| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 03 Mar 2020 14:47:11 +0100
From: Florian Weimer <fweimer@...hat.com>
To: Peter Zijlstra <peterz@...radead.org>
Cc: "Pierre-Loup A. Griffais" <pgriffais@...vesoftware.com>,
Thomas Gleixner <tglx@...utronix.de>,
André Almeida <andrealmeid@...labora.com>,
linux-kernel@...r.kernel.org, kernel@...labora.com,
krisman@...labora.com, shuah@...nel.org,
linux-kselftest@...r.kernel.org, rostedt@...dmis.org,
ryao@...too.org, dvhart@...radead.org, mingo@...hat.com,
z.figura12@...il.com, steven@...vesoftware.com,
steven@...uorix.net, malteskarupke@....de, carlos@...hat.com,
adhemerval.zanella@...aro.org, libc-alpha@...rceware.org,
linux-api@...r.kernel.org
Subject: Re: 'simple' futex interface [Was: [PATCH v3 1/4] futex: Implement mechanism to wait on any of several futexes]
(added missing Cc: for linux-api, better late than never I guess)
* Peter Zijlstra:
>> What's the actual type of *uaddr? Does it vary by size (which I assume
>> is in bits?)? Are there alignment constraints?
>
> Yeah, u8, u16, u32, u64 depending on the size specified in flags.
> Naturally aligned.
So 4-byte alignment for u32 and 8-byte alignment for u64 on all
architectures?
(I really want to nail this down, sorry.)
>> These system calls seemed to be type-polymorphic still, which is
>> problematic for defining a really nice C interface. I would really like
>> to have a strongly typed interface for this, with a nice struct futex
>> wrapper type (even if it means that we need four of them).
>
> You mean like: futex_wait1(u8 *,...) futex_wait2(u16 *,...)
> futex_wait4(u32 *,...) etc.. ?
>
> I suppose making it 16 or so syscalls (more if we want WAKE_OP or
> requeue across size) is a bit daft, so yeah, sucks.
We could abstract this in the userspace wrapper. It would help to have
an explicit size argument, or at least an extension-safe way to pass
this information to the kernel. I guess if everything else fails, we
could use the flags bits for that, as long as it is clear that the
interface will only support these six types (four without NUMA, two with
NUMA).
>> Will all architectures support all sizes? If not, how do we probe which
>> size/flags combinations are supported?
>
> Up to the native word size (long), IOW ILP32 will not support u64.
Many ILP32 targets could support atomic accesses on 8-byte storage
units, as long as there is 8-byte alignment. But given how common
4-byte-align u64 is on 32-bit, maybe that's not such a good idea.
> Overlapping futexes are expressly forbidden, that is:
>
> {
> u32 var;
> void *addr = &var;
> }
>
> P0()
> {
> futex_wait4(addr,...);
> }
>
> P1()
> {
> futex_wait1(addr+1,...);
> }
>
> Will have one of them return something bad.
That makes sense. A strongly typed interface would also reflect that in
the types.
>> > For NUMA I propose that when NUMA_FLAG is set, uaddr-4 will be 'int
>> > node_id', with the following semantics:
>> >
>> > - on WAIT, node_id is read and when 0 <= node_id <= nr_nodes, is
>> > directly used to index into per-node hash-tables. When -1, it is
>> > replaced by the current node_id and an smp_mb() is issued before we
>> > load and compare the @uaddr.
>> >
>> > - on WAKE/REQUEUE, it is an immediate index.
>>
>> Does this mean the first waiter determines the NUMA index, and all
>> future waiters use the same chain even if they are on different nodes?
>
> Every new waiter could (re)set node_id, after all, when its not actually
> waiting, nobody cares what's in that field.
>
>> I think documenting this as a node index would be a mistake. It could
>> be an arbitrary hint for locating the corresponding kernel data
>> structures.
>
> Nah, it allows explicit placement, after all, we have set_mempolicy()
> and sched_setaffinity() and all the other NUMA crud so that programs
> that think they know what they're doing, can do explicit placement.
But I'm not sure if it makes sense to read the node ID from the
neighboring value of a futex used in this way. Or do you think that
userspace might set the node ID to help the kernel implementation, and
not just relying on it to be set by the kernel after initializing it to
-1?
Conversely, even for non-NUMA systems, a lookup hint that allows to
reduce in-kernel futex contention might be helpful. If it's documented
to be the NUME node ID, that wouldn't be possible.
>> > Any invalid value with result in EINVAL.
>>
>> Using uaddr-4 is slightly tricky with a 64-bit futex value, due to the
>> need to maintain alignment and avoid padding.
>
> Yes, but it works, unlike uaddr+4 :-) Also, 1 and 2 byte futexes and
> NUMA_FLAG are incompatible due to this, but I feel short futexes and
> NUMA don't really make sense anyway, the only reason to use a short
> futex is to save space, so you don't want another 4 bytes for numa on
> top of that anyway.
I think it would be much easier to make the NUMA hint the same size of
the futex, so 4 and 8 bytes. It could also make sense to require 8 and
16 byte alignment, to permit different implementation choices in the
future.
So we'd have:
struct futex8 { u8 value; };
struct futex16 { u16 value __attribute__ ((aligned (2))); };
struct futex32 { u32 value __attribute__ ((aligned (4))); };
struct futex64 { u64 value __attribute__ ((aligned (8))); };
struct futex32_numa { u32 value __attribute__ ((aligned (8))); u32 hint; };
struct futex64_numa { u64 value __attribute__ ((aligned (16))); u64 hint; };
Thanks,
Florian
Powered by blists - more mailing lists