From patchwork Fri Dec 2 11:28:52 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: tip-bot2 for Thomas Gleixner X-Patchwork-Id: 28872 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:f944:0:0:0:0:0 with SMTP id q4csp781094wrr; Fri, 2 Dec 2022 03:37:50 -0800 (PST) X-Google-Smtp-Source: AA0mqf754E/mYedHVsi2XmhgiqoDLXsMQZsg6jVVBuad456h6u1wwpQpsBEZMzgpKBQ8LgGP75Tr X-Received: by 2002:aa7:c719:0:b0:46a:bfd0:f816 with SMTP id i25-20020aa7c719000000b0046abfd0f816mr1552355edq.277.1669981070282; Fri, 02 Dec 2022 03:37:50 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1669981070; cv=none; d=google.com; s=arc-20160816; b=s5rS4SmkC3Zz3/khibJyaNaOMQy3b0E58H9ld+CcrspZS7L3c7AcXqTM6qMMKZEFc1 u2KV68FddTYhnqN6fH6+cM47uXQy3pS8OPeUf1Am/2ZBo2gW+SxhrEncTBmgjNWLRnX9 MFTtfuDB9wpINHAEFOGj306HIH/6fbkLJZaARqW+cd1ujVHENK4OPwh3R4wpZdJmnaS1 F1ghFEigkvIOhrR58ojVw6jumDrbeOj5q6kJFB/fHSlUpUB8wvodefurmoTA4wzdrkAA zXl4AwHk9i/hb3QaOGMR3mwWuTxaLAEdj5lVf/5YuGCcNt3PaAq+Yre0IwEFupRW1DOQ 9G0g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:robot-unsubscribe :robot-id:message-id:mime-version:references:in-reply-to:cc:subject :to:reply-to:sender:from:dkim-signature:dkim-signature:date; bh=K5ex9nqQicUtIknKSQ+fIyf0Cui4gT0k3HCej5xdGY0=; b=vEU3m3UB8VJGhHof+315O+SIvNiX+P3gNwRQjEtZmZqufH7e63IiyThXoE67wziwim jy2Ae2OvTfKaViucQu9VmpDx2vqJ90P8x7C3iYMaqEpiC2K+vaBSsNopDjutNavhn2pK P71YuGvV6+hhBCapMH9Iuvhfbl4K6w+ep9CSW5iAunsErWWkclu3dUQKJHzwIxfHoW7M qfvuaxxZZMalG9K+g1GkyABYFG9+aDKUSKD/OmofuMFuecoPY7FWNieV8wYWQ+p6uIFH QRs5UziBeDAuKgOGX4nRb+hNRjNtWaHT0MQOCV06R+u3tuwp8xxkkf6YVg9a/gVE0k4w 1d9Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linutronix.de header.s=2020 header.b=kXo7O9Cy; dkim=neutral (no key) header.i=@linutronix.de; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id w12-20020a056402070c00b004623028c586si5757530edx.141.2022.12.02.03.37.26; Fri, 02 Dec 2022 03:37:50 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linutronix.de header.s=2020 header.b=kXo7O9Cy; dkim=neutral (no key) header.i=@linutronix.de; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233392AbiLBL3s (ORCPT + 99 others); Fri, 2 Dec 2022 06:29:48 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45500 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233383AbiLBL3E (ORCPT ); Fri, 2 Dec 2022 06:29:04 -0500 Received: from galois.linutronix.de (Galois.linutronix.de [193.142.43.55]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0C27CD3A3A; Fri, 2 Dec 2022 03:28:55 -0800 (PST) Date: Fri, 02 Dec 2022 11:28:52 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1669980534; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=K5ex9nqQicUtIknKSQ+fIyf0Cui4gT0k3HCej5xdGY0=; b=kXo7O9Cy5S8Z9750W/dmhVupdZZWqYXX/AoIrRQVWVLnyra6+mzYad9lY+jSkFvmTtJltE WEaKWNK+BrCbquMatqMPaoOx7DehZRXqtf450Hjjjb6BuPJ6o9Htk8Hh/xrwa7UuNIUdix C/L4vYi4hlbfoSNjyM+A35XIe4Fs9dgPOfjMpA+a2mUhM+FnZcxBe2l7TV3TZ9nzlkeJfE xZ1W6KcfO/pyVcq3rPGGU3RemflDi+PRX816j1kNFKf7egxIyC9eR1AYca+3kOqU7AzUXV /gPossxuFW8n32totuYeqGsttjfCbAlw98rjm/V1soaoSM5Ok7RHwugEr6Nu1Q== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1669980534; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=K5ex9nqQicUtIknKSQ+fIyf0Cui4gT0k3HCej5xdGY0=; b=4ZXBvnX7F06hA50qa+VcDHu5j/qoOFMxKYzPR93NrNAN4i7ePwunC1ZbiJRh6/2ACDDzeu LJI1Z98ByVSlKqDg== From: "tip-bot2 for Alexey Izbyshev" Sender: tip-bot2@linutronix.de Reply-to: linux-kernel@vger.kernel.org To: linux-tip-commits@vger.kernel.org Subject: [tip: locking/core] futex: Resend potentially swallowed owner death notification Cc: Alexey Izbyshev , Thomas Gleixner , "Peter Zijlstra (Intel)" , x86@kernel.org, linux-kernel@vger.kernel.org In-Reply-To: <20221111215439.248185-1-izbyshev@ispras.ru> References: <20221111215439.248185-1-izbyshev@ispras.ru> MIME-Version: 1.0 Message-ID: <166998053282.4906.6953226342195740637.tip-bot2@tip-bot2> Robot-ID: Robot-Unsubscribe: Contact to get blacklisted from these emails X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE, SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1749239118286749652?= X-GMAIL-MSGID: =?utf-8?q?1751102070529162226?= The following commit has been merged into the locking/core branch of tip: Commit-ID: 90d758896787048fa3d4209309d4800f3920e66f Gitweb: https://git.kernel.org/tip/90d758896787048fa3d4209309d4800f3920e66f Author: Alexey Izbyshev AuthorDate: Sat, 12 Nov 2022 00:54:39 +03:00 Committer: Thomas Gleixner CommitterDate: Fri, 02 Dec 2022 12:20:24 +01:00 futex: Resend potentially swallowed owner death notification Commit ca16d5bee598 ("futex: Prevent robust futex exit race") addressed two cases when tasks waiting on a robust non-PI futex remained blocked despite the futex not being owned anymore: * if the owner died after writing zero to the futex word, but before waking up a waiter * if a task waiting on the futex was woken up, but died before updating the futex word (effectively swallowing the notification without acting on it) In the second case, the task could be woken up either by the previous owner (after the futex word was reset to zero) or by the kernel (after the OWNER_DIED bit was set and the TID part of the futex word was reset to zero) if the previous owner died without the resetting the futex. Because the referenced commit wakes up a potential waiter only if the whole futex word is zero, the latter subcase remains unaddressed. Fix this by looking only at the TID part of the futex when deciding whether a wake up is needed. Fixes: ca16d5bee598 ("futex: Prevent robust futex exit race") Signed-off-by: Alexey Izbyshev Signed-off-by: Thomas Gleixner Acked-by: Peter Zijlstra (Intel) Link: https://lore.kernel.org/r/20221111215439.248185-1-izbyshev@ispras.ru --- kernel/futex/core.c | 26 +++++++++++++++++--------- 1 file changed, 17 insertions(+), 9 deletions(-) diff --git a/kernel/futex/core.c b/kernel/futex/core.c index b22ef1e..514e458 100644 --- a/kernel/futex/core.c +++ b/kernel/futex/core.c @@ -638,6 +638,7 @@ static int handle_futex_death(u32 __user *uaddr, struct task_struct *curr, bool pi, bool pending_op) { u32 uval, nval, mval; + pid_t owner; int err; /* Futex address must be 32bit aligned */ @@ -659,6 +660,10 @@ retry: * 2. A woken up waiter is killed before it can acquire the * futex in user space. * + * In the second case, the wake up notification could be generated + * by the unlock path in user space after setting the futex value + * to zero or by the kernel after setting the OWNER_DIED bit below. + * * In both cases the TID validation below prevents a wakeup of * potential waiters which can cause these waiters to block * forever. @@ -667,24 +672,27 @@ retry: * * 1) task->robust_list->list_op_pending != NULL * @pending_op == true - * 2) User space futex value == 0 + * 2) The owner part of user space futex value == 0 * 3) Regular futex: @pi == false * * If these conditions are met, it is safe to attempt waking up a * potential waiter without touching the user space futex value and - * trying to set the OWNER_DIED bit. The user space futex value is - * uncontended and the rest of the user space mutex state is - * consistent, so a woken waiter will just take over the - * uncontended futex. Setting the OWNER_DIED bit would create - * inconsistent state and malfunction of the user space owner died - * handling. + * trying to set the OWNER_DIED bit. If the futex value is zero, + * the rest of the user space mutex state is consistent, so a woken + * waiter will just take over the uncontended futex. Setting the + * OWNER_DIED bit would create inconsistent state and malfunction + * of the user space owner died handling. Otherwise, the OWNER_DIED + * bit is already set, and the woken waiter is expected to deal with + * this. */ - if (pending_op && !pi && !uval) { + owner = uval & FUTEX_TID_MASK; + + if (pending_op && !pi && !owner) { futex_wake(uaddr, 1, 1, FUTEX_BITSET_MATCH_ANY); return 0; } - if ((uval & FUTEX_TID_MASK) != task_pid_vnr(curr)) + if (owner != task_pid_vnr(curr)) return 0; /*