[POWERPC] spufs: Fix race condition on gang->aff_ref_spu

Affinity reference point location (gang->aff_ref_spu) is reset
when the whole gang is descheduled. However, the last member of
a gang can be descheduled while we are trying to schedule another
member of the gang. This was leading to a race condition, and
the code was using gang->aff_ref_spu in an unsafe manner.

By holding the gang->aff_mutex a little bit longer, and increment
gang->aff_sched_count (which controls when gang->aff_ref_spu
should be reset) a little bit earlier, the problem is fixed.

Signed-off-by: Andre Detsch <adetsch@br.ibm.com>
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
Signed-off-by: Paul Mackerras <paulus@samba.org>
This commit is contained in:
Andre Detsch 2007-09-19 14:38:12 +10:00 committed by Paul Mackerras
parent 8b0d3121a0
commit 36ddbb1380

View file

@ -230,8 +230,6 @@ static void spu_bind_context(struct spu *spu, struct spu_context *ctx)
if (ctx->flags & SPU_CREATE_NOSCHED)
atomic_inc(&cbe_spu_info[spu->node].reserved_spus);
if (!list_empty(&ctx->aff_list))
atomic_inc(&ctx->gang->aff_sched_count);
ctx->stats.slb_flt_base = spu->stats.slb_flt;
ctx->stats.class2_intr_base = spu->stats.class2_intr;
@ -392,7 +390,6 @@ static int has_affinity(struct spu_context *ctx)
if (list_empty(&ctx->aff_list))
return 0;
mutex_lock(&gang->aff_mutex);
if (!gang->aff_ref_spu) {
if (!(gang->aff_flags & AFF_MERGED))
aff_merge_remaining_ctxs(gang);
@ -400,7 +397,6 @@ static int has_affinity(struct spu_context *ctx)
aff_set_offsets(gang);
aff_set_ref_point_location(gang);
}
mutex_unlock(&gang->aff_mutex);
return gang->aff_ref_spu != NULL;
}
@ -418,9 +414,16 @@ static void spu_unbind_context(struct spu *spu, struct spu_context *ctx)
if (spu->ctx->flags & SPU_CREATE_NOSCHED)
atomic_dec(&cbe_spu_info[spu->node].reserved_spus);
if (!list_empty(&ctx->aff_list))
if (atomic_dec_and_test(&ctx->gang->aff_sched_count))
ctx->gang->aff_ref_spu = NULL;
if (ctx->gang){
mutex_lock(&ctx->gang->aff_mutex);
if (has_affinity(ctx)) {
if (atomic_dec_and_test(&ctx->gang->aff_sched_count))
ctx->gang->aff_ref_spu = NULL;
}
mutex_unlock(&ctx->gang->aff_mutex);
}
spu_switch_notify(spu, NULL);
spu_unmap_mappings(ctx);
spu_save(&ctx->csa, spu);
@ -511,20 +514,32 @@ static void spu_prio_wait(struct spu_context *ctx)
static struct spu *spu_get_idle(struct spu_context *ctx)
{
struct spu *spu;
struct spu *spu, *aff_ref_spu;
int node, n;
if (has_affinity(ctx)) {
node = ctx->gang->aff_ref_spu->node;
if (ctx->gang) {
mutex_lock(&ctx->gang->aff_mutex);
if (has_affinity(ctx)) {
aff_ref_spu = ctx->gang->aff_ref_spu;
atomic_inc(&ctx->gang->aff_sched_count);
mutex_unlock(&ctx->gang->aff_mutex);
node = aff_ref_spu->node;
mutex_lock(&cbe_spu_info[node].list_mutex);
spu = ctx_location(ctx->gang->aff_ref_spu, ctx->aff_offset, node);
if (spu && spu->alloc_state == SPU_FREE)
goto found;
mutex_unlock(&cbe_spu_info[node].list_mutex);
return NULL;
mutex_lock(&cbe_spu_info[node].list_mutex);
spu = ctx_location(aff_ref_spu, ctx->aff_offset, node);
if (spu && spu->alloc_state == SPU_FREE)
goto found;
mutex_unlock(&cbe_spu_info[node].list_mutex);
mutex_lock(&ctx->gang->aff_mutex);
if (atomic_dec_and_test(&ctx->gang->aff_sched_count))
ctx->gang->aff_ref_spu = NULL;
mutex_unlock(&ctx->gang->aff_mutex);
return NULL;
}
mutex_unlock(&ctx->gang->aff_mutex);
}
node = cpu_to_node(raw_smp_processor_id());
for (n = 0; n < MAX_NUMNODES; n++, node++) {
node = (node < MAX_NUMNODES) ? node : 0;