aboutsummaryrefslogtreecommitdiffstats
path: root/kernel/futex.c
diff options
context:
space:
mode:
Diffstat (limited to 'kernel/futex.c')
-rw-r--r--kernel/futex.c351
1 files changed, 136 insertions, 215 deletions
diff --git a/kernel/futex.c b/kernel/futex.c
index 8af10027514b..b4f87bac91c1 100644
--- a/kernel/futex.c
+++ b/kernel/futex.c
@@ -92,11 +92,12 @@ struct futex_pi_state {
92 * A futex_q has a woken state, just like tasks have TASK_RUNNING. 92 * A futex_q has a woken state, just like tasks have TASK_RUNNING.
93 * It is considered woken when plist_node_empty(&q->list) || q->lock_ptr == 0. 93 * It is considered woken when plist_node_empty(&q->list) || q->lock_ptr == 0.
94 * The order of wakup is always to make the first condition true, then 94 * The order of wakup is always to make the first condition true, then
95 * wake up q->waiters, then make the second condition true. 95 * wake up q->waiter, then make the second condition true.
96 */ 96 */
97struct futex_q { 97struct futex_q {
98 struct plist_node list; 98 struct plist_node list;
99 wait_queue_head_t waiters; 99 /* There can only be a single waiter */
100 wait_queue_head_t waiter;
100 101
101 /* Which hash list lock to use: */ 102 /* Which hash list lock to use: */
102 spinlock_t *lock_ptr; 103 spinlock_t *lock_ptr;
@@ -123,24 +124,6 @@ struct futex_hash_bucket {
123static struct futex_hash_bucket futex_queues[1<<FUTEX_HASHBITS]; 124static struct futex_hash_bucket futex_queues[1<<FUTEX_HASHBITS];
124 125
125/* 126/*
126 * Take mm->mmap_sem, when futex is shared
127 */
128static inline void futex_lock_mm(struct rw_semaphore *fshared)
129{
130 if (fshared)
131 down_read(fshared);
132}
133
134/*
135 * Release mm->mmap_sem, when the futex is shared
136 */
137static inline void futex_unlock_mm(struct rw_semaphore *fshared)
138{
139 if (fshared)
140 up_read(fshared);
141}
142
143/*
144 * We hash on the keys returned from get_futex_key (see below). 127 * We hash on the keys returned from get_futex_key (see below).
145 */ 128 */
146static struct futex_hash_bucket *hash_futex(union futex_key *key) 129static struct futex_hash_bucket *hash_futex(union futex_key *key)
@@ -161,6 +144,45 @@ static inline int match_futex(union futex_key *key1, union futex_key *key2)
161 && key1->both.offset == key2->both.offset); 144 && key1->both.offset == key2->both.offset);
162} 145}
163 146
147/*
148 * Take a reference to the resource addressed by a key.
149 * Can be called while holding spinlocks.
150 *
151 */
152static void get_futex_key_refs(union futex_key *key)
153{
154 if (!key->both.ptr)
155 return;
156
157 switch (key->both.offset & (FUT_OFF_INODE|FUT_OFF_MMSHARED)) {
158 case FUT_OFF_INODE:
159 atomic_inc(&key->shared.inode->i_count);
160 break;
161 case FUT_OFF_MMSHARED:
162 atomic_inc(&key->private.mm->mm_count);
163 break;
164 }
165}
166
167/*
168 * Drop a reference to the resource addressed by a key.
169 * The hash bucket spinlock must not be held.
170 */
171static void drop_futex_key_refs(union futex_key *key)
172{
173 if (!key->both.ptr)
174 return;
175
176 switch (key->both.offset & (FUT_OFF_INODE|FUT_OFF_MMSHARED)) {
177 case FUT_OFF_INODE:
178 iput(key->shared.inode);
179 break;
180 case FUT_OFF_MMSHARED:
181 mmdrop(key->private.mm);
182 break;
183 }
184}
185
164/** 186/**
165 * get_futex_key - Get parameters which are the keys for a futex. 187 * get_futex_key - Get parameters which are the keys for a futex.
166 * @uaddr: virtual address of the futex 188 * @uaddr: virtual address of the futex
@@ -179,12 +201,10 @@ static inline int match_futex(union futex_key *key1, union futex_key *key2)
179 * For other futexes, it points to &current->mm->mmap_sem and 201 * For other futexes, it points to &current->mm->mmap_sem and
180 * caller must have taken the reader lock. but NOT any spinlocks. 202 * caller must have taken the reader lock. but NOT any spinlocks.
181 */ 203 */
182static int get_futex_key(u32 __user *uaddr, struct rw_semaphore *fshared, 204static int get_futex_key(u32 __user *uaddr, int fshared, union futex_key *key)
183 union futex_key *key)
184{ 205{
185 unsigned long address = (unsigned long)uaddr; 206 unsigned long address = (unsigned long)uaddr;
186 struct mm_struct *mm = current->mm; 207 struct mm_struct *mm = current->mm;
187 struct vm_area_struct *vma;
188 struct page *page; 208 struct page *page;
189 int err; 209 int err;
190 210
@@ -208,100 +228,50 @@ static int get_futex_key(u32 __user *uaddr, struct rw_semaphore *fshared,
208 return -EFAULT; 228 return -EFAULT;
209 key->private.mm = mm; 229 key->private.mm = mm;
210 key->private.address = address; 230 key->private.address = address;
231 get_futex_key_refs(key);
211 return 0; 232 return 0;
212 } 233 }
213 /*
214 * The futex is hashed differently depending on whether
215 * it's in a shared or private mapping. So check vma first.
216 */
217 vma = find_extend_vma(mm, address);
218 if (unlikely(!vma))
219 return -EFAULT;
220 234
221 /* 235again:
222 * Permissions. 236 err = get_user_pages_fast(address, 1, 0, &page);
223 */ 237 if (err < 0)
224 if (unlikely((vma->vm_flags & (VM_IO|VM_READ)) != VM_READ)) 238 return err;
225 return (vma->vm_flags & VM_IO) ? -EPERM : -EACCES; 239
240 lock_page(page);
241 if (!page->mapping) {
242 unlock_page(page);
243 put_page(page);
244 goto again;
245 }
226 246
227 /* 247 /*
228 * Private mappings are handled in a simple way. 248 * Private mappings are handled in a simple way.
229 * 249 *
230 * NOTE: When userspace waits on a MAP_SHARED mapping, even if 250 * NOTE: When userspace waits on a MAP_SHARED mapping, even if
231 * it's a read-only handle, it's expected that futexes attach to 251 * it's a read-only handle, it's expected that futexes attach to
232 * the object not the particular process. Therefore we use 252 * the object not the particular process.
233 * VM_MAYSHARE here, not VM_SHARED which is restricted to shared
234 * mappings of _writable_ handles.
235 */ 253 */
236 if (likely(!(vma->vm_flags & VM_MAYSHARE))) { 254 if (PageAnon(page)) {
237 key->both.offset |= FUT_OFF_MMSHARED; /* reference taken on mm */ 255 key->both.offset |= FUT_OFF_MMSHARED; /* ref taken on mm */
238 key->private.mm = mm; 256 key->private.mm = mm;
239 key->private.address = address; 257 key->private.address = address;
240 return 0; 258 } else {
259 key->both.offset |= FUT_OFF_INODE; /* inode-based key */
260 key->shared.inode = page->mapping->host;
261 key->shared.pgoff = page->index;
241 } 262 }
242 263
243 /* 264 get_futex_key_refs(key);
244 * Linear file mappings are also simple.
245 */
246 key->shared.inode = vma->vm_file->f_path.dentry->d_inode;
247 key->both.offset |= FUT_OFF_INODE; /* inode-based key. */
248 if (likely(!(vma->vm_flags & VM_NONLINEAR))) {
249 key->shared.pgoff = (((address - vma->vm_start) >> PAGE_SHIFT)
250 + vma->vm_pgoff);
251 return 0;
252 }
253 265
254 /* 266 unlock_page(page);
255 * We could walk the page table to read the non-linear 267 put_page(page);
256 * pte, and get the page index without fetching the page 268 return 0;
257 * from swap. But that's a lot of code to duplicate here
258 * for a rare case, so we simply fetch the page.
259 */
260 err = get_user_pages(current, mm, address, 1, 0, 0, &page, NULL);
261 if (err >= 0) {
262 key->shared.pgoff =
263 page->index << (PAGE_CACHE_SHIFT - PAGE_SHIFT);
264 put_page(page);
265 return 0;
266 }
267 return err;
268}
269
270/*
271 * Take a reference to the resource addressed by a key.
272 * Can be called while holding spinlocks.
273 *
274 */
275static void get_futex_key_refs(union futex_key *key)
276{
277 if (key->both.ptr == NULL)
278 return;
279 switch (key->both.offset & (FUT_OFF_INODE|FUT_OFF_MMSHARED)) {
280 case FUT_OFF_INODE:
281 atomic_inc(&key->shared.inode->i_count);
282 break;
283 case FUT_OFF_MMSHARED:
284 atomic_inc(&key->private.mm->mm_count);
285 break;
286 }
287} 269}
288 270
289/* 271static inline
290 * Drop a reference to the resource addressed by a key. 272void put_futex_key(int fshared, union futex_key *key)
291 * The hash bucket spinlock must not be held.
292 */
293static void drop_futex_key_refs(union futex_key *key)
294{ 273{
295 if (!key->both.ptr) 274 drop_futex_key_refs(key);
296 return;
297 switch (key->both.offset & (FUT_OFF_INODE|FUT_OFF_MMSHARED)) {
298 case FUT_OFF_INODE:
299 iput(key->shared.inode);
300 break;
301 case FUT_OFF_MMSHARED:
302 mmdrop(key->private.mm);
303 break;
304 }
305} 275}
306 276
307static u32 cmpxchg_futex_value_locked(u32 __user *uaddr, u32 uval, u32 newval) 277static u32 cmpxchg_futex_value_locked(u32 __user *uaddr, u32 uval, u32 newval)
@@ -328,10 +298,8 @@ static int get_futex_value_locked(u32 *dest, u32 __user *from)
328 298
329/* 299/*
330 * Fault handling. 300 * Fault handling.
331 * if fshared is non NULL, current->mm->mmap_sem is already held
332 */ 301 */
333static int futex_handle_fault(unsigned long address, 302static int futex_handle_fault(unsigned long address, int attempt)
334 struct rw_semaphore *fshared, int attempt)
335{ 303{
336 struct vm_area_struct * vma; 304 struct vm_area_struct * vma;
337 struct mm_struct *mm = current->mm; 305 struct mm_struct *mm = current->mm;
@@ -340,8 +308,7 @@ static int futex_handle_fault(unsigned long address,
340 if (attempt > 2) 308 if (attempt > 2)
341 return ret; 309 return ret;
342 310
343 if (!fshared) 311 down_read(&mm->mmap_sem);
344 down_read(&mm->mmap_sem);
345 vma = find_vma(mm, address); 312 vma = find_vma(mm, address);
346 if (vma && address >= vma->vm_start && 313 if (vma && address >= vma->vm_start &&
347 (vma->vm_flags & VM_WRITE)) { 314 (vma->vm_flags & VM_WRITE)) {
@@ -361,8 +328,7 @@ static int futex_handle_fault(unsigned long address,
361 current->min_flt++; 328 current->min_flt++;
362 } 329 }
363 } 330 }
364 if (!fshared) 331 up_read(&mm->mmap_sem);
365 up_read(&mm->mmap_sem);
366 return ret; 332 return ret;
367} 333}
368 334
@@ -385,6 +351,7 @@ static int refill_pi_state_cache(void)
385 /* pi_mutex gets initialized later */ 351 /* pi_mutex gets initialized later */
386 pi_state->owner = NULL; 352 pi_state->owner = NULL;
387 atomic_set(&pi_state->refcount, 1); 353 atomic_set(&pi_state->refcount, 1);
354 pi_state->key = FUTEX_KEY_INIT;
388 355
389 current->pi_state_cache = pi_state; 356 current->pi_state_cache = pi_state;
390 357
@@ -462,7 +429,7 @@ void exit_pi_state_list(struct task_struct *curr)
462 struct list_head *next, *head = &curr->pi_state_list; 429 struct list_head *next, *head = &curr->pi_state_list;
463 struct futex_pi_state *pi_state; 430 struct futex_pi_state *pi_state;
464 struct futex_hash_bucket *hb; 431 struct futex_hash_bucket *hb;
465 union futex_key key; 432 union futex_key key = FUTEX_KEY_INIT;
466 433
467 if (!futex_cmpxchg_enabled) 434 if (!futex_cmpxchg_enabled)
468 return; 435 return;
@@ -607,7 +574,7 @@ static void wake_futex(struct futex_q *q)
607 * The lock in wake_up_all() is a crucial memory barrier after the 574 * The lock in wake_up_all() is a crucial memory barrier after the
608 * plist_del() and also before assigning to q->lock_ptr. 575 * plist_del() and also before assigning to q->lock_ptr.
609 */ 576 */
610 wake_up_all(&q->waiters); 577 wake_up(&q->waiter);
611 /* 578 /*
612 * The waiting task can free the futex_q as soon as this is written, 579 * The waiting task can free the futex_q as soon as this is written,
613 * without taking any locks. This must come last. 580 * without taking any locks. This must come last.
@@ -719,20 +686,17 @@ double_lock_hb(struct futex_hash_bucket *hb1, struct futex_hash_bucket *hb2)
719 * Wake up all waiters hashed on the physical page that is mapped 686 * Wake up all waiters hashed on the physical page that is mapped
720 * to this virtual address: 687 * to this virtual address:
721 */ 688 */
722static int futex_wake(u32 __user *uaddr, struct rw_semaphore *fshared, 689static int futex_wake(u32 __user *uaddr, int fshared, int nr_wake, u32 bitset)
723 int nr_wake, u32 bitset)
724{ 690{
725 struct futex_hash_bucket *hb; 691 struct futex_hash_bucket *hb;
726 struct futex_q *this, *next; 692 struct futex_q *this, *next;
727 struct plist_head *head; 693 struct plist_head *head;
728 union futex_key key; 694 union futex_key key = FUTEX_KEY_INIT;
729 int ret; 695 int ret;
730 696
731 if (!bitset) 697 if (!bitset)
732 return -EINVAL; 698 return -EINVAL;
733 699
734 futex_lock_mm(fshared);
735
736 ret = get_futex_key(uaddr, fshared, &key); 700 ret = get_futex_key(uaddr, fshared, &key);
737 if (unlikely(ret != 0)) 701 if (unlikely(ret != 0))
738 goto out; 702 goto out;
@@ -760,7 +724,7 @@ static int futex_wake(u32 __user *uaddr, struct rw_semaphore *fshared,
760 724
761 spin_unlock(&hb->lock); 725 spin_unlock(&hb->lock);
762out: 726out:
763 futex_unlock_mm(fshared); 727 put_futex_key(fshared, &key);
764 return ret; 728 return ret;
765} 729}
766 730
@@ -769,19 +733,16 @@ out:
769 * to this virtual address: 733 * to this virtual address:
770 */ 734 */
771static int 735static int
772futex_wake_op(u32 __user *uaddr1, struct rw_semaphore *fshared, 736futex_wake_op(u32 __user *uaddr1, int fshared, u32 __user *uaddr2,
773 u32 __user *uaddr2,
774 int nr_wake, int nr_wake2, int op) 737 int nr_wake, int nr_wake2, int op)
775{ 738{
776 union futex_key key1, key2; 739 union futex_key key1 = FUTEX_KEY_INIT, key2 = FUTEX_KEY_INIT;
777 struct futex_hash_bucket *hb1, *hb2; 740 struct futex_hash_bucket *hb1, *hb2;
778 struct plist_head *head; 741 struct plist_head *head;
779 struct futex_q *this, *next; 742 struct futex_q *this, *next;
780 int ret, op_ret, attempt = 0; 743 int ret, op_ret, attempt = 0;
781 744
782retryfull: 745retryfull:
783 futex_lock_mm(fshared);
784
785 ret = get_futex_key(uaddr1, fshared, &key1); 746 ret = get_futex_key(uaddr1, fshared, &key1);
786 if (unlikely(ret != 0)) 747 if (unlikely(ret != 0))
787 goto out; 748 goto out;
@@ -826,18 +787,12 @@ retry:
826 */ 787 */
827 if (attempt++) { 788 if (attempt++) {
828 ret = futex_handle_fault((unsigned long)uaddr2, 789 ret = futex_handle_fault((unsigned long)uaddr2,
829 fshared, attempt); 790 attempt);
830 if (ret) 791 if (ret)
831 goto out; 792 goto out;
832 goto retry; 793 goto retry;
833 } 794 }
834 795
835 /*
836 * If we would have faulted, release mmap_sem,
837 * fault it in and start all over again.
838 */
839 futex_unlock_mm(fshared);
840
841 ret = get_user(dummy, uaddr2); 796 ret = get_user(dummy, uaddr2);
842 if (ret) 797 if (ret)
843 return ret; 798 return ret;
@@ -873,7 +828,8 @@ retry:
873 if (hb1 != hb2) 828 if (hb1 != hb2)
874 spin_unlock(&hb2->lock); 829 spin_unlock(&hb2->lock);
875out: 830out:
876 futex_unlock_mm(fshared); 831 put_futex_key(fshared, &key2);
832 put_futex_key(fshared, &key1);
877 833
878 return ret; 834 return ret;
879} 835}
@@ -882,19 +838,16 @@ out:
882 * Requeue all waiters hashed on one physical page to another 838 * Requeue all waiters hashed on one physical page to another
883 * physical page. 839 * physical page.
884 */ 840 */
885static int futex_requeue(u32 __user *uaddr1, struct rw_semaphore *fshared, 841static int futex_requeue(u32 __user *uaddr1, int fshared, u32 __user *uaddr2,
886 u32 __user *uaddr2,
887 int nr_wake, int nr_requeue, u32 *cmpval) 842 int nr_wake, int nr_requeue, u32 *cmpval)
888{ 843{
889 union futex_key key1, key2; 844 union futex_key key1 = FUTEX_KEY_INIT, key2 = FUTEX_KEY_INIT;
890 struct futex_hash_bucket *hb1, *hb2; 845 struct futex_hash_bucket *hb1, *hb2;
891 struct plist_head *head1; 846 struct plist_head *head1;
892 struct futex_q *this, *next; 847 struct futex_q *this, *next;
893 int ret, drop_count = 0; 848 int ret, drop_count = 0;
894 849
895 retry: 850 retry:
896 futex_lock_mm(fshared);
897
898 ret = get_futex_key(uaddr1, fshared, &key1); 851 ret = get_futex_key(uaddr1, fshared, &key1);
899 if (unlikely(ret != 0)) 852 if (unlikely(ret != 0))
900 goto out; 853 goto out;
@@ -917,12 +870,6 @@ static int futex_requeue(u32 __user *uaddr1, struct rw_semaphore *fshared,
917 if (hb1 != hb2) 870 if (hb1 != hb2)
918 spin_unlock(&hb2->lock); 871 spin_unlock(&hb2->lock);
919 872
920 /*
921 * If we would have faulted, release mmap_sem, fault
922 * it in and start all over again.
923 */
924 futex_unlock_mm(fshared);
925
926 ret = get_user(curval, uaddr1); 873 ret = get_user(curval, uaddr1);
927 874
928 if (!ret) 875 if (!ret)
@@ -974,7 +921,8 @@ out_unlock:
974 drop_futex_key_refs(&key1); 921 drop_futex_key_refs(&key1);
975 922
976out: 923out:
977 futex_unlock_mm(fshared); 924 put_futex_key(fshared, &key2);
925 put_futex_key(fshared, &key1);
978 return ret; 926 return ret;
979} 927}
980 928
@@ -983,7 +931,7 @@ static inline struct futex_hash_bucket *queue_lock(struct futex_q *q)
983{ 931{
984 struct futex_hash_bucket *hb; 932 struct futex_hash_bucket *hb;
985 933
986 init_waitqueue_head(&q->waiters); 934 init_waitqueue_head(&q->waiter);
987 935
988 get_futex_key_refs(&q->key); 936 get_futex_key_refs(&q->key);
989 hb = hash_futex(&q->key); 937 hb = hash_futex(&q->key);
@@ -1096,8 +1044,7 @@ static void unqueue_me_pi(struct futex_q *q)
1096 * private futexes. 1044 * private futexes.
1097 */ 1045 */
1098static int fixup_pi_state_owner(u32 __user *uaddr, struct futex_q *q, 1046static int fixup_pi_state_owner(u32 __user *uaddr, struct futex_q *q,
1099 struct task_struct *newowner, 1047 struct task_struct *newowner, int fshared)
1100 struct rw_semaphore *fshared)
1101{ 1048{
1102 u32 newtid = task_pid_vnr(newowner) | FUTEX_WAITERS; 1049 u32 newtid = task_pid_vnr(newowner) | FUTEX_WAITERS;
1103 struct futex_pi_state *pi_state = q->pi_state; 1050 struct futex_pi_state *pi_state = q->pi_state;
@@ -1176,7 +1123,7 @@ retry:
1176handle_fault: 1123handle_fault:
1177 spin_unlock(q->lock_ptr); 1124 spin_unlock(q->lock_ptr);
1178 1125
1179 ret = futex_handle_fault((unsigned long)uaddr, fshared, attempt++); 1126 ret = futex_handle_fault((unsigned long)uaddr, attempt++);
1180 1127
1181 spin_lock(q->lock_ptr); 1128 spin_lock(q->lock_ptr);
1182 1129
@@ -1196,12 +1143,13 @@ handle_fault:
1196 * In case we must use restart_block to restart a futex_wait, 1143 * In case we must use restart_block to restart a futex_wait,
1197 * we encode in the 'flags' shared capability 1144 * we encode in the 'flags' shared capability
1198 */ 1145 */
1199#define FLAGS_SHARED 1 1146#define FLAGS_SHARED 0x01
1147#define FLAGS_CLOCKRT 0x02
1200 1148
1201static long futex_wait_restart(struct restart_block *restart); 1149static long futex_wait_restart(struct restart_block *restart);
1202 1150
1203static int futex_wait(u32 __user *uaddr, struct rw_semaphore *fshared, 1151static int futex_wait(u32 __user *uaddr, int fshared,
1204 u32 val, ktime_t *abs_time, u32 bitset) 1152 u32 val, ktime_t *abs_time, u32 bitset, int clockrt)
1205{ 1153{
1206 struct task_struct *curr = current; 1154 struct task_struct *curr = current;
1207 DECLARE_WAITQUEUE(wait, curr); 1155 DECLARE_WAITQUEUE(wait, curr);
@@ -1218,8 +1166,7 @@ static int futex_wait(u32 __user *uaddr, struct rw_semaphore *fshared,
1218 q.pi_state = NULL; 1166 q.pi_state = NULL;
1219 q.bitset = bitset; 1167 q.bitset = bitset;
1220 retry: 1168 retry:
1221 futex_lock_mm(fshared); 1169 q.key = FUTEX_KEY_INIT;
1222
1223 ret = get_futex_key(uaddr, fshared, &q.key); 1170 ret = get_futex_key(uaddr, fshared, &q.key);
1224 if (unlikely(ret != 0)) 1171 if (unlikely(ret != 0))
1225 goto out_release_sem; 1172 goto out_release_sem;
@@ -1251,12 +1198,6 @@ static int futex_wait(u32 __user *uaddr, struct rw_semaphore *fshared,
1251 if (unlikely(ret)) { 1198 if (unlikely(ret)) {
1252 queue_unlock(&q, hb); 1199 queue_unlock(&q, hb);
1253 1200
1254 /*
1255 * If we would have faulted, release mmap_sem, fault it in and
1256 * start all over again.
1257 */
1258 futex_unlock_mm(fshared);
1259
1260 ret = get_user(uval, uaddr); 1201 ret = get_user(uval, uaddr);
1261 1202
1262 if (!ret) 1203 if (!ret)
@@ -1271,12 +1212,6 @@ static int futex_wait(u32 __user *uaddr, struct rw_semaphore *fshared,
1271 queue_me(&q, hb); 1212 queue_me(&q, hb);
1272 1213
1273 /* 1214 /*
1274 * Now the futex is queued and we have checked the data, we
1275 * don't want to hold mmap_sem while we sleep.
1276 */
1277 futex_unlock_mm(fshared);
1278
1279 /*
1280 * There might have been scheduling since the queue_me(), as we 1215 * There might have been scheduling since the queue_me(), as we
1281 * cannot hold a spinlock across the get_user() in case it 1216 * cannot hold a spinlock across the get_user() in case it
1282 * faults, and we cannot just set TASK_INTERRUPTIBLE state when 1217 * faults, and we cannot just set TASK_INTERRUPTIBLE state when
@@ -1287,7 +1222,7 @@ static int futex_wait(u32 __user *uaddr, struct rw_semaphore *fshared,
1287 1222
1288 /* add_wait_queue is the barrier after __set_current_state. */ 1223 /* add_wait_queue is the barrier after __set_current_state. */
1289 __set_current_state(TASK_INTERRUPTIBLE); 1224 __set_current_state(TASK_INTERRUPTIBLE);
1290 add_wait_queue(&q.waiters, &wait); 1225 add_wait_queue(&q.waiter, &wait);
1291 /* 1226 /*
1292 * !plist_node_empty() is safe here without any lock. 1227 * !plist_node_empty() is safe here without any lock.
1293 * q.lock_ptr != 0 is not safe, because of ordering against wakeup. 1228 * q.lock_ptr != 0 is not safe, because of ordering against wakeup.
@@ -1300,8 +1235,10 @@ static int futex_wait(u32 __user *uaddr, struct rw_semaphore *fshared,
1300 slack = current->timer_slack_ns; 1235 slack = current->timer_slack_ns;
1301 if (rt_task(current)) 1236 if (rt_task(current))
1302 slack = 0; 1237 slack = 0;
1303 hrtimer_init_on_stack(&t.timer, CLOCK_MONOTONIC, 1238 hrtimer_init_on_stack(&t.timer,
1304 HRTIMER_MODE_ABS); 1239 clockrt ? CLOCK_REALTIME :
1240 CLOCK_MONOTONIC,
1241 HRTIMER_MODE_ABS);
1305 hrtimer_init_sleeper(&t, current); 1242 hrtimer_init_sleeper(&t, current);
1306 hrtimer_set_expires_range_ns(&t.timer, *abs_time, slack); 1243 hrtimer_set_expires_range_ns(&t.timer, *abs_time, slack);
1307 1244
@@ -1356,6 +1293,8 @@ static int futex_wait(u32 __user *uaddr, struct rw_semaphore *fshared,
1356 1293
1357 if (fshared) 1294 if (fshared)
1358 restart->futex.flags |= FLAGS_SHARED; 1295 restart->futex.flags |= FLAGS_SHARED;
1296 if (clockrt)
1297 restart->futex.flags |= FLAGS_CLOCKRT;
1359 return -ERESTART_RESTARTBLOCK; 1298 return -ERESTART_RESTARTBLOCK;
1360 } 1299 }
1361 1300
@@ -1363,7 +1302,7 @@ static int futex_wait(u32 __user *uaddr, struct rw_semaphore *fshared,
1363 queue_unlock(&q, hb); 1302 queue_unlock(&q, hb);
1364 1303
1365 out_release_sem: 1304 out_release_sem:
1366 futex_unlock_mm(fshared); 1305 put_futex_key(fshared, &q.key);
1367 return ret; 1306 return ret;
1368} 1307}
1369 1308
@@ -1371,15 +1310,16 @@ static int futex_wait(u32 __user *uaddr, struct rw_semaphore *fshared,
1371static long futex_wait_restart(struct restart_block *restart) 1310static long futex_wait_restart(struct restart_block *restart)
1372{ 1311{
1373 u32 __user *uaddr = (u32 __user *)restart->futex.uaddr; 1312 u32 __user *uaddr = (u32 __user *)restart->futex.uaddr;
1374 struct rw_semaphore *fshared = NULL; 1313 int fshared = 0;
1375 ktime_t t; 1314 ktime_t t;
1376 1315
1377 t.tv64 = restart->futex.time; 1316 t.tv64 = restart->futex.time;
1378 restart->fn = do_no_restart_syscall; 1317 restart->fn = do_no_restart_syscall;
1379 if (restart->futex.flags & FLAGS_SHARED) 1318 if (restart->futex.flags & FLAGS_SHARED)
1380 fshared = &current->mm->mmap_sem; 1319 fshared = 1;
1381 return (long)futex_wait(uaddr, fshared, restart->futex.val, &t, 1320 return (long)futex_wait(uaddr, fshared, restart->futex.val, &t,
1382 restart->futex.bitset); 1321 restart->futex.bitset,
1322 restart->futex.flags & FLAGS_CLOCKRT);
1383} 1323}
1384 1324
1385 1325
@@ -1389,7 +1329,7 @@ static long futex_wait_restart(struct restart_block *restart)
1389 * if there are waiters then it will block, it does PI, etc. (Due to 1329 * if there are waiters then it will block, it does PI, etc. (Due to
1390 * races the kernel might see a 0 value of the futex too.) 1330 * races the kernel might see a 0 value of the futex too.)
1391 */ 1331 */
1392static int futex_lock_pi(u32 __user *uaddr, struct rw_semaphore *fshared, 1332static int futex_lock_pi(u32 __user *uaddr, int fshared,
1393 int detect, ktime_t *time, int trylock) 1333 int detect, ktime_t *time, int trylock)
1394{ 1334{
1395 struct hrtimer_sleeper timeout, *to = NULL; 1335 struct hrtimer_sleeper timeout, *to = NULL;
@@ -1412,8 +1352,7 @@ static int futex_lock_pi(u32 __user *uaddr, struct rw_semaphore *fshared,
1412 1352
1413 q.pi_state = NULL; 1353 q.pi_state = NULL;
1414 retry: 1354 retry:
1415 futex_lock_mm(fshared); 1355 q.key = FUTEX_KEY_INIT;
1416
1417 ret = get_futex_key(uaddr, fshared, &q.key); 1356 ret = get_futex_key(uaddr, fshared, &q.key);
1418 if (unlikely(ret != 0)) 1357 if (unlikely(ret != 0))
1419 goto out_release_sem; 1358 goto out_release_sem;
@@ -1502,7 +1441,6 @@ static int futex_lock_pi(u32 __user *uaddr, struct rw_semaphore *fshared,
1502 * exit to complete. 1441 * exit to complete.
1503 */ 1442 */
1504 queue_unlock(&q, hb); 1443 queue_unlock(&q, hb);
1505 futex_unlock_mm(fshared);
1506 cond_resched(); 1444 cond_resched();
1507 goto retry; 1445 goto retry;
1508 1446
@@ -1534,12 +1472,6 @@ static int futex_lock_pi(u32 __user *uaddr, struct rw_semaphore *fshared,
1534 */ 1472 */
1535 queue_me(&q, hb); 1473 queue_me(&q, hb);
1536 1474
1537 /*
1538 * Now the futex is queued and we have checked the data, we
1539 * don't want to hold mmap_sem while we sleep.
1540 */
1541 futex_unlock_mm(fshared);
1542
1543 WARN_ON(!q.pi_state); 1475 WARN_ON(!q.pi_state);
1544 /* 1476 /*
1545 * Block on the PI mutex: 1477 * Block on the PI mutex:
@@ -1552,7 +1484,6 @@ static int futex_lock_pi(u32 __user *uaddr, struct rw_semaphore *fshared,
1552 ret = ret ? 0 : -EWOULDBLOCK; 1484 ret = ret ? 0 : -EWOULDBLOCK;
1553 } 1485 }
1554 1486
1555 futex_lock_mm(fshared);
1556 spin_lock(q.lock_ptr); 1487 spin_lock(q.lock_ptr);
1557 1488
1558 if (!ret) { 1489 if (!ret) {
@@ -1618,7 +1549,6 @@ static int futex_lock_pi(u32 __user *uaddr, struct rw_semaphore *fshared,
1618 1549
1619 /* Unqueue and drop the lock */ 1550 /* Unqueue and drop the lock */
1620 unqueue_me_pi(&q); 1551 unqueue_me_pi(&q);
1621 futex_unlock_mm(fshared);
1622 1552
1623 if (to) 1553 if (to)
1624 destroy_hrtimer_on_stack(&to->timer); 1554 destroy_hrtimer_on_stack(&to->timer);
@@ -1628,34 +1558,30 @@ static int futex_lock_pi(u32 __user *uaddr, struct rw_semaphore *fshared,
1628 queue_unlock(&q, hb); 1558 queue_unlock(&q, hb);
1629 1559
1630 out_release_sem: 1560 out_release_sem:
1631 futex_unlock_mm(fshared); 1561 put_futex_key(fshared, &q.key);
1632 if (to) 1562 if (to)
1633 destroy_hrtimer_on_stack(&to->timer); 1563 destroy_hrtimer_on_stack(&to->timer);
1634 return ret; 1564 return ret;
1635 1565
1636 uaddr_faulted: 1566 uaddr_faulted:
1637 /* 1567 /*
1638 * We have to r/w *(int __user *)uaddr, but we can't modify it 1568 * We have to r/w *(int __user *)uaddr, and we have to modify it
1639 * non-atomically. Therefore, if get_user below is not 1569 * atomically. Therefore, if we continue to fault after get_user()
1640 * enough, we need to handle the fault ourselves, while 1570 * below, we need to handle the fault ourselves, while still holding
1641 * still holding the mmap_sem. 1571 * the mmap_sem. This can occur if the uaddr is under contention as
1642 * 1572 * we have to drop the mmap_sem in order to call get_user().
1643 * ... and hb->lock. :-) --ANK
1644 */ 1573 */
1645 queue_unlock(&q, hb); 1574 queue_unlock(&q, hb);
1646 1575
1647 if (attempt++) { 1576 if (attempt++) {
1648 ret = futex_handle_fault((unsigned long)uaddr, fshared, 1577 ret = futex_handle_fault((unsigned long)uaddr, attempt);
1649 attempt);
1650 if (ret) 1578 if (ret)
1651 goto out_release_sem; 1579 goto out_release_sem;
1652 goto retry_unlocked; 1580 goto retry_unlocked;
1653 } 1581 }
1654 1582
1655 futex_unlock_mm(fshared);
1656
1657 ret = get_user(uval, uaddr); 1583 ret = get_user(uval, uaddr);
1658 if (!ret && (uval != -EFAULT)) 1584 if (!ret)
1659 goto retry; 1585 goto retry;
1660 1586
1661 if (to) 1587 if (to)
@@ -1668,13 +1594,13 @@ static int futex_lock_pi(u32 __user *uaddr, struct rw_semaphore *fshared,
1668 * This is the in-kernel slowpath: we look up the PI state (if any), 1594 * This is the in-kernel slowpath: we look up the PI state (if any),
1669 * and do the rt-mutex unlock. 1595 * and do the rt-mutex unlock.
1670 */ 1596 */
1671static int futex_unlock_pi(u32 __user *uaddr, struct rw_semaphore *fshared) 1597static int futex_unlock_pi(u32 __user *uaddr, int fshared)
1672{ 1598{
1673 struct futex_hash_bucket *hb; 1599 struct futex_hash_bucket *hb;
1674 struct futex_q *this, *next; 1600 struct futex_q *this, *next;
1675 u32 uval; 1601 u32 uval;
1676 struct plist_head *head; 1602 struct plist_head *head;
1677 union futex_key key; 1603 union futex_key key = FUTEX_KEY_INIT;
1678 int ret, attempt = 0; 1604 int ret, attempt = 0;
1679 1605
1680retry: 1606retry:
@@ -1685,10 +1611,6 @@ retry:
1685 */ 1611 */
1686 if ((uval & FUTEX_TID_MASK) != task_pid_vnr(current)) 1612 if ((uval & FUTEX_TID_MASK) != task_pid_vnr(current))
1687 return -EPERM; 1613 return -EPERM;
1688 /*
1689 * First take all the futex related locks:
1690 */
1691 futex_lock_mm(fshared);
1692 1614
1693 ret = get_futex_key(uaddr, fshared, &key); 1615 ret = get_futex_key(uaddr, fshared, &key);
1694 if (unlikely(ret != 0)) 1616 if (unlikely(ret != 0))
@@ -1747,34 +1669,30 @@ retry_unlocked:
1747out_unlock: 1669out_unlock:
1748 spin_unlock(&hb->lock); 1670 spin_unlock(&hb->lock);
1749out: 1671out:
1750 futex_unlock_mm(fshared); 1672 put_futex_key(fshared, &key);
1751 1673
1752 return ret; 1674 return ret;
1753 1675
1754pi_faulted: 1676pi_faulted:
1755 /* 1677 /*
1756 * We have to r/w *(int __user *)uaddr, but we can't modify it 1678 * We have to r/w *(int __user *)uaddr, and we have to modify it
1757 * non-atomically. Therefore, if get_user below is not 1679 * atomically. Therefore, if we continue to fault after get_user()
1758 * enough, we need to handle the fault ourselves, while 1680 * below, we need to handle the fault ourselves, while still holding
1759 * still holding the mmap_sem. 1681 * the mmap_sem. This can occur if the uaddr is under contention as
1760 * 1682 * we have to drop the mmap_sem in order to call get_user().
1761 * ... and hb->lock. --ANK
1762 */ 1683 */
1763 spin_unlock(&hb->lock); 1684 spin_unlock(&hb->lock);
1764 1685
1765 if (attempt++) { 1686 if (attempt++) {
1766 ret = futex_handle_fault((unsigned long)uaddr, fshared, 1687 ret = futex_handle_fault((unsigned long)uaddr, attempt);
1767 attempt);
1768 if (ret) 1688 if (ret)
1769 goto out; 1689 goto out;
1770 uval = 0; 1690 uval = 0;
1771 goto retry_unlocked; 1691 goto retry_unlocked;
1772 } 1692 }
1773 1693
1774 futex_unlock_mm(fshared);
1775
1776 ret = get_user(uval, uaddr); 1694 ret = get_user(uval, uaddr);
1777 if (!ret && (uval != -EFAULT)) 1695 if (!ret)
1778 goto retry; 1696 goto retry;
1779 1697
1780 return ret; 1698 return ret;
@@ -1898,8 +1816,7 @@ retry:
1898 * PI futexes happens in exit_pi_state(): 1816 * PI futexes happens in exit_pi_state():
1899 */ 1817 */
1900 if (!pi && (uval & FUTEX_WAITERS)) 1818 if (!pi && (uval & FUTEX_WAITERS))
1901 futex_wake(uaddr, &curr->mm->mmap_sem, 1, 1819 futex_wake(uaddr, 1, 1, FUTEX_BITSET_MATCH_ANY);
1902 FUTEX_BITSET_MATCH_ANY);
1903 } 1820 }
1904 return 0; 1821 return 0;
1905} 1822}
@@ -1993,18 +1910,22 @@ void exit_robust_list(struct task_struct *curr)
1993long do_futex(u32 __user *uaddr, int op, u32 val, ktime_t *timeout, 1910long do_futex(u32 __user *uaddr, int op, u32 val, ktime_t *timeout,
1994 u32 __user *uaddr2, u32 val2, u32 val3) 1911 u32 __user *uaddr2, u32 val2, u32 val3)
1995{ 1912{
1996 int ret = -ENOSYS; 1913 int clockrt, ret = -ENOSYS;
1997 int cmd = op & FUTEX_CMD_MASK; 1914 int cmd = op & FUTEX_CMD_MASK;
1998 struct rw_semaphore *fshared = NULL; 1915 int fshared = 0;
1999 1916
2000 if (!(op & FUTEX_PRIVATE_FLAG)) 1917 if (!(op & FUTEX_PRIVATE_FLAG))
2001 fshared = &current->mm->mmap_sem; 1918 fshared = 1;
1919
1920 clockrt = op & FUTEX_CLOCK_REALTIME;
1921 if (clockrt && cmd != FUTEX_WAIT_BITSET)
1922 return -ENOSYS;
2002 1923
2003 switch (cmd) { 1924 switch (cmd) {
2004 case FUTEX_WAIT: 1925 case FUTEX_WAIT:
2005 val3 = FUTEX_BITSET_MATCH_ANY; 1926 val3 = FUTEX_BITSET_MATCH_ANY;
2006 case FUTEX_WAIT_BITSET: 1927 case FUTEX_WAIT_BITSET:
2007 ret = futex_wait(uaddr, fshared, val, timeout, val3); 1928 ret = futex_wait(uaddr, fshared, val, timeout, val3, clockrt);
2008 break; 1929 break;
2009 case FUTEX_WAKE: 1930 case FUTEX_WAKE:
2010 val3 = FUTEX_BITSET_MATCH_ANY; 1931 val3 = FUTEX_BITSET_MATCH_ANY;
generated by cgit v1.2.2 (git 2.25.0) at 2024-12-19 15:57:02 -0500