| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 7 Jun 2011 18:26:10 -0400 From: Kyle Moffett <kyle@...fetthome.net> To: Andrew Lutomirski <luto@....edu> Cc: David Oliver <david@...advisors.com>, Eric Dumazet <eric.dumazet@...il.com>, Darren Hart <dvhart@...ux.intel.com>, Peter Zijlstra <peterz@...radead.org>, linux-kernel@...r.kernel.org, Shawn Bohrer <sbohrer@...advisors.com>, Zachary Vonler <zvonler@...advisors.com>, KOSAKI Motohiro <kosaki.motohiro@...fujitsu.com>, Hugh Dickins <hughd@...gle.com>, Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...e.hu> Subject: Re: Change in functionality of futex() system call. On Tue, Jun 7, 2011 at 15:19, Andrew Lutomirski <luto@....edu> wrote: > On Tue, Jun 7, 2011 at 3:10 PM, David Oliver <david@...advisors.com> wrote: >> I have software which currently uses shared files for a one way >> transfer of information, which is modeled precisely by the futex (as >> contrasted to the mutex) model. In this case, the number of receivers >> is undetermined, so the number of wakeups is set to maxint. >> >> The receivers are minimally trusted: they have read access to the >> files, so they cannot accidentally affect other processes use of the >> data. Requiring my files to be writeable by all clients would require >> a serious increase in the amount of software needing to be trusted. > > What's wrong with adding a FUTEX_WAIT_NOCONSUME flag then? Your > program can use it to get exactly the semantics it wants and my > program can use it or not depending on which semantics it wants. > > Then we can document in the man page that, on kernels newer than > whichever version introduced the regression, read-only mappings of a > file cannot be used to interfere with futexes on that file. Hmm, I would actually call it "FUTEX_POLL", since that better reflects the operation being performed. Certainly you would want to avoid allowing FUTEX_POLL to "steal" limited wakeups from FUTEX_CMP_REQUEUE or whatever, so you also need a new "FUTEX_NOTIFY". Alternatively I guess you could just special-case the FUTEX_WAKE && wakeups == INTMAX combination to also notify FUTEX_POLL processes. I almost wonder if long-term there might possibly be some decent way to integrate this with eventfds to allow a thread to wait for notifications from any number of memory addresses as well as other event sources. This would be a similar extension to signalfd, only for futexes. Cheers, Kyle Moffett -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists