From: Darren Hart <dvhltc@us.ibm.com>
To: Ingo Molnar <mingo@elte.hu>, linux-kernel@vger.kernel.org
Cc: Peter Zijlstra <peterz@infradead.org>,
Thomas Gleixner <tglx@linutronix.de>,
Rusty Russell <rusty@au1.ibm.com>
Subject: Re: [PATCH 2/2] futex: correct futex_requeue futex key ref counting in requeue loop
Date: Tue, 30 Dec 2008 15:36:05 -0800 [thread overview]
Message-ID: <495AB065.3080707@us.ibm.com> (raw)
In-Reply-To: <20081229185402.10342.77396.stgit@Aeon>
Darren Hart wrote:
> The requeue loop takes multiple references to key2, but the corresponding
> put loop decrements the refs for key1. This patch corrects the accounting.
>
> Build and boot tested on an x86_64 system.
>
> Signed-off-by: Darren Hart <dvhltc@us.ibm.com>
> Cc: Peter Zijlstra <peterz@infradead.org>
> Cc: Thomas Gleixner <tglx@linutronix.de>
> Cc: Rusty Russell <rusty@au1.ibm.com>
> ---
>
> kernel/futex.c | 2 +-
> 1 files changed, 1 insertions(+), 1 deletions(-)
>
> diff --git a/kernel/futex.c b/kernel/futex.c
> index cf363ce..3b66d91 100644
> --- a/kernel/futex.c
> +++ b/kernel/futex.c
> @@ -919,7 +919,7 @@ out_unlock:
>
> /* drop_futex_key_refs() must be called outside the spinlocks. */
> while (--drop_count >= 0)
> - drop_futex_key_refs(&key1);
> + drop_futex_key_refs(&key2);
>
> put_futex_key(fshared, &key2);
> out_put_key1:
>
Ugh, so I'm having second thoughts about this patch. I believe what is
happening here is that the requeue loop requeues each waiter from one
futex (key1) to another (key2). It rightly takes a reference to the
futex at key2 and then decrements the references to key1 by drop_count
(since the waiters now reference key2, not key1). The newly taken key2
references will be dropped in futex_wait() when each waiter is woken up
and takes the futex.
I apologize for the confusion on this. Thanks for suggesting I send
this patch out independently from the rest Peter ;-)
If we can come to a consensus on this, I suggest pulling this patch from
tip/core/futexes.
--
Darren Hart
IBM Linux Technology Center
Real-Time Linux Team
next prev parent reply other threads:[~2008-12-30 23:36 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-12-29 18:53 [PATCH 0/2] futex_key reference accounting fixes Darren Hart
2008-12-29 18:53 ` [PATCH 1/2] futex: make futex_(get|put)_key() calls symmetric Darren Hart
2008-12-29 23:49 ` Darren Hart
2008-12-29 18:54 ` [PATCH 2/2] futex: correct futex_requeue futex key ref counting in requeue loop Darren Hart
2008-12-30 23:36 ` Darren Hart [this message]
2009-01-02 22:13 ` Ingo Molnar
2008-12-30 5:39 ` [PATCH 0/2] futex_key reference accounting fixes Ingo Molnar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=495AB065.3080707@us.ibm.com \
--to=dvhltc@us.ibm.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@elte.hu \
--cc=peterz@infradead.org \
--cc=rusty@au1.ibm.com \
--cc=tglx@linutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.