On Fri, Mar 08, 2019 at 01:10:09PM -0800, Zubin Mithra wrote: > From: Peter Zijlstra <peterz@xxxxxxxxxxxxx> > > commit 38d589f2fd08f1296aea3ce62bebd185125c6d81 upstream > > With the ultimate goal of keeping rt_mutex wait_list and futex_q waiters > consistent it's necessary to split 'rt_mutex_futex_lock()' into finer > parts, such that only the actual blocking can be done without hb->lock > held. > > Split split_mutex_finish_proxy_lock() into two parts, one that does the > blocking and one that does remove_waiter() when the lock acquire failed. > > When the rtmutex was acquired successfully the waiter can be removed in the > acquisiton path safely, since there is no concurrency on the lock owner. > > This means that, except for futex_lock_pi(), all wait_list modifications > are done with both hb->lock and wait_lock held. > > [bigeasy@xxxxxxxxxxxxx: fix for futex_requeue_pi_signal_restart] > > Signed-off-by: Peter Zijlstra (Intel) <peterz@xxxxxxxxxxxxx> > Cc: juri.lelli@xxxxxxx > Cc: bigeasy@xxxxxxxxxxxxx > Cc: xlpang@xxxxxxxxxx > Cc: rostedt@xxxxxxxxxxx > Cc: mathieu.desnoyers@xxxxxxxxxxxx > Cc: jdesfossez@xxxxxxxxxxxx > Cc: dvhart@xxxxxxxxxxxxx > Cc: bristot@xxxxxxxxxx > Link: http://lkml.kernel.org/r/20170322104152.001659630@xxxxxxxxxxxxx > Signed-off-by: Thomas Gleixner <tglx@xxxxxxxxxxxxx> > Signed-off-by: Zubin Mithra <zsm@xxxxxxxxxxxx> > --- > Syzkaller reported a GPF in rt_mutex_top_waiter when fuzzing a 4.4 > kernel. The corresponding call trace is below: Now queued up, thanks. greg k-h
