| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 7 Nov 2008 15:55:29 -0500 From: Mathieu Desnoyers <mathieu.desnoyers@...ymtl.ca> To: Nicolas Pitre <nico@....org> Cc: David Howells <dhowells@...hat.com>, "Paul E. McKenney" <paulmck@...ux.vnet.ibm.com>, Linus Torvalds <torvalds@...ux-foundation.org>, akpm@...ux-foundation.org, Ingo Molnar <mingo@...e.hu>, Peter Zijlstra <a.p.zijlstra@...llo.nl>, lkml <linux-kernel@...r.kernel.org>, Ralf Baechle <ralf@...ux-mips.org>, benh@...nel.crashing.org, paulus@...ba.org, David Miller <davem@...emloft.net>, Ingo Molnar <mingo@...hat.com>, Thomas Gleixner <tglx@...utronix.de>, Steven Rostedt <rostedt@...dmis.org>, linux-arch@...r.kernel.org Subject: Re: [RFC patch 08/18] cnt32_to_63 should use smp_rmb() * Nicolas Pitre (nico@....org) wrote: > On Fri, 7 Nov 2008, Mathieu Desnoyers wrote: > > > I want to make sure > > > > __m_cnt_hi > > is read before > > mmio cnt_lo read > > > > for the detailed reasons explained in my previous discussion with > > Nicolas here : > > http://lkml.org/lkml/2008/10/21/1 > > > > I use smp_rmb() to do this on SMP systems (hrm, actually, a rmb() could > > be required so it works also on UP systems safely wrt interrupts). > > > > The write side is between the hardware counter, which is assumed to > > increment monotonically between each read, and the value __m_cnt_hi > > updated by the CPU. I don't see where we could put a wmb() there. > > > > Without barrier, the smp race looks as follow : > > > > > > CPU A B > > read hw cnt low (0xFFFFFFFA) > > read __m_cnt_hi (0x80000000) > > read hw cnt low (0x00000001) > > (wrap detected : > > (s32)(0x80000000 ^ 0x1) < 0) > > write __m_cnt_hi = 0x00000001 > > read __m_cnt_hi (0x00000001) > > return 0x0000000100000001 > > (wrap detected : > > (s32)(0x00000001 ^ 0xFFFFFFFA) < 0) > > write __m_cnt_hi = 0x80000001 > > return 0x80000001FFFFFFFA > > (time jumps) > > Could you have hardware doing such things? You would get a non cached > and more expensive read on CPU B which is not in program order with the > read that should have happened before, and before that second out of > order read could be performed, you'd have a full sequence in program > order performed on CPU A. > Hrm, yes ? Well, it's the whole point in barriers/cache coherency mechanisms, out-of-order reads... etc. First off, read hw cnt low _is_ an uncached memory read (this is the mmio read). __m_cnt_hi is a cached read, and therefore can be delayed if the cache-line is busy. And we have no control on how much time can pass between the two reads given the CPU may stall waiting for a cache-line. So the scenario above happens if CPU A have __m_cnt_hi in its cacheline, but for come reason CPU B have to defer the cacheline read of __m_cnt_hi due to heavy cacheline traffic and decides to proceed to mmio read before the cacheline has been brought to the CPU because "hey, there is no data dependency between those two reads !". See Documentation/memory-barriers.txt. Mathieu > > Nicolas -- Mathieu Desnoyers OpenPGP key fingerprint: 8CD5 52C3 8E3C 4140 715F BA06 3F25 A8FE 3BAE 9A68 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists