lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <72bd8dc3-8a46-47b1-ac60-6b9b18b54f69@paulmck-laptop>
Date: Thu, 27 Feb 2025 13:41:15 -0800
From: "Paul E. McKenney" <paulmck@...nel.org>
To: David Laight <david.laight.linux@...il.com>
Cc: Steven Rostedt <rostedt@...dmis.org>,
	Linus Torvalds <torvalds@...ux-foundation.org>,
	Martin Uecker <uecker@...raz.at>, Ralf Jung <post@...fj.de>,
	Alice Ryhl <aliceryhl@...gle.com>,
	Ventura Jack <venturajack85@...il.com>,
	Kent Overstreet <kent.overstreet@...ux.dev>,
	Gary Guo <gary@...yguo.net>, airlied@...il.com,
	boqun.feng@...il.com, ej@...i.de, gregkh@...uxfoundation.org,
	hch@...radead.org, hpa@...or.com, ksummit@...ts.linux.dev,
	linux-kernel@...r.kernel.org, miguel.ojeda.sandonis@...il.com,
	rust-for-linux@...r.kernel.org
Subject: Re: C aggregate passing (Rust kernel policy)

On Thu, Feb 27, 2025 at 08:47:22PM +0000, David Laight wrote:
> On Wed, 26 Feb 2025 17:35:34 -0500
> Steven Rostedt <rostedt@...dmis.org> wrote:
> 
> > On Wed, 26 Feb 2025 14:22:26 -0800
> > Linus Torvalds <torvalds@...ux-foundation.org> wrote:
> > 
> > > > But if I used:
> > > >
> > > >         if (global > 1000)
> > > >                 goto out;
> > > >         x = global;    
> > > 
> > > which can have the TUCTOU issue because 'global' is read twice.  
> > 
> > Correct, but if the variable had some other protection, like a lock held
> > when this function was called, it is fine to do and the compiler may
> > optimize it or not and still have the same result.
> > 
> > I guess you can sum this up to:
> > 
> >   The compiler should never assume it's safe to read a global more than the
> >   code specifies, but if the code reads a global more than once, it's fine
> >   to cache the multiple reads.
> > 
> > Same for writes, but I find WRITE_ONCE() used less often than READ_ONCE().
> > And when I do use it, it is more to prevent write tearing as you mentioned.
> 
> Except that (IIRC) it is actually valid for the compiler to write something
> entirely unrelated to a memory location before writing the expected value.
> (eg use it instead of stack for a register spill+reload.)
> Not gcc doesn't do that - but the standard lets it do it.

Or replace a write with a read, a check, and a write only if the read
returns some other value than the one to be written.  Also not something
I have seen, but something that the standard permits.

							Thanx, Paul

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ