Re: C aggregate passing (Rust kernel policy)

From: Steven Rostedt
Date: Wed Feb 26 2025 - 17:35:06 EST

Next message: Junio C Hamano: "Re: [ANNOUNCE] Git v2.49.0-rc0"
Previous message: Pawan Gupta: "Re: [PATCH v3 20/35] x86/bugs: Define attack vectors"
In reply to: Linus Torvalds: "Re: C aggregate passing (Rust kernel policy)"
Next in thread: Linus Torvalds: "Re: C aggregate passing (Rust kernel policy)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 26 Feb 2025 14:22:26 -0800
Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx> wrote:

> > But if I used:
> >
> > if (global > 1000)
> > goto out;
> > x = global;
>
> which can have the TUCTOU issue because 'global' is read twice.

Correct, but if the variable had some other protection, like a lock held
when this function was called, it is fine to do and the compiler may
optimize it or not and still have the same result.

I guess you can sum this up to:

The compiler should never assume it's safe to read a global more than the
code specifies, but if the code reads a global more than once, it's fine
to cache the multiple reads.

Same for writes, but I find WRITE_ONCE() used less often than READ_ONCE().
And when I do use it, it is more to prevent write tearing as you mentioned.

-- Steve

Next message: Junio C Hamano: "Re: [ANNOUNCE] Git v2.49.0-rc0"
Previous message: Pawan Gupta: "Re: [PATCH v3 20/35] x86/bugs: Define attack vectors"
In reply to: Linus Torvalds: "Re: C aggregate passing (Rust kernel policy)"
Next in thread: Linus Torvalds: "Re: C aggregate passing (Rust kernel policy)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]