This is the mail archive of the libc-help@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Why is lock elision forbidden in suid?


On 10/19/2017 01:11 PM, Tulio Magno Quites Machado Filho wrote:
> In a message to libc-alpha from 2013 [1] [2], there has been an agreement
> that lock elision should be disabled for suid programs.  However, these
> messages don't make it clear why it's necessary.
> 
> Are there any other reasons beside the risk of adding new code to critical
> programs?

The reason is because some of the previously undefined behaviour which used
to work now becomes hard crashes e.g. unlocking an already unlocked mutex.

When we turned elision on we had all sorts of users reporting bad crashing
programs that did unconditional mutex unlocks. The idea here was that we
would not want to inflict these kinds of "still within the standards"
changes on suid binaries.

In addition to this the lock elision code is less mature, less well tested,
possibly more prone to getting stuck retrying a transaction to no end
(do we have forward progress guarantees from the hardware)?

These issues make it hard to argue that suid binaries should be influenced
by elision.

-- 
Cheers,
Carlos.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]