Re: copyin32(9) for i386 and amd64

[Ted Unangst]

Mark Kettenis wrote:
> > From: "Ted Unangst" 
> > Date: Tue, 16 May 2017 18:27:13 -0400
> > 
> > Mark Kettenis wrote:
> > > We can just call copyin(9) since it already is atomic.  But check
> > > whether the userland futex is properly aligned and return EFAULT if it
> > > isn't such that this system call behaves like it does on strict
> > > alignment architectures.
> > 
> > hmm. do we want this? i understand the appeal, but due to differing
> > compilers/etc, some structs that are carefully packed on some platforms may
> > not be aligned on i386. however, they would be correctly aligned where
> > required.
> 
> If you want atomicity on amd64/i386, things must not cross a
> cache-line boundary.  The alignment check is a bit stronger than that
> but simpler to implement and ensures consistency across platforms.
> 
> > are we trying to prevent a problem that doesn't exist?
> 
> Maybe.  The i386 ABI requires 32-bit integers to be naturally aligned.
> It's 64-bit integers where it has a relaxed requirement.  So unless
> your structs are __packed the alignment check should never fail.
> Expecting atomic access to a memeber of a __packed struct is a bug.

Sounds reasonable to me.

Re: copyin32(9) for i386 and amd64

[Mark Kettenis]

> From: "Ted Unangst" 
> Date: Tue, 16 May 2017 18:27:13 -0400
> 
> Mark Kettenis wrote:
> > We can just call copyin(9) since it already is atomic.  But check
> > whether the userland futex is properly aligned and return EFAULT if it
> > isn't such that this system call behaves like it does on strict
> > alignment architectures.
> 
> hmm. do we want this? i understand the appeal, but due to differing
> compilers/etc, some structs that are carefully packed on some platforms may
> not be aligned on i386. however, they would be correctly aligned where
> required.

If you want atomicity on amd64/i386, things must not cross a
cache-line boundary.  The alignment check is a bit stronger than that
but simpler to implement and ensures consistency across platforms.

> are we trying to prevent a problem that doesn't exist?

Maybe.  The i386 ABI requires 32-bit integers to be naturally aligned.
It's 64-bit integers where it has a relaxed requirement.  So unless
your structs are __packed the alignment check should never fail.
Expecting atomic access to a memeber of a __packed struct is a bug.

Re: copyin32(9) for i386 and amd64

[Ted Unangst]

Mark Kettenis wrote:
> We can just call copyin(9) since it already is atomic.  But check
> whether the userland futex is properly aligned and return EFAULT if it
> isn't such that this system call behaves like it does on strict
> alignment architectures.

hmm. do we want this? i understand the appeal, but due to differing
compilers/etc, some structs that are carefully packed on some platforms may
not be aligned on i386. however, they would be correctly aligned where
required.

are we trying to prevent a problem that doesn't exist?
but not a major objection.