| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20201003132212.GB318272@rowland.harvard.edu>
Date: Sat, 3 Oct 2020 09:22:12 -0400
From: Alan Stern <stern@...land.harvard.edu>
To: "Paul E. McKenney" <paulmck@...nel.org>
Cc: parri.andrea@...il.com, will@...nel.org, peterz@...radead.org,
boqun.feng@...il.com, npiggin@...il.com, dhowells@...hat.com,
j.alglave@....ac.uk, luc.maranget@...ia.fr, akiyks@...il.com,
dlustig@...dia.com, joel@...lfernandes.org,
viro@...iv.linux.org.uk, linux-kernel@...r.kernel.org,
linux-arch@...r.kernel.org
Subject: Re: Litmus test for question from Al Viro
To expand on my statement about the LKMM's weakness regarding control
constructs, here is a litmus test to illustrate the issue. You might
want to add this to one of the archives.
Alan
C crypto-control-data
(*
* LB plus crypto-control-data plus data
*
* Expected result: allowed
*
* This is an example of OOTA and we would like it to be forbidden.
* The WRITE_ONCE in P0 is both data-dependent and (at the hardware level)
* control-dependent on the preceding READ_ONCE. But the dependencies are
* hidden by the form of the conditional control construct, hence the
* name "crypto-control-data". The memory model doesn't recognize them.
*)
{}
P0(int *x, int *y)
{
int r1;
r1 = 1;
if (READ_ONCE(*x) == 0)
r1 = 0;
WRITE_ONCE(*y, r1);
}
P1(int *x, int *y)
{
WRITE_ONCE(*x, READ_ONCE(*y));
}
exists (0:r1=1)
Powered by blists - more mailing lists