| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAAqLnKK45RYGmAhmTP0eiZ_joDqU+TsSTV7aE-RPVBJQFi+uVQ@mail.gmail.com> Date: Fri, 19 Dec 2025 14:26:16 +0800 From: wang sheldon <wangyongfeng5@...il.com> To: linux-kernel@...r.kernel.org Cc: mm@...r.kernel.org, ipc@...r.kernel.org, maintainers@...r.kernel.org Subject: [RFC] Proposal: Kernel-supported exit-time cleanup for shared memory state ownership Hi all, This RFC highlights a recurring problem in multi-process systems: the lack of a general kernel-supported mechanism for cleaning up process-bound responsibilities in shared memory upon process exit. --- Problem Description: Linux provides various mechanisms for inter-process synchronization and shared memory management (shared memory, futexes, robust mutexes, System V IPC). However, none of these fully address the following scenario: - Processes hold responsibility or ownership over **shared memory state** (e.g., reference counters, ownership flags, leases). When a process exits—gracefully or abruptly—the kernel does not automatically clean up this state. - User-space recovery (atexit, signal handlers, cooperative protocols) is unreliable: - Does not cover SIGKILL or crashes. - Requires additional coordination among processes. Existing primitives: - Robust mutexes: limited to locks only; do not cover general state ownership. - Futexes: no exit-time cleanup semantics. - System V semaphores (SEM_UNDO): demonstrate feasibility but are limited to kernel-managed semaphores and cannot be applied to arbitrary shared state. Consequences: - Developers rely on ad-hoc recovery logic, introducing complexity and bugs. - System robustness is reduced. - Some systems adopt fail-fast approaches due to lack of guarantees. --- Scope: - This RFC does **not** propose transactional memory or automatic rollback of arbitrary writes in shared memory. - It focuses strictly on **exit-time cleanup of process-bound responsibilities**. - Targeted state is: - Low-frequency, management/control plane - Small or bounded in size - Representable via reversible operations (clear, decrement, release) --- Motivation: A kernel-supported primitive for exit-time cleanup would: - Reduce complexity in multi-process systems - Provide guarantees similar to SEM_UNDO for general shared state - Eliminate common classes of recovery bugs - Enable robust design for control-plane or long-lived multi-process applications --- Conceptual Implementation Note: Conceptually, one could imagine a kernel API where a process registers memory regions in shared memory along with associated reversible operations, which the kernel would automatically apply on process exit. The exact interface, error handling, and operation set are left open for discussion; this note is illustrative only and not a proposed API. --- Feedback Requested: - Do maintainers and developers see this as a recurring problem worth addressing? - Are there scenarios or subsystems where such a mechanism would be particularly valuable? --- Thanks, Yongfeng Wang Signed-off-by: Yongfeng Wang <wangyongfeng5@...il.com>
Powered by blists - more mailing lists