Post 9jLPMoc1iFsmDA4y0m by sir@cmpwn.com
(DIR) More posts by sir@cmpwn.com
(DIR) Post #9jLP71m70TFGOwGhJQ by sir@cmpwn.com
2019-05-30T18:26:19Z
3 likes, 0 repeats
Q: What's the best way to communicate between threadsA: Don't use threadsQ: What's the best way to communicate between threads, and yes really I need threads I promise, poll won't work, reallyA: Use a child process and pipe(3)Q: That's still not threadsA: Correct
(DIR) Post #9jLPFzX6iBbm3PWZ7I by Wolf480pl@niu.moe
2019-05-30T18:28:56Z
0 likes, 0 repeats
@sir what's the best way to communicate between CPU cores when writing a kernel?
(DIR) Post #9jLPMoc1iFsmDA4y0m by sir@cmpwn.com
2019-05-30T18:29:21Z
0 likes, 0 repeats
@Wolf480pl I don't know
(DIR) Post #9jLPOFy5URPZLM5LFo by sir@cmpwn.com
2019-05-30T18:29:46Z
0 likes, 0 repeats
@Wolf480pl the only kernels I've written have been on single-core systems or didn't support SMP
(DIR) Post #9jLPOG5B455BhLP0Iy by Wolf480pl@niu.moe
2019-05-30T18:30:25Z
0 likes, 0 repeats
@sir is SMP cursed?
(DIR) Post #9jLPVcRcK1yn4zPMae by lanodan@queer.hacktivis.me
2019-05-30T18:31:48.810968Z
0 likes, 0 repeats
@sir Sockets and/or shared memory is okay, right?
(DIR) Post #9jLPgsVIxBfW4YVAFE by sir@cmpwn.com
2019-05-30T18:30:03Z
0 likes, 0 repeats
@the_gayest_doggo you don't need them and they are basically made of bugs
(DIR) Post #9jLPjepoESGmXxPy5I by sir@cmpwn.com
2019-05-30T18:30:57Z
0 likes, 0 repeats
@Wolf480pl I don't know
(DIR) Post #9jLPq22Ct7tAEnFwkS by amiloradovsky@functional.cafe
2019-05-30T18:35:27Z
0 likes, 0 repeats
@Wolf480pl @sir There are mechanisms: local shared memory, writing into other cores' registers, maybe something else.
(DIR) Post #9jLPulAr0DtvOSYUPA by sir@cmpwn.com
2019-05-30T18:32:14Z
0 likes, 0 repeats
@lanodan sockets yes, shared memory requires extra care
(DIR) Post #9jLQ2SYm5rSbymPpPk by Wolf480pl@niu.moe
2019-05-30T18:37:43Z
0 likes, 0 repeats
@amiloradovsky yeah, I know. But that means you're sharing memory between two threads of computation, which @sir claims is Bad(tm).I guess if I was to avoid the complexity of concurrent programming, I'd go for a ring buffer or two.
(DIR) Post #9jLQJrp3QAbbFjKZ5k by amiloradovsky@functional.cafe
2019-05-30T18:36:11Z
0 likes, 0 repeats
@sir Message queues? Locks/mutexes?
(DIR) Post #9jLQOR7c7YbZtFBsoK by sir@cmpwn.com
2019-05-30T18:36:33Z
0 likes, 1 repeats
@amiloradovsky @Wolf480pl "writing into other cores' registers" sounds like a great way to summon cuthulu into your processor
(DIR) Post #9jLQSjruMZglBqtbto by sir@cmpwn.com
2019-05-30T18:36:49Z
0 likes, 0 repeats
@amiloradovsky nope, don't
(DIR) Post #9jLQm3WNWEIVe02KfI by amiloradovsky@functional.cafe
2019-05-30T18:42:12Z
0 likes, 0 repeats
@sir @Wolf480pl It is, but you're supposed to know what to do when it comes…
(DIR) Post #9jLSHkdJNcRwHgxOSm by amiloradovsky@functional.cafe
2019-05-30T19:02:51Z
0 likes, 0 repeats
@Wolf480pl @sir Data-structures may vary, but if more than one thread/process may write into them, a means of synchronization are needed anyway.And pipes are nothing else but octets queue (pair of streams), where each message is an octet.
(DIR) Post #9jLX9avo4Am7eJXPRg by Wolf480pl@niu.moe
2019-05-30T19:57:26Z
0 likes, 0 repeats
@amiloradovsky @sir yeah, but with pipes, the kernel does the synchronization for you. And it gives you an abstraction that is hard to hurt yourself with.Also, ring buffers require little to no synchronization. The only part accessed concurrently by both sides are the read index and write index, and each of them is only written by one of the sides.So you really only need an atomic read and atomic write, and on may platforms aligned reads and writes are already atomic.
(DIR) Post #9jLXVuTe4mb6dl0ShM by zge@icosahedron.website
2019-05-30T20:00:49Z
0 likes, 0 repeats
@sir would you also say this is true for Go?
(DIR) Post #9jLXbYMfCeybnSQpPM by sir@cmpwn.com
2019-05-30T20:01:26Z
0 likes, 0 repeats
@zge yes, go's magic concurrency is one of the worst parts of go's design
(DIR) Post #9jLY36LIyukmzqvrQ8 by amiloradovsky@functional.cafe
2019-05-30T20:07:28Z
0 likes, 0 repeats
@Wolf480pl @sir I guess you're right.OTOH, ring buffers are probably how the queues are implemented, and one should use a library for that anyway, instead of implementing it by themselves.So this isn't a big difference whether the low-level manipulations are done by the kernel or a userland library. Actually the latter is preferred, performance- and security-wise.
(DIR) Post #9jLacuaoLQJit8O9AG by zge@icosahedron.website
2019-05-30T20:35:45Z
0 likes, 0 repeats
@sir well if that's not a contrarian opinion, I don't know that is.
(DIR) Post #9jLdPzCOCvxFGuUfR2 by sum_random@mastodon.technology
2019-05-30T21:07:01Z
1 likes, 1 repeats
@sir A: Smoke signals - letting the magic smoke out of a component, detecting it with the fire alarm system and having the firemen push the reset switch on the server.
(DIR) Post #9jLiXnQsL1JWrmoScC by pyrolagus@cmpwn.com
2019-05-30T22:05:02Z
0 likes, 0 repeats
@Wolf480pl @sir You could look into multikernels like http://www.barrelfish.org/ which use a kernel per core.
(DIR) Post #9jLjEziWXWeTQ1fMvI by Wolf480pl@niu.moe
2019-05-30T22:12:53Z
0 likes, 0 repeats
@pyrolagus @sir Considering meltdown, spectre, etc. I'd rather run kernel and only kernel on one core, and then userspace on the rest of the cores, one core per application. Syscalls would be done through ring buffers.
(DIR) Post #9jLjvTsslm0x8ulplA by mike@firebreathingduck.io
2019-05-30T20:42:24Z
0 likes, 0 repeats
@zge @sir I would have said the same thing a few weeks ago, now I'm not so sure. Go was supposed to make concurrent and parallel stuff easy, but this seems to indicate it's still highly error prone: https://blog.acolyer.org/2019/05/17/understanding-real-world-concurrency-bugs-in-go/
(DIR) Post #9jLjvU4a4HN7jCFAzg by zge@icosahedron.website
2019-05-30T21:14:39Z
0 likes, 0 repeats
@mike @sir Oh I'm by no means implying that Go is ideal, just that using a goroutine to handle a HTTP request (for example) makes more sense than to fork the entire process on a OS level.I guess there's a reason the Go team advocates for "share by communicating" rather than memory.
(DIR) Post #9jLjvUIlDYiMRAsV60 by sir@cmpwn.com
2019-05-30T22:19:51Z
0 likes, 0 repeats
@zge @mike you should 100% not fork the process to handle an HTTP request. You should use poll, or if necessary a combination of poll with a process pool and pipes
(DIR) Post #9jLklLpXxUElDrwa3M by zge@icosahedron.website
2019-05-30T22:29:16Z
0 likes, 0 repeats
@sir @mike but why is that superior to the approach net/http uses?
(DIR) Post #9jLm4V0q8xbR9mv8dM by sir@cmpwn.com
2019-05-30T22:42:47Z
0 likes, 0 repeats
@zge @mike it's not made out of footguns
(DIR) Post #9jMWtdGFpZDZOqS05g by sinnfrei@chaos.social
2019-05-31T07:28:30Z
0 likes, 0 repeats
@sir Use two mutexes as data an clock and emulate a serial data protocol 😁
(DIR) Post #9jNLo09YtvPQK5OPR2 by pyrolagus@cmpwn.com
2019-05-31T16:59:39Z
0 likes, 0 repeats
@Wolf480pl @sir I think that's actually a perfect use-case for multikernels. You could have one core with a "privileged" kernel that has access to IO and such, and the other cores have even smaller kernels that delegate those tasks to the privileged kernel. For extra security, you could even have a dedicated CPU that has access to IO and a dedicated RAM chip and one or more unprivileged CPUs that are isolated with their own RAM and no access to any IO. I'm not sure what the performance penalties would be.Some consoles have architectures approaching that - the Switch for instance has two ARM CPUs afaik, but I think they still use a single microkernel, and the cores aren't hardware isolated.Now that I think about it, it's kinda ridiculous how game consoles have more modern and secure operating systems than desktops..... The Switch has capability based microkernel, and what do we have? Lunix, Wandows, and OSiX. lame
(DIR) Post #9jNMJBm1kLjTL9FvG4 by Wolf480pl@niu.moe
2019-05-31T17:05:17Z
0 likes, 0 repeats
@pyrolagus From what I remember from the C3 presentations, the CPUs on Switch are physically isolated. The ARM9 has has its private RAM that's not accessible to the ARM11.And they run two separate instances of the kernel, even though both kernels are practically identical.
(DIR) Post #9jNMYw0e7pLf57bNY0 by Wolf480pl@niu.moe
2019-05-31T17:08:10Z
0 likes, 0 repeats
@pyrolagus As for why game consoles have more secure OSes - that's pretty simple:1. They don't need to maintain compatibility with existing 3rd party software, so they can redesign their APIs every few years any way they want.2. They are willing to spend a lot of resources (time, money) on security, and sacrifice a lot (of convenience, performance) in order to have strong DRM.
(DIR) Post #9jNMZtFDtH46nPsLxY by pyrolagus@cmpwn.com
2019-05-31T17:08:21Z
0 likes, 0 repeats
@Wolf480pl Oh, huh. That's really cool then. Seems I'll have to rewatch the C3 talk then.
(DIR) Post #9jNMeCwiaBVJ3dHMK9 by Wolf480pl@niu.moe
2019-05-31T17:09:08Z
0 likes, 0 repeats
@pyrolagus oh wait I was talking about 3DS not Switch.
(DIR) Post #9jNN75UHOPw8K4kR9M by Wolf480pl@niu.moe
2019-05-31T17:14:22Z
0 likes, 0 repeats
@pyrolagus Also, in the end, I don't think they're that much more secure than PC OSes, considering how quickly they get rooted.
(DIR) Post #9jNNCt4WSxEtYRSwz2 by pyrolagus@cmpwn.com
2019-05-31T17:15:24Z
0 likes, 0 repeats
@Wolf480pl Yeah, 1 is probably the major reason. Backwards compatibility is both a blessing and a curse. Kernels in userspace/rumpkernels (or even virtualization) may be a good technical solution, but you still need to keep things backwards compatible with the users...I don't think they're willing to sacrifice performance, since that's really important for consoles.
(DIR) Post #9jNNIrJBw2ovp5AtDU by Wolf480pl@niu.moe
2019-05-31T17:16:29Z
0 likes, 0 repeats
@pyrolagus I'm sure they'd have better performance in all code was running in kernelspace.
(DIR) Post #9jNO2hSKtmnmaRJK2S by pyrolagus@cmpwn.com
2019-05-31T17:24:45Z
0 likes, 0 repeats
@Wolf480pl Well, they're huge targets, and I don't think there's a non-Tegra vulnerability that gives full root on the Switch as of now.
(DIR) Post #9jNO9uN9H5FgfnJzVo by pyrolagus@cmpwn.com
2019-05-31T17:26:04Z
0 likes, 0 repeats
@Wolf480pl They sure would, but that doesn't mean that impacting performance significantly is an option either.
(DIR) Post #9jNOA0EVU7u8qjKAsK by Wolf480pl@niu.moe
2019-05-31T17:26:06Z
0 likes, 0 repeats
@pyrolagus hmm... another thing is, if you pwn a game console, you want to boast about it on C3.If you pwn Linux, you want to stay silent and take over the world.
(DIR) Post #9jNPK7KS3cFXhtUYN6 by pyrolagus@cmpwn.com
2019-05-31T17:39:06Z
0 likes, 0 repeats
@Wolf480pl Heh, Linux does get responsible disclosures, but while Linux can merely patch the kernel, Nintendo can completely rework their kernel or develop a new one that eliminates a whole class of vulnerabilities. Console OSes are only going to get safer and safer, which is cool but also kind of sad, because emulation and game archiving could end up dying :/
(DIR) Post #9jNPR95duLT3CDusoy by Wolf480pl@niu.moe
2019-05-31T17:40:20Z
0 likes, 0 repeats
@pyrolagus don't worry, incompetence is everywhere, and each rewrite of the OS is a new opportunity to create new fascinating bugs.