Bug 16255 - 2.6.35-rc3 deadlocks on semaphore operations
2.6.35-rc3 deadlocks on semaphore operations
Status: CLOSED CODE_FIX
Product: Process Management
Classification: Unclassified
Component: Other
All Linux
: P1 normal
Assigned To: process_other
:
Depends on:
Blocks: 16055
  Show dependency treegraph
 
Reported: 2010-06-20 06:54 UTC by Maciej Rutecki
Modified: 2010-07-23 11:25 UTC (History)
4 users (show)

See Also:
Kernel Version: 2.6.35-rc3
Tree: Mainline
Regression: Yes


Attachments
bugfix (2.44 KB, patch)
2010-06-23 16:30 UTC, Manfred Spraul
Details | Diff

Description Maciej Rutecki 2010-06-20 06:54:16 UTC
Subject    : 2.6.35-rc3 deadlocks on semaphore operations
Submitter  : Christoph Lameter <cl@linux-foundation.org>
Date       : 2010-06-18 14:49
Message-ID : alpine.DEB.2.00.1006180940140.11575@router.home
References : http://marc.info/?l=linux-kernel&m=127687262727707&w=2

This entry is being used for tracking a regression from 2.6.34.  Please don't
close it until the problem is fixed in the mainline.
Comment 1 Manfred Spraul 2010-06-23 16:30:02 UTC
Created attachment 26915 [details]
bugfix

Hi,

I think I found it:
Previously, queue.status was never IN_WAKEUP when the semaphore spinlock was held.

The last patch changes that:
Now the change from IN_WAKEUP to the final result code happens after the the semaphore spinlock is dropped.
Thus a task can observe IN_WAKEUP even when it acquired the semaphore spinlock.

As a result, semop() sometimes returned 1 (IN_WAKEUP) for a successful operation.

Attached is a patch that should fix the bug.

-- 
    Manfred
Comment 2 Manfred Spraul 2010-07-02 16:41:29 UTC
The bugfix is in Andrew's tree and I couldn't find any further regressions.

Maciej, could you close the bug when the patch appears in mainline?
Comment 3 Rafael J. Wysocki 2010-07-08 23:16:58 UTC
Patch : http://marc.info/?l=linux-kernel&m=127731055203402&w=2
Handled-By : Manfred Spraul <manfred@colorfullife.com>
Comment 4 Rafael J. Wysocki 2010-07-23 11:25:37 UTC
Fixed by commit c61284e99191b2284fb74dae6961d4d09e4e59e8 .

Note You need to log in before you can comment on or make changes to this bug.