lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <27b845e5-1db3-4c67-8cf4-11454df3a8b0@paulmck-laptop>
Date: Thu, 27 Feb 2025 14:40:24 -0800
From: "Paul E. McKenney" <paulmck@...nel.org>
To: David Laight <david.laight.linux@...il.com>
Cc: Steven Rostedt <rostedt@...dmis.org>,
	Linus Torvalds <torvalds@...ux-foundation.org>,
	Martin Uecker <uecker@...raz.at>, Ralf Jung <post@...fj.de>,
	Alice Ryhl <aliceryhl@...gle.com>,
	Ventura Jack <venturajack85@...il.com>,
	Kent Overstreet <kent.overstreet@...ux.dev>,
	Gary Guo <gary@...yguo.net>, airlied@...il.com,
	boqun.feng@...il.com, ej@...i.de, gregkh@...uxfoundation.org,
	hch@...radead.org, hpa@...or.com, ksummit@...ts.linux.dev,
	linux-kernel@...r.kernel.org, miguel.ojeda.sandonis@...il.com,
	rust-for-linux@...r.kernel.org
Subject: Re: C aggregate passing (Rust kernel policy)

On Thu, Feb 27, 2025 at 10:20:30PM +0000, David Laight wrote:
> On Thu, 27 Feb 2025 13:41:15 -0800
> "Paul E. McKenney" <paulmck@...nel.org> wrote:
> 
> > On Thu, Feb 27, 2025 at 08:47:22PM +0000, David Laight wrote:
> > > On Wed, 26 Feb 2025 17:35:34 -0500
> > > Steven Rostedt <rostedt@...dmis.org> wrote:
> > >   
> > > > On Wed, 26 Feb 2025 14:22:26 -0800
> > > > Linus Torvalds <torvalds@...ux-foundation.org> wrote:
> > > >   
> > > > > > But if I used:
> > > > > >
> > > > > >         if (global > 1000)
> > > > > >                 goto out;
> > > > > >         x = global;      
> > > > > 
> > > > > which can have the TUCTOU issue because 'global' is read twice.    
> > > > 
> > > > Correct, but if the variable had some other protection, like a lock held
> > > > when this function was called, it is fine to do and the compiler may
> > > > optimize it or not and still have the same result.
> > > > 
> > > > I guess you can sum this up to:
> > > > 
> > > >   The compiler should never assume it's safe to read a global more than the
> > > >   code specifies, but if the code reads a global more than once, it's fine
> > > >   to cache the multiple reads.
> > > > 
> > > > Same for writes, but I find WRITE_ONCE() used less often than READ_ONCE().
> > > > And when I do use it, it is more to prevent write tearing as you mentioned.  
> > > 
> > > Except that (IIRC) it is actually valid for the compiler to write something
> > > entirely unrelated to a memory location before writing the expected value.
> > > (eg use it instead of stack for a register spill+reload.)
> > > Not gcc doesn't do that - but the standard lets it do it.  
> > 
> > Or replace a write with a read, a check, and a write only if the read
> > returns some other value than the one to be written.  Also not something
> > I have seen, but something that the standard permits.
> 
> Or if you write code that does that, assume it can just to the write.
> So dirtying a cache line.

You lost me on this one.  I am talking about a case where this code:

	x = 1;

gets optimized into something like this:

	if (x != 1)
		x = 1;

Which means that the "x != 1" could be re-ordered prior to an earlier
smp_wmb(), which might come as a surprise to code relying on that
ordering.  :-(

Again, not something I have seen in the wild.

							Thanx, Paul

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ