Skip to content

Commit b061c38

Browse files
Peter ZijlstraIngo Molnar
Peter Zijlstra
authored and
Ingo Molnar
committed
futex: Fix (possible) missed wakeup
We must not rely on wake_q_add() to delay the wakeup; in particular commit: 1d0dcb3 ("futex: Implement lockless wakeups") moved wake_q_add() before smp_store_release(&q->lock_ptr, NULL), which could result in futex_wait() waking before observing ->lock_ptr == NULL and going back to sleep again. Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Thomas Gleixner <tglx@linutronix.de> Fixes: 1d0dcb3 ("futex: Implement lockless wakeups") Signed-off-by: Ingo Molnar <mingo@kernel.org>
1 parent 4c4e373 commit b061c38

File tree

1 file changed

+8
-5
lines changed

1 file changed

+8
-5
lines changed

kernel/futex.c

Lines changed: 8 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1452,11 +1452,7 @@ static void mark_wake_futex(struct wake_q_head *wake_q, struct futex_q *q)
14521452
if (WARN(q->pi_state || q->rt_waiter, "refusing to wake PI futex\n"))
14531453
return;
14541454

1455-
/*
1456-
* Queue the task for later wakeup for after we've released
1457-
* the hb->lock. wake_q_add() grabs reference to p.
1458-
*/
1459-
wake_q_add(wake_q, p);
1455+
get_task_struct(p);
14601456
__unqueue_futex(q);
14611457
/*
14621458
* The waiting task can free the futex_q as soon as q->lock_ptr = NULL
@@ -1466,6 +1462,13 @@ static void mark_wake_futex(struct wake_q_head *wake_q, struct futex_q *q)
14661462
* plist_del in __unqueue_futex().
14671463
*/
14681464
smp_store_release(&q->lock_ptr, NULL);
1465+
1466+
/*
1467+
* Queue the task for later wakeup for after we've released
1468+
* the hb->lock. wake_q_add() grabs reference to p.
1469+
*/
1470+
wake_q_add(wake_q, p);
1471+
put_task_struct(p);
14691472
}
14701473

14711474
/*

0 commit comments

Comments
 (0)