Re: better patch for linux/bitops.h

From: H. Peter Anvin
Date: Wed May 04 2016 - 22:42:28 EST

Next message: Brian Gerst: "[PATCH 0/3] Misc x86 cleanups"
Previous message: Baoquan He: "Re: [PATCH] kdump: Fix gdb macros work work with newer and 64-bit kernels"
In reply to: Jeffrey Walton: "Re: better patch for linux/bitops.h"
Next in thread: Jeffrey Walton: "Re: better patch for linux/bitops.h"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On May 4, 2016 6:35:44 PM PDT, Jeffrey Walton <noloader@xxxxxxxxx> wrote:
>On Wed, May 4, 2016 at 5:52 PM, John Denker <jsd@xxxxxxxx> wrote:
>> On 05/04/2016 02:42 PM, I wrote:
>>
>>> I find it very odd that the other seven functions were not
>>> upgraded. I suggest the attached fix-others.diff would make
>>> things more consistent.
>>
>> Here's a replacement patch.
>> ...
>
>+1, commit it.
>
>Its good for three additional reasons. First, this change means the
>kernel is teaching the next generation the correct way to do things.
>Many developers aspire to be kernel hackers, and they sometimes use
>the code from bitops.h. I've actually run across the code in
>production during an audit where the developers cited bitops.h.
>
>Second, it preserves a "silent and dark" cockpit during analysis. That
>is, when analysis is run, no findings are generated. Auditors and
>security folks like quiet tools, much like the way pilots like their
>cockpits (flashing lights and sounding buzzers usually means something
>is wrong).
>
>Third, the pattern is recognized by the major compilers, so the kernel
>should not have any trouble when porting any of the compilers. I often
>use multiple compiler to tease out implementation defined behavior in
>a effort to achieve greater portability. Here are the citations to
>ensure the kernel is safe with the pattern:
>
> * GCC: http://gcc.gnu.org/bugzilla/show_bug.cgi?id=57157
> * ICC: http://software.intel.com/en-us/forums/topic/580884
>
>However, Clang may cause trouble because they don't want the
>responsibility of recognizing the pattern:
>
> * https://llvm.org/bugs/show_bug.cgi?id=24226#c8
>
>Instead, they provide a defective rotate. The "defect" here is its
>non-constant time due to the branch, so it may not be suitable for
>high-integrity or high-assurance code like linux-crypto:
>
> * https://llvm.org/bugs/show_bug.cgi?id=24226#c5
>
>Jeff

So you are actually saying outright that we should sacrifice *actual* portability in favor of *theoretical* portability? What kind of twilight zone did we just step into?!
--
Sent from my Android device with K-9 Mail. Please excuse brevity and formatting.

Next message: Brian Gerst: "[PATCH 0/3] Misc x86 cleanups"
Previous message: Baoquan He: "Re: [PATCH] kdump: Fix gdb macros work work with newer and 64-bit kernels"
In reply to: Jeffrey Walton: "Re: better patch for linux/bitops.h"
Next in thread: Jeffrey Walton: "Re: better patch for linux/bitops.h"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]