From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org
X-Spam-Level: 
X-Spam-Status: No, score=-3.3 required=5.0 tests=MAILING_LIST_MULTI,
	RCVD_IN_DNSWL_MED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,
	T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.4
Received: (qmail 10186 invoked from network); 11 Jan 2024 16:46:22 -0000
Received: from second.openwall.net (193.110.157.125)
  by inbox.vuxu.org with ESMTPUTF8; 11 Jan 2024 16:46:22 -0000
Received: (qmail 30081 invoked by uid 550); 11 Jan 2024 16:44:43 -0000
Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm
Precedence: bulk
List-Post: <mailto:musl@lists.openwall.com>
List-Help: <mailto:musl-help@lists.openwall.com>
List-Unsubscribe: <mailto:musl-unsubscribe@lists.openwall.com>
List-Subscribe: <mailto:musl-subscribe@lists.openwall.com>
List-ID: <musl.lists.openwall.com>
Reply-To: musl@lists.openwall.com
Received: (qmail 30046 invoked from network); 11 Jan 2024 16:44:43 -0000
Date: Thu, 11 Jan 2024 11:46:21 -0500
From: Rich Felker <dalias@libc.org>
To: libc-alpha@sourceware.org, musl@lists.openwall.com,
	linux-api@vger.kernel.org
Message-ID: <20240111164620.GS4163@brightrain.aerifal.cx>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.5.21 (2010-09-15)
Subject: [musl] Robust mutex ABI problem (kernel docs regression)

It came to my attention while reviewing some proposals for additional
error checking in musl libc that the kernel folks introduced a quiet
regression in the futex ABI for robust mutexes.

Prior to kernel commit 9c40365a65d62d7c06a95fb331b3442cb02d2fd9, bit
29 of the futex lock word was reserved, meaning it could never be part
of a TID. This allowed both glibc and musl to use special values like
(glibc):

/* Magic cookie representing robust mutex with dead owner.  */
#define PTHREAD_MUTEX_INCONSISTENT      INT_MAX
/* Magic cookie representing not recoverable robust mutex.  */
#define PTHREAD_MUTEX_NOTRECOVERABLE    (INT_MAX - 1)

to represent special states needed for robust mutex consistency
handling, without the risk that, when masked with FUTEX_TID_MASK
(0x3fffffff), they could be equal to the TID of a real task, which
could result in the kernel robustlist-processing mishandling them.

In practice this is only a documentation regression. The real limit on
TIDs is well below that, at something like 22-bit last I checked.
However to be future-proof, and as other systems may implement the
Linux API/ABI (e.g. things like WSL1, FreeBSD Linux syscall layer,
etc.), I believe it's important that the documented interface be
compatible with the way it actually needs to be used here. This means
either bit 29 should have its reserved status restored, or there
should be a guarantee that the values 0x3fffffff and 0x3ffffffe are
reserved and compare not-equal to any actual TID.

Depending on how folks want to proceed with this, I can propose a
patch to the documentation, or leave that to others.

Rich