diff options
| author | Darren Hart <dvhltc@us.ibm.com> | 2009-08-09 18:34:39 -0400 |
|---|---|---|
| committer | Ingo Molnar <mingo@elte.hu> | 2009-08-10 05:07:03 -0400 |
| commit | beda2c7ea2c15ed01eef00a997d2b0496c3a502d (patch) | |
| tree | 17a6849721e2cee1165e7cb95e01718c1120a442 | |
| parent | f4b9a988685da6386d7f9a72df3098bcc3270526 (diff) | |
futex: Update futex_q lock_ptr on requeue proxy lock
futex_requeue() can acquire the lock on behalf of a waiter
early on or during the requeue loop if it is uncontended or in
the event of a lock steal or owner died. On wakeup, the waiter
(in futex_wait_requeue_pi()) cleans up the pi_state owner using
the lock_ptr to protect against concurrent access to the
pi_state. The pi_state is hung off futex_q's on the requeue
target futex hash bucket so the lock_ptr needs to be updated
accordingly.
The problem manifested by triggering the WARN_ON in
lookup_pi_state() about the pid != pi_state->owner->pid. With
this patch, the pi_state is properly guarded against concurrent
access via the requeue target hb lock.
The astute reviewer may notice that there is a window of time
between when futex_requeue() unlocks the hb locks and when
futex_wait_requeue_pi() will acquire hb2->lock. During this
time the pi_state and uval are not in sync with the underlying
rtmutex owner (but the uval does indicate there are waiters, so
no atomic changes will occur in userspace). However, this is
not a problem. Should a contending thread enter
lookup_pi_state() and acquire hb2->lock before the ownership is
fixed up, it will find the pi_state hung off a waiter's
(possibly the pending owner's) futex_q and block on the
rtmutex. Once futex_wait_requeue_pi() fixes up the owner, it
will also move the pi_state from the old owner's
task->pi_state_list to its own.
v3: Fix plist lock name for application to mainline (rather
than -rt) Compile tested against tip/v2.6.31-rc5.
Signed-off-by: Darren Hart <dvhltc@us.ibm.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Steven Rostedt <rostedt@goodmis.org>
Cc: Eric Dumazet <eric.dumazet@gmail.com>
Cc: Dinakar Guniguntala <dino@in.ibm.com>
Cc: John Stultz <johnstul@linux.vnet.ibm.com>
LKML-Reference: <4A7F4EFF.6090903@us.ibm.com>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
| -rw-r--r-- | kernel/futex.c | 17 |
1 files changed, 13 insertions, 4 deletions
diff --git a/kernel/futex.c b/kernel/futex.c index 0672ff88f159..8cc3ee1363a0 100644 --- a/kernel/futex.c +++ b/kernel/futex.c | |||
| @@ -1010,15 +1010,19 @@ void requeue_futex(struct futex_q *q, struct futex_hash_bucket *hb1, | |||
| 1010 | * requeue_pi_wake_futex() - Wake a task that acquired the lock during requeue | 1010 | * requeue_pi_wake_futex() - Wake a task that acquired the lock during requeue |
| 1011 | * q: the futex_q | 1011 | * q: the futex_q |
| 1012 | * key: the key of the requeue target futex | 1012 | * key: the key of the requeue target futex |
| 1013 | * hb: the hash_bucket of the requeue target futex | ||
| 1013 | * | 1014 | * |
| 1014 | * During futex_requeue, with requeue_pi=1, it is possible to acquire the | 1015 | * During futex_requeue, with requeue_pi=1, it is possible to acquire the |
| 1015 | * target futex if it is uncontended or via a lock steal. Set the futex_q key | 1016 | * target futex if it is uncontended or via a lock steal. Set the futex_q key |
| 1016 | * to the requeue target futex so the waiter can detect the wakeup on the right | 1017 | * to the requeue target futex so the waiter can detect the wakeup on the right |
| 1017 | * futex, but remove it from the hb and NULL the rt_waiter so it can detect | 1018 | * futex, but remove it from the hb and NULL the rt_waiter so it can detect |
| 1018 | * atomic lock acquisition. Must be called with the q->lock_ptr held. | 1019 | * atomic lock acquisition. Set the q->lock_ptr to the requeue target hb->lock |
| 1020 | * to protect access to the pi_state to fixup the owner later. Must be called | ||
| 1021 | * with both q->lock_ptr and hb->lock held. | ||
| 1019 | */ | 1022 | */ |
| 1020 | static inline | 1023 | static inline |
| 1021 | void requeue_pi_wake_futex(struct futex_q *q, union futex_key *key) | 1024 | void requeue_pi_wake_futex(struct futex_q *q, union futex_key *key, |
| 1025 | struct futex_hash_bucket *hb) | ||
| 1022 | { | 1026 | { |
| 1023 | drop_futex_key_refs(&q->key); | 1027 | drop_futex_key_refs(&q->key); |
| 1024 | get_futex_key_refs(key); | 1028 | get_futex_key_refs(key); |
| @@ -1030,6 +1034,11 @@ void requeue_pi_wake_futex(struct futex_q *q, union futex_key *key) | |||
| 1030 | WARN_ON(!q->rt_waiter); | 1034 | WARN_ON(!q->rt_waiter); |
| 1031 | q->rt_waiter = NULL; | 1035 | q->rt_waiter = NULL; |
| 1032 | 1036 | ||
| 1037 | q->lock_ptr = &hb->lock; | ||
| 1038 | #ifdef CONFIG_DEBUG_PI_LIST | ||
| 1039 | q->list.plist.lock = &hb->lock; | ||
| 1040 | #endif | ||
| 1041 | |||
| 1033 | wake_up_state(q->task, TASK_NORMAL); | 1042 | wake_up_state(q->task, TASK_NORMAL); |
| 1034 | } | 1043 | } |
| 1035 | 1044 | ||
| @@ -1088,7 +1097,7 @@ static int futex_proxy_trylock_atomic(u32 __user *pifutex, | |||
| 1088 | ret = futex_lock_pi_atomic(pifutex, hb2, key2, ps, top_waiter->task, | 1097 | ret = futex_lock_pi_atomic(pifutex, hb2, key2, ps, top_waiter->task, |
| 1089 | set_waiters); | 1098 | set_waiters); |
| 1090 | if (ret == 1) | 1099 | if (ret == 1) |
| 1091 | requeue_pi_wake_futex(top_waiter, key2); | 1100 | requeue_pi_wake_futex(top_waiter, key2, hb2); |
| 1092 | 1101 | ||
| 1093 | return ret; | 1102 | return ret; |
| 1094 | } | 1103 | } |
| @@ -1273,7 +1282,7 @@ retry_private: | |||
| 1273 | this->task, 1); | 1282 | this->task, 1); |
| 1274 | if (ret == 1) { | 1283 | if (ret == 1) { |
| 1275 | /* We got the lock. */ | 1284 | /* We got the lock. */ |
| 1276 | requeue_pi_wake_futex(this, &key2); | 1285 | requeue_pi_wake_futex(this, &key2, hb2); |
| 1277 | continue; | 1286 | continue; |
| 1278 | } else if (ret) { | 1287 | } else if (ret) { |
| 1279 | /* -EDEADLK */ | 1288 | /* -EDEADLK */ |