We currently do not deal with futex operation failures inside glibc, at
least not for the glibc-internal locks. (I noticed this while reading
the code, my question is not prompted by real-world failures.) In
general, glibc will ensure that preconditions are met and handles some
expected errors, or behavior is undefined user code doesn't ensure them,
but there are some errors which are impossible to prevent by careful
programming, such as memory allocation failures.
I looked at the kernel implementation, and noticed that in the guts of
the get_user_pages implementation, it can return ENOMEM. Does this
actually affect futexes, especially the plain (non-PI,
non-cross-process) variant?
Are there any other error conditions we should handle inside glibc? We
really need a fast, async-signal-safe locking primitive where locking
and unlocking cannot fail (after suitable set-up).
--
Florian Weimer / Red Hat Product Security Team