From: Rich Felker <dalias@libc.org>
To: musl@lists.openwall.com
Subject: Re: Explaining cond var destroy [Re: [musl] C threads, v3.0]
Date: Thu, 7 Aug 2014 13:25:14 -0400 [thread overview]
Message-ID: <20140807172514.GI1674@brightrain.aerifal.cx> (raw)
In-Reply-To: <1407430024.24324.387.camel@eris.loria.fr>
On Thu, Aug 07, 2014 at 06:47:04PM +0200, Jens Gustedt wrote:
> Am Donnerstag, den 07.08.2014, 12:13 -0400 schrieb Rich Felker:
> > On Thu, Aug 07, 2014 at 09:50:51AM +0200, Jens Gustedt wrote:
> > > Am Mittwoch, den 06.08.2014, 19:15 -0400 schrieb Rich Felker:
> > > > The free operation in thread A is valid since A knows it is the last
> > > > user of the mutex and thread B's use/ownership of the mutex formally
> > > > ends with the atomic unlock.
> > >
> > > No, operating on an object that has been freed is UB. This is
> >
> > No operation is performed on an object which has been freed.
>
> ok, let me rephrase
>
> passing an invalid userspace address to the kernel for a futex
> operation is UB
Says who? The syscall API does not have UB. All inputs are defined,
and cannot cause UB in the userspace process unless the action
requested from the kernel is to modify userspace state in a way that
would cause UB.
> > The futex
> > wake is performed on the _address_, not the object, requesting that
> > the kernel use the address as a key into a hash table and wake any
> > threads which are blocked waiting on the futex object associated with
> > that address. The address is never dereferenced. This is the whole
> > point of the current design.
>
> Yes this is the whole point. But it will not work if you use a invalid
> address for that. The kernel is doing address translation (in case of
> a shared futex operation) and for that alone you are supposed to pass
> in a valid address, I think.
No. Invalid addresses are valid arguments to syscalls. They may
produce EFAULT in some cases, but they do not cause UB in the calling
program.
> And generally for the design of the futex operations some are even
> designed to compare the actual value to "val" or "val3". I don't think
> that the kernel guys would give you any guarantee that the kernel
> would not touch your object, for any of the operations.
Most futex operations (including wait) access an object for read. Some
rarely-used ones write to an object too. Wake does neither. Wake is
purely an operation on the address/futex-waitqueue-object. This
property is not just a side effect but absolutely necessary in order
for futex to be useful, since you _always_ perform the futex wake
after releasing (and thereby potentially allowing destruction) of the
object.
Rich
next prev parent reply other threads:[~2014-08-07 17:25 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-08-04 9:30 C threads, v3.0 Jens Gustedt
2014-08-04 9:33 ` Jens Gustedt
2014-08-04 14:50 ` Rich Felker
2014-08-04 16:48 ` Jens Gustedt
2014-08-04 17:06 ` Rich Felker
2014-08-04 22:16 ` Jens Gustedt
2014-08-04 22:36 ` Rich Felker
2014-08-06 3:52 ` Explaining cond var destroy [Re: [musl] C threads, v3.0] Rich Felker
2014-08-06 8:43 ` Jens Gustedt
2014-08-06 9:41 ` Jens Gustedt
2014-08-06 10:03 ` Rich Felker
2014-08-06 10:32 ` Jens Gustedt
2014-08-06 16:15 ` Rich Felker
2014-08-06 16:56 ` Jens Gustedt
2014-08-06 17:32 ` Rich Felker
2014-08-06 20:55 ` Jens Gustedt
2014-08-06 22:04 ` Rich Felker
2014-08-06 22:43 ` Jens Gustedt
2014-08-06 23:15 ` Rich Felker
2014-08-07 7:50 ` Jens Gustedt
2014-08-07 10:52 ` Szabolcs Nagy
2014-08-07 11:03 ` Jens Gustedt
2014-08-07 16:13 ` Rich Felker
2014-08-07 16:47 ` Jens Gustedt
2014-08-07 17:25 ` Rich Felker [this message]
2014-08-08 9:20 ` Jens Gustedt
2014-08-08 16:53 ` Rich Felker
2014-08-08 19:14 ` Rich Felker
2014-08-08 20:48 ` Rich Felker
2014-08-09 6:47 ` Jens Gustedt
2014-08-12 2:50 ` Rich Felker
2014-08-12 7:04 ` Jens Gustedt
2014-08-12 16:01 ` Rich Felker
2014-08-12 19:09 ` Jens Gustedt
2014-08-12 21:18 ` Rich Felker
2014-08-13 6:43 ` Jens Gustedt
2014-08-13 7:19 ` Jens Gustedt
2014-08-06 9:50 ` Rich Felker
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140807172514.GI1674@brightrain.aerifal.cx \
--to=dalias@libc.org \
--cc=musl@lists.openwall.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.vuxu.org/mirror/musl/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).