lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <56701916.4090203@gmail.com>
Date:	Tue, 15 Dec 2015 14:43:50 +0100
From:	"Michael Kerrisk (man-pages)" <mtk.manpages@...il.com>
To:	Thomas Gleixner <tglx@...utronix.de>,
	Darren Hart <dvhart@...radead.org>,
	Torvald Riegel <triegel@...hat.com>
CC:	mtk.manpages@...il.com, lkml <linux-kernel@...r.kernel.org>,
	libc-alpha <libc-alpha@...rceware.org>,
	linux-man <linux-man@...r.kernel.org>,
	Carlos O'Donell <carlos@...hat.com>,
	Roland McGrath <roland@...k.frob.com>,
	Davidlohr Bueso <dave@...olabs.net>,
	Jakub Jelinek <jakub@...hat.com>, Ingo Molnar <mingo@...e.hu>,
	bill o gallmeister <bgallmeister@...il.com>,
	bert hubert <bert.hubert@...herlabs.nl>,
	Jan Kiszka <jan.kiszka@...mens.com>,
	Eric Dumazet <edumazet@...gle.com>,
	Arnd Bergmann <arnd@...db.de>,
	Rusty Russell <rusty@...tcorp.com.au>,
	Heinrich Schuchardt <xypron.glpk@....de>,
	Andy Lutomirski <luto@...capital.net>,
	Daniel Wagner <wagi@...om.org>,
	Anton Blanchard <anton@...ba.org>,
	Steven Rostedt <rostedt@...dmis.org>,
	Rich Felker <dalias@...c.org>,
	Jonathan Wakely <jwakely@...hat.com>,
	Mike Frysinger <vapier@...too.org>
Subject: futex(3) man page, final draft for pre-release review

Hello all,

After much too long a time, the revised futex man page *will*
go out in the next man pages release (it has been merged
into master).

There are various places where the page could still be improved,
but it is much better (and more than 5 times longer) than the
existing page.

The rendered version of the page is shown below, so that people
can make any final comments/suggestions for improvements
before the release (but of course I'll also take any
improvements after release as well). The page source is
available from the Git repo 
(http://git.kernel.org/cgit/docs/man-pages/man-pages.git).

As I mention above, there are various places where the page
could still be better, so the rendered text below is annotated
with some FIXMEs, in case anyone wants to address these before
release.

Thanks

Michael


   NAME
       futex - fast user-space locking

   SYNOPSIS
       #include <linux/futex.h>
       #include <sys/time.h>

       int futex(int *uaddr, int futex_op, int val,
                 const struct timespec *timeout,   /* or: uint32_t val2 */
                 int *uaddr2, int val3);

       Note: There is no glibc wrapper for this system call; see NOTES.

   DESCRIPTION
       The  futex()  system  call  provides a method for waiting until a
       certain condition becomes true.  It is typically used as a block‐
       ing  construct  in  the context of shared-memory synchronization.
       When using futexes, the majority of  the  synchronization  opera‐
       tions  are  performed  in  user  space.   The  user-space program
       employs the futex() system call only when it is likely  that  the
       program  has  to  block  for  a  longer  time until the condition
       becomes true.  The program uses another futex() operation to wake
       anyone waiting for a particular condition.

       A futex is a 32-bit value—referred to below as a futex word—whose
       address is supplied to the futex() system call.  (Futexes are  32
       bits  in  size  on all platforms, including 64-bit systems.)  All
       futex operations are governed by this value.  In order to share a
       futex  between  processes,  the  futex  is  placed in a region of
       shared memory, created using (for example) mmap(2)  or  shmat(2).
       (Thus,  the  futex  word  may have different virtual addresses in
       different processes, but these addresses all refer  to  the  same
       location  in physical memory.)  In a multithreaded program, it is
       sufficient to place the futex word in a global variable shared by
       all threads.

       When executing a futex operation that requests to block a thread,
       the kernel will block only if the futex word has the  value  that
       the  calling  thread  supplied  (as  one  of the arguments of the
       futex() call) as the expected value of the futex word.  The load‐
       ing  of the futex word's value, the comparison of that value with
       the expected value, and the actual blocking  will  happen  atomi‐

FIXME: for next line, it would be good to have an explanation of
"totally ordered" somewhere around here.

       cally  and totally ordered with respect to concurrently executing
       futex operations on the same futex word.  Thus, the futex word is
       used to connect the synchronization in user space with the imple‐
       mentation of blocking by the kernel.  Analogously  to  an  atomic
       compare-and-exchange  operation  that  potentially changes shared
       memory, blocking via a futex is an atomic compare-and-block oper‐
       ation.

       One  use  of futexes is for implementing locks.  The state of the
       lock (i.e., acquired or not acquired) can be  represented  as  an
       atomically  accessed  flag  in shared memory.  In the uncontended
       case, a thread can access or modify the lock  state  with  atomic
       instructions,   for  example  atomically  changing  it  from  not
       acquired  to  acquired  using  an   atomic   compare-and-exchange
       instruction.   (Such  instructions are performed entirely in user
       mode, and the kernel maintains  no  information  about  the  lock
       state.)   On  the other hand, a thread may be unable to acquire a
       lock because it is already acquired by another thread.   It  then
       may pass the lock's flag as a futex word and the value represent‐
       ing the acquired state as the expected value to  a  futex()  wait
       operation.   This futex() call will block if and only if the lock
       is still acquired.  When releasing the  lock,  a  thread  has  to
       first  reset  the  lock  state to not acquired and then execute a
       futex operation that wakes threads blocked on the lock flag  used
       as a futex word (this can be be further optimized to avoid unnec‐
       essary wake-ups).  See futex(7) for more detail  on  how  to  use
       futexes.

       Besides the basic wait and wake-up futex functionality, there are
       further futex operations aimed at  supporting  more  complex  use
       cases.

       Note that no explicit initialization or destruction are necessary
       to use futexes; the kernel maintains a futex (i.e.,  the  kernel-
       internal  implementation  artifact) only while operations such as
       FUTEX_WAIT, described below, are being performed on a  particular
       futex word.

   Arguments
       The  uaddr  argument points to the futex word.  On all platforms,
       futexes are four-byte integers that must be aligned  on  a  four-
       byte  boundary.   The operation to perform on the futex is speci‐
       fied in the futex_op argument; val is a value whose  meaning  and
       purpose depends on futex_op.

       The  remaining arguments (timeout, uaddr2, and val3) are required
       only for certain of the futex operations described below.   Where
       one of these arguments is not required, it is ignored.

       For  several  blocking  operations,  the  timeout  argument  is a
       pointer to a timespec structure that specifies a timeout for  the
       operation.   However,  notwithstanding the prototype shown above,
       for some operations, the least significant four bytes are used as
       an  integer  whose  meaning  is determined by the operation.  For
       these operations, the kernel casts the  timeout  value  first  to
       unsigned  long,  then  to  uint32_t, and in the remainder of this
       page, this argument is referred to as val2  when  interpreted  in
       this fashion.

       Where  it is required, the uaddr2 argument is a pointer to a sec‐
       ond futex word that is employed by the operation.  The  interpre‐
       tation of the final integer argument, val3, depends on the opera‐
       tion.

   Futex operations
       The futex_op argument consists of two parts: a command that spec‐
       ifies  the  operation to be performed, bit-wise ORed with zero or
       or more options that modify the behaviour of the operation.   The
       options that may be included in futex_op are as follows:

       FUTEX_PRIVATE_FLAG (since Linux 2.6.22)
              This option bit can be employed with all futex operations.
              It tells the kernel that the futex is process-private  and
              not  shared  with  another process (i.e., it is being used
              for synchronization  only  between  threads  of  the  same
              process).   This allows the kernel to make some additional
              performance optimizations.

              As a convenience, <linux/futex.h> defines a  set  of  con‐
              stants  with  the  suffix _PRIVATE that are equivalents of
              all  of  the  operations  listed  below,  but   with   the
              FUTEX_PRIVATE_FLAG  ORed  into  the constant value.  Thus,
              there are FUTEX_WAIT_PRIVATE, FUTEX_WAKE_PRIVATE,  and  so
              on.

       FUTEX_CLOCK_REALTIME (since Linux 2.6.28)
              This   option   bit   can   be   employed  only  with  the
              FUTEX_WAIT_BITSET and FUTEX_WAIT_REQUEUE_PI operations.

              If this option is set, the kernel  treats  timeout  as  an
              absolute time based on CLOCK_REALTIME.

              If  this  option  is not set, the kernel treats timeout as
              relative time, measured against the CLOCK_MONOTONIC clock.

       The operation specified in futex_op is one of the following:

       FUTEX_WAIT (since Linux 2.6.0)
              This operation tests that the  value  at  the  futex  word
              pointed  to  by  the  address  uaddr  still  contains  the
              expected value val, and if so, then sleeps waiting  for  a
              FUTEX_WAKE  operation  on the futex word.  The load of the
              value of the futex word is an atomic memory access  (i.e.,
              using atomic machine instructions of the respective archi‐
              tecture).  This load, the  comparison  with  the  expected
              value,  and starting to sleep are performed atomically and
              totally ordered with respect to other futex operations  on
              the same futex word.  If the thread starts to sleep, it is
              considered a waiter on this  futex  word.   If  the  futex
              value  does not match val, then the call fails immediately
              with the error EAGAIN.

              The purpose of the comparison with the expected  value  is
              to  prevent  lost wake-ups.  If another thread changed the
              value of the futex word after the calling  thread  decided
              to block based on the prior value, and if the other thread
              executed a FUTEX_WAKE operation (or similar wake-up) after
              the  value  change  and  before this FUTEX_WAIT operation,
              then the latter will observe the value change and will not
              start to sleep.

              If  the timeout argument is non-NULL, its contents specify
              a relative timeout for the wait, measured according to the
              CLOCK_MONOTONIC  clock.  (This interval will be rounded up
              to the system clock granularity, and is guaranteed not  to
              expire early.)  If timeout is NULL, the call blocks indef‐
              initely.

              The arguments uaddr2 and val3 are ignored.


       FUTEX_WAKE (since Linux 2.6.0)
              This operation wakes at most val of the waiters  that  are
              waiting (e.g., inside FUTEX_WAIT) on the futex word at the
              address uaddr.  Most commonly, val is specified as  either
              1  (wake up a single waiter) or INT_MAX (wake up all wait‐
              ers).  No guarantee is provided about  which  waiters  are
              awoken  (e.g.,  a waiter with a higher scheduling priority
              is not guaranteed to be awoken in preference to  a  waiter
              with a lower priority).

              The arguments timeout, uaddr2, and val3 are ignored.


       FUTEX_FD (from Linux 2.6.0 up to and including Linux 2.6.25)
              This  operation  creates a file descriptor that is associ‐
              ated with the futex at uaddr.  The caller must  close  the
              returned  file descriptor after use.  When another process
              or thread performs a FUTEX_WAKE on  the  futex  word,  the
              file   descriptor   indicates   as   being  readable  with
              select(2), poll(2), and epoll(7)

              The file descriptor can be  used  to  obtain  asynchronous
              notifications:  if  val  is  nonzero,  then,  when another
              process or thread executes a FUTEX_WAKE, the  caller  will
              receive the signal number that was passed in val.

              The arguments timeout, uaddr2 and val3 are ignored.

              Because  it was inherently racy, FUTEX_FD has been removed
              from Linux 2.6.26 onward.

       FUTEX_REQUEUE (since Linux 2.6.0)
              This operation performs the same task as FUTEX_CMP_REQUEUE
              (see  below), except that no check is made using the value
              in val3.  (The argument val3 is ignored.)

       FUTEX_CMP_REQUEUE (since Linux 2.6.7)
              This operation first checks  whether  the  location  uaddr
              still  contains  the  value  val3.   If not, the operation
              fails with the error  EAGAIN.   Otherwise,  the  operation
              wakes  up a maximum of val waiters that are waiting on the
              futex at uaddr.  If there are more than val waiters,  then
              the  remaining  waiters are removed from the wait queue of
              the source futex at uaddr and added to the wait  queue  of
              the  target  futex at uaddr2.  The val2 argument specifies
              an upper limit on the number of waiters that are  requeued
              to the futex at uaddr2.

              The  load  from  uaddr  is  an atomic memory access (i.e.,
              using atomic machine instructions of the respective archi‐
              tecture).   This  load,  the comparison with val3, and the
              requeueing of any waiters  are  performed  atomically  and
              totally  ordered  with  respect to other operations on the
              same futex word.

              Typical values to specify for val are 0 or or 1.   (Speci‐
              fying  INT_MAX  is  not  useful, because it would make the
              FUTEX_CMP_REQUEUE  operation  equivalent  to  FUTEX_WAKE.)
              The  limit  value specified via val2 is typically either 1
              or INT_MAX.  (Specifying the argument as 0 is not  useful,
              because  it  would  make  the  FUTEX_CMP_REQUEUE operation
              equivalent to FUTEX_WAIT.)

              The FUTEX_CMP_REQUEUE operation was added as a replacement
              for the earlier FUTEX_REQUEUE.  The difference is that the
              check of the value at uaddr can be  used  to  ensure  that
              requeueing  happens  only  under certain conditions, which
              allows race conditions to be avoided in certain use cases.

              Both FUTEX_REQUEUE and FUTEX_CMP_REQUEUE can  be  used  to
              avoid  "thundering  herd"  wake-ups  that could occur when
              using FUTEX_WAKE in cases where all of  the  waiters  that
              are  woken  need  to  acquire another futex.  Consider the
              following scenario,  where  multiple  waiter  threads  are
              waiting on B, a wait queue implemented using a futex:

                  lock(A)
                  while (!check_value(V)) {
                      unlock(A);
                      block_on(B);
                      lock(A);
                  };
                  unlock(A);

              If  a waker thread used FUTEX_WAKE, then all waiters wait‐
              ing on B would be woken up, and they would would  all  try
              to  acquire lock A.  However, waking all of the threads in
              this manner would be pointless because all except  one  of
              the  threads  would immediately block on lock A again.  By
              contrast, a requeue operation wakes just  one  waiter  and
              moves  the  other  waiters  to  lock A, and when the woken
              waiter unlocks A then the next waiter can proceed.

       FUTEX_WAKE_OP (since Linux 2.6.14)
              This operation was added to support  some  user-space  use
              cases  where  more  than  one futex must be handled at the
              same time.  The most notable example is the implementation
              of  pthread_cond_signal(3),  which  requires operations on
              two futexes, the one used to implement the mutex  and  the
              one  used  in the implementation of the wait queue associ‐
              ated with the condition  variable.   FUTEX_WAKE_OP  allows
              such cases to be implemented without leading to high rates
              of contention and context switching.

              The FUTEX_WAIT_OP operation is equivalent to executing the
              following code atomically and totally ordered with respect
              to other futex operations on any of the two supplied futex
              words:

                  int oldval = *(int *) uaddr2;
                  *(int *) uaddr2 = oldval op oparg;
                  futex(uaddr, FUTEX_WAKE, val, 0, 0, 0);
                  if (oldval cmp cmparg)
                      futex(uaddr2, FUTEX_WAKE, val2, 0, 0, 0);

              In other words, FUTEX_WAIT_OP does the following:

              *  saves  the  original  value of the futex word at uaddr2
                 and performs an operation to modify the  value  of  the
                 futex  at  uaddr2;  this is an atomic read-modify-write
                 memory access (i.e., using atomic machine  instructions
                 of the respective architecture)

              *  wakes  up a maximum of val waiters on the futex for the
                 futex word at uaddr; and

              *  dependent on the results of  a  test  of  the  original
                 value  of  the futex word at uaddr2, wakes up a maximum
                 of val2 waiters on the futex  for  the  futex  word  at
                 uaddr2.

              The  operation and comparison that are to be performed are
              encoded in the bits of the  argument  val3.   Pictorially,
              the encoding is:

                      +---+---+-----------+-----------+
                      |op |cmp|   oparg   |  cmparg   |
                      +---+---+-----------+-----------+
                        4   4       12          12    <== # of bits

              Expressed in code, the encoding is:

                  #define FUTEX_OP(op, oparg, cmp, cmparg) \
                                  (((op & 0xf) << 28) | \
                                  ((cmp & 0xf) << 24) | \
                                  ((oparg & 0xfff) << 12) | \
                                  (cmparg & 0xfff))

              In  the above, op and cmp are each one of the codes listed
              below.   The  oparg  and  cmparg  components  are  literal
              numeric values, except as noted below.

              The op component has one of the following values:

                  FUTEX_OP_SET        0  /* uaddr2 = oparg; */
                  FUTEX_OP_ADD        1  /* uaddr2 += oparg; */
                  FUTEX_OP_OR         2  /* uaddr2 |= oparg; */
                  FUTEX_OP_ANDN       3  /* uaddr2 &= ~oparg; */
                  FUTEX_OP_XOR        4  /* uaddr2 ^= oparg; */

              In  addition,  bit-wise  ORing the following value into op
              causes (1 << oparg) to be used as the operand:

                  FUTEX_OP_ARG_SHIFT  8  /* Use (1 << oparg) as operand */

              The cmp field is one of the following:

                  FUTEX_OP_CMP_EQ     0  /* if (oldval == cmparg) wake */
                  FUTEX_OP_CMP_NE     1  /* if (oldval != cmparg) wake */
                  FUTEX_OP_CMP_LT     2  /* if (oldval < cmparg) wake */
                  FUTEX_OP_CMP_LE     3  /* if (oldval <= cmparg) wake */
                  FUTEX_OP_CMP_GT     4  /* if (oldval > cmparg) wake */
                  FUTEX_OP_CMP_GE     5  /* if (oldval >= cmparg) wake */

              The return value of FUTEX_WAKE_OP is the sum of the number
              of  waiters  woken  on  the futex uaddr plus the number of
              waiters woken on the futex uaddr2.

       FUTEX_WAIT_BITSET (since Linux 2.6.25)
              This operation is like FUTEX_WAIT except that val3 is used
              to  provide a 32-bit bitset to the kernel.  This bitset is
              stored in the kernel-internal state of  the  waiter.   See
              the description of FUTEX_WAKE_BITSET for further details.

              The  FUTEX_WAIT_BITSET operation also interprets the time‐
              out argument differently from FUTEX_WAIT.  See the discus‐
              sion of FUTEX_CLOCK_REALTIME, above.

              The uaddr2 argument is ignored.

       FUTEX_WAKE_BITSET (since Linux 2.6.25)
              This  operation  is the same as FUTEX_WAKE except that the
              val3 argument is used to provide a 32-bit  bitset  to  the
              kernel.   This  bitset  is  used  to  select which waiters
              should be woken up.  The selection is done by  a  bit-wise
              AND of the "wake" bitset (i.e., the value in val3) and the
              bitset which is stored in the kernel-internal state of the
              waiter    (the   "wait"   bitset   that   is   set   using
              FUTEX_WAIT_BITSET).  All of  the  waiters  for  which  the
              result  of  the AND is nonzero are woken up; the remaining
              waiters are left sleeping.

              The effect of FUTEX_WAIT_BITSET and  FUTEX_WAKE_BITSET  is
              to  allow  selective  wake-ups among multiple waiters that
              are blocked  on  the  same  futex.   However,  note  that,
              depending  on  the  use case, employing this bitset multi‐
              plexing feature on a futex can be less efficient than sim‐
              ply  using multiple futexes, because employing bitset mul‐
              tiplexing requires the kernel to check all  waiters  on  a
              futex,  including  those  that are not interested in being
              woken up (i.e., they do not have the relevant bit  set  in
              their "wait" bitset).

              The uaddr2 and timeout arguments are ignored.

              The  FUTEX_WAIT  and  FUTEX_WAKE  operations correspond to
              FUTEX_WAIT_BITSET and FUTEX_WAKE_BITSET  operations  where
              the bitsets are all ones.

   Priority-inheritance futexes
       Linux supports priority-inheritance (PI) futexes in order to han‐
       dle priority-inversion problems that can be encountered with nor‐
       mal  futex  locks.  Priority inversion is the problem that occurs
       when a high-priority task is blocked waiting to  acquire  a  lock
       held  by a low-priority task, while tasks at an intermediate pri‐
       ority continuously preempt the low-priority task  from  the  CPU.
       Consequently,  the  low-priority  task  makes  no progress toward
       releasing the lock, and the high-priority task remains blocked.

       Priority inheritance is a mechanism for dealing with  the  prior‐
       ity-inversion problem.  With this mechanism, when a high-priority
       task becomes blocked by a lock held by a low-priority  task,  the
       priority  of  the low-priority task is temporarily raised to that
       of the high-priority task, so that it is  not  preempted  by  any
       intermediate  level  tasks,  and  can  thus  make progress toward
       releasing the lock.  To be effective, priority  inheritance  must
       be  transitive,  meaning that if a high-priority task blocks on a
       lock held by a lower-priority task that is itself  blocked  by  a
       lock  held  by another intermediate-priority task (and so on, for
       chains of arbitrary length), then both of those  tasks  (or  more
       generally,  all  of the tasks in a lock chain) have their priori‐
       ties raised to be the same as the high-priority task.

       From a user-space perspective, what makes a futex PI-aware  is  a
       policy  agreement  (described  below)  between user space and the
       kernel about the value of the futex word, coupled with the use of
       the PI-futex operations described below.  (Unlike the other futex
       operations described above, the PI-futex operations are  designed
       for the implementation of very specific IPC mechanisms.)

       The  PI-futex  operations  described  below differ from the other
       futex operations in that they impose policy on  the  use  of  the
       value of the futex word:

       *  If  the  lock is not acquired, the futex word's value shall be
          0.

       *  If the lock is acquired, the futex word's value shall  be  the
          thread ID (TID; see gettid(2)) of the owning thread.

       *  If  the lock is owned and there are threads contending for the
          lock, then the FUTEX_WAITERS bit shall be  set  in  the  futex
          word's value; in other words, this value is:

              FUTEX_WAITERS | TID


          (Note that is invalid for a PI futex word to have no owner and
          FUTEX_WAITERS set.)

       With this policy in place, a user-space application  can  acquire
       an  unacquired  lock  or release a lock using atomic instructions
       executed in user mode (e.g., a compare-and-swap operation such as
       cmpxchg  on  the x86 architecture).  Acquiring a lock simply con‐
       sists of using  compare-and-swap  to  atomically  set  the  futex
       word's  value  to  the  caller's TID if its previous value was 0.
       Releasing a lock requires using compare-and-swap to set the futex
       word's value to 0 if the previous value was the expected TID.

       If a futex is already acquired (i.e., has a nonzero value), wait‐
       ers must employ the FUTEX_LOCK_PI operation to acquire the  lock.
       If other threads are waiting for the lock, then the FUTEX_WAITERS
       bit is set in the futex value; in this case, the lock owner  must
       employ the FUTEX_UNLOCK_PI operation to release the lock.

       In  the  cases  where  callers  are forced into the kernel (i.e.,
       required to perform a futex() call), they then deal directly with
       a so-called RT-mutex, a kernel locking mechanism which implements
       the required priority-inheritance semantics.  After the  RT-mutex
       is  acquired,  the futex value is updated accordingly, before the
       calling thread returns to user space.

       It is important to note that the kernel  will  update  the  futex
       word's  value  prior  to returning to user space.  (This prevents
       the possibility of the futex word's value ending up in an invalid
       state,  such  as having an owner but the value being 0, or having
       waiters but not having the FUTEX_WAITERS bit set.)

       If a futex has an associated RT-mutex in the kernel (i.e.,  there
       are  blocked  waiters)  and  the owner of the futex/RT-mutex dies
       unexpectedly, then the kernel cleans up the RT-mutex and hands it
       over  to  the  next waiter.  This in turn requires that the user-
       space value is updated accordingly.  To  indicate  that  this  is
       required,  the  kernel sets the FUTEX_OWNER_DIED bit in the futex
       word along with the thread ID of the new owner.   User  space  is
       then responsible for cleaning up the stale state left over by the
       dead owner.

       PI futexes are operated on by specifying one of the values listed
       below  in  futex_op.   Note  that the PI futex operations must be
       used as paired operations and  are  subject  to  some  additional
       requirements:

       *  FUTEX_LOCK_PI  and FUTEX_TRYLOCK_PI pair with FUTEX_UNLOCK_PI.
          FUTEX_UNLOCK_PI must be called only on a futex  owned  by  the
          calling  thread, as defined by the value policy, otherwise the
          error EPERM results.

       *  FUTEX_WAIT_REQUEUE_PI pairs with  FUTEX_CMP_REQUEUE_PI.   This
          must  be  performed from a non-PI futex to a distinct PI futex
          (or the error EINVAL results).  Additionally, val (the  number
          of  waiters  to  be  woken)  must  be  1  (or the error EINVAL
          results).

       The PI futex operations are as follows:

       FUTEX_LOCK_PI (since Linux 2.6.18)
              This operation is used after after an attempt  to  acquire
              the  lock  via  an  atomic  user-mode  instruction  failed
              because the futex word has a  nonzero  value—specifically,
              because  it  contained the (PID-namespace-specific) TID of
              the lock owner.

              The operation checks the value of the futex  word  at  the
              address  uaddr.   If the value is 0, then the kernel tries
              to atomically set the futex value to the caller's TID.  If
              the  futex  word's value is nonzero, the kernel atomically
              sets the FUTEX_WAITERS bit, which signals the futex  owner
              that  it  cannot unlock the futex in user space atomically
              by setting the futex value to 0.  After that, the kernel:

              1. Tries to find the thread which is associated  with  the
                 owner TID.

              2. Creates  or reuses kernel state on behalf of the owner.
                 (If this is the first waiter, there is no kernel  state
                 for  this  futex, so kernel state is created by locking
                 the RT-mutex and the futex owner is made the  owner  of
                 the  RT-mutex.  If there are existing waiters, then the
                 existing state is reused.)

              3. Attaches the waiter to the futex (i.e., the  waiter  is
                 enqueued on the RT-mutex waiter list).

              If  more  than  one  waiter  exists, the enqueueing of the
              waiter is in descending priority order.  (For  information
              on   priority   ordering,   see   the  discussion  of  the
              SCHED_DEADLINE, SCHED_FIFO, and SCHED_RR scheduling  poli‐
              cies in sched(7).)  The owner inherits either the waiter's
              CPU bandwidth  (if  the  waiter  is  scheduled  under  the
              SCHED_DEADLINE  policy)  or  the waiter's priority (if the
              waiter is scheduled under the SCHED_RR or SCHED_FIFO  pol‐
              icy).  This inheritance follows the lock chain in the case
              of nested locking and performs deadlock detection.

              The timeout argument  provides  a  timeout  for  the  lock
              attempt.   It is interpreted as an absolute time, measured
              against the CLOCK_REALTIME clock.  If timeout is NULL, the
              operation will block indefinitely.

              The uaddr2, val, and val3 arguments are ignored.

       FUTEX_TRYLOCK_PI (since Linux 2.6.18)
              This operation tries to acquire the futex at uaddr.  It is
              invoked when a user-space atomic acquire did  not  succeed
              because the futex word was not 0.


FIXME(Next sentence) The wording "The trylock in kernel" below 
needs clarification. Suggestions?

              The trylock in kernel might succeed because the futex word
              contains     stale     state     (FUTEX_WAITERS     and/or
              FUTEX_OWNER_DIED).   This can happen when the owner of the
              futex died.  User space cannot handle this condition in  a
              race-free  manner,  but  the  kernel  can  fix this up and
              acquire the futex.

              The uaddr2, val, timeout, and val3 arguments are ignored.

       FUTEX_UNLOCK_PI (since Linux 2.6.18)
              This operation wakes the top priority waiter that is wait‐
              ing  in FUTEX_LOCK_PI on the futex address provided by the
              uaddr argument.

              This is called when the user-space value at  uaddr  cannot
              be changed atomically from a TID (of the owner) to 0.

              The uaddr2, val, timeout, and val3 arguments are ignored.

       FUTEX_CMP_REQUEUE_PI (since Linux 2.6.31)
              This operation is a PI-aware variant of FUTEX_CMP_REQUEUE.
              It    requeues    waiters    that    are    blocked    via
              FUTEX_WAIT_REQUEUE_PI  on uaddr from a non-PI source futex
              (uaddr) to a PI target futex (uaddr2).

              As with FUTEX_CMP_REQUEUE, this operation wakes up a maxi‐
              mum of val waiters that are waiting on the futex at uaddr.
              However, for FUTEX_CMP_REQUEUE_PI, val is required to be 1
              (since the main point is to avoid a thundering herd).  The
              remaining waiters are removed from the wait queue  of  the
              source  futex  at uaddr and added to the wait queue of the
              target futex at uaddr2.

              The val2 and val3 arguments serve the same purposes as for
              FUTEX_CMP_REQUEUE.

       FUTEX_WAIT_REQUEUE_PI (since Linux 2.6.31)
              Wait  on  a  non-PI  futex  at  uaddr  and  potentially be
              requeued (via a FUTEX_CMP_REQUEUE_PI operation in  another
              task)  onto  a  PI futex at uaddr2.  The wait operation on
              uaddr is the same as for FUTEX_WAIT.

              The waiter can be removed from the wait on  uaddr  without
              requeueing on uaddr2 via a FUTEX_WAKE operation in another
              task.  In this case, the  FUTEX_WAIT_REQUEUE_PI  operation
              returns with the error EWOULDBLOCK.

              If  timeout  is  not  NULL, it specifies a timeout for the
              wait operation; this timeout is  interpreted  as  outlined
              above  in  the  description  of  the  FUTEX_CLOCK_REALTIME
              option.  If timeout  is  NULL,  the  operation  can  block
              indefinitely.

              The val3 argument is ignored.

              The  FUTEX_WAIT_REQUEUE_PI  and  FUTEX_CMP_REQUEUE_PI were
              added to support a fairly specific use case:  support  for
              priority-inheritance-aware  POSIX  threads condition vari‐
              ables.  The idea is that these operations should always be
              paired,  in order to ensure that user space and the kernel
              remain in sync.  Thus, in the FUTEX_WAIT_REQUEUE_PI opera‐
              tion,  the user-space application pre-specifies the target
              of   the    requeue    that    takes    place    in    the
              FUTEX_CMP_REQUEUE_PI operation.

   RETURN VALUE
       In  the  event of an error (and assuming that futex() was invoked
       via syscall(2)), all operations return -1 and set errno to  indi‐
       cate the cause of the error.

       The  return  value  on  success  depends  on  the  operation,  as
       described in the following list:

       FUTEX_WAIT
              Returns 0 if the caller was woken up.  Note that a wake-up
              can also be caused by common futex usage patterns in unre‐
              lated code that happened to have previously used the futex
              word's  memory  location (e.g., typical futex-based imple‐
              mentations of Pthreads mutexes can cause this  under  some
              conditions).   Therefore,  callers should always conserva‐
              tively assume that a return value of 0 can mean a spurious
              wake-up,  and  use  the futex word's value (i.e., the user
              space synchronization scheme)
                  to decide whether to continue to block or not.

       FUTEX_WAKE
              Returns the number of waiters that were woken up.

       FUTEX_FD
              Returns the new file descriptor associated with the futex.

       FUTEX_REQUEUE
              Returns the number of waiters that were woken up.

       FUTEX_CMP_REQUEUE
              Returns the total number of waiters that were woken up  or
              requeued  to  the  futex for the futex word at uaddr2.  If
              this value is greater than val, then the difference is the
              number of waiters requeued to the futex for the futex word
              at uaddr2.

       FUTEX_WAKE_OP
              Returns the total number of waiters that  were  woken  up.
              This  is  the  sum of the woken waiters on the two futexes
              for the futex words at uaddr and uaddr2.

       FUTEX_WAIT_BITSET
              Returns 0 if the caller was woken up.  See FUTEX_WAIT  for
              how to interpret this correctly in practice.

       FUTEX_WAKE_BITSET
              Returns the number of waiters that were woken up.

       FUTEX_LOCK_PI
              Returns 0 if the futex was successfully locked.

       FUTEX_TRYLOCK_PI
              Returns 0 if the futex was successfully locked.

       FUTEX_UNLOCK_PI
              Returns 0 if the futex was successfully unlocked.

       FUTEX_CMP_REQUEUE_PI
              Returns  the total number of waiters that were woken up or
              requeued to the futex for the futex word  at  uaddr2.   If
              this  value  is  greater  than val, then difference is the
              number of waiters requeued to the futex for the futex word
              at uaddr2.

       FUTEX_WAIT_REQUEUE_PI
              Returns  0  if the caller was successfully requeued to the
              futex for the futex word at uaddr2.

   ERRORS
       EACCES No read access to the memory of a futex word.

       EAGAIN (FUTEX_WAIT, FUTEX_WAIT_BITSET, FUTEX_WAIT_REQUEUE_PI) The
              value  pointed  to  by uaddr was not equal to the expected
              value val at the time of the call.

              Note: on Linux, the symbolic names EAGAIN and  EWOULDBLOCK
              (both  of  which  appear  in different parts of the kernel
              futex code) have the same value.

       EAGAIN (FUTEX_CMP_REQUEUE,   FUTEX_CMP_REQUEUE_PI)   The    value
              pointed  to  by  uaddr  is not equal to the expected value
              val3.

       EAGAIN (FUTEX_LOCK_PI,  FUTEX_TRYLOCK_PI,   FUTEX_CMP_REQUEUE_PI)
              The    futex    owner    thread    ID    of   uaddr   (for
              FUTEX_CMP_REQUEUE_PI: uaddr2) is about to  exit,  but  has
              not yet handled the internal state cleanup.  Try again.

       EDEADLK
              (FUTEX_LOCK_PI,   FUTEX_TRYLOCK_PI,  FUTEX_CMP_REQUEUE_PI)
              The futex word at uaddr is already locked by the caller.

       EDEADLK
              (FUTEX_CMP_REQUEUE_PI) While requeueing a waiter to the PI
              futex  for the futex word at uaddr2, the kernel detected a
              deadlock.

       EFAULT A required pointer argument (i.e., uaddr, uaddr2, or time‐
              out) did not point to a valid user-space address.

       EINTR  A  FUTEX_WAIT  or  FUTEX_WAIT_BITSET  operation was inter‐
              rupted by a signal (see  signal(7)).   In  kernels  before
              Linux  2.6.22,  this error could also be returned for on a
              spurious wakeup; since Linux 2.6.22, this no  longer  hap‐
              pens.

       EINVAL The  operation  in futex_op is one of those that employs a
              timeout, but the supplied  timeout  argument  was  invalid
              (tv_sec  was  less than zero, or tv_nsec was not less than
              1,000,000,000).

       EINVAL The operation specified in futex_op employs one or both of
              the  pointers  uaddr and uaddr2, but one of these does not
              point to a valid object—that is, the address is not  four-
              byte-aligned.

       EINVAL (FUTEX_WAIT_BITSET, FUTEX_WAKE_BITSET) The bitset supplied
              in val3 is zero.

       EINVAL (FUTEX_CMP_REQUEUE_PI)  uaddr  equals  uaddr2  (i.e.,   an
              attempt was made to requeue to the same futex).

       EINVAL (FUTEX_FD) The signal number supplied in val is invalid.

       EINVAL (FUTEX_WAKE,       FUTEX_WAKE_OP,       FUTEX_WAKE_BITSET,
              FUTEX_REQUEUE, FUTEX_CMP_REQUEUE) The kernel  detected  an
              inconsistency  between  the  user-space state at uaddr and
              the kernel state—that is, it detected a waiter which waits
              in FUTEX_LOCK_PI on uaddr.

       EINVAL (FUTEX_LOCK_PI,   FUTEX_TRYLOCK_PI,  FUTEX_UNLOCK_PI)  The
              kernel detected an inconsistency  between  the  user-space
              state  at  uaddr  and  the  kernel  state.  This indicates
              either state corruption or that the kernel found a  waiter
              on    uaddr   which   is   waiting   via   FUTEX_WAIT   or
              FUTEX_WAIT_BITSET.

       EINVAL (FUTEX_CMP_REQUEUE_PI) The kernel  detected  an  inconsis‐
              tency  between the user-space state at uaddr2 and the ker‐
              nel state; that is, the kernel  detected  a  waiter  which
              waits via FUTEX_WAIT or FUTEX_WAIT_BITSET on uaddr2.

       EINVAL (FUTEX_CMP_REQUEUE_PI)  The  kernel  detected an inconsis‐
              tency between the user-space state at uaddr and the kernel
              state;  that  is, the kernel detected a waiter which waits
              via FUTEX_WAIT or FUTEX_WAIT_BITESET on uaddr.

       EINVAL (FUTEX_CMP_REQUEUE_PI) The kernel  detected  an  inconsis‐
              tency between the user-space state at uaddr and the kernel
              state; that is, the kernel detected a waiter  which  waits
              on     uaddr     via     FUTEX_LOCK_PI     (instead     of
              FUTEX_WAIT_REQUEUE_PI).

       EINVAL (FUTEX_CMP_REQUEUE_PI) An attempt was made  to  requeue  a
              waiter  to a futex other than that specified by the match‐
              ing FUTEX_WAIT_REQUEUE_PI call for that waiter.

       EINVAL (FUTEX_CMP_REQUEUE_PI) The val argument is not 1.

       EINVAL Invalid argument.

       ENOMEM (FUTEX_LOCK_PI,  FUTEX_TRYLOCK_PI,   FUTEX_CMP_REQUEUE_PI)
              The  kernel could not allocate memory to hold state infor‐
              mation.

       ENFILE (FUTEX_FD) The system limit on the total  number  of  open
              files has been reached.

       ENOSYS Invalid operation specified in futex_op.

       ENOSYS The FUTEX_CLOCK_REALTIME option was specified in futex_op,
              but the accompanying operation was neither FUTEX_WAIT_BIT‐
              SET nor FUTEX_WAIT_REQUEUE_PI.

       ENOSYS (FUTEX_LOCK_PI,     FUTEX_TRYLOCK_PI,     FUTEX_UNLOCK_PI,
              FUTEX_CMP_REQUEUE_PI,  FUTEX_WAIT_REQUEUE_PI)  A  run-time
              check determined that the operation is not available.  The
              PI-futex operations are not implemented on  all  architec‐
              tures and are not supported on some CPU variants.

       EPERM  (FUTEX_LOCK_PI,   FUTEX_TRYLOCK_PI,  FUTEX_CMP_REQUEUE_PI)
              The caller is not allowed to attach itself to the futex at
              uaddr  (for  FUTEX_CMP_REQUEUE_PI:  the  futex at uaddr2).
              (This may be caused by a state corruption in user space.)

       EPERM  (FUTEX_UNLOCK_PI) The caller does not own the lock  repre‐
              sented by the futex word.

       ESRCH  (FUTEX_LOCK_PI,   FUTEX_TRYLOCK_PI,  FUTEX_CMP_REQUEUE_PI)
              The thread ID in the futex word at uaddr does not exist.

       ESRCH  (FUTEX_CMP_REQUEUE_PI) The thread ID in the futex word  at
              uaddr2 does not exist.

       ETIMEDOUT
              The  operation  in futex_op employed the timeout specified
              in timeout, and the timeout expired before  the  operation
              completed.

   VERSIONS
       Futexes were first made available in a stable kernel release with
       Linux 2.6.0.

       Initial futex support was merged in Linux 2.5.7 but with  differ‐
       ent  semantics  from  what  was described above.  A four-argument
       system call with the semantics described in this page was  intro‐
       duced  in  Linux  2.5.40.   A  fifth  argument was added in Linux
       2.5.70, and a sixth argument was added in Linux 2.6.7.

   CONFORMING TO
       This system call is Linux-specific.

   NOTES
       Glibc does not provide a wrapper for this system  call;  call  it
       using syscall(2).

       Several higher-level programming abstractions are implemented via
       futexes, including POSIX semaphores  and  various  POSIX  threads
       synchronization  mechanisms  (mutexes, condition variables, read-
       write locks, and barriers).

   EXAMPLE

FIXME I think it would be helpful here to say a few more words about
      the difference(s) between FUTEX_LOCK_PI and FUTEX_TRYLOCK_PI.
      Can someone propose something?

       The program below demonstrates use of futexes in a program  where
       parent  and  child  use a pair of futexes located inside a shared
       anonymous mapping to synchronize access to a shared resource: the
       terminal.   The  two  processes each write nloops (a command-line
       argument that defaults to 5 if omitted) messages to the  terminal
       and  employ  a  synchronization  protocol  that ensures that they
       alternate in writing messages.  Upon running this program we  see
       output such as the following:

           $ ./futex_demo
           Parent (18534) 0
           Child  (18535) 0
           Parent (18534) 1
           Child  (18535) 1
           Parent (18534) 2
           Child  (18535) 2
           Parent (18534) 3
           Child  (18535) 3
           Parent (18534) 4
           Child  (18535) 4

   Program source

       /* futex_demo.c

          Usage: futex_demo [nloops]
                           (Default: 5)

          Demonstrate the use of futexes in a program where parent and child
          use a pair of futexes located inside a shared anonymous mapping to
          synchronize access to a shared resource: the terminal. The two
          processes each write 'num-loops' messages to the terminal and employ
          a synchronization protocol that ensures that they alternate in
          writing messages.
       */
       #define _GNU_SOURCE
       #include <stdio.h>
       #include <errno.h>
       #include <stdlib.h>
       #include <unistd.h>
       #include <sys/wait.h>
       #include <sys/mman.h>
       #include <sys/syscall.h>
       #include <linux/futex.h>
       #include <sys/time.h>

       #define errExit(msg)    do { perror(msg); exit(EXIT_FAILURE); \
                               } while (0)

       static int *futex1, *futex2, *iaddr;

       static int
       futex(int *uaddr, int futex_op, int val,
             const struct timespec *timeout, int *uaddr2, int val3)
       {
           return syscall(SYS_futex, uaddr, futex_op, val,
                          timeout, uaddr, val3);
       }

       /* Acquire the futex pointed to by 'futexp': wait for its value to
          become 1, and then set the value to 0. */

       static void
       fwait(int *futexp)
       {
           int s;

           /* __sync_bool_compare_and_swap(ptr, oldval, newval) is a gcc
              built-in function.  It atomically performs the equivalent of:

                  if (*ptr == oldval)
                      *ptr = newval;

              It returns true if the test yielded true and *ptr was updated.
              The alternative here would be to employ the equivalent atomic
              machine-language instructions.  For further information, see
              the GCC Manual. */

           while (1) {

               /* Is the futex available? */

               if (__sync_bool_compare_and_swap(futexp, 1, 0))
                   break;      /* Yes */

               /* Futex is not available; wait */

               s = futex(futexp, FUTEX_WAIT, 0, NULL, NULL, 0);
               if (s == -1 && errno != EAGAIN)
                   errExit("futex-FUTEX_WAIT");
           }
       }

       /* Release the futex pointed to by 'futexp': if the futex currently
          has the value 0, set its value to 1 and the wake any futex waiters,
          so that if the peer is blocked in fpost(), it can proceed. */

       static void
       fpost(int *futexp)
       {
           int s;

           /* __sync_bool_compare_and_swap() was described in comments above */

           if (__sync_bool_compare_and_swap(futexp, 0, 1)) {

               s = futex(futexp, FUTEX_WAKE, 1, NULL, NULL, 0);
               if (s  == -1)
                   errExit("futex-FUTEX_WAKE");
           }
       }

       int
       main(int argc, char *argv[])
       {
           pid_t childPid;
           int j, nloops;

           setbuf(stdout, NULL);

           nloops = (argc > 1) ? atoi(argv[1]) : 5;

           /* Create a shared anonymous mapping that will hold the futexes.
              Since the futexes are being shared between processes, we
              subsequently use the "shared" futex operations (i.e., not the
              ones suffixed "_PRIVATE") */

           iaddr = mmap(NULL, sizeof(int) * 2, PROT_READ | PROT_WRITE,
                       MAP_ANONYMOUS | MAP_SHARED, -1, 0);
           if (iaddr == MAP_FAILED)
               errExit("mmap");

           futex1 = &iaddr[0];
           futex2 = &iaddr[1];

           *futex1 = 0;        /* State: unavailable */
           *futex2 = 1;        /* State: available */

           /* Create a child process that inherits the shared anonymous
              mapping */

           childPid = fork();
           if (childPid == -1)
               errExit("fork");

           if (childPid == 0) {        /* Child */
               for (j = 0; j < nloops; j++) {
                   fwait(futex1);
                   printf("Child  (%ld) %d\n", (long) getpid(), j);
                   fpost(futex2);
               }

               exit(EXIT_SUCCESS);
           }

           /* Parent falls through to here */

           for (j = 0; j < nloops; j++) {
               fwait(futex2);
               printf("Parent (%ld) %d\n", (long) getpid(), j);
               fpost(futex1);
           }

           wait(NULL);

           exit(EXIT_SUCCESS);
       }

   SEE ALSO
       get_robust_list(2), restart_syscall(2), pthread_mutexattr_getpro‐
       tocol(3), futex(7), sched(7)

       The following kernel source files:

       * Documentation/pi-futex.txt

       * Documentation/futex-requeue-pi.txt

       * Documentation/locking/rt-mutex.txt

       * Documentation/locking/rt-mutex-design.txt

       * Documentation/robust-futex-ABI.txt

       Franke, H., Russell, R., and Kirwood, M., 2002.  Fuss, Futexes
       and Furwocks: Fast Userlevel Locking in Linux (from proceedings
       of the Ottawa Linux Symposium 2002),
       ⟨http://kernel.org/doc/ols/2002/ols2002-pages-479-495.pdf⟩

       Hart, D., 2009. A futex overview and update,
       ⟨http://lwn.net/Articles/360699/⟩

       Hart, D. and Guniguntala, D., 2009.  Requeue-PI: Making Glibc
       Condvars PI-Aware (from proceedings of the 2009 Real-Time Linux
       Workshop),
       ⟨http://lwn.net/images/conf/rtlws11/papers/proc/p10.pdf⟩

       Drepper, U., 2011. Futexes Are Tricky,
       ⟨http://www.akkadia.org/drepper/futex.pdf⟩

       Futex example library, futex-*.tar.bz2 at
       ⟨ftp://ftp.kernel.org/pub/linux/kernel/people/rusty/⟩


-- 
Michael Kerrisk
Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/
Linux/UNIX System Programming Training: http://man7.org/training/
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ