Re: [patch 0/6] lightweight robust futexes: -V3 - Why in userspace?

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: Ingo Molnar <mingo@elte.hu>
To: Esben Nielsen <simlo@phys.au.dk>
Cc: Arjan van de Ven <arjan@infradead.org>,
	Daniel Walker <dwalker@mvista.com>,
	linux-kernel@vger.kernel.org, Ulrich Drepper <drepper@redhat.com>,
	Thomas Gleixner <tglx@linutronix.de>,
	Andrew Morton <akpm@osdl.org>
Subject: Re: [patch 0/6] lightweight robust futexes: -V3 - Why in userspace?
Date: Fri, 17 Feb 2006 01:42:12 +0100	[thread overview]
Message-ID: <20060217004212.GC12143@elte.hu> (raw)
In-Reply-To: <Pine.OSF.4.05.10602170111450.22107-100000@da410>


* Esben Nielsen <simlo@phys.au.dk> wrote:

> > > > this is racy - we cannot know whether the PID wrapped around.
> > > >
> > > What about adding more bits to check on? The PID to lookup the task_t 
> > > and then some extra bits to uniquely identify the actual task.
> > 
> > which would just be a fancy name for a wider PID space, and would thus 
> > still not protect against PID reuse :-)
> > 
>
> Can it really be correct there is no way to uniquely identify a thread 
> in the uptime of the system? It could be done with BigIntegers :-)

well, that's how PIDs work. I'd have no problem with 64-bit PIDs/TIDs in 
theory, but besides a _massive_ ABI break (which makes the whole thing a 
non-starter), users would probably resist 'ps' output like:

 917239487098712349  tty8     Ss+    0:00 -bash
 1844674407370955161 tty9     Ss+    0:00 -bash
 1356415698798712343 tty10    Ss+    0:00 -bash

:-| Another problem is that futexes are fundamentally 32-bit, so there's 
no space in them for 64-bit TIDs ...

> > i'm not sure i follow - what list is this and how would it be 
> > maintained?
> 
> At the FUTEX_WAIT operation add the waiter to a list of waiters on the 
> owner's task_t. At FUTEX_WAKE remove the waiter. At task exit wake up 
> the waiters.

well, but even in this case the kernel has no idea (currently) about the 
owner - it is the waiters that have kernel state in this case. So extra 
code would have to be added to look up the TID, make sure the lookup is 
secure: check that the task looked up is really mapping that vma, and to 
queue waiters to the owner. Quite clumsy ... and this is still only the 
easy case, when the kernel is involved in the futex use.

> > > I admit your solution is a good one. The only drawback - besides being 
> > > untraditional - is that memory corruption can leave futexes locked at 
> > > exit.
> > 
> > so? Memory corruption can overwrite the futex value anyway, and can thus 
> > cause the wrong owner to be identified - causing a locked futex. This 
> > patch does not protect against bad effects of memory corruption - 
> > there's really no way to keep userspace from breaking itself.
> > 
> 
> At least you could wake up those who are already blocked in the 
> kernel...

which would be of little use if the wrong TID is in the futex. There's 
really no protection against userspace breaking itself.

	Ingo

next prev parent reply	other threads:[~2006-02-17  0:43 UTC|newest]

Thread overview: 30+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-02-16  9:41 [patch 0/6] lightweight robust futexes: -V3 Ingo Molnar
2006-02-16 16:33 ` Daniel Walker
2006-02-16 17:24   ` Ingo Molnar
2006-02-16 17:34     ` Daniel Walker
2006-02-16 19:06       ` [patch 0/6] lightweight robust futexes: -V3 - Why in userspace? Esben Nielsen
2006-02-16 19:34         ` Arjan van de Ven
2006-02-16 20:04           ` Esben Nielsen
2006-02-16 20:17             ` Esben Nielsen
2006-02-16 20:23             ` Christopher Friesen
2006-02-16 20:36             ` Ingo Molnar
2006-02-16 22:32               ` Esben Nielsen
2006-02-16 22:36                 ` Ingo Molnar
2006-02-16 23:20                   ` Esben Nielsen
2006-02-16 23:39                     ` Ingo Molnar
2006-02-17  0:20                       ` Esben Nielsen
2006-02-17  0:42                         ` Ingo Molnar [this message]
2006-02-17 23:47                     ` Andrew James Wade
2006-02-16 20:23       ` [patch 0/6] lightweight robust futexes: -V3 Ingo Molnar
2006-02-16 20:54         ` Daniel Walker
2006-02-16 21:26           ` Ingo Molnar
2006-02-16 21:50             ` Christopher Friesen
2006-02-16 21:55               ` Ingo Molnar
2006-02-16 20:47       ` Paul Jackson
2006-02-16 21:35         ` Ingo Molnar
2006-02-16 21:23 ` Paul Jackson
2006-02-16 21:50   ` Ingo Molnar
2006-02-17  4:56     ` Paul Jackson
2006-02-17  9:41       ` Ingo Molnar
2006-02-17 11:59       ` Ingo Molnar
2006-02-17 20:50         ` Paul Jackson

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20060217004212.GC12143@elte.hu \
    --to=mingo@elte.hu \
    --cc=akpm@osdl.org \
    --cc=arjan@infradead.org \
    --cc=drepper@redhat.com \
    --cc=dwalker@mvista.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=simlo@phys.au.dk \
    --cc=tglx@linutronix.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox