencies pair normally with other types of barriers.
829	
830	  (*) Control dependencies do -not- provide transitivity.  If you
831	      need transitivity, use smp_mb().
832	
833	
834	SMP BARRIER PAIRING
835	-------------------
836	
837	When dealing with CPU-CPU interactions, certain types of memory barrier should
838	always be paired.  A lack of appropriate pairing is almost certainly an error.
839	
840	General barriers pair with each other, though they also pair with most
841	other types of barriers, albeit without transitivity.  An acquire barrier
842	pairs with a release barrier, but both may also pair with other barriers,
843	including of course general barriers.  A write barrier pairs with a data
844	dependency barrier, a control dependency, an acquire barrier, a release
845	barrier, a read barrier, or a general barrier.  Similarly a read barrier,
846	control dependency, or a data dependency barrier pairs with a write
847	barrier, an acquire barrier, a release barrier, or a general barrier:
848	
849		CPU 1		      CPU 2
850		===============	      ===============
851		WRITE_ONCE(a, 1);
852		<write barrier>
853		WRITE_ONCE(b, 2);     x = READ_ONCE(b);
854				      <read barrier>
855				      y = READ_ONCE(a);
856	
857	Or:
858	
859		CPU 1		      CPU 2
860		===============	      ===============================
861		a = 1;
862		<write barrier>
863		WRITE_ONCE(b, &a);    x = READ_ONCE(b);
864				      <data dependency barrier>
865				      y = *x;
866	
867	Or even:
868	
869		CPU 1		      CPU 2
870		===============	      ===============================
871		r1 = READ_ONCE(y);
872		<general barrier>
873		WRITE_ONCE(y, 1);     if (r2 = READ_ONCE(x)) {
874				         <implicit control dependency>
875				         WRITE_ONCE(y, 1);
876				      }
877	
878		assert(r1 == 0 || r2 == 0);
879	
880	Basically, the read barrier always has to be there, even though it can be of
881	the "weaker" type.
882	
883	[!] Note that the stores before the write barrier would normally be expected to
884	match the loads after the read barrier or the data dependency barrier, and vice
885	versa:
886	
887		CPU 1                               CPU 2
888		===================                 ===================
889		WRITE_ONCE(a, 1);    }----   --->{  v = READ_ONCE(c);
890		WRITE_ONCE(b, 2);    }    \ /    {  w = READ_ONCE(d);
891		<write barrier>            \        <read barrier>
892		WRITE_ONCE(c, 3);    }    / \    {  x = READ_ONCE(a);
893		WRITE_ONCE(d, 4);    }----   --->{  y = READ_ONCE(b);
894	
895	
896	EXAMPLES OF MEMORY BARRIER SEQUENCES
897	------------------------------------
898	
899	Firstly, write barriers act as partial orderings on store operations.
900	Consider the following sequence of events:
901	
902		CPU 1
903		=======================
904		STORE A = 1
905		STORE B = 2
906		STORE C = 3
907		<write barrier>
908		STORE D = 4
909		STORE E = 5
910	
911	This sequence of events is committed to the memory coherence system in an order
912	that the rest of the system might perceive as the unordered set of { STORE A,
913	STORE B, STORE C } all occurring before the unordered set of { STORE D, STORE E
914	}:
915	
916		+-------+       :      :
917		|       |       +------+
918		|       |------>| C=3  |     }     /\
919		|       |  :    +------+     }-----  \  -----> Events perceptible to
920		|       |  :    | A=1  |     }        \/       the rest of the system
921		|       |  :    +------+     }
922		| CPU 1 |  :    | B=2  |     }
923		|       |       +------+     }
924		|       |   wwwwwwwwwwwwwwww }   <--- At this point the write barrier
925		|       |       +------+     }        requires all stores prior to the
926		|       |  :    | E=5  |     }        barrier to be committed before
927		|       |  :    +------+     }        further stores may take place
928		|       |------>| D=4  |     }
929		|       |       +------+
930		+-------+       :      :
931		                   |
932		                   | Sequence in which stores are committed to the
933		                   | memory system by CPU 1
934		                   V
935	
936	
937	Secondly, data dependency barriers act as partial orderings on data-dependent
938	loads.  Consider the following sequence of events:
939	
940		CPU 1			CPU 2
941		=======================	=======================
942			{ B = 7; X = 9; Y = 8; C = &Y }
943		STORE A = 1
944		STORE B = 2
945		<write barrier>
946		STORE C = &B		LOAD X
947		STORE D = 4		LOAD C (gets &B)
948					LOAD *C (reads B)
949	
950	Without intervention, CPU 2 may perceive the events on CPU 1 in some
951	effectively random order, despite the write barrier issued by CPU 1:
952	
953		+-------+       :      :                :       :
954		|       |       +------+                +-------+  | Sequence of update
955		|       |------>| B=2  |-----       --->| Y->8  |  | of perception on
956		|       |  :    +------+     \          +-------+  | CPU 2
957		| CPU 1 |  :    | A=1  |      \     --->| C->&Y |  V
958		|       |       +------+       |        +-------+
959		|       |   wwwwwwwwwwwwwwww   |        :       :
960		|       |       +------+       |        :       :
961		|       |  :    | C=&B |---    |        :       :       +-------+
962		|       |  :    +------+   \   |        +-------+       |       |
963		|       |------>| D=4  |    ----------->| C->&B |------>|       |
964		|       |       +------+       |        +-------+       |       |
965		+-------+       :      :       |        :       :       |       |
966		                               |        :       :       |       |
967		                               |        :       :       | CPU 2 |
968		                               |        +-------+       |       |
969		    Apparently incorrect --->  |        | B->7  |------>|       |
970		    perception of B (!)        |        +-------+       |       |
971		                               |        :       :       |       |
972		                               |        +-------+       |       |
973		    The load of X holds --->    \       | X->9  |------>|       |
974		    up the maintenance           \      +-------+       |       |
975		    of coherence of B             ----->| B->2  |       +-------+
976		                                        +-------+
977		                                        :       :
978	
979	
980	In the above example, CPU 2 perceives that B is 7, despite the load of *C
981	(which would be B) coming after the LOAD of C.
982	
983	If, however, a data dependency barrier were to be placed between the load of C
984	and the load of *C (ie: B) on CPU 2:
985	
986		CPU 1			CPU 2
987		=======================	=======================
988			{ B = 7; X = 9; Y = 8; C = &Y }
989		STORE A = 1
990		STORE B = 2
991		<write barrier>
992		STORE C = &B		LOAD X
993		STORE D = 4		LOAD C (gets &B)
994					<data dependency barrier>
995					LOAD *C (reads B)
996	
997	then the following will occur:
998	
999		+-------+       :      :                :       :
1000		|       |       +------+                +-------+
1001		|       |------>| B=2  |-----       --->| Y->8  |
1002		|       |  :    +------+     \          +-------+
1003		| CPU 1 |  :    | A=1  |      \     --->| C->&Y |
1004		|       |       +------+       |        +-------+
1005		|       |   wwwwwwwwwwwwwwww   |        :       :
1006		|       |       +------+       |        :       :
1007		|       |  :    | C=&B |---    |        :       :       +-------+
1008		|       |  :    +------+   \   |        +-------+       |       |
1009		|       |------>| D=4  |    ----------->| C->&B |------>|       |
1010		|       |       +------+       |        +-------+       |       |
1011		+-------+       :      :       |        :       :       |       |
1012		                               |        :       :       |       |
1013		                               |        :       :       | CPU 2 |
1014		                               |        +-------+       |       |
1015		                               |        | X->9  |------>|       |
1016		                               |        +-------+       |       |
1017		  Makes sure all effects --->   \   ddddddddddddddddd   |       |
1018		  prior to the store of C        \      +-------+       |       |
1019		  are perceptible to              ----->| B->2  |------>|       |
1020		  subsequent loads                      +-------+       |       |
1021		                                        :       :       +-------+
1022	
1023	
1024	And thirdly, a read barrier acts as a partial order on loads.  Consider the
1025	following sequence of events:
1026	
1027		CPU 1			CPU 2
1028		=======================	=======================
1029			{ A = 0, B = 9 }
1030		STORE A=1
1031		<write barrier>
1032		STORE B=2
1033					LOAD B
1034					LOAD A
1035	
1036	Without intervention, CPU 2 may then choose to perceive the events on CPU 1 in
1037	some effectively random order, despite the write barrier issued by CPU 1:
1038	
1039		+-------+       :      :                :       :
1040		|       |       +------+                +-------+
1041		|       |------>| A=1  |------      --->| A->0  |
1042		|       |       +------+      \         +-------+
1043		| CPU 1 |   wwwwwwwwwwwwwwww   \    --->| B->9  |
1044		|       |       +------+        |       +-------+
1045		|       |------>| B=2  |---     |       :       :
1046		|       |       +------+   \    |       :       :       +-------+
1047		+-------+       :      :    \   |       +-------+       |       |
1048		                             ---------->| B->2  |------>|       |
1049		                                |       +-------+       | CPU 2 |
1050		                                |       | A->0  |------>|       |
1051		                                |       +-------+       |       |
1052		                                |       :       :       +-------+
1053		                                 \      :       :
1054		                                  \     +-------+
1055		                                   ---->| A->1  |
1056		                                        +-------+
1057		                                        :       :
1058	
1059	
1060	If, however, a read barrier were to be placed between the load of B and the
1061	load of A on CPU 2:
1062	
1063		CPU 1			CPU 2
1064		=======================	=======================
1065			{ A = 0, B = 9 }
1066		STORE A=1
1067		<write barrier>
1068		STORE B=2
1069					LOAD B
1070					<read barrier>
1071					LOAD A
1072	
1073	then the partial ordering imposed by CPU 1 will be perceived correctly by CPU
1074	2:
1075	
1076		+-------+       :      :                :       :
1077		|       |       +------+                +-------+
1078		|       |------>| A=1  |------      --->| A->0  |
1079		|       |       +------+      \         +-------+
1080		| CPU 1 |   wwwwwwwwwwwwwwww   \    --->| B->9  |
1081		|       |       +------+        |       +-------+
1082		|       |------>| B=2  |---     |       :       :
1083		|       |       +------+   \    |       :       :       +-------+
1084		+-------+       :      :    \   |       +-------+       |       |
1085		                             ---------->| B->2  |------>|       |
1086		                                |       +-------+       | CPU 2 |
1087		                                |       :       :       |       |
1088		                                |       :       :       |       |
1089		  At this point the read ---->   \  rrrrrrrrrrrrrrrrr   |       |
1090		  barrier causes all effects      \     +-------+       |       |
1091		  prior to the storage of B        ---->| A->1  |------>|       |
1092		  to be perceptible to CPU 2            +-------+       |       |
1093		                                        :       :       +-------+
1094	
1095	
1096	To illustrate this more completely, consider what could happen if the code
1097	contained a load of A either side of the read barrier:
1098	
1099		CPU 1			CPU 2
1100		=======================	=======================
1101			{ A = 0, B = 9 }
1102		STORE A=1
1103		<write barrier>
1104		STORE B=2
1105					LOAD B
1106					LOAD A [first load of A]
1107					<read barrier>
1108					LOAD A [second load of A]
1109	
1110	Even though the two loads of A both occur after the load of B, they may both
1111	come up with different values:
1112	
1113		+-------+       :      :                :       :
1114		|       |       +------+                +-------+
1115		|       |------>| A=1  |------      --->| A->0  |
1116		|       |       +------+      \         +-------+
1117		| CPU 1 |   wwwwwwwwwwwwwwww   \    --->| B->9  |
1118		|       |       +------+        |       +-------+
1119		|       |------>| B=2  |---     |       :       :
1120		|       |       +------+   \    |       :       :       +-------+
1121		+-------+       :      :    \   |       +-------+       |       |
1122		                             ---------->| B->2  |------>|       |
1123		                                |       +-------+       | CPU 2 |
1124		                                |       :       :       |       |
1125		                                |       :       :       |       |
1126		                                |       +-------+       |       |
1127		                                |       | A->0  |------>| 1st   |
1128		                                |       +-------+       |       |
1129		  At this point the read ---->   \  rrrrrrrrrrrrrrrrr   |       |
1130		  barrier causes all effects      \     +-------+       |       |
1131		  prior to the storage of B        ---->| A->1  |------>| 2nd   |
1132		  to be perceptible to CPU 2            +-------+       |       |
1133		                                        :       :       +-------+
1134	
1135	
1136	But it may be that the update to A from CPU 1 becomes perceptible to CPU 2
1137	before the read barrier completes anyway:
1138	
1139		+-------+       :      :                :       :
1140		|       |       +------+                +-------+
1141		|       |------>| A=1  |------      --->| A->0  |
1142		|       |       +------+      \         +-------+
1143		| CPU 1 |   wwwwwwwwwwwwwwww   \    --->| B->9  |
1144		|       |       +------+        |       +-------+
1145		|       |------>| B=2  |---     |       :       :
1146		|       |       +------+   \    |       :       :       +-------+
1147		+-------+       :      :    \   |       +-------+       |       |
1148		                             ---------->| B->2  |------>|       |
1149		                                |       +-------+       | CPU 2 |
1150		                                |       :       :       |       |
1151		                                 \      :       :       |       |
1152		                                  \     +-------+       |       |
1153		                                   ---->| A->1  |------>| 1st   |
1154		                                        +-------+       |       |
1155		                                    rrrrrrrrrrrrrrrrr   |       |
1156		                                        +-------+       |       |
1157		                                        | A->1  |------>| 2nd   |
1158		                                        +-------+       |       |
1159		                                        :       :       +-------+
1160	
1161	
1162	The guarantee is that the second load will always come up with A == 1 if the
1163	load of B came up with B == 2.  No such guarantee exists for the first load of
1164	A; that may come up with either A == 0 or A == 1.
1165	
1166	
1167	READ MEMORY BARRIERS VS LOAD SPECULATION
1168	----------------------------------------
1169	
1170	Many CPUs speculate with loads: that is they see that they will need to load an
1171	item from memory, and they find a time where they're not using the bus for any
1172	other loads, and so do the load in advance - even though they haven't actually
1173	got to that point in the instruction execution flow yet.  This permits the
1174	actual load instruction to potentially complete immediately because the CPU
1175	already has the value to hand.
1176	
1177	It may turn out that the CPU didn't actually need the value - perhaps because a
1178	branch circumvented the load - in which case it can discard the value or just
1179	cache it for later use.
1180	
1181	Consider:
1182	
1183		CPU 1			CPU 2
1184		=======================	=======================
1185					LOAD B
1186					DIVIDE		} Divide instructions generally
1187					DIVIDE		} take a long time to perform
1188					LOAD A
1189	
1190	Which might appear as this:
1191	
1192		                                        :       :       +-------+
1193		                                        +-------+       |       |
1194		                                    --->| B->2  |------>|       |
1195		                                        +-------+       | CPU 2 |
1196		                                        :       :DIVIDE |       |
1197		                                        +-------+       |       |
1198		The CPU being busy doing a --->     --->| A->0  |~~~~   |       |
1199		division speculates on the              +-------+   ~   |       |
1200		LOAD of A                               :       :   ~   |       |
1201		                                        :       :DIVIDE |       |
1202		                                        :       :   ~   |       |
1203		Once the divisions are complete -->     :       :   ~-->|       |
1204		the CPU can then perform the            :       :       |       |
1205		LOAD with immediate effect              :       :       +-------+
1206	
1207	
1208	Placing a read barrier or a data dependency barrier just before the second
1209	load:
1210	
1211		CPU 1			CPU 2
1212		=======================	=======================
1213					LOAD B
1214					DIVIDE
1215					DIVIDE
1216					<read barrier>
1217					LOAD A
1218	
1219	will force any value speculatively obtained to be reconsidered to an extent
1220	dependent on the type of barrier used.  If there was no change made to the
1221	speculated memory location, then the speculated value will just be used:
1222	
1223		                                        :       :       +-------+
1224		                                        +-------+       |       |
1225		                                    --->| B->2  |------>|       |
1226		                                        +-------+       | CPU 2 |
1227		                                        :       :DIVIDE |       |
1228		                                        +-------+       |       |
1229		The CPU being busy doing a --->     --->| A->0  |~~~~   |       |
1230		division speculates on the              +-------+   ~   |       |
1231		LOAD of A                               :       :   ~   |       |
1232		                                        :       :DIVIDE |       |
1233		                                        :       :   ~   |       |
1234		                                        :       :   ~   |       |
1235		                                    rrrrrrrrrrrrrrrr~   |       |
1236		                                        :       :   ~   |       |
1237		                                        :       :   ~-->|       |
1238		                                        :       :       |       |
1239		                                        :       :       +-------+
1240	
1241	
1242	but if there was an update or an invalidation from another CPU pending, then
1243	the speculation will be cancelled and the value reloaded:
1244	
1245		                                        :       :       +-------+
1246		                                        +-------+       |       |
1247		                                    --->| B->2  |------>|       |
1248		                                        +-------+       | CPU 2 |
1249		                                        :       :DIVIDE |       |
1250		                                        +-------+       |       |
1251		The CPU being busy doing a --->     --->| A->0  |~~~~   |       |
1252		division speculates on the              +-------+   ~   |       |
1253		LOAD of A                               :       :   ~   |       |
1254		                                        :       :DIVIDE |       |
1255		                                        :       :   ~   |       |
1256		                                        :       :   ~   |       |
1257		                                    rrrrrrrrrrrrrrrrr   |       |
1258		                                        +-------+       |       |
1259		The speculation is discarded --->   --->| A->1  |------>|       |
1260		and an updated value is                 +-------+       |       |
1261		retrieved                               :       :       +-------+
1262	
1263	
1264	TRANSITIVITY
1265	------------
1266	
1267	Transitivity is a deeply intuitive notion about ordering that is not
1268	always provided by real computer systems.  The following example
1269	demonstrates transitivity (also called "cumulativity"):
1270	
1271		CPU 1			CPU 2			CPU 3
1272		=======================	=======================	=======================
1273			{ X = 0, Y = 0 }
1274		STORE X=1		LOAD X			STORE Y=1
1275					<general barrier>	<general barrier>
1276					LOAD Y			LOAD X
1277	
1278	Suppose that CPU 2's load from X returns 1 and its load from Y returns 0.
1279	This indicates that CPU 2's load from X in some sense follows CPU 1's
1280	store to X and that CPU 2's load from Y in some sense preceded CPU 3's
1281	store to Y.  The question is then "Can CPU 3's load from X return 0?"
1282	
1283	Because CPU 2's load from X in some sense came after CPU 1's store, it
1284	is natural to expect that CPU 3's load from X must therefore return 1.
1285	This expectation is an example of transitivity: if a load executing on
1286	CPU A follows a load from the same variable executing on CPU B, then
1287	CPU A's load must either return the same value that CPU B's load did,
1288	or must return some later value.
1289	
1290	In the Linux kernel, use of general memory barriers guarantees
1291	transitivity.  Therefore, in the above example, if CPU 2's load from X
1292	returns 1 and its load from Y returns 0, then CPU 3's load from X must
1293	also return 1.
1294	
1295	However, transitivity is -not- guaranteed for read or write barriers.
1296	For example, suppose that CPU 2's general barrier in the above example
1297	is changed to a read barrier as shown below:
1298	
1299		CPU 1			CPU 2			CPU 3
1300		=======================	=======================	=======================
1301			{ X = 0, Y = 0 }
1302		STORE X=1		LOAD X			STORE Y=1
1303					<read barrier>		<general barrier>
1304					LOAD Y			LOAD X
1305	
1306	This substitution destroys transitivity: in this example, it is perfectly
1307	legal for CPU 2's load from X to return 1, its load from Y to return 0,
1308	and CPU 3's load from X to return 0.
1309	
1310	The key point is that although CPU 2's read barrier orders its pair
1311	of loads, it does not guarantee to order CPU 1's store.  Therefore, if
1312	this example runs on a system where CPUs 1 and 2 share a store buffer
1313	or a level of cache, CPU 2 might have early access to CPU 1's writes.
1314	General barriers are therefore required to ensure that all CPUs agree
1315	on the combined order of CPU 1's and CPU 2's accesses.
1316	
1317	To reiterate, if your code requires transitivity, use general barriers
1318	throughout.
1319	
1320	
1321	========================
1322	EXPLICIT KERNEL BARRIERS
1323	========================
1324	
1325	The Linux kernel has a variety of different barriers that act at different
1326	levels:
1327	
1328	  (*) Compiler barrier.
1329	
1330	  (*) CPU memory barriers.
1331	
1332	  (*) MMIO write barrier.
1333	
1334	
1335	COMPILER BARRIER
1336	----------------
1337	
1338	The Linux kernel has an explicit compiler barrier function that prevents the
1339	compiler from moving the memory accesses either side of it to the other side:
1340	
1341		barrier();
1342	
1343	This is a general barrier -- there are no read-read or write-write
1344	variants of barrier().  However, READ_ONCE() and WRITE_ONCE() can be
1345	thought of as weak forms of barrier() that affect only the specific
1346	accesses flagged by the READ_ONCE() or WRITE_ONCE().
1347	
1348	The barrier() function has the following effects:
1349	
1350	 (*) Prevents the compiler from reordering accesses following the
1351	     barrier() to precede any accesses preceding the barrier().
1352	     One example use for this property is to ease communication between
1353	     interrupt-handler code and the code that was interrupted.
1354	
1355	 (*) Within a loop, forces the compiler to load the variables used
1356	     in that loop's conditional on each pass through that loop.
1357	
1358	The READ_ONCE() and WRITE_ONCE() functions can prevent any number of
1359	optimizations that, while perfectly safe in single-threaded code, can
1360	be fatal in concurrent code.  Here are some examples of these sorts
1361	of optimizations:
1362	
1363	 (*) The compiler is within its rights to reorder loads and stores
1364	     to the same variable, and in some cases, the CPU is within its
1365	     rights to reorder loads to the same variable.  This means that
1366	     the following code:
1367	
1368		a[0] = x;
1369		a[1] = x;
1370	
1371	     Might result in an older value of x stored in a[1] than in a[0].
1372	     Prevent both the compiler and the CPU from doing this as follows:
1373	
1374		a[0] = READ_ONCE(x);
1375		a[1] = READ_ONCE(x);
1376	
1377	     In short, READ_ONCE() and WRITE_ONCE() provide cache coherence for
1378	     accesses from multiple CPUs to a single variable.
1379	
1380	 (*) The compiler is within its rights to merge successive loads from
1381	     the same variable.  Such merging can cause the compiler to "optimize"
1382	     the following code:
1383	
1384		while (tmp = a)
1385			do_something_with(tmp);
1386	
1387	     into the following code, which, although in some sense legitimate
1388	     for single-threaded code, is almost certainly not what the developer
1389	     intended:
1390	
1391		if (tmp = a)
1392			for (;;)
1393				do_something_with(tmp);
1394	
1395	     Use READ_ONCE() to prevent the compiler from doing this to you:
1396	
1397		while (tmp = READ_ONCE(a))
1398			do_something_with(tmp);
1399	
1400	 (*) The compiler is within its rights to reload a variable, for example,
1401	     in cases where high register pressure prevents the compiler from
1402	     keeping all data of interest in registers.  The compiler might
1403	     therefore optimize the variable 'tmp' out of our previous example:
1404	
1405		while (tmp = a)
1406			do_something_with(tmp);
1407	
1408	     This could result in the following code, which is perfectly safe in
1409	     single-threaded code, but can be fatal in concurrent code:
1410	
1411		while (a)
1412			do_something_with(a);
1413	
1414	     For example, the optimized version of this code could result in
1415	     passing a zero to do_something_with() in the case where the variable
1416	     a was modified by some other CPU between the "while" statement and
1417	     the call to do_something_with().
1418	
1419	     Again, use READ_ONCE() to prevent the compiler from doing this:
1420	
1421		while (tmp = READ_ONCE(a))
1422			do_something_with(tmp);
1423	
1424	     Note that if the compiler runs short of registers, it might save
1425	     tmp onto the stack.  The overhead of this saving and later restoring
1426	     is why compilers reload variables.  Doing so is perfectly safe for
1427	     single-threaded code, so you need to tell the compiler about cases
1428	     where it is not safe.
1429	
1430	 (*) The compiler is within its rights to omit a load entirely if it knows
1431	     what the value will be.  For example, if the compiler can prove that
1432	     the value of variable 'a' is always zero, it can optimize this code:
1433	
1434		while (tmp = a)
1435			do_something_with(tmp);
1436	
1437	     Into this:
1438	
1439		do { } while (0);
1440	
1441	     This transformation is a win for single-threaded code because it
1442	     gets rid of a load and a branch.  The problem is that the compiler
1443	     will carry out its proof assuming that the current CPU is the only
1444	     one updating variable 'a'.  If variable 'a' is shared, then the
1445	     compiler's proof will be erroneous.  Use READ_ONCE() to tell the
1446	     compiler that it doesn't know as much as it thinks it does:
1447	
1448		while (tmp = READ_ONCE(a))
1449			do_something_with(tmp);
1450	
1451	     But please note that the compiler is also closely watching what you
1452	     do with the value after the READ_ONCE().  For example, suppose you
1453	     do the following and MAX is a preprocessor macro with the value 1:
1454	
1455		while ((tmp = READ_ONCE(a)) % MAX)
1456			do_something_with(tmp);
1457	
1458	     Then the compiler knows that the result of the "%" operator applied
1459	     to MAX will always be zero, again allowing the compiler to optimize
1460	     the code into near-nonexistence.  (It will still load from the
1461	     variable 'a'.)
1462	
1463	 (*) Similarly, the compiler is within its rights to omit a store entirely
1464	     if it knows that the variable already has the value being stored.
1465	     Again, the compiler assumes that the current CPU is the only one
1466	     storing into the variable, which can cause the compiler to do the
1467	     wrong thing for shared variables.  For example, suppose you have
1468	     the following:
1469	
1470		a = 0;
1471		/* Code that does not store to variable a. */
1472		a = 0;
1473	
1474	     The compiler sees that the value of variable 'a' is already zero, so
1475	     it might well omit the second store.  This would come as a fatal
1476	     surprise if some other CPU might have stored to variable 'a' in the
1477	     meantime.
1478	
1479	     Use WRITE_ONCE() to prevent the compiler from making this sort of
1480	     wrong guess:
1481	
1482		WRITE_ONCE(a, 0);
1483		/* Code that does not store to variable a. */
1484		WRITE_ONCE(a, 0);
1485	
1486	 (*) The compiler is within its rights to reorder memory accesses unless
1487	     you tell it not to.  For example, consider the following interaction
1488	     between process-level code and an interrupt handler:
1489	
1490		void process_level(void)
1491		{
1492			msg = get_message();
1493			flag = true;
1494		}
1495	
1496		void interrupt_handler(void)
1497		{
1498			if (flag)
1499				process_message(msg);
1500		}
1501	
1502	     There is nothing to prevent the compiler from transforming
1503	     process_level() to the following, in fact, this might well be a
1504	     win for single-threaded code:
1505	
1506		void process_level(void)
1507		{
1508			flag = true;
1509			msg = get_message();
1510		}
1511	
1512	     If the interrupt occurs between these two statement, then
1513	     interrupt_handler() might be passed a garbled msg.  Use WRITE_ONCE()
1514	     to prevent this as follows:
1515	
1516		void process_level(void)
1517		{
1518			WRITE_ONCE(msg, get_message());
1519			WRITE_ONCE(flag, true);
1520		}
1521	
1522		void interrupt_handler(void)
1523		{
1524			if (READ_ONCE(flag))
1525				process_message(READ_ONCE(msg));
1526		}
1527	
1528	     Note that the READ_ONCE() and WRITE_ONCE() wrappers in
1529	     interrupt_handler() are needed if this interrupt handler can itself
1530	     be interrupted by something that also accesses 'flag' and 'msg',
1531	     for example, a nested interrupt or an NMI.  Otherwise, READ_ONCE()
1532	     and WRITE_ONCE() are not needed in interrupt_handler() other than
1533	     for documentation purposes.  (Note also that nested interrupts
1534	     do not typically occur in modern Linux kernels, in fact, if an
1535	     interrupt handler returns with interrupts enabled, you will get a
1536	     WARN_ONCE() splat.)
1537	
1538	     You should assume that the compiler can move READ_ONCE() and
1539	     WRITE_ONCE() past code not containing READ_ONCE(), WRITE_ONCE(),
1540	     barrier(), or similar primitives.
1541	
1542	     This effect could also be achieved using barrier(), but READ_ONCE()
1543	     and WRITE_ONCE() are more selective:  With READ_ONCE() and
1544	     WRITE_ONCE(), the compiler need only forget the contents of the
1545	     indicated memory locations, while with barrier() the compiler must
1546	     discard the value of all memory locations that it has currented
1547	     cached in any machine registers.  Of course, the compiler must also
1548	     respect the order in which the READ_ONCE()s and WRITE_ONCE()s occur,
1549	     though the CPU of course need not do so.
1550	
1551	 (*) The compiler is within its rights to invent stores to a variable,
1552	     as in the following example:
1553	
1554		if (a)
1555			b = a;
1556		else
1557			b = 42;
1558	
1559	     The compiler might save a branch by optimizing this as follows:
1560	
1561		b = 42;
1562		if (a)
1563			b = a;
1564	
1565	     In single-threaded code, this is not only safe, but also saves
1566	     a branch.  Unfortunately, in concurrent code, this optimization
1567	     could cause some other CPU to see a spurious value of 42 -- even
1568	     if variable 'a' was never zero -- when loading variable 'b'.
1569	     Use WRITE_ONCE() to prevent this as follows:
1570	
1571		if (a)
1572			WRITE_ONCE(b, a);
1573		else
1574			WRITE_ONCE(b, 42);
1575	
1576	     The compiler can also invent loads.  These are usually less
1577	     damaging, but they can result in cache-line bouncing and thus in
1578	     poor performance and scalability.  Use READ_ONCE() to prevent
1579	     invented loads.
1580	
1581	 (*) For aligned memory locations whose size allows them to be accessed
1582	     with a single memory-reference instruction, prevents "load tearing"
1583	     and "store tearing," in which a single large access is replaced by
1584	     multiple smaller accesses.  For example, given an architecture having
1585	     16-bit store instructions with 7-bit immediate fields, the compiler
1586	     might be tempted to use two 16-bit store-immediate instructions to
1587	     implement the following 32-bit store:
1588	
1589		p = 0x00010002;
1590	
1591	     Please note that GCC really does use this sort of optimization,
1592	     which is not surprising given that it would likely take more
1593	     than two instructions to build the constant and then store it.
1594	     This optimization can therefore be a win in single-threaded code.
1595	     In fact, a recent bug (since fixed) caused GCC to incorrectly use
1596	     this optimization in a volatile store.  In the absence of such bugs,
1597	     use of WRITE_ONCE() prevents store tearing in the following example:
1598	
1599		WRITE_ONCE(p, 0x00010002);
1600	
1601	     Use of packed structures can also result in load and store tearing,
1602	     as in this example:
1603	
1604		struct __attribute__((__packed__)) foo {
1605			short a;
1606			int b;
1607			short c;
1608		};
1609		struct foo foo1, foo2;
1610		...
1611	
1612		foo2.a = foo1.a;
1613		foo2.b = foo1.b;
1614		foo2.c = foo1.c;
1615	
1616	     Because there are no READ_ONCE() or WRITE_ONCE() wrappers and no
1617	     volatile markings, the compiler would be well within its rights to
1618	     implement these three assignment statements as a pair of 32-bit
1619	     loads followed by a pair of 32-bit stores.  This would result in
1620	     load tearing on 'foo1.b' and store tearing on 'foo2.b'.  READ_ONCE()
1621	     and WRITE_ONCE() again prevent tearing in this example:
1622	
1623		foo2.a = foo1.a;
1624		WRITE_ONCE(foo2.b, READ_ONCE(foo1.b));
1625		foo2.c = foo1.c;
1626	
1627	All that aside, it is never necessary to use READ_ONCE() and
1628	WRITE_ONCE() on a variable that has been marked volatile.  For example,
1629	because 'jiffies' is marked volatile, it is never necessary to
1630	say READ_ONCE(jiffies).  The reason for this is that READ_ONCE() and
1631	WRITE_ONCE() are implemented as volatile casts, which has no effect when
1632	its argument is already marked volatile.
1633	
1634	Please note that these compiler barriers have no direct effect on the CPU,
1635	which may then reorder things however it wishes.
1636	
1637	
1638	CPU MEMORY BARRIERS
1639	-------------------
1640	
1641	The Linux kernel has eight basic CPU memory barriers:
1642	
1643		TYPE		MANDATORY		SMP CONDITIONAL
1644		===============	=======================	===========================
1645		GENERAL		mb()			smp_mb()
1646		WRITE		wmb()			smp_wmb()
1647		READ		rmb()			smp_rmb()
1648		DATA DEPENDENCY	read_barrier_depends()	smp_read_barrier_depends()
1649	
1650	
1651	All memory barriers except the data dependency barriers imply a compiler
1652	barrier. Data dependencies do not impose any additional compiler ordering.
1653	
1654	Aside: In the case of data dependencies, the compiler would be expected
1655	to issue the loads in the correct order (eg. `a[b]` would have to load
1656	the value of b before loading a[b]), however there is no guarantee in
1657	the C specification that the compiler may not speculate the value of b
1658	(eg. is equal to 1) and load a before b (eg. tmp = a[1]; if (b != 1)
1659	tmp = a[b]; ). There is also the problem of a compiler reloading b after
1660	having loaded a[b], thus having a newer copy of b than a[b]. A consensus
1661	has not yet been reached about these problems, however the READ_ONCE()
1662	macro is a good place to start looking.
1663	
1664	SMP memory barriers are reduced to compiler barriers on uniprocessor compiled
1665	systems because it is assumed that a CPU will appear to be self-consistent,
1666	and will order overlapping accesses correctly with respect to itself.
1667	
1668	[!] Note that SMP memory barriers _must_ be used to control the ordering of
1669	references to shared memory on SMP systems, though the use of locking instead
1670	is sufficient.
1671	
1672	Mandatory barriers should not be used to control SMP effects, since mandatory
1673	barriers unnecessarily impose overhead on UP systems. They may, however, be
1674	used to control MMIO effects on accesses through relaxed memory I/O windows.
1675	These are required even on non-SMP systems as they affect the order in which
1676	memory operations appear to a device by prohibiting both the compiler and the
1677	CPU from reordering them.
1678	
1679	
1680	There are some more advanced barrier functions:
1681	
1682	 (*) smp_store_mb(var, value)
1683	
1684	     This assigns the value to the variable and then inserts a full memory
1685	     barrier after it, depending on the function.  It isn't guaranteed to
1686	     insert anything more than a compiler barrier in a UP compilation.
1687	
1688	
1689	 (*) smp_mb__before_atomic();
1690	 (*) smp_mb__after_atomic();
1691	
1692	     These are for use with atomic (such as add, subtract, increment and
1693	     decrement) functions that don't return a value, especially when used for
1694	     reference counting.  These functions do not imply memory barriers.
1695	
1696	     These are also used for atomic bitop functions that do not return a
1697	     value (such as set_bit and clear_bit).
1698	
1699	     As an example, consider a piece of code that marks an object as being dead
1700	     and then decrements the object's reference count:
1701	
1702		obj->dead = 1;
1703		smp_mb__before_atomic();
1704		atomic_dec(&obj->ref_count);
1705	
1706	     This makes sure that the death mark on the object is perceived to be set
1707	     *before* the reference counter is decremented.
1708	
1709	     See Documentation/atomic_ops.txt for more information.  See the "Atomic
1710	     operations" subsection for information on where to use these.
1711	
1712	
1713	 (*) dma_wmb();
1714	 (*) dma_rmb();
1715	
1716	     These are for use with consistent memory to guarantee the ordering
1717	     of writes or reads of shared memory accessible to both the CPU and a
1718	     DMA capable device.
1719	
1720	     For example, consider a device driver that shares memory with a device
1721	     and uses a descriptor status value to indicate if the descriptor belongs
1722	     to the device or the CPU, and a doorbell to notify it when new
1723	     descriptors are available:
1724	
1725		if (desc->status != DEVICE_OWN) {
1726			/* do not read data until we own descriptor */
1727			dma_rmb();
1728	
1729			/* read/modify data */
1730			read_data = desc->data;
1731			desc->data = write_data;
1732	
1733			/* flush modifications before status update */
1734			dma_wmb();
1735	
1736			/* assign ownership */
1737			desc->status = DEVICE_OWN;
1738	
1739			/* force memory to sync before notifying device via MMIO */
1740			wmb();
1741	
1742			/* notify device of new descriptors */
1743			writel(DESC_NOTIFY, doorbell);
1744		}
1745	
1746	     The dma_rmb() allows us guarantee the device has released ownership
1747	     before we read the data from the descriptor, and the dma_wmb() allows
1748	     us to guarantee the data is written to the descriptor before the device
1749	     can see it now has ownership.  The wmb() is needed to guarantee that the
1750	     cache coherent memory writes have completed before attempting a write to
1751	     the cache incoherent MMIO region.
1752	
1753	     See Documentation/DMA-API.txt for more information on consistent memory.
1754	
1755	MMIO WRITE BARRIER
1756	------------------
1757	
1758	The Linux kernel also has a special barrier for use with memory-mapped I/O
1759	writes:
1760	
1761		mmiowb();
1762	
1763	This is a variation on the mandatory write barrier that causes writes to weakly
1764	ordered I/O regions to be partially ordered.  Its effects may go beyond the
1765	CPU->Hardware interface and actually affect the hardware at some level.
1766	
1767	See the subsection "Locks vs I/O accesses" for more information.
1768	
1769	
1770	===============================
1771	IMPLICIT KERNEL MEMORY BARRIERS
1772	===============================
1773	
1774	Some of the other functions in the linux kernel imply memory barriers, amongst
1775	which are locking and scheduling functions.
1776	
1777	This specification is a _minimum_ guarantee; any particular architecture may
1778	provide more substantial guarantees, but these may not be relied upon outside
1779	of arch specific code.
1780	
1781	
1782	ACQUIRING FUNCTIONS
1783	-------------------
1784	
1785	The Linux kernel has a number of locking constructs:
1786	
1787	 (*) spin locks
1788	 (*) R/W spin locks
1789	 (*) mutexes
1790	 (*) semaphores
1791	 (*) R/W semaphores
1792	 (*) RCU
1793	
1794	In all cases there are variants on "ACQUIRE" operations and "RELEASE" operations
1795	for each construct.  These operations all imply certain barriers:
1796	
1797	 (1) ACQUIRE operation implication:
1798	
1799	     Memory operations issued after the ACQUIRE will be completed after the
1800	     ACQUIRE operation has completed.
1801	
1802	     Memory operations issued before the ACQUIRE may be completed after
1803	     the ACQUIRE operation has completed.  An smp_mb__before_spinlock(),
1804	     combined with a following ACQUIRE, orders prior stores against
1805	     subsequent loads and stores. Note that this is weaker than smp_mb()!
1806	     The smp_mb__before_spinlock() primitive is free on many architectures.
1807	
1808	 (2) RELEASE operation implication:
1809	
1810	     Memory operations issued before the RELEASE will be completed before the
1811	     RELEASE operation has completed.
1812	
1813	     Memory operations issued after the RELEASE may be completed before the
1814	     RELEASE operation has completed.
1815	
1816	 (3) ACQUIRE vs ACQUIRE implication:
1817	
1818	     All ACQUIRE operations issued before another ACQUIRE operation will be
1819	     completed before that ACQUIRE operation.
1820	
1821	 (4) ACQUIRE vs RELEASE implication:
1822	
1823	     All ACQUIRE operations issued before a RELEASE operation will be
1824	     completed before the RELEASE operation.
1825	
1826	 (5) Failed conditional ACQUIRE implication:
1827	
1828	     Certain locking variants of the ACQUIRE operation may fail, either due to
1829	     being unable to get the lock immediately, or due to receiving an unblocked
1830	     signal whilst asleep waiting for the lock to become available.  Failed
1831	     locks do not imply any sort of barrier.
1832	
1833	[!] Note: one of the consequences of lock ACQUIREs and RELEASEs being only
1834	one-way barriers is that the effects of instructions outside of a critical
1835	section may seep into the inside of the critical section.
1836	
1837	An ACQUIRE followed by a RELEASE may not be assumed to be full memory barrier
1838	because it is possible for an access preceding the ACQUIRE to happen after the
1839	ACQUIRE, and an access following the RELEASE to happen before the RELEASE, and
1840	the two accesses can themselves then cross:
1841	
1842		*A = a;
1843		ACQUIRE M
1844		RELEASE M
1845		*B = b;
1846	
1847	may occur as:
1848	
1849		ACQUIRE M, STORE *B, STORE *A, RELEASE M
1850	
1851	When the ACQUIRE and RELEASE are a lock acquisition and release,
1852	respectively, this same reordering can occur if the lock's ACQUIRE and
1853	RELEASE are to the same lock variable, but only from the perspective of
1854	another CPU not holding that lock.  In short, a ACQUIRE followed by an
1855	RELEASE may -not- be assumed to be a full memory barrier.
1856	
1857	Similarly, the reverse case of a RELEASE followed by an ACQUIRE does
1858	not imply a full memory barrier.  Therefore, the CPU's execution of the
1859	critical sections corresponding to the RELEASE and the ACQUIRE can cross,
1860	so that:
1861	
1862		*A = a;
1863		RELEASE M
1864		ACQUIRE N
1865		*B = b;
1866	
1867	could occur as:
1868	
1869		ACQUIRE N, STORE *B, STORE *A, RELEASE M
1870	
1871	It might appear that this reordering could introduce a deadlock.
1872	However, this cannot happen because if such a deadlock threatened,
1873	the RELEASE would simply complete, thereby avoiding the deadlock.
1874	
1875		Why does this work?
1876	
1877		One key point is that we are only talking about the CPU doing
1878		the reordering, not the compiler.  If the compiler (or, for
1879		that matter, the developer) switched the operations, deadlock
1880		-could- occur.
1881	
1882		But suppose the CPU reordered the operations.  In this case,
1883		the unlock precedes the lock in the assembly code.  The CPU
1884		simply elected to try executing the later lock operation first.
1885		If there is a deadlock, this lock operation will simply spin (or
1886		try to sleep, but more on that later).	The CPU will eventually
1887		execute the unlock operation (which preceded the lock operation
1888		in the assembly code), which will unravel the potential deadlock,
1889		allowing the lock operation to succeed.
1890	
1891		But what if the lock is a sleeplock?  In that case, the code will
1892		try to enter the scheduler, where it will eventually encounter
1893		a memory barrier, which will force the earlier unlock operation
1894		to complete, again unraveling the deadlock.  There might be
1895		a sleep-unlock race, but the locking primitive needs to resolve
1896		such races properly in any case.
1897	
1898	Locks and semaphores may not provide any guarantee of ordering on UP compiled
1899	systems, and so cannot be counted on in such a situation to actually achieve
1900	anything at all - especially with respect to I/O accesses - unless combined
1901	with interrupt disabling operations.
1902	
1903	See also the section on "Inter-CPU locking barrier effects".
1904	
1905	
1906	As an example, consider the following:
1907	
1908		*A = a;
1909		*B = b;
1910		ACQUIRE
1911		*C = c;
1912		*D = d;
1913		RELEASE
1914		*E = e;
1915		*F = f;
1916	
1917	The following sequence of events is acceptable:
1918	
1919		ACQUIRE, {*F,*A}, *E, {*C,*D}, *B, RELEASE
1920	
1921		[+] Note that {*F,*A} indicates a combined access.
1922	
1923	But none of the following are:
1924	
1925		{*F,*A}, *B,	ACQUIRE, *C, *D,	RELEASE, *E
1926		*A, *B, *C,	ACQUIRE, *D,		RELEASE, *E, *F
1927		*A, *B,		ACQUIRE, *C,		RELEASE, *D, *E, *F
1928		*B,		ACQUIRE, *C, *D,	RELEASE, {*F,*A}, *E
1929	
1930	
1931	
1932	INTERRUPT DISABLING FUNCTIONS
1933	-----------------------------
1934	
1935	Functions that disable interrupts (ACQUIRE equivalent) and enable interrupts
1936	(RELEASE equivalent) will act as compiler barriers only.  So if memory or I/O
1937	barriers are required in such a situation, they must be provided from some
1938	other means.
1939	
1940	
1941	SLEEP AND WAKE-UP FUNCTIONS
1942	---------------------------
1943	
1944	Sleeping and waking on an event flagged in global data can be viewed as an
1945	interaction between two pieces of data: the task state of the task waiting for
1946	the event and the global data used to indicate the event.  To make sure that
1947	these appear to happen in the right order, the primitives to begin the process
1948	of going to sleep, and the primitives to initiate a wake up imply certain
1949	barriers.
1950	
1951	Firstly, the sleeper normally follows something like this sequence of events:
1952	
1953		for (;;) {
1954			set_current_state(TASK_UNINTERRUPTIBLE);
1955			if (event_indicated)
1956				break;
1957			schedule();
1958		}
1959	
1960	A general memory barrier is interpolated automatically by set_current_state()
1961	after it has altered the task state:
1962	
1963		CPU 1
1964		===============================
1965		set_current_state();
1966		  smp_store_mb();
1967		    STORE current->state
1968		    <general barrier>
1969		LOAD event_indicated
1970	
1971	set_current_state() may be wrapped by:
1972	
1973		prepare_to_wait();
1974		prepare_to_wait_exclusive();
1975	
1976	which therefore also imply a general memory barrier after setting the state.
1977	The whole sequence above is available in various canned forms, all of which
1978	interpolate the memory barrier in the right place:
1979	
1980		wait_event();
1981		wait_event_interruptible();
1982		wait_event_interruptible_exclusive();
1983		wait_event_interruptible_timeout();
1984		wait_event_killable();
1985		wait_event_timeout();
1986		wait_on_bit();
1987		wait_on_bit_lock();
1988	
1989	
1990	Secondly, code that performs a wake up normally follows something like this:
1991	
1992		event_indicated = 1;
1993		wake_up(&event_wait_queue);
1994	
1995	or:
1996	
1997		event_indicated = 1;
1998		wake_up_process(event_daemon);
1999	
2000	A write memory barrier is implied by wake_up() and co. if and only if they wake
2001	something up.  The barrier occurs before the task state is cleared, and so sits
2002	between the STORE to indicate the event and the STORE to set TASK_RUNNING:
2003	
2004		CPU 1				CPU 2
2005		===============================	===============================
2006		set_current_state();		STORE event_indicated
2007		  smp_store_mb();		wake_up();
2008		    STORE current->state	  <write barrier>
2009		    <general barrier>		  STORE current->state
2010		LOAD event_indicated
2011	
2012	To repeat, this write memory barrier is present if and only if something
2013	is actually awakened.  To see this, consider the following sequence of
2014	events, where X and Y are both initially zero:
2015	
2016		CPU 1				CPU 2
2017		===============================	===============================
2018		X = 1;				STORE event_indicated
2019		smp_mb();			wake_up();
2020		Y = 1;				wait_event(wq, Y == 1);
2021		wake_up();			  load from Y sees 1, no memory barrier
2022						load from X might see 0
2023	
2024	In contrast, if a wakeup does occur, CPU 2's load from X would be guaranteed
2025	to see 1.
2026	
2027	The available waker functions include:
2028	
2029		complete();
2030		wake_up();
2031		wake_up_all();
2032		wake_up_bit();
2033		wake_up_interruptible();
2034		wake_up_interruptible_all();
2035		wake_up_interruptible_nr();
2036		wake_up_interruptible_poll();
2037		wake_up_interruptible_sync();
2038		wake_up_interruptible_sync_poll();
2039		wake_up_locked();
2040		wake_up_locked_poll();
2041		wake_up_nr();
2042		wake_up_poll();
2043		wake_up_process();
2044	
2045	
2046	[!] Note that the memory barriers implied by the sleeper and the waker do _not_
2047	order multiple stores before the wake-up with respect to loads of those stored
2048	values after the sleeper has called set_current_state().  For instance, if the
2049	sleeper does:
2050	
2051		set_current_state(TASK_INTERRUPTIBLE);
2052		if (event_indicated)
2053			break;
2054		__set_current_state(TASK_RUNNING);
2055		do_something(my_data);
2056	
2057	and the waker does:
2058	
2059		my_data = value;
2060		event_indicated = 1;
2061		wake_up(&event_wait_queue);
2062	
2063	there's no guarantee that the change to event_indicated will be perceived by
2064	the sleeper as coming after the change to my_data.  In such a circumstance, the
2065	code on both sides must interpolate its own memory barriers between the
2066	separate data accesses.  Thus the above sleeper ought to do:
2067	
2068		set_current_state(TASK_INTERRUPTIBLE);
2069		if (event_indicated) {
2070			smp_rmb();
2071			do_something(my_data);
2072		}
2073	
2074	and the waker should do:
2075	
2076		my_data = value;
2077		smp_wmb();
2078		event_indicated = 1;
2079		wake_up(&event_wait_queue);
2080	
2081	
2082	MISCELLANEOUS FUNCTIONS
2083	-----------------------
2084	
2085	Other functions that imply barriers:
2086	
2087	 (*) schedule() and similar imply full memory barriers.
2088	
2089	
2090	===================================
2091	INTER-CPU ACQUIRING BARRIER EFFECTS
2092	===================================
2093	
2094	On SMP systems locking primitives give a more substantial form of barrier: one
2095	that does affect memory access ordering on other CPUs, within the context of
2096	conflict on any particular lock.
2097	
2098	
2099	ACQUIRES VS MEMORY ACCESSES
2100	---------------------------
2101	
2102	Consider the following: the system has a pair of spinlocks (M) and (Q), and
2103	three CPUs; then should the following sequence of events occur:
2104	
2105		CPU 1				CPU 2
2106		===============================	===============================
2107		WRITE_ONCE(*A, a);		WRITE_ONCE(*E, e);
2108		ACQUIRE M			ACQUIRE Q
2109		WRITE_ONCE(*B, b);		WRITE_ONCE(*F, f);
2110		WRITE_ONCE(*C, c);		WRITE_ONCE(*G, g);
2111		RELEASE M			RELEASE Q
2112		WRITE_ONCE(*D, d);		WRITE_ONCE(*H, h);
2113	
2114	Then there is no guarantee as to what order CPU 3 will see the accesses to *A
2115	through *H occur in, other than the constraints imposed by the separate locks
2116	on the separate CPUs. It might, for example, see:
2117	
2118		*E, ACQUIRE M, ACQUIRE Q, *G, *C, *F, *A, *B, RELEASE Q, *D, *H, RELEASE M
2119	
2120	But it won't see any of:
2121	
2122		*B, *C or *D preceding ACQUIRE M
2123		*A, *B or *C following RELEASE M
2124		*F, *G or *H preceding ACQUIRE Q
2125		*E, *F or *G following RELEASE Q
2126	
2127	
2128	
2129	ACQUIRES VS I/O ACCESSES
2130	------------------------
2131	
2132	Under certain circumstances (especially involving NUMA), I/O accesses within
2133	two spinlocked sections on two different CPUs may be seen as interleaved by the
2134	PCI bridge, because the PCI bridge does not necessarily participate in the
2135	cache-coherence protocol, and is therefore incapable of issuing the required
2136	read memory barriers.
2137	
2138	For example:
2139	
2140		CPU 1				CPU 2
2141		===============================	===============================
2142		spin_lock(Q)
2143		writel(0, ADDR)
2144		writel(1, DATA);
2145		spin_unlock(Q);
2146						spin_lock(Q);
2147						writel(4, ADDR);
2148						writel(5, DATA);
2149						spin_unlock(Q);
2150	
2151	may be seen by the PCI bridge as follows:
2152	
2153		STORE *ADDR = 0, STORE *ADDR = 4, STORE *DATA = 1, STORE *DATA = 5
2154	
2155	which would probably cause the hardware to malfunction.
2156	
2157	
2158	What is necessary here is to intervene with an mmiowb() before dropping the
2159	spinlock, for example:
2160	
2161		CPU 1				CPU 2
2162		===============================	===============================
2163		spin_lock(Q)
2164		writel(0, ADDR)
2165		writel(1, DATA);
2166		mmiowb();
2167		spin_unlock(Q);
2168						spin_lock(Q);
2169						writel(4, ADDR);
2170						writel(5, DATA);
2171						mmiowb();
2172						spin_unlock(Q);
2173	
2174	this will ensure that the two stores issued on CPU 1 appear at the PCI bridge
2175	before either of the stores issued on CPU 2.
2176	
2177	
2178	Furthermore, following a store by a load from the same device obviates the need
2179	for the mmiowb(), because the load forces the store to complete before the load
2180	is performed:
2181	
2182		CPU 1				CPU 2
2183		===============================	===============================
2184		spin_lock(Q)
2185		writel(0, ADDR)
2186		a = readl(DATA);
2187		spin_unlock(Q);
2188						spin_lock(Q);
2189						writel(4, ADDR);
2190						b = readl(DATA);
2191						spin_unlock(Q);
2192	
2193	
2194	See Documentation/DocBook/deviceiobook.tmpl for more information.
2195	
2196	
2197	=================================
2198	WHERE ARE MEMORY BARRIERS NEEDED?
2199	=================================
2200	
2201	Under normal operation, memory operation reordering is generally not going to
2202	be a problem as a single-threaded linear piece of code will still appear to
2203	work correctly, even if it's in an SMP kernel.  There are, however, four
2204	circumstances in which reordering definitely _could_ be a problem:
2205	
2206	 (*) Interprocessor interaction.
2207	
2208	 (*) Atomic operations.
2209	
2210	 (*) Accessing devices.
2211	
2212	 (*) Interrupts.
2213	
2214	
2215	INTERPROCESSOR INTERACTION
2216	--------------------------
2217	
2218	When there's a system with more than one processor, more than one CPU in the
2219	system may be working on the same data set at the same time.  This can cause
2220	synchronisation problems, and the usual way of dealing with them is to use
2221	locks.  Locks, however, are quite expensive, and so it may be preferable to
2222	operate without the use of a lock if at all possible.  In such a case
2223	operations that affect both CPUs may have to be carefully ordered to prevent
2224	a malfunction.
2225	
2226	Consider, for example, the R/W semaphore slow path.  Here a waiting process is
2227	queued on the semaphore, by virtue of it having a piece of its stack linked to
2228	the semaphore's list of waiting processes:
2229	
2230		struct rw_semaphore {
2231			...
2232			spinlock_t lock;
2233			struct list_head waiters;
2234		};
2235	
2236		struct rwsem_waiter {
2237			struct list_head list;
2238			struct task_struct *task;
2239		};
2240	
2241	To wake up a particular waiter, the up_read() or up_write() functions have to:
2242	
2243	 (1) read the next pointer from this waiter's record to know as to where the
2244	     next waiter record is;
2245	
2246	 (2) read the pointer to the waiter's task structure;
2247	
2248	 (3) clear the task pointer to tell the waiter it has been given the semaphore;
2249	
2250	 (4) call wake_up_process() on the task; and
2251	
2252	 (5) release the reference held on the waiter's task struct.
2253	
2254	In other words, it has to perform this sequence of events:
2255	
2256		LOAD waiter->list.next;
2257		LOAD waiter->task;
2258		STORE waiter->task;
2259		CALL wakeup
2260		RELEASE task
2261	
2262	and if any of these steps occur out of order, then the whole thing may
2263	malfunction.
2264	
2265	Once it has queued itself and dropped the semaphore lock, the waiter does not
2266	get the lock again; it instead just waits for its task pointer to be cleared
2267	before proceeding.  Since the record is on the waiter's stack, this means that
2268	if the task pointer is cleared _before_ the next pointer in the list is read,
2269	another CPU might start processing the waiter and might clobber the waiter's
2270	stack before the up*() function has a chance to read the next pointer.
2271	
2272	Consider then what might happen to the above sequence of events:
2273	
2274		CPU 1				CPU 2
2275		===============================	===============================
2276						down_xxx()
2277						Queue waiter
2278						Sleep
2279		up_yyy()
2280		LOAD waiter->task;
2281		STORE waiter->task;
2282						Woken up by other event
2283		<preempt>
2284						Resume processing
2285						down_xxx() returns
2286						call foo()
2287						foo() clobbers *waiter
2288		</preempt>
2289		LOAD waiter->list.next;
2290		--- OOPS ---
2291	
2292	This could be dealt with using the semaphore lock, but then the down_xxx()
2293	function has to needlessly get the spinlock again after being woken up.
2294	
2295	The way to deal with this is to insert a general SMP memory barrier:
2296	
2297		LOAD waiter->list.next;
2298		LOAD waiter->task;
2299		smp_mb();
2300		STORE waiter->task;
2301		CALL wakeup
2302		RELEASE task
2303	
2304	In this case, the barrier makes a guarantee that all memory accesses before the
2305	barrier will appear to happen before all the memory accesses after the barrier
2306	with respect to the other CPUs on the system.  It does _not_ guarantee that all
2307	the memory accesses before the barrier will be complete by the time the barrier
2308	instruction itself is complete.
2309	
2310	On a UP system - where this wouldn't be a problem - the smp_mb() is just a
2311	compiler barrier, thus making sure the compiler emits the instructions in the
2312	right order without actually intervening in the CPU.  Since there's only one
2313	CPU, that CPU's dependency ordering logic will take care of everything else.
2314	
2315	
2316	ATOMIC OPERATIONS
2317	-----------------
2318	
2319	Whilst they are technically interprocessor interaction considerations, atomic
2320	operations are noted specially as some of them imply full memory barriers and
2321	some don't, but they're very heavily relied on as a group throughout the
2322	kernel.
2323	
2324	Any atomic operation that modifies some state in memory and returns information
2325	about the state (old or new) implies an SMP-conditional general memory barrier
2326	(smp_mb()) on each side of the actual operation (with the exception of
2327	explicit lock operations, described later).  These include:
2328	
2329		xchg();
2330		atomic_xchg();			atomic_long_xchg();
2331		atomic_inc_return();		atomic_long_inc_return();
2332		atomic_dec_return();		atomic_long_dec_return();
2333		atomic_add_return();		atomic_long_add_return();
2334		atomic_sub_return();		atomic_long_sub_return();
2335		atomic_inc_and_test();		atomic_long_inc_and_test();
2336		atomic_dec_and_test();		atomic_long_dec_and_test();
2337		atomic_sub_and_test();		atomic_long_sub_and_test();
2338		atomic_add_negative();		atomic_long_add_negative();
2339		test_and_set_bit();
2340		test_and_clear_bit();
2341		test_and_change_bit();
2342	
2343		/* when succeeds */
2344		cmpxchg();
2345		atomic_cmpxchg();		atomic_long_cmpxchg();
2346		atomic_add_unless();		atomic_long_add_unless();
2347	
2348	These are used for such things as implementing ACQUIRE-class and RELEASE-class
2349	operations and adjusting reference counters towards object destruction, and as
2350	such the implicit memory barrier effects are necessary.
2351	
2352	
2353	The following operations are potential problems as they do _not_ imply memory
2354	barriers, but might be used for implementing such things as RELEASE-class
2355	operations:
2356	
2357		atomic_set();
2358		set_bit();
2359		clear_bit();
2360		change_bit();
2361	
2362	With these the appropriate explicit memory barrier should be used if necessary
2363	(smp_mb__before_atomic() for instance).
2364	
2365	
2366	The following also do _not_ imply memory barriers, and so may require explicit
2367	memory barriers under some circumstances (smp_mb__before_atomic() for
2368	instance):
2369	
2370		atomic_add();
2371		atomic_sub();
2372		atomic_inc();
2373		atomic_dec();
2374	
2375	If they're used for statistics generation, then they probably don't need memory
2376	barriers, unless there's a coupling between statistical data.
2377	
2378	If they're used for reference counting on an object to control its lifetime,
2379	they probably don't need memory barriers because either the reference count
2380	will be adjusted inside a locked section, or the caller will already hold
2381	sufficient references to make the lock, and thus a memory barrier unnecessary.
2382	
2383	If they're used for constructing a lock of some description, then they probably
2384	do need memory barriers as a lock primitive generally has to do things in a
2385	specific order.
2386	
2387	Basically, each usage case has to be carefully considered as to whether memory
2388	barriers are needed or not.
2389	
2390	The following operations are special locking primitives:
2391	
2392		test_and_set_bit_lock();
2393		clear_bit_unlock();
2394		__clear_bit_unlock();
2395	
2396	These implement ACQUIRE-class and RELEASE-class operations. These should be used in
2397	preference to other operations when implementing locking primitives, because
2398	their implementations can be optimised on many architectures.
2399	
2400	[!] Note that special memory barrier primitives are available for these
2401	situations because on some CPUs the atomic instructions used imply full memory
2402	barriers, and so barrier instructions are superfluous in conjunction with them,
2403	and in such cases the special barrier primitives will be no-ops.
2404	
2405	See Documentation/atomic_ops.txt for more information.
2406	
2407	
2408	ACCESSING DEVICES
2409	-----------------
2410	
2411	Many devices can be memory mapped, and so appear to the CPU as if they're just
2412	a set of memory locations.  To control such a device, the driver usually has to
2413	make the right memory accesses in exactly the right order.
2414	
2415	However, having a clever CPU or a clever compiler creates a potential problem
2416	in that the carefully sequenced accesses in the driver code won't reach the
2417	device in the requisite order if the CPU or the compiler thinks it is more
2418	efficient to reorder, combine or merge accesses - something that would cause
2419	the device to malfunction.
2420	
2421	Inside of the Linux kernel, I/O should be done through the appropriate accessor
2422	routines - such as inb() or writel() - which know how to make such accesses
2423	appropriately sequential.  Whilst this, for the most part, renders the explicit
2424	use of memory barriers unnecessary, there are a couple of situations where they
2425	might be needed:
2426	
2427	 (1) On some systems, I/O stores are not strongly ordered across all CPUs, and
2428	     so for _all_ general drivers locks should be used and mmiowb() must be
2429	     issued prior to unlocking the critical section.
2430	
2431	 (2) If the accessor functions are used to refer to an I/O memory window with
2432	     relaxed memory access properties, then _mandatory_ memory barriers are
2433	     required to enforce ordering.
2434	
2435	See Documentation/DocBook/deviceiobook.tmpl for more information.
2436	
2437	
2438	INTERRUPTS
2439	----------
2440	
2441	A driver may be interrupted by its own interrupt service routine, and thus the
2442	two parts of the driver may interfere with each other's attempts to control or
2443	access the device.
2444	
2445	This may be alleviated - at least in part - by disabling local interrupts (a
2446	form of locking), such that the critical operations are all contained within
2447	the interrupt-disabled section in the driver.  Whilst the driver's interrupt
2448	routine is executing, the driver's core may not run on the same CPU, and its
2449	interrupt is not permitted to happen again until the current interrupt has been
2450	handled, thus the interrupt handler does not need to lock against that.
2451	
2452	However, consider a driver that was talking to an ethernet card that sports an
2453	address register and a data register.  If that driver's core talks to the card
2454	under interrupt-disablement and then the driver's interrupt handler is invoked:
2455	
2456		LOCAL IRQ DISABLE
2457		writew(ADDR, 3);
2458		writew(DATA, y);
2459		LOCAL IRQ ENABLE
2460		<interrupt>
2461		writew(ADDR, 4);
2462		q = readw(DATA);
2463		</interrupt>
2464	
2465	The store to the data register might happen after the second store to the
2466	address register if ordering rules are sufficiently relaxed:
2467	
2468		STORE *ADDR = 3, STORE *ADDR = 4, STORE *DATA = y, q = LOAD *DATA
2469	
2470	
2471	If ordering rules are relaxed, it must be assumed that accesses done inside an
2472	interrupt disabled section may leak outside of it and may interleave with
2473	accesses performed in an interrupt - and vice versa - unless implicit or
2474	explicit barriers are used.
2475	
2476	Normally this won't be a problem because the I/O accesses done inside such
2477	sections will include synchronous load operations on strictly ordered I/O
2478	registers that form implicit I/O barriers. If this isn't sufficient then an
2479	mmiowb() may need to be used explicitly.
2480	
2481	
2482	A similar situation may occur between an interrupt routine and two routines
2483	running on separate CPUs that communicate with each other. If such a case is
2484	likely, then interrupt-disabling locks should be used to guarantee ordering.
2485	
2486	
2487	==========================
2488	KERNEL I/O BARRIER EFFECTS
2489	==========================
2490	
2491	When accessing I/O memory, drivers should use the appropriate accessor
2492	functions:
2493	
2494	 (*) inX(), outX():
2495	
2496	     These are intended to talk to I/O space rather than memory space, but
2497	     that's primarily a CPU-specific concept. The i386 and x86_64 processors do
2498	     indeed have special I/O space access cycles and instructions, but many
2499	     CPUs don't have such a concept.
2500	
2501	     The PCI bus, amongst others, defines an I/O space concept which - on such
2502	     CPUs as i386 and x86_64 - readily maps to the CPU's concept of I/O
2503	     space.  However, it may also be mapped as a virtual I/O space in the CPU's
2504	     memory map, particularly on those CPUs that don't support alternate I/O
2505	     spaces.
2506	
2507	     Accesses to this space may be fully synchronous (as on i386), but
2508	     intermediary bridges (such as the PCI host bridge) may not fully honour
2509	     that.
2510	
2511	     They are guaranteed to be fully ordered with respect to each other.
2512	
2513	     They are not guaranteed to be fully ordered with respect to other types of
2514	     memory and I/O operation.
2515	
2516	 (*) readX(), writeX():
2517	
2518	     Whether these are guaranteed to be fully ordered and uncombined with
2519	     respect to each other on the issuing CPU depends on the characteristics
2520	     defined for the memory window through which they're accessing. On later
2521	     i386 architecture machines, for example, this is controlled by way of the
2522	     MTRR registers.
2523	
2524	     Ordinarily, these will be guaranteed to be fully ordered and uncombined,
2525	     provided they're not accessing a prefetchable device.
2526	
2527	     However, intermediary hardware (such as a PCI bridge) may indulge in
2528	     deferral if it so wishes; to flush a store, a load from the same location
2529	     is preferred[*], but a load from the same device or from configuration
2530	     space should suffice for PCI.
2531	
2532	     [*] NOTE! attempting to load from the same location as was written to may
2533		 cause a malfunction - consider the 16550 Rx/Tx serial registers for
2534		 example.
2535	
2536	     Used with prefetchable I/O memory, an mmiowb() barrier may be required to
2537	     force stores to be ordered.
2538	
2539	     Please refer to the PCI specification for more information on interactions
2540	     between PCI transactions.
2541	
2542	 (*) readX_relaxed(), writeX_relaxed()
2543	
2544	     These are similar to readX() and writeX(), but provide weaker memory
2545	     ordering guarantees. Specifically, they do not guarantee ordering with
2546	     respect to normal memory accesses (e.g. DMA buffers) nor do they guarantee
2547	     ordering with respect to LOCK or UNLOCK operations. If the latter is
2548	     required, an mmiowb() barrier can be used. Note that relaxed accesses to
2549	     the same peripheral are guaranteed to be ordered with respect to each
2550	     other.
2551	
2552	 (*) ioreadX(), iowriteX()
2553	
2554	     These will perform appropriately for the type of access they're actually
2555	     doing, be it inX()/outX() or readX()/writeX().
2556	
2557	
2558	========================================
2559	ASSUMED MINIMUM EXECUTION ORDERING MODEL
2560	========================================
2561	
2562	It has to be assumed that the conceptual CPU is weakly-ordered but that it will
2563	maintain the appearance of program causality with respect to itself.  Some CPUs
2564	(such as i386 or x86_64) are more constrained than others (such as powerpc or
2565	frv), and so the most relaxed case (namely DEC Alpha) must be assumed outside
2566	of arch-specific code.
2567	
2568	This means that it must be considered that the CPU will execute its instruction
2569	stream in any order it feels like - or even in parallel - provided that if an
2570	instruction in the stream depends on an earlier instruction, then that
2571	earlier instruction must be sufficiently complete[*] before the later
2572	instruction may proceed; in other words: provided that the appearance of
2573	causality is maintained.
2574	
2575	 [*] Some instructions have more than one effect - such as changing the
2576	     condition codes, changing registers or changing memory - and different
2577	     instructions may depend on different effects.
2578	
2579	A CPU may also discard any instruction sequence that winds up having no
2580	ultimate effect.  For example, if two adjacent instructions both load an
2581	immediate value into the same register, the first may be discarded.
2582	
2583	
2584	Similarly, it has to be assumed that compiler might reorder the instruction
2585	stream in any way it sees fit, again provided the appearance of causality is
2586	maintained.
2587	
2588	
2589	============================
2590	THE EFFECTS OF THE CPU CACHE
2591	============================
2592	
2593	The way cached memory operations are perceived across the system is affected to
2594	a certain extent by the caches that lie between CPUs and memory, and by the
2595	memory coherence system that maintains the consistency of state in the system.
2596	
2597	As far as the way a CPU interacts with another part of the system through the
2598	caches goes, the memory system has to include the CPU's caches, and memory
2599	barriers for the most part act at the interface between the CPU and its cache
2600	(memory barriers logically act on the dotted line in the following diagram):
2601	
2602		    <--- CPU --->         :       <----------- Memory ----------->
2603		                          :
2604		+--------+    +--------+  :   +--------+    +-----------+
2605		|        |    |        |  :   |        |    |           |    +--------+
2606		|  CPU   |    | Memory |  :   | CPU    |    |           |    |        |
2607		|  Core  |--->| Access |----->| Cache  |<-->|           |    |        |
2608		|        |    | Queue  |  :   |        |    |           |--->| Memory |
2609		|        |    |        |  :   |        |    |           |    |        |
2610		+--------+    +--------+  :   +--------+    |           |    |        |
2611		                          :                 | Cache     |    +--------+
2612		                          :                 | Coherency |
2613		                          :                 | Mechanism |    +--------+
2614		+--------+    +--------+  :   +--------+    |           |    |	      |
2615		|        |    |        |  :   |        |    |           |    |        |
2616		|  CPU   |    | Memory |  :   | CPU    |    |           |--->| Device |
2617		|  Core  |--->| Access |----->| Cache  |<-->|           |    |        |
2618		|        |    | Queue  |  :   |        |    |           |    |        |
2619		|        |    |        |  :   |        |    |           |    +--------+
2620		+--------+    +--------+  :   +--------+    +-----------+
2621		                          :
2622		                          :
2623	
2624	Although any particular load or store may not actually appear outside of the
2625	CPU that issued it since it may have been satisfied within the CPU's own cache,
2626	it will still appear as if the full memory access had taken place as far as the
2627	other CPUs are concerned since the cache coherency mechanisms will migrate the
2628	cacheline over to the accessing CPU and propagate the effects upon conflict.
2629	
2630	The CPU core may execute instructions in any order it deems fit, provided the
2631	expected program causality appears to be maintained.  Some of the instructions
2632	generate load and store operations which then go into the queue of memory
2633	accesses to be performed.  The core may place these in the queue in any order
2634	it wishes, and continue execution until it is forced to wait for an instruction
2635	to complete.
2636	
2637	What memory barriers are concerned with is controlling the order in which
2638	accesses cross from the CPU side of things to the memory side of things, and
2639	the order in which the effects are perceived to happen by the other observers
2640	in the system.
2641	
2642	[!] Memory barriers are _not_ needed within a given CPU, as CPUs always see
2643	their own loads and stores as if they had happened in program order.
2644	
2645	[!] MMIO or other device accesses may bypass the cache system.  This depends on
2646	the properties of the memory window through which devices are accessed and/or
2647	the use of any special device communication instructions the CPU may have.
2648	
2649	
2650	CACHE COHERENCY
2651	---------------
2652	
2653	Life isn't quite as simple as it may appear above, however: for while the
2654	caches are expected to be coherent, there's no guarantee that that coherency
2655	will be ordered.  This means that whilst changes made on one CPU will
2656	eventually become visible on all CPUs, there's no guarantee that they will
2657	become apparent in the same order on those other CPUs.
2658	
2659	
2660	Consider dealing with a system that has a pair of CPUs (1 & 2), each of which
2661	has a pair of parallel data caches (CPU 1 has A/B, and CPU 2 has C/D):
2662	
2663		            :
2664		            :                          +--------+
2665		            :      +---------+         |        |
2666		+--------+  : +--->| Cache A |<------->|        |
2667		|        |  : |    +---------+         |        |
2668		|  CPU 1 |<---+                        |        |
2669		|        |  : |    +---------+         |        |
2670		+--------+  : +--->| Cache B |<------->|        |
2671		            :      +---------+         |        |
2672		            :                          | Memory |
2673		            :      +---------+         | System |
2674		+--------+  : +--->| Cache C |<------->|        |
2675		|        |  : |    +---------+         |        |
2676		|  CPU 2 |<---+                        |        |
2677		|        |  : |    +---------+         |        |
2678		+--------+  : +--->| Cache D |<------->|        |
2679		            :      +---------+         |        |
2680		            :                          +--------+
2681		            :
2682	
2683	Imagine the system has the following properties:
2684	
2685	 (*) an odd-numbered cache line may be in cache A, cache C or it may still be
2686	     resident in memory;
2687	
2688	 (*) an even-numbered cache line may be in cache B, cache D or it may still be
2689	     resident in memory;
2690	
2691	 (*) whilst the CPU core is interrogating one cache, the other cache may be
2692	     making use of the bus to access the rest of the system - perhaps to
2693	     displace a dirty cacheline or to do a speculative load;
2694	
2695	 (*) each cache has a queue of operations that need to be applied to that cache
2696	     to maintain coherency with the rest of the system;
2697	
2698	 (*) the coherency queue is not flushed by normal loads to lines already
2699	     present in the cache, even though the contents of the queue may
2700	     potentially affect those loads.
2701	
2702	Imagine, then, that two writes are made on the first CPU, with a write barrier
2703	between them to guarantee that they will appear to reach that CPU's caches in
2704	the requisite order:
2705	
2706		CPU 1		CPU 2		COMMENT
2707		===============	===============	=======================================
2708						u == 0, v == 1 and p == &u, q == &u
2709		v = 2;
2710		smp_wmb();			Make sure change to v is visible before
2711						 change to p
2712		<A:modify v=2>			v is now in cache A exclusively
2713		p = &v;
2714		<B:modify p=&v>			p is now in cache B exclusively
2715	
2716	The write memory barrier forces the other CPUs in the system to perceive that
2717	the local CPU's caches have apparently been updated in the correct order.  But
2718	now imagine that the second CPU wants to read those values:
2719	
2720		CPU 1		CPU 2		COMMENT
2721		===============	===============	=======================================
2722		...
2723				q = p;
2724				x = *q;
2725	
2726	The above pair of reads may then fail to happen in the expected order, as the
2727	cacheline holding p may get updated in one of the second CPU's caches whilst
2728	the update to the cacheline holding v is delayed in the other of the second
2729	CPU's caches by some other cache event:
2730	
2731		CPU 1		CPU 2		COMMENT
2732		===============	===============	=======================================
2733						u == 0, v == 1 and p == &u, q == &u
2734		v = 2;
2735		smp_wmb();
2736		<A:modify v=2>	<C:busy>
2737				<C:queue v=2>
2738		p = &v;		q = p;
2739				<D:request p>
2740		<B:modify p=&v>	<D:commit p=&v>
2741				<D:read p>
2742				x = *q;
2743				<C:read *q>	Reads from v before v updated in cache
2744				<C:unbusy>
2745				<C:commit v=2>
2746	
2747	Basically, whilst both cachelines will be updated on CPU 2 eventually, there's
2748	no guarantee that, without intervention, the order of update will be the same
2749	as that committed on CPU 1.
2750	
2751	
2752	To intervene, we need to interpolate a data dependency barrier or a read
2753	barrier between the loads.  This will force the cache to commit its coherency
2754	queue before processing any further requests:
2755	
2756		CPU 1		CPU 2		COMMENT
2757		===============	===============	=======================================
2758						u == 0, v == 1 and p == &u, q == &u
2759		v = 2;
2760		smp_wmb();
2761		<A:modify v=2>	<C:busy>
2762				<C:queue v=2>
2763		p = &v;		q = p;
2764				<D:request p>
2765		<B:modify p=&v>	<D:commit p=&v>
2766				<D:read p>
2767				smp_read_barrier_depends()
2768				<C:unbusy>
2769				<C:commit v=2>
2770				x = *q;
2771				<C:read *q>	Reads from v after v updated in cache
2772	
2773	
2774	This sort of problem can be encountered on DEC Alpha processors as they have a
2775	split cache that improves performance by making better use of the data bus.
2776	Whilst most CPUs do imply a data dependency barrier on the read when a memory
2777	access depends on a read, not all do, so it may not be relied on.
2778	
2779	Other CPUs may also have split caches, but must coordinate between the various
2780	cachelets for normal memory accesses.  The semantics of the Alpha removes the
2781	need for coordination in the absence of memory barriers.
2782	
2783	
2784	CACHE COHERENCY VS DMA
2785	----------------------
2786	
2787	Not all systems maintain cache coherency with respect to devices doing DMA.  In
2788	such cases, a device attempting DMA may obtain stale data from RAM because
2789	dirty cache lines may be resident in the caches of various CPUs, and may not
2790	have been written back to RAM yet.  To deal with this, the appropriate part of
2791	the kernel must flush the overlapping bits of cache on each CPU (and maybe
2792	invalidate them as well).
2793	
2794	In addition, the data DMA'd to RAM by a device may be overwritten by dirty
2795	cache lines being written back to RAM from a CPU's cache after the device has
2796	installed its own data, or cache lines present in the CPU's cache may simply
2797	obscure the fact that RAM has been updated, until at such time as the cacheline
2798	is discarded from the CPU's cache and reloaded.  To deal with this, the
2799	appropriate part of the kernel must invalidate the overlapping bits of the
2800	cache on each CPU.
2801	
2802	See Documentation/cachetlb.txt for more information on cache management.
2803	
2804	
2805	CACHE COHERENCY VS MMIO
2806	-----------------------
2807	
2808	Memory mapped I/O usually takes place through memory locations that are part of
2809	a window in the CPU's memory space that has different properties assigned than
2810	the usual RAM directed window.
2811	
2812	Amongst these properties is usually the fact that such accesses bypass the
2813	caching entirely and go directly to the device buses.  This means MMIO accesses
2814	may, in effect, overtake accesses to cached memory that were emitted earlier.
2815	A memory barrier isn't sufficient in such a case, but rather the cache must be
2816	flushed between the cached memory write and the MMIO access if the two are in
2817	any way dependent.
2818	
2819	
2820	=========================
2821	THE THINGS CPUS GET UP TO
2822	=========================
2823	
2824	A programmer might take it for granted that the CPU will perform memory
2825	operations in exactly the order specified, so that if the CPU is, for example,
2826	given the following piece of code to execute:
2827	
2828		a = READ_ONCE(*A);
2829		WRITE_ONCE(*B, b);
2830		c = READ_ONCE(*C);
2831		d = READ_ONCE(*D);
2832		WRITE_ONCE(*E, e);
2833	
2834	they would then expect that the CPU will complete the memory operation for each
2835	instruction before moving on to the next one, leading to a definite sequence of
2836	operations as seen by external observers in the system:
2837	
2838		LOAD *A, STORE *B, LOAD *C, LOAD *D, STORE *E.
2839	
2840	
2841	Reality is, of course, much messier.  With many CPUs and compilers, the above
2842	assumption doesn't hold because:
2843	
2844	 (*) loads are more likely to need to be completed immediately to permit
2845	     execution progress, whereas stores can often be deferred without a
2846	     problem;
2847	
2848	 (*) loads may be done speculatively, and the result discarded should it prove
2849	     to have been unnecessary;
2850	
2851	 (*) loads may be done speculatively, leading to the result having been fetched
2852	     at the wrong time in the expected sequence of events;
2853	
2854	 (*) the order of the memory accesses may be rearranged to promote better use
2855	     of the CPU buses and caches;
2856	
2857	 (*) loads and stores may be combined to improve performance when talking to
2858	     memory or I/O hardware that can do batched accesses of adjacent locations,
2859	     thus cutting down on transaction setup costs (memory and PCI devices may
2860	     both be able to do this); and
2861	
2862	 (*) the CPU's data cache may affect the ordering, and whilst cache-coherency
2863	     mechanisms may alleviate this - once the store has actually hit the cache
2864	     - there's no guarantee that the coherency management will be propagated in
2865	     order to other CPUs.
2866	
2867	So what another CPU, say, might actually observe from the above piece of code
2868	is:
2869	
2870		LOAD *A, ..., LOAD {*C,*D}, STORE *E, STORE *B
2871	
2872		(Where "LOAD {*C,*D}" is a combined load)
2873	
2874	
2875	However, it is guaranteed that a CPU will be self-consistent: it will see its
2876	_own_ accesses appear to be correctly ordered, without the need for a memory
2877	barrier.  For instance with the following code:
2878	
2879		U = READ_ONCE(*A);
2880		WRITE_ONCE(*A, V);
2881		WRITE_ONCE(*A, W);
2882		X = READ_ONCE(*A);
2883		WRITE_ONCE(*A, Y);
2884		Z = READ_ONCE(*A);
2885	
2886	and assuming no intervention by an external influence, it can be assumed that
2887	the final result will appear to be:
2888	
2889		U == the original value of *A
2890		X == W
2891		Z == Y
2892		*A == Y
2893	
2894	The code above may cause the CPU to generate the full sequence of memory
2895	accesses:
2896	
2897		U=LOAD *A, STORE *A=V, STORE *A=W, X=LOAD *A, STORE *A=Y, Z=LOAD *A
2898	
2899	in that order, but, without intervention, the sequence may have almost any
2900	combination of elements combined or discarded, provided the program's view
2901	of the world remains consistent.  Note that READ_ONCE() and WRITE_ONCE()
2902	are -not- optional in the above example, as there are architectures
2903	where a given CPU might reorder successive loads to the same location.
2904	On such architectures, READ_ONCE() and WRITE_ONCE() do whatever is
2905	necessary to prevent this, for example, on Itanium the volatile casts
2906	used by READ_ONCE() and WRITE_ONCE() cause GCC to emit the special ld.acq
2907	and st.rel instructions (respectively) that prevent such reordering.
2908	
2909	The compiler may also combine, discard or defer elements of the sequence before
2910	the CPU even sees them.
2911	
2912	For instance:
2913	
2914		*A = V;
2915		*A = W;
2916	
2917	may be reduced to:
2918	
2919		*A = W;
2920	
2921	since, without either a write barrier or an WRITE_ONCE(), it can be
2922	assumed that the effect of the storage of V to *A is lost.  Similarly:
2923	
2924		*A = Y;
2925		Z = *A;
2926	
2927	may, without a memory barrier or an READ_ONCE() and WRITE_ONCE(), be
2928	reduced to:
2929	
2930		*A = Y;
2931		Z = Y;
2932	
2933	and the LOAD operation never appear outside of the CPU.
2934	
2935	
2936	AND THEN THERE'S THE ALPHA
2937	--------------------------
2938	
2939	The DEC Alpha CPU is one of the most relaxed CPUs there is.  Not only that,
2940	some versions of the Alpha CPU have a split data cache, permitting them to have
2941	two semantically-related cache lines updated at separate times.  This is where
2942	the data dependency barrier really becomes necessary as this synchronises both
2943	caches with the memory coherence system, thus making it seem like pointer
2944	changes vs new data occur in the right order.
2945	
2946	The Alpha defines the Linux kernel's memory barrier model.
2947	
2948	See the subsection on "Cache Coherency" above.
2949	
2950	
2951	============
2952	EXAMPLE USES
2953	============
2954	
2955	CIRCULAR BUFFERS
2956	----------------
2957	
2958	Memory barriers can be used to implement circular buffering without the need
2959	of a lock to serialise the producer with the consumer.  See:
2960	
2961		Documentation/circular-buffers.txt
2962	
2963	for details.
2964	
2965	
2966	==========
2967	REFERENCES
2968	==========
2969	
2970	Alpha AXP Architecture Reference Manual, Second Edition (Sites & Witek,
2971	Digital Press)
2972		Chapter 5.2: Physical Address Space Characteristics
2973		Chapter 5.4: Caches and Write Buffers
2974		Chapter 5.5: Data Sharing
2975		Chapter 5.6: Read/Write Ordering
2976	
2977	AMD64 Architecture Programmer's Manual Volume 2: System Programming
2978		Chapter 7.1: Memory-Access Ordering
2979		Chapter 7.4: Buffering and Combining Memory Writes
2980	
2981	IA-32 Intel Architecture Software Developer's Manual, Volume 3:
2982	System Programming Guide
2983		Chapter 7.1: Locked Atomic Operations
2984		Chapter 7.2: Memory Ordering
2985		Chapter 7.4: Serializing Instructions
2986	
2987	The SPARC Architecture Manual, Version 9
2988		Chapter 8: Memory Models
2989		Appendix D: Formal Specification of the Memory Models
2990		Appendix J: Programming with the Memory Models
2991	
2992	UltraSPARC Programmer Reference Manual
2993		Chapter 5: Memory Accesses and Cacheability
2994		Chapter 15: Sparc-V9 Memory Models
2995	
2996	UltraSPARC III Cu User's Manual
2997		Chapter 9: Memory Models
2998	
2999	UltraSPARC IIIi Processor User's Manual
3000		Chapter 8: Memory Models
3001	
3002	UltraSPARC Architecture 2005
3003		Chapter 9: Memory
3004		Appendix D: Formal Specifications of the Memory Models
3005	
3006	UltraSPARC T1 Supplement to the UltraSPARC Architecture 2005
3007		Chapter 8: Memory Models
3008		Appendix F: Caches and Cache Coherency
3009	
3010	Solaris Internals, Core Kernel Architecture, p63-68:
3011		Chapter 3.3: Hardware Considerations for Locks and
3012				Synchronization
3013	
3014	Unix Systems for Modern Architectures, Symmetric Multiprocessing and Caching
3015	for Kernel Programmers:
3016		Chapter 13: Other Memory Models
3017	
3018	Intel Itanium Architecture Software Developer's Manual: Volume 1:
3019		Section 2.6: Speculation
3020		Section 4.4: Memory Access
Hide Line Numbers
About Kernel Documentation Linux Kernel Contact Linux Resources Linux Blog

Information is copyright its respective author. All material is available from the Linux Kernel Source distributed under a GPL License. This page is provided as a free service by mjmwired.net.