lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Sat, 29 Apr 2023 08:47:45 +0200
From:   Ingo Molnar <mingo@...nel.org>
To:     Linus Torvalds <torvalds@...ux-foundation.org>
Cc:     Andrzej Hajda <andrzej.hajda@...el.com>,
        linux-kernel@...r.kernel.org,
        Peter Zijlstra <peterz@...radead.org>,
        Will Deacon <will@...nel.org>,
        Waiman Long <longman@...hat.com>,
        Boqun Feng <boqun.feng@...il.com>,
        Thomas Gleixner <tglx@...utronix.de>,
        Andrew Morton <akpm@...ux-foundation.org>
Subject: Re: [GIT PULL] locking changes for v6.4


* Linus Torvalds <torvalds@...ux-foundation.org> wrote:

> On Thu, Apr 27, 2023 at 12:58 PM Ingo Molnar <mingo@...nel.org> wrote:
> >
> >  - Add non-atomic __xchg() variant, use it in a couple of places
> 
> Guys, this is insane, and completely unacceptable.
> 
> I pulled this, but I'm going to unpull it, because the code is
> actively wrong and ugly.
> 
> It not only randomly decides to re-use a name that has existing users
> that now need to be fixed up.

meh - you are 100% right, I'm not sure what we were thinking there ... [ 
actually, I know what we were thinking, but it's a bit complicated - see 
the various non-perfect nomenclature options further below. ]

So the first line of our thinking was that "__" also often & additionally 
means 'lighter weight version of a similar API signature, beware, here be 
dragons, use at your own risk', and more of the focus of these particular 
changes was on identifying hand-coded xchg-ish pieces of code, such as in:

   26ace5d28d36 ("arch/*/uprobes: simplify arch_uretprobe_hijack_return_addr")

... but while that background of '__' is somewhat valid logic that we use 
quite often in various kernel facilities, it doesn't really excuse the 
sloppy decision to slap __ in front of an existing API without trying 
harder, *especially* that a better name with fetch_and_zero() already 
existed :-/

> It then *also* decides to start "preferring" this absolutely
> disgusting new name over a much more legible one in the i915 driver,
> which had this same functionality except it used a prettier name:
> 
>    fetch_and_zero()
> 
> But what then takes the cake for me is that this horribly ugly feature
> then didn't even get that right, and only randomly converted *some* of
> the users, with most of them remaining:
> 
>   git grep fetch_and_zero drivers/gpu/drm/i915/ | wc
>      58     187    5534
>   git grep -w __xchg drivers/gpu/drm/i915/ | wc
>      22     109    1899
> 
> and it looks like the only "logic" to this is that the converted ones
> were in the "gt/" subdirectory. What a random choice, but happily it
> caused a trivial conflict, and as a result I noticed how bad things
> were.
> 
> Anyway, I really find this all offensively ugly and pointless. I'm not
> going to pull some "fixed" version of this. This needs to go away and
> never come back.

Yeah. So I've rebased locking/core to take out these changes - a simple 
revert is too ugly and the history has no value here really.

Will re-send the rest of locking/core.

> What was so magically great about the name "__xchg" that it needed to be 
> taken over by this function? And why was that legibly named version of it 
> replaced so randomly?

Yeah.

So fetch_and_zero() has a bit of a nomenclature & ambiguity problem as 
well: there's already an atomic_fetch_*() API family, and it's easy to 
think that fetch_and_zero() is atomic too - a bit like how xchg() is atomic 
without mentioning 'atomic'.

Adding to the confusion is that there's already atomic APIs that don't use 
atomic_t:

  xchg()
  cmpxchg()
  try_cmpxchg()

... and by *that* implicit nomenclature logic, dropping the atomic_ from a 
atomic_fetch_and_zero() API means: 'atomic API, not using atomic_t'. Which 
fetch_and_zero() clearly isnt ...

So by all that logic and somewhat idiosynchratic API history, the new 
facility should probably not be fetch_and_zero(), but something like 
nonatomic_fetch_and_zero(), but that's quite a mouthful for something so 
simple - and the API family connection to xchg() is lost as well, which is 
a bit sad...

In all that context the least bad approach sounded to add a __ to denote 
__xchg() is 'something special and also lighter weight' (which it is).

I *think* the bigger danger in locking nomenclature is to falsely imply 
atomicity - in that sense I'm not sure fetch_and_zero() is ideal - but I 
can certainly live with it b/c the perfect name keeps eluding me.

> The *whole* point of two underscores is to say "don't use this - it's
> an internal implementation". That's the historical meaning, and it's
> the meaning we have in the kernel too. Two underscores means "this is
> special and doesn't do everything required" (it might need locking
> around it, for example).

Yeah. I do think we might want to keep one related change though:

  e27cff3d2d43 ("arch: rename all internal names __xchg to __arch_xchg")

... not because we want to use the __xchg namespace, but because an _arch 
prefix makes it even *less* likely to be used by non-infrastructure code.

> So then making a new interface with two underscores and thinking "we 
> should now make random drivers use this" is fundamentally bogus.
> 
> Look, just grep for "__xchg" in the main tree (ie the one *without* this 
> change). It all makes sense. It's all clearly an internal helper - as 
> marked by that double underscore - and it's not used by any driver or 
> filesystem code.
> 
> Exactly like K&R and God intended.

Yeah. We'll try this new facility again in v6.5, but with a better name. 
Sorry about that!

Thanks,

	Ingo

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ