Re: [PATCH v2 0/4] futex: Drop ROBUST_LIST_LIMIT

From: André Almeida
Date: Tue Jan 28 2025 - 09:28:44 EST

Next message: Philipp Stanner: "[PATCH v2] drm/sched: Use struct for drm_sched_init() params"
Previous message: Huacai Chen: "[GIT PULL] LoongArch changes for v6.14"
In reply to: Florian Weimer: "Re: [PATCH v2 0/4] futex: Drop ROBUST_LIST_LIMIT"
Next in thread: Florian Weimer: "Re: [PATCH v2 0/4] futex: Drop ROBUST_LIST_LIMIT"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Florian,

Em 28/01/2025 04:50, Florian Weimer escreveu:

* André Almeida:

As requested by Peter at [1], this patchset drops the
ROBUST_LIST_LIMIT. This is achieve by simply rewriting the processed
list element ->next to point to the head->list address, destroying the
linked list to avoid any circular list.

Doesn't this turn a robust mutex overwrite or a TCB overwrite into a
write-anything-anywhere primitive? Furthermore, I'm not entirely sure
if this is entirely backwards-compatible.

The robust list is meant to be a private resource, per-process, and this patch only rewrites it after the process exits, so I believe that any changes done in this memory should be safe given that the process will soon disappear anyway, right?

Do you think you can point out a scenario that wouldn't be backwards-compatible? I would like to try to test it.

Could you use the tortoise/hare approach instead?

I believe that you want the approach to be "slow and steady" but I'm not sure what you have in mind, if you could you please elaborate :)

Thanks,
Florian

Next message: Philipp Stanner: "[PATCH v2] drm/sched: Use struct for drm_sched_init() params"
Previous message: Huacai Chen: "[GIT PULL] LoongArch changes for v6.14"
In reply to: Florian Weimer: "Re: [PATCH v2 0/4] futex: Drop ROBUST_LIST_LIMIT"
Next in thread: Florian Weimer: "Re: [PATCH v2 0/4] futex: Drop ROBUST_LIST_LIMIT"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]