From: Jeremy Kerr <jk@ozlabs.org>
To: <linuxppc-dev@ozlabs.org>
Subject: [PATCH 05/25] spufs: fix race condition on gang->aff_ref_spu
Date: Fri, 14 Sep 2007 16:32:54 +1000 [thread overview]
Message-ID: <1189751574.100972.716660077844.5.gpush@pokey> (raw)
In-Reply-To: <1189751574.98527.127994196313.1.gpush@pokey>
From: Andre Detsch <adetsch@br.ibm.com>
Affinity reference point location (gang->aff_ref_spu) is reset
when the whole gang is descheduled. However, the last member of
a gang can be descheduled while we are trying to schedule another
member of the gang. This was leading to a race condition, and
the code was using gang->aff_ref_spu in an unsafe manner.
By holding the gang->aff_mutex a little bit longer, and increment
gang->aff_sched_count (which controls when gang->aff_ref_spu
should be reset) a little bit earlier, the problem is fixed.
Signed-off-by: Andre Detsch <adetsch@br.ibm.com>
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
---
arch/powerpc/platforms/cell/spufs/sched.c | 49 +++++++++++++++++++-----------
1 file changed, 32 insertions(+), 17 deletions(-)
diff --git a/arch/powerpc/platforms/cell/spufs/sched.c b/arch/powerpc/platforms/cell/spufs/sched.c
index c784edd..17806e0 100644
--- a/arch/powerpc/platforms/cell/spufs/sched.c
+++ b/arch/powerpc/platforms/cell/spufs/sched.c
@@ -230,8 +230,6 @@ static void spu_bind_context(struct spu *spu, struct spu_context *ctx)
if (ctx->flags & SPU_CREATE_NOSCHED)
atomic_inc(&cbe_spu_info[spu->node].reserved_spus);
- if (!list_empty(&ctx->aff_list))
- atomic_inc(&ctx->gang->aff_sched_count);
ctx->stats.slb_flt_base = spu->stats.slb_flt;
ctx->stats.class2_intr_base = spu->stats.class2_intr;
@@ -392,7 +390,6 @@ static int has_affinity(struct spu_context *ctx)
if (list_empty(&ctx->aff_list))
return 0;
- mutex_lock(&gang->aff_mutex);
if (!gang->aff_ref_spu) {
if (!(gang->aff_flags & AFF_MERGED))
aff_merge_remaining_ctxs(gang);
@@ -400,7 +397,6 @@ static int has_affinity(struct spu_context *ctx)
aff_set_offsets(gang);
aff_set_ref_point_location(gang);
}
- mutex_unlock(&gang->aff_mutex);
return gang->aff_ref_spu != NULL;
}
@@ -418,9 +414,16 @@ static void spu_unbind_context(struct spu *spu, struct spu_context *ctx)
if (spu->ctx->flags & SPU_CREATE_NOSCHED)
atomic_dec(&cbe_spu_info[spu->node].reserved_spus);
- if (!list_empty(&ctx->aff_list))
- if (atomic_dec_and_test(&ctx->gang->aff_sched_count))
- ctx->gang->aff_ref_spu = NULL;
+
+ if (ctx->gang){
+ mutex_lock(&ctx->gang->aff_mutex);
+ if (has_affinity(ctx)) {
+ if (atomic_dec_and_test(&ctx->gang->aff_sched_count))
+ ctx->gang->aff_ref_spu = NULL;
+ }
+ mutex_unlock(&ctx->gang->aff_mutex);
+ }
+
spu_switch_notify(spu, NULL);
spu_unmap_mappings(ctx);
spu_save(&ctx->csa, spu);
@@ -511,20 +514,32 @@ static void spu_prio_wait(struct spu_context *ctx)
static struct spu *spu_get_idle(struct spu_context *ctx)
{
- struct spu *spu;
+ struct spu *spu, *aff_ref_spu;
int node, n;
- if (has_affinity(ctx)) {
- node = ctx->gang->aff_ref_spu->node;
+ if (ctx->gang) {
+ mutex_lock(&ctx->gang->aff_mutex);
+ if (has_affinity(ctx)) {
+ aff_ref_spu = ctx->gang->aff_ref_spu;
+ atomic_inc(&ctx->gang->aff_sched_count);
+ mutex_unlock(&ctx->gang->aff_mutex);
+ node = aff_ref_spu->node;
- mutex_lock(&cbe_spu_info[node].list_mutex);
- spu = ctx_location(ctx->gang->aff_ref_spu, ctx->aff_offset, node);
- if (spu && spu->alloc_state == SPU_FREE)
- goto found;
- mutex_unlock(&cbe_spu_info[node].list_mutex);
- return NULL;
- }
+ mutex_lock(&cbe_spu_info[node].list_mutex);
+ spu = ctx_location(aff_ref_spu, ctx->aff_offset, node);
+ if (spu && spu->alloc_state == SPU_FREE)
+ goto found;
+ mutex_unlock(&cbe_spu_info[node].list_mutex);
+ mutex_lock(&ctx->gang->aff_mutex);
+ if (atomic_dec_and_test(&ctx->gang->aff_sched_count))
+ ctx->gang->aff_ref_spu = NULL;
+ mutex_unlock(&ctx->gang->aff_mutex);
+
+ return NULL;
+ }
+ mutex_unlock(&ctx->gang->aff_mutex);
+ }
node = cpu_to_node(raw_smp_processor_id());
for (n = 0; n < MAX_NUMNODES; n++, node++) {
node = (node < MAX_NUMNODES) ? node : 0;
next prev parent reply other threads:[~2007-09-14 6:32 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-09-14 6:32 [PATCH 01/25] spufs: staticify file-internal functions & variables Jeremy Kerr
2007-09-14 6:32 ` [PATCH 25/25] spufs: Add DEFINE_SPUFS_ATTRIBUTE() Jeremy Kerr
2007-09-14 6:32 ` [PATCH 04/25] spufs: make isolated loader properly aligned Jeremy Kerr
2007-09-14 6:32 ` [PATCH 13/25] spufs: Call spu_acquire_saved() before calculating the SPU note sizes Jeremy Kerr
2007-09-14 6:32 ` [PATCH 22/25] spufs: Cleanup ELF coredump extra notes logic Jeremy Kerr
2007-09-14 6:32 ` [PATCH 07/25] spufs: remove asmlinkage from spufs_calls Jeremy Kerr
2007-09-14 6:32 ` [PATCH 12/25] spufs: Remove ctx_info and ctx_info_list Jeremy Kerr
2007-09-14 6:32 ` [PATCH 21/25] spufs: Combine spufs_coredump_calls with spufs_calls Jeremy Kerr
2007-09-14 6:32 ` [PATCH 11/25] spufs: Extract the file descriptor search logic in SPU coredump code Jeremy Kerr
2007-09-14 6:32 ` [PATCH 17/25] spufs: Don't return -ENOSYS as extra notes size if spufs is not loaded Jeremy Kerr
2007-09-14 6:32 ` [PATCH 15/25] spufs: Write some SPU coredump values as ASCII Jeremy Kerr
2007-09-14 6:32 ` [PATCH 23/25] spufs: Handle errors in SPU coredump code, and support coredump to a pipe Jeremy Kerr
2007-09-14 6:32 ` [PATCH 20/25] spufs: Add contents of npc file to SPU coredumps Jeremy Kerr
2007-09-14 6:32 ` [PATCH 09/25] cell: remove DEBUG for spu callbacks Jeremy Kerr
2007-09-14 7:43 ` Christoph Hellwig
2007-09-14 6:32 ` [PATCH 18/25] spufs: Get rid of spufs_coredump_num_notes, it's not needed if we NULL terminate Jeremy Kerr
2007-09-14 6:32 ` [PATCH 06/25] cell: unify spufs syscall path Jeremy Kerr
2007-09-14 6:32 ` [PATCH 16/25] spufs: Correctly calculate the size of the local-store to dump Jeremy Kerr
2007-09-14 6:32 ` [PATCH 02/25] spufs: remove asmlinkage from do_spu_create Jeremy Kerr
2007-09-14 7:44 ` Christoph Hellwig
2007-09-14 6:32 ` [PATCH 03/25] spufs: remove spu_harvest Jeremy Kerr
2007-09-14 6:32 ` [PATCH 19/25] spufs: Internal __spufs_get_foo() routines should take a spu_context * Jeremy Kerr
2007-09-14 7:43 ` Christoph Hellwig
2007-09-14 6:32 ` [PATCH 14/25] spufs: Use computed sizes/#defines rather than literals in SPU coredump code Jeremy Kerr
2007-09-14 6:32 ` Jeremy Kerr [this message]
2007-09-14 6:32 ` [PATCH 10/25] spusched: fix null pointer dereference in find_victim Jeremy Kerr
2007-09-14 7:44 ` Christoph Hellwig
2007-09-20 0:13 ` Jeremy Kerr
2007-09-14 6:32 ` [PATCH 24/25] spufs: Respect RLIMIT_CORE in spu coredump code Jeremy Kerr
2007-09-14 6:32 ` [PATCH 08/25] Fix restore_decr_wrapped() to match CBE Handbook Jeremy Kerr
2007-09-14 7:42 ` [PATCH 01/25] spufs: staticify file-internal functions & variables Christoph Hellwig
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1189751574.100972.716660077844.5.gpush@pokey \
--to=jk@ozlabs.org \
--cc=linuxppc-dev@ozlabs.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox