Re: [RFC PATCH] asm/generic: introduce if_nospec and nospec_barrier

From: Alan Cox
Date: Thu Jan 04 2018 - 17:56:53 EST

Next message: Arnd Bergmann: "[PATCH] arm64: dts: sprd: remove broken header inclusion"
Previous message: Andrew Morton: "Re: [PATCH] mm/fadvise: discard partial pages iff endbyte is also eof"
In reply to: Linus Torvalds: "Re: [RFC PATCH] asm/generic: introduce if_nospec and nospec_barrier"
Next in thread: Linus Torvalds: "Re: [RFC PATCH] asm/generic: introduce if_nospec and nospec_barrier"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> and the *implementation* might be architecture-specific, but one
> particular implementation would be something like simply
>
> #define array_access(base, idx, max) ({ \
> union { typeof(base[0]) _val; unsigned long _bit; } __u;\
> unsigned long _i = (idx); \
> unsigned long _m = (max); \
> unsigned long _mask = _i < _m ? ~0 : 0; \
> OPTIMIZER_HIDE_VAR(_mask); \
> __u._val = base[_i & _mask]; \
> __u._bit &= _mask; \
> __u._val; })
>
> (Ok, the above is not exhaustively tested, but you get the idea, and
> gcc doesn't seem to mess it up *too* badly).

How do you ensure that the CPU doesn't speculate j < _m ? ~0 : 0 pick the
wrong mask and then reference base[] ?

It's a nice idea but I think we'd need to run it past the various CPU
vendors especially before it was implemented as a generic solution.
Anding with a constant works because the constant doesn't get speculated
and nor does the and with a constant, but you've got a whole additional
conditional path in your macro.

Alan

Next message: Arnd Bergmann: "[PATCH] arm64: dts: sprd: remove broken header inclusion"
Previous message: Andrew Morton: "Re: [PATCH] mm/fadvise: discard partial pages iff endbyte is also eof"
In reply to: Linus Torvalds: "Re: [RFC PATCH] asm/generic: introduce if_nospec and nospec_barrier"
Next in thread: Linus Torvalds: "Re: [RFC PATCH] asm/generic: introduce if_nospec and nospec_barrier"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]