From mboxrd@z Thu Jan 1 00:00:00 1970 From: Darren Hart Subject: Re: [PATCH 1/2] Update woken requeued futex_q lock_ptr Date: Thu, 06 Aug 2009 17:24:41 -0700 Message-ID: <4A7B7449.7070008@us.ibm.com> References: <4A7A009E.2000202@us.ibm.com> <4A7A016C.1090002@us.ibm.com> <4A7A66D7.3090203@us.ibm.com> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: tglx@linutronix.de, peterz@infradead.org, rostedt@goodmis.org, mingo@elte.hu, dino@in.ibm.com, johnstul@us.ibm.com, John Kacur To: linux-rt-users@vger.kernel.org, linux-kernel@vger.kernel.org Return-path: In-Reply-To: <4A7A66D7.3090203@us.ibm.com> Sender: linux-kernel-owner@vger.kernel.org List-Id: linux-rt-users.vger.kernel.org Darren Hart wrote: > Darren Hart wrote: >> futex_requeue() can acquire the lock on behalf of a waiter during the >> requeue >> loop in the event of a lock steal or owner died. >> futex_wait_requeue_pi() cleans >> up the pi_state owner, using the lock_ptr to protect against >> concurrent access >> to the pi_state. The pi_state is found on the requeue target futex >> hash bucket >> so the lock_ptr needs to be updated accordingly. The problem >> manifested by >> triggering the WARN_ON in lookup_pi_state() about the pid != >> pi_state->owner >> pid. >> The astute reviewer will note that still exists a race between the time >> futex_requeue() releases hb2->lock() and the time when >> futex_wait_requeue_pi() >> acquires it. During this time the pi_state and the futex uaddr are >> not in sync >> with the rt_mutex ownership. This patch closes the window to the >> point where >> my tests now pass, but we still need to address it. >> >> Note: Please apply to mainline and rt >> > > >> static inline >> -void requeue_pi_wake_futex(struct futex_q *q, union futex_key *key) >> +void requeue_pi_wake_futex(struct futex_q *q, union futex_key *key, >> + struct futex_hash_bucket *hb) >> { >> drop_futex_key_refs(&q->key); >> get_futex_key_refs(key); >> q->key = *key; >> + q->lock_ptr = &hb->lock; > > Hrm... turns out changing this breaks the > handle_early_requeue_pi_wakeup() logic. I'll have to respin this patch > to account for that as well. Please hold off on this patch. In fact, this doesn't affect the handle_early_requeue_pi_wakeup() code in the slightest. It only needs to hold a hb->lock (either one is adequate) to ensure the requeue routine has completed. By changing the q->lock_ptr of the waiter to hb2->lock we ensure the pi_state is protected from concurrent access by futex_wait_requeue_pi() and new contending threads. Ingo, please apply to tip/urgent. Thanks, -- Darren Hart IBM Linux Technology Center Real-Time Linux Team