| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 30 Aug 2018 11:17:13 +0200
From: Andrea Parri <parri.andrea@...il.com>
To: "Paul E. McKenney" <paulmck@...ux.vnet.ibm.com>
Cc: linux-kernel@...r.kernel.org, linux-arch@...r.kernel.org,
mingo@...nel.org, stern@...land.harvard.edu, will.deacon@....com,
peterz@...radead.org, boqun.feng@...il.com, npiggin@...il.com,
dhowells@...hat.com, j.alglave@....ac.uk, luc.maranget@...ia.fr,
akiyks@...il.com
Subject: Re: [PATCH RFC LKMM 3/7] EXP tools/memory-model: Add more LKMM
limitations
On Wed, Aug 29, 2018 at 02:10:49PM -0700, Paul E. McKenney wrote:
> This commit adds more detail about compiler optimizations and
> not-yet-modeled Linux-kernel APIs.
>
> Signed-off-by: Paul E. McKenney <paulmck@...ux.vnet.ibm.com>
> ---
> tools/memory-model/README | 39 +++++++++++++++++++++++++++++++++++++++
> 1 file changed, 39 insertions(+)
>
> diff --git a/tools/memory-model/README b/tools/memory-model/README
> index ee987ce20aae..acf9077cffaa 100644
> --- a/tools/memory-model/README
> +++ b/tools/memory-model/README
> @@ -171,6 +171,12 @@ The Linux-kernel memory model has the following limitations:
> particular, the "THE PROGRAM ORDER RELATION: po AND po-loc"
> and "A WARNING" sections).
>
> + Note that this limitation in turn limits LKMM's ability to
> + accurately model address, control, and data dependencies.
> + For example, if the compiler can deduce the value of some variable
> + carrying a dependency, then the compiler can break that dependency
> + by substituting a constant of that value.
> +
> 2. Multiple access sizes for a single variable are not supported,
> and neither are misaligned or partially overlapping accesses.
>
> @@ -190,6 +196,36 @@ The Linux-kernel memory model has the following limitations:
> However, a substantial amount of support is provided for these
> operations, as shown in the linux-kernel.def file.
>
> + a. When rcu_assign_pointer() is passed NULL, the Linux
> + kernel provides no ordering, but LKMM models this
> + case as a store release.
> +
> + b. The "unless" RMW operations are not currently modeled:
> + atomic_long_add_unless(), atomic_add_unless(),
> + atomic_inc_unless_negative(), and
> + atomic_dec_unless_positive(). These can be emulated
> + in litmus tests, for example, by using atomic_cmpxchg().
There is a prototype atomic_add_unless(): with current herd7,
$ cat atomic_add_unless.litmus
C atomic_add_unless
{}
P0(atomic_t *u, atomic_t *v)
{
int r0;
int r1;
r0 = atomic_add_unless(u, 1, 2);
r1 = atomic_read(v);
}
P1(atomic_t *u, atomic_t *v)
{
int r0;
int r1;
r0 = atomic_add_unless(v, 1, 2);
r1 = atomic_read(u);
}
exists (0:r1=0 /\ 1:r1=0)
$ herd7 -conf linux-kernel.cfg atomic_add_unless.litmus
Test atomic_add_unless Allowed
States 3
0:r1=0; 1:r1=1;
0:r1=1; 1:r1=0;
0:r1=1; 1:r1=1;
No
Witnesses
Positive: 0 Negative: 3
Condition exists (0:r1=0 /\ 1:r1=0)
Observation atomic_add_unless Never 0 3
Time atomic_add_unless 0.00
Hash=fa37a2359831690299e4cc394e45d966
The last commit in the herdtools7 repo. related to this implementation
(AFAICT) is:
9523c340917b6a ("herd/linux: make atomic_add_unless a primitive, so as to yield more precise dependencies for the returned boolean.")
but I can only vaguely remember those dependencies issues now :/ ...;
maybe we can now solve these issues? or should we change herd7 to re-
turn a warning? (Notice that this primitive is currently not exported
to the linux-kernel.def file.)
Andrea
> +
> + c. The call_rcu() function is not modeled. It can be
> + emulated in litmus tests by adding another process that
> + invokes synchronize_rcu() and the body of the callback
> + function, with (for example) a release-acquire from
> + the site of the emulated call_rcu() to the beginning
> + of the additional process.
> +
> + d. The rcu_barrier() function is not modeled. It can be
> + emulated in litmus tests emulating call_rcu() via
> + (for example) a release-acquire from the end of each
> + additional call_rcu() process to the site of the
> + emulated rcu-barrier().
> +
> + e. Sleepable RCU (SRCU) is not modeled. It can be
> + emulated, but perhaps not simply.
> +
> + f. Reader-writer locking is not modeled. It can be
> + emulated in litmus tests using atomic read-modify-write
> + operations.
> +
> The "herd7" tool has some additional limitations of its own, apart from
> the memory model:
>
> @@ -204,3 +240,6 @@ the memory model:
> Some of these limitations may be overcome in the future, but others are
> more likely to be addressed by incorporating the Linux-kernel memory model
> into other tools.
> +
> +Finally, please note that LKMM is subject to change as hardware, use cases,
> +and compilers evolve.
> --
> 2.17.1
>
Powered by blists - more mailing lists