From: "Jₑₙₛ Gustedt" <jens.gustedt@inria.fr>
To: Alejandro Colomar <alx@kernel.org>
Cc: <linux-man@vger.kernel.org>
Subject: bug in futex.2, FUTEX_CMP_REQUEUE
Date: Tue, 27 May 2025 11:53:03 +0200 [thread overview]
Message-ID: <20250527115303.3304206e@inria.fr> (raw)
Hello Alex and everybody,
I stumbled upon this confusing text in the futex man page
Typical values to specify for `val` are `0` or `1`. (Specifying
`INT_MAX` is not useful, because it would make the
`FUTEX_CMP_REQUEUE` operation equivalent to `FUTEX_WAKE`.) The
limit value specified via `val2` is typically either `1` or
`INT_MAX`. (Specifying the argument as `0` is not useful, because
it would make the `FUTEX_CMP_REQUEUE` operation equivalent to
`FUTEX_WAIT`.)
The `FUTEX_CMP_REQUEUE` operation was added as a replacement for the
earlier `FUTEX_REQUEUE`. The difference is that the check of the
value at `uaddr` can be used to ensure that requeueing happens only
under certain conditions, which allows race conditions to be avoided
in certain use cases.
This has several issues, the most severe beeing the word `FUTEX_WAIT`.
- How can an operation that only does wakes, ever be equivalent to a
wait?
But then, even if we assume that both subphrases mean to talk about
`FUTEX_WAKE`, the assumption that this can ever be equivalent is
bogus. In fact `FUTEX_CMP_REQUEUE` checks for `val3` still being
pressent in the memory location, which `FUTEX_WAKE` doesn't.
So I think that specifying any of the values that are pointed out in
this paragraph can make sense, because of the added comparison to
`val3`.
I suggest to change to something along
The limit value specified via `val2` is typically either `1` or
`INT_MAX`. Specifying the argument as `0` makes the
`FUTEX_CMP_REQUEUE` operation equivalent to `FUTEX_WAKE`, only that
the operation then also ensures an atomic check for `*uaddr ==
val3`. Typical values to specify for `val` are `0`, `1` or
`INT_MAX`.
The `FUTEX_CMP_REQUEUE` operation was added as a replacement for the
earlier `FUTEX_REQUEUE`. The difference is that the check of the
value at `uaddr` can be used to ensure that requeueing happens only
under certain conditions, which allows race conditions to be avoided
in certain use cases. In particular, a combination of `val == 1`
and `val2 == 0` is similar to the operation of `pthread_cond_signal`
with an additional check for `val3`; `val == 1` and `val2 ==
INT_MAX` is similar to `pthread_cond_broadcast` with such a check.
Thanks
Jₑₙₛ
--
:: ICube :::::::::::::::::::::::::::::: deputy director ::
:: Université de Strasbourg :::::::::::::::::::::: ICPS ::
:: INRIA antenne de Strasbourg :::::::::::::::::: Camus ::
:: INRIA PIQ program Strasbourg :::::::::: piq.inria.fr ::
:: :::::::::::::::::::::::::::::::::::: ☎ +33 368854536 ::
:: https://icube-icps.unistra.fr/index.php/Jens_Gustedt ::
next reply other threads:[~2025-05-27 9:54 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-05-27 9:53 Jₑₙₛ Gustedt [this message]
2025-05-27 11:30 ` bug in futex.2, FUTEX_CMP_REQUEUE Carlos O'Donell
2025-05-27 12:21 ` Jₑₙₛ Gustedt
2025-05-27 12:28 ` Carlos O'Donell
2025-05-27 12:23 ` Alejandro Colomar
2025-05-27 12:35 ` Carlos O'Donell
2025-05-27 12:01 ` Alejandro Colomar
2025-05-27 12:12 ` Carlos O'Donell
2025-05-27 12:28 ` Jₑₙₛ Gustedt
2025-05-27 12:37 ` Carlos O'Donell
2025-05-27 12:51 ` Alejandro Colomar
2025-05-27 12:54 ` Carlos O'Donell
2025-05-27 12:28 ` Alejandro Colomar
2025-05-27 12:42 ` Carlos O'Donell
2025-05-27 12:57 ` Alejandro Colomar
2025-05-27 12:59 ` Alejandro Colomar
2025-05-27 13:07 ` Jₑₙₛ Gustedt
2025-05-29 23:35 ` Alejandro Colomar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250527115303.3304206e@inria.fr \
--to=jens.gustedt@inria.fr \
--cc=alx@kernel.org \
--cc=linux-man@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox