lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAFULd4Z86uiH+w+1N36kOuhYZ5_ZkQkaEN6nyPh8VNJth3WNhg@mail.gmail.com>
Date: Thu, 7 Nov 2024 11:30:20 +0100
From: Uros Bizjak <ubizjak@...il.com>
To: Arnd Bergmann <arnd@...db.de>
Cc: Jason Gunthorpe <jgg@...dia.com>, Joerg Roedel <joro@...tes.org>, 
	Suravee Suthikulpanit <suravee.suthikulpanit@....com>, linux-kernel@...r.kernel.org, 
	iommu@...ts.linux.dev, Robin Murphy <robin.murphy@....com>, vasant.hegde@....com, 
	Kevin Tian <kevin.tian@...el.com>, jon.grimm@....com, santosh.shukla@....com, 
	pandoh@...gle.com, kumaranand@...gle.com, 
	Linux-Arch <linux-arch@...r.kernel.org>
Subject: Re: [PATCH v9 03/10] asm/rwonce: Introduce [READ|WRITE]_ONCE()
 support for __int128

On Thu, Nov 7, 2024 at 11:02 AM Arnd Bergmann <arnd@...db.de> wrote:
>
>
>
> On Wed, Nov 6, 2024, at 14:40, Jason Gunthorpe wrote:
> > On Wed, Nov 06, 2024 at 11:01:20AM +0100, Uros Bizjak wrote:
> >> On Wed, Nov 6, 2024 at 9:55 AM Arnd Bergmann <arnd@...db.de> wrote:
> >> >
> >> > On Tue, Nov 5, 2024, at 13:30, Joerg Roedel wrote:
> >> > > On Fri, Nov 01, 2024 at 04:22:57PM +0000, Suravee Suthikulpanit wrote:
> >> > >>  include/asm-generic/rwonce.h   | 2 +-
> >> > >>  include/linux/compiler_types.h | 8 +++++++-
> >> > >>  2 files changed, 8 insertions(+), 2 deletions(-)
> >> > >
> >> > > This patch needs Cc:
> >> > >
> >> > >       Arnd Bergmann <arnd@...db.de>
> >> > >       linux-arch@...r.kernel.org
> >> > >
> >> >
> >> > It also needs an update to the comment about why this is safe:
> >> >
> >> > >> +++ b/include/asm-generic/rwonce.h
> >> > >> @@ -33,7 +33,7 @@
> >> > >>   * (e.g. a virtual address) and a strong prevailing wind.
> >> > >>   */
> >> > >>  #define compiletime_assert_rwonce_type(t)                                   \
> >> > >> -    compiletime_assert(__native_word(t) || sizeof(t) == sizeof(long long),  \
> >> > >> +    compiletime_assert(__native_word(t) || sizeof(t) == sizeof(__dword_type), \
> >> > >>              "Unsupported access size for {READ,WRITE}_ONCE().")
> >> >
> >> > As far as I can tell, 128-but words don't get stored atomically on
> >> > any architecture, so this seems wrong, because it would remove
> >> > the assertion on someone incorrectly using WRITE_ONCE() on a
> >> > 128-bit variable.
> >>
> >> READ_ONCE() and WRITE_ONCE() do not guarantee atomicity for double
> >> word types. They only guarantee (c.f. include/asm/generic/rwonce.h):
> >>
> >>  * Prevent the compiler from merging or refetching reads or writes. The
> >>  * compiler is also forbidden from reordering successive instances of
> >>  * READ_ONCE and WRITE_ONCE, but only when the compiler is aware of some
> >>  * particular ordering. ...
> >>
> >> and later:
> >>
> >>  * Yes, this permits 64-bit accesses on 32-bit architectures. These will
> >>  * actually be atomic in some cases (namely Armv7 + LPAE), but for others we
> >>  * rely on the access being split into 2x32-bit accesses for a 32-bit quantity
> >>  * (e.g. a virtual address) and a strong prevailing wind.
> >>
> >> This is the "strong prevailing wind", mentioned in the patch review at [1].
> >>
> >> [1] https://lore.kernel.org/lkml/20241016130819.GJ3559746@nvidia.com/
>
> I understand the special case for ARMv7VE. I think the more important
> comment in that file is
>
>   * Use __READ_ONCE() instead of READ_ONCE() if you do not require any
>   * atomicity. Note that this may result in tears!
>
> The entire point of compiletime_assert_rwonce_type() is to ensure
> that these are accesses fit the stricter definition, and I would
> prefer to not extend that to 64-bit architecture. If there are users
> that need the "once" behavior but not require atomicity of the
> access, can't that just use __READ_ONCE() instead?

If this is the case, then the patch could be simply something like the
attached (untested) patch.

Thanks,
Uros.

View attachment "p.diff.txt" of type "text/plain" (1274 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ