Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1753257AbbBRRHM (ORCPT <rfc822;w@1wt.eu>);
	Wed, 18 Feb 2015 12:07:12 -0500
Received: from mail-wg0-f47.google.com ([74.125.82.47]:47810 "EHLO
	mail-wg0-f47.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1751734AbbBRRHJ (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Wed, 18 Feb 2015 12:07:09 -0500
Date: Wed, 18 Feb 2015 18:07:04 +0100
From: Ingo Molnar <mingo@kernel.org>
To: Davidlohr Bueso <dave@stgolabs.net>
Cc: tglx@linutronix.de, peterz@infradead.org, dvhart@linux.intel.com,
        linux-kernel@vger.kernel.org
Subject: Re: [PATCH] futex: Robustify wake_futex()
Message-ID: <20150218170704.GA29024@gmail.com>
References: <1424148397.2046.101.camel@stgolabs.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <1424148397.2046.101.camel@stgolabs.net>
User-Agent: Mutt/1.5.23 (2014-03-12)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 1635
Lines: 53


* Davidlohr Bueso <dave@stgolabs.net> wrote:

> Current code assumes that wake_futex() will never fail, 
> thus we are rather sloppy when incrementing the return 
> value in wake related calls, accounting for the newly 
> woken task. Of course this will never occur, thus not a 
> problem. This bug is as real as the need for the 
> redundant pi checks in wake_futex().
> 
> These redundant checks are fine and past discussion 
> indicates that they will stay. However, it does introduce 
> this mismatch, thus it is better to robustify the 
> function and avoid any assumptions that could bite us in 
> the arse the future.

So can the current code crash or hang if the WARN() 
triggers?

>  kernel/futex.c | 45 +++++++++++++++++++++++++++++++++------------
>  1 file changed, 33 insertions(+), 12 deletions(-)

My counter argument is that we add quite a bit of pointless 
complexity:

> -	if (WARN(q->pi_state || q->rt_waiter, "refusing to wake PI futex\n"))
> -		return;
> +	if (unlikely(WARN(q->pi_state || q->rt_waiter,
> +			  "refusing to wake PI futex\n")))
> +		return false;

> -			wake_futex(this);
> +			if (!wake_futex(this)) {
> +				ret = -EINVAL;
> +				break;
> +			}

  + [ 4 more usage sites ]

while the WARN() already told the user that the kernel is 
broken.

So what's the point? Does it avoid any real badness, state 
corruption, crash, hang, etc.?

Thanks,

	Ingo
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/