From: Darren Hart <darren@dvhart.com>
To: Thomas Gleixner <tglx@linutronix.de>
Cc: LKML <linux-kernel@vger.kernel.org>,
Peter Zijlstra <peterz@infradead.org>,
Ingo Molnar <mingo@kernel.org>,
Davidlohr Bueso <davidlohr@hp.com>, Kees Cook <kees@outflux.net>,
wad@chromium.org
Subject: Re: [patch 2/5] futex: Use futex_top_waiter() in lookup_pi_state()
Date: Mon, 16 Jun 2014 09:51:25 -0700 [thread overview]
Message-ID: <1402937485.15603.21.camel@rage> (raw)
In-Reply-To: <20140611204237.092947239@linutronix.de>
On Wed, 2014-06-11 at 20:45 +0000, Thomas Gleixner wrote:
> No point in open coding the same function again.
>
> Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
> ---
> kernel/futex.c | 128
> ++++++++++++++++++++++++++++-----------------------------
> 1 file changed, 63 insertions(+), 65 deletions(-)
>
> Index: linux/kernel/futex.c
> ===================================================================
> --- linux.orig/kernel/futex.c
> +++ linux/kernel/futex.c
> @@ -796,87 +796,85 @@ static int
> lookup_pi_state(u32 uval, struct futex_hash_bucket *hb,
> union futex_key *key, struct futex_pi_state **ps)
> {
> + struct futex_q *match = futex_top_waiter(hb, key);
> struct futex_pi_state *pi_state = NULL;
> - struct futex_q *this, *next;
> struct task_struct *p;
> pid_t pid = uval & FUTEX_TID_MASK;
>
> - plist_for_each_entry_safe(this, next, &hb->chain, list) {
> - if (match_futex(&this->key, key)) {
> + if (match) {
> + /*
> + * Sanity check the waiter before increasing the
> + * refcount and attaching to it.
> + */
> + pi_state = match->pi_state;
> + /*
> + * Userspace might have messed up non-PI and PI
> + * futexes [3]
> + */
> + if (unlikely(!pi_state))
> + return -EINVAL;
> +
> + WARN_ON(!atomic_read(&pi_state->refcount));
> +
> + /*
> + * Handle the owner died case:
> + */
> + if (uval & FUTEX_OWNER_DIED) {
> /*
> - * Sanity check the waiter before increasing
> - * the refcount and attaching to it.
> + * exit_pi_state_list sets owner to NULL and
> + * wakes the topmost waiter. The task which
> + * acquires the pi_state->rt_mutex will fixup
> + * owner.
> */
> - pi_state = this->pi_state;
> - /*
> - * Userspace might have messed up non-PI and
> - * PI futexes [3]
> - */
> - if (unlikely(!pi_state))
> - return -EINVAL;
> -
> - WARN_ON(!atomic_read(&pi_state->refcount));
> -
> - /*
> - * Handle the owner died case:
> - */
> - if (uval & FUTEX_OWNER_DIED) {
> - /*
> - * exit_pi_state_list sets owner to
> NULL and
> - * wakes the topmost waiter. The task
> which
> - * acquires the pi_state->rt_mutex
> will fixup
> - * owner.
> - */
> - if (!pi_state->owner) {
> - /*
> - * No pi state owner, but the
> user
> - * space TID is not 0.
> Inconsistent
> - * state. [5]
> - */
> - if (pid)
> - return -EINVAL;
> - /*
> - * Take a ref on the state and
> - * return. [4]
> - */
> - goto out_state;
> - }
> -
> + if (!pi_state->owner) {
> /*
> - * If TID is 0, then either the dying
> owner
> - * has not yet executed
> exit_pi_state_list()
> - * or some waiter acquired the rtmutex
> in the
> - * pi state, but did not yet fixup the
> TID in
> - * user space.
> - *
> - * Take a ref on the state and return.
> [6]
> + * No pi state owner, but the user
> + * space TID is not 0. Inconsistent
> + * state. [5]
> */
> - if (!pid)
> - goto out_state;
> - } else {
> + if (pid)
> + return -EINVAL;
> /*
> - * If the owner died bit is not set,
> - * then the pi_state must have an
> - * owner. [7]
> + * Take a ref on the state and
> + * return. [4]
> */
> - if (!pi_state->owner)
> - return -EINVAL;
> + goto out_state;
> }
>
> /*
> - * Bail out if user space manipulated the
> - * futex value. If pi state exists then the
> - * owner TID must be the same as the user
> - * space TID. [9/10]
> + * If TID is 0, then either the dying owner
> + * has not yet executed exit_pi_state_list()
> + * or some waiter acquired the rtmutex in the
> + * pi state, but did not yet fixup the TID in
> + * user space.
> + *
> + * Take a ref on the state and return. [6]
> */
> - if (pid != task_pid_vnr(pi_state->owner))
> + if (!pid)
> + goto out_state;
> + } else {
> + /*
> + * If the owner died bit is not set,
> + * then the pi_state must have an
> + * owner. [7]
> + */
> + if (!pi_state->owner)
> return -EINVAL;
> -
> - out_state:
> - atomic_inc(&pi_state->refcount);
> - *ps = pi_state;
> - return 0;
> }
> +
> + /*
> + * Bail out if user space manipulated the
> + * futex value. If pi state exists then the
> + * owner TID must be the same as the user
> + * space TID. [9/10]
> + */
> + if (pid != task_pid_vnr(pi_state->owner))
> + return -EINVAL;
> +
> + out_state:
> + atomic_inc(&pi_state->refcount);
> + *ps = pi_state;
> + return 0;
Surely there is a better tool for viewing such "shift left one tab"
patches that don't make one track three if blocks in parallel in one's
head to ensure they all assemble back to the same thing? What do other
people use? Ouch...
Reviewed-by: Darren Hart <darren@dvhart.com>
--
Darren Hart
Intel Open Source Technology Center
next prev parent reply other threads:[~2014-06-16 16:43 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-06-11 20:45 [patch 0/5] futex: More robustness tweaks Thomas Gleixner
2014-06-11 20:45 ` [patch 1/5] futex: Make unlock_pi more robust Thomas Gleixner
2014-06-16 16:18 ` Darren Hart
2014-06-16 22:15 ` Thomas Gleixner
2014-06-16 22:28 ` Thomas Gleixner
2014-06-16 22:49 ` Darren Hart
2014-06-16 22:39 ` Darren Hart
2014-06-21 20:33 ` [tip:locking/core] " tip-bot for Thomas Gleixner
2014-06-11 20:45 ` [patch 3/5] futex: Split out the waiter check from lookup_pi_state() Thomas Gleixner
2014-06-16 18:12 ` Darren Hart
2014-06-21 20:33 ` [tip:locking/core] " tip-bot for Thomas Gleixner
2014-06-11 20:45 ` [patch 2/5] futex: Use futex_top_waiter() in lookup_pi_state() Thomas Gleixner
2014-06-16 16:51 ` Darren Hart [this message]
2014-06-21 20:33 ` [tip:locking/core] " tip-bot for Thomas Gleixner
2014-06-11 20:45 ` [patch 4/5] futex: Split out the first waiter attachment from lookup_pi_state() Thomas Gleixner
2014-06-16 18:19 ` Darren Hart
2014-06-21 20:33 ` [tip:locking/core] " tip-bot for Thomas Gleixner
2014-06-11 20:45 ` [patch 5/5] futex: Simplify futex_lock_pi_atomic() and make it more robust Thomas Gleixner
2014-06-13 5:46 ` Darren Hart
2014-06-13 8:34 ` Thomas Gleixner
2014-06-13 9:36 ` Thomas Gleixner
2014-06-13 9:44 ` [patch V2 " Thomas Gleixner
2014-06-13 20:51 ` Davidlohr Bueso
2014-06-16 20:36 ` Darren Hart
2014-06-17 7:20 ` Thomas Gleixner
2014-06-21 20:34 ` [tip:locking/core] " tip-bot for Thomas Gleixner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1402937485.15603.21.camel@rage \
--to=darren@dvhart.com \
--cc=davidlohr@hp.com \
--cc=kees@outflux.net \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@kernel.org \
--cc=peterz@infradead.org \
--cc=tglx@linutronix.de \
--cc=wad@chromium.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).