public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed
From: Florian Weimer <fweimer@redhat.com>
To: "André Almeida" <andrealmeid@igalia.com>
Cc: Thomas Gleixner <tglx@linutronix.de>,
	 Ingo Molnar <mingo@redhat.com>,
	Peter Zijlstra <peterz@infradead.org>,
	 Darren Hart <dvhart@infradead.org>,
	 Davidlohr Bueso <dave@stgolabs.net>,
	 Arnd Bergmann <arnd@arndb.de>,
	 sonicadvance1@gmail.com, linux-kernel@vger.kernel.org,
	 kernel-dev@igalia.com, linux-api@vger.kernel.org,
	 Nathan Chancellor <nathan@kernel.org>
Subject: Re: [PATCH v2 0/3] futex: Create set_robust_list2
Date: Sat, 02 Nov 2024 22:58:42 +0100	[thread overview]
Message-ID: <87ldy170x9.fsf@oldenburg.str.redhat.com> (raw)
In-Reply-To: <20241101162147.284993-1-andrealmeid@igalia.com> ("André Almeida"'s message of "Fri, 1 Nov 2024 13:21:44 -0300")

* André Almeida:

> 1) x86 apps can have 32bit pointers robust lists. For a x86-64 kernel
>    this is not a problem, because of the compat entry point. But there's
>    no such compat entry point for AArch64, so the kernel would do the
>    pointer arithmetic wrongly. Is also unviable to userspace to keep
>    track every addition/removal to the robust list and keep a 64bit
>    version of it somewhere else to feed the kernel. Thus, the new
>    interface has an option of telling the kernel if the list is filled
>    with 32bit or 64bit pointers.

The size is typically different for 32-bit and 64-bit mode (12 vs 24
bytes).  Why isn't this enough to disambiguate?

> 2) Apps can set just one robust list (in theory, x86-64 can set two if
>    they also use the compat entry point). That means that when a x86 app
>    asks FEX-Emu to call set_robust_list(), FEX have two options: to
>    overwrite their own robust list pointer and make the app robust, or
>    to ignore the app robust list and keep the emulator robust. The new
>    interface allows for multiple robust lists per application, solving
>    this.

Can't you avoid mixing emulated and general userspace code on the same
thread?  On emulator threads, you have full control over the TCB.

QEMU hints towards further problems (in linux-user/syscall.c):

    case TARGET_NR_set_robust_list:
    case TARGET_NR_get_robust_list:
        /* The ABI for supporting robust futexes has userspace pass
         * the kernel a pointer to a linked list which is updated by
         * userspace after the syscall; the list is walked by the kernel
         * when the thread exits. Since the linked list in QEMU guest
         * memory isn't a valid linked list for the host and we have
         * no way to reliably intercept the thread-death event, we can't
         * support these. Silently return ENOSYS so that guest userspace
         * falls back to a non-robust futex implementation (which should
         * be OK except in the corner case of the guest crashing while
         * holding a mutex that is shared with another process via
         * shared memory).
         */
        return -TARGET_ENOSYS;

The glibc implementation is not really prepared for this
(__ASSUME_SET_ROBUST_LIST is defined for must architectures).  But a
couple of years ago, we had a bunch of kernels that regressed robust
list support on POWER, and I think we found out only when we tested an
unrelated glibc update and saw unexpected glibc test suite failures …

Thanks,
Florian


  parent reply	other threads:[~2024-11-02 21:59 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-11-01 16:21 [PATCH v2 0/3] futex: Create set_robust_list2 André Almeida
2024-11-01 16:21 ` [PATCH v2 1/3] futex: Use explicit sizes for compat_exit_robust_list André Almeida
2024-11-02  5:44   ` kernel test robot
2024-11-02 14:57   ` kernel test robot
2024-11-01 16:21 ` [PATCH v2 2/3] futex: Create set_robust_list2 André Almeida
2024-11-02 16:40   ` kernel test robot
2024-11-04 11:22   ` Peter Zijlstra
2024-11-04 21:55     ` André Almeida
2024-11-05 12:10       ` Peter Zijlstra
2024-11-01 16:21 ` [PATCH v2 3/3] futex: Wire up set_robust_list2 syscall André Almeida
2024-11-02  5:13   ` kernel test robot
2024-11-02  6:05   ` kernel test robot
2024-11-02 21:58 ` Florian Weimer [this message]
2024-11-04 11:32   ` [PATCH v2 0/3] futex: Create set_robust_list2 Peter Zijlstra
2024-11-04 11:56     ` Peter Zijlstra
2024-11-04 12:36     ` Florian Weimer
2024-11-05 12:18       ` Peter Zijlstra
2024-11-04 21:49   ` André Almeida

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87ldy170x9.fsf@oldenburg.str.redhat.com \
    --to=fweimer@redhat.com \
    --cc=andrealmeid@igalia.com \
    --cc=arnd@arndb.de \
    --cc=dave@stgolabs.net \
    --cc=dvhart@infradead.org \
    --cc=kernel-dev@igalia.com \
    --cc=linux-api@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mingo@redhat.com \
    --cc=nathan@kernel.org \
    --cc=peterz@infradead.org \
    --cc=sonicadvance1@gmail.com \
    --cc=tglx@linutronix.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox