Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp5450080imu; Wed, 19 Dec 2018 11:21:41 -0800 (PST) X-Google-Smtp-Source: AFSGD/X9+z0SXDQlCLC1awQPYm9AnJw15wqeUgY+C3AjiUVdC4vZxeXK/tSlEN2VPyduntcu2MDg X-Received: by 2002:a62:6f88:: with SMTP id k130mr21389481pfc.234.1545247301436; Wed, 19 Dec 2018 11:21:41 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1545247301; cv=none; d=google.com; s=arc-20160816; b=NEFIsPv00EhR2VmOO8j1mWcLol/6AuAHPAyivMTw9pmReJVYUWnmxMldECPO+EFtjo Dfd206qHG8bUEVuWN4QIPnJE+2/Ftm+a8DxyBq2Icy9o5bAs56zVVm/4Kcv40aEXZOfX wgBaFXLZFVgti8F5no1XpBByG7ahBzIsUqjlfBCJfgiNvNK9s8jLe1YczaYokmpCw/LJ p1X41ynwt18LU54Ef0EXFLlS2HwqGjENEMnBPnN/o2p+dKSi/hrW0erFnb56q898JAZH BiFbNXx2ju6Y+eHyn97YYEILPutYG7zGmtq31hT135pT/rnHJtw+Fri9ItHgl61zg0K/ Y9uQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :message-id:in-reply-to:subject:cc:to:from:date; bh=5I0bIwys2JqUXF6hWLrzG/P45piw73v93SknaymOt4U=; b=gpuOun6qCwUjoKgADDdx5I/L1VyXg4QWW08uvK996T3wHOFbi8iaICPdgEm1GzzrES hnyuhBK3OmPpPUOFPLXMpsK9GBqSaUyfq7dT8fH5aIgVyciXg7oecfexhv+mcbgEOkXM Il+Pk/LNZo3NUXcGhNAC7+x0242nAB1JgU+fMdo8hWmg/hjSLwx46c0f/dZfBxfS4MZK rTnjdjqkceRiijYQCniqKLoVHtnjlfALzTq3HvF1UOrbMRJhlNrWL9ubBT4ydckX3gA4 AJ5pCp5a4rBM6HlbBMtN6AfxcpzXUqdPcLKfCbHbdrSzdxWFSykGOjuZkLzhqoX7cNzm IMsg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id m8si16936636pgd.555.2018.12.19.11.21.25; Wed, 19 Dec 2018 11:21:41 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728721AbeLSTN0 (ORCPT + 99 others); Wed, 19 Dec 2018 14:13:26 -0500 Received: from Galois.linutronix.de ([146.0.238.70]:59591 "EHLO Galois.linutronix.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727847AbeLSTN0 (ORCPT ); Wed, 19 Dec 2018 14:13:26 -0500 Received: from p4fea4820.dip0.t-ipconnect.de ([79.234.72.32] helo=nanos) by Galois.linutronix.de with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256) (Exim 4.80) (envelope-from ) id 1gZhHW-0001uC-Kg; Wed, 19 Dec 2018 20:13:22 +0100 Date: Wed, 19 Dec 2018 20:13:22 +0100 (CET) From: Thomas Gleixner To: Peter Zijlstra cc: LKML , Stefan Liebler , Heiko Carstens , Darren Hart , Ingo Molnar Subject: Re: [patch] futex: Cure exit race In-Reply-To: <539c47359b37a5b6b9177da823be45d6@dl.linutronix.de> Message-ID: References: <20181210152311.986181245@linutronix.de> <20181210160205.GQ5289@hirez.programming.kicks-ass.net> <20181212090418.GT5289@hirez.programming.kicks-ass.net> <539c47359b37a5b6b9177da823be45d6@dl.linutronix.de> User-Agent: Alpine 2.21 (DEB 202 2017-01-01) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII X-Linutronix-Spam-Score: -1.0 X-Linutronix-Spam-Level: - X-Linutronix-Spam-Status: No , -1.0 points, 5.0 required, ALL_TRUSTED=-1,SHORTCIRCUIT=-0.0001 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, 19 Dec 2018, Thomas Gleixner wrote: > On 2018-12-18 10:31, Thomas Gleixner wrote: > > On Wed, 12 Dec 2018, Peter Zijlstra wrote: > > > On Mon, Dec 10, 2018 at 06:43:51PM +0100, Thomas Gleixner wrote: > > > @@ -806,6 +806,8 @@ void __noreturn do_exit(long code) > > > * task into the wait for ever nirwana as well. > > > */ > > > tsk->flags |= PF_EXITPIDONE; > > > + smp_mb(); > > > + wake_up_bit(&tsk->flags, 3 /* PF_EXITPIDONE */); > > > > Using ilog2(PF_EXITPIDONE) spares that horrible inline comment and more > > importantly selects the right bit. 0x04 is bit 2 .... > > Plus wake_up_bit() and wait_on_bit() want an unsigned long, but tsk->flags is > unsigned int.... > > Moar staring.... Aside of that calling wake_on_bit() unconditionally can be slow if the waitqueue in the hash bucket is not empty. So while cooking up an alternative solution I found yet another exit race: CPU0 CPU1 sys_futex() sys_exit() futex_lock_pi() do_exit() No waiters: *uaddr == 0x00000PID; Set waiter bit *uaddr = 0x80000PID; attach_to_pi_owner() tsk = get_task(PID); exit_signals(tsk) if (!(tsk->flags & PF_EXITING)) ... tsk->flags |= PF_EXITING; mm_release(tsk) exit_robust_list(tsk) Set owner died and clear PID *uaddr = 0xC0000000; if (unlikely(!list_empty(&tsk->pi_state_list))) list_add(&pi_state->list, &tsk->pi_state_list); I put that all on hold until Jan 7. If somebody is really bored, here is the WIP patch series which addresses the live lock mess: https://tglx.de/~tglx/patches.tar Thanks, tglx