lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <alpine.DEB.2.20.1611241849160.3434@nanos>
Date:   Thu, 24 Nov 2016 18:56:53 +0100 (CET)
From:   Thomas Gleixner <tglx@...utronix.de>
To:     Peter Zijlstra <peterz@...radead.org>
cc:     mingo@...nel.org, juri.lelli@....com, rostedt@...dmis.org,
        xlpang@...hat.com, bigeasy@...utronix.de,
        linux-kernel@...r.kernel.org, mathieu.desnoyers@...icios.com,
        jdesfossez@...icios.com, bristot@...hat.com
Subject: Re: [RFC][PATCH 4/4] futex: Rewrite FUTEX_UNLOCK_PI

On Thu, 24 Nov 2016, Peter Zijlstra wrote:
> On Wed, Nov 23, 2016 at 08:20:05PM +0100, Peter Zijlstra wrote:
> > > +	if (oldowner == &init_task && uval != 0) {
> > > +		raw_spin_lock(&pi_state->owner->pi_lock);
> > > +		list_del_init(&pi_state->list);
> > > +		raw_spin_unlock(&pi_state->owner->pi_lock);
> > > +		pi_state->owner = NULL;
> > > +		return -EAGAIN;
> 
> > > @@ -2679,6 +2690,10 @@ static int futex_lock_pi(u32 __user *uad
> > >  
> > >  out_put_key:
> > >  	put_futex_key(&q.key);
> > > +
> > > +	if (ret == -EAGAIN)
> > > +		goto retry;
> > > +
> > 
> > And this is far too clever and really needs a comment. So the crucial
> > point is that this is after unqueue_me_pi(), which drops the pi_state
> > and loops back to lookup the pi_state again, which, hopefully, has now
> > been completely destroyed -- and therefore we hit the regular
> > attach_to_pi_owner() path, fixing up our 'funny' state.
> > 
> 
> I'm stumped on REQUEUE_PI.. this relies on attach_to_pi_owner() and

You mean LOCK_PI, right? 

> fixup_owner() being in the same function. But this is not the case for
> requeue. WAIT_REQUEUE has the fixup, as its return path finds it has
> acquired the outer pi-futex (uaddr2), but the lookup_pi_state() stuff is
> done by CMP_REQUEUE, which does the actual transfer of the waiters from
> inner futex (uaddr1) to outer futex (uaddr2).

Correct. WAIT_REQUEUE puts the futex on the inner (uaddr1) and then gets
moved to the outer. From there it's the same thing as LOCK_PI.

> Maybe I can restructure things a bit, I think CMP_REQUEUE would also
> know who actually acquired the outer-futex, but I have to think more on
> this and the brain is pretty fried...

That is irrelevant at requeue time and the owner can change up to the point
where the waiter is really woken by a UNLOCK_PI.

Thanks,

	tglx

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ