lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20220302092149-mutt-send-email-mst@kernel.org> Date: Wed, 2 Mar 2022 09:46:16 -0500 From: "Michael S. Tsirkin" <mst@...hat.com> To: "Jason A. Donenfeld" <Jason@...c4.com> Cc: Laszlo Ersek <lersek@...hat.com>, LKML <linux-kernel@...r.kernel.org>, KVM list <kvm@...r.kernel.org>, QEMU Developers <qemu-devel@...gnu.org>, linux-hyperv@...r.kernel.org, Linux Crypto Mailing List <linux-crypto@...r.kernel.org>, Alexander Graf <graf@...zon.com>, "Michael Kelley (LINUX)" <mikelley@...rosoft.com>, Greg Kroah-Hartman <gregkh@...uxfoundation.org>, adrian@...ity.io, Daniel P. Berrangé <berrange@...hat.com>, Dominik Brodowski <linux@...inikbrodowski.net>, Jann Horn <jannh@...gle.com>, "Rafael J. Wysocki" <rafael@...nel.org>, "Brown, Len" <len.brown@...el.com>, Pavel Machek <pavel@....cz>, Linux PM <linux-pm@...r.kernel.org>, Colm MacCarthaigh <colmmacc@...zon.com>, Theodore Ts'o <tytso@....edu>, Arnd Bergmann <arnd@...db.de> Subject: Re: propagating vmgenid outward and upward On Wed, Mar 02, 2022 at 02:55:29PM +0100, Jason A. Donenfeld wrote: > Hi Michael, > > On Wed, Mar 02, 2022 at 07:58:33AM -0500, Michael S. Tsirkin wrote: > > > There's also the atomicity aspect, which I think makes your benchmark > > > not quite accurate. Those 16 bytes could change between the first and > > > second word (or between the Nth and N+1th word for N<=3 on 32-bit). > > > What if in that case the word you read second doesn't change, but the > > > word you read first did? So then you find yourself having to do a > > > hi-lo-hi dance. > > > And then consider the 32-bit case, where that's even > > > more annoying. This is just one of those things that comes up when you > > > compare the semantics of a "large unique ID" and "word-sized counter", > > > as general topics. (My suggestion is that vmgenid provide both.) > > > > I don't see how this matters for any applications at all. Feel free to > > present a case that would be race free with a word but not a 16 > > byte value, I could not imagine one. It's human to err of course. > > Word-size reads happen all at once on systems that Linux supports, > whereas this is not the case for 16 bytes (with a few niche exceptions > like cmpxchg16b and such). If you read the counter atomically, you can > check to see whether it's changed just after encrypting but before > transmitting and not transmit if it has changed, and voila, no race. > With 16 bytes, synchronization of that read is pretty tricky (though > maybe not all together impossible), because, as I mentioned, the first > word might have changed by the time you read a matching second word. I'm > sure you're familiar with the use of seqlocks in the kernel for solving > a somewhat related problem. > > Jason I just don't see how "value changed while it was read" is so different from "value changed one clock after it was read". Since we don't detect the latter I don't see why we should worry about the former. What I don't have here is how would a code reading the value look. It might help to write some pseudo code to show that, but I'd say it makes more sense to just code the read up even just so the overhead of the current interface can be roughtly measured. -- MST
Powered by blists - more mailing lists