Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp4208124imm; Mon, 17 Sep 2018 09:52:55 -0700 (PDT) X-Google-Smtp-Source: ANB0VdZFg7ZyhNE4F2tY+BKrut8LWz9t/mQxzmQJwtI8ppu8YR7dwZHmvqAbNLVNcugv0LO4nolD X-Received: by 2002:a63:4b47:: with SMTP id k7-v6mr23863698pgl.351.1537203175740; Mon, 17 Sep 2018 09:52:55 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1537203175; cv=none; d=google.com; s=arc-20160816; b=zj4eCaoU5ZaPyBzA5ghRc6JRzP7z16MJjVXFu5t0MMaBBSdyWfAkTLIPHATRrIziAH ewSqLZkFodv7juYv8+uoj9v2Qass6v+gcbr33LPK4BIVCJKDEezNoy2u/PQj4rNSXMEr 64keD/ZSRmssTmut6/lontMmiNLb2uuJO5vDSJwuzATJG0iVbKyoPeAwuA7vxOCJhtIC FHSSXSEE7MYdSiqoWkvHp0iRS+eHBSlHGBICjeEbFNQDw0//sBYSA28f/FgcJizyUuK0 dIzKiboEDzO7tDJjR/lRZNBPrCBDUhUcJ17Q0YXurEDb7Rx50KAsOdEeAJZvW6Bf9rFK ykUg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-transfer-encoding:content-disposition:mime-version :references:message-id:subject:cc:to:from:date; bh=X8c62pkZmJmlQCC0FqhbYz7z7UnY1ERqzrju1dL5lGs=; b=cvMPb7kVGD982FxgcTCLZjlAFlS25TO5VUHTq6hdSvIUo574g7T3Z/MZfp9hyriC/e dkuSxuYdpFl1qgI0S2SXYtC2AAE9HYq7d2stJ11vlgdmYLmnTdoGqSRh3gVq+LGCTcgO AYhZwSvdPifj6P92kH8y27Fu8w5+3IvXXexv15o0l0WVWd3dIc+cEhm60XRHDSrs6D0z PbJEbtUv3aZHXwYY0n6nBgKcTGih63im/Zna47ULv49f0lU+/xwQkka3ta9WB/bj53+0 2fj3iBuCuOLUUm5CrJpRD/L1qO9oyVY2DXevK4r2/6KtJKZrYXFksjayvbQ5/4CflSFn 8B6w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id r22-v6si16526229pgm.258.2018.09.17.09.52.40; Mon, 17 Sep 2018 09:52:55 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728723AbeIQWTY (ORCPT + 99 others); Mon, 17 Sep 2018 18:19:24 -0400 Received: from 216-12-86-13.cv.mvl.ntelos.net ([216.12.86.13]:57170 "EHLO brightrain.aerifal.cx" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726795AbeIQWTX (ORCPT ); Mon, 17 Sep 2018 18:19:23 -0400 Received: from dalias by brightrain.aerifal.cx with local (Exim 3.15 #2) id 1g1wjq-0001iF-00; Mon, 17 Sep 2018 16:51:06 +0000 Date: Mon, 17 Sep 2018 12:51:05 -0400 From: Rich Felker To: Florian Weimer Cc: Thomas Gleixner , linux-kernel@vger.kernel.org, Peter Zijlstra , Ingo Molnar , linux-man@vger.kernel.org, "Michael Kerrisk (man-pages)" Subject: Re: futex_cmpxchg_enabled breakage Message-ID: <20180917165105.GO17995@brightrain.aerifal.cx> References: <20180829222221.GA22017@brightrain.aerifal.cx> <87fty9hc2u.fsf@mid.deneb.enyo.de> <20180916131637.GA17995@brightrain.aerifal.cx> <877ejlh89n.fsf@mid.deneb.enyo.de> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <877ejlh89n.fsf@mid.deneb.enyo.de> User-Agent: Mutt/1.5.21 (2010-09-15) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sun, Sep 16, 2018 at 03:38:44PM +0200, Florian Weimer wrote: > * Rich Felker: > > >> I believe the expected userspace interface is that you probe support > >> with set_robust_list first, and then start using the relevant futex > >> interfaces only if that call succeeded. > > > > In order for it to work, set_robust_list needs to succeed for all > > threads, present and future, so there's an implicit contract needed > > here that, if it succeeds once, it needs to always succeed. This is > > satisfied by the kernel implementation. > > It certainly makes simpler if set_robust_list cannot fail due to > resource allocation issues. > > > Presumably a similar probing should happen in > > pthread_mutexattr_setprotocol for PI mutex support. Does glibc do > > this? musl still lacks PI mutex support so I'll save this as a note > > for when it's added. > > glibc currently implements checking for support in pthread_mutex_init, > presumably due to the fact that some invalid attribute/flag > combinations can only reasonably detected at that point. It makes > probing for support slightly more difficult, of course. > > >> If you do that, most parts of > >> a typical system will work as expected even if the kernel support is > >> not there, which is a bit surprising. It definitely makes the root > >> cause harder to spot. > > > > I don't follow here. "most parts of a typical system will work as > > expected" seems to be the case whether you do or don't correctly > > probe. The only difference is whether a program that carefully checks > > for errors will see and report that pthread_mutexattr_setrobust > > failed. > > This may be the case. We only ever had the glibc test failures as > evidence that something was quite wrong, despite ongoing validation of > the system. But this could have been accident due to an invalid test > environment. (The product in question is only supposed to support the > radix MMU, but when running under KVM, the kernel switches to the hash > MMU instead, which masks the presence of the bug—set_robust_list is > magically available again.) BTW here's a horrible thought: can the availability of set_robust_list change across checkpoint/restore? If so that's fundamental breakage in the checkpoint/restore functionality, and a good reason to make it so this functionality is not runtime-variable for a given kernel. Rich