lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Fri, 10 Aug 2007 00:34:58 +0200
From:	Segher Boessenkool <segher@...nel.crashing.org>
To:	Chris Snook <csnook@...hat.com>
Cc:	wjiang@...ilience.com, wensong@...ux-vs.org,
	heiko.carstens@...ibm.com, linux-kernel@...r.kernel.org,
	ak@...e.de, cfriesen@...tel.com, netdev@...r.kernel.org,
	horms@...ge.net.au, akpm@...ux-foundation.org,
	linux-arch@...r.kernel.org, torvalds@...ux-foundation.org,
	schwidefsky@...ibm.com, davem@...emloft.net, zlynx@....org,
	rpjday@...dspring.com, jesper.juhl@...il.com
Subject: Re: [PATCH 24/24] document volatile atomic_read() behavior

>> Anyway, what's the supposed advantage of *(volatile *) vs. using
>> a real volatile object?  That you can access that same object in
>> a non-volatile way?
>
> You'll have to take that up with Linus and the minds behind Volatile 
> Considered Harmful, but the crux of it is that volatile objects are 
> prone to compiler bugs too, and if we have to track down a compiler 
> bug, it's a lot easier when we know exactly where the load is supposed 
> to be because we deliberately put it there, rather than letting the 
> compiler re-order everything that lacks a strict data dependency and 
> trying to figure out where in a thousand lines of assembler the 
> compiler should have put the load for the volatile object.

So, why not do the access explicitly via an inline asm?  It
generates the same code, it's obviously correct, and it's
even *actually* correct.  Plus, you get good compiler
support (and compiler people support).

> If we're going to assume that the compiler has bugs we'll never be 
> able to find, we all need to find new careers.

If we cannot find the bug in finite time, we cannot observe
the bug in finite time either, so either way that's fine :-)

> If we're going to assume that it has bugs we *can* find, then let's 
> use code that makes it easier to do that.

And I'm saying this is a step in the wrong direction for that.

> I initially proposed a patch that made all the objects volatile, on 
> the grounds that this was a special case where there wasn't much room 
> to have a misunderstanding that resulted in anything worse than wasted 
> loads.  Linus objected, and now that I've seen all the responses to 
> the new patchset, I understand exactly why.  If our compilers really 
> suck as much as everyone says they do, it'll be much easier to detect 
> that with volatile casts than with volatile declarations.

Except that accesses via volatile pointer casts open up a whole
new can of worms.


Segher

-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ