lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 13 May 2020 15:58:30 +0200 From: Marco Elver <elver@...gle.com> To: Peter Zijlstra <peterz@...radead.org> Cc: Will Deacon <will@...nel.org>, LKML <linux-kernel@...r.kernel.org>, Thomas Gleixner <tglx@...utronix.de>, "Paul E. McKenney" <paulmck@...nel.org>, Ingo Molnar <mingo@...nel.org>, Dmitry Vyukov <dvyukov@...gle.com> Subject: Re: [PATCH v5 00/18] Rework READ_ONCE() to improve codegen On Wed, 13 May 2020 at 15:24, Peter Zijlstra <peterz@...radead.org> wrote: > > On Wed, May 13, 2020 at 03:15:55PM +0200, Marco Elver wrote: > > So far so good, except: both __no_sanitize_or_inline and > > __no_kcsan_or_inline *do* avoid KCSAN instrumenting plain accesses, it > > just doesn't avoid explicit kcsan_check calls, like those in > > READ/WRITE_ONCE if KCSAN is enabled for the compilation unit. That's > > just because macros won't be redefined just for __no_sanitize > > functions. Similarly, READ_ONCE_NOCHECK does work as expected, and its > > access is unchecked. > > > > This will have the expected result: > > __no_sanitize_or_inline void foo(void) { x++; } // no data races reported > > > > This will not work as expected: > > __no_sanitize_or_inline void foo(void) { READ_ONCE(x); } // data > > races are reported > > > > All this could be fixed if GCC devs would finally take my patch to > > make -fsanitize=thread distinguish volatile [1], but then we have to > > wait ~years for the new compilers to reach us. So please don't hold > > your breath for this one any time soon. > > [1] https://gcc.gnu.org/pipermail/gcc-patches/2020-April/544452.html > > Right, but that does not address the much larger issue of the attribute > vs inline tranwreck :/ Could you check if Clang is equally broken for you? I think GCC and Clang have differing behaviour on this. No idea what it takes to fix GCC though. > Also, could not this compiler instrumentation live as a kernel specific > GCC-plugin instead of being part of GCC proper? Because in that case, > we'd have much better control over it. I'd like it if we could make it a GCC-plugin for GCC, but how? I don't see a way to affect TSAN instrumentation. FWIW Clang already has distinguish-volatile support (unreleased Clang 11). Thanks, -- Marco
Powered by blists - more mailing lists