From: Jamie Lokier <jamie@shareable.org>
To: Linus Torvalds <torvalds@osdl.org>
Cc: Linus Torvalds <torvalds@transmeta.com>,
Rusty Russell <rusty@rustcorp.com.au>,
Hugh Dickins <hugh@veritas.com>,
Ulrich Drepper <drepper@redhat.com>,
Andrew Morton <akpm@osdl.org>,
Stephen Hemminger <shemminger@osdl.org>,
Linux Kernel <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH] Make futex waiters take an mm or inode reference
Date: Mon, 8 Sep 2003 21:00:30 +0100 [thread overview]
Message-ID: <20030908200030.GG27097@mail.jlokier.co.uk> (raw)
In-Reply-To: <Pine.LNX.4.44.0309081144390.3202-100000@home.osdl.org>
Linus Torvalds wrote:
> So is there any reason to really having "private.mm" AT ALL? From what I
> can tell, it is not actually ever used (all "mm" users are "current->mm"),
> so I don't see the point of incrementing a count for it either.
>
> Or did I miss something?
Yes. The hash table is global to all processes, so "mm" is needed as
a hash key whether it is user-visible or not.
A process can do FUTEX_FD and then pass that fd to another mm, in
numerous ways (fork, exec, socket). Although that does have a
well-defined behaviour at present, I agree it's absolutely fine to
declare that "programmer error" and say it doesn't do anything useful.
But the implemenation is a security problem: a broken program will
cause _other_ unrelated programs to fail, by stealing their wakeups.
That is very bad. A userspace error should never cause random
unrelated programs to fail.
Possible fixes include:
- destroying futexes of an mm when the mm is destroyed
- marking the fds in a special way to prevent them being passed on
- taking an mm reference
Taking an mm reference is the simplest.
-- Jamie
next prev parent reply other threads:[~2003-09-08 20:01 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-09-08 18:20 [PATCH] Make futex waiters take an mm or inode reference Jamie Lokier
2003-09-08 18:34 ` Jamie Lokier
2003-09-08 18:52 ` Linus Torvalds
2003-09-08 20:00 ` Jamie Lokier [this message]
2003-09-09 4:02 ` Rusty Russell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20030908200030.GG27097@mail.jlokier.co.uk \
--to=jamie@shareable.org \
--cc=akpm@osdl.org \
--cc=drepper@redhat.com \
--cc=hugh@veritas.com \
--cc=linux-kernel@vger.kernel.org \
--cc=rusty@rustcorp.com.au \
--cc=shemminger@osdl.org \
--cc=torvalds@osdl.org \
--cc=torvalds@transmeta.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox