Darren Hart wrote:
Darren Hart wrote:
futex_requeue() can acquire the lock on behalf of a waiter during the
requeue
loop in the event of a lock steal or owner died.
futex_wait_requeue_pi() cleans
up the pi_state owner, using the lock_ptr to protect against
concurrent access
to the pi_state. The pi_state is found on the requeue target futex
hash bucket
so the lock_ptr needs to be updated accordingly. The problem
manifested by
triggering the WARN_ON in lookup_pi_state() about the pid !=
pi_state->owner
pid.
The astute reviewer will note that still exists a race between the time
futex_requeue() releases hb2->lock() and the time when
futex_wait_requeue_pi()
acquires it. During this time the pi_state and the futex uaddr are
not in sync
with the rt_mutex ownership. This patch closes the window to the
point where
my tests now pass, but we still need to address it.
Note: Please apply to mainline and rt
static inline
-void requeue_pi_wake_futex(struct futex_q *q, union futex_key *key)
+void requeue_pi_wake_futex(struct futex_q *q, union futex_key *key,
+ struct futex_hash_bucket *hb)
{
drop_futex_key_refs(&q->key);
get_futex_key_refs(key);
q->key = *key;
+ q->lock_ptr = &hb->lock;
Hrm... turns out changing this breaks the
handle_early_requeue_pi_wakeup() logic. I'll have to respin this patch
to account for that as well. Please hold off on this patch.
In fact, this doesn't affect the handle_early_requeue_pi_wakeup() code
in the slightest. It only needs to hold a hb->lock (either one is
adequate) to ensure the requeue routine has completed. By changing the
q->lock_ptr of the waiter to hb2->lock we ensure the pi_state is
protected from concurrent access by futex_wait_requeue_pi() and new
contending threads.
Ingo, please apply to tip/urgent.
Thanks,
--
Darren Hart
IBM Linux Technology Center
Real-Time Linux Team
--
To unsubscribe from this list: send the line "unsubscribe linux-rt-users" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
