| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <c51227c9a4103ad1de43fc3cda5396b1196c31d7.camel@redhat.com> Date: Mon, 25 Mar 2024 14:56:58 +0100 From: Philipp Stanner <pstanner@...hat.com> To: Linus Torvalds <torvalds@...ux-foundation.org>, Kent Overstreet <kent.overstreet@...ux.dev> Cc: Boqun Feng <boqun.feng@...il.com>, rust-for-linux@...r.kernel.org, linux-kernel@...r.kernel.org, linux-arch@...r.kernel.org, llvm@...ts.linux.dev, Miguel Ojeda <ojeda@...nel.org>, Alex Gaynor <alex.gaynor@...il.com>, Wedson Almeida Filho <wedsonaf@...il.com>, Gary Guo <gary@...yguo.net>, Björn Roy Baron <bjorn3_gh@...tonmail.com>, Benno Lossin <benno.lossin@...ton.me>, Andreas Hindborg <a.hindborg@...sung.com>, Alice Ryhl <aliceryhl@...gle.com>, Alan Stern <stern@...land.harvard.edu>, Andrea Parri <parri.andrea@...il.com>, Will Deacon <will@...nel.org>, Peter Zijlstra <peterz@...radead.org>, Nicholas Piggin <npiggin@...il.com>, David Howells <dhowells@...hat.com>, Jade Alglave <j.alglave@....ac.uk>, Luc Maranget <luc.maranget@...ia.fr>, "Paul E. McKenney" <paulmck@...nel.org>, Akira Yokosawa <akiyks@...il.com>, Daniel Lustig <dlustig@...dia.com>, Joel Fernandes <joel@...lfernandes.org>, Nathan Chancellor <nathan@...nel.org>, Nick Desaulniers <ndesaulniers@...gle.com>, kent.overstreet@...il.com, Greg Kroah-Hartman <gregkh@...uxfoundation.org>, elver@...gle.com, Mark Rutland <mark.rutland@....com>, Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>, Dave Hansen <dave.hansen@...ux.intel.com>, x86@...nel.org, "H. Peter Anvin" <hpa@...or.com>, Catalin Marinas <catalin.marinas@....com>, linux-arm-kernel@...ts.infradead.org, linux-fsdevel@...r.kernel.org Subject: Re: [WIP 0/3] Memory model and atomic API in Rust On Fri, 2024-03-22 at 17:36 -0700, Linus Torvalds wrote: > On Fri, 22 Mar 2024 at 17:21, Kent Overstreet > <kent.overstreet@...ux.dev> wrote: > > > > Besides that there's cross arch support to think about - it's hard > > to > > imagine us ever ditching our own atomics. > > > [... SNIP ...] > > > > I was thinking about something more incremental - just an optional > > mode > > where our atomics were C atomics underneath. It'd probably give the > > compiler people a much more effective way to test their stuff than > > anything they have now. > > I suspect it might be painful, and some compiler people would throw > their hands up in horror, because the C++ atomics model is based > fairly solidly on atomic types, and the kernel memory model is much > more fluid. > > Boqun already mentioned the "mixing access sizes", which is actually > quite fundamental in the kernel, where we play lots of games with > that > (typically around locking, where you find patterns line unlock > writing > a zero to a single byte, even though the whole lock data structure is > a word). And sometimes the access size games are very explicit (eg > lib/lockref.c). > > But it actually goes deeper than that. While we do have "atomic_t" > etc > for arithmetic atomics, and that probably would map fairly well to > C++ > atomics, in other cases we simply base our atomics not on _types_, > but > on code. > > IOW, we do things like "cmpxchg()", and the target of that atomic > access is just a regular data structure field. > > It's kind of like our "volatile" usage. If you read the C (and C++) > standards, you'll find that you should use "volatile" on data types. > That's almost *never* what the kernel does. The kernel uses > "volatile" > in _code_ (ie READ_ONCE() etc), and uses it by casting etc. > > Compiler people don't tend to really like those kinds of things. Just for my understanding: Why don't they like it? I guess since compiler people have to support volatile pointers anyways, temporarily casting something to such a volatile pointer shouldn't be a problem either – so they don't dislike it because it's more difficult to implement, but because it's more difficult to verify for correctness? P. > > Linus >
Powered by blists - more mailing lists