patches/futex-rtmutex-Cure-RT-double-blocking-issue.patch - pub/scm/linux/kernel/git/paulg/4.12-rt-patches - Git at Google

 From: Thomas Gleixner <tglx@linutronix.de>
 Date: Tue, 9 May 2017 17:11:10 +0200
 Subject: [PATCH] futex/rtmutex: Cure RT double blocking issue

 RT has a problem when the wait on a futex/rtmutex got interrupted by a
 timeout or a signal. task->pi_blocked_on is still set when returning from
 rt_mutex_wait_proxy_lock(). The task must acquire the hash bucket lock
 after this.

 If the hash bucket lock is contended then the
 BUG_ON(rt_mutex_real_waiter(task->pi_blocked_on)) in
 task_blocks_on_rt_mutex() will trigger.

 This can be avoided by clearing task->pi_blocked_on in the return path of
 rt_mutex_wait_proxy_lock() which removes the task from the boosting chain
 of the rtmutex. That's correct because the task is not longer blocked on
 it.

 Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
 Reported-by: Engleder Gerhard <eg@keba.com>
 Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
 ---
  kernel/locking/rtmutex.c |   19 +++++++++++++++++++
  1 file changed, 19 insertions(+)

 --- a/kernel/locking/rtmutex.c
 +++ b/kernel/locking/rtmutex.c
 @@ -2406,6 +2406,7 @@ int rt_mutex_wait_proxy_lock(struct rt_m
  			       struct hrtimer_sleeper *to,
  			       struct rt_mutex_waiter *waiter)
  {
 +	struct task_struct *tsk = current;
  	int ret;

  	raw_spin_lock_irq(&lock->wait_lock);
 @@ -2417,6 +2418,24 @@ int rt_mutex_wait_proxy_lock(struct rt_m
  	 * have to fix that up.
  	 */
  	fixup_rt_mutex_waiters(lock);
 +	/*
 +	 * RT has a problem here when the wait got interrupted by a timeout
 +	 * or a signal. task->pi_blocked_on is still set. The task must
 +	 * acquire the hash bucket lock when returning from this function.
 +	 *
 +	 * If the hash bucket lock is contended then the
 +	 * BUG_ON(rt_mutex_real_waiter(task->pi_blocked_on)) in
 +	 * task_blocks_on_rt_mutex() will trigger. This can be avoided by
 +	 * clearing task->pi_blocked_on which removes the task from the
 +	 * boosting chain of the rtmutex. That's correct because the task
 +	 * is not longer blocked on it.
 +	 */
 +	if (ret) {
 +		raw_spin_lock(&tsk->pi_lock);
 +		tsk->pi_blocked_on = NULL;
 +		raw_spin_unlock(&tsk->pi_lock);
 +	}
 +
  	raw_spin_unlock_irq(&lock->wait_lock);

  	return ret;
	From: Thomas Gleixner <tglx@linutronix.de>
	Date: Tue, 9 May 2017 17:11:10 +0200
	Subject: [PATCH] futex/rtmutex: Cure RT double blocking issue

	RT has a problem when the wait on a futex/rtmutex got interrupted by a
	timeout or a signal. task->pi_blocked_on is still set when returning from
	rt_mutex_wait_proxy_lock(). The task must acquire the hash bucket lock
	after this.

	If the hash bucket lock is contended then the
	BUG_ON(rt_mutex_real_waiter(task->pi_blocked_on)) in
	task_blocks_on_rt_mutex() will trigger.

	This can be avoided by clearing task->pi_blocked_on in the return path of
	rt_mutex_wait_proxy_lock() which removes the task from the boosting chain
	of the rtmutex. That's correct because the task is not longer blocked on
	it.

	Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
	Reported-by: Engleder Gerhard <eg@keba.com>
	Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
	---
	kernel/locking/rtmutex.c \| 19 +++++++++++++++++++
	1 file changed, 19 insertions(+)

	--- a/kernel/locking/rtmutex.c
	+++ b/kernel/locking/rtmutex.c
	@@ -2406,6 +2406,7 @@ int rt_mutex_wait_proxy_lock(struct rt_m
	struct hrtimer_sleeper *to,
	struct rt_mutex_waiter *waiter)
	{
	+ struct task_struct *tsk = current;
	int ret;

	raw_spin_lock_irq(&lock->wait_lock);
	@@ -2417,6 +2418,24 @@ int rt_mutex_wait_proxy_lock(struct rt_m
	* have to fix that up.
	*/
	fixup_rt_mutex_waiters(lock);
	+ /*
	+ * RT has a problem here when the wait got interrupted by a timeout
	+ * or a signal. task->pi_blocked_on is still set. The task must
	+ * acquire the hash bucket lock when returning from this function.
	+ *
	+ * If the hash bucket lock is contended then the
	+ * BUG_ON(rt_mutex_real_waiter(task->pi_blocked_on)) in
	+ * task_blocks_on_rt_mutex() will trigger. This can be avoided by
	+ * clearing task->pi_blocked_on which removes the task from the
	+ * boosting chain of the rtmutex. That's correct because the task
	+ * is not longer blocked on it.
	+ */
	+ if (ret) {
	+ raw_spin_lock(&tsk->pi_lock);
	+ tsk->pi_blocked_on = NULL;
	+ raw_spin_unlock(&tsk->pi_lock);
	+ }
	+
	raw_spin_unlock_irq(&lock->wait_lock);

	return ret;