[4.4,02/11] futex: Cleanup refcounting

Message ID	20210802134624.1934-3-thunder.leizhen@huawei.com
State	New
Headers	show Delivered-To: patch@linaro.org Received-SPF: pass (google.com: domain of stable-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; From: Zhen Lei <thunder.leizhen@huawei.com> To: Greg Kroah-Hartman <gregkh@linuxfoundation.org>, stable <stable@vger.kernel.org> CC: Zhen Lei <thunder.leizhen@huawei.com>, Anna-Maria Gleixner <anna-maria@linutronix.de>, Mike Galbraith <efault@gmx.de>, Sasha Levin <sasha.levin@oracle.com>, Ingo Molnar <mingo@kernel.org>, Peter Zijlstra <peterz@infradead.org>, Thomas Gleixner <tglx@linutronix.de>, linux-kernel <linux-kernel@vger.kernel.org> Subject: [PATCH 4.4 02/11] futex: Cleanup refcounting Date: Mon, 2 Aug 2021 21:46:15 +0800 Message-ID: <20210802134624.1934-3-thunder.leizhen@huawei.com> In-Reply-To: <20210802134624.1934-1-thunder.leizhen@huawei.com> References: <20210802134624.1934-1-thunder.leizhen@huawei.com> MIME-Version: 1.0 Content-Transfer-Encoding: 7BIT Content-Type: text/plain; charset=US-ASCII Precedence: bulk
Series	Fix a potential infinite loop in RT futex-pi scenarios \| expand [4.4,00/11] Fix a potential infinite loop in RT futex-pi scenarios [4.4,01/11] futex: Rename free_pi_state() to put_pi_state() [4.4,02/11] futex: Cleanup refcounting [4.4,03/11] futex,rt_mutex: Introduce rt_mutex_init_waiter() [4.4,04/11] futex: Pull rt_mutex_futex_unlock() out from under hb->lock [4.4,05/11] futex: Rework futex_lock_pi() to use rt_mutex_*_proxy_lock() [4.4,06/11] futex: Futex_unlock_pi() determinism [4.4,07/11] rtmutex: Make wait_lock irq safe [4.4,08/11] futex: Handle transient "ownerless" rtmutex state correctly [4.4,09/11] futex: Avoid freeing an active timer [4.4,10/11] futex,rt_mutex: Fix rt_mutex_cleanup_proxy_lock() [4.4,11/11] rcu: Update documentation of rcu_read_unlock()

Message ID

20210802134624.1934-3-thunder.leizhen@huawei.com

State

New

Headers

Received-SPF: pass (google.com: domain of stable-owner@vger.kernel.org
	designates 23.128.96.18 as permitted sender)
	client-ip=23.128.96.18; 
From: Zhen Lei <thunder.leizhen@huawei.com>
To: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	stable <stable@vger.kernel.org>
CC: Zhen Lei <thunder.leizhen@huawei.com>,
	Anna-Maria Gleixner <anna-maria@linutronix.de>,
	Mike Galbraith <efault@gmx.de>, Sasha Levin <sasha.levin@oracle.com>,
	Ingo Molnar <mingo@kernel.org>, Peter Zijlstra <peterz@infradead.org>,
	Thomas Gleixner <tglx@linutronix.de>,
	linux-kernel <linux-kernel@vger.kernel.org>
Subject: [PATCH 4.4 02/11] futex: Cleanup refcounting
Date: Mon, 2 Aug 2021 21:46:15 +0800
Message-ID: <20210802134624.1934-3-thunder.leizhen@huawei.com>
In-Reply-To: <20210802134624.1934-1-thunder.leizhen@huawei.com>
References: <20210802134624.1934-1-thunder.leizhen@huawei.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 7BIT
Content-Type: text/plain; charset=US-ASCII
Precedence: bulk

Series

Fix a potential infinite loop in RT futex-pi scenarios | expand

Commit Message

Leizhen (ThunderTown) Aug. 2, 2021, 1:46 p.m. UTC

From: Peter Zijlstra <peterz@infradead.org>


[ Upstream commit bf92cf3a5100f5a0d5f9834787b130159397cb22 ]

Add a put_pit_state() as counterpart for get_pi_state() so the refcounting
becomes consistent.

Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>

Cc: juri.lelli@arm.com
Cc: bigeasy@linutronix.de
Cc: xlpang@redhat.com
Cc: rostedt@goodmis.org
Cc: mathieu.desnoyers@efficios.com
Cc: jdesfossez@efficios.com
Cc: dvhart@infradead.org
Cc: bristot@redhat.com
Link: http://lkml.kernel.org/r/20170322104151.801778516@infradead.org
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>

Signed-off-by: Zhen Lei <thunder.leizhen@huawei.com>

---
 kernel/futex.c | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

-- 
2.26.0.106.g9fadedd

diff --git a/kernel/futex.c b/kernel/futex.c
index dbb38e14f6fcc8e..dab9c79a931a23e 100644
--- a/kernel/futex.c
+++ b/kernel/futex.c
@@ -825,7 +825,7 @@  static int refill_pi_state_cache(void)
 	return 0;
 }
 
-static struct futex_pi_state * alloc_pi_state(void)
+static struct futex_pi_state *alloc_pi_state(void)
 {
 	struct futex_pi_state *pi_state = current->pi_state_cache;
 
@@ -858,6 +858,11 @@  static void pi_state_update_owner(struct futex_pi_state *pi_state,
 	}
 }
 
+static void get_pi_state(struct futex_pi_state *pi_state)
+{
+	WARN_ON_ONCE(!atomic_inc_not_zero(&pi_state->refcount));
+}
+
 /*
  * Drops a reference to the pi_state object and frees or caches it
  * when the last reference is gone.
@@ -901,7 +906,7 @@  static void put_pi_state(struct futex_pi_state *pi_state)
  * Look up the task based on what TID userspace gave us.
  * We dont trust it.
  */
-static struct task_struct * futex_find_get_task(pid_t pid)
+static struct task_struct *futex_find_get_task(pid_t pid)
 {
 	struct task_struct *p;
 
@@ -1149,7 +1154,7 @@  static int attach_to_pi_state(u32 __user *uaddr, u32 uval,
 		goto out_einval;
 
 out_attach:
-	atomic_inc(&pi_state->refcount);
+	get_pi_state(pi_state);
 	raw_spin_unlock_irq(&pi_state->pi_mutex.wait_lock);
 	*ps = pi_state;
 	return 0;
@@ -2204,7 +2209,7 @@  retry_private:
 		 */
 		if (requeue_pi) {
 			/* Prepare the waiter to take the rt_mutex. */
-			atomic_inc(&pi_state->refcount);
+			get_pi_state(pi_state);
 			this->pi_state = pi_state;
 			ret = rt_mutex_start_proxy_lock(&pi_state->pi_mutex,
 							this->rt_waiter,

[4.4,02/11] futex: Cleanup refcounting

Commit Message

Patch