| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250617141704.GB19021@willie-the-truck> Date: Tue, 17 Jun 2025 15:17:04 +0100 From: Will Deacon <will@...nel.org> To: Hernan Ponce de Leon <hernan.poncedeleon@...weicloud.com> Cc: Thomas Haas <t.haas@...bs.de>, Peter Zijlstra <peterz@...radead.org>, Alan Stern <stern@...land.harvard.edu>, Andrea Parri <parri.andrea@...il.com>, Boqun Feng <boqun.feng@...il.com>, Nicholas Piggin <npiggin@...il.com>, David Howells <dhowells@...hat.com>, Jade Alglave <j.alglave@....ac.uk>, Luc Maranget <luc.maranget@...ia.fr>, "Paul E. McKenney" <paulmck@...nel.org>, Akira Yokosawa <akiyks@...il.com>, Daniel Lustig <dlustig@...dia.com>, Joel Fernandes <joelagnelf@...dia.com>, linux-kernel@...r.kernel.org, linux-arch@...r.kernel.org, lkmm@...ts.linux.dev, jonas.oberhauser@...weicloud.com, "r.maseli@...bs.de" <r.maseli@...bs.de> Subject: Re: [RFC] Potential problem in qspinlock due to mixed-size accesses On Tue, Jun 17, 2025 at 10:42:04AM +0200, Hernan Ponce de Leon wrote: > On 6/17/2025 8:19 AM, Thomas Haas wrote: > > On 16.06.25 16:23, Will Deacon wrote: > > > I'm half inclined to think that the Arm memory model should be tightened > > > here; I can raise that with Arm and see what they say. > > > > > > Although the cited paper does give examples of store-forwarding from a > > > narrow store to a wider load, the case in qspinlock is further > > > constrained by having the store come from an atomic rmw and the load > > > having acquire semantics. Setting aside the MSA part, that specific case > > > _is_ ordered in the Arm memory model (and C++ release sequences rely on > > > it iirc), so it's fair to say that Arm CPUs don't permit forwarding from > > > an atomic rmw to an acquire load. > > > > > > Given that, I don't see how this is going to occur in practice. > > > > You are probably right. The ARM model's atomic-ordered-before relation > > > > let aob = rmw | [range(rmw)]; lrs; [A | Q] > > > > clearly orders the rmw-store with subsequent acquire loads (lrs = local- > > read-successor, A = acquire). > > If we treat this relation (at least the second part) as a "global > > ordering" and extend it by "si" (same-instruction), then the problematic > > reordering under MSA should be gone. > > I quickly ran Dartagnan on the MSA litmus tests with this change to the > > ARM model and all the tests still pass. > > Even with this change I still get violations (both safety and termination) > for qspinlock with dartagnan. Please can you be more specific about the problems you see? > I think the problem is actually with the Internal visibility axiom, because > only making that one stronger seems to remove the violations. That sounds surprising to me, as there's nothing particularly weird about Arm's coherence requirements when compared to other architectures, as far as I'm aware. Will
Powered by blists - more mailing lists