| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <65c16b16de625_d4122941c@dwillia2-mobl3.amr.corp.intel.com.notmuch>
Date: Mon, 5 Feb 2024 15:11:19 -0800
From: Dan Williams <dan.j.williams@...el.com>
To: Ira Weiny <ira.weiny@...el.com>, Dan Williams <dan.j.williams@...el.com>,
"Fabio M. De Francesco" <fabio.maria.de.francesco@...ux.intel.com>, "Peter
Zijlstra" <peterz@...radead.org>, <linux-kernel@...r.kernel.org>
CC: <linux-cxl@...r.kernel.org>, Ingo Molnar <mingo@...nel.org>, "Jonathan
Cameron" <Jonathan.Cameron@...wei.com>, "Fabio M. De Francesco"
<fabio.maria.de.francesco@...ux.intel.com>, Ira Weiny <ira.weiny@...el.com>
Subject: RE: [PATCH 1/2 v2] cleanup: Add cond_guard() to conditional guards
Ira Weiny wrote:
> Dan Williams wrote:
> > Fabio M. De Francesco wrote:
> > > Add cond_guard() macro to conditional guards.
> > >
> > > cond_guard() is a guard to be used with the conditional variants of locks,
> > > like down_read_trylock() or mutex_lock_interruptible().
> > >
> > > It takes a statement (or more statements in a block) that is passed to its
> > > second argument. That statement (or block) is executed if waiting for a
> > > lock is interrupted or if a _trylock() fails in case of contention.
> > >
> > > Usage example:
> > >
> > > cond_guard(rwsem_read_try, { printk(...); return 0; }, &semaphore);
> > >
> > > Consistently with the other guards, locks are unlocked at the exit of the
> > > scope where cond_guard() is called.
> > >
> > > Cc: Peter Zijlstra <peterz@...radead.org>
> > > Suggested-by: Dan Williams <dan.j.williams@...el.com>
> > > Suggested-by: Ira Weiny <ira.weiny@...el.com>
> > > Signed-off-by: Fabio M. De Francesco <fabio.maria.de.francesco@...ux.intel.com>
> > > ---
> > > include/linux/cleanup.h | 14 ++++++++++++++
> > > 1 file changed, 14 insertions(+)
> > >
> > > diff --git a/include/linux/cleanup.h b/include/linux/cleanup.h
> > > index c2d09bc4f976..88af56600325 100644
> > > --- a/include/linux/cleanup.h
> > > +++ b/include/linux/cleanup.h
> > > @@ -134,6 +134,16 @@ static inline class_##_name##_t class_##_name##ext##_constructor(_init_args) \
> > > * an anonymous instance of the (guard) class, not recommended for
> > > * conditional locks.
> > > *
> > > + * cond_guard(name, fail, args...):
> > > + * a guard to be used with the conditional variants of locks, like
> > > + * down_read_trylock() or mutex_lock_interruptible. 'fail' are one or more
> > > + * statements that are executed when waiting for a lock is interrupted or
> > > + * when a _trylock() fails in case of contention.
> > > + *
> > > + * Example:
> > > + *
> > > + * cond_guard(rwsem_read_try, { printk(...); return 0; }, &semaphore);
> >
> > That _fail argument likely needs to be a statement expression for the
> > multi-statement case.
>
> You mean ({ ... }) as discussed here?
>
> https://lore.kernel.org/all/65c1578c76def_37447929456@iweiny-mobl.notmuch/
Yes.
> > > + *
> > > * scoped_guard (name, args...) { }:
> > > * similar to CLASS(name, scope)(args), except the variable (with the
> > > * explicit name 'scope') is declard in a for-loop such that its scope is
> > > @@ -165,6 +175,10 @@ static inline class_##_name##_t class_##_name##ext##_constructor(_init_args) \
> > >
> > > #define __guard_ptr(_name) class_##_name##_lock_ptr
> > >
> > > +#define cond_guard(_name, _fail, args...) \
> > > + CLASS(_name, scope)(args); \
> > > + if (!__guard_ptr(_name)(&scope)) _fail
> >
> > No, as I stated before this is broken for usages of:
> >
> > if () cond_guard() else if ()
> >
> > The 'else' in the definition is critical, this builds for me (untested):
>
> I did not test Fabios work directly but I don't understand this example.
> It seems like your suggestion does nothing useful. The cond_guard()
> becomes a single statement like...
>
> if ()
> cond_guard();
> else ...
>
> ... And can't protect anything.
A sequence to acquire and drop a lock is sometimes a barrier semantic.
Is it typical, no, is it possible, yes. I otherwise do not understand
the need to include the subtle side effect.
> cond_guard() as defined, the ';' must be used as part of cond_guard() and
> should complete the internal macro 'if' statement.
>
> I think this would work:
>
> if () {
> cond_guard();
> ... do locked stuff ...
> } else ...
>
> >
> > diff --git a/include/linux/cleanup.h b/include/linux/cleanup.h
> > index 88af56600325..665407498781 100644
> > --- a/include/linux/cleanup.h
> > +++ b/include/linux/cleanup.h
> > @@ -142,7 +142,7 @@ static inline class_##_name##_t class_##_name##ext##_constructor(_init_args) \
> > *
> > * Example:
> > *
> > - * cond_guard(rwsem_read_try, { printk(...); return 0; }, &semaphore);
> > + * cond_guard(rwsem_read_try, ({ printk(...); return 0; }), &semaphore);
> > *
> > * scoped_guard (name, args...) { }:
> > * similar to CLASS(name, scope)(args), except the variable (with the
> > @@ -177,7 +177,8 @@ static inline class_##_name##_t class_##_name##ext##_constructor(_init_args) \
> >
> > #define cond_guard(_name, _fail, args...) \
> > CLASS(_name, scope)(args); \
> > - if (!__guard_ptr(_name)(&scope)) _fail
> > + if (!__guard_ptr(_name)(&scope)) _fail; \
>
> Building on what I found for scoped_cond_guard() this should be
>
> > + if (!__guard_ptr(_name)(&scope)) { _fail; }
That's still a dangling if () statement.
>
> And drop the else. The else needs to clearly be part of an outside if in
> your example.
Please just rely on a statement-expression for the odd multi-statement _fail
use case and include the else in the definition to remove any room for
confusion.
Powered by blists - more mailing lists