lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20250226171321.714f3b75@gandalf.local.home>
Date: Wed, 26 Feb 2025 17:13:21 -0500
From: Steven Rostedt <rostedt@...dmis.org>
To: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: Martin Uecker <uecker@...raz.at>, Ralf Jung <post@...fj.de>, "Paul E.
 McKenney" <paulmck@...nel.org>, Alice Ryhl <aliceryhl@...gle.com>, Ventura
 Jack <venturajack85@...il.com>, Kent Overstreet
 <kent.overstreet@...ux.dev>, Gary Guo <gary@...yguo.net>,
 airlied@...il.com, boqun.feng@...il.com, david.laight.linux@...il.com,
 ej@...i.de, gregkh@...uxfoundation.org, hch@...radead.org, hpa@...or.com,
 ksummit@...ts.linux.dev, linux-kernel@...r.kernel.org,
 miguel.ojeda.sandonis@...il.com, rust-for-linux@...r.kernel.org
Subject: Re: C aggregate passing (Rust kernel policy)

On Wed, 26 Feb 2025 16:56:19 -0500
Steven Rostedt <rostedt@...dmis.org> wrote:

> 	r = *p;
> 	if (r > 1000)
> 		goto out;
> 	x = r;
> 
> to:
> 
> 	if (*p > 1000)
> 		goto out;
> 	x = *p;

And you could replace *p with any variable that is visible outside the
function. As that's where I have to remember to use READ_ONCE() all the
time. When I need to access a variable that may change, but the old value
may still be fine to use as long as it is consistent.

I take this is what you meant by following what the code does.

	r = global;
	if (r > 1000)
		goto out;
	x = r;

Is the code saying to read "global" once. But today the compiler may not do
that and we have to use READ_ONCE() to prevent it.

But if I used:

	if (global > 1000)
		goto out;
	x = global;

Then the code itself is saying it is fine to re-read global or not, and the
compiler is fine with converting that to:

	r = global;
	if (r > 1000)
		goto out;
	x = r;

I guess this is where you say "volatile" is too strong, as this isn't an
issue and is an optimization the compiler can do. Where as the former
(reading global twice) is a bug because the code did not explicitly state
to do that.


-- Steve

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ