lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Sun, 10 Oct 2021 16:02:02 +0200
From:   Florian Weimer <fw@...eb.enyo.de>
To:     Linus Torvalds <torvalds@...ux-foundation.org>
Cc:     Mathieu Desnoyers <mathieu.desnoyers@...icios.com>,
        Segher Boessenkool <segher@...nel.crashing.org>,
        Will Deacon <will@...nel.org>, paulmck <paulmck@...nel.org>,
        Peter Zijlstra <peterz@...radead.org>,
        linux-kernel <linux-kernel@...r.kernel.org>,
        Alan Stern <stern@...land.harvard.edu>,
        Andrea Parri <parri.andrea@...il.com>,
        Boqun Feng <boqun.feng@...il.com>,
        Nicholas Piggin <npiggin@...il.com>,
        David Howells <dhowells@...hat.com>,
        j alglave <j.alglave@....ac.uk>,
        luc maranget <luc.maranget@...ia.fr>,
        akiyks <akiyks@...il.com>,
        linux-toolchains <linux-toolchains@...r.kernel.org>,
        linux-arch <linux-arch@...r.kernel.org>
Subject: Re: [RFC PATCH] LKMM: Add ctrl_dep() macro for control dependency

* Linus Torvalds:

> On Fri, Oct 1, 2021 at 9:26 AM Florian Weimer <fweimer@...hat.com> wrote:
>>
>> Will any conditional branch do, or is it necessary that it depends in
>> some way on the data read?
>
> The condition needs to be dependent on the read.
>
> (Easy way to see it: if the read isn't related to the conditional or
> write data/address, the read could just be delayed to after the
> condition and the store had been done).

That entirely depends on how the hardware is specified to work.  And
the hardware could recognize certain patterns as always producing the
same condition codes, e.g., AND with zero.  Do such tests still count?
It depends on what the specification says.

What I really dislike about this: Operators like & and < now have side
effects, and is no longer possible to reason about arithmetic
expressions in isolation.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ