| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 17 Aug 2007 12:19:30 +1000 From: Nick Piggin <nickpiggin@...oo.com.au> To: Segher Boessenkool <segher@...nel.crashing.org> CC: heiko.carstens@...ibm.com, horms@...ge.net.au, linux-kernel@...r.kernel.org, rpjday@...dspring.com, ak@...e.de, netdev@...r.kernel.org, cfriesen@...tel.com, akpm@...ux-foundation.org, torvalds@...ux-foundation.org, jesper.juhl@...il.com, linux-arch@...r.kernel.org, zlynx@....org, satyam@...radead.org, clameter@....com, schwidefsky@...ibm.com, Chris Snook <csnook@...hat.com>, Herbert Xu <herbert.xu@...hat.com>, davem@...emloft.net, wensong@...ux-vs.org, wjiang@...ilience.com Subject: Re: [PATCH 0/24] make atomic_read() behave consistently across all architectures Segher Boessenkool wrote: >>>>> Part of the motivation here is to fix heisenbugs. If I knew where >>>>> they >>>> >>>> >>>> >>>> By the same token we should probably disable optimisations >>>> altogether since that too can create heisenbugs. >>> >>> Almost everything is a tradeoff; and so is this. I don't >>> believe most people would find disabling all compiler >>> optimisations an acceptable price to pay for some peace >>> of mind. >> >> >> So why is this a good tradeoff? > > > It certainly is better than disabling all compiler optimisations! It's easy to be better than something really stupid :) So i386 and x86-64 don't have volatiles there, and it saves them a few K of kernel text. What you need to justify is why it is a good tradeoff to make them volatile (which btw, is much harder to go the other way after we let people make those assumptions). >> I also think that just adding things to APIs in the hope it might fix >> up some bugs isn't really a good road to go down. Where do you stop? > > > I look at it the other way: keeping the "volatile" semantics in > atomic_XXX() (or adding them to it, whatever) helps _prevent_ bugs; Yeah, but we could add lots of things to help prevent bugs and would never be included. I would also contend that it helps _hide_ bugs and encourages people to be lazy when thinking about these things. Also, you dismiss the fact that we'd actually be *adding* volatile semantics back to the 2 most widely tested architectures (in terms of test time, number of testers, variety of configurations, and coverage of driver code). This is a very important different from just keeping volatile semantics because it is basically a one-way API change. > certainly most people expect that behaviour, and also that behaviour > is *needed* in some places and no other interface provides that > functionality. I don't know that most people would expect that behaviour. Is there any documentation anywhere that would suggest this? Also, barrier() most definitely provides the required functionality. It is overkill in some situations, but volatile is overkill in _most_ situations. If that's what you're worried about, we should add a new ordering primitive. > [some confusion about barriers wrt atomics snipped] What were you confused about? -- SUSE Labs, Novell Inc. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists