kernel - Fix spin_lock_shared() race
* Fix a serious bug in the shared spinlock code. There are numerous races.
The main problem is that the spin_lock_shared*() inlines set the
SPINLOCK_SHARED bit based on a non-atomic test, assuming that the previous
atomic operation guarded the test:
atomic_add_int(&spin->counta, 1);
if (spin->counta == 1)
atomic_set_int(&spin->counta, SPINLOCK_SHARED);
However, this can race an exclusive spin lock in another thread inbetween
the conditional and the atomic_set_int(). The exclusive spinlock code
would have seen contention, but then does this:
atomic_clear_int(&spin->counta, SPINLOCK_SHARED);
atomic_add_int(&spin->counta, SPINLOCK_EXCLWAIT - 1);
...
The exclusive spinlock code then assumes that the shared spinlock code
can no longer set SPINLOCK_SHARED. However, if this occurs just after
the shared spinlock code's if (spin->counta == 1) but before it atomically
sets the SHARED bit, we wind up in a situation where the exclusive spinlock
code completes its operation and leaves the SHARED bit set.
In other words, the code which believes it has sucessfully obtained an
exclusive spinlock actually winds up getting a shared spinlock. Oops!
* Fixed by guarding the shared lock conditional and atomic op and changing
the way shared lock contention is handled.
* Case was only reproducable on monster, probably due to massive shared
spinlock use in the pmap code on 48 cpu cores all fork/exec'ing /bin/sh
at the same time.
projects / dragonfly.git / commit