Received: by 2002:ac8:5491:0:b0:40f:fb00:664b with SMTP id h17csp620457qtq; Thu, 10 Aug 2023 10:45:12 -0700 (PDT) X-Google-Smtp-Source: AGHT+IG8qHt5muVyiLif9sTW+TyfOsS65CSOTp2t4aL2gJmhdIHNUIB0FQOlS2pOx/SCfr59eKtW X-Received: by 2002:a05:6512:a95:b0:4f4:d071:be48 with SMTP id m21-20020a0565120a9500b004f4d071be48mr3252052lfu.14.1691689511880; Thu, 10 Aug 2023 10:45:11 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1691689511; cv=none; d=google.com; s=arc-20160816; b=dSU4tDLubdCN2li3OOQ+DRUZDmEhr3uSiYWFuZ5g3PSWmzGkVar029C60/bjkS7RLI mOb8l0ZuQj+A1+NYPpPVzdHbNT7Z9aWq3UCNLdJB9OBYh5/f2c4R7LubfIv9Ztfa4DIe yr99QqvkMhiXqkX9WCQGdvFH6HhGiXbIj1sG9jPfkrdMX/dd7BBCwpLmz63tssSTHhEF maIvkLG9GR0bNI0g8IMeZusYl/d6Dadfj2zYbX/EdUUFZf2v6RO5TjzawYNI246S/cRr RZdgwv0O8kcTgDp+Da6vb7v2OEq5sFlBqf470WdEFL0XywDStXm2qKZrH5wAeC9eCbVi WH1g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :content-language:references:cc:to:subject:user-agent:mime-version :date:message-id:dkim-signature; bh=+8cb/lhV+x8UwVjoJQYGCnkcCuUk06gy5cDVFa9lP4Y=; fh=3rH7KRj82VGxYNHs6tr3wudv8eB4uDqtOMfB9yRgNk0=; b=jVCL/YuIIMr2MAcQPo/a491XLFXj9GPo+E84V7tXINECHXttD7E3HP49Ff1onZm2VT b3JjcPhMNAkUqdEp8XC0bLM0soewfO9HpjC1td27cVCpduX2gSITuIDr8BuqHm0cbfOS X6XU8UwRU97cME3XlWXfU+stoXIDo+5PFUz2WYOBnflTO9EFB6AxOo8WSiKX+GPrIbtN VejMXS1TUF/VG2a/uwFLB33JmGepLk3Gy/8gUQHGqP+aBBAg5ki6YSaNSM9qSZdRYBV3 NbEOIWA3rQFBC3PaErPXN7tHXAaPO/Hb62zfMOSX7WPLAD8rXJ0ms5RjjZqX9UjoR97c lx/w== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@igalia.com header.s=20170329 header.b=hsrqEwj5; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id bo20-20020a0564020b3400b005231e826916si1800752edb.516.2023.08.10.10.44.47; Thu, 10 Aug 2023 10:45:11 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=fail header.i=@igalia.com header.s=20170329 header.b=hsrqEwj5; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232868AbjHJRBf (ORCPT + 99 others); Thu, 10 Aug 2023 13:01:35 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51212 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229470AbjHJRBd (ORCPT ); Thu, 10 Aug 2023 13:01:33 -0400 Received: from fanzine2.igalia.com (fanzine2.igalia.com [213.97.179.56]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 211EC268E; Thu, 10 Aug 2023 10:01:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=igalia.com; s=20170329; h=Content-Transfer-Encoding:Content-Type:In-Reply-To:From: References:Cc:To:Subject:MIME-Version:Date:Message-ID:Sender:Reply-To: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=+8cb/lhV+x8UwVjoJQYGCnkcCuUk06gy5cDVFa9lP4Y=; b=hsrqEwj5uFEl/A5N0NsIkOKko7 VBHWm8seX0TywTYIz6PrrK4tDN+b292bTV8mrnhY9V9o2xntn1fKqNdnx9TfNCnjRf7bW5kNVHpwL lTSU5/Icyjn9S1KEQxca+JR/WtQFa1Ifc+UH3LC/DEzrKTtHDpIG5ciNNwrrV37wPVduwRvFMxDFf WMwxsAeXae6gquIRGZKoL1wWIBeM5LvnbdvjoOUfvvZEg0NKD+hH5K6TFs7Moe+a9qOEaurTJYWSy ItDAauA5HLg82zjn6oOGfImeRSP1QTlzDYJ83GceVZKFr4w3G7hTmHfNSMtLyrUcp8fVHbYOBgFqy lVrrCDEA==; Received: from [191.193.179.209] (helo=[192.168.1.111]) by fanzine2.igalia.com with esmtpsa (Cipher TLS1.3:ECDHE_X25519__RSA_PSS_RSAE_SHA256__AES_128_GCM:128) (Exim) id 1qU92L-00Gl8h-Vp; Thu, 10 Aug 2023 19:01:26 +0200 Message-ID: <3bcdb026-8558-43ca-80c1-776216dcd86c@igalia.com> Date: Thu, 10 Aug 2023 14:01:20 -0300 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH v2 05/14] futex: Add sys_futex_wake() To: Peter Zijlstra Cc: linux-kernel@vger.kernel.org, mingo@redhat.com, dvhart@infradead.org, dave@stgolabs.net, tglx@linutronix.de, axboe@kernel.dk, Andrew Morton , urezki@gmail.com, hch@infradead.org, lstoakes@gmail.com, Arnd Bergmann , linux-api@vger.kernel.org, linux-mm@kvack.org, linux-arch@vger.kernel.org, malteskarupke@web.de, Geert Uytterhoeven References: <20230807121843.710612856@infradead.org> <20230807123323.090897260@infradead.org> <071c02ae-a74d-46d8-990b-262264b62caf@igalia.com> <20230810121341.GX212435@hirez.programming.kicks-ass.net> Content-Language: en-US From: =?UTF-8?Q?Andr=C3=A9_Almeida?= In-Reply-To: <20230810121341.GX212435@hirez.programming.kicks-ass.net> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_BLOCKED, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Em 10/08/2023 09:13, Peter Zijlstra escreveu: > On Wed, Aug 09, 2023 at 07:25:19PM -0300, André Almeida wrote: >> Hi Peter, >> >> Em 07/08/2023 09:18, Peter Zijlstra escreveu: >>> To complement sys_futex_waitv() add sys_futex_wake(). This syscall >>> implements what was previously known as FUTEX_WAKE_BITSET except it >>> uses 'unsigned long' for the bitmask and takes FUTEX2 flags. >>> >>> The 'unsigned long' allows FUTEX2_SIZE_U64 on 64bit platforms. >>> >>> Signed-off-by: Peter Zijlstra (Intel) >>> Acked-by: Geert Uytterhoeven >>> --- >> >> [...] >> >>> +/* >>> + * sys_futex_wake - Wake a number of futexes >>> + * @uaddr: Address of the futex(es) to wake >>> + * @mask: bitmask >>> + * @nr: Number of the futexes to wake >>> + * @flags: FUTEX2 flags >>> + * >>> + * Identical to the traditional FUTEX_WAKE_BITSET op, except it is part of the >>> + * futex2 family of calls. >>> + */ >>> + >>> +SYSCALL_DEFINE4(futex_wake, >>> + void __user *, uaddr, >>> + unsigned long, mask, >>> + int, nr, >>> + unsigned int, flags) >>> +{ >> >> Do you think we could have a >> >> if (!nr) >> return 0; >> >> here? Otherwise, calling futex_wake(&f, 0, flags) will wake 1 futex (if >> available), which is a strange undocumented behavior in my opinion. > > Oh 'cute' that.. yeah, but how about I put it ... > >>> + if (flags & ~FUTEX2_VALID_MASK) >>> + return -EINVAL; >>> + >>> + flags = futex2_to_flags(flags); >>> + if (!futex_flags_valid(flags)) >>> + return -EINVAL; >>> + >>> + if (!futex_validate_input(flags, mask)) >>> + return -EINVAL; > > here, because otherwise we get: > > sys_futex_wake(&f, 0xFFFF, 0, FUTEX2_SIZE_U8) > > to return 0, even though that is 'obviously' nonsensical and should > return -EINVAL. Or even garbage flags would be 'accepted'. > > (because 0xFFFF is larger than U8 can accomodate) > That make sense to me, but we would also want to validate the value of f, if it's NULL or something strange to return -EINVAL... but this happens only inside get_futex_key()... To make this right, I think we would need to move this verification to the syscall validation part: if (unlikely((address % sizeof(u32)) != 0)) return -EINVAL; if (unlikely(!access_ok(uaddr, sizeof(u32)))) return -EFAULT; And have u32 replaced with the proper size being used. >>> + >>> + return futex_wake(uaddr, flags, nr, mask); >>> +}