| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20200302182841.GJ2935@paulmck-ThinkPad-P72>
Date: Mon, 2 Mar 2020 10:28:42 -0800
From: "Paul E. McKenney" <paulmck@...nel.org>
To: David Laight <David.Laight@...LAB.COM>
Cc: 'Marco Elver' <elver@...gle.com>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
"kasan-dev@...glegroups.com" <kasan-dev@...glegroups.com>,
"stern@...land.harvard.edu" <stern@...land.harvard.edu>,
"parri.andrea@...il.com" <parri.andrea@...il.com>,
"will@...nel.org" <will@...nel.org>,
"peterz@...radead.org" <peterz@...radead.org>,
"boqun.feng@...il.com" <boqun.feng@...il.com>,
"npiggin@...il.com" <npiggin@...il.com>,
"dhowells@...hat.com" <dhowells@...hat.com>,
"j.alglave@....ac.uk" <j.alglave@....ac.uk>,
"luc.maranget@...ia.fr" <luc.maranget@...ia.fr>,
"akiyks@...il.com" <akiyks@...il.com>,
"dlustig@...dia.com" <dlustig@...dia.com>,
"joel@...lfernandes.org" <joel@...lfernandes.org>,
"linux-arch@...r.kernel.org" <linux-arch@...r.kernel.org>
Subject: Re: [PATCH v2] tools/memory-model/Documentation: Fix "conflict"
definition
On Mon, Mar 02, 2020 at 05:44:11PM +0000, David Laight wrote:
> From: Marco Elver
> > Sent: 02 March 2020 14:18
> >
> > The definition of "conflict" should not include the type of access nor
> > whether the accesses are concurrent or not, which this patch addresses.
> > The definition of "data race" remains unchanged.
> >
> > The definition of "conflict" as we know it and is cited by various
> > papers on memory consistency models appeared in [1]: "Two accesses to
> > the same variable conflict if at least one is a write; two operations
> > conflict if they execute conflicting accesses."
>
> I'm pretty sure that Linux requires that the underlying memory
> subsystem remove any possible 'conflicts' by serialising the
> requests (in an arbitrary order).
>
> So 'conflicts' are never relevant.
>
> There are memory subsystems where conflicts MUST be avoided.
> For instance the fpga I use have some dual-ported memory.
> Concurrent accesses on the two ports for the same address
> must (usually) be avoided if one is a write.
> Two writes will generate corrupt memory.
> A concurrent write+read will generate a garbage read.
> In the special case where the two ports use the same clock
> it is possible to force the read to be 'old data' but that
> constrains the timings.
>
> On such systems the code must avoid conflicting cycles.
That would be yet another definition of "conflicts". Quite relevant on
some older hardware I have worked with. But what we are concerned with
here are cases where (as you say) the memory subsystem will do just fine,
but where the fact that the memory subsystem is called upon to do the
necessary serialization constitutes a bug of some sort.
There are unfortunately a wide variety of definitions and opinions as
to exactly what sorts of conflicts constitute bugs. The generic pattern
for these definitions and opinions is "a concurrent set of insufficiently
marked accesses to a given location, at least one of which is a write".
The differences in definitions and opinions center around exactly what
is meant by the word "insufficiently" in this last sentence. We will
probably be tolerating some variety of definitions in the kernel,
and given the wide variety of code contained therein, this should be
just fine.
Thanx, Paul
Powered by blists - more mailing lists