Re: [RFC PATCH] futex: Introduce __vdso_robust_futex_unlock

Next message: Dave Jiang: "Re: [PATCH 10/20] vfio/cxl: CXL region management"
Previous message: Jason Gunthorpe: "Re: [PATCH rdma-next v2] RDMA/mana_ib: hardening: Clamp adapter capability values from MANA_IB_GET_ADAPTER_CAP"
In reply to: Thomas Gleixner: "Re: [RFC PATCH] futex: Introduce __vdso_robust_futex_unlock"
Next in thread: Sebastian Andrzej Siewior: "Re: [RFC PATCH] futex: Introduce __vdso_robust_futex_unlock"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Mathieu Desnoyers

Date: Thu Mar 12 2026 - 18:53:00 EST

On 2026-03-12 18:23, Thomas Gleixner wrote:

On Wed, Mar 11 2026 at 14:54, Mathieu Desnoyers wrote:

[...]

TBH, all of this is completely overengineered and tasteless bloat.

The exactly same thing can be achieved by doing the obvious:

struct robust_list_head2 {
struct robust_list_head rhead;
u32 unlock_val;
};

// User space
unlock(futex)
{
struct robust_list_head2 *h = ....;

h->unlock_val = 0;
h->rhead.list_op_pending = .... | FUTEX_ROBUST_UNLOCK;

xchg(futex->uval, h->unlock_val);

Here is the problem with your proposed approach:

"XCHG — Exchange Register/Memory With Register"
^^^^^^^^

So only one of the xchg arguments can be a memory location.
Therefore, you will end up needing an extra store after xchg
to store the content of the result register into h->unlock_val.

If the process dies between those two instructions, your proposed
robust list code will be fooled and fall into the same bug that's
been lingering for 14 years.

Thanks,

Mathieu

--
Mathieu Desnoyers
EfficiOS Inc.
https://www.efficios.com