Re: handle_exit_race && PF_EXITING

From: Oleg Nesterov
Date: Thu Nov 07 2019 - 10:51:46 EST

Next message: Kirill Tkhai: "Re: NULL pointer dereference in pick_next_task_fair"
Previous message: Bart Van Assche: "Re: linux-next: build warning after merge of the scsi tree"
In reply to: Thomas Gleixner: "Re: handle_exit_race && PF_EXITING"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 11/06, Thomas Gleixner wrote:
>
> On Wed, 6 Nov 2019, Oleg Nesterov wrote:
> >
> > I think that (with or without this fix) handle_exit_race() logic needs
> > cleanups, there is no reason for get_futex_value_locked(), we can drop
> > ->pi_lock right after we see PF_EXITPIDONE. Lets discuss this later.
>
> Which still is in atomic because the hash bucket lock is held, ergo
> get_futex_value_locked() needs to stay for now.

Indeed, you are right.

> Same explanation as before just not prosa this time:
>
> exit() lock_pi(futex2)
> exit_pi_state_list()
> lock(tsk->pi_lock)
> tsk->flags |= PF_EXITPIDONE; attach_to_pi_owner()
> ...
> // Loop unrolled for clarity
> while(!list_empty()) lock(tsk->pi_lock);
> cleanup(futex1)
> unlock(tsk->pi_lock)
^^^^^^^^^^^^^^^^^^^^
Ah! Thanks.

Hmm. In particular, exit_pi_state() drops pi_lock if refcount_inc_not_zero() fails.

Isn't this another potential source of livelock ?

Suppose that a realtime lock owner X sleeps somewhere, another task T
calls put_pi_state(), refcount_dec_and_test() succeeds.

What if, say, X is killed right after that and preempts T on the same
CPU?

Oleg.

Next message: Kirill Tkhai: "Re: NULL pointer dereference in pick_next_task_fair"
Previous message: Bart Van Assche: "Re: linux-next: build warning after merge of the scsi tree"
In reply to: Thomas Gleixner: "Re: handle_exit_race && PF_EXITING"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]