From: Darren Hart <dvhltc@us.ibm.com>
To: linux-rt-users@vger.kernel.org, linux-kernel@vger.kernel.org
Cc: tglx@linutronix.de, peterz@infradead.org, rostedt@goodmis.org,
mingo@elte.hu, dino@in.ibm.com, johnstul@us.ibm.com,
John Kacur <jkacur@redhat.com>
Subject: Re: [PATCH 1/2] Update woken requeued futex_q lock_ptr
Date: Thu, 06 Aug 2009 17:24:41 -0700 [thread overview]
Message-ID: <4A7B7449.7070008@us.ibm.com> (raw)
In-Reply-To: <4A7A66D7.3090203@us.ibm.com>
Darren Hart wrote:
> Darren Hart wrote:
>> futex_requeue() can acquire the lock on behalf of a waiter during the
>> requeue
>> loop in the event of a lock steal or owner died.
>> futex_wait_requeue_pi() cleans
>> up the pi_state owner, using the lock_ptr to protect against
>> concurrent access
>> to the pi_state. The pi_state is found on the requeue target futex
>> hash bucket
>> so the lock_ptr needs to be updated accordingly. The problem
>> manifested by
>> triggering the WARN_ON in lookup_pi_state() about the pid !=
>> pi_state->owner
>> pid.
>> The astute reviewer will note that still exists a race between the time
>> futex_requeue() releases hb2->lock() and the time when
>> futex_wait_requeue_pi()
>> acquires it. During this time the pi_state and the futex uaddr are
>> not in sync
>> with the rt_mutex ownership. This patch closes the window to the
>> point where
>> my tests now pass, but we still need to address it.
>>
>> Note: Please apply to mainline and rt
>>
>
>
>> static inline
>> -void requeue_pi_wake_futex(struct futex_q *q, union futex_key *key)
>> +void requeue_pi_wake_futex(struct futex_q *q, union futex_key *key,
>> + struct futex_hash_bucket *hb)
>> {
>> drop_futex_key_refs(&q->key);
>> get_futex_key_refs(key);
>> q->key = *key;
>> + q->lock_ptr = &hb->lock;
>
> Hrm... turns out changing this breaks the
> handle_early_requeue_pi_wakeup() logic. I'll have to respin this patch
> to account for that as well. Please hold off on this patch.
In fact, this doesn't affect the handle_early_requeue_pi_wakeup() code
in the slightest. It only needs to hold a hb->lock (either one is
adequate) to ensure the requeue routine has completed. By changing the
q->lock_ptr of the waiter to hb2->lock we ensure the pi_state is
protected from concurrent access by futex_wait_requeue_pi() and new
contending threads.
Ingo, please apply to tip/urgent.
Thanks,
--
Darren Hart
IBM Linux Technology Center
Real-Time Linux Team
next prev parent reply other threads:[~2009-08-07 0:24 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-08-05 21:58 [PATCH 0/2] futex: requeue_pi lock steal deadlock fixes Darren Hart
2009-08-05 22:02 ` [PATCH 1/2] Update woken requeued futex_q lock_ptr Darren Hart
2009-08-06 5:15 ` Darren Hart
2009-08-07 0:24 ` Darren Hart [this message]
2009-08-08 15:27 ` [tip:core/urgent] futex: " tip-bot for Darren Hart
2009-08-09 20:24 ` tip-bot for Darren Hart
2009-08-09 20:56 ` Ingo Molnar
2009-08-09 22:03 ` Darren Hart
2009-08-09 22:18 ` Darren Hart
2009-08-05 22:04 ` [PATCH 2/2][RT] Avoid deadlock in rt_mutex_start_proxy_lock() Darren Hart
2009-08-05 22:04 ` Darren Hart
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4A7B7449.7070008@us.ibm.com \
--to=dvhltc@us.ibm.com \
--cc=dino@in.ibm.com \
--cc=jkacur@redhat.com \
--cc=johnstul@us.ibm.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-rt-users@vger.kernel.org \
--cc=mingo@elte.hu \
--cc=peterz@infradead.org \
--cc=rostedt@goodmis.org \
--cc=tglx@linutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.