| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 30 May 2018 09:59:28 -0500
From: Linus Torvalds <torvalds@...ux-foundation.org>
To: Alan Stern <stern@...land.harvard.edu>
Cc: Paul McKenney <paulmck@...ux.vnet.ibm.com>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
linux-arch <linux-arch@...r.kernel.org>,
andrea.parri@...rulasolutions.com,
Will Deacon <will.deacon@....com>,
Peter Zijlstra <peterz@...radead.org>,
Boqun Feng <boqun.feng@...il.com>,
Nick Piggin <npiggin@...il.com>,
David Howells <dhowells@...hat.com>,
Jade Alglave <j.alglave@....ac.uk>,
Luc Maranget <luc.maranget@...ia.fr>,
Akira Yokosawa <akiyks@...il.com>,
Ingo Molnar <mingo@...nel.org>,
Roman Pen <roman.penyaev@...fitbricks.com>
Subject: Re: LKMM litmus test for Roman Penyaev's rcu-rr
On Wed, May 30, 2018 at 9:29 AM Alan Stern <stern@...land.harvard.edu>
wrote:
> >
> > Can't we simplify the whole sequence as basically
> >
> > A
> > if (!B)
> > D
> >
> > for that "not B" case, and just think about that. IOW, let's ignore the
> > whole "not executed" code.
> Your listing is slightly misleading.
No. You're confused.
You're confused because you're conflating two *entirely* different things.
You're conflating the static source code with the dynamic execution. They
are NOT THE SAME.
It really should be:
> A
> if (!B)
> ; // NOP
> D
No it really really shouldn't.
There are two completely different situations:
(1) there is the source code:
A
if (B)
C
D
where C contains a barrier, and B depends on A and is not statically
determinable.
In the source code, 'D' looks unconditional BUT IT DAMN WELL IS NOT.
It's not unconditional - it's just done in both conditions! That's a big
big difference.
> In other words, D should be beyond the end of the "if" statement, not
> inside one of the branches.
You're just completely confused.
What you are stating makes no sense at all.
Seriously, your reading of the code is entirely monsenscal, and seems to be
about syntax, not about semantics. Which is crazy.
Lookie here, you can change the syntactic model of that code to just be
A
if (B)
C
D
else
D
and that code obviously has the EXACT SAME SEMANTICS.
So if you get hung up on trivial syntactic issues, you are by definition
confused, and your tool is garbage. You're doing memory ordering analysis,
not syntax parsing, for chrissake!
> At run time, of course, it doesn't matter;
> CPUs don't try to detect where the two branches of an "if" recombine.
> (Leaving aside issues like implementing an "if" as a move-conditional.)
You cannot do it as a move-conditional, since that code generation would
have been buggy shit, exactly because of C. But that's a code generation
issue, not a run-time decision.
So at run-time, the code ends up being
A
if (!B)
D
and D cannot be written before A has been read, because B depends on A, and
you cannot expose specutive writes before the preconditions have been
evaluated.
> Remember, the original code was:
> A
> if (!B)
> C
> D
> So the execution of D is _not_ conditional, and it doesn't depend on A
> or B. (Again, CPUs don't make this distinction, but compilers do.)
Again, the above is nothing but confused bullshit.
D depends on B, which depends on A.
Really. Really really.
Anybody - or any tool - that doesn't see that is fundamentally wrong, and
has been confused by syntax.
A *compiler* will very much also make that distinction. If it doesn't make
that distinction, it's not a compiler, it's a buggy piece of shit.
Because semantics matter.
Think about it.
Linus
Powered by blists - more mailing lists