From: Peter Zijlstra <peterz@infradead.org>
To: Thomas Gleixner <tglx@linutronix.de>
Cc: mingo@kernel.org, juri.lelli@arm.com, rostedt@goodmis.org,
xlpang@redhat.com, bigeasy@linutronix.de,
linux-kernel@vger.kernel.org, mathieu.desnoyers@efficios.com,
jdesfossez@efficios.com, bristot@redhat.com
Subject: Re: [RFC][PATCH 4/4] futex: Rewrite FUTEX_UNLOCK_PI
Date: Sat, 8 Oct 2016 18:55:40 +0200 [thread overview]
Message-ID: <20161008165540.GI3568@worktop.programming.kicks-ass.net> (raw)
In-Reply-To: <alpine.DEB.2.20.1610081726270.5222@nanos>
On Sat, Oct 08, 2016 at 05:53:49PM +0200, Thomas Gleixner wrote:
> On Fri, 7 Oct 2016, Peter Zijlstra wrote:
> > Solve all that by:
> >
> > - using futex specific rt_mutex calls that lack the fastpath, futexes
> > have their own fastpath anyway. This makes that
> > rt_mutex_futex_unlock() doesn't need to drop rt_mutex::wait_lock
> > and the unlock is guaranteed if we manage to update user state.
> >
> > - make futex_unlock_pi() drop hb->lock early and only use
> > rt_mutex::wait_lock to serialize against rt_mutex waiters
> > update the futex value and unlock.
> >
> > - in case futex and rt_mutex disagree on waiters, side with rt_mutex
> > and simply clear the user value. This works because either there
> > really are no waiters left, or futex_lock_pi() triggers the
> > lock-steal path and fixes up the WAITERS flag.
>
> I stared at this for a few hours and while I'm not yet done analyzing all
> possible combinations I found at least one thing which is broken:
>
> CPU 0 CPU 1
>
> unlock_pi(f)
> ....
> unlock(hb->lock)
> *f = new_owner_tid | WAITERS;
>
> lock_pi(f)
> lock(hb->lock)
> uval = *f;
> topwaiter = futex_top_waiter();
> attach_to_pi_state(uval, topwaiter->pistate);
> pid = uval & TID_MASK;
> if (pid != task_pid_vnr(pistate->owner))
> return -EINVAL;
> ....
> pistate->owner = newowner;
>
> So in this case we tell the caller on CPU 1 that the futex is in
> inconsistent state, because pistate->owner still points to the unlocking
> task while the user space value alread shows the new owner. So this sanity
> check triggers and we simply fail while we should not. It's [10] in the
> state matrix above attach_to_pi_state().
Urgh, yes. I think I can cure that, by taking
pi_state->pi_mutex.wait_lock in attach_to_pi_state(), but blergh.
> I suspect that there are more issues like this, especially since I did not
> look at requeue_pi yet, but by now my brain is completely fried.
Yes, I know about fried brains :-( This stuff has far too many moving
parts. I've been staring at this stuff far too long.
Also, we need better tools to stress this stuff.
next prev parent reply other threads:[~2016-10-08 16:56 UTC|newest]
Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-10-03 9:12 [RFC][PATCH 0/4] FUTEX_UNLOCK_PI wobbles Peter Zijlstra
2016-10-03 9:12 ` [RFC][PATCH 1/4] futex: Cleanup variable names for futex_top_waiter() Peter Zijlstra
2016-10-03 14:15 ` Steven Rostedt
2016-10-05 3:58 ` Davidlohr Bueso
2016-10-03 9:12 ` [RFC][PATCH 2/4] futex: Use smp_store_release() in mark_wake_futex() Peter Zijlstra
2016-10-03 14:19 ` Steven Rostedt
2016-10-05 3:57 ` Davidlohr Bueso
2016-10-05 6:20 ` Peter Zijlstra
2016-10-03 9:12 ` [RFC][PATCH 3/4] futex: Remove rt_mutex_deadlock_account_*() Peter Zijlstra
2016-10-03 9:34 ` Peter Zijlstra
2016-10-03 14:25 ` Steven Rostedt
2016-10-05 1:08 ` Davidlohr Bueso
2016-10-05 7:29 ` Sebastian Andrzej Siewior
2016-10-03 9:12 ` [RFC][PATCH 4/4] futex: Rewrite FUTEX_UNLOCK_PI Peter Zijlstra
2016-10-03 15:36 ` Steven Rostedt
2016-10-03 15:44 ` Peter Zijlstra
2016-10-03 15:45 ` Peter Zijlstra
2016-10-03 16:23 ` Steven Rostedt
2016-10-05 7:41 ` Sebastian Andrzej Siewior
2016-10-05 8:09 ` Peter Zijlstra
2016-10-05 8:21 ` Sebastian Andrzej Siewior
2016-10-05 8:32 ` Peter Zijlstra
2016-10-06 10:29 ` Peter Zijlstra
2016-10-07 11:21 ` Peter Zijlstra
2016-10-08 15:53 ` Thomas Gleixner
2016-10-08 16:55 ` Peter Zijlstra [this message]
2016-10-08 17:06 ` Thomas Gleixner
2016-10-10 10:17 ` Thomas Gleixner
2016-10-10 11:40 ` Peter Zijlstra
2016-10-21 12:27 ` Peter Zijlstra
2016-10-27 20:36 ` Thomas Gleixner
2016-11-23 19:20 ` Peter Zijlstra
2016-11-24 16:52 ` Peter Zijlstra
2016-11-24 17:56 ` Thomas Gleixner
2016-11-24 18:58 ` Peter Zijlstra
2016-11-25 9:23 ` Peter Zijlstra
2016-11-25 10:03 ` Peter Zijlstra
2016-11-25 19:13 ` Thomas Gleixner
2016-11-25 14:09 ` Peter Zijlstra
2016-10-08 18:22 ` Thomas Gleixner
2016-10-09 11:17 ` Thomas Gleixner
2016-10-10 14:06 ` Peter Zijlstra
2016-10-05 1:02 ` [RFC][PATCH 0/4] FUTEX_UNLOCK_PI wobbles Davidlohr Bueso
2016-10-05 6:20 ` Peter Zijlstra
2016-10-05 7:26 ` Sebastian Andrzej Siewior
2016-10-05 16:04 ` Davidlohr Bueso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20161008165540.GI3568@worktop.programming.kicks-ass.net \
--to=peterz@infradead.org \
--cc=bigeasy@linutronix.de \
--cc=bristot@redhat.com \
--cc=jdesfossez@efficios.com \
--cc=juri.lelli@arm.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mathieu.desnoyers@efficios.com \
--cc=mingo@kernel.org \
--cc=rostedt@goodmis.org \
--cc=tglx@linutronix.de \
--cc=xlpang@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.