lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAMj1kXHMK8PNpXGayfO6qxkA1VdkXmkJdLh29fwSJyOG0ZnSGA@mail.gmail.com>
Date:   Sun, 3 Apr 2022 09:47:03 +0200
From:   Ard Biesheuvel <ardb@...nel.org>
To:     Andrew Pinski <pinskia@...il.com>
Cc:     Mark Rutland <mark.rutland@....com>,
        Jeremy Linton <jeremy.linton@....com>,
        GCC Mailing List <gcc@....gnu.org>, f.fainelli@...il.com,
        maz@...nel.org, marcan@...can.st,
        LKML <linux-kernel@...r.kernel.org>, opendmb@...il.com,
        Catalin Marinas <catalin.marinas@....com>, will@...nel.org,
        linux-arm-kernel@...ts.infradead.org
Subject: Re: [PATCH] arm64/io: Remind compiler that there is a memory side effect

On Sun, 3 Apr 2022 at 09:38, Andrew Pinski <pinskia@...il.com> wrote:
>
> On Fri, Apr 1, 2022 at 10:24 AM Mark Rutland via Gcc <gcc@....gnu.org> wrote:
> >
> > Hi Jeremy,
> >
> > Thanks for raising this.
> >
> > On Fri, Apr 01, 2022 at 11:44:06AM -0500, Jeremy Linton wrote:
> > > The relaxed variants of read/write macros are only declared
> > > as `asm volatile()` which forces the compiler to generate the
> > > instruction in the code path as intended. The only problem
> > > is that it doesn't also tell the compiler that there may
> > > be memory side effects. Meaning that if a function is comprised
> > > entirely of relaxed io operations, the compiler may think that
> > > it only has register side effects and doesn't need to be called.
> >
> > As I mentioned on a private mail, I don't think that reasoning above is
> > correct, and I think this is a miscompilation (i.e. a compiler bug).
> >
> > The important thing is that any `asm volatile` may have a side effects
> > generally outside of memory or GPRs, and whether the assembly contains a memory
> > load/store is immaterial. We should not need to add a memory clobber in order
> > to retain the volatile semantic.
> >
> > See:
> >
> >   https://gcc.gnu.org/onlinedocs/gcc/Extended-Asm.html#Volatile
> >
> > ... and consider the x86 example that reads rdtsc, or an arm64 sequence like:
> >
> > | void do_sysreg_thing(void)
> > | {
> > |       unsigned long tmp;
> > |
> > |       tmp = read_sysreg(some_reg);
> > |       tmp |= SOME_BIT;
> > |       write_sysreg(some_reg);
> > | }
> >
> > ... where there's no memory that we should need to hazard against.
> >
> > This patch might workaround the issue, but I don't believe it is a correct fix.
>
> It might not be the most restricted fix but it is a fix.
> The best fix is to tell that you are writing to that location of memory.
> volatile asm does not do what you think it does.
> You didn't read further down about memory clobbers:
> https://gcc.gnu.org/onlinedocs/gcc/Extended-Asm.html#Clobbers-and-Scratch-Registers
> Specifically this part:
> The "memory" clobber tells the compiler that the assembly code
> performs memory reads or writes to items other than those listed in
> the input and output operands
>

So should we be using "m"(*addr) instead of "r"(addr) here?

(along with the appropriately sized casts)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ