Re: safety of *mutex_unlock() (Was: [BUG] signal: sighand unprotected when accessed by /proc)
From: Oleg Nesterov
Date: Tue Jun 10 2014 - 13:08:44 EST
On 06/10, Thomas Gleixner wrote:
>
> +static inline bool unlock_rt_mutex_safe(struct rt_mutex *lock)
> + __releases(lock->wait_lock)
> +{
> + unsigned long owner, *p = (unsigned long *) &lock->owner;
> +
> + owner = (unsigned long) rt_mutex_owner(lock);
> + clear_rt_mutex_waiters(lock);
> + raw_spin_unlock(&lock->wait_lock);
> + /*
> + * If a new waiter comes in between the unlock and the cmpxchg
> + * we have two situations:
> + *
> + * unlock(wait_lock);
> + * lock(wait_lock);
> + * cmpxchg(p, owner, 0) == owner
> + * mark_rt_mutex_waiters(lock);
> + * acquire(lock);
> + * or:
> + *
> + * unlock(wait_lock);
> + * lock(wait_lock);
> + * mark_rt_mutex_waiters(lock);
> + *
> + * cmpxchg(p, owner, 0) != owner
> + * enqueue_waiter();
> + * unlock(wait_lock);
> + * lock(wait_lock);
> + * wake waiter();
> + * unlock(wait_lock);
> + * lock(wait_lock);
> + * acquire(lock);
> + */
> + return rt_mutex_cmpxchg(p, owner, 0);
Wait, but this looks like a typo. rt_mutex_cmpxchg() needs "struct rt_mutex *",
not "long *". It seems that you should simply kill "*p" above.
Oleg.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/