| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 20 Feb 2019 13:41:06 +0000
From: Will Deacon <will.deacon@....com>
To: Andrea Parri <andrea.parri@...rulasolutions.com>
Cc: Peter Zijlstra <peterz@...radead.org>,
"Paul E. McKenney" <paulmck@...ux.ibm.com>,
linux-kernel@...r.kernel.org, linux-arch@...r.kernel.org,
Alan Stern <stern@...land.harvard.edu>,
Boqun Feng <boqun.feng@...il.com>,
Nicholas Piggin <npiggin@...il.com>,
David Howells <dhowells@...hat.com>,
Jade Alglave <j.alglave@....ac.uk>,
Luc Maranget <luc.maranget@...ia.fr>,
Akira Yokosawa <akiyks@...il.com>,
Daniel Lustig <dlustig@...dia.com>
Subject: Re: [RFC PATCH] tools/memory-model: Remove (dep ; rfi) from ppo
On Wed, Feb 20, 2019 at 02:14:56PM +0100, Andrea Parri wrote:
> On Wed, Feb 20, 2019 at 10:26:04AM +0100, Peter Zijlstra wrote:
> > On Tue, Feb 19, 2019 at 06:01:17PM -0800, Paul E. McKenney wrote:
> > > On Tue, Feb 19, 2019 at 11:57:37PM +0100, Andrea Parri wrote:
> > > > Remove this subtle (and, AFAICT, unused) ordering: we can add it back,
> > > > if necessary, but let us not encourage people to rely on this thing.
> > > >
> > > > For example, the following "exists" clause can be satisfied with this
> > > > change:
> > > >
> > > > C dep-rfi
> > > >
> > > > { }
> > > >
> > > > P0(int *x, int *y)
> > > > {
> > > > WRITE_ONCE(*x, 1);
> > > > smp_store_release(y, 1);
> > > > }
> > > >
> > > > P1(int *x, int *y, int *z)
> > > > {
> > > > int r0;
> > > > int r1;
> > > > int r2;
> > > >
> > > > r0 = READ_ONCE(*y);
> > > > WRITE_ONCE(*z, r0);
> > > > r1 = smp_load_acquire(z);
> > > > r2 = READ_ONCE(*x);
> > > > }
> > > >
> > > > exists (1:r0=1 /\ 1:r2=0)
> > >
> > > Any objections? If I don't hear any in a couple days, I will apply this.
> >
> > IIUC you cannot build hardware that allows the above, so why would we
> > allow it?
>
> The change/simplification was mainly intended as precautionary measure
> (hence the "we can add it back, ..."): I do agree that it shouldn't be
> possible to realize the above state; OTOH, you really don't need to be
> too "creative" to imagine possible mis-uses/mis-interpretations of the
> (dep ; rfi) term ("forget" ONCEs, trick herd7 with "false dependencies"
> or simply wrongly assume that control dependencies are part this "dep",
> what else? ...). So, no, I'm not that fond to this term; why should I
> be? or you are simply suggesting to expand the changelog?
Simplification can mean different things to different people.
Whilst I completely agree that relying on the ordering provided by "dep ;
rfi" is subtle and error prone, having it forbid the outcome above appeals
to a hardware-based mindset of how memory ordering works. In the kernel
community, I would posit that the majority of developers are writing code
with the underlying hardware in mind and so allowing behaviours in the
memory model which are counter to how a real machine operates is likely to
make things more confusing, rather than simplifying them!
IIRC, herd has a feature where you can "flag" the result of a litmus test
to highlight certain internal constraint violations (e.g. warning that a
data race is present in a concurrent C11 program). How about we preserve
the existing semantics, but flag any use of "dep; rfi" to indicate that
the ordering guarantees being relied upon are subtle and error-prone, and
therefore should only be considered for fast-path code?
Will
Powered by blists - more mailing lists