From: Derrick Stolee <stolee@gmail.com>
To: "Jeff King" <peff@peff.net>,
"brian m. carlson" <sandals@crustytoothpaste.net>,
"Jonathan Nieder" <jrnieder@gmail.com>,
"Paul Smith" <paul@mad-scientist.net>,
git@vger.kernel.org, "Duy Nguyen" <pclouds@gmail.com>,
"Ævar Arnfjörð Bjarmason" <avarab@gmail.com>
Subject: Re: [ANNOUNCE] Git v2.19.0-rc0
Date: Thu, 23 Aug 2018 06:26:58 -0400 [thread overview]
Message-ID: <f854aba0-6d28-7f2b-aad2-858983c4af36@gmail.com> (raw)
In-Reply-To: <20180823050418.GB318@sigill.intra.peff.net>
On 8/23/2018 1:04 AM, Jeff King wrote:
> On Thu, Aug 23, 2018 at 03:47:07AM +0000, brian m. carlson wrote:
>
>> I expect that's going to be the case as well. I have patches that
>> wire up actual SHA-256 support in my hash-impl branch.
>>
>> However, having said that, I'm happy to defer to whatever everyone else
>> thinks is best for 2.19. The assert solution would be fine with me in
>> this situation, and if we need to pull it out in the future, that's okay
>> with me.
>>
>> I don't really have a strong opinion on this either way, so if someone
>> else does, please say so. I have somewhat more limited availability
>> over the next couple days, as I'm travelling on business, but I'm happy
>> to review a patch (and it seems like Peff has one minus the actual
>> commit message).
> I just posted the patch elsewhere in the thread.
Thank you for that!
> I think you can safely
> ignore the rest of it if you are otherwise occupied. Even if v2.19 ships
> without some mitigation, I don't know that it's all that big a deal,
> given the numbers I generated (which for some reason are less dramatic
> than Stolee's).
My numbers may be more dramatic because my Linux environment is a
virtual machine.
I was thinking that having a mitigation for 2.19 is best, and then we
can focus as part of the 2.20 cycle how we can properly avoid this cost,
especially when 32 is a valid option.
Around the time that my proposed approaches were getting vetoed for
alignment issues, I figured I was out of my depth here. I reached out to
Daniel Lemire (of EWAH bitmap fame) on Twitter [1]. His blog is full of
posts of word-based approaches to different problems, so I thought he
might know something off the top of his head that would be applicable.
His conclusion (after looking only a short time) was to take a 'hasheq'
approach [2] like Peff suggested [3]. Since that requires auditing all
callers of hashcmp to see if hasheq is appropriate, it is not a good
solution for 2.19 but (in my opinion) should be evaluated as part of the
2.20 cycle.
Of course, if someone with knowledge of word-alignment issues across the
platforms we support knows how to enforce an alignment for object_id,
then something word-based like [4] could be reconsidered.
Thanks, everyone!
-Stolee
[1] https://twitter.com/stolee/status/1032312965754748930
[2]
https://lemire.me/blog/2018/08/22/avoid-lexicographical-comparisons-when-testing-for-string-equality/
[3]
https://public-inbox.org/git/20180822030344.GA14684@sigill.intra.peff.net/
[4]
https://public-inbox.org/git/7ea416cf-b043-1274-e161-85a8780b8e1c@gmail.com/
next prev parent reply other threads:[~2018-08-23 10:27 UTC|newest]
Thread overview: 58+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-08-20 22:13 [ANNOUNCE] Git v2.19.0-rc0 Junio C Hamano
2018-08-20 22:41 ` Stefan Beller
2018-08-20 23:39 ` Jonathan Nieder
2018-08-21 0:27 ` Jonathan Nieder
2018-08-21 0:46 ` Stefan Beller
2018-08-21 20:41 ` Derrick Stolee
2018-08-21 21:29 ` Jeff King
2018-08-22 0:48 ` brian m. carlson
2018-08-22 3:03 ` Jeff King
2018-08-22 3:36 ` Jeff King
2018-08-22 11:11 ` Derrick Stolee
2018-08-22 5:36 ` brian m. carlson
2018-08-22 6:07 ` Jeff King
2018-08-22 7:39 ` Ævar Arnfjörð Bjarmason
2018-08-22 11:14 ` Derrick Stolee
2018-08-22 15:17 ` Jeff King
2018-08-22 16:08 ` Duy Nguyen
2018-08-22 16:14 ` Duy Nguyen
2018-08-22 16:26 ` Jeff King
2018-08-22 16:49 ` Derrick Stolee
2018-08-22 16:58 ` Duy Nguyen
2018-08-22 17:04 ` Derrick Stolee
2018-08-22 16:59 ` Jeff King
2018-08-22 17:02 ` Junio C Hamano
2018-08-22 15:14 ` Jeff King
2018-08-22 14:28 ` Derrick Stolee
2018-08-22 15:24 ` Jeff King
2018-08-22 12:42 ` Paul Smith
2018-08-22 15:23 ` Jeff King
2018-08-23 1:23 ` Jonathan Nieder
2018-08-23 2:16 ` Jeff King
2018-08-23 2:27 ` Jonathan Nieder
2018-08-23 5:02 ` Jeff King
2018-08-23 5:09 ` brian m. carlson
2018-08-23 5:10 ` Jonathan Nieder
2018-08-23 13:20 ` Junio C Hamano
2018-08-23 16:31 ` wide t/perf output, was " Jeff King
2018-08-23 3:47 ` brian m. carlson
2018-08-23 5:04 ` Jeff King
2018-08-23 10:26 ` Derrick Stolee [this message]
2018-08-23 13:16 ` Junio C Hamano
2018-08-23 16:14 ` Jeff King
2018-08-23 23:30 ` Jacob Keller
2018-08-23 23:40 ` Jeff King
2018-08-24 0:06 ` Jeff King
2018-08-24 0:16 ` Jeff King
2018-08-24 2:48 ` Jacob Keller
2018-08-24 2:59 ` Jeff King
2018-08-24 6:45 ` Jeff King
2018-08-24 11:04 ` Derrick Stolee
2018-08-27 19:36 ` Junio C Hamano
2018-08-23 18:53 ` Jeff King
2018-08-23 20:59 ` Derrick Stolee
2018-08-24 6:56 ` Jeff King
2018-08-24 7:57 ` Ævar Arnfjörð Bjarmason
2018-08-24 16:45 ` Derrick Stolee
2018-08-25 8:26 ` Jeff King
2018-09-02 18:53 ` Kaartic Sivaraam
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=f854aba0-6d28-7f2b-aad2-858983c4af36@gmail.com \
--to=stolee@gmail.com \
--cc=avarab@gmail.com \
--cc=git@vger.kernel.org \
--cc=jrnieder@gmail.com \
--cc=paul@mad-scientist.net \
--cc=pclouds@gmail.com \
--cc=peff@peff.net \
--cc=sandals@crustytoothpaste.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).