lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <f363d6e0-5682-43e7-9a3f-6b896c3cd920@paulmck-laptop>
Date:   Thu, 19 Oct 2023 09:39:51 -0700
From:   "Paul E. McKenney" <paulmck@...nel.org>
To:     Jonas Oberhauser <jonas.oberhauser@...weicloud.com>
Cc:     linux-kernel@...r.kernel.org, linux-arch@...r.kernel.org,
        linux-doc@...r.kernel.org, Alan Stern <stern@...land.harvard.edu>,
        Andrea Parri <parri.andrea@...il.com>,
        Will Deacon <will@...nel.org>,
        Peter Zijlstra <peterz@...radead.org>,
        Boqun Feng <boqun.feng@...il.com>,
        Nicholas Piggin <npiggin@...il.com>,
        David Howells <dhowells@...hat.com>,
        Jade Alglave <j.alglave@....ac.uk>,
        Luc Maranget <luc.maranget@...ia.fr>,
        Akira Yokosawa <akiyks@...il.com>,
        Daniel Lustig <dlustig@...dia.com>,
        Joel Fernandes <joel@...lfernandes.org>,
        Jonathan Corbet <corbet@....net>
Subject: Re: [PATCH memory-model] docs: memory-barriers: Add note on compiler
 transformation and address deps

On Wed, Oct 18, 2023 at 12:11:58PM +0200, Jonas Oberhauser wrote:
> Hi Paul,
> 
> on a second thought. Why can't the compiler always do, e.g.,
> 
>     int *p = READ_ONCE(shared_ptr);
> 
>     assert (*p == 0);
> 
> ~>
> 
>     int *p = READ_ONCE(shared_ptr);
> 
>     int val = x; // x is some object that definitely won't segfault, but may
> very well be owned by another thread right now
>     if (p != &x) val = *p;

The compiler is forbidden from inventing pointer comparisons.

>     assert (val == 0);
> 
> and in case p == &x, the address dependency is elided

But yes, this is one reason why Documentation/RCU/rcu_dereference.rst
warns about pointer comparisons.

> Best wishes,
> 
> jonas
> 
> Am 10/6/2023 um 6:39 PM schrieb Jonas Oberhauser:
> > Hi Paul,
> > 
> > The "more up-to-date information" makes it sound like (some of) the
> > information in this section is out-of-date/no longer valid.

The old smp_read_barrier_depends() that these section cover really
does no longer exist.

> > But after reading the sections, it seems the information is valid, but
> > discusses mostly the history of address dependency barriers.
> > 
> > Given that the sepcond part  specifically already starts with a
> > disclaimer that this information is purely relevant to people interested
> > in history or working on alpha, I think it would make more sense to
> > modify things slightly differently.
> > 
> > Firstly I'd remove the "historical" part in the first section, and add
> > two short paragraphs explaining that
> > 
> > - every marked access implies a address dependency barrier

This is covered in rcu_dereference.rst.  Or is something missing there?
Please note that the atomic_read() primitives operate on integers
rather than pointers, so are off the table.  Yes, in theory, some of
the value-returning atomic read-modify-write operations could head a
dependency chain, but these things are sufficiently heavyweight that
most situations would be better served by an _acquire() suffix than by
a relaxed version of such an atomic operation.

> > - address dependencies considered by the model are *semantic*
> > dependencies, meaning that a *syntactic* dependency is not sufficient to
> > imply ordering; see the rcu file for some examples where compilers can
> > elide syntactic dependencies

There is a bunch of text in rcu_dereference.rst to this effect.  Or
is there some aspect that is missing from that document?

The longer-term direction, perhaps a few years from now, is for the
first section to simply reference rcu_dereference.rst and for the second
section to be removed completely.

> > Secondly, I'd not add the disclaimer to the second section; there's
> > already a link to rcu_dereference in that section ( https://github.com/torvalds/linux/blob/master/Documentation/memory-barriers.txt#L634
> > ), and already a small text explaining that the section is historical.

The problem is that people insist on diving into the middle of documents,
so sometimes repetition is a necessary form of self defense.  ;-)

But I very much appreciate your review and feedback, and I also apologize
for my slowness.

							Thanx, Paul

> > Best wishes,
> > 
> > jonas
> > 
> > 
> > Am 10/5/2023 um 6:53 PM schrieb Paul E. McKenney:
> > > The compiler has the ability to cause misordering by destroying
> > > address-dependency barriers if comparison operations are used. Add a
> > > note about this to memory-barriers.txt in the beginning of both the
> > > historical address-dependency sections and point to rcu-dereference.rst
> > > for more information.
> > > 
> > > Signed-off-by: Joel Fernandes (Google) <joel@...lfernandes.org>
> > > Signed-off-by: Paul E. McKenney <paulmck@...nel.org>
> > > 
> > > diff --git a/Documentation/memory-barriers.txt
> > > b/Documentation/memory-barriers.txt
> > > index 06e14efd8662..d414e145f912 100644
> > > --- a/Documentation/memory-barriers.txt
> > > +++ b/Documentation/memory-barriers.txt
> > > @@ -396,6 +396,10 @@ Memory barriers come in four basic varieties:
> > >        (2) Address-dependency barriers (historical).
> > > +     [!] This section is marked as HISTORICAL: For more up-to-date
> > > +     information, including how compiler transformations related to
> > > pointer
> > > +     comparisons can sometimes cause problems, see
> > > +     Documentation/RCU/rcu_dereference.rst.
> > >          An address-dependency barrier is a weaker form of read
> > > barrier.  In the
> > >        case where two loads are performed such that the second
> > > depends on the
> > > @@ -556,6 +560,9 @@ There are certain things that the Linux kernel
> > > memory barriers do not guarantee:
> > >     ADDRESS-DEPENDENCY BARRIERS (HISTORICAL)
> > >   ----------------------------------------
> > > +[!] This section is marked as HISTORICAL: For more up-to-date
> > > information,
> > > +including how compiler transformations related to pointer
> > > comparisons can
> > > +sometimes cause problems, see Documentation/RCU/rcu_dereference.rst.
> > >     As of v4.15 of the Linux kernel, an smp_mb() was added to
> > > READ_ONCE() for
> > >   DEC Alpha, which means that about the only people who need to pay
> > > attention
> 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ