Re: [Patch v2] rwsem: fix rwsem_is_locked() bugs
From: David Howells
Date: Mon Oct 05 2009 - 09:15:29 EST
Amerigo Wang <amwang@xxxxxxxxxx> wrote:
> - return (sem->activity != 0);
> + return !(sem->activity == 0 && list_empty(&sem->wait_list));
This needs to be done in the opposite order with an smp_rmb() between[*], I
think, because the someone releasing the lock will first reduce activity to
zero, and then attempt to empty the list, so with your altered code as it
stands, you can get:
CPU 1 CPU 2
=============================== ===============================
[sem is read locked, 1 queued writer]
-->up_read()
sem->activity-- -->rwsem_is_locked()
[sem->activity now 0] sem->activity == 0 [true]
<interrupt>
-->__rwsem_do_wake()
sem->activity = -1
[sem->activity now !=0]
list_del()
[sem->wait_list now empty] </interrupt>
list_empty(&sem->wait_list) [true]
wake_up_process()
<--__rwsem_do_wake()
<--up_read()
[sem is write locked] return false [ie. sem is not locked]
In fact, I don't think even swapping things around addresses the problem. You
do not prevent the state inside the sem changing under you whilst you try to
interpret it.
[*] there would also need to be an smp_wmb() between the update of
sem->activity and the deletion from sem->wait_list to balance out the
smp_rmb().
David
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/