From mboxrd@z Thu Jan 1 00:00:00 1970 From: Oleg Nesterov Subject: Re: handle_exit_race && PF_EXITING Date: Thu, 7 Nov 2019 16:51:30 +0100 Message-ID: <20191107155130.GB24042@redhat.com> References: <20191106085529.GA12575@redhat.com> <20191106103509.GB12575@redhat.com> <20191106121111.GC12575@redhat.com> Mime-Version: 1.0 Content-Type: text/plain; charset=WINDOWS-1252 Content-Transfer-Encoding: quoted-printable Return-path: In-Reply-To: Content-Disposition: inline Sender: linux-kernel-owner@vger.kernel.org To: Thomas Gleixner Cc: Florian Weimer , Shawn Landden , libc-alpha@sourceware.org, linux-api@vger.kernel.org, LKML , Arnd Bergmann , Deepa Dinamani , Andrew Morton , Catalin Marinas , Keith Packard , Peter Zijlstra List-Id: linux-api@vger.kernel.org On 11/06, Thomas Gleixner wrote: > > On Wed, 6 Nov 2019, Oleg Nesterov wrote: > > > > I think that (with or without this fix) handle_exit_race() logic needs > > cleanups, there is no reason for get_futex_value_locked(), we can drop > > ->pi_lock right after we see PF_EXITPIDONE. Lets discuss this later. > > Which still is in atomic because the hash bucket lock is held, ergo > get_futex_value_locked() needs to stay for now. Indeed, you are right. > Same explanation as before just not prosa this time: > > exit()=09=09=09=09=09lock_pi(futex2) > exit_pi_state_list() > lock(tsk->pi_lock) > tsk->flags |=3D PF_EXITPIDONE;=09=09 attach_to_pi_owner() > =09=09=09=09=09 ... > // Loop unrolled for clarity > while(!list_empty())=09=09=09 lock(tsk->pi_lock); > cleanup(futex1) > unlock(tsk->pi_lock) ^^^^^^^^^^^^^^^^^^^^ Ah! Thanks. Hmm. In particular, exit_pi_state() drops pi_lock if refcount_inc_not_zero(= ) fails. Isn't this another potential source of livelock ? Suppose that a realtime lock owner X sleeps somewhere, another task T calls put_pi_state(), refcount_dec_and_test() succeeds. What if, say, X is killed right after that and preempts T on the same CPU? Oleg.