On Wed, Jan 07, 2015 at 02:12:14PM +0200, Jani Nikula wrote: > On Mon, 05 Jan 2015, Daniel Vetter <daniel@xxxxxxxx> wrote: > > On Fri, Jan 02, 2015 at 09:47:10AM +0000, Chris Wilson wrote: > >> If CONFIG_DEBUG_MUTEXES is set, the mutex->owner field is only cleared > >> if the mutex debugging is enabled which introduces a race in our > >> mutex_is_locked_by() - i.e. we may inspect the old owner value before it > >> is acquired by the new task. > >> > >> This is the root cause of this error: > >> > >> diff --git a/kernel/locking/mutex-debug.c b/kernel/locking/mutex-debug.c > >> index 5cf6731..3ef3736 100644 > >> --- a/kernel/locking/mutex-debug.c > >> +++ b/kernel/locking/mutex-debug.c > >> @@ -80,13 +80,13 @@ void debug_mutex_unlock(struct mutex *lock) > >> DEBUG_LOCKS_WARN_ON(lock->owner != current); > >> > >> DEBUG_LOCKS_WARN_ON(!lock->wait_list.prev && !lock->wait_list.next); > >> - mutex_clear_owner(lock); > >> } > >> > >> /* > >> * __mutex_slowpath_needs_to_unlock() is explicitly 0 for debug > >> * mutexes so that we can do it here after we've verified state. > >> */ > >> + mutex_clear_owner(lock); > >> atomic_set(&lock->count, 1); > >> } > >> > >> Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=87955 > >> Signed-off-by: Chris Wilson <chris@xxxxxxxxxxxxxxxxxx> > >> Cc: stable@xxxxxxxxxxxxxxx > > > > Reviewed-by: Daniel Vetter <daniel.vetter@xxxxxxxx> > > Pushed to drm-intel-fixes, thanks for the patch and review. For the record, I plan to post a revert of this to -next if the core fix lands upstream (looks good so far). -Chris -- Chris Wilson, Intel Open Source Technology Centre -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html