diff options
| -rw-r--r-- | include/linux/sched/wake_q.h | 6 | ||||
| -rw-r--r-- | kernel/exit.c | 2 | ||||
| -rw-r--r-- | kernel/futex.c | 13 | ||||
| -rw-r--r-- | kernel/locking/rwsem-xadd.c | 11 | ||||
| -rw-r--r-- | kernel/sched/core.c | 19 |
5 files changed, 39 insertions, 12 deletions
diff --git a/include/linux/sched/wake_q.h b/include/linux/sched/wake_q.h index 10b19a192b2d..545f37138057 100644 --- a/include/linux/sched/wake_q.h +++ b/include/linux/sched/wake_q.h | |||
| @@ -24,9 +24,13 @@ | |||
| 24 | * called near the end of a function. Otherwise, the list can be | 24 | * called near the end of a function. Otherwise, the list can be |
| 25 | * re-initialized for later re-use by wake_q_init(). | 25 | * re-initialized for later re-use by wake_q_init(). |
| 26 | * | 26 | * |
| 27 | * Note that this can cause spurious wakeups. schedule() callers | 27 | * NOTE that this can cause spurious wakeups. schedule() callers |
| 28 | * must ensure the call is done inside a loop, confirming that the | 28 | * must ensure the call is done inside a loop, confirming that the |
| 29 | * wakeup condition has in fact occurred. | 29 | * wakeup condition has in fact occurred. |
| 30 | * | ||
| 31 | * NOTE that there is no guarantee the wakeup will happen any later than the | ||
| 32 | * wake_q_add() location. Therefore task must be ready to be woken at the | ||
| 33 | * location of the wake_q_add(). | ||
| 30 | */ | 34 | */ |
| 31 | 35 | ||
| 32 | #include <linux/sched.h> | 36 | #include <linux/sched.h> |
diff --git a/kernel/exit.c b/kernel/exit.c index 284f2fe9a293..3fb7be001964 100644 --- a/kernel/exit.c +++ b/kernel/exit.c | |||
| @@ -307,7 +307,7 @@ void rcuwait_wake_up(struct rcuwait *w) | |||
| 307 | * MB (A) MB (B) | 307 | * MB (A) MB (B) |
| 308 | * [L] cond [L] tsk | 308 | * [L] cond [L] tsk |
| 309 | */ | 309 | */ |
| 310 | smp_rmb(); /* (B) */ | 310 | smp_mb(); /* (B) */ |
| 311 | 311 | ||
| 312 | /* | 312 | /* |
| 313 | * Avoid using task_rcu_dereference() magic as long as we are careful, | 313 | * Avoid using task_rcu_dereference() magic as long as we are careful, |
diff --git a/kernel/futex.c b/kernel/futex.c index be3bff2315ff..fdd312da0992 100644 --- a/kernel/futex.c +++ b/kernel/futex.c | |||
| @@ -1452,11 +1452,7 @@ static void mark_wake_futex(struct wake_q_head *wake_q, struct futex_q *q) | |||
| 1452 | if (WARN(q->pi_state || q->rt_waiter, "refusing to wake PI futex\n")) | 1452 | if (WARN(q->pi_state || q->rt_waiter, "refusing to wake PI futex\n")) |
| 1453 | return; | 1453 | return; |
| 1454 | 1454 | ||
| 1455 | /* | 1455 | get_task_struct(p); |
| 1456 | * Queue the task for later wakeup for after we've released | ||
| 1457 | * the hb->lock. wake_q_add() grabs reference to p. | ||
| 1458 | */ | ||
| 1459 | wake_q_add(wake_q, p); | ||
| 1460 | __unqueue_futex(q); | 1456 | __unqueue_futex(q); |
| 1461 | /* | 1457 | /* |
| 1462 | * The waiting task can free the futex_q as soon as q->lock_ptr = NULL | 1458 | * The waiting task can free the futex_q as soon as q->lock_ptr = NULL |
| @@ -1466,6 +1462,13 @@ static void mark_wake_futex(struct wake_q_head *wake_q, struct futex_q *q) | |||
| 1466 | * plist_del in __unqueue_futex(). | 1462 | * plist_del in __unqueue_futex(). |
| 1467 | */ | 1463 | */ |
| 1468 | smp_store_release(&q->lock_ptr, NULL); | 1464 | smp_store_release(&q->lock_ptr, NULL); |
| 1465 | |||
| 1466 | /* | ||
| 1467 | * Queue the task for later wakeup for after we've released | ||
| 1468 | * the hb->lock. wake_q_add() grabs reference to p. | ||
| 1469 | */ | ||
| 1470 | wake_q_add(wake_q, p); | ||
| 1471 | put_task_struct(p); | ||
| 1469 | } | 1472 | } |
| 1470 | 1473 | ||
| 1471 | /* | 1474 | /* |
diff --git a/kernel/locking/rwsem-xadd.c b/kernel/locking/rwsem-xadd.c index 09b180063ee1..50d9af615dc4 100644 --- a/kernel/locking/rwsem-xadd.c +++ b/kernel/locking/rwsem-xadd.c | |||
| @@ -198,15 +198,22 @@ static void __rwsem_mark_wake(struct rw_semaphore *sem, | |||
| 198 | woken++; | 198 | woken++; |
| 199 | tsk = waiter->task; | 199 | tsk = waiter->task; |
| 200 | 200 | ||
| 201 | wake_q_add(wake_q, tsk); | 201 | get_task_struct(tsk); |
| 202 | list_del(&waiter->list); | 202 | list_del(&waiter->list); |
| 203 | /* | 203 | /* |
| 204 | * Ensure that the last operation is setting the reader | 204 | * Ensure calling get_task_struct() before setting the reader |
| 205 | * waiter to nil such that rwsem_down_read_failed() cannot | 205 | * waiter to nil such that rwsem_down_read_failed() cannot |
| 206 | * race with do_exit() by always holding a reference count | 206 | * race with do_exit() by always holding a reference count |
| 207 | * to the task to wakeup. | 207 | * to the task to wakeup. |
| 208 | */ | 208 | */ |
| 209 | smp_store_release(&waiter->task, NULL); | 209 | smp_store_release(&waiter->task, NULL); |
| 210 | /* | ||
| 211 | * Ensure issuing the wakeup (either by us or someone else) | ||
| 212 | * after setting the reader waiter to nil. | ||
| 213 | */ | ||
| 214 | wake_q_add(wake_q, tsk); | ||
| 215 | /* wake_q_add() already take the task ref */ | ||
| 216 | put_task_struct(tsk); | ||
| 210 | } | 217 | } |
| 211 | 218 | ||
| 212 | adjustment = woken * RWSEM_ACTIVE_READ_BIAS - adjustment; | 219 | adjustment = woken * RWSEM_ACTIVE_READ_BIAS - adjustment; |
diff --git a/kernel/sched/core.c b/kernel/sched/core.c index a674c7db2f29..d8d76a65cfdd 100644 --- a/kernel/sched/core.c +++ b/kernel/sched/core.c | |||
| @@ -396,6 +396,18 @@ static bool set_nr_if_polling(struct task_struct *p) | |||
| 396 | #endif | 396 | #endif |
| 397 | #endif | 397 | #endif |
| 398 | 398 | ||
| 399 | /** | ||
| 400 | * wake_q_add() - queue a wakeup for 'later' waking. | ||
| 401 | * @head: the wake_q_head to add @task to | ||
| 402 | * @task: the task to queue for 'later' wakeup | ||
| 403 | * | ||
| 404 | * Queue a task for later wakeup, most likely by the wake_up_q() call in the | ||
| 405 | * same context, _HOWEVER_ this is not guaranteed, the wakeup can come | ||
| 406 | * instantly. | ||
| 407 | * | ||
| 408 | * This function must be used as-if it were wake_up_process(); IOW the task | ||
| 409 | * must be ready to be woken at this location. | ||
| 410 | */ | ||
| 399 | void wake_q_add(struct wake_q_head *head, struct task_struct *task) | 411 | void wake_q_add(struct wake_q_head *head, struct task_struct *task) |
| 400 | { | 412 | { |
| 401 | struct wake_q_node *node = &task->wake_q; | 413 | struct wake_q_node *node = &task->wake_q; |
| @@ -405,10 +417,11 @@ void wake_q_add(struct wake_q_head *head, struct task_struct *task) | |||
| 405 | * its already queued (either by us or someone else) and will get the | 417 | * its already queued (either by us or someone else) and will get the |
| 406 | * wakeup due to that. | 418 | * wakeup due to that. |
| 407 | * | 419 | * |
| 408 | * This cmpxchg() executes a full barrier, which pairs with the full | 420 | * In order to ensure that a pending wakeup will observe our pending |
| 409 | * barrier executed by the wakeup in wake_up_q(). | 421 | * state, even in the failed case, an explicit smp_mb() must be used. |
| 410 | */ | 422 | */ |
| 411 | if (cmpxchg(&node->next, NULL, WAKE_Q_TAIL)) | 423 | smp_mb__before_atomic(); |
| 424 | if (cmpxchg_relaxed(&node->next, NULL, WAKE_Q_TAIL)) | ||
| 412 | return; | 425 | return; |
| 413 | 426 | ||
| 414 | get_task_struct(task); | 427 | get_task_struct(task); |