lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20230116190652.GZ2948950@paulmck-ThinkPad-P17-Gen-1>
Date:   Mon, 16 Jan 2023 11:06:52 -0800
From:   "Paul E. McKenney" <paulmck@...nel.org>
To:     Alan Stern <stern@...land.harvard.edu>
Cc:     Jonas Oberhauser <jonas.oberhauser@...wei.com>,
        Peter Zijlstra <peterz@...radead.org>,
        "parri.andrea" <parri.andrea@...il.com>, will <will@...nel.org>,
        "boqun.feng" <boqun.feng@...il.com>, npiggin <npiggin@...il.com>,
        dhowells <dhowells@...hat.com>,
        "j.alglave" <j.alglave@....ac.uk>,
        "luc.maranget" <luc.maranget@...ia.fr>, akiyks <akiyks@...il.com>,
        dlustig <dlustig@...dia.com>, joel <joel@...lfernandes.org>,
        urezki <urezki@...il.com>,
        quic_neeraju <quic_neeraju@...cinc.com>,
        frederic <frederic@...nel.org>,
        Kernel development list <linux-kernel@...r.kernel.org>
Subject: Re: Internal vs. external barriers (was: Re: Interesting LKMM litmus
 test)

On Mon, Jan 16, 2023 at 01:11:41PM -0500, Alan Stern wrote:
> On Sun, Jan 15, 2023 at 08:23:29PM -0800, Paul E. McKenney wrote:
> > On Sun, Jan 15, 2023 at 03:46:10PM -0500, Alan Stern wrote:
> > > On Sun, Jan 15, 2023 at 10:10:52AM -0800, Paul E. McKenney wrote:
> > > > On Sun, Jan 15, 2023 at 11:23:31AM -0500, Alan Stern wrote:
> > > > > On Sat, Jan 14, 2023 at 09:15:10PM -0800, Paul E. McKenney wrote:
> > > > > > What am I missing here?
> > > > > 
> > > > > I don't think you're missing anything.  This is a matter for Boqun or 
> > > > > Luc; it must have something to do with the way herd treats the 
> > > > > srcu_read_lock() and srcu_read_unlock() primitives.
> > > > 
> > > > It looks like we need something that tracks (data | rf)* between
> > > > the return value of srcu_read_lock() and the second parameter of
> > > > srcu_read_unlock().  The reason for rf rather than rfi is the upcoming
> > > > srcu_down_read() and srcu_up_read().
> > > 
> > > Or just make herd treat srcu_read_lock(s) as an annotated equivalent of 
> > > READ_ONCE(&s) and srcu_read_unlock(s, v) as an annotated equivalent of 
> > > WRITE_ONCE(s, v).  But with some special accomodation to avoid 
> > > interaction with the new carry-dep relation.
> > 
> > This is a modification to herd7 you are suggesting?  Otherwise, I am
> > suffering a failure of imagination on how to properly sort it from the
> > other READ_ONCE() and WRITE_ONCE() instances.
> 
> srcu_read_lock and srcu_read_unlock events would be distinguished from 
> other marked loads and stores by belonging to the Srcu-lock and 
> Srcu-unlock sets.  But I don't know whether this result can be 
> accomplished just by modifying the .def file -- it might require changes 
> to herd7.  (In fact, as far as I know there is no documentation at all 
> for the double-underscore operations used in linux-kernel.def.  Hint 
> hint!)
> 
> As mentioned earlier, we should ask Luc or Boqun.

Good point, will do.

> > > > Or is there some better intermediate position that could be taken?
> > > 
> > > Do you mean go back to the current linux-kernel.bell?  The code you 
> > > wrote above is different, since it prohibits nesting.
> > 
> > Not to the current linux-kernel.bell, but, as you say, making the change
> > to obtain a better approximation by prohibiting nesting.
> 
> Why do you want to prohibit nesting?  Why would that be a better 
> approximation?

Because the current LKMM gives wrong answers for nested critical
sections.  For example, for the litmus test shown below, mainline
LKMM will incorrectly report "Never".  The two SRCU read-side critical
sections are independent, so the fact that P1()'s synchronize_srcu() is
guaranteed to wait for the first on to complete says nothing about the
second having completed.  Therefore, in Linux-kernel SRCU, the "exists"
clause could be satisfied.

In contrast, the proposed change flags this as having nesting.

							Thaxn, Paul

------------------------------------------------------------------------

C C-srcu-nest-5

(*
 * Result: Sometimes
 *
 * This demonstrates non-nesting of SRCU read-side critical sections.
 * Unlike RCU, SRCU critical sections do not nest.
 *)

{}

P0(int *x, int *y, struct srcu_struct *s1)
{
	int r1;
	int r2;
	int r3;
	int r4;

	r3 = srcu_read_lock(s1);
	r2 = READ_ONCE(*y);
	r4 = srcu_read_lock(s1);
	srcu_read_unlock(s1, r3);
	r1 = READ_ONCE(*x);
	srcu_read_unlock(s1, r4);
}

P1(int *x, int *y, struct srcu_struct *s1)
{
	WRITE_ONCE(*y, 1);
	synchronize_srcu(s1);
	WRITE_ONCE(*x, 1);
}

locations [0:r1]
exists (0:r1=1 /\ 0:r2=0)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ