| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <aV0JkZdrZn97-d7d@tardis-2.local> Date: Tue, 6 Jan 2026 21:09:37 +0800 From: Boqun Feng <boqun.feng@...il.com> To: Andreas Hindborg <a.hindborg@...nel.org> Cc: Alice Ryhl <aliceryhl@...gle.com>, Gary Guo <gary@...yguo.net>, Will Deacon <will@...nel.org>, Peter Zijlstra <peterz@...radead.org>, "Paul E. McKenney" <paulmck@...nel.org>, Richard Henderson <richard.henderson@...aro.org>, Matt Turner <mattst88@...il.com>, Magnus Lindholm <linmag7@...il.com>, Catalin Marinas <catalin.marinas@....com>, Miguel Ojeda <ojeda@...nel.org>, Björn Roy Baron <bjorn3_gh@...tonmail.com>, Benno Lossin <lossin@...nel.org>, Trevor Gross <tmgross@...ch.edu>, Danilo Krummrich <dakr@...nel.org>, Mark Rutland <mark.rutland@....com>, FUJITA Tomonori <fujita.tomonori@...il.com>, Frederic Weisbecker <frederic@...nel.org>, Lyude Paul <lyude@...hat.com>, Thomas Gleixner <tglx@...utronix.de>, Anna-Maria Behnsen <anna-maria@...utronix.de>, John Stultz <jstultz@...gle.com>, Stephen Boyd <sboyd@...nel.org>, Alexander Viro <viro@...iv.linux.org.uk>, Christian Brauner <brauner@...nel.org>, Jan Kara <jack@...e.cz>, linux-kernel@...r.kernel.org, linux-alpha@...r.kernel.org, linux-arm-kernel@...ts.infradead.org, rust-for-linux@...r.kernel.org, linux-fsdevel@...r.kernel.org Subject: Re: [PATCH 0/5] Add READ_ONCE and WRITE_ONCE to Rust On Tue, Jan 06, 2026 at 01:41:33PM +0100, Andreas Hindborg wrote: > "Boqun Feng" <boqun.feng@...il.com> writes: > [...] > >> > I would prefer not to expose the READ_ONCE/WRITE_ONCE functions, at > >> > least not with their atomic semantics. > >> > > >> > Both callsites that you have converted should be using > >> > > >> > Atomic::from_ptr().load(Relaxed) > >> > > >> > Please refer to the documentation of `Atomic` about this. Fujita has a > >> > series that expand the type to u8/u16 if you need narrower accesses. > >> > >> Why? If we say that we're using the LKMM, then it seems confusing to not > >> have a READ_ONCE() for cases where we interact with C code, and that C > >> code documents that READ_ONCE() should be used. > >> > > > > The problem of READ_ONCE() and WRITE_ONCE() is that the semantics is > > complicated. Sometimes they are used for atomicity, sometimes they are > > used for preventing data race. So yes, we are using LKMM in Rust as > > well, but whenever possible, we need to clarify the intentation of the > > API, using Atomic::from_ptr().load(Relaxed) helps on that front. > > > > IMO, READ_ONCE()/WRITE_ONCE() is like a "band aid" solution to a few > > problems, having it would prevent us from developing a more clear view > > for concurrent programming. > > What is the semantics of a non-atomic write in C code under lock racing > with a READ_ONCE/atomic relaxed read in Rust? That is the hrtimer case. > Some C code believes a plain write to a properly aligned location is atomic (see KCSAN_ASSUME_PLAIN_WRITES_ATOMIC, and no, this doesn't mean it's recommended to assume such), and I guess that's the case for hrtimer, if it's not much a trouble you can replace the plain write with WRITE_ONCE() on C side ;-) Regards, Boqun > > Best regards, > Andreas Hindborg > > >
Powered by blists - more mailing lists