From: Darren Hart <dvhart@linux.intel.com>
To: "David C. Oliver" <david@rgmadvisors.com>
Cc: Thomas Gleixner <tglx@linutronix.de>,
Shawn Bohrer <sbohrer@rgmadvisors.com>,
KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>,
peterz@infradead.org, eric.dumazet@gmail.com,
linux-kernel@vger.kernel.org, zvonler@rgmadvisors.com,
hughd@google.com, mingo@elte.hu
Subject: Re: [PATCH v4] futex: Fix regression with read only mappings
Date: Thu, 30 Jun 2011 08:41:05 -0700 [thread overview]
Message-ID: <4E0C9911.7030907@linux.intel.com> (raw)
In-Reply-To: <70B461D3-FBA0-4055-AD84-D6F06E0D7BD6@rgmadvisors.com>
On 06/30/2011 07:02 AM, David C. Oliver wrote:
>
> On Jun 29, 2011, at 11:19 PM, Darren Hart wrote:
>
>>
>>
>> On 06/29/2011 04:38 PM, Thomas Gleixner wrote:
>>> On Wed, 29 Jun 2011, Shawn Bohrer wrote:
>>>>
>>>> While fixing the regression this patch opens up a possible bad
>>>> scenarios as identified by KOSAKI Motohiro:
>>>>
>>>> This patch also allows FUTEX_WAIT on RO private mappings which
>>>> have the following corner case.
>>>
>>> These two sentences make no sense at all. We really need a very
>>> accurate description of this change. That code is subtle and we
>>> really want to have a very clear and understandable changelog.
>>>
>>> Your changelog fails the basic test by mentioning "corner case"
>>> simply because the whole futex code consists only of corner
>>> cases.
>>>
>>> Thanks,
>>>
>>> tglx
>>
>> Yeah, those messages are quotes from Kosaki, but that isn't
>> apparent without having all the context. They are confusing. The
>> language needs to be cleaned up a bit as well.
>>
>> Shawn, I apologize for this as it was my idea to begin with, but
>> after rereading all of the previous patches from Kosaki, I realized
>> that the rw parameter was part of the original design (and not
>> newly introduced by your patch) and that cramming the FLAGS_RO flag
>> into the flags variables muddies the meaning of flags. flags is
>> meant to modify a particular futex call and ensure that call is
>> correctly restarted after a signal. The RO/RW bit pertains to the
>> calling function and does not vary from call to call. We should
>> revert back to the rw parameter using VERIFY_READ and
>> VERIFY_WRITE.
>>
>> How about this for a header (I'll leave it to Shawn to incorporate,
>> adjust, and resend):
>>
>> commit 7485d0d3758e8e6491a5c9468114e74dc050785d (futexes: Remove rw
>> parameter from get_futex_key()) in 2.6.33 introduced a user-mode
>> regression in that it broke futex operations on read-only memory
>> maps in addition to preventing a loop when encountering a
>> ZERO_PAGE. For example, this breaks workloads that have one or
>> more reader processes doing a FUTEX_WAIT on a futex within a read
>> only shared file mapping, and a writer processes that has a
>> writable mapping issuing the FUTEX_WAKE.
>>
>> This fixes the regression for valid futex operations on RO mappings
>> by trying a RO get_user_pages_fast() when the RW
>> get_user_pages_fast() fails. This change makes it necessary to also
>> check for invalid use cases, such as anonymous RO mappings (which
>> can never change) and the ZERO_PAGE which the commit referenced
>> above was written to address.
>>
>> This patch does restore the original behavior with RO private
>> mappings which suffer from the following corner case.
>>
>> Thread-A: call futex(FUTEX_WAIT, memory-region-A). get_futex_key()
>> returns an inode based key. sleep on the key Thread-B: call
>> mprotect(PROT_READ|PROT_WRITE, memory-region-A) Thread-B: write
>> memory-region-A. This process's memory-region-A gets remapped to a
>> COWed PageAnon=1 page. Thread-B: call futex(FUETX_WAKE,
>> memory-region-A).
> s/FUETEX_WAKE/FUTEX_WAIT/
>> get_futex_key() returns an mm based key. Thread-A is never woken as
>> it is waiting on a different key.
>
> If I follow this correctly, it implies that a FUTEX_WAIT on an RO
> private mapped futex will never return normally, as changing the
> futex's value will cause the COW behavior (leaving the value
> unchanged before doing the FUTEX_WAIT will not wake the waiter).
That is correct. Hopefully that isn't just implied. ;-) However, because
it is private, before the futex value can change, you also have to
change the RW policy. This "use case" makes no sense, and it was
determined that processes doing this deserve what they get.
--
Darren
>> Checking for a private mapping requires walking the vmas and was
>> deemed too costly to avoid a userspace hang in a nonsensical use
>> case.
>>
>> This Patch is based on Peter Zijlstra's initial patch with
>> modifications to only allow RO mappings for futex operations that
>> need VERIFY_READ access.
>>
>>
>> -- Darren Hart Intel Open Source Technology Center Yocto Project -
>> Linux Kernel
>
> Cheers!
>
> David.
>
> --------------------------------------------------------------- This
> email, along with any attachments, is confidential. If you believe
> you received this message in error, please contact the sender
> immediately and delete all copies of the message. Thank you.
>
--
Darren Hart
Intel Open Source Technology Center
Yocto Project - Linux Kernel
next prev parent reply other threads:[~2011-06-30 15:41 UTC|newest]
Thread overview: 89+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-06-06 14:28 Change in functionality of futex() system call David Oliver
2011-06-06 15:23 ` Eric Dumazet
2011-06-06 15:56 ` Shawn Bohrer
2011-06-06 16:11 ` Peter Zijlstra
2011-06-06 16:16 ` Peter Zijlstra
2011-06-06 16:22 ` Eric Dumazet
2011-06-06 16:29 ` Peter Zijlstra
2011-06-06 16:42 ` Eric Dumazet
2011-06-06 17:05 ` Peter Zijlstra
2011-06-06 17:11 ` Eric Dumazet
2011-06-06 17:27 ` Steven Rostedt
2011-06-06 17:56 ` Darren Hart
2011-06-06 18:23 ` Peter Zijlstra
2011-06-06 18:27 ` Eric Dumazet
2011-06-25 0:00 ` Darren Hart
2011-06-27 16:48 ` Shawn Bohrer
2011-06-06 17:53 ` Darren Hart
2011-06-06 18:11 ` Eric Dumazet
2011-06-07 3:13 ` Darren Hart
2011-06-07 3:49 ` Eric Dumazet
2011-06-07 14:44 ` Andy Lutomirski
2011-06-07 15:56 ` Darren Hart
2011-06-07 15:58 ` Eric Dumazet
2011-06-07 18:43 ` Andrew Lutomirski
2011-06-07 19:01 ` Darren Hart
2011-06-07 19:04 ` Andrew Lutomirski
2011-06-07 19:06 ` Eric Dumazet
2011-06-07 19:10 ` David Oliver
2011-06-07 19:19 ` Andrew Lutomirski
2011-06-07 19:33 ` David Oliver
2011-06-07 19:53 ` Andrew Lutomirski
2011-06-07 20:04 ` David Oliver
2011-06-07 20:12 ` Andrew Lutomirski
2011-06-07 22:26 ` Kyle Moffett
2011-06-08 15:20 ` David Oliver
2011-06-08 15:21 ` Andrew Lutomirski
2011-06-08 16:21 ` Darren Hart
2011-06-09 11:37 ` KOSAKI Motohiro
2011-06-09 12:05 ` Peter Zijlstra
2011-06-09 17:58 ` Peter Zijlstra
2011-06-10 3:30 ` KOSAKI Motohiro
2011-06-10 3:26 ` KOSAKI Motohiro
2011-06-07 18:30 ` Joel Becker
2011-06-09 12:05 ` Peter Zijlstra
2011-06-10 12:10 ` KOSAKI Motohiro
2011-06-10 17:29 ` Darren Hart
2011-06-13 2:11 ` KOSAKI Motohiro
2011-06-13 15:50 ` Darren Hart
2011-06-15 18:50 ` Shawn Bohrer
2011-06-15 18:54 ` Darren Hart
2011-06-17 13:40 ` Shawn Bohrer
2011-06-22 19:19 ` [PATCH RFC] futex: Fix regression with read only mappings Shawn Bohrer
2011-06-22 20:14 ` Darren Hart
2011-06-23 2:51 ` KOSAKI Motohiro
2011-06-23 15:26 ` Darren Hart
2011-06-23 19:49 ` Shawn Bohrer
2011-06-24 15:59 ` [PATCH v2] " Shawn Bohrer
2011-06-25 0:37 ` Darren Hart
2011-06-25 15:10 ` KOSAKI Motohiro
2011-06-27 16:40 ` Shawn Bohrer
2011-06-27 18:15 ` Peter Zijlstra
2011-06-27 20:41 ` Darren Hart
2011-06-27 21:08 ` Shawn Bohrer
2011-06-27 21:39 ` Darren Hart
2011-06-27 22:14 ` Shawn Bohrer
2011-06-27 23:17 ` Darren Hart
2011-06-27 22:22 ` [PATCH v3] " Shawn Bohrer
2011-06-28 10:54 ` Peter Zijlstra
2011-06-28 14:52 ` Darren Hart
2011-06-28 17:38 ` Shawn Bohrer
2011-06-28 20:58 ` Darren Hart
2011-06-28 23:55 ` Darren Hart
2011-06-29 14:56 ` Shawn Bohrer
2011-06-29 15:17 ` [PATCH v4] " Shawn Bohrer
2011-06-29 18:41 ` Darren Hart
2011-06-29 23:38 ` Thomas Gleixner
2011-06-30 4:19 ` Darren Hart
2011-06-30 14:02 ` David C. Oliver
2011-06-30 15:41 ` Darren Hart [this message]
2011-06-30 16:21 ` [PATCH v5] " Shawn Bohrer
2011-07-12 15:27 ` Shawn Bohrer
2011-07-25 15:20 ` Shawn Bohrer
2011-07-25 19:28 ` Thomas Gleixner
2011-07-26 19:04 ` [tip:core/urgent] " tip-bot for Shawn Bohrer
2011-06-28 10:50 ` [PATCH v2] " Peter Zijlstra
2011-06-28 14:19 ` Darren Hart
2011-06-28 14:23 ` Peter Zijlstra
2011-06-23 3:58 ` [PATCH RFC] " Shawn Bohrer
2011-06-23 3:23 ` Change in functionality of futex() system call KOSAKI Motohiro
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4E0C9911.7030907@linux.intel.com \
--to=dvhart@linux.intel.com \
--cc=david@rgmadvisors.com \
--cc=eric.dumazet@gmail.com \
--cc=hughd@google.com \
--cc=kosaki.motohiro@jp.fujitsu.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@elte.hu \
--cc=peterz@infradead.org \
--cc=sbohrer@rgmadvisors.com \
--cc=tglx@linutronix.de \
--cc=zvonler@rgmadvisors.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox