| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 4 Jun 2021 15:19:11 -0700
From: Linus Torvalds <torvalds@...ux-foundation.org>
To: "Paul E. McKenney" <paulmck@...nel.org>
Cc: Alan Stern <stern@...land.harvard.edu>,
Peter Zijlstra <peterz@...radead.org>,
Will Deacon <will@...nel.org>,
Andrea Parri <parri.andrea@...il.com>,
Boqun Feng <boqun.feng@...il.com>,
Nick Piggin <npiggin@...il.com>,
David Howells <dhowells@...hat.com>,
Jade Alglave <j.alglave@....ac.uk>,
Luc Maranget <luc.maranget@...ia.fr>,
Akira Yokosawa <akiyks@...il.com>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
linux-toolchains@...r.kernel.org,
linux-arch <linux-arch@...r.kernel.org>
Subject: Re: [RFC] LKMM: Add volatile_if()
On Fri, Jun 4, 2021 at 2:40 PM Paul E. McKenney <paulmck@...nel.org> wrote:
>
> Here is one use case:
>
> volatile_if(READ_ONCE(A)) {
> WRITE_ONCE(B, 1);
> do_something();
> } else {
> WRITE_ONCE(B, 1);
> do_something_else();
> }
>
> With plain "if", the compiler is within its rights to do this:
>
> tmp = READ_ONCE(A);
> WRITE_ONCE(B, 1);
> if (tmp)
> do_something();
> else
> do_something_else();
>
> On x86, still no problem. But weaker hardware could now reorder the
> store to B before the load from A. With volatile_if(), this reordering
> would be prevented.
But *should* it be prevented? For code like the above?
I'm not really seeing that the above is a valid code sequence.
Sure, that "WRITE_ONCE(B, 1)" could be seen as a lock release, and
then it would be wrong to have the read of 'A' happen after the lock
has actually been released. But if that's the case, then it should
have used a smp_store_release() in the first place, not a
WRITE_ONCE().
So I don't see the above as much of a valid example of actual
READ/WRITE_ONCE() use.
If people use READ/WRITE_ONCE() like the above, and they actually
depend on that kind of ordering, I think that code is likely wrong to
begin with. Using "volatile_if()" doesn't make it more valid.
Now, part of this is that I do think that in *general* we should never
use this very suble load-cond-store pattern to begin with. We should
strive to use more smp_load_acquire() and smp_store_release() if we
care about ordering of accesses. They are typically cheap enough, and
if there's much of an ordering issue, they are the right things to do.
I think the whole "load-to-store ordering" subtle non-ordered case is
for very very special cases, when you literally don't have a general
memory ordering, you just have an ordering for *one* very particular
access. Like some of the very magical code in the rw-semaphore case,
or that smp_cond_load_acquire().
IOW, I would expect that we have a handful of uses of this thing. And
none of them have that "the conditional store is the same on both
sides" pattern, afaik.
And immediately when the conditional store is different, you end up
having a dependency on it that orders it.
But I guess I can accept the above made-up example as an "argument",
even though I feel it is entirely irrelevant to the actual issues and
uses we have.
Linus
Powered by blists - more mailing lists