As in the original robust list interface, to pair with
set_robust_list2(), create a get_robust_list2() syscall with the
following signature:
get_robust_list2(int pid, void __user **head_ptr, unsigned int index,
unsigned int flags)
- `pid` sets with task's list should be returned. If is 0, it gets the
list of the calling task.
- `index` is the index of the list to get
- `flags` is unused but can be used for expanding the interface
Signed-off-by: André Almeida <andrealmeid@igalia.com>
---
For some reason I wasn't able to use put_user() for 32-bit lists.. it
kept corrupting the value due to wrong write size I believe.
copy_to_user() worked fine nonetheless.
---
kernel/futex/syscalls.c | 61 +++++++++++++++++++++++++++++++++++++++++++++----
1 file changed, 57 insertions(+), 4 deletions(-)
diff --git a/kernel/futex/syscalls.c b/kernel/futex/syscalls.c
index 0b7fa88aa34c..f730d16632fc 100644
--- a/kernel/futex/syscalls.c
+++ b/kernel/futex/syscalls.c
@@ -48,7 +48,7 @@ static inline void __user *futex_task_robust_list(struct task_struct *p, bool co
return p->robust_list;
}
-static void __user *futex_get_robust_list_common(int pid, bool compat)
+static void __user *futex_get_robust_list_common(int pid, bool compat, int index)
{
struct task_struct *p = current;
void __user *head;
@@ -75,7 +75,15 @@ static void __user *futex_get_robust_list_common(int pid, bool compat)
if (!ptrace_may_access(p, PTRACE_MODE_READ_REALCREDS))
goto err_unlock;
- head = futex_task_robust_list(p, compat);
+ if (index >= 0) {
+ scoped_guard(mutex, &p->futex_exit_mutex) {
+ uintptr_t *rl = p->futex_robust_lists;
+
+ head = rl ? (void __user *) rl[index] : NULL;
+ }
+ } else {
+ head = futex_task_robust_list(p, compat);
+ }
up_read(&p->signal->exec_update_lock);
put_task_struct(p);
@@ -99,7 +107,7 @@ SYSCALL_DEFINE3(get_robust_list, int, pid,
struct robust_list_head __user * __user *, head_ptr,
size_t __user *, len_ptr)
{
- struct robust_list_head __user *head = futex_get_robust_list_common(pid, false);
+ struct robust_list_head __user *head = futex_get_robust_list_common(pid, false, -1);
if (IS_ERR(head))
return PTR_ERR(head);
@@ -150,6 +158,51 @@ SYSCALL_DEFINE4(set_robust_list2, struct robust_list_head *, head, unsigned int,
return -EINVAL;
}
+SYSCALL_DEFINE4(get_robust_list2, int, pid,
+ void __user * __user *, head_ptr,
+ unsigned int, index, unsigned int, flags)
+{
+ void __user *entry_ptr;
+ uintptr_t entry;
+
+ if (index >= FUTEX_ROBUST_LISTS_PER_USER)
+ return -EINVAL;
+
+ if (flags)
+ return -EINVAL;
+
+ /*
+ * The first two indexes are reserved for the kernel to be used with the
+ * legacy syscall, so we hide them from userspace.
+ *
+ * We map [0, FUTEX_ROBUST_LISTS_PER_USER) to
+ * [FUTEX_ROBUST_LIST2_IDX, FUTEX_ROBUST_LIST2_MAX_IDX)
+ */
+ index += FUTEX_ROBUST_LIST2_IDX;
+
+ entry_ptr = futex_get_robust_list_common(pid, false, index);
+ if (IS_ERR(entry_ptr))
+ return PTR_ERR(entry_ptr);
+
+ entry = (uintptr_t) entry_ptr;
+
+ if (entry & FUTEX_ROBUST_LIST_ENTRY_32BIT) {
+ entry &= FUTEX_ROBUST_LIST_ENTRY_MASK;
+
+ if (copy_to_user(head_ptr, &entry, sizeof(u32)))
+ return -EFAULT;
+
+ return 0;
+ } else {
+ struct robust_list_head *head;
+
+ entry &= FUTEX_ROBUST_LIST_ENTRY_MASK;
+ head = (__force struct robust_list_head __user *)entry;
+
+ return put_user(head, head_ptr);
+ }
+}
+
long do_futex(u32 __user *uaddr, int op, u32 val, ktime_t *timeout,
u32 __user *uaddr2, u32 val2, u32 val3)
{
@@ -524,7 +577,7 @@ COMPAT_SYSCALL_DEFINE3(get_robust_list, int, pid,
compat_uptr_t __user *, head_ptr,
compat_size_t __user *, len_ptr)
{
- struct robust_list_head32 __user *head = futex_get_robust_list_common(pid, true);
+ struct robust_list_head32 __user *head = futex_get_robust_list_common(pid, true, -1);
if (IS_ERR(head))
return PTR_ERR(head);
--
2.52.0
Hi André,
kernel test robot noticed the following build warnings:
[auto build test WARNING on c42ba5a87bdccbca11403b7ca8bad1a57b833732]
url: https://github.com/intel-lab-lkp/linux/commits/Andr-Almeida/futex-Use-explicit-sizes-for-compat_robust_list-structs/20251122-135406
base: c42ba5a87bdccbca11403b7ca8bad1a57b833732
patch link: https://lore.kernel.org/r/20251122-tonyk-robust_futex-v6-4-05fea005a0fd%40igalia.com
patch subject: [PATCH v6 4/9] futex: Create get_robust_list2() syscall
config: loongarch-randconfig-r122-20251123 (https://download.01.org/0day-ci/archive/20251123/202511231703.YmF7ihi0-lkp@intel.com/config)
compiler: loongarch64-linux-gcc (GCC) 15.1.0
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20251123/202511231703.YmF7ihi0-lkp@intel.com/reproduce)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202511231703.YmF7ihi0-lkp@intel.com/
sparse warnings: (new ones prefixed by >>)
kernel/futex/syscalls.c:200:22: sparse: sparse: incorrect type in assignment (different address spaces) @@ expected struct robust_list_head *head @@ got struct robust_list_head [noderef] __user * @@
kernel/futex/syscalls.c:200:22: sparse: expected struct robust_list_head *head
kernel/futex/syscalls.c:200:22: sparse: got struct robust_list_head [noderef] __user *
>> kernel/futex/syscalls.c:202:24: sparse: sparse: incorrect type in assignment (different address spaces) @@ expected void [noderef] __user *__pu_val @@ got struct robust_list_head *head @@
kernel/futex/syscalls.c:202:24: sparse: expected void [noderef] __user *__pu_val
kernel/futex/syscalls.c:202:24: sparse: got struct robust_list_head *head
vim +202 kernel/futex/syscalls.c
160
161 SYSCALL_DEFINE4(get_robust_list2, int, pid,
162 void __user * __user *, head_ptr,
163 unsigned int, index, unsigned int, flags)
164 {
165 void __user *entry_ptr;
166 uintptr_t entry;
167
168 if (index >= FUTEX_ROBUST_LISTS_PER_USER)
169 return -EINVAL;
170
171 if (flags)
172 return -EINVAL;
173
174 /*
175 * The first two indexes are reserved for the kernel to be used with the
176 * legacy syscall, so we hide them from userspace.
177 *
178 * We map [0, FUTEX_ROBUST_LISTS_PER_USER) to
179 * [FUTEX_ROBUST_LIST2_IDX, FUTEX_ROBUST_LIST2_MAX_IDX)
180 */
181 index += FUTEX_ROBUST_LIST2_IDX;
182
183 entry_ptr = futex_get_robust_list_common(pid, false, index);
184 if (IS_ERR(entry_ptr))
185 return PTR_ERR(entry_ptr);
186
187 entry = (uintptr_t) entry_ptr;
188
189 if (entry & FUTEX_ROBUST_LIST_ENTRY_32BIT) {
190 entry &= FUTEX_ROBUST_LIST_ENTRY_MASK;
191
192 if (copy_to_user(head_ptr, &entry, sizeof(u32)))
193 return -EFAULT;
194
195 return 0;
196 } else {
197 struct robust_list_head *head;
198
199 entry &= FUTEX_ROBUST_LIST_ENTRY_MASK;
> 200 head = (__force struct robust_list_head __user *)entry;
201
> 202 return put_user(head, head_ptr);
203 }
204 }
205
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
Hi André,
kernel test robot noticed the following build warnings:
[auto build test WARNING on c42ba5a87bdccbca11403b7ca8bad1a57b833732]
url: https://github.com/intel-lab-lkp/linux/commits/Andr-Almeida/futex-Use-explicit-sizes-for-compat_robust_list-structs/20251122-135406
base: c42ba5a87bdccbca11403b7ca8bad1a57b833732
patch link: https://lore.kernel.org/r/20251122-tonyk-robust_futex-v6-4-05fea005a0fd%40igalia.com
patch subject: [PATCH v6 4/9] futex: Create get_robust_list2() syscall
config: i386-randconfig-063-20251123 (https://download.01.org/0day-ci/archive/20251123/202511231423.O6KdcL8r-lkp@intel.com/config)
compiler: gcc-14 (Debian 14.2.0-19) 14.2.0
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20251123/202511231423.O6KdcL8r-lkp@intel.com/reproduce)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202511231423.O6KdcL8r-lkp@intel.com/
sparse warnings: (new ones prefixed by >>)
>> kernel/futex/syscalls.c:200:22: sparse: sparse: incorrect type in assignment (different address spaces) @@ expected struct robust_list_head *head @@ got struct robust_list_head [noderef] __user * @@
kernel/futex/syscalls.c:200:22: sparse: expected struct robust_list_head *head
kernel/futex/syscalls.c:200:22: sparse: got struct robust_list_head [noderef] __user *
>> kernel/futex/syscalls.c:202:24: sparse: sparse: incorrect type in initializer (different address spaces) @@ expected void [noderef] __user *__x @@ got struct robust_list_head *head @@
kernel/futex/syscalls.c:202:24: sparse: expected void [noderef] __user *__x
kernel/futex/syscalls.c:202:24: sparse: got struct robust_list_head *head
vim +200 kernel/futex/syscalls.c
160
161 SYSCALL_DEFINE4(get_robust_list2, int, pid,
162 void __user * __user *, head_ptr,
163 unsigned int, index, unsigned int, flags)
164 {
165 void __user *entry_ptr;
166 uintptr_t entry;
167
168 if (index >= FUTEX_ROBUST_LISTS_PER_USER)
169 return -EINVAL;
170
171 if (flags)
172 return -EINVAL;
173
174 /*
175 * The first two indexes are reserved for the kernel to be used with the
176 * legacy syscall, so we hide them from userspace.
177 *
178 * We map [0, FUTEX_ROBUST_LISTS_PER_USER) to
179 * [FUTEX_ROBUST_LIST2_IDX, FUTEX_ROBUST_LIST2_MAX_IDX)
180 */
181 index += FUTEX_ROBUST_LIST2_IDX;
182
183 entry_ptr = futex_get_robust_list_common(pid, false, index);
184 if (IS_ERR(entry_ptr))
185 return PTR_ERR(entry_ptr);
186
187 entry = (uintptr_t) entry_ptr;
188
189 if (entry & FUTEX_ROBUST_LIST_ENTRY_32BIT) {
190 entry &= FUTEX_ROBUST_LIST_ENTRY_MASK;
191
192 if (copy_to_user(head_ptr, &entry, sizeof(u32)))
193 return -EFAULT;
194
195 return 0;
196 } else {
197 struct robust_list_head *head;
198
199 entry &= FUTEX_ROBUST_LIST_ENTRY_MASK;
> 200 head = (__force struct robust_list_head __user *)entry;
201
> 202 return put_user(head, head_ptr);
203 }
204 }
205
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
© 2016 - 2025 Red Hat, Inc.