From: Linus Torvalds <torvalds@linux-foundation.org>
To: Torvald Riegel <triegel@redhat.com>
Cc: Jan Kara <jack@suse.cz>, LKML <linux-kernel@vger.kernel.org>,
linux-ia64@vger.kernel.org, dsterba@suse.cz, ptesarik@suse.cz,
rguenther@suse.de, gcc@gcc.gnu.org
Subject: Re: Memory corruption due to word sharing
Date: Wed, 1 Feb 2012 09:29:31 -0800 [thread overview]
Message-ID: <CA+55aFyG3EifFPapU6SFYXCjrP+wQOF65hJGs3yyMxCgde5vdg@mail.gmail.com> (raw)
In-Reply-To: <1328116137.15992.6146.camel@triegel.csb>
On Wed, Feb 1, 2012 at 9:08 AM, Torvald Riegel <triegel@redhat.com> wrote:
>
> What do the kernel folks think about the C11 memory model? If you can
> spot any issues in there, the GCC community would certainly like to
> know.
I don't think this is about memory models except very tangentially.
Gcc currently accesses fields in a way that affects *independent*
fields, without checking their memory models at all.
Even original C already has one memory model: "volatile" data is seen
outside the virtual C machine. And Jiri reports that even that
*original* memory model is being violated. We're taling about the one
from about 40 years ago.
So no amount of memory model will ever matter, if gcc can't even get
the 40-year old one right.
Also, the C11 memory model really isn't going to make any difference
to this. Again, because this happens even if we have explicit locking
for the different fields. So they aren't "atomic" or anything like
that, because we do our own (and sufficient) locking. But once the
compiler starts to randomly touch data that just happens to be
adjacent to other data, any memory model about those individual pieces
is going to be entirely immaterial anyway.
Finally: I do not believe for a second that we can actually use the
C11 memory model in the kernel and say "that's sufficient for our
needs". We will continue to have to do things that are "outside the
specs" for the very simple reason that the kernel isn't just some
random application that happens to use pthreads. We do end up doing
much more aggressive threading, with models that C11 simply doesn't
cover.
_Atomic simply isn't going to make any difference to us. Sure, we
might use it in a couple of places (where we have sometimes tried to
use volatile casts, for example), but it would be totally irrelevant
in this case exactly because *neither* field is really atomic - they
are both protected, it's just that they are *separately* protected, so
accessing one does *not* mean that you can access the other, even if
they are next to each other.
Linus
next prev parent reply other threads:[~2012-02-01 17:29 UTC|newest]
Thread overview: 67+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-02-01 15:19 Memory corruption due to word sharing Jan Kara
2012-02-01 15:34 ` Markus Trippelsdorf
2012-02-01 16:37 ` Colin Walters
2012-02-01 16:56 ` Linus Torvalds
2012-02-01 17:11 ` Jiri Kosina
2012-02-01 17:37 ` Linus Torvalds
2012-02-01 17:41 ` Michael Matz
2012-02-01 18:09 ` David Miller
2012-02-01 18:45 ` Jeff Law
2012-02-01 19:09 ` Linus Torvalds
2012-02-02 15:51 ` Jeff Garzik
2012-02-01 18:57 ` Linus Torvalds
2012-02-01 19:04 ` Peter Bergner
2012-02-01 18:52 ` Linus Torvalds
2012-02-02 9:35 ` Richard Guenther
2012-02-02 9:37 ` Richard Guenther
2012-02-02 13:43 ` Michael Matz
2012-02-01 16:41 ` Linus Torvalds
2012-02-01 17:42 ` Torvald Riegel
2012-02-01 19:40 ` Jakub Jelinek
2012-02-01 20:01 ` Linus Torvalds
2012-02-01 20:16 ` Jakub Jelinek
2012-02-01 20:44 ` Linus Torvalds
2012-02-02 15:58 ` Aldy Hernandez
2012-02-02 16:28 ` Michael Matz
2012-02-02 17:51 ` Linus Torvalds
2012-02-01 20:19 ` Linus Torvalds
2012-02-02 9:46 ` Richard Guenther
2012-02-01 19:44 ` Boehm, Hans
2012-02-01 19:54 ` Jeff Law
2012-02-01 19:47 ` Linus Torvalds
2012-02-01 19:58 ` Alan Cox
2012-02-01 20:41 ` Torvald Riegel
2012-02-01 20:59 ` Linus Torvalds
2012-02-01 21:24 ` Torvald Riegel
2012-02-01 21:55 ` Linus Torvalds
2012-02-01 21:25 ` Boehm, Hans
2012-02-01 22:27 ` Linus Torvalds
2012-02-01 22:45 ` Paul E. McKenney
2012-02-01 23:11 ` Linus Torvalds
2012-02-02 18:42 ` Paul E. McKenney
2012-02-02 19:08 ` Linus Torvalds
2012-02-02 19:37 ` Paul E. McKenney
2012-02-03 16:38 ` Andrew MacLeod
2012-02-03 17:16 ` Linus Torvalds
2012-02-03 19:16 ` Andrew MacLeod
2012-02-03 20:00 ` Linus Torvalds
2012-02-03 20:19 ` Paul E. McKenney
2012-02-06 15:38 ` Torvald Riegel
2012-02-10 19:27 ` Richard Henderson
2012-02-02 11:19 ` Ingo Molnar
2012-02-01 21:04 ` Boehm, Hans
2012-02-02 9:28 ` Bernd Petrovitsch
2012-02-01 17:08 ` Torvald Riegel
2012-02-01 17:29 ` Linus Torvalds [this message]
2012-02-01 20:53 ` Torvald Riegel
2012-02-01 21:20 ` Linus Torvalds
2012-02-01 21:37 ` Torvald Riegel
2012-02-01 22:18 ` Boehm, Hans
2012-02-02 11:11 ` James Courtier-Dutton
2012-02-02 11:24 ` Richard Guenther
2012-02-02 11:13 ` David Sterba
2012-02-02 11:23 ` Richard Guenther
2012-02-03 6:45 ` DJ Delorie
2012-02-03 9:37 ` Richard Guenther
2012-02-03 10:03 ` Matthew Gretton-Dann
2012-02-01 17:52 Dennis Clarke
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CA+55aFyG3EifFPapU6SFYXCjrP+wQOF65hJGs3yyMxCgde5vdg@mail.gmail.com \
--to=torvalds@linux-foundation.org \
--cc=dsterba@suse.cz \
--cc=gcc@gcc.gnu.org \
--cc=jack@suse.cz \
--cc=linux-ia64@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=ptesarik@suse.cz \
--cc=rguenther@suse.de \
--cc=triegel@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).