lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20250227204722.653ce86b@pumpkin>
Date: Thu, 27 Feb 2025 20:47:22 +0000
From: David Laight <david.laight.linux@...il.com>
To: Steven Rostedt <rostedt@...dmis.org>
Cc: Linus Torvalds <torvalds@...ux-foundation.org>, Martin Uecker
 <uecker@...raz.at>, Ralf Jung <post@...fj.de>, "Paul E. McKenney"
 <paulmck@...nel.org>, Alice Ryhl <aliceryhl@...gle.com>, Ventura Jack
 <venturajack85@...il.com>, Kent Overstreet <kent.overstreet@...ux.dev>,
 Gary Guo <gary@...yguo.net>, airlied@...il.com, boqun.feng@...il.com,
 ej@...i.de, gregkh@...uxfoundation.org, hch@...radead.org, hpa@...or.com,
 ksummit@...ts.linux.dev, linux-kernel@...r.kernel.org,
 miguel.ojeda.sandonis@...il.com, rust-for-linux@...r.kernel.org
Subject: Re: C aggregate passing (Rust kernel policy)

On Wed, 26 Feb 2025 17:35:34 -0500
Steven Rostedt <rostedt@...dmis.org> wrote:

> On Wed, 26 Feb 2025 14:22:26 -0800
> Linus Torvalds <torvalds@...ux-foundation.org> wrote:
> 
> > > But if I used:
> > >
> > >         if (global > 1000)
> > >                 goto out;
> > >         x = global;    
> > 
> > which can have the TUCTOU issue because 'global' is read twice.  
> 
> Correct, but if the variable had some other protection, like a lock held
> when this function was called, it is fine to do and the compiler may
> optimize it or not and still have the same result.
> 
> I guess you can sum this up to:
> 
>   The compiler should never assume it's safe to read a global more than the
>   code specifies, but if the code reads a global more than once, it's fine
>   to cache the multiple reads.
> 
> Same for writes, but I find WRITE_ONCE() used less often than READ_ONCE().
> And when I do use it, it is more to prevent write tearing as you mentioned.

Except that (IIRC) it is actually valid for the compiler to write something
entirely unrelated to a memory location before writing the expected value.
(eg use it instead of stack for a register spill+reload.)
Not gcc doesn't do that - but the standard lets it do it.

	David

> 
> -- Steve
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ