lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20250227222030.3fd32466@pumpkin>
Date: Thu, 27 Feb 2025 22:20:30 +0000
From: David Laight <david.laight.linux@...il.com>
To: "Paul E. McKenney" <paulmck@...nel.org>
Cc: Steven Rostedt <rostedt@...dmis.org>, Linus Torvalds
 <torvalds@...ux-foundation.org>, Martin Uecker <uecker@...raz.at>, Ralf
 Jung <post@...fj.de>, Alice Ryhl <aliceryhl@...gle.com>, Ventura Jack
 <venturajack85@...il.com>, Kent Overstreet <kent.overstreet@...ux.dev>,
 Gary Guo <gary@...yguo.net>, airlied@...il.com, boqun.feng@...il.com,
 ej@...i.de, gregkh@...uxfoundation.org, hch@...radead.org, hpa@...or.com,
 ksummit@...ts.linux.dev, linux-kernel@...r.kernel.org,
 miguel.ojeda.sandonis@...il.com, rust-for-linux@...r.kernel.org
Subject: Re: C aggregate passing (Rust kernel policy)

On Thu, 27 Feb 2025 13:41:15 -0800
"Paul E. McKenney" <paulmck@...nel.org> wrote:

> On Thu, Feb 27, 2025 at 08:47:22PM +0000, David Laight wrote:
> > On Wed, 26 Feb 2025 17:35:34 -0500
> > Steven Rostedt <rostedt@...dmis.org> wrote:
> >   
> > > On Wed, 26 Feb 2025 14:22:26 -0800
> > > Linus Torvalds <torvalds@...ux-foundation.org> wrote:
> > >   
> > > > > But if I used:
> > > > >
> > > > >         if (global > 1000)
> > > > >                 goto out;
> > > > >         x = global;      
> > > > 
> > > > which can have the TUCTOU issue because 'global' is read twice.    
> > > 
> > > Correct, but if the variable had some other protection, like a lock held
> > > when this function was called, it is fine to do and the compiler may
> > > optimize it or not and still have the same result.
> > > 
> > > I guess you can sum this up to:
> > > 
> > >   The compiler should never assume it's safe to read a global more than the
> > >   code specifies, but if the code reads a global more than once, it's fine
> > >   to cache the multiple reads.
> > > 
> > > Same for writes, but I find WRITE_ONCE() used less often than READ_ONCE().
> > > And when I do use it, it is more to prevent write tearing as you mentioned.  
> > 
> > Except that (IIRC) it is actually valid for the compiler to write something
> > entirely unrelated to a memory location before writing the expected value.
> > (eg use it instead of stack for a register spill+reload.)
> > Not gcc doesn't do that - but the standard lets it do it.  
> 
> Or replace a write with a read, a check, and a write only if the read
> returns some other value than the one to be written.  Also not something
> I have seen, but something that the standard permits.

Or if you write code that does that, assume it can just to the write.
So dirtying a cache line.

	David

> 
> 							Thanx, Paul

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ