On 05/13, Kent Overstreet wrote:
>
> +unsigned tag_alloc(struct tag_pool *pool, bool wait)
> +{
> + struct tag_cpu_freelist *tags;
> + unsigned long flags;
> + unsigned ret;
> +retry:
> + preempt_disable();
> + local_irq_save(flags);
> + tags = this_cpu_ptr(pool->tag_cpu);
> +
> + while (!tags->nr_free) {
> + spin_lock(&pool->lock);
> +
> + if (pool->nr_free)
> + move_tags(tags->free, &tags->nr_free,
> + pool->free, &pool->nr_free,
> + min(pool->nr_free, pool->watermark));
> + else if (wait) {
> + struct tag_waiter wait = { .task = current };
> +
> + __set_current_state(TASK_UNINTERRUPTIBLE);
> + list_add(&wait.list, &pool->wait);
> +
> + spin_unlock(&pool->lock);
> + local_irq_restore(flags);
> + preempt_enable();
> +
> + schedule();
> + __set_current_state(TASK_RUNNING);
schedule() always returns in TASK_RUNNING state
> +
> + if (!list_empty_careful(&wait.list)) {
> + spin_lock_irqsave(&pool->lock, flags);
> + list_del_init(&wait.list);
> + spin_unlock_irqrestore(&pool->lock, flags);
This is only theoretical, but racy.
tag_free() does
list_del_init(wait->list);
/* WINDOW */
wake_up_process(wait->task);
in theory the caller of tag_alloc() can notice list_empty_careful(),
return without taking pool->lock, exit, and free this task_struct.
But the main problem is that it is not clear why this code reimplements
add_wait_queue/wake_up_all, for what?
I must admit, I do not understand what this code actually does ;)
I didn't try to read it carefully though, but perhaps at least the
changelog could explain more?
Oleg.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
