From: Thomas Gleixner <tglx@kernel.org>
To: "Mathieu Desnoyers" <mathieu.desnoyers@efficios.com>,
"André Almeida" <andrealmeid@igalia.com>
Cc: linux-kernel@vger.kernel.org, Carlos O'Donell <carlos@redhat.com>,
Sebastian Andrzej Siewior <bigeasy@linutronix.de>,
Peter Zijlstra <peterz@infradead.org>,
Florian Weimer <fweimer@redhat.com>,
Rich Felker <dalias@aerifal.cx>,
Torvald Riegel <triegel@redhat.com>,
Darren Hart <dvhart@infradead.org>,
Ingo Molnar <mingo@redhat.com>,
Davidlohr Bueso <dave@stgolabs.net>,
Arnd Bergmann <arnd@arndb.de>,
"Liam R . Howlett" <Liam.Howlett@oracle.com>
Subject: Re: [RFC PATCH] futex: Introduce __vdso_robust_futex_unlock
Date: Mon, 16 Mar 2026 23:19:39 +0100 [thread overview]
Message-ID: <87ms07o1s4.ffs@tglx> (raw)
In-Reply-To: <d5710bac-74c3-4a56-b2ac-196c765a87c1@efficios.com>
On Mon, Mar 16 2026 at 17:01, Mathieu Desnoyers wrote:
> On 2026-03-16 16:27, Thomas Gleixner wrote:
>> On Mon, Mar 16 2026 at 15:36, Mathieu Desnoyers wrote:
>>> On 2026-03-16 13:12, Thomas Gleixner wrote:
>>>> sys_exit() is different because there a task voluntarily exits and if
>>>> it does so between the unlock and the clearing of the op pointer,
>>>> then so be it. That'd be wilfull ignorance or malice and not any
>>>> different from the task doing the corruption itself in user space
>>>> right away.
>>>
>>> I'm not sure about this one. How about the two following scenario:
>>> A concurrent thread calls sys_exit concurrently with the vdso. Is this
>>> something we should handle or consider it "wilfull ignorance/malice" ?
>>
>> I don't understand your question. What has the exit to do with the VDSO?
>
> You mentioned that "if a task exits between unlock and clearing of the op
> pointer, then so be it".
>
> But that exit could be issued by another thread, not necessarily by the
> thread doing the unlock + pointer clear.
>
> But I understand that your series takes care of this by:
>
> - clearing the op pointer within the futex syscall,
> - tracking the insn range and ZF state within the vDSO.
>
> I'm fine with your approach, I was just not sure about your comment
> about it being "different" for sys_exit.
What I clearly described is the sequence:
set_pointer();
unlock();
sys_exit();
The kernel does not care about that at all as that's what user space
asked for. That is clearly in the category of "I want to shoot myself
into the foot".
The only case where the kernel has to provide help to user space is the
involuntary exit caused by a crash or external signal between unlock()
and clear_pointer(). Simply because there is no way that user space can
solve that problem on its own.
If you want to prevent user space from shooting itself into the foot
then the above crude scenario is the least of your problems.
Thanks,
tglx
next prev parent reply other threads:[~2026-03-16 22:19 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-11 18:54 [RFC PATCH] futex: Introduce __vdso_robust_futex_unlock Mathieu Desnoyers
2026-03-11 20:11 ` Mathieu Desnoyers
2026-03-12 8:49 ` Florian Weimer
2026-03-12 13:13 ` Mathieu Desnoyers
2026-03-12 14:12 ` Florian Weimer
2026-03-12 14:14 ` André Almeida
2026-03-12 16:09 ` Mathieu Desnoyers
2026-03-12 13:46 ` André Almeida
2026-03-12 14:04 ` Mathieu Desnoyers
2026-03-12 18:40 ` Mathieu Desnoyers
2026-03-12 18:58 ` André Almeida
2026-03-12 19:10 ` Thomas Gleixner
2026-03-12 19:16 ` Mathieu Desnoyers
2026-03-13 8:20 ` Florian Weimer
2026-03-12 20:19 ` Thomas Gleixner
2026-03-12 21:28 ` Mathieu Desnoyers
2026-03-12 22:23 ` Thomas Gleixner
2026-03-12 22:52 ` Mathieu Desnoyers
2026-03-13 12:12 ` Sebastian Andrzej Siewior
2026-03-13 12:17 ` Mathieu Desnoyers
2026-03-13 13:29 ` Sebastian Andrzej Siewior
2026-03-13 13:35 ` Mathieu Desnoyers
2026-03-16 17:12 ` Thomas Gleixner
2026-03-16 19:36 ` Mathieu Desnoyers
2026-03-16 20:27 ` Thomas Gleixner
2026-03-16 21:01 ` Mathieu Desnoyers
2026-03-16 22:19 ` Thomas Gleixner [this message]
2026-03-16 22:30 ` Mathieu Desnoyers
2026-03-16 23:29 ` Thomas Gleixner
2026-03-20 18:13 ` Mathieu Desnoyers
2026-03-24 21:35 ` Thomas Gleixner
2026-03-25 14:12 ` Mathieu Desnoyers
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87ms07o1s4.ffs@tglx \
--to=tglx@kernel.org \
--cc=Liam.Howlett@oracle.com \
--cc=andrealmeid@igalia.com \
--cc=arnd@arndb.de \
--cc=bigeasy@linutronix.de \
--cc=carlos@redhat.com \
--cc=dalias@aerifal.cx \
--cc=dave@stgolabs.net \
--cc=dvhart@infradead.org \
--cc=fweimer@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mathieu.desnoyers@efficios.com \
--cc=mingo@redhat.com \
--cc=peterz@infradead.org \
--cc=triegel@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox