Re: [PATCH] locking: Document that mutex_unlock() is non-atomic

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 12/1/23 13:44, David Laight wrote:

(Top post due to perverted outluck rules on html)

Pending waiters aren't the problem.

Pending waiters can still be a problem if code decides to free the lock containing object after a lock/unlock sequence as it may cause use-after-free.

You have to ensure there aren't any, but the mutex() can be held.

Using reference count to track the number of active users is one way to prevent that if you only release the reference count after mutex_unlock() returns but not in the lock critical section.

Cheers,
Longman

David

*From:*Waiman Long <longman@xxxxxxxxxx>
*Sent:* 01 December 2023 18:40
*To:* Jann Horn <jannh@xxxxxxxxxx>; David Laight <David.Laight@xxxxxxxxxx>
*Cc:* Peter Zijlstra <peterz@xxxxxxxxxxxxx>; Ingo Molnar <mingo@xxxxxxxxxx>; Will Deacon <will@xxxxxxxxxx>; Jonathan Corbet <corbet@xxxxxxx>; linux-kernel@xxxxxxxxxxxxxxx; linux-doc@xxxxxxxxxxxxxxx
*Subject:* Re: [PATCH] locking: Document that mutex_unlock() is non-atomic

On 12/1/23 13:18, Jann Horn wrote:

    On Fri, Dec 1, 2023 at 7:12 PM David Laight<David.Laight@xxxxxxxxxx>  <mailto:David.Laight@xxxxxxxxxx>  wrote:

        From: Jann Horn

            I think this pattern anyway only works when you're only trying to wait

            for the current holder of the lock, not tasks that are queued up on

            the lock as waiters - so a task initially holds a stable reference to

            some object, then acquires the object's lock, then drops the original

            reference, and then later drops the lock.

            You can see an example of such mutex usage (which is explicitly legal

            with userspace POSIX mutexes, but is forbidden with kernel mutexes) at

            the bottom of the POSIX manpage for pthread_mutex_destroy() at

            <https://pubs.opengroup.org/onlinepubs/007904875/functions/pthread_mutex_destroy.html>  <https://pubs.opengroup.org/onlinepubs/007904875/functions/pthread_mutex_destroy.html>,

            in the section "Destroying Mutexes".

        I don't understand at all what any of this is about.

        You cannot de-initialise, free (etc) a mutex (or any other piece of

        memory for that matter) if another thread can have a reference to it.

        If some other code might be holding the mutex it also might be just

        about to acquire it - you always need another lock of some kind to

        ensure that doesn't happen.

        IIRC pretty much the only time you need to acquire the mutex in the

        free path is if locks are chained, eg:

                 lock(table)

                 entry = find_entry();

                 lock(entry)

                 unlock(table)

                 ...

                 unlock(entry)

        Then the free code has to:

                 lock(table)

                 remove_from_table(entry)

                 lock(entry)

                 unlock(entry)

                 unlock(table)

                 free(entry)

    Yep, this is exactly the kind of code pattern for which I'm trying to

    document that it is forbidden with mutexes (while it is allowed with

    spinlocks).

Actually, even spinlocks may not guarantee the lock/unlock sequence will flush out all the pending waiters in the case of paravirt spinlocks.

Cheers,
Longman



Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
Registration No: 1397386 (Wales)

P *Please consider the environment and don't print this e-mail unless you really need to*






[Index of Archives]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Linux FS]     [Yosemite Forum]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]     [Linux Resources]

  Powered by Linux