lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <200901060525.31472.nickpiggin@yahoo.com.au>
Date:	Tue, 6 Jan 2009 05:25:30 +1100
From:	Nick Piggin <nickpiggin@...oo.com.au>
To:	paulmck@...ux.vnet.ibm.com
Cc:	Alan Cox <alan@...rguk.ukuu.org.uk>, Pavel Machek <pavel@...e.cz>,
	kernel list <linux-kernel@...r.kernel.org>,
	Andrew Morton <akpm@...l.org>, mtk.manpages@...il.com,
	rdunlap@...otime.net, linux-doc@...r.kernel.org,
	segher@...nel.crashing.org, rth@....gnu.org
Subject: Re: atomics: document that linux expects certain atomic behaviour from unsigned long

On Tuesday 06 January 2009 04:30:04 Paul E. McKenney wrote:
> On Tue, Jan 06, 2009 at 03:25:12AM +1100, Nick Piggin wrote:
> > On Tuesday 06 January 2009 03:05:01 Paul E. McKenney wrote:
> > > On Mon, Jan 05, 2009 at 11:00:24PM +1100, Nick Piggin wrote:
> > > > On Monday 05 January 2009 22:23:50 Alan Cox wrote:
> > > > > > Pretty much everywhere that uses RCU for example does so using
> > > > > > atomic pointer loads and stores. The nastiest issue IMO actually
> > > > > > is reloading the value through the pointer even if it isn't
> > > > > > explicitly dereferenced. RCU gets this right with ACCESS_ONCE.
> > > > > > Probably a lot of code using basic types does not. x86
> > > > > > atomic_read maybe should be using ACCESS_ONCE too...
> > > > >
> > > > > I'm pretty sure it should. gcc makes no guarantees about not being
> > > > > clever with accesses.
> > > >
> > > > Arguably it should. I don't know what the concurrent C standard looks
> > > > like, but prohibiting reloads of potentially concurrently modified
> > > > memory when there is no explicit pointer dereference is the natural
> > > > complement to prohibiting stores to potentially concurrently read
> > > > memory when there is no explicit store (which I think is begrudgingly
> > > > agreed to be a problem).
> > > >
> > > > http://lkml.org/lkml/2007/10/24/673
> > > >
> > > > I think I would like to see multiple reloads to local variables
> > > > prohibited, to avoid potential really subtle problems... But if
> > > > ACCESS_ONCE is here to stay, then I do think that atomic_read etc
> > > > should use it.
> > >
> > > The concurrency stuff in c++0x still permits the compiler to have its
> > > way with loads and stores to normal variables, but provides an "atomic"
> > > type that must be loaded and stored as specified in the program.
> >
> > So:
> > if (trylock())
> >   locked = 1;
> > ...
> > if (locked)
> >   *var = blah;
> > ...
> > if (locked)
> >   unlock();
> >
> > So the second part can still be transformed into a predicated calculation
> > of blah, then an unconditional store to *var?
>
> Assuming that "var" is an ordinary variable...
>
> If you are asking whether the compiler guys believe that they are within
> their rights to do a store to *var and then store the old value to *var
> if !locked, the unfortunate answer is "yes".  Hence ACCESS_ONCE().

Right. Part of the problem is that it might not be so clear. Each part of
the above sequence might be somewhat hidden by different call chains, gotos,
etc. *var = blah may not be that simple in form but actually be a call to
some helper function (which ends up being inlined, etc).

if (!trylock())
  return;

*var = blah;

unlock();

This is basically the same sequence, isn't it? var definitely doesn't need
to be atomic. It actually shouldn't have to be subject to any compiler
constraints within the critical section in order for the compiler to
generate an optimal critical section.


> > > The issue with ACCESS_ONCE() is that gcc doesn't do any optimizations
> > > on volatile accesses, even the obvious ones.  Speaking of which, the
> > > gcc guys kicked out my bug 33102, which was complaining about this
> > > situation.  :-/
> >
> > Hmm. It's still quite annoying even to have to switch everything to the
> > atomic type. I guarantee there will be bugs in Linux caused by the
> > compiler reloading pointers/longs/ints to access local variables...
>
> Another approach would be to change ACCESS_ONCE() to use the atomic
> types.  Then we have a bigger hammer with which to beat the gcc guys
> about optimizations.  We can hope, anyway...

Well... I'm less concerned about performance as correctness and difficulty
of programming this model.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ