Re: [-rt] Fix race condition and following BUG in PI-futex

[Esben Nielsen]

On Tue, 1 Aug 2006, Steven Rostedt wrote:

> On Tue, 2006-08-01 at 13:22 -0700, Darren Hart wrote:
>
> > > >   	list_del_init(&pi_state->owner->pi_state_list);
> > > >   	list_add(&pi_state->list, &new_owner->pi_state_list);
> > > >   	pi_state->owner = new_owner;
> > > > +	atomic_inc(&pi_state->refcount);
> > >
> > > There really needs to be a get_pi_state() or some variant. Having to do
> > > a manual atomic_inc is very dangerous.
> >
> > I understand the need to grab the wait_lock in order to serialize
> > rt_mutex_next_owner(), but why the addition of of the atomic_inc() and the
> > free_pi_state() ?  And if we do need them, shouldn't we place them around the
> > use of the pi_state, rather than just before the unlock calls?
>
> Hmm, is the inc really needed?  The hb->lock is held through this and
> the pi_state can't go away while that lock is held.

I was going to ask about that... If you say so they can go. I just added 
the inc/dec to be sure.

Esben

> -- Steve
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/