From: Darren Hart <dvhltc@us.ibm.com>
To: Ingo Molnar <mingo@elte.hu>
Cc: Peter Zijlstra <peterz@infradead.org>,
Oleg Nesterov <oleg@redhat.com>,
Andrew Morton <akpm@linux-foundation.org>,
Linus Torvalds <torvalds@linux-foundation.org>,
Thomas Gleixner <tglx@linutronix.de>,
Anirban Sinha <ani@anirban.org>,
linux-kernel@vger.kernel.org, Kaz Kylheku <kaz@zeugmasystems.com>,
Anirban Sinha <asinha@zeugmasystems.com>
Subject: Re: futex question
Date: Mon, 05 Oct 2009 07:09:23 -0700 [thread overview]
Message-ID: <4AC9FE13.6060109@us.ibm.com> (raw)
In-Reply-To: <20091005122436.GA5626@elte.hu>
Ingo Molnar wrote:
> * Peter Zijlstra <peterz@infradead.org> wrote:
>
>> On Mon, 2009-10-05 at 13:59 +0200, Thomas Gleixner wrote:
>>
>>> Stared at the same place a minute ago :) But still I wonder if it's
>>> a good idea to silently release locks and set the state to OWNERDEAD
>>> instead of hitting the app programmer with a big clue stick in case
>>> the app holds locks when calling execve().
>> Agreed, I rather like the feedback. With regular exit like things
>> there's just not much we can do to avoid the mess, but here we can
>> actually avoid it, seems a waste not to do so.
>
> Well, exec() has been a 'exit() + boot-strap next process' kind of thing
> from the get go - with little state carried over into the new task. This
> has security and robustness reasons as well.
>
> So i think exec() should release all existing state, unless told
> otherwise. Making it behave differently for robust futexes sounds
> assymetric to me.
>
> It might make sense though - a 'prevent exec because you are holding
> locks!' thing. Dunno.
>
> Cc:-ed a few execve() semantics experts who might want to chime in.
>
> If a (buggy) app calls execve() with a (robust) futex still held should
> we auto-force-release robust locks held, or fail the exec with an error
> code? I think the forced release is a 'anomalous exit' thing mostly,
> while calling exec() is not anomalous at all.
My first thought earlier in the thread was that changing the exec
behavior to fail if either a robust or pi futex is held would be liable
to break existing applications. I can now see the argument that such
apps are broken already, and if they aren't hanging, it's simply because
they are hacking around it.
I think the semantics work for robust mutexes, if you exec, the exec'ing
"thread" is effectively dead, so EOWNERDEAD makes sense.
This doesn't seem to work for PI futexes, unless they are also Robust of
course. Here I would expect a userspace application to hang.
The only locking related statements made in the SUS or our Linux man
pages is in regards to named semaphores. And here it is only said that
the semaphore will be closed like a call to sem_close(). sem_close(3)
doesn't specify a return value if the semaphore is held when called.
The closing of message queues and canceling of any pending asynchronous
I/O might provide precedent for just unlocking held locks and moving on
in the case of PI. EOWNERDEAD still makes more sense to me from a robust
point of view.
And from the ignorant-fool department, the docs refer to replacing the
"process image" on execve, doesn't that mean that if there are 20
threads in a process and one of them calls execve that all 20 are
destroyed? If so, then we are only concerned with
PTHREAD_PROCESS_SHARED futexes, since none of the private futexes will
have any users after the execve.
--
Darren Hart
IBM Linux Technology Center
Real-Time Linux Team
next prev parent reply other threads:[~2009-10-05 14:10 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-09-30 1:10 futex question Anirban Sinha
2009-10-01 9:22 ` Ingo Molnar
2009-10-01 16:54 ` Anirban Sinha
2009-10-01 23:46 ` Anirban Sinha
2009-10-02 23:38 ` Darren Hart
2009-10-03 0:36 ` Anirban Sinha
2009-10-03 4:14 ` Eric Dumazet
2009-10-04 8:44 ` Thomas Gleixner
[not found] ` <DDFD17CC94A9BD49A82147DDF7D545C501F457C5@exchange.ZeugmaSystems.local>
2009-10-04 16:37 ` Anirban Sinha
2009-10-04 16:59 ` Thomas Gleixner
2009-10-05 10:36 ` Peter Zijlstra
2009-10-05 10:56 ` Thomas Gleixner
2009-10-05 11:16 ` Peter Zijlstra
2009-10-05 11:19 ` Ingo Molnar
2009-10-05 11:50 ` Thomas Gleixner
2009-10-05 11:47 ` Thomas Gleixner
2009-10-05 13:11 ` Anirban Sinha
2009-10-05 13:28 ` Thomas Gleixner
2009-10-05 14:03 ` Anirban Sinha
2009-10-05 18:36 ` Anirban Sinha
2009-10-05 11:58 ` Peter Zijlstra
2009-10-05 11:59 ` Thomas Gleixner
2009-10-05 12:18 ` Peter Zijlstra
2009-10-05 12:24 ` Ingo Molnar
2009-10-05 14:09 ` Darren Hart [this message]
2009-10-05 18:11 ` Anirban Sinha
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4AC9FE13.6060109@us.ibm.com \
--to=dvhltc@us.ibm.com \
--cc=akpm@linux-foundation.org \
--cc=ani@anirban.org \
--cc=asinha@zeugmasystems.com \
--cc=kaz@zeugmasystems.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@elte.hu \
--cc=oleg@redhat.com \
--cc=peterz@infradead.org \
--cc=tglx@linutronix.de \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).