Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
Merge branch 'core-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip
* 'core-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip:
futex: Add memory barrier commentary to futex_wait_queue_me()
futex: Fix wakeup race by setting TASK_INTERRUPTIBLE before queue_me()
futex: Correct futex_q woken state commentary
futex: Make function kernel-doc commentary consistent
futex: Correct queue_me and unqueue_me commentary
futex: Correct futex_wait_requeue_pi() commentary
+76
-61
+76
-61
kernel/futex.c
+76
-61
kernel/futex.c
···
89
89
union futex_key key;
90
90
};
91
91
92
-
/*
93
-
* We use this hashed waitqueue instead of a normal wait_queue_t, so
92
+
/**
93
+
* struct futex_q - The hashed futex queue entry, one per waiting task
94
+
* @task: the task waiting on the futex
95
+
* @lock_ptr: the hash bucket lock
96
+
* @key: the key the futex is hashed on
97
+
* @pi_state: optional priority inheritance state
98
+
* @rt_waiter: rt_waiter storage for use with requeue_pi
99
+
* @requeue_pi_key: the requeue_pi target futex key
100
+
* @bitset: bitset for the optional bitmasked wakeup
101
+
*
102
+
* We use this hashed waitqueue, instead of a normal wait_queue_t, so
94
103
* we can wake only the relevant ones (hashed queues may be shared).
95
104
*
96
105
* A futex_q has a woken state, just like tasks have TASK_RUNNING.
97
106
* It is considered woken when plist_node_empty(&q->list) || q->lock_ptr == 0.
98
107
* The order of wakup is always to make the first condition true, then
99
-
* wake up q->waiter, then make the second condition true.
108
+
* the second.
109
+
*
110
+
* PI futexes are typically woken before they are removed from the hash list via
111
+
* the rt_mutex code. See unqueue_me_pi().
100
112
*/
101
113
struct futex_q {
102
114
struct plist_node list;
103
-
/* Waiter reference */
115
+
104
116
struct task_struct *task;
105
-
106
-
/* Which hash list lock to use: */
107
117
spinlock_t *lock_ptr;
108
-
109
-
/* Key which the futex is hashed on: */
110
118
union futex_key key;
111
-
112
-
/* Optional priority inheritance state: */
113
119
struct futex_pi_state *pi_state;
114
-
115
-
/* rt_waiter storage for requeue_pi: */
116
120
struct rt_mutex_waiter *rt_waiter;
117
-
118
-
/* The expected requeue pi target futex key: */
119
121
union futex_key *requeue_pi_key;
120
-
121
-
/* Bitset for the optional bitmasked wakeup */
122
122
u32 bitset;
123
123
};
124
124
···
198
198
}
199
199
200
200
/**
201
-
* get_futex_key - Get parameters which are the keys for a futex.
202
-
* @uaddr: virtual address of the futex
203
-
* @fshared: 0 for a PROCESS_PRIVATE futex, 1 for PROCESS_SHARED
204
-
* @key: address where result is stored.
205
-
* @rw: mapping needs to be read/write (values: VERIFY_READ, VERIFY_WRITE)
201
+
* get_futex_key() - Get parameters which are the keys for a futex
202
+
* @uaddr: virtual address of the futex
203
+
* @fshared: 0 for a PROCESS_PRIVATE futex, 1 for PROCESS_SHARED
204
+
* @key: address where result is stored.
205
+
* @rw: mapping needs to be read/write (values: VERIFY_READ,
206
+
* VERIFY_WRITE)
206
207
*
207
208
* Returns a negative error code or 0
208
209
* The key words are stored in *key on success.
···
289
288
drop_futex_key_refs(key);
290
289
}
291
290
292
-
/*
293
-
* fault_in_user_writeable - fault in user address and verify RW access
291
+
/**
292
+
* fault_in_user_writeable() - Fault in user address and verify RW access
294
293
* @uaddr: pointer to faulting user space address
295
294
*
296
295
* Slow path to fixup the fault we just took in the atomic write
···
310
309
311
310
/**
312
311
* futex_top_waiter() - Return the highest priority waiter on a futex
313
-
* @hb: the hash bucket the futex_q's reside in
314
-
* @key: the futex key (to distinguish it from other futex futex_q's)
312
+
* @hb: the hash bucket the futex_q's reside in
313
+
* @key: the futex key (to distinguish it from other futex futex_q's)
315
314
*
316
315
* Must be called with the hb lock held.
317
316
*/
···
589
588
}
590
589
591
590
/**
592
-
* futex_lock_pi_atomic() - atomic work required to acquire a pi aware futex
591
+
* futex_lock_pi_atomic() - Atomic work required to acquire a pi aware futex
593
592
* @uaddr: the pi futex user address
594
593
* @hb: the pi futex hash bucket
595
594
* @key: the futex key associated with uaddr and hb
···
1012
1011
1013
1012
/**
1014
1013
* requeue_pi_wake_futex() - Wake a task that acquired the lock during requeue
1015
-
* q: the futex_q
1016
-
* key: the key of the requeue target futex
1017
-
* hb: the hash_bucket of the requeue target futex
1014
+
* @q: the futex_q
1015
+
* @key: the key of the requeue target futex
1016
+
* @hb: the hash_bucket of the requeue target futex
1018
1017
*
1019
1018
* During futex_requeue, with requeue_pi=1, it is possible to acquire the
1020
1019
* target futex if it is uncontended or via a lock steal. Set the futex_q key
···
1351
1350
return hb;
1352
1351
}
1353
1352
1353
+
static inline void
1354
+
queue_unlock(struct futex_q *q, struct futex_hash_bucket *hb)
1355
+
{
1356
+
spin_unlock(&hb->lock);
1357
+
drop_futex_key_refs(&q->key);
1358
+
}
1359
+
1360
+
/**
1361
+
* queue_me() - Enqueue the futex_q on the futex_hash_bucket
1362
+
* @q: The futex_q to enqueue
1363
+
* @hb: The destination hash bucket
1364
+
*
1365
+
* The hb->lock must be held by the caller, and is released here. A call to
1366
+
* queue_me() is typically paired with exactly one call to unqueue_me(). The
1367
+
* exceptions involve the PI related operations, which may use unqueue_me_pi()
1368
+
* or nothing if the unqueue is done as part of the wake process and the unqueue
1369
+
* state is implicit in the state of woken task (see futex_wait_requeue_pi() for
1370
+
* an example).
1371
+
*/
1354
1372
static inline void queue_me(struct futex_q *q, struct futex_hash_bucket *hb)
1355
1373
{
1356
1374
int prio;
···
1393
1373
spin_unlock(&hb->lock);
1394
1374
}
1395
1375
1396
-
static inline void
1397
-
queue_unlock(struct futex_q *q, struct futex_hash_bucket *hb)
1398
-
{
1399
-
spin_unlock(&hb->lock);
1400
-
drop_futex_key_refs(&q->key);
1401
-
}
1402
-
1403
-
/*
1404
-
* queue_me and unqueue_me must be called as a pair, each
1405
-
* exactly once. They are called with the hashed spinlock held.
1376
+
/**
1377
+
* unqueue_me() - Remove the futex_q from its futex_hash_bucket
1378
+
* @q: The futex_q to unqueue
1379
+
*
1380
+
* The q->lock_ptr must not be held by the caller. A call to unqueue_me() must
1381
+
* be paired with exactly one earlier call to queue_me().
1382
+
*
1383
+
* Returns:
1384
+
* 1 - if the futex_q was still queued (and we removed unqueued it)
1385
+
* 0 - if the futex_q was already removed by the waking thread
1406
1386
*/
1407
-
1408
-
/* Return 1 if we were still queued (ie. 0 means we were woken) */
1409
1387
static int unqueue_me(struct futex_q *q)
1410
1388
{
1411
1389
spinlock_t *lock_ptr;
···
1656
1638
static void futex_wait_queue_me(struct futex_hash_bucket *hb, struct futex_q *q,
1657
1639
struct hrtimer_sleeper *timeout)
1658
1640
{
1659
-
queue_me(q, hb);
1660
-
1661
1641
/*
1662
-
* There might have been scheduling since the queue_me(), as we
1663
-
* cannot hold a spinlock across the get_user() in case it
1664
-
* faults, and we cannot just set TASK_INTERRUPTIBLE state when
1665
-
* queueing ourselves into the futex hash. This code thus has to
1666
-
* rely on the futex_wake() code removing us from hash when it
1667
-
* wakes us up.
1642
+
* The task state is guaranteed to be set before another task can
1643
+
* wake it. set_current_state() is implemented using set_mb() and
1644
+
* queue_me() calls spin_unlock() upon completion, both serializing
1645
+
* access to the hash list and forcing another memory barrier.
1668
1646
*/
1669
1647
set_current_state(TASK_INTERRUPTIBLE);
1648
+
queue_me(q, hb);
1670
1649
1671
1650
/* Arm the timer */
1672
1651
if (timeout) {
···
1673
1658
}
1674
1659
1675
1660
/*
1676
-
* !plist_node_empty() is safe here without any lock.
1677
-
* q.lock_ptr != 0 is not safe, because of ordering against wakeup.
1661
+
* If we have been removed from the hash list, then another task
1662
+
* has tried to wake us, and we can skip the call to schedule().
1678
1663
*/
1679
1664
if (likely(!plist_node_empty(&q->list))) {
1680
1665
/*
···
2129
2114
2130
2115
/**
2131
2116
* futex_wait_requeue_pi() - Wait on uaddr and take uaddr2
2132
-
* @uaddr: the futex we initialyl wait on (non-pi)
2117
+
* @uaddr: the futex we initially wait on (non-pi)
2133
2118
* @fshared: whether the futexes are shared (1) or not (0). They must be
2134
2119
* the same type, no requeueing from private to shared, etc.
2135
2120
* @val: the expected value of uaddr
2136
2121
* @abs_time: absolute timeout
2137
-
* @bitset: 32 bit wakeup bitset set by userspace, defaults to all.
2122
+
* @bitset: 32 bit wakeup bitset set by userspace, defaults to all
2138
2123
* @clockrt: whether to use CLOCK_REALTIME (1) or CLOCK_MONOTONIC (0)
2139
2124
* @uaddr2: the pi futex we will take prior to returning to user-space
2140
2125
*
···
2261
2246
res = fixup_owner(uaddr2, fshared, &q, !ret);
2262
2247
/*
2263
2248
* If fixup_owner() returned an error, proprogate that. If it
2264
-
* acquired the lock, clear our -ETIMEDOUT or -EINTR.
2249
+
* acquired the lock, clear -ETIMEDOUT or -EINTR.
2265
2250
*/
2266
2251
if (res)
2267
2252
ret = (res < 0) ? res : 0;
···
2317
2302
*/
2318
2303
2319
2304
/**
2320
-
* sys_set_robust_list - set the robust-futex list head of a task
2321
-
* @head: pointer to the list-head
2322
-
* @len: length of the list-head, as userspace expects
2305
+
* sys_set_robust_list() - Set the robust-futex list head of a task
2306
+
* @head: pointer to the list-head
2307
+
* @len: length of the list-head, as userspace expects
2323
2308
*/
2324
2309
SYSCALL_DEFINE2(set_robust_list, struct robust_list_head __user *, head,
2325
2310
size_t, len)
···
2338
2323
}
2339
2324
2340
2325
/**
2341
-
* sys_get_robust_list - get the robust-futex list head of a task
2342
-
* @pid: pid of the process [zero for current task]
2343
-
* @head_ptr: pointer to a list-head pointer, the kernel fills it in
2344
-
* @len_ptr: pointer to a length field, the kernel fills in the header size
2326
+
* sys_get_robust_list() - Get the robust-futex list head of a task
2327
+
* @pid: pid of the process [zero for current task]
2328
+
* @head_ptr: pointer to a list-head pointer, the kernel fills it in
2329
+
* @len_ptr: pointer to a length field, the kernel fills in the header size
2345
2330
*/
2346
2331
SYSCALL_DEFINE3(get_robust_list, int, pid,
2347
2332
struct robust_list_head __user * __user *, head_ptr,