From: Darren Hart <dvhltc@us.ibm.com>
To: Peter Zijlstra <peterz@infradead.org>
Cc: linux-kernel@vger.kernel.org,
Thomas Gleixner <tglx@linutronix.de>, Ingo Molnar <mingo@elte.hu>,
Rusty Russell <rusty@rustcorp.com.au>,
Nick Piggin <npiggin@suse.de>
Subject: Re: [PATCH] RFC: futex fault handling and futex key references (NOT FOR INCLUSION)
Date: Fri, 09 Jan 2009 21:54:04 -0800 [thread overview]
Message-ID: <496837FC.6010405@us.ibm.com> (raw)
In-Reply-To: <1231538564.29452.16.camel@twins>
Peter Zijlstra wrote:
> On Thu, 2009-01-08 at 23:52 -0800, Darren Hart wrote:
>> While trying to bend my brain around the various layers of fault handling in
>> futex.c, I think I may have uncovered some logical errors (or at least stale
>> code sections). I've attached two patches that address the alleged problems
>> against linux-tip/core/futexes. They are based on the following assumption:
>>
>> Since the uaddr passed to a futex function isn't updated within the function,
>> and the mm doesn't change while we're in there,
>
> That's not quite true, you _can_ change the memory map by issuing
> concurrent mmap/munmap/mremap etc.. calls from another thread.
Well, what I meant was that the pointer "current->mm" doesn't change,
since that is what we store in the futex key union.
> The thing is, afaik futexes have never been completely safe wrt
> concurrent mm modifications -- that is, as long as we fail the futex op
> with -EFAULT or similar and not crash the kernel we're good.
>
>> there should never be a need to
>> make repeat calls to futex_get_key(). Even if the queue_lock is dropped, the
>> futex_q might lose it's waiter (requeued) but the key stays the same.
>
> Yes, so when we assume the mmap stable (and fail the op whenever that
> assumption proves false) we can say the futex keys are stable and should
> never need recomputation.
And if I understand correctly, we would catch this scenario any time we
try to use uaddr and find it faulting (during the cmpxchg* calls for
example). If the mmap changes too much, we'll exhaust our fault
tolerance (3) and exit with -EFAULT back to userspace.
Sound right?
Thanks for the review Peter,
--
Darren Hart
IBM Linux Technology Center
Real-Time Linux Team
prev parent reply other threads:[~2009-01-10 5:54 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-01-09 7:52 [PATCH] RFC: futex fault handling and futex key references (NOT FOR INCLUSION) Darren Hart
2009-01-09 7:52 ` [PATCH 1/2] RFC: Fix futex_wake_op fault handling " Darren Hart
2009-01-09 7:52 ` [PATCH 2/2] RFC: Fix futex_lock_pi " Darren Hart
2009-01-09 22:02 ` [PATCH] RFC: futex fault handling and futex key references " Peter Zijlstra
2009-01-10 5:54 ` Darren Hart [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=496837FC.6010405@us.ibm.com \
--to=dvhltc@us.ibm.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@elte.hu \
--cc=npiggin@suse.de \
--cc=peterz@infradead.org \
--cc=rusty@rustcorp.com.au \
--cc=tglx@linutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.