From: "Xu, Yanfei" <yanfei.xu@windriver.com>
To: Peter Zijlstra <peterz@infradead.org>,
mingo@redhat.com, longman@redhat.com, boqun.feng@gmail.com,
will@kernel.org
Cc: linux-kernel@vger.kernel.org
Subject: Re: [RFC][PATCH 1/4] locking/mutex: Use try_cmpxchg()
Date: Mon, 5 Jul 2021 19:59:12 +0800 [thread overview]
Message-ID: <cac55711-585a-4e08-3b5e-a6890e2f548d@windriver.com> (raw)
In-Reply-To: <20210630154114.834438545@infradead.org>
On 6/30/21 11:35 PM, Peter Zijlstra wrote:
> For simpler and better code.
>
> Signed-off-by: Peter Zijlstra (Intel)<peterz@infradead.org>
> ---
> kernel/locking/mutex.c | 27 ++++++---------------------
> 1 file changed, 6 insertions(+), 21 deletions(-)
Hi Peter,
I read the mutex codes today, and find there seems something wrong for
the patch. Should we consider the race condition as blow?
From 4035f50c96e17cbe3febab768b64da5c000e5b76 Mon Sep 17 00:00:00 2001
From: Yanfei Xu <yanfei.xu@windriver.com>
Date: Mon, 5 Jul 2021 17:56:58 +0800
Subject: [PATCH] locking/mutex: fix the endless loop when racing against
mutex.owner
if a race condition happened on mutex.owner after we fetch its value,
atomic_long_try_cmpxchg_acquire/release invoked on &mutex.owner will
return false. Then we need to reassign the temporary variable which
saves mutex.owner value if in loop, or it will lead an endless loop.
Fixes: 9265e48a579d ("locking/mutex: Use try_cmpxchg()")
Signed-off-by: Yanfei Xu <yanfei.xu@windriver.com>
---
kernel/locking/mutex.c | 15 ++++++++-------
1 file changed, 8 insertions(+), 7 deletions(-)
diff --git a/kernel/locking/mutex.c b/kernel/locking/mutex.c
index 5e6a811ac733..ec6b6724c118 100644
--- a/kernel/locking/mutex.c
+++ b/kernel/locking/mutex.c
@@ -95,12 +95,12 @@ static inline unsigned long __owner_flags(unsigned
long owner)
static inline struct task_struct *__mutex_trylock_common(struct mutex
*lock, bool handoff)
{
- unsigned long owner, curr = (unsigned long)current;
+ unsigned long flags, owner, task, curr = (unsigned long)current;
- owner = atomic_long_read(&lock->owner);
for (;;) { /* must loop, can race against a flag */
- unsigned long flags = __owner_flags(owner);
- unsigned long task = owner & ~MUTEX_FLAGS;
+ owner = atomic_long_read(&lock->owner);
+ flags = __owner_flags(owner);
+ task = owner & ~MUTEX_FLAGS;
if (task) {
if (flags & MUTEX_FLAG_PICKUP) {
@@ -231,10 +231,10 @@ __mutex_remove_waiter(struct mutex *lock, struct
mutex_waiter *waiter)
*/
static void __mutex_handoff(struct mutex *lock, struct task_struct *task)
{
- unsigned long owner = atomic_long_read(&lock->owner);
+ unsigned long owner, new;
for (;;) {
- unsigned long new;
+ owner = atomic_long_read(&lock->owner);
MUTEX_WARN_ON(__owner_task(owner) != current);
MUTEX_WARN_ON(owner & MUTEX_FLAG_PICKUP);
@@ -1227,8 +1227,9 @@ static noinline void __sched
__mutex_unlock_slowpath(struct mutex *lock, unsigne
* Except when HANDOFF, in that case we must not clear the
owner field,
* but instead set it to the top waiter.
*/
- owner = atomic_long_read(&lock->owner);
for (;;) {
+ owner = atomic_long_read(&lock->owner);
+
MUTEX_WARN_ON(__owner_task(owner) != current);
MUTEX_WARN_ON(owner & MUTEX_FLAG_PICKUP);
--
2.29.2
next prev parent reply other threads:[~2021-07-05 11:59 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-06-30 15:35 [RFC][PATCH 0/4] locking/mutex: Some HANDOFF fixes Peter Zijlstra
2021-06-30 15:35 ` [RFC][PATCH 1/4] locking/mutex: Use try_cmpxchg() Peter Zijlstra
2021-07-05 11:59 ` Xu, Yanfei [this message]
2021-07-05 14:00 ` Peter Zijlstra
2021-07-05 14:52 ` Xu, Yanfei
2021-07-05 15:07 ` [PATCH] Documentation/atomic_t: Document cmpxchg() vs try_cmpxchg() Peter Zijlstra
2021-07-05 15:21 ` Will Deacon
2021-07-05 15:25 ` Xu, Yanfei
2021-07-05 17:12 ` Peter Zijlstra
2021-07-08 8:42 ` [tip: locking/core] " tip-bot2 for Peter Zijlstra
2021-07-08 8:42 ` [tip: locking/core] locking/mutex: Use try_cmpxchg() tip-bot2 for Peter Zijlstra
2021-06-30 15:35 ` [RFC][PATCH 2/4] locking/mutex: Fix HANDOFF condition Peter Zijlstra
2021-07-08 8:42 ` [tip: locking/core] " tip-bot2 for Peter Zijlstra
2021-06-30 15:35 ` [RFC][PATCH 3/4] locking/mutex: Introduce __mutex_trylock_or_handoff() Peter Zijlstra
2021-06-30 16:30 ` Waiman Long
2021-06-30 18:04 ` Peter Zijlstra
2021-07-08 8:42 ` [tip: locking/core] " tip-bot2 for Peter Zijlstra
2021-06-30 15:35 ` [RFC][PATCH 4/4] locking/mutex: Add MUTEX_WARN_ON Peter Zijlstra
2021-07-08 8:42 ` [tip: locking/core] " tip-bot2 for Peter Zijlstra
2021-06-30 19:03 ` [RFC][PATCH 0/4] locking/mutex: Some HANDOFF fixes Waiman Long
2021-07-01 2:11 ` Xu, Yanfei
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cac55711-585a-4e08-3b5e-a6890e2f548d@windriver.com \
--to=yanfei.xu@windriver.com \
--cc=boqun.feng@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=longman@redhat.com \
--cc=mingo@redhat.com \
--cc=peterz@infradead.org \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).