[Intel-gfx] [PATCH] drm/i915: Fix mutex->owner inspection race under DEBUG_MUTEXES

Chris Wilson chris at chris-wilson.co.uk
Wed Jan 7 05:20:41 PST 2015


On Wed, Jan 07, 2015 at 02:12:14PM +0200, Jani Nikula wrote:
> On Mon, 05 Jan 2015, Daniel Vetter <daniel at ffwll.ch> wrote:
> > On Fri, Jan 02, 2015 at 09:47:10AM +0000, Chris Wilson wrote:
> >> If CONFIG_DEBUG_MUTEXES is set, the mutex->owner field is only cleared
> >> if the mutex debugging is enabled which introduces a race in our
> >> mutex_is_locked_by() - i.e. we may inspect the old owner value before it
> >> is acquired by the new task.
> >> 
> >> This is the root cause of this error:
> >> 
> >> diff --git a/kernel/locking/mutex-debug.c b/kernel/locking/mutex-debug.c
> >> index 5cf6731..3ef3736 100644
> >> --- a/kernel/locking/mutex-debug.c
> >> +++ b/kernel/locking/mutex-debug.c
> >> @@ -80,13 +80,13 @@ void debug_mutex_unlock(struct mutex *lock)
> >>                         DEBUG_LOCKS_WARN_ON(lock->owner != current);
> >> 
> >>                 DEBUG_LOCKS_WARN_ON(!lock->wait_list.prev && !lock->wait_list.next);
> >> -               mutex_clear_owner(lock);
> >>         }
> >> 
> >>         /*
> >>          * __mutex_slowpath_needs_to_unlock() is explicitly 0 for debug
> >>          * mutexes so that we can do it here after we've verified state.
> >>          */
> >> +       mutex_clear_owner(lock);
> >>         atomic_set(&lock->count, 1);
> >>  }
> >> 
> >> Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=87955
> >> Signed-off-by: Chris Wilson <chris at chris-wilson.co.uk>
> >> Cc: stable at vger.kernel.org
> >
> > Reviewed-by: Daniel Vetter <daniel.vetter at ffwll.ch>
> 
> Pushed to drm-intel-fixes, thanks for the patch and review.

For the record, I plan to post a revert of this to -next if the core fix
lands upstream (looks good so far).
-Chris

-- 
Chris Wilson, Intel Open Source Technology Centre


More information about the Intel-gfx mailing list