WireGuard Archive on lore.kernel.org
 help / Atom feed
* last_under_load on 32-bit systems
@ 2018-12-14 19:37 Phil Hofer
  0 siblings, 0 replies; 1+ messages in thread
From: Phil Hofer @ 2018-12-14 19:37 UTC (permalink / raw)
  To: jason; +Cc: wireguard

[-- Attachment #1.1.1: Type: text/plain, Size: 1838 bytes --]

Hey Jason,

First off, thanks for this wonderful project.

I have a question/comment regarding a bit of kernel code.

Background:
src/receive.c has the following code (lightly edited):

---
static u64 last_under_load;
bool under_load;

under_load = ...;
if (under_load)
    last_under_load = ktime_get_boot_fast_ns();
else
    under_load = !wg_birthdate_has_expired(last_under_load, 1);

---

after which the code uses 'under_load' to determine whether
or not to demand that handshake cookies be present.

The comment above 'last_under_load' says we don't care
about races on that unsynchronized global. I assume the rationale
here is that updates to last_under_load are always values from
ktime_get_boot_fast_ns(), and therefore observing a value
produced by a different cpu core won't produce meaningfully
different behavior. I agree that this is true on 64-bit hardware,
but I disagree that the race here is benign on 32-bit systems.
If the compiler decides to access the 8-byte storage with two
32-bit accesses, then it's possible that another thread could
observe the intermediate state in which one of the two words
has been updated. (I think you're most likely to observe this
behavior if wg_receive_handshake_packet is preempted, since
last_under_load shouldn't span cache lines.)
The thread that observes a 'torn' write to last_under_load may
not compute under_load as desired, and consequently drop a
handshake packet that it would have otherwise accepted.

I don't think performance would change meaningfully if
access to last_under_load was mediated with
atomic64_read()/atomic64_set(). On ARM, for example,
those macros will typically expand to a single ldrd/strd instruction, which is what you would want.

Let me know if I've analyzed this problem incorrectly.

Thanks!
Phil

[-- Attachment #1.2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 509 bytes --]

[-- Attachment #2: Type: text/plain, Size: 148 bytes --]

_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

^ permalink raw reply	[flat|nested] 1+ messages in thread

only message in thread, back to index

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-12-14 19:37 last_under_load on 32-bit systems Phil Hofer

WireGuard Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/wireguard/0 wireguard/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 wireguard wireguard/ https://lore.kernel.org/wireguard \
		wireguard@lists.zx2c4.com zx2c4-wireguard@archiver.kernel.org
	public-inbox-index wireguard


Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/com.zx2c4.lists.wireguard


AGPL code for this site: git clone https://public-inbox.org/ public-inbox