futex: Cleanup refcounting

Add a put_pit_state() as counterpart for get_pi_state() so the refcounting
becomes consistent.

Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: juri.lelli@arm.com
Cc: bigeasy@linutronix.de
Cc: xlpang@redhat.com
Cc: rostedt@goodmis.org
Cc: mathieu.desnoyers@efficios.com
Cc: jdesfossez@efficios.com
Cc: dvhart@infradead.org
Cc: bristot@redhat.com
Link: http://lkml.kernel.org/r/20170322104151.801778516@infradead.org
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
This commit is contained in:
Peter Zijlstra 2017-03-22 11:35:53 +01:00 committed by Thomas Gleixner
parent 734009e96d
commit bf92cf3a51
1 changed files with 9 additions and 4 deletions

View File

@ -802,7 +802,7 @@ static int refill_pi_state_cache(void)
return 0; return 0;
} }
static struct futex_pi_state * alloc_pi_state(void) static struct futex_pi_state *alloc_pi_state(void)
{ {
struct futex_pi_state *pi_state = current->pi_state_cache; struct futex_pi_state *pi_state = current->pi_state_cache;
@ -812,6 +812,11 @@ static struct futex_pi_state * alloc_pi_state(void)
return pi_state; return pi_state;
} }
static void get_pi_state(struct futex_pi_state *pi_state)
{
WARN_ON_ONCE(!atomic_inc_not_zero(&pi_state->refcount));
}
/* /*
* Drops a reference to the pi_state object and frees or caches it * Drops a reference to the pi_state object and frees or caches it
* when the last reference is gone. * when the last reference is gone.
@ -856,7 +861,7 @@ static void put_pi_state(struct futex_pi_state *pi_state)
* Look up the task based on what TID userspace gave us. * Look up the task based on what TID userspace gave us.
* We dont trust it. * We dont trust it.
*/ */
static struct task_struct * futex_find_get_task(pid_t pid) static struct task_struct *futex_find_get_task(pid_t pid)
{ {
struct task_struct *p; struct task_struct *p;
@ -1103,7 +1108,7 @@ static int attach_to_pi_state(u32 __user *uaddr, u32 uval,
goto out_einval; goto out_einval;
out_attach: out_attach:
atomic_inc(&pi_state->refcount); get_pi_state(pi_state);
raw_spin_unlock_irq(&pi_state->pi_mutex.wait_lock); raw_spin_unlock_irq(&pi_state->pi_mutex.wait_lock);
*ps = pi_state; *ps = pi_state;
return 0; return 0;
@ -1990,7 +1995,7 @@ retry_private:
* refcount on the pi_state and store the pointer in * refcount on the pi_state and store the pointer in
* the futex_q object of the waiter. * the futex_q object of the waiter.
*/ */
atomic_inc(&pi_state->refcount); get_pi_state(pi_state);
this->pi_state = pi_state; this->pi_state = pi_state;
ret = rt_mutex_start_proxy_lock(&pi_state->pi_mutex, ret = rt_mutex_start_proxy_lock(&pi_state->pi_mutex,
this->rt_waiter, this->rt_waiter,