lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <65c175935b175_386155294e4@iweiny-mobl.notmuch>
Date: Mon, 5 Feb 2024 15:56:03 -0800
From: Ira Weiny <ira.weiny@...el.com>
To: Dan Williams <dan.j.williams@...el.com>, Ira Weiny <ira.weiny@...el.com>,
	"Fabio M. De Francesco" <fabio.maria.de.francesco@...ux.intel.com>, "Peter
 Zijlstra" <peterz@...radead.org>, <linux-kernel@...r.kernel.org>
CC: <linux-cxl@...r.kernel.org>, Ingo Molnar <mingo@...nel.org>, "Jonathan
 Cameron" <Jonathan.Cameron@...wei.com>, "Fabio M. De Francesco"
	<fabio.maria.de.francesco@...ux.intel.com>, Ira Weiny <ira.weiny@...el.com>
Subject: RE: [PATCH 1/2 v2] cleanup: Add cond_guard() to conditional guards

Dan Williams wrote:
> Ira Weiny wrote:
> > Dan Williams wrote:
> > > Fabio M. De Francesco wrote:
> > > > Add cond_guard() macro to conditional guards.
> > > > 
> > > > cond_guard() is a guard to be used with the conditional variants of locks,
> > > > like down_read_trylock() or mutex_lock_interruptible().
> > > > 
> > > > It takes a statement (or more statements in a block) that is passed to its
> > > > second argument. That statement (or block) is executed if waiting for a
> > > > lock is interrupted or if a _trylock() fails in case of contention.
> > > > 
> > > > Usage example:
> > > > 
> > > > 	cond_guard(rwsem_read_try, { printk(...); return 0; }, &semaphore);
> > > > 
> > > > Consistently with the other guards, locks are unlocked at the exit of the
> > > > scope where cond_guard() is called.
> > > > 
> > > > Cc: Peter Zijlstra <peterz@...radead.org>
> > > > Suggested-by: Dan Williams <dan.j.williams@...el.com>
> > > > Suggested-by: Ira Weiny <ira.weiny@...el.com>
> > > > Signed-off-by: Fabio M. De Francesco <fabio.maria.de.francesco@...ux.intel.com>
> > > > ---
> > > >  include/linux/cleanup.h | 14 ++++++++++++++
> > > >  1 file changed, 14 insertions(+)
> > > > 
> > > > diff --git a/include/linux/cleanup.h b/include/linux/cleanup.h
> > > > index c2d09bc4f976..88af56600325 100644
> > > > --- a/include/linux/cleanup.h
> > > > +++ b/include/linux/cleanup.h
> > > > @@ -134,6 +134,16 @@ static inline class_##_name##_t class_##_name##ext##_constructor(_init_args) \
> > > >   *	an anonymous instance of the (guard) class, not recommended for
> > > >   *	conditional locks.
> > > >   *
> > > > + * cond_guard(name, fail, args...):
> > > > + *	a guard to be used with the conditional variants of locks, like
> > > > + *	down_read_trylock() or mutex_lock_interruptible. 'fail' are one or more
> > > > + *	statements that are executed when waiting for a lock is interrupted or
> > > > + *	when a _trylock() fails in case of contention.
> > > > + *
> > > > + *	Example:
> > > > + *
> > > > + *		cond_guard(rwsem_read_try, { printk(...); return 0; }, &semaphore);
> > > 
> > > That _fail argument likely needs to be a statement expression for the
> > > multi-statement case.
> > 
> > You mean ({ ... }) as discussed here?
> > 
> > https://lore.kernel.org/all/65c1578c76def_37447929456@iweiny-mobl.notmuch/
> 
> Yes.
> 
> > > > + *
> > > >   * scoped_guard (name, args...) { }:
> > > >   *	similar to CLASS(name, scope)(args), except the variable (with the
> > > >   *	explicit name 'scope') is declard in a for-loop such that its scope is
> > > > @@ -165,6 +175,10 @@ static inline class_##_name##_t class_##_name##ext##_constructor(_init_args) \
> > > >  
> > > >  #define __guard_ptr(_name) class_##_name##_lock_ptr
> > > >  
> > > > +#define cond_guard(_name, _fail, args...) \
> > > > +	CLASS(_name, scope)(args); \
> > > > +	if (!__guard_ptr(_name)(&scope)) _fail
> > > 
> > > No, as I stated before this is broken for usages of:
> > > 
> > >     if () cond_guard() else if ()
> > > 
> > > The 'else' in the definition is critical, this builds for me (untested):
> > 
> > I did not test Fabios work directly but I don't understand this example.
> > It seems like your suggestion does nothing useful.  The cond_guard()
> > becomes a single statement like...
> > 
> > 	if ()
> > 		cond_guard();
> > 	else ...
> > 
> > ... And can't protect anything.
> 
> A sequence to acquire and drop a lock is sometimes a barrier semantic.
> Is it typical, no, is it possible, yes. I otherwise do not understand
> the need to include the subtle side effect.

I was not trying to include a subtle side effect.  I was thinking that the
else block would be the only block covered by the lock.  I've looked at
the preprocessor output again and I now see what you are saying.  Also I
see I was thinking incorrectly.  The else will be an empty statement and
the rest of the outer block will be covered by the lock...

Sorry for not seeing this before.

> > cond_guard() as defined, the ';' must be used as part of cond_guard() and
> > should complete the internal macro 'if' statement.
> > 
> > I think this would work:
> > 
> > 	if () {
> > 		cond_guard();
> > 		... do locked stuff ...
> > 	} else ...
> > 
> > > 
> > > diff --git a/include/linux/cleanup.h b/include/linux/cleanup.h
> > > index 88af56600325..665407498781 100644
> > > --- a/include/linux/cleanup.h
> > > +++ b/include/linux/cleanup.h
> > > @@ -142,7 +142,7 @@ static inline class_##_name##_t class_##_name##ext##_constructor(_init_args) \
> > >   *
> > >   *	Example:
> > >   *
> > > - *		cond_guard(rwsem_read_try, { printk(...); return 0; }, &semaphore);
> > > + *		cond_guard(rwsem_read_try, ({ printk(...); return 0; }), &semaphore);
> > >   *
> > >   * scoped_guard (name, args...) { }:
> > >   *	similar to CLASS(name, scope)(args), except the variable (with the
> > > @@ -177,7 +177,8 @@ static inline class_##_name##_t class_##_name##ext##_constructor(_init_args) \
> > >  
> > >  #define cond_guard(_name, _fail, args...) \
> > >  	CLASS(_name, scope)(args); \
> > > -	if (!__guard_ptr(_name)(&scope)) _fail
> > > +	if (!__guard_ptr(_name)(&scope)) _fail; \
> > 
> > Building on what I found for scoped_cond_guard() this should be
> > 
> > > +	if (!__guard_ptr(_name)(&scope)) { _fail; }
> 
> That's still a dangling if () statement.
> 
> > 
> > And drop the else.  The else needs to clearly be part of an outside if in
> > your example.
> 
> Please just rely on a statement-expression for the odd multi-statement _fail
> use case and include the else in the definition to remove any room for
> confusion.

Yea ok I see it now,
Ira

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ