lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <55B9DDF7.4010308@gmail.com>
Date:	Thu, 30 Jul 2015 10:19:03 +0200
From:	"Michael Kerrisk (man-pages)" <mtk.manpages@...il.com>
To:	Darren Hart <dvhart@...radead.org>,
	Thomas Gleixner <tglx@...utronix.de>
CC:	mtk.manpages@...il.com, Torvald Riegel <triegel@...hat.com>,
	Carlos O'Donell <carlos@...hat.com>,
	Ingo Molnar <mingo@...e.hu>, Jakub Jelinek <jakub@...hat.com>,
	linux-man <linux-man@...r.kernel.org>,
	lkml <linux-kernel@...r.kernel.org>,
	Davidlohr Bueso <dave@...olabs.net>,
	Arnd Bergmann <arnd@...db.de>,
	Steven Rostedt <rostedt@...dmis.org>,
	Peter Zijlstra <peterz@...radead.org>,
	Linux API <linux-api@...r.kernel.org>,
	Roland McGrath <roland@...k.frob.com>,
	Anton Blanchard <anton@...ba.org>,
	Eric Dumazet <edumazet@...gle.com>,
	bill o gallmeister <bgallmeister@...il.com>,
	Jan Kiszka <jan.kiszka@...mens.com>,
	Daniel Wagner <wagi@...om.org>, Rich Felker <dalias@...c.org>,
	Andy Lutomirski <luto@...capital.net>,
	bert hubert <bert.hubert@...herlabs.nl>,
	Rusty Russell <rusty@...tcorp.com.au>,
	Heinrich Schuchardt <xypron.glpk@....de>
Subject: Re: Next round: revised futex(2) man page for review

On 07/29/2015 06:21 AM, Darren Hart wrote:
> On Tue, Jul 28, 2015 at 09:11:41PM -0700, Darren Hart wrote:
>> On Tue, Jul 28, 2015 at 10:23:51PM +0200, Thomas Gleixner wrote:
>>> On Mon, 27 Jul 2015, Michael Kerrisk (man-pages) wrote:
>>
>> ...
>>
>>>>        FUTEX_REQUEUE (since Linux 2.6.0)
>>>> .\" FIXME(Torvald) Is there some indication that FUTEX_REQUEUE is broken
>>>> .\"     in general, or is this comment implicitly speaking about the
>>>> .\"     condvar (?) use case? If the latter we might want to weaken the
>>>> .\"     advice below a little.
>>>> .\" [Anyone else have input on this?]
>>>
>>> The condvar use case exposes the flaw nicely, but that's pretty much
>>> true for everything which wants a sane requeue operation.
>>
>> In an earlier discussion I argued this point (that FUTURE_REQUEUE is broken and
>> should not be used in new code) and someone argued strongly against... stating
>> that there were legitimate uses for it. Of course I'm struggling to find the
>> thread and the reference at the moment - immensely useful, I know.
>>
>> I'll continue trying to find it and see if it can be useful here. I believe
>> Torvald was on the thread as well.
>>
> 
> Found it on libc-alpha, here it is for reference:
> 
> 	From: Rich Felker <dalias@...c.org>
> 	Date: Wed, 29 Oct 2014 22:43:17 -0400
> 	To: Darren Hart <dvhart@...radead.org>
> 	Cc: Carlos O'Donell <carlos@...hat.com>, Roland McGrath <roland@...k.frob.com>,
> 	Torvald Riegel <triegel@...hat.com>, GLIBC Devel <libc-alpha@...rceware.org>,
> 	Michael Kerrisk <mtk.manpages@...il.com>
> 	Subject: Re: Add futex wrapper to glibc?
> 
> 	On Wed, Oct 29, 2014 at 06:59:15PM -0700, Darren Hart wrote:
> 	> > We are IMO at the stage where futex is stable, few things are
> 	> > changing, and with documentation in place, I would consider adding a
> 	> > futex wrapper.
> 	> 
> 	> Yes, at least for the defined OP codes. New OPs may be added of
> 	> course, but that isn't a concern for supporting what exists today, and
> 	> doesn't break compatibility.
> 	> 
> 	> I wonder though... can we not wrap FUTEX_REQUEUE? It's fundamentally
> 	> broken.  FUTEX_CMP_REQUEUE should *always* be used instead. The glibc
> 	> wrapper is one way to encourage developers to do the right thing
> 	> (don't expose the bad op in the header).
> 
> 	You're mistaken here. There are plenty of valid ways to use
> 	FUTEX_REQUEUE - for example if the calling thread is requeuing the
> 	target(s) to a lock that the calling thread owns. Just because it
> 	doesn't meet the needs of the way glibc was using it internally
> 	doesn't mean it's useless for other applications.
> 
> 	In any case, I don't think there's a proposal to intercept/modify the
> 	commands to futex, just to pass them through (and possibly do a
> 	cancellable syscall for some of them).
> 
> 	Rich
> 
> 
>>>
>>>>               Avoid using this operation.  It is broken for its intended
>>>>               purpose.  Use FUTEX_CMP_REQUEUE instead.
>>>>
>>>>               This    operation    performs    the    same    task    as
>>>>               FUTEX_CMP_REQUEUE, except that no check is made using  the
>>>>               value in val3.  (The argument val3 is ignored.)

Thanks, Darren, that's really helpful! I've removed the statement in the man
page that FUTEX_REQUEUE is broken.

By the way, Darren. There were a couple of FIXMEs in the page where you are
explicitly mentioned by name. Could you take a look at those? Specifically,
the large block of text starting at:

    >> .\" FIXME XXX The following is my attempt at a definition of PI futexes,
    >> .\"       based on mail discussions with Darren Hart. Does it seem okay?

   (tglx looked at this and blessed it, but I'd like you also to check.)

Cheers,

Michael


-- 
Michael Kerrisk
Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/
Linux/UNIX System Programming Training: http://man7.org/training/
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ