Re: Litmus test for question from Al Viro

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

To expand on my statement about the LKMM's weakness regarding control 
constructs, here is a litmus test to illustrate the issue.  You might 
want to add this to one of the archives.

Alan

C crypto-control-data
(*
 * LB plus crypto-control-data plus data
 *
 * Expected result: allowed
 *
 * This is an example of OOTA and we would like it to be forbidden.
 * The WRITE_ONCE in P0 is both data-dependent and (at the hardware level)
 * control-dependent on the preceding READ_ONCE.  But the dependencies are
 * hidden by the form of the conditional control construct, hence the 
 * name "crypto-control-data".  The memory model doesn't recognize them.
 *)

{}

P0(int *x, int *y)
{
	int r1;

	r1 = 1;
	if (READ_ONCE(*x) == 0)
		r1 = 0;
	WRITE_ONCE(*y, r1);
}

P1(int *x, int *y)
{
	WRITE_ONCE(*x, READ_ONCE(*y));
}

exists (0:r1=1)
[Index of Archives]     [Linux Kernel]     [Kernel Newbies]     [x86 Platform Driver]     [Netdev]     [Linux Wireless]     [Netfilter]     [Bugtraq]     [Linux Filesystems]     [Yosemite Discussion]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Device Mapper]

  Powered by Linux