On Tue, Apr 30, 2019 at 01:53:33PM +0200, Oleg Nesterov wrote: > On 04/29, Joel Fernandes wrote: > > > > On Mon, Apr 29, 2019 at 04:20:30PM +0200, Oleg Nesterov wrote: > > > On 04/29, Joel Fernandes wrote: > > > > > > > > However, in your code above, it is avoided because we get: > > > > > > > > Task A (poller) Task B (exiting task being polled) > > > > ------------ ---------------- > > > > poll() called > > > > add_wait_queue() > > > > exit_state is set to non-zero > > > > read exit_state > > > > remove_wait_queue() > > > > wake_up_all() > > > > > > just to clarify... No, sys_poll() path doesn't do remove_wait_queue() until > > > it returns to user mode, and that is why we can't race with set-exit_code + > > > wake_up(). > > > > I didn't follow what you mean, the removal from the waitqueue happens in > > free_poll_entry() called from poll_freewait() which happens from > > do_sys_poll() which is before the syscall returns to user mode. Could you > > explain more? > > Hmm. I do not really understand the question... Sure, do_sys_poll() does > poll_freewait() before sysret or even before return from syscall, but why > does this matter? This is the exit path, it frees the memory, does fput(), > etc, f_op->poll() won't be call after that. Ok, we are on the same page on this. > > > pidfd_poll() can race with the exiting task, miss exit_code != 0, and return > > > zero. However, do_poll() won't block after that and pidfd_poll() will be called > > > again. > > > > Here also I didn't follow what you mean. If exit_code is read as 0 in > > pidfd_poll(), then in do_poll() the count will be 0 and it will block in > > poll_schedule_timeout(). Right? > > No. Please note the pwq->triggered check and please read __pollwake(). > > But if you want to understand this you can forget about poll/select. It is > a bit complicated, in particular because it has to do set_current_state() > right before schedule() and thus it plays games with pwq->triggered. But in > essence this doesn't differ too much from the plain wait_event-like code > (although you can also look at wait_woken/woken_wake_function). > > If remove_wait_queue() could happem before wake_up_all() (like in your pseudo- > code above), then pidfd_poll() or any other ->poll() method could miss _both_ > the condition and wakeup. But sys_poll() doesn't do this, so it is fine to miss > the condition and rely on wake_up_all() which ensures we won't block and the > next iteration must see condition == T. Agreed. In my pseudo-code above, I meant removal from waitqueue only once we are not going to be blocking in poll and returning to userspace. I may have messed the sequence of events, but my point was to show the race I had in mind (missing a wake up due to adding to the waitqueue too late inside pidfd_poll()). Anyway, I will repost with your suggested change and send it soon. Thanks for the discussions. thanks, - Joel