1 /*- 2 * Copyright (c) 2015 The FreeBSD Foundation 3 * Copyright (c) 2004, David Xu <davidxu@freebsd.org> 4 * Copyright (c) 2002, Jeffrey Roberson <jeff@freebsd.org> 5 * All rights reserved. 6 * 7 * Portions of this software were developed by Konstantin Belousov 8 * under sponsorship from the FreeBSD Foundation. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice unmodified, this list of conditions, and the following 15 * disclaimer. 16 * 2. Redistributions in binary form must reproduce the above copyright 17 * notice, this list of conditions and the following disclaimer in the 18 * documentation and/or other materials provided with the distribution. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 21 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 22 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 23 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 24 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 25 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 26 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 27 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 28 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 29 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 30 */ 31 32 #include <sys/cdefs.h> 33 __FBSDID("$FreeBSD$"); 34 35 #include "opt_compat.h" 36 #include "opt_umtx_profiling.h" 37 38 #include <sys/param.h> 39 #include <sys/kernel.h> 40 #include <sys/fcntl.h> 41 #include <sys/file.h> 42 #include <sys/filedesc.h> 43 #include <sys/limits.h> 44 #include <sys/lock.h> 45 #include <sys/malloc.h> 46 #include <sys/mman.h> 47 #include <sys/mutex.h> 48 #include <sys/priv.h> 49 #include <sys/proc.h> 50 #include <sys/resource.h> 51 #include <sys/resourcevar.h> 52 #include <sys/rwlock.h> 53 #include <sys/sbuf.h> 54 #include <sys/sched.h> 55 #include <sys/smp.h> 56 #include <sys/sysctl.h> 57 #include <sys/sysent.h> 58 #include <sys/systm.h> 59 #include <sys/sysproto.h> 60 #include <sys/syscallsubr.h> 61 #include <sys/taskqueue.h> 62 #include <sys/eventhandler.h> 63 #include <sys/umtx.h> 64 65 #include <security/mac/mac_framework.h> 66 67 #include <vm/vm.h> 68 #include <vm/vm_param.h> 69 #include <vm/pmap.h> 70 #include <vm/vm_map.h> 71 #include <vm/vm_object.h> 72 73 #include <machine/cpu.h> 74 75 #ifdef COMPAT_FREEBSD32 76 #include <compat/freebsd32/freebsd32_proto.h> 77 #endif 78 79 #define _UMUTEX_TRY 1 80 #define _UMUTEX_WAIT 2 81 82 #ifdef UMTX_PROFILING 83 #define UPROF_PERC_BIGGER(w, f, sw, sf) \ 84 (((w) > (sw)) || ((w) == (sw) && (f) > (sf))) 85 #endif 86 87 /* Priority inheritance mutex info. */ 88 struct umtx_pi { 89 /* Owner thread */ 90 struct thread *pi_owner; 91 92 /* Reference count */ 93 int pi_refcount; 94 95 /* List entry to link umtx holding by thread */ 96 TAILQ_ENTRY(umtx_pi) pi_link; 97 98 /* List entry in hash */ 99 TAILQ_ENTRY(umtx_pi) pi_hashlink; 100 101 /* List for waiters */ 102 TAILQ_HEAD(,umtx_q) pi_blocked; 103 104 /* Identify a userland lock object */ 105 struct umtx_key pi_key; 106 }; 107 108 /* A userland synchronous object user. */ 109 struct umtx_q { 110 /* Linked list for the hash. */ 111 TAILQ_ENTRY(umtx_q) uq_link; 112 113 /* Umtx key. */ 114 struct umtx_key uq_key; 115 116 /* Umtx flags. */ 117 int uq_flags; 118 #define UQF_UMTXQ 0x0001 119 120 /* The thread waits on. */ 121 struct thread *uq_thread; 122 123 /* 124 * Blocked on PI mutex. read can use chain lock 125 * or umtx_lock, write must have both chain lock and 126 * umtx_lock being hold. 127 */ 128 struct umtx_pi *uq_pi_blocked; 129 130 /* On blocked list */ 131 TAILQ_ENTRY(umtx_q) uq_lockq; 132 133 /* Thread contending with us */ 134 TAILQ_HEAD(,umtx_pi) uq_pi_contested; 135 136 /* Inherited priority from PP mutex */ 137 u_char uq_inherited_pri; 138 139 /* Spare queue ready to be reused */ 140 struct umtxq_queue *uq_spare_queue; 141 142 /* The queue we on */ 143 struct umtxq_queue *uq_cur_queue; 144 }; 145 146 TAILQ_HEAD(umtxq_head, umtx_q); 147 148 /* Per-key wait-queue */ 149 struct umtxq_queue { 150 struct umtxq_head head; 151 struct umtx_key key; 152 LIST_ENTRY(umtxq_queue) link; 153 int length; 154 }; 155 156 LIST_HEAD(umtxq_list, umtxq_queue); 157 158 /* Userland lock object's wait-queue chain */ 159 struct umtxq_chain { 160 /* Lock for this chain. */ 161 struct mtx uc_lock; 162 163 /* List of sleep queues. */ 164 struct umtxq_list uc_queue[2]; 165 #define UMTX_SHARED_QUEUE 0 166 #define UMTX_EXCLUSIVE_QUEUE 1 167 168 LIST_HEAD(, umtxq_queue) uc_spare_queue; 169 170 /* Busy flag */ 171 char uc_busy; 172 173 /* Chain lock waiters */ 174 int uc_waiters; 175 176 /* All PI in the list */ 177 TAILQ_HEAD(,umtx_pi) uc_pi_list; 178 179 #ifdef UMTX_PROFILING 180 u_int length; 181 u_int max_length; 182 #endif 183 }; 184 185 #define UMTXQ_LOCKED_ASSERT(uc) mtx_assert(&(uc)->uc_lock, MA_OWNED) 186 187 /* 188 * Don't propagate time-sharing priority, there is a security reason, 189 * a user can simply introduce PI-mutex, let thread A lock the mutex, 190 * and let another thread B block on the mutex, because B is 191 * sleeping, its priority will be boosted, this causes A's priority to 192 * be boosted via priority propagating too and will never be lowered even 193 * if it is using 100%CPU, this is unfair to other processes. 194 */ 195 196 #define UPRI(td) (((td)->td_user_pri >= PRI_MIN_TIMESHARE &&\ 197 (td)->td_user_pri <= PRI_MAX_TIMESHARE) ?\ 198 PRI_MAX_TIMESHARE : (td)->td_user_pri) 199 200 #define GOLDEN_RATIO_PRIME 2654404609U 201 #define UMTX_CHAINS 512 202 #define UMTX_SHIFTS (__WORD_BIT - 9) 203 204 #define GET_SHARE(flags) \ 205 (((flags) & USYNC_PROCESS_SHARED) == 0 ? THREAD_SHARE : PROCESS_SHARE) 206 207 #define BUSY_SPINS 200 208 209 struct abs_timeout { 210 int clockid; 211 struct timespec cur; 212 struct timespec end; 213 }; 214 215 static uma_zone_t umtx_pi_zone; 216 static struct umtxq_chain umtxq_chains[2][UMTX_CHAINS]; 217 static MALLOC_DEFINE(M_UMTX, "umtx", "UMTX queue memory"); 218 static int umtx_pi_allocated; 219 220 static SYSCTL_NODE(_debug, OID_AUTO, umtx, CTLFLAG_RW, 0, "umtx debug"); 221 SYSCTL_INT(_debug_umtx, OID_AUTO, umtx_pi_allocated, CTLFLAG_RD, 222 &umtx_pi_allocated, 0, "Allocated umtx_pi"); 223 224 #ifdef UMTX_PROFILING 225 static long max_length; 226 SYSCTL_LONG(_debug_umtx, OID_AUTO, max_length, CTLFLAG_RD, &max_length, 0, "max_length"); 227 static SYSCTL_NODE(_debug_umtx, OID_AUTO, chains, CTLFLAG_RD, 0, "umtx chain stats"); 228 #endif 229 230 static void umtx_shm_init(void); 231 static void umtxq_sysinit(void *); 232 static void umtxq_hash(struct umtx_key *key); 233 static struct umtxq_chain *umtxq_getchain(struct umtx_key *key); 234 static void umtxq_lock(struct umtx_key *key); 235 static void umtxq_unlock(struct umtx_key *key); 236 static void umtxq_busy(struct umtx_key *key); 237 static void umtxq_unbusy(struct umtx_key *key); 238 static void umtxq_insert_queue(struct umtx_q *uq, int q); 239 static void umtxq_remove_queue(struct umtx_q *uq, int q); 240 static int umtxq_sleep(struct umtx_q *uq, const char *wmesg, struct abs_timeout *); 241 static int umtxq_count(struct umtx_key *key); 242 static struct umtx_pi *umtx_pi_alloc(int); 243 static void umtx_pi_free(struct umtx_pi *pi); 244 static int do_unlock_pp(struct thread *td, struct umutex *m, uint32_t flags); 245 static void umtx_thread_cleanup(struct thread *td); 246 static void umtx_exec_hook(void *arg __unused, struct proc *p __unused, 247 struct image_params *imgp __unused); 248 SYSINIT(umtx, SI_SUB_EVENTHANDLER+1, SI_ORDER_MIDDLE, umtxq_sysinit, NULL); 249 250 #define umtxq_signal(key, nwake) umtxq_signal_queue((key), (nwake), UMTX_SHARED_QUEUE) 251 #define umtxq_insert(uq) umtxq_insert_queue((uq), UMTX_SHARED_QUEUE) 252 #define umtxq_remove(uq) umtxq_remove_queue((uq), UMTX_SHARED_QUEUE) 253 254 static struct mtx umtx_lock; 255 256 #ifdef UMTX_PROFILING 257 static void 258 umtx_init_profiling(void) 259 { 260 struct sysctl_oid *chain_oid; 261 char chain_name[10]; 262 int i; 263 264 for (i = 0; i < UMTX_CHAINS; ++i) { 265 snprintf(chain_name, sizeof(chain_name), "%d", i); 266 chain_oid = SYSCTL_ADD_NODE(NULL, 267 SYSCTL_STATIC_CHILDREN(_debug_umtx_chains), OID_AUTO, 268 chain_name, CTLFLAG_RD, NULL, "umtx hash stats"); 269 SYSCTL_ADD_INT(NULL, SYSCTL_CHILDREN(chain_oid), OID_AUTO, 270 "max_length0", CTLFLAG_RD, &umtxq_chains[0][i].max_length, 0, NULL); 271 SYSCTL_ADD_INT(NULL, SYSCTL_CHILDREN(chain_oid), OID_AUTO, 272 "max_length1", CTLFLAG_RD, &umtxq_chains[1][i].max_length, 0, NULL); 273 } 274 } 275 276 static int 277 sysctl_debug_umtx_chains_peaks(SYSCTL_HANDLER_ARGS) 278 { 279 char buf[512]; 280 struct sbuf sb; 281 struct umtxq_chain *uc; 282 u_int fract, i, j, tot, whole; 283 u_int sf0, sf1, sf2, sf3, sf4; 284 u_int si0, si1, si2, si3, si4; 285 u_int sw0, sw1, sw2, sw3, sw4; 286 287 sbuf_new(&sb, buf, sizeof(buf), SBUF_FIXEDLEN); 288 for (i = 0; i < 2; i++) { 289 tot = 0; 290 for (j = 0; j < UMTX_CHAINS; ++j) { 291 uc = &umtxq_chains[i][j]; 292 mtx_lock(&uc->uc_lock); 293 tot += uc->max_length; 294 mtx_unlock(&uc->uc_lock); 295 } 296 if (tot == 0) 297 sbuf_printf(&sb, "%u) Empty ", i); 298 else { 299 sf0 = sf1 = sf2 = sf3 = sf4 = 0; 300 si0 = si1 = si2 = si3 = si4 = 0; 301 sw0 = sw1 = sw2 = sw3 = sw4 = 0; 302 for (j = 0; j < UMTX_CHAINS; j++) { 303 uc = &umtxq_chains[i][j]; 304 mtx_lock(&uc->uc_lock); 305 whole = uc->max_length * 100; 306 mtx_unlock(&uc->uc_lock); 307 fract = (whole % tot) * 100; 308 if (UPROF_PERC_BIGGER(whole, fract, sw0, sf0)) { 309 sf0 = fract; 310 si0 = j; 311 sw0 = whole; 312 } else if (UPROF_PERC_BIGGER(whole, fract, sw1, 313 sf1)) { 314 sf1 = fract; 315 si1 = j; 316 sw1 = whole; 317 } else if (UPROF_PERC_BIGGER(whole, fract, sw2, 318 sf2)) { 319 sf2 = fract; 320 si2 = j; 321 sw2 = whole; 322 } else if (UPROF_PERC_BIGGER(whole, fract, sw3, 323 sf3)) { 324 sf3 = fract; 325 si3 = j; 326 sw3 = whole; 327 } else if (UPROF_PERC_BIGGER(whole, fract, sw4, 328 sf4)) { 329 sf4 = fract; 330 si4 = j; 331 sw4 = whole; 332 } 333 } 334 sbuf_printf(&sb, "queue %u:\n", i); 335 sbuf_printf(&sb, "1st: %u.%u%% idx: %u\n", sw0 / tot, 336 sf0 / tot, si0); 337 sbuf_printf(&sb, "2nd: %u.%u%% idx: %u\n", sw1 / tot, 338 sf1 / tot, si1); 339 sbuf_printf(&sb, "3rd: %u.%u%% idx: %u\n", sw2 / tot, 340 sf2 / tot, si2); 341 sbuf_printf(&sb, "4th: %u.%u%% idx: %u\n", sw3 / tot, 342 sf3 / tot, si3); 343 sbuf_printf(&sb, "5th: %u.%u%% idx: %u\n", sw4 / tot, 344 sf4 / tot, si4); 345 } 346 } 347 sbuf_trim(&sb); 348 sbuf_finish(&sb); 349 sysctl_handle_string(oidp, sbuf_data(&sb), sbuf_len(&sb), req); 350 sbuf_delete(&sb); 351 return (0); 352 } 353 354 static int 355 sysctl_debug_umtx_chains_clear(SYSCTL_HANDLER_ARGS) 356 { 357 struct umtxq_chain *uc; 358 u_int i, j; 359 int clear, error; 360 361 clear = 0; 362 error = sysctl_handle_int(oidp, &clear, 0, req); 363 if (error != 0 || req->newptr == NULL) 364 return (error); 365 366 if (clear != 0) { 367 for (i = 0; i < 2; ++i) { 368 for (j = 0; j < UMTX_CHAINS; ++j) { 369 uc = &umtxq_chains[i][j]; 370 mtx_lock(&uc->uc_lock); 371 uc->length = 0; 372 uc->max_length = 0; 373 mtx_unlock(&uc->uc_lock); 374 } 375 } 376 } 377 return (0); 378 } 379 380 SYSCTL_PROC(_debug_umtx_chains, OID_AUTO, clear, 381 CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE, 0, 0, 382 sysctl_debug_umtx_chains_clear, "I", "Clear umtx chains statistics"); 383 SYSCTL_PROC(_debug_umtx_chains, OID_AUTO, peaks, 384 CTLTYPE_STRING | CTLFLAG_RD | CTLFLAG_MPSAFE, 0, 0, 385 sysctl_debug_umtx_chains_peaks, "A", "Highest peaks in chains max length"); 386 #endif 387 388 static void 389 umtxq_sysinit(void *arg __unused) 390 { 391 int i, j; 392 393 umtx_pi_zone = uma_zcreate("umtx pi", sizeof(struct umtx_pi), 394 NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, 0); 395 for (i = 0; i < 2; ++i) { 396 for (j = 0; j < UMTX_CHAINS; ++j) { 397 mtx_init(&umtxq_chains[i][j].uc_lock, "umtxql", NULL, 398 MTX_DEF | MTX_DUPOK); 399 LIST_INIT(&umtxq_chains[i][j].uc_queue[0]); 400 LIST_INIT(&umtxq_chains[i][j].uc_queue[1]); 401 LIST_INIT(&umtxq_chains[i][j].uc_spare_queue); 402 TAILQ_INIT(&umtxq_chains[i][j].uc_pi_list); 403 umtxq_chains[i][j].uc_busy = 0; 404 umtxq_chains[i][j].uc_waiters = 0; 405 #ifdef UMTX_PROFILING 406 umtxq_chains[i][j].length = 0; 407 umtxq_chains[i][j].max_length = 0; 408 #endif 409 } 410 } 411 #ifdef UMTX_PROFILING 412 umtx_init_profiling(); 413 #endif 414 mtx_init(&umtx_lock, "umtx lock", NULL, MTX_DEF); 415 EVENTHANDLER_REGISTER(process_exec, umtx_exec_hook, NULL, 416 EVENTHANDLER_PRI_ANY); 417 umtx_shm_init(); 418 } 419 420 struct umtx_q * 421 umtxq_alloc(void) 422 { 423 struct umtx_q *uq; 424 425 uq = malloc(sizeof(struct umtx_q), M_UMTX, M_WAITOK | M_ZERO); 426 uq->uq_spare_queue = malloc(sizeof(struct umtxq_queue), M_UMTX, M_WAITOK | M_ZERO); 427 TAILQ_INIT(&uq->uq_spare_queue->head); 428 TAILQ_INIT(&uq->uq_pi_contested); 429 uq->uq_inherited_pri = PRI_MAX; 430 return (uq); 431 } 432 433 void 434 umtxq_free(struct umtx_q *uq) 435 { 436 MPASS(uq->uq_spare_queue != NULL); 437 free(uq->uq_spare_queue, M_UMTX); 438 free(uq, M_UMTX); 439 } 440 441 static inline void 442 umtxq_hash(struct umtx_key *key) 443 { 444 unsigned n = (uintptr_t)key->info.both.a + key->info.both.b; 445 key->hash = ((n * GOLDEN_RATIO_PRIME) >> UMTX_SHIFTS) % UMTX_CHAINS; 446 } 447 448 static inline struct umtxq_chain * 449 umtxq_getchain(struct umtx_key *key) 450 { 451 if (key->type <= TYPE_SEM) 452 return (&umtxq_chains[1][key->hash]); 453 return (&umtxq_chains[0][key->hash]); 454 } 455 456 /* 457 * Lock a chain. 458 */ 459 static inline void 460 umtxq_lock(struct umtx_key *key) 461 { 462 struct umtxq_chain *uc; 463 464 uc = umtxq_getchain(key); 465 mtx_lock(&uc->uc_lock); 466 } 467 468 /* 469 * Unlock a chain. 470 */ 471 static inline void 472 umtxq_unlock(struct umtx_key *key) 473 { 474 struct umtxq_chain *uc; 475 476 uc = umtxq_getchain(key); 477 mtx_unlock(&uc->uc_lock); 478 } 479 480 /* 481 * Set chain to busy state when following operation 482 * may be blocked (kernel mutex can not be used). 483 */ 484 static inline void 485 umtxq_busy(struct umtx_key *key) 486 { 487 struct umtxq_chain *uc; 488 489 uc = umtxq_getchain(key); 490 mtx_assert(&uc->uc_lock, MA_OWNED); 491 if (uc->uc_busy) { 492 #ifdef SMP 493 if (smp_cpus > 1) { 494 int count = BUSY_SPINS; 495 if (count > 0) { 496 umtxq_unlock(key); 497 while (uc->uc_busy && --count > 0) 498 cpu_spinwait(); 499 umtxq_lock(key); 500 } 501 } 502 #endif 503 while (uc->uc_busy) { 504 uc->uc_waiters++; 505 msleep(uc, &uc->uc_lock, 0, "umtxqb", 0); 506 uc->uc_waiters--; 507 } 508 } 509 uc->uc_busy = 1; 510 } 511 512 /* 513 * Unbusy a chain. 514 */ 515 static inline void 516 umtxq_unbusy(struct umtx_key *key) 517 { 518 struct umtxq_chain *uc; 519 520 uc = umtxq_getchain(key); 521 mtx_assert(&uc->uc_lock, MA_OWNED); 522 KASSERT(uc->uc_busy != 0, ("not busy")); 523 uc->uc_busy = 0; 524 if (uc->uc_waiters) 525 wakeup_one(uc); 526 } 527 528 static inline void 529 umtxq_unbusy_unlocked(struct umtx_key *key) 530 { 531 532 umtxq_lock(key); 533 umtxq_unbusy(key); 534 umtxq_unlock(key); 535 } 536 537 static struct umtxq_queue * 538 umtxq_queue_lookup(struct umtx_key *key, int q) 539 { 540 struct umtxq_queue *uh; 541 struct umtxq_chain *uc; 542 543 uc = umtxq_getchain(key); 544 UMTXQ_LOCKED_ASSERT(uc); 545 LIST_FOREACH(uh, &uc->uc_queue[q], link) { 546 if (umtx_key_match(&uh->key, key)) 547 return (uh); 548 } 549 550 return (NULL); 551 } 552 553 static inline void 554 umtxq_insert_queue(struct umtx_q *uq, int q) 555 { 556 struct umtxq_queue *uh; 557 struct umtxq_chain *uc; 558 559 uc = umtxq_getchain(&uq->uq_key); 560 UMTXQ_LOCKED_ASSERT(uc); 561 KASSERT((uq->uq_flags & UQF_UMTXQ) == 0, ("umtx_q is already on queue")); 562 uh = umtxq_queue_lookup(&uq->uq_key, q); 563 if (uh != NULL) { 564 LIST_INSERT_HEAD(&uc->uc_spare_queue, uq->uq_spare_queue, link); 565 } else { 566 uh = uq->uq_spare_queue; 567 uh->key = uq->uq_key; 568 LIST_INSERT_HEAD(&uc->uc_queue[q], uh, link); 569 #ifdef UMTX_PROFILING 570 uc->length++; 571 if (uc->length > uc->max_length) { 572 uc->max_length = uc->length; 573 if (uc->max_length > max_length) 574 max_length = uc->max_length; 575 } 576 #endif 577 } 578 uq->uq_spare_queue = NULL; 579 580 TAILQ_INSERT_TAIL(&uh->head, uq, uq_link); 581 uh->length++; 582 uq->uq_flags |= UQF_UMTXQ; 583 uq->uq_cur_queue = uh; 584 return; 585 } 586 587 static inline void 588 umtxq_remove_queue(struct umtx_q *uq, int q) 589 { 590 struct umtxq_chain *uc; 591 struct umtxq_queue *uh; 592 593 uc = umtxq_getchain(&uq->uq_key); 594 UMTXQ_LOCKED_ASSERT(uc); 595 if (uq->uq_flags & UQF_UMTXQ) { 596 uh = uq->uq_cur_queue; 597 TAILQ_REMOVE(&uh->head, uq, uq_link); 598 uh->length--; 599 uq->uq_flags &= ~UQF_UMTXQ; 600 if (TAILQ_EMPTY(&uh->head)) { 601 KASSERT(uh->length == 0, 602 ("inconsistent umtxq_queue length")); 603 #ifdef UMTX_PROFILING 604 uc->length--; 605 #endif 606 LIST_REMOVE(uh, link); 607 } else { 608 uh = LIST_FIRST(&uc->uc_spare_queue); 609 KASSERT(uh != NULL, ("uc_spare_queue is empty")); 610 LIST_REMOVE(uh, link); 611 } 612 uq->uq_spare_queue = uh; 613 uq->uq_cur_queue = NULL; 614 } 615 } 616 617 /* 618 * Check if there are multiple waiters 619 */ 620 static int 621 umtxq_count(struct umtx_key *key) 622 { 623 struct umtxq_chain *uc; 624 struct umtxq_queue *uh; 625 626 uc = umtxq_getchain(key); 627 UMTXQ_LOCKED_ASSERT(uc); 628 uh = umtxq_queue_lookup(key, UMTX_SHARED_QUEUE); 629 if (uh != NULL) 630 return (uh->length); 631 return (0); 632 } 633 634 /* 635 * Check if there are multiple PI waiters and returns first 636 * waiter. 637 */ 638 static int 639 umtxq_count_pi(struct umtx_key *key, struct umtx_q **first) 640 { 641 struct umtxq_chain *uc; 642 struct umtxq_queue *uh; 643 644 *first = NULL; 645 uc = umtxq_getchain(key); 646 UMTXQ_LOCKED_ASSERT(uc); 647 uh = umtxq_queue_lookup(key, UMTX_SHARED_QUEUE); 648 if (uh != NULL) { 649 *first = TAILQ_FIRST(&uh->head); 650 return (uh->length); 651 } 652 return (0); 653 } 654 655 static int 656 umtxq_check_susp(struct thread *td) 657 { 658 struct proc *p; 659 int error; 660 661 /* 662 * The check for TDF_NEEDSUSPCHK is racy, but it is enough to 663 * eventually break the lockstep loop. 664 */ 665 if ((td->td_flags & TDF_NEEDSUSPCHK) == 0) 666 return (0); 667 error = 0; 668 p = td->td_proc; 669 PROC_LOCK(p); 670 if (P_SHOULDSTOP(p) || 671 ((p->p_flag & P_TRACED) && (td->td_dbgflags & TDB_SUSPEND))) { 672 if (p->p_flag & P_SINGLE_EXIT) 673 error = EINTR; 674 else 675 error = ERESTART; 676 } 677 PROC_UNLOCK(p); 678 return (error); 679 } 680 681 /* 682 * Wake up threads waiting on an userland object. 683 */ 684 685 static int 686 umtxq_signal_queue(struct umtx_key *key, int n_wake, int q) 687 { 688 struct umtxq_chain *uc; 689 struct umtxq_queue *uh; 690 struct umtx_q *uq; 691 int ret; 692 693 ret = 0; 694 uc = umtxq_getchain(key); 695 UMTXQ_LOCKED_ASSERT(uc); 696 uh = umtxq_queue_lookup(key, q); 697 if (uh != NULL) { 698 while ((uq = TAILQ_FIRST(&uh->head)) != NULL) { 699 umtxq_remove_queue(uq, q); 700 wakeup(uq); 701 if (++ret >= n_wake) 702 return (ret); 703 } 704 } 705 return (ret); 706 } 707 708 709 /* 710 * Wake up specified thread. 711 */ 712 static inline void 713 umtxq_signal_thread(struct umtx_q *uq) 714 { 715 struct umtxq_chain *uc; 716 717 uc = umtxq_getchain(&uq->uq_key); 718 UMTXQ_LOCKED_ASSERT(uc); 719 umtxq_remove(uq); 720 wakeup(uq); 721 } 722 723 static inline int 724 tstohz(const struct timespec *tsp) 725 { 726 struct timeval tv; 727 728 TIMESPEC_TO_TIMEVAL(&tv, tsp); 729 return tvtohz(&tv); 730 } 731 732 static void 733 abs_timeout_init(struct abs_timeout *timo, int clockid, int absolute, 734 const struct timespec *timeout) 735 { 736 737 timo->clockid = clockid; 738 if (!absolute) { 739 kern_clock_gettime(curthread, clockid, &timo->end); 740 timo->cur = timo->end; 741 timespecadd(&timo->end, timeout); 742 } else { 743 timo->end = *timeout; 744 kern_clock_gettime(curthread, clockid, &timo->cur); 745 } 746 } 747 748 static void 749 abs_timeout_init2(struct abs_timeout *timo, const struct _umtx_time *umtxtime) 750 { 751 752 abs_timeout_init(timo, umtxtime->_clockid, 753 (umtxtime->_flags & UMTX_ABSTIME) != 0, 754 &umtxtime->_timeout); 755 } 756 757 static inline void 758 abs_timeout_update(struct abs_timeout *timo) 759 { 760 kern_clock_gettime(curthread, timo->clockid, &timo->cur); 761 } 762 763 static int 764 abs_timeout_gethz(struct abs_timeout *timo) 765 { 766 struct timespec tts; 767 768 if (timespeccmp(&timo->end, &timo->cur, <=)) 769 return (-1); 770 tts = timo->end; 771 timespecsub(&tts, &timo->cur); 772 return (tstohz(&tts)); 773 } 774 775 /* 776 * Put thread into sleep state, before sleeping, check if 777 * thread was removed from umtx queue. 778 */ 779 static inline int 780 umtxq_sleep(struct umtx_q *uq, const char *wmesg, struct abs_timeout *abstime) 781 { 782 struct umtxq_chain *uc; 783 int error, timo; 784 785 uc = umtxq_getchain(&uq->uq_key); 786 UMTXQ_LOCKED_ASSERT(uc); 787 for (;;) { 788 if (!(uq->uq_flags & UQF_UMTXQ)) 789 return (0); 790 if (abstime != NULL) { 791 timo = abs_timeout_gethz(abstime); 792 if (timo < 0) 793 return (ETIMEDOUT); 794 } else 795 timo = 0; 796 error = msleep(uq, &uc->uc_lock, PCATCH | PDROP, wmesg, timo); 797 if (error != EWOULDBLOCK) { 798 umtxq_lock(&uq->uq_key); 799 break; 800 } 801 if (abstime != NULL) 802 abs_timeout_update(abstime); 803 umtxq_lock(&uq->uq_key); 804 } 805 return (error); 806 } 807 808 /* 809 * Convert userspace address into unique logical address. 810 */ 811 int 812 umtx_key_get(const void *addr, int type, int share, struct umtx_key *key) 813 { 814 struct thread *td = curthread; 815 vm_map_t map; 816 vm_map_entry_t entry; 817 vm_pindex_t pindex; 818 vm_prot_t prot; 819 boolean_t wired; 820 821 key->type = type; 822 if (share == THREAD_SHARE) { 823 key->shared = 0; 824 key->info.private.vs = td->td_proc->p_vmspace; 825 key->info.private.addr = (uintptr_t)addr; 826 } else { 827 MPASS(share == PROCESS_SHARE || share == AUTO_SHARE); 828 map = &td->td_proc->p_vmspace->vm_map; 829 if (vm_map_lookup(&map, (vm_offset_t)addr, VM_PROT_WRITE, 830 &entry, &key->info.shared.object, &pindex, &prot, 831 &wired) != KERN_SUCCESS) { 832 return (EFAULT); 833 } 834 835 if ((share == PROCESS_SHARE) || 836 (share == AUTO_SHARE && 837 VM_INHERIT_SHARE == entry->inheritance)) { 838 key->shared = 1; 839 key->info.shared.offset = (vm_offset_t)addr - 840 entry->start + entry->offset; 841 vm_object_reference(key->info.shared.object); 842 } else { 843 key->shared = 0; 844 key->info.private.vs = td->td_proc->p_vmspace; 845 key->info.private.addr = (uintptr_t)addr; 846 } 847 vm_map_lookup_done(map, entry); 848 } 849 850 umtxq_hash(key); 851 return (0); 852 } 853 854 /* 855 * Release key. 856 */ 857 void 858 umtx_key_release(struct umtx_key *key) 859 { 860 if (key->shared) 861 vm_object_deallocate(key->info.shared.object); 862 } 863 864 /* 865 * Fetch and compare value, sleep on the address if value is not changed. 866 */ 867 static int 868 do_wait(struct thread *td, void *addr, u_long id, 869 struct _umtx_time *timeout, int compat32, int is_private) 870 { 871 struct abs_timeout timo; 872 struct umtx_q *uq; 873 u_long tmp; 874 uint32_t tmp32; 875 int error = 0; 876 877 uq = td->td_umtxq; 878 if ((error = umtx_key_get(addr, TYPE_SIMPLE_WAIT, 879 is_private ? THREAD_SHARE : AUTO_SHARE, &uq->uq_key)) != 0) 880 return (error); 881 882 if (timeout != NULL) 883 abs_timeout_init2(&timo, timeout); 884 885 umtxq_lock(&uq->uq_key); 886 umtxq_insert(uq); 887 umtxq_unlock(&uq->uq_key); 888 if (compat32 == 0) { 889 error = fueword(addr, &tmp); 890 if (error != 0) 891 error = EFAULT; 892 } else { 893 error = fueword32(addr, &tmp32); 894 if (error == 0) 895 tmp = tmp32; 896 else 897 error = EFAULT; 898 } 899 umtxq_lock(&uq->uq_key); 900 if (error == 0) { 901 if (tmp == id) 902 error = umtxq_sleep(uq, "uwait", timeout == NULL ? 903 NULL : &timo); 904 if ((uq->uq_flags & UQF_UMTXQ) == 0) 905 error = 0; 906 else 907 umtxq_remove(uq); 908 } else if ((uq->uq_flags & UQF_UMTXQ) != 0) { 909 umtxq_remove(uq); 910 } 911 umtxq_unlock(&uq->uq_key); 912 umtx_key_release(&uq->uq_key); 913 if (error == ERESTART) 914 error = EINTR; 915 return (error); 916 } 917 918 /* 919 * Wake up threads sleeping on the specified address. 920 */ 921 int 922 kern_umtx_wake(struct thread *td, void *uaddr, int n_wake, int is_private) 923 { 924 struct umtx_key key; 925 int ret; 926 927 if ((ret = umtx_key_get(uaddr, TYPE_SIMPLE_WAIT, 928 is_private ? THREAD_SHARE : AUTO_SHARE, &key)) != 0) 929 return (ret); 930 umtxq_lock(&key); 931 umtxq_signal(&key, n_wake); 932 umtxq_unlock(&key); 933 umtx_key_release(&key); 934 return (0); 935 } 936 937 /* 938 * Lock PTHREAD_PRIO_NONE protocol POSIX mutex. 939 */ 940 static int 941 do_lock_normal(struct thread *td, struct umutex *m, uint32_t flags, 942 struct _umtx_time *timeout, int mode) 943 { 944 struct abs_timeout timo; 945 struct umtx_q *uq; 946 uint32_t owner, old, id; 947 int error, rv; 948 949 id = td->td_tid; 950 uq = td->td_umtxq; 951 error = 0; 952 if (timeout != NULL) 953 abs_timeout_init2(&timo, timeout); 954 955 /* 956 * Care must be exercised when dealing with umtx structure. It 957 * can fault on any access. 958 */ 959 for (;;) { 960 rv = fueword32(&m->m_owner, &owner); 961 if (rv == -1) 962 return (EFAULT); 963 if (mode == _UMUTEX_WAIT) { 964 if (owner == UMUTEX_UNOWNED || owner == UMUTEX_CONTESTED) 965 return (0); 966 } else { 967 /* 968 * Try the uncontested case. This should be done in userland. 969 */ 970 rv = casueword32(&m->m_owner, UMUTEX_UNOWNED, 971 &owner, id); 972 /* The address was invalid. */ 973 if (rv == -1) 974 return (EFAULT); 975 976 /* The acquire succeeded. */ 977 if (owner == UMUTEX_UNOWNED) 978 return (0); 979 980 /* If no one owns it but it is contested try to acquire it. */ 981 if (owner == UMUTEX_CONTESTED) { 982 rv = casueword32(&m->m_owner, 983 UMUTEX_CONTESTED, &owner, 984 id | UMUTEX_CONTESTED); 985 /* The address was invalid. */ 986 if (rv == -1) 987 return (EFAULT); 988 989 if (owner == UMUTEX_CONTESTED) 990 return (0); 991 992 rv = umtxq_check_susp(td); 993 if (rv != 0) 994 return (rv); 995 996 /* If this failed the lock has changed, restart. */ 997 continue; 998 } 999 } 1000 1001 if (mode == _UMUTEX_TRY) 1002 return (EBUSY); 1003 1004 /* 1005 * If we caught a signal, we have retried and now 1006 * exit immediately. 1007 */ 1008 if (error != 0) 1009 return (error); 1010 1011 if ((error = umtx_key_get(m, TYPE_NORMAL_UMUTEX, 1012 GET_SHARE(flags), &uq->uq_key)) != 0) 1013 return (error); 1014 1015 umtxq_lock(&uq->uq_key); 1016 umtxq_busy(&uq->uq_key); 1017 umtxq_insert(uq); 1018 umtxq_unlock(&uq->uq_key); 1019 1020 /* 1021 * Set the contested bit so that a release in user space 1022 * knows to use the system call for unlock. If this fails 1023 * either some one else has acquired the lock or it has been 1024 * released. 1025 */ 1026 rv = casueword32(&m->m_owner, owner, &old, 1027 owner | UMUTEX_CONTESTED); 1028 1029 /* The address was invalid. */ 1030 if (rv == -1) { 1031 umtxq_lock(&uq->uq_key); 1032 umtxq_remove(uq); 1033 umtxq_unbusy(&uq->uq_key); 1034 umtxq_unlock(&uq->uq_key); 1035 umtx_key_release(&uq->uq_key); 1036 return (EFAULT); 1037 } 1038 1039 /* 1040 * We set the contested bit, sleep. Otherwise the lock changed 1041 * and we need to retry or we lost a race to the thread 1042 * unlocking the umtx. 1043 */ 1044 umtxq_lock(&uq->uq_key); 1045 umtxq_unbusy(&uq->uq_key); 1046 if (old == owner) 1047 error = umtxq_sleep(uq, "umtxn", timeout == NULL ? 1048 NULL : &timo); 1049 umtxq_remove(uq); 1050 umtxq_unlock(&uq->uq_key); 1051 umtx_key_release(&uq->uq_key); 1052 1053 if (error == 0) 1054 error = umtxq_check_susp(td); 1055 } 1056 1057 return (0); 1058 } 1059 1060 /* 1061 * Unlock PTHREAD_PRIO_NONE protocol POSIX mutex. 1062 */ 1063 static int 1064 do_unlock_normal(struct thread *td, struct umutex *m, uint32_t flags) 1065 { 1066 struct umtx_key key; 1067 uint32_t owner, old, id; 1068 int error; 1069 int count; 1070 1071 id = td->td_tid; 1072 /* 1073 * Make sure we own this mtx. 1074 */ 1075 error = fueword32(&m->m_owner, &owner); 1076 if (error == -1) 1077 return (EFAULT); 1078 1079 if ((owner & ~UMUTEX_CONTESTED) != id) 1080 return (EPERM); 1081 1082 if ((owner & UMUTEX_CONTESTED) == 0) { 1083 error = casueword32(&m->m_owner, owner, &old, UMUTEX_UNOWNED); 1084 if (error == -1) 1085 return (EFAULT); 1086 if (old == owner) 1087 return (0); 1088 owner = old; 1089 } 1090 1091 /* We should only ever be in here for contested locks */ 1092 if ((error = umtx_key_get(m, TYPE_NORMAL_UMUTEX, GET_SHARE(flags), 1093 &key)) != 0) 1094 return (error); 1095 1096 umtxq_lock(&key); 1097 umtxq_busy(&key); 1098 count = umtxq_count(&key); 1099 umtxq_unlock(&key); 1100 1101 /* 1102 * When unlocking the umtx, it must be marked as unowned if 1103 * there is zero or one thread only waiting for it. 1104 * Otherwise, it must be marked as contested. 1105 */ 1106 error = casueword32(&m->m_owner, owner, &old, 1107 count <= 1 ? UMUTEX_UNOWNED : UMUTEX_CONTESTED); 1108 umtxq_lock(&key); 1109 umtxq_signal(&key,1); 1110 umtxq_unbusy(&key); 1111 umtxq_unlock(&key); 1112 umtx_key_release(&key); 1113 if (error == -1) 1114 return (EFAULT); 1115 if (old != owner) 1116 return (EINVAL); 1117 return (0); 1118 } 1119 1120 /* 1121 * Check if the mutex is available and wake up a waiter, 1122 * only for simple mutex. 1123 */ 1124 static int 1125 do_wake_umutex(struct thread *td, struct umutex *m) 1126 { 1127 struct umtx_key key; 1128 uint32_t owner; 1129 uint32_t flags; 1130 int error; 1131 int count; 1132 1133 error = fueword32(&m->m_owner, &owner); 1134 if (error == -1) 1135 return (EFAULT); 1136 1137 if ((owner & ~UMUTEX_CONTESTED) != 0) 1138 return (0); 1139 1140 error = fueword32(&m->m_flags, &flags); 1141 if (error == -1) 1142 return (EFAULT); 1143 1144 /* We should only ever be in here for contested locks */ 1145 if ((error = umtx_key_get(m, TYPE_NORMAL_UMUTEX, GET_SHARE(flags), 1146 &key)) != 0) 1147 return (error); 1148 1149 umtxq_lock(&key); 1150 umtxq_busy(&key); 1151 count = umtxq_count(&key); 1152 umtxq_unlock(&key); 1153 1154 if (count <= 1) { 1155 error = casueword32(&m->m_owner, UMUTEX_CONTESTED, &owner, 1156 UMUTEX_UNOWNED); 1157 if (error == -1) 1158 error = EFAULT; 1159 } 1160 1161 umtxq_lock(&key); 1162 if (error == 0 && count != 0 && (owner & ~UMUTEX_CONTESTED) == 0) 1163 umtxq_signal(&key, 1); 1164 umtxq_unbusy(&key); 1165 umtxq_unlock(&key); 1166 umtx_key_release(&key); 1167 return (error); 1168 } 1169 1170 /* 1171 * Check if the mutex has waiters and tries to fix contention bit. 1172 */ 1173 static int 1174 do_wake2_umutex(struct thread *td, struct umutex *m, uint32_t flags) 1175 { 1176 struct umtx_key key; 1177 uint32_t owner, old; 1178 int type; 1179 int error; 1180 int count; 1181 1182 switch (flags & (UMUTEX_PRIO_INHERIT | UMUTEX_PRIO_PROTECT)) { 1183 case 0: 1184 type = TYPE_NORMAL_UMUTEX; 1185 break; 1186 case UMUTEX_PRIO_INHERIT: 1187 type = TYPE_PI_UMUTEX; 1188 break; 1189 case UMUTEX_PRIO_PROTECT: 1190 type = TYPE_PP_UMUTEX; 1191 break; 1192 default: 1193 return (EINVAL); 1194 } 1195 if ((error = umtx_key_get(m, type, GET_SHARE(flags), 1196 &key)) != 0) 1197 return (error); 1198 1199 owner = 0; 1200 umtxq_lock(&key); 1201 umtxq_busy(&key); 1202 count = umtxq_count(&key); 1203 umtxq_unlock(&key); 1204 /* 1205 * Only repair contention bit if there is a waiter, this means the mutex 1206 * is still being referenced by userland code, otherwise don't update 1207 * any memory. 1208 */ 1209 if (count > 1) { 1210 error = fueword32(&m->m_owner, &owner); 1211 if (error == -1) 1212 error = EFAULT; 1213 while (error == 0 && (owner & UMUTEX_CONTESTED) == 0) { 1214 error = casueword32(&m->m_owner, owner, &old, 1215 owner | UMUTEX_CONTESTED); 1216 if (error == -1) { 1217 error = EFAULT; 1218 break; 1219 } 1220 if (old == owner) 1221 break; 1222 owner = old; 1223 error = umtxq_check_susp(td); 1224 if (error != 0) 1225 break; 1226 } 1227 } else if (count == 1) { 1228 error = fueword32(&m->m_owner, &owner); 1229 if (error == -1) 1230 error = EFAULT; 1231 while (error == 0 && (owner & ~UMUTEX_CONTESTED) != 0 && 1232 (owner & UMUTEX_CONTESTED) == 0) { 1233 error = casueword32(&m->m_owner, owner, &old, 1234 owner | UMUTEX_CONTESTED); 1235 if (error == -1) { 1236 error = EFAULT; 1237 break; 1238 } 1239 if (old == owner) 1240 break; 1241 owner = old; 1242 error = umtxq_check_susp(td); 1243 if (error != 0) 1244 break; 1245 } 1246 } 1247 umtxq_lock(&key); 1248 if (error == EFAULT) { 1249 umtxq_signal(&key, INT_MAX); 1250 } else if (count != 0 && (owner & ~UMUTEX_CONTESTED) == 0) 1251 umtxq_signal(&key, 1); 1252 umtxq_unbusy(&key); 1253 umtxq_unlock(&key); 1254 umtx_key_release(&key); 1255 return (error); 1256 } 1257 1258 static inline struct umtx_pi * 1259 umtx_pi_alloc(int flags) 1260 { 1261 struct umtx_pi *pi; 1262 1263 pi = uma_zalloc(umtx_pi_zone, M_ZERO | flags); 1264 TAILQ_INIT(&pi->pi_blocked); 1265 atomic_add_int(&umtx_pi_allocated, 1); 1266 return (pi); 1267 } 1268 1269 static inline void 1270 umtx_pi_free(struct umtx_pi *pi) 1271 { 1272 uma_zfree(umtx_pi_zone, pi); 1273 atomic_add_int(&umtx_pi_allocated, -1); 1274 } 1275 1276 /* 1277 * Adjust the thread's position on a pi_state after its priority has been 1278 * changed. 1279 */ 1280 static int 1281 umtx_pi_adjust_thread(struct umtx_pi *pi, struct thread *td) 1282 { 1283 struct umtx_q *uq, *uq1, *uq2; 1284 struct thread *td1; 1285 1286 mtx_assert(&umtx_lock, MA_OWNED); 1287 if (pi == NULL) 1288 return (0); 1289 1290 uq = td->td_umtxq; 1291 1292 /* 1293 * Check if the thread needs to be moved on the blocked chain. 1294 * It needs to be moved if either its priority is lower than 1295 * the previous thread or higher than the next thread. 1296 */ 1297 uq1 = TAILQ_PREV(uq, umtxq_head, uq_lockq); 1298 uq2 = TAILQ_NEXT(uq, uq_lockq); 1299 if ((uq1 != NULL && UPRI(td) < UPRI(uq1->uq_thread)) || 1300 (uq2 != NULL && UPRI(td) > UPRI(uq2->uq_thread))) { 1301 /* 1302 * Remove thread from blocked chain and determine where 1303 * it should be moved to. 1304 */ 1305 TAILQ_REMOVE(&pi->pi_blocked, uq, uq_lockq); 1306 TAILQ_FOREACH(uq1, &pi->pi_blocked, uq_lockq) { 1307 td1 = uq1->uq_thread; 1308 MPASS(td1->td_proc->p_magic == P_MAGIC); 1309 if (UPRI(td1) > UPRI(td)) 1310 break; 1311 } 1312 1313 if (uq1 == NULL) 1314 TAILQ_INSERT_TAIL(&pi->pi_blocked, uq, uq_lockq); 1315 else 1316 TAILQ_INSERT_BEFORE(uq1, uq, uq_lockq); 1317 } 1318 return (1); 1319 } 1320 1321 static struct umtx_pi * 1322 umtx_pi_next(struct umtx_pi *pi) 1323 { 1324 struct umtx_q *uq_owner; 1325 1326 if (pi->pi_owner == NULL) 1327 return (NULL); 1328 uq_owner = pi->pi_owner->td_umtxq; 1329 if (uq_owner == NULL) 1330 return (NULL); 1331 return (uq_owner->uq_pi_blocked); 1332 } 1333 1334 /* 1335 * Floyd's Cycle-Finding Algorithm. 1336 */ 1337 static bool 1338 umtx_pi_check_loop(struct umtx_pi *pi) 1339 { 1340 struct umtx_pi *pi1; /* fast iterator */ 1341 1342 mtx_assert(&umtx_lock, MA_OWNED); 1343 if (pi == NULL) 1344 return (false); 1345 pi1 = pi; 1346 for (;;) { 1347 pi = umtx_pi_next(pi); 1348 if (pi == NULL) 1349 break; 1350 pi1 = umtx_pi_next(pi1); 1351 if (pi1 == NULL) 1352 break; 1353 pi1 = umtx_pi_next(pi1); 1354 if (pi1 == NULL) 1355 break; 1356 if (pi == pi1) 1357 return (true); 1358 } 1359 return (false); 1360 } 1361 1362 /* 1363 * Propagate priority when a thread is blocked on POSIX 1364 * PI mutex. 1365 */ 1366 static void 1367 umtx_propagate_priority(struct thread *td) 1368 { 1369 struct umtx_q *uq; 1370 struct umtx_pi *pi; 1371 int pri; 1372 1373 mtx_assert(&umtx_lock, MA_OWNED); 1374 pri = UPRI(td); 1375 uq = td->td_umtxq; 1376 pi = uq->uq_pi_blocked; 1377 if (pi == NULL) 1378 return; 1379 if (umtx_pi_check_loop(pi)) 1380 return; 1381 1382 for (;;) { 1383 td = pi->pi_owner; 1384 if (td == NULL || td == curthread) 1385 return; 1386 1387 MPASS(td->td_proc != NULL); 1388 MPASS(td->td_proc->p_magic == P_MAGIC); 1389 1390 thread_lock(td); 1391 if (td->td_lend_user_pri > pri) 1392 sched_lend_user_prio(td, pri); 1393 else { 1394 thread_unlock(td); 1395 break; 1396 } 1397 thread_unlock(td); 1398 1399 /* 1400 * Pick up the lock that td is blocked on. 1401 */ 1402 uq = td->td_umtxq; 1403 pi = uq->uq_pi_blocked; 1404 if (pi == NULL) 1405 break; 1406 /* Resort td on the list if needed. */ 1407 umtx_pi_adjust_thread(pi, td); 1408 } 1409 } 1410 1411 /* 1412 * Unpropagate priority for a PI mutex when a thread blocked on 1413 * it is interrupted by signal or resumed by others. 1414 */ 1415 static void 1416 umtx_repropagate_priority(struct umtx_pi *pi) 1417 { 1418 struct umtx_q *uq, *uq_owner; 1419 struct umtx_pi *pi2; 1420 int pri; 1421 1422 mtx_assert(&umtx_lock, MA_OWNED); 1423 1424 if (umtx_pi_check_loop(pi)) 1425 return; 1426 while (pi != NULL && pi->pi_owner != NULL) { 1427 pri = PRI_MAX; 1428 uq_owner = pi->pi_owner->td_umtxq; 1429 1430 TAILQ_FOREACH(pi2, &uq_owner->uq_pi_contested, pi_link) { 1431 uq = TAILQ_FIRST(&pi2->pi_blocked); 1432 if (uq != NULL) { 1433 if (pri > UPRI(uq->uq_thread)) 1434 pri = UPRI(uq->uq_thread); 1435 } 1436 } 1437 1438 if (pri > uq_owner->uq_inherited_pri) 1439 pri = uq_owner->uq_inherited_pri; 1440 thread_lock(pi->pi_owner); 1441 sched_lend_user_prio(pi->pi_owner, pri); 1442 thread_unlock(pi->pi_owner); 1443 if ((pi = uq_owner->uq_pi_blocked) != NULL) 1444 umtx_pi_adjust_thread(pi, uq_owner->uq_thread); 1445 } 1446 } 1447 1448 /* 1449 * Insert a PI mutex into owned list. 1450 */ 1451 static void 1452 umtx_pi_setowner(struct umtx_pi *pi, struct thread *owner) 1453 { 1454 struct umtx_q *uq_owner; 1455 1456 uq_owner = owner->td_umtxq; 1457 mtx_assert(&umtx_lock, MA_OWNED); 1458 if (pi->pi_owner != NULL) 1459 panic("pi_owner != NULL"); 1460 pi->pi_owner = owner; 1461 TAILQ_INSERT_TAIL(&uq_owner->uq_pi_contested, pi, pi_link); 1462 } 1463 1464 1465 /* 1466 * Disown a PI mutex, and remove it from the owned list. 1467 */ 1468 static void 1469 umtx_pi_disown(struct umtx_pi *pi) 1470 { 1471 1472 mtx_assert(&umtx_lock, MA_OWNED); 1473 TAILQ_REMOVE(&pi->pi_owner->td_umtxq->uq_pi_contested, pi, pi_link); 1474 pi->pi_owner = NULL; 1475 } 1476 1477 /* 1478 * Claim ownership of a PI mutex. 1479 */ 1480 static int 1481 umtx_pi_claim(struct umtx_pi *pi, struct thread *owner) 1482 { 1483 struct umtx_q *uq; 1484 1485 mtx_lock(&umtx_lock); 1486 if (pi->pi_owner == owner) { 1487 mtx_unlock(&umtx_lock); 1488 return (0); 1489 } 1490 1491 if (pi->pi_owner != NULL) { 1492 /* 1493 * userland may have already messed the mutex, sigh. 1494 */ 1495 mtx_unlock(&umtx_lock); 1496 return (EPERM); 1497 } 1498 umtx_pi_setowner(pi, owner); 1499 uq = TAILQ_FIRST(&pi->pi_blocked); 1500 if (uq != NULL) { 1501 int pri; 1502 1503 pri = UPRI(uq->uq_thread); 1504 thread_lock(owner); 1505 if (pri < UPRI(owner)) 1506 sched_lend_user_prio(owner, pri); 1507 thread_unlock(owner); 1508 } 1509 mtx_unlock(&umtx_lock); 1510 return (0); 1511 } 1512 1513 /* 1514 * Adjust a thread's order position in its blocked PI mutex, 1515 * this may result new priority propagating process. 1516 */ 1517 void 1518 umtx_pi_adjust(struct thread *td, u_char oldpri) 1519 { 1520 struct umtx_q *uq; 1521 struct umtx_pi *pi; 1522 1523 uq = td->td_umtxq; 1524 mtx_lock(&umtx_lock); 1525 /* 1526 * Pick up the lock that td is blocked on. 1527 */ 1528 pi = uq->uq_pi_blocked; 1529 if (pi != NULL) { 1530 umtx_pi_adjust_thread(pi, td); 1531 umtx_repropagate_priority(pi); 1532 } 1533 mtx_unlock(&umtx_lock); 1534 } 1535 1536 /* 1537 * Sleep on a PI mutex. 1538 */ 1539 static int 1540 umtxq_sleep_pi(struct umtx_q *uq, struct umtx_pi *pi, 1541 uint32_t owner, const char *wmesg, struct abs_timeout *timo) 1542 { 1543 struct umtxq_chain *uc; 1544 struct thread *td, *td1; 1545 struct umtx_q *uq1; 1546 int pri; 1547 int error = 0; 1548 1549 td = uq->uq_thread; 1550 KASSERT(td == curthread, ("inconsistent uq_thread")); 1551 uc = umtxq_getchain(&uq->uq_key); 1552 UMTXQ_LOCKED_ASSERT(uc); 1553 KASSERT(uc->uc_busy != 0, ("umtx chain is not busy")); 1554 umtxq_insert(uq); 1555 mtx_lock(&umtx_lock); 1556 if (pi->pi_owner == NULL) { 1557 mtx_unlock(&umtx_lock); 1558 /* XXX Only look up thread in current process. */ 1559 td1 = tdfind(owner, curproc->p_pid); 1560 mtx_lock(&umtx_lock); 1561 if (td1 != NULL) { 1562 if (pi->pi_owner == NULL) 1563 umtx_pi_setowner(pi, td1); 1564 PROC_UNLOCK(td1->td_proc); 1565 } 1566 } 1567 1568 TAILQ_FOREACH(uq1, &pi->pi_blocked, uq_lockq) { 1569 pri = UPRI(uq1->uq_thread); 1570 if (pri > UPRI(td)) 1571 break; 1572 } 1573 1574 if (uq1 != NULL) 1575 TAILQ_INSERT_BEFORE(uq1, uq, uq_lockq); 1576 else 1577 TAILQ_INSERT_TAIL(&pi->pi_blocked, uq, uq_lockq); 1578 1579 uq->uq_pi_blocked = pi; 1580 thread_lock(td); 1581 td->td_flags |= TDF_UPIBLOCKED; 1582 thread_unlock(td); 1583 umtx_propagate_priority(td); 1584 mtx_unlock(&umtx_lock); 1585 umtxq_unbusy(&uq->uq_key); 1586 1587 error = umtxq_sleep(uq, wmesg, timo); 1588 umtxq_remove(uq); 1589 1590 mtx_lock(&umtx_lock); 1591 uq->uq_pi_blocked = NULL; 1592 thread_lock(td); 1593 td->td_flags &= ~TDF_UPIBLOCKED; 1594 thread_unlock(td); 1595 TAILQ_REMOVE(&pi->pi_blocked, uq, uq_lockq); 1596 umtx_repropagate_priority(pi); 1597 mtx_unlock(&umtx_lock); 1598 umtxq_unlock(&uq->uq_key); 1599 1600 return (error); 1601 } 1602 1603 /* 1604 * Add reference count for a PI mutex. 1605 */ 1606 static void 1607 umtx_pi_ref(struct umtx_pi *pi) 1608 { 1609 struct umtxq_chain *uc; 1610 1611 uc = umtxq_getchain(&pi->pi_key); 1612 UMTXQ_LOCKED_ASSERT(uc); 1613 pi->pi_refcount++; 1614 } 1615 1616 /* 1617 * Decrease reference count for a PI mutex, if the counter 1618 * is decreased to zero, its memory space is freed. 1619 */ 1620 static void 1621 umtx_pi_unref(struct umtx_pi *pi) 1622 { 1623 struct umtxq_chain *uc; 1624 1625 uc = umtxq_getchain(&pi->pi_key); 1626 UMTXQ_LOCKED_ASSERT(uc); 1627 KASSERT(pi->pi_refcount > 0, ("invalid reference count")); 1628 if (--pi->pi_refcount == 0) { 1629 mtx_lock(&umtx_lock); 1630 if (pi->pi_owner != NULL) 1631 umtx_pi_disown(pi); 1632 KASSERT(TAILQ_EMPTY(&pi->pi_blocked), 1633 ("blocked queue not empty")); 1634 mtx_unlock(&umtx_lock); 1635 TAILQ_REMOVE(&uc->uc_pi_list, pi, pi_hashlink); 1636 umtx_pi_free(pi); 1637 } 1638 } 1639 1640 /* 1641 * Find a PI mutex in hash table. 1642 */ 1643 static struct umtx_pi * 1644 umtx_pi_lookup(struct umtx_key *key) 1645 { 1646 struct umtxq_chain *uc; 1647 struct umtx_pi *pi; 1648 1649 uc = umtxq_getchain(key); 1650 UMTXQ_LOCKED_ASSERT(uc); 1651 1652 TAILQ_FOREACH(pi, &uc->uc_pi_list, pi_hashlink) { 1653 if (umtx_key_match(&pi->pi_key, key)) { 1654 return (pi); 1655 } 1656 } 1657 return (NULL); 1658 } 1659 1660 /* 1661 * Insert a PI mutex into hash table. 1662 */ 1663 static inline void 1664 umtx_pi_insert(struct umtx_pi *pi) 1665 { 1666 struct umtxq_chain *uc; 1667 1668 uc = umtxq_getchain(&pi->pi_key); 1669 UMTXQ_LOCKED_ASSERT(uc); 1670 TAILQ_INSERT_TAIL(&uc->uc_pi_list, pi, pi_hashlink); 1671 } 1672 1673 /* 1674 * Lock a PI mutex. 1675 */ 1676 static int 1677 do_lock_pi(struct thread *td, struct umutex *m, uint32_t flags, 1678 struct _umtx_time *timeout, int try) 1679 { 1680 struct abs_timeout timo; 1681 struct umtx_q *uq; 1682 struct umtx_pi *pi, *new_pi; 1683 uint32_t id, owner, old; 1684 int error, rv; 1685 1686 id = td->td_tid; 1687 uq = td->td_umtxq; 1688 1689 if ((error = umtx_key_get(m, TYPE_PI_UMUTEX, GET_SHARE(flags), 1690 &uq->uq_key)) != 0) 1691 return (error); 1692 1693 if (timeout != NULL) 1694 abs_timeout_init2(&timo, timeout); 1695 1696 umtxq_lock(&uq->uq_key); 1697 pi = umtx_pi_lookup(&uq->uq_key); 1698 if (pi == NULL) { 1699 new_pi = umtx_pi_alloc(M_NOWAIT); 1700 if (new_pi == NULL) { 1701 umtxq_unlock(&uq->uq_key); 1702 new_pi = umtx_pi_alloc(M_WAITOK); 1703 umtxq_lock(&uq->uq_key); 1704 pi = umtx_pi_lookup(&uq->uq_key); 1705 if (pi != NULL) { 1706 umtx_pi_free(new_pi); 1707 new_pi = NULL; 1708 } 1709 } 1710 if (new_pi != NULL) { 1711 new_pi->pi_key = uq->uq_key; 1712 umtx_pi_insert(new_pi); 1713 pi = new_pi; 1714 } 1715 } 1716 umtx_pi_ref(pi); 1717 umtxq_unlock(&uq->uq_key); 1718 1719 /* 1720 * Care must be exercised when dealing with umtx structure. It 1721 * can fault on any access. 1722 */ 1723 for (;;) { 1724 /* 1725 * Try the uncontested case. This should be done in userland. 1726 */ 1727 rv = casueword32(&m->m_owner, UMUTEX_UNOWNED, &owner, id); 1728 /* The address was invalid. */ 1729 if (rv == -1) { 1730 error = EFAULT; 1731 break; 1732 } 1733 1734 /* The acquire succeeded. */ 1735 if (owner == UMUTEX_UNOWNED) { 1736 error = 0; 1737 break; 1738 } 1739 1740 /* If no one owns it but it is contested try to acquire it. */ 1741 if (owner == UMUTEX_CONTESTED) { 1742 rv = casueword32(&m->m_owner, 1743 UMUTEX_CONTESTED, &owner, id | UMUTEX_CONTESTED); 1744 /* The address was invalid. */ 1745 if (rv == -1) { 1746 error = EFAULT; 1747 break; 1748 } 1749 1750 if (owner == UMUTEX_CONTESTED) { 1751 umtxq_lock(&uq->uq_key); 1752 umtxq_busy(&uq->uq_key); 1753 error = umtx_pi_claim(pi, td); 1754 umtxq_unbusy(&uq->uq_key); 1755 umtxq_unlock(&uq->uq_key); 1756 if (error != 0) { 1757 /* 1758 * Since we're going to return an 1759 * error, restore the m_owner to its 1760 * previous, unowned state to avoid 1761 * compounding the problem. 1762 */ 1763 (void)casuword32(&m->m_owner, 1764 id | UMUTEX_CONTESTED, 1765 UMUTEX_CONTESTED); 1766 } 1767 break; 1768 } 1769 1770 error = umtxq_check_susp(td); 1771 if (error != 0) 1772 break; 1773 1774 /* If this failed the lock has changed, restart. */ 1775 continue; 1776 } 1777 1778 if ((owner & ~UMUTEX_CONTESTED) == id) { 1779 error = EDEADLK; 1780 break; 1781 } 1782 1783 if (try != 0) { 1784 error = EBUSY; 1785 break; 1786 } 1787 1788 /* 1789 * If we caught a signal, we have retried and now 1790 * exit immediately. 1791 */ 1792 if (error != 0) 1793 break; 1794 1795 umtxq_lock(&uq->uq_key); 1796 umtxq_busy(&uq->uq_key); 1797 umtxq_unlock(&uq->uq_key); 1798 1799 /* 1800 * Set the contested bit so that a release in user space 1801 * knows to use the system call for unlock. If this fails 1802 * either some one else has acquired the lock or it has been 1803 * released. 1804 */ 1805 rv = casueword32(&m->m_owner, owner, &old, 1806 owner | UMUTEX_CONTESTED); 1807 1808 /* The address was invalid. */ 1809 if (rv == -1) { 1810 umtxq_unbusy_unlocked(&uq->uq_key); 1811 error = EFAULT; 1812 break; 1813 } 1814 1815 umtxq_lock(&uq->uq_key); 1816 /* 1817 * We set the contested bit, sleep. Otherwise the lock changed 1818 * and we need to retry or we lost a race to the thread 1819 * unlocking the umtx. 1820 */ 1821 if (old == owner) { 1822 error = umtxq_sleep_pi(uq, pi, owner & ~UMUTEX_CONTESTED, 1823 "umtxpi", timeout == NULL ? NULL : &timo); 1824 if (error != 0) 1825 continue; 1826 } else { 1827 umtxq_unbusy(&uq->uq_key); 1828 umtxq_unlock(&uq->uq_key); 1829 } 1830 1831 error = umtxq_check_susp(td); 1832 if (error != 0) 1833 break; 1834 } 1835 1836 umtxq_lock(&uq->uq_key); 1837 umtx_pi_unref(pi); 1838 umtxq_unlock(&uq->uq_key); 1839 1840 umtx_key_release(&uq->uq_key); 1841 return (error); 1842 } 1843 1844 /* 1845 * Unlock a PI mutex. 1846 */ 1847 static int 1848 do_unlock_pi(struct thread *td, struct umutex *m, uint32_t flags) 1849 { 1850 struct umtx_key key; 1851 struct umtx_q *uq_first, *uq_first2, *uq_me; 1852 struct umtx_pi *pi, *pi2; 1853 uint32_t owner, old, id; 1854 int error; 1855 int count; 1856 int pri; 1857 1858 id = td->td_tid; 1859 /* 1860 * Make sure we own this mtx. 1861 */ 1862 error = fueword32(&m->m_owner, &owner); 1863 if (error == -1) 1864 return (EFAULT); 1865 1866 if ((owner & ~UMUTEX_CONTESTED) != id) 1867 return (EPERM); 1868 1869 /* This should be done in userland */ 1870 if ((owner & UMUTEX_CONTESTED) == 0) { 1871 error = casueword32(&m->m_owner, owner, &old, UMUTEX_UNOWNED); 1872 if (error == -1) 1873 return (EFAULT); 1874 if (old == owner) 1875 return (0); 1876 owner = old; 1877 } 1878 1879 /* We should only ever be in here for contested locks */ 1880 if ((error = umtx_key_get(m, TYPE_PI_UMUTEX, GET_SHARE(flags), 1881 &key)) != 0) 1882 return (error); 1883 1884 umtxq_lock(&key); 1885 umtxq_busy(&key); 1886 count = umtxq_count_pi(&key, &uq_first); 1887 if (uq_first != NULL) { 1888 mtx_lock(&umtx_lock); 1889 pi = uq_first->uq_pi_blocked; 1890 KASSERT(pi != NULL, ("pi == NULL?")); 1891 if (pi->pi_owner != td) { 1892 mtx_unlock(&umtx_lock); 1893 umtxq_unbusy(&key); 1894 umtxq_unlock(&key); 1895 umtx_key_release(&key); 1896 /* userland messed the mutex */ 1897 return (EPERM); 1898 } 1899 uq_me = td->td_umtxq; 1900 umtx_pi_disown(pi); 1901 /* get highest priority thread which is still sleeping. */ 1902 uq_first = TAILQ_FIRST(&pi->pi_blocked); 1903 while (uq_first != NULL && 1904 (uq_first->uq_flags & UQF_UMTXQ) == 0) { 1905 uq_first = TAILQ_NEXT(uq_first, uq_lockq); 1906 } 1907 pri = PRI_MAX; 1908 TAILQ_FOREACH(pi2, &uq_me->uq_pi_contested, pi_link) { 1909 uq_first2 = TAILQ_FIRST(&pi2->pi_blocked); 1910 if (uq_first2 != NULL) { 1911 if (pri > UPRI(uq_first2->uq_thread)) 1912 pri = UPRI(uq_first2->uq_thread); 1913 } 1914 } 1915 thread_lock(td); 1916 sched_lend_user_prio(td, pri); 1917 thread_unlock(td); 1918 mtx_unlock(&umtx_lock); 1919 if (uq_first) 1920 umtxq_signal_thread(uq_first); 1921 } else { 1922 pi = umtx_pi_lookup(&key); 1923 /* 1924 * A umtx_pi can exist if a signal or timeout removed the 1925 * last waiter from the umtxq, but there is still 1926 * a thread in do_lock_pi() holding the umtx_pi. 1927 */ 1928 if (pi != NULL) { 1929 /* 1930 * The umtx_pi can be unowned, such as when a thread 1931 * has just entered do_lock_pi(), allocated the 1932 * umtx_pi, and unlocked the umtxq. 1933 * If the current thread owns it, it must disown it. 1934 */ 1935 mtx_lock(&umtx_lock); 1936 if (pi->pi_owner == td) 1937 umtx_pi_disown(pi); 1938 mtx_unlock(&umtx_lock); 1939 } 1940 } 1941 umtxq_unlock(&key); 1942 1943 /* 1944 * When unlocking the umtx, it must be marked as unowned if 1945 * there is zero or one thread only waiting for it. 1946 * Otherwise, it must be marked as contested. 1947 */ 1948 error = casueword32(&m->m_owner, owner, &old, 1949 count <= 1 ? UMUTEX_UNOWNED : UMUTEX_CONTESTED); 1950 1951 umtxq_unbusy_unlocked(&key); 1952 umtx_key_release(&key); 1953 if (error == -1) 1954 return (EFAULT); 1955 if (old != owner) 1956 return (EINVAL); 1957 return (0); 1958 } 1959 1960 /* 1961 * Lock a PP mutex. 1962 */ 1963 static int 1964 do_lock_pp(struct thread *td, struct umutex *m, uint32_t flags, 1965 struct _umtx_time *timeout, int try) 1966 { 1967 struct abs_timeout timo; 1968 struct umtx_q *uq, *uq2; 1969 struct umtx_pi *pi; 1970 uint32_t ceiling; 1971 uint32_t owner, id; 1972 int error, pri, old_inherited_pri, su, rv; 1973 1974 id = td->td_tid; 1975 uq = td->td_umtxq; 1976 if ((error = umtx_key_get(m, TYPE_PP_UMUTEX, GET_SHARE(flags), 1977 &uq->uq_key)) != 0) 1978 return (error); 1979 1980 if (timeout != NULL) 1981 abs_timeout_init2(&timo, timeout); 1982 1983 su = (priv_check(td, PRIV_SCHED_RTPRIO) == 0); 1984 for (;;) { 1985 old_inherited_pri = uq->uq_inherited_pri; 1986 umtxq_lock(&uq->uq_key); 1987 umtxq_busy(&uq->uq_key); 1988 umtxq_unlock(&uq->uq_key); 1989 1990 rv = fueword32(&m->m_ceilings[0], &ceiling); 1991 if (rv == -1) { 1992 error = EFAULT; 1993 goto out; 1994 } 1995 ceiling = RTP_PRIO_MAX - ceiling; 1996 if (ceiling > RTP_PRIO_MAX) { 1997 error = EINVAL; 1998 goto out; 1999 } 2000 2001 mtx_lock(&umtx_lock); 2002 if (UPRI(td) < PRI_MIN_REALTIME + ceiling) { 2003 mtx_unlock(&umtx_lock); 2004 error = EINVAL; 2005 goto out; 2006 } 2007 if (su && PRI_MIN_REALTIME + ceiling < uq->uq_inherited_pri) { 2008 uq->uq_inherited_pri = PRI_MIN_REALTIME + ceiling; 2009 thread_lock(td); 2010 if (uq->uq_inherited_pri < UPRI(td)) 2011 sched_lend_user_prio(td, uq->uq_inherited_pri); 2012 thread_unlock(td); 2013 } 2014 mtx_unlock(&umtx_lock); 2015 2016 rv = casueword32(&m->m_owner, 2017 UMUTEX_CONTESTED, &owner, id | UMUTEX_CONTESTED); 2018 /* The address was invalid. */ 2019 if (rv == -1) { 2020 error = EFAULT; 2021 break; 2022 } 2023 2024 if (owner == UMUTEX_CONTESTED) { 2025 error = 0; 2026 break; 2027 } 2028 2029 if (try != 0) { 2030 error = EBUSY; 2031 break; 2032 } 2033 2034 /* 2035 * If we caught a signal, we have retried and now 2036 * exit immediately. 2037 */ 2038 if (error != 0) 2039 break; 2040 2041 umtxq_lock(&uq->uq_key); 2042 umtxq_insert(uq); 2043 umtxq_unbusy(&uq->uq_key); 2044 error = umtxq_sleep(uq, "umtxpp", timeout == NULL ? 2045 NULL : &timo); 2046 umtxq_remove(uq); 2047 umtxq_unlock(&uq->uq_key); 2048 2049 mtx_lock(&umtx_lock); 2050 uq->uq_inherited_pri = old_inherited_pri; 2051 pri = PRI_MAX; 2052 TAILQ_FOREACH(pi, &uq->uq_pi_contested, pi_link) { 2053 uq2 = TAILQ_FIRST(&pi->pi_blocked); 2054 if (uq2 != NULL) { 2055 if (pri > UPRI(uq2->uq_thread)) 2056 pri = UPRI(uq2->uq_thread); 2057 } 2058 } 2059 if (pri > uq->uq_inherited_pri) 2060 pri = uq->uq_inherited_pri; 2061 thread_lock(td); 2062 sched_lend_user_prio(td, pri); 2063 thread_unlock(td); 2064 mtx_unlock(&umtx_lock); 2065 } 2066 2067 if (error != 0) { 2068 mtx_lock(&umtx_lock); 2069 uq->uq_inherited_pri = old_inherited_pri; 2070 pri = PRI_MAX; 2071 TAILQ_FOREACH(pi, &uq->uq_pi_contested, pi_link) { 2072 uq2 = TAILQ_FIRST(&pi->pi_blocked); 2073 if (uq2 != NULL) { 2074 if (pri > UPRI(uq2->uq_thread)) 2075 pri = UPRI(uq2->uq_thread); 2076 } 2077 } 2078 if (pri > uq->uq_inherited_pri) 2079 pri = uq->uq_inherited_pri; 2080 thread_lock(td); 2081 sched_lend_user_prio(td, pri); 2082 thread_unlock(td); 2083 mtx_unlock(&umtx_lock); 2084 } 2085 2086 out: 2087 umtxq_unbusy_unlocked(&uq->uq_key); 2088 umtx_key_release(&uq->uq_key); 2089 return (error); 2090 } 2091 2092 /* 2093 * Unlock a PP mutex. 2094 */ 2095 static int 2096 do_unlock_pp(struct thread *td, struct umutex *m, uint32_t flags) 2097 { 2098 struct umtx_key key; 2099 struct umtx_q *uq, *uq2; 2100 struct umtx_pi *pi; 2101 uint32_t owner, id; 2102 uint32_t rceiling; 2103 int error, pri, new_inherited_pri, su; 2104 2105 id = td->td_tid; 2106 uq = td->td_umtxq; 2107 su = (priv_check(td, PRIV_SCHED_RTPRIO) == 0); 2108 2109 /* 2110 * Make sure we own this mtx. 2111 */ 2112 error = fueword32(&m->m_owner, &owner); 2113 if (error == -1) 2114 return (EFAULT); 2115 2116 if ((owner & ~UMUTEX_CONTESTED) != id) 2117 return (EPERM); 2118 2119 error = copyin(&m->m_ceilings[1], &rceiling, sizeof(uint32_t)); 2120 if (error != 0) 2121 return (error); 2122 2123 if (rceiling == -1) 2124 new_inherited_pri = PRI_MAX; 2125 else { 2126 rceiling = RTP_PRIO_MAX - rceiling; 2127 if (rceiling > RTP_PRIO_MAX) 2128 return (EINVAL); 2129 new_inherited_pri = PRI_MIN_REALTIME + rceiling; 2130 } 2131 2132 if ((error = umtx_key_get(m, TYPE_PP_UMUTEX, GET_SHARE(flags), 2133 &key)) != 0) 2134 return (error); 2135 umtxq_lock(&key); 2136 umtxq_busy(&key); 2137 umtxq_unlock(&key); 2138 /* 2139 * For priority protected mutex, always set unlocked state 2140 * to UMUTEX_CONTESTED, so that userland always enters kernel 2141 * to lock the mutex, it is necessary because thread priority 2142 * has to be adjusted for such mutex. 2143 */ 2144 error = suword32(&m->m_owner, UMUTEX_CONTESTED); 2145 2146 umtxq_lock(&key); 2147 if (error == 0) 2148 umtxq_signal(&key, 1); 2149 umtxq_unbusy(&key); 2150 umtxq_unlock(&key); 2151 2152 if (error == -1) 2153 error = EFAULT; 2154 else { 2155 mtx_lock(&umtx_lock); 2156 if (su != 0) 2157 uq->uq_inherited_pri = new_inherited_pri; 2158 pri = PRI_MAX; 2159 TAILQ_FOREACH(pi, &uq->uq_pi_contested, pi_link) { 2160 uq2 = TAILQ_FIRST(&pi->pi_blocked); 2161 if (uq2 != NULL) { 2162 if (pri > UPRI(uq2->uq_thread)) 2163 pri = UPRI(uq2->uq_thread); 2164 } 2165 } 2166 if (pri > uq->uq_inherited_pri) 2167 pri = uq->uq_inherited_pri; 2168 thread_lock(td); 2169 sched_lend_user_prio(td, pri); 2170 thread_unlock(td); 2171 mtx_unlock(&umtx_lock); 2172 } 2173 umtx_key_release(&key); 2174 return (error); 2175 } 2176 2177 static int 2178 do_set_ceiling(struct thread *td, struct umutex *m, uint32_t ceiling, 2179 uint32_t *old_ceiling) 2180 { 2181 struct umtx_q *uq; 2182 uint32_t save_ceiling; 2183 uint32_t owner, id; 2184 uint32_t flags; 2185 int error, rv; 2186 2187 error = fueword32(&m->m_flags, &flags); 2188 if (error == -1) 2189 return (EFAULT); 2190 if ((flags & UMUTEX_PRIO_PROTECT) == 0) 2191 return (EINVAL); 2192 if (ceiling > RTP_PRIO_MAX) 2193 return (EINVAL); 2194 id = td->td_tid; 2195 uq = td->td_umtxq; 2196 if ((error = umtx_key_get(m, TYPE_PP_UMUTEX, GET_SHARE(flags), 2197 &uq->uq_key)) != 0) 2198 return (error); 2199 for (;;) { 2200 umtxq_lock(&uq->uq_key); 2201 umtxq_busy(&uq->uq_key); 2202 umtxq_unlock(&uq->uq_key); 2203 2204 rv = fueword32(&m->m_ceilings[0], &save_ceiling); 2205 if (rv == -1) { 2206 error = EFAULT; 2207 break; 2208 } 2209 2210 rv = casueword32(&m->m_owner, 2211 UMUTEX_CONTESTED, &owner, id | UMUTEX_CONTESTED); 2212 if (rv == -1) { 2213 error = EFAULT; 2214 break; 2215 } 2216 2217 if (owner == UMUTEX_CONTESTED) { 2218 suword32(&m->m_ceilings[0], ceiling); 2219 suword32(&m->m_owner, UMUTEX_CONTESTED); 2220 error = 0; 2221 break; 2222 } 2223 2224 if ((owner & ~UMUTEX_CONTESTED) == id) { 2225 suword32(&m->m_ceilings[0], ceiling); 2226 error = 0; 2227 break; 2228 } 2229 2230 /* 2231 * If we caught a signal, we have retried and now 2232 * exit immediately. 2233 */ 2234 if (error != 0) 2235 break; 2236 2237 /* 2238 * We set the contested bit, sleep. Otherwise the lock changed 2239 * and we need to retry or we lost a race to the thread 2240 * unlocking the umtx. 2241 */ 2242 umtxq_lock(&uq->uq_key); 2243 umtxq_insert(uq); 2244 umtxq_unbusy(&uq->uq_key); 2245 error = umtxq_sleep(uq, "umtxpp", NULL); 2246 umtxq_remove(uq); 2247 umtxq_unlock(&uq->uq_key); 2248 } 2249 umtxq_lock(&uq->uq_key); 2250 if (error == 0) 2251 umtxq_signal(&uq->uq_key, INT_MAX); 2252 umtxq_unbusy(&uq->uq_key); 2253 umtxq_unlock(&uq->uq_key); 2254 umtx_key_release(&uq->uq_key); 2255 if (error == 0 && old_ceiling != NULL) 2256 suword32(old_ceiling, save_ceiling); 2257 return (error); 2258 } 2259 2260 /* 2261 * Lock a userland POSIX mutex. 2262 */ 2263 static int 2264 do_lock_umutex(struct thread *td, struct umutex *m, 2265 struct _umtx_time *timeout, int mode) 2266 { 2267 uint32_t flags; 2268 int error; 2269 2270 error = fueword32(&m->m_flags, &flags); 2271 if (error == -1) 2272 return (EFAULT); 2273 2274 switch(flags & (UMUTEX_PRIO_INHERIT | UMUTEX_PRIO_PROTECT)) { 2275 case 0: 2276 error = do_lock_normal(td, m, flags, timeout, mode); 2277 break; 2278 case UMUTEX_PRIO_INHERIT: 2279 error = do_lock_pi(td, m, flags, timeout, mode); 2280 break; 2281 case UMUTEX_PRIO_PROTECT: 2282 error = do_lock_pp(td, m, flags, timeout, mode); 2283 break; 2284 default: 2285 return (EINVAL); 2286 } 2287 if (timeout == NULL) { 2288 if (error == EINTR && mode != _UMUTEX_WAIT) 2289 error = ERESTART; 2290 } else { 2291 /* Timed-locking is not restarted. */ 2292 if (error == ERESTART) 2293 error = EINTR; 2294 } 2295 return (error); 2296 } 2297 2298 /* 2299 * Unlock a userland POSIX mutex. 2300 */ 2301 static int 2302 do_unlock_umutex(struct thread *td, struct umutex *m) 2303 { 2304 uint32_t flags; 2305 int error; 2306 2307 error = fueword32(&m->m_flags, &flags); 2308 if (error == -1) 2309 return (EFAULT); 2310 2311 switch(flags & (UMUTEX_PRIO_INHERIT | UMUTEX_PRIO_PROTECT)) { 2312 case 0: 2313 return (do_unlock_normal(td, m, flags)); 2314 case UMUTEX_PRIO_INHERIT: 2315 return (do_unlock_pi(td, m, flags)); 2316 case UMUTEX_PRIO_PROTECT: 2317 return (do_unlock_pp(td, m, flags)); 2318 } 2319 2320 return (EINVAL); 2321 } 2322 2323 static int 2324 do_cv_wait(struct thread *td, struct ucond *cv, struct umutex *m, 2325 struct timespec *timeout, u_long wflags) 2326 { 2327 struct abs_timeout timo; 2328 struct umtx_q *uq; 2329 uint32_t flags, clockid, hasw; 2330 int error; 2331 2332 uq = td->td_umtxq; 2333 error = fueword32(&cv->c_flags, &flags); 2334 if (error == -1) 2335 return (EFAULT); 2336 error = umtx_key_get(cv, TYPE_CV, GET_SHARE(flags), &uq->uq_key); 2337 if (error != 0) 2338 return (error); 2339 2340 if ((wflags & CVWAIT_CLOCKID) != 0) { 2341 error = fueword32(&cv->c_clockid, &clockid); 2342 if (error == -1) { 2343 umtx_key_release(&uq->uq_key); 2344 return (EFAULT); 2345 } 2346 if (clockid < CLOCK_REALTIME || 2347 clockid >= CLOCK_THREAD_CPUTIME_ID) { 2348 /* hmm, only HW clock id will work. */ 2349 umtx_key_release(&uq->uq_key); 2350 return (EINVAL); 2351 } 2352 } else { 2353 clockid = CLOCK_REALTIME; 2354 } 2355 2356 umtxq_lock(&uq->uq_key); 2357 umtxq_busy(&uq->uq_key); 2358 umtxq_insert(uq); 2359 umtxq_unlock(&uq->uq_key); 2360 2361 /* 2362 * Set c_has_waiters to 1 before releasing user mutex, also 2363 * don't modify cache line when unnecessary. 2364 */ 2365 error = fueword32(&cv->c_has_waiters, &hasw); 2366 if (error == 0 && hasw == 0) 2367 suword32(&cv->c_has_waiters, 1); 2368 2369 umtxq_unbusy_unlocked(&uq->uq_key); 2370 2371 error = do_unlock_umutex(td, m); 2372 2373 if (timeout != NULL) 2374 abs_timeout_init(&timo, clockid, ((wflags & CVWAIT_ABSTIME) != 0), 2375 timeout); 2376 2377 umtxq_lock(&uq->uq_key); 2378 if (error == 0) { 2379 error = umtxq_sleep(uq, "ucond", timeout == NULL ? 2380 NULL : &timo); 2381 } 2382 2383 if ((uq->uq_flags & UQF_UMTXQ) == 0) 2384 error = 0; 2385 else { 2386 /* 2387 * This must be timeout,interrupted by signal or 2388 * surprious wakeup, clear c_has_waiter flag when 2389 * necessary. 2390 */ 2391 umtxq_busy(&uq->uq_key); 2392 if ((uq->uq_flags & UQF_UMTXQ) != 0) { 2393 int oldlen = uq->uq_cur_queue->length; 2394 umtxq_remove(uq); 2395 if (oldlen == 1) { 2396 umtxq_unlock(&uq->uq_key); 2397 suword32(&cv->c_has_waiters, 0); 2398 umtxq_lock(&uq->uq_key); 2399 } 2400 } 2401 umtxq_unbusy(&uq->uq_key); 2402 if (error == ERESTART) 2403 error = EINTR; 2404 } 2405 2406 umtxq_unlock(&uq->uq_key); 2407 umtx_key_release(&uq->uq_key); 2408 return (error); 2409 } 2410 2411 /* 2412 * Signal a userland condition variable. 2413 */ 2414 static int 2415 do_cv_signal(struct thread *td, struct ucond *cv) 2416 { 2417 struct umtx_key key; 2418 int error, cnt, nwake; 2419 uint32_t flags; 2420 2421 error = fueword32(&cv->c_flags, &flags); 2422 if (error == -1) 2423 return (EFAULT); 2424 if ((error = umtx_key_get(cv, TYPE_CV, GET_SHARE(flags), &key)) != 0) 2425 return (error); 2426 umtxq_lock(&key); 2427 umtxq_busy(&key); 2428 cnt = umtxq_count(&key); 2429 nwake = umtxq_signal(&key, 1); 2430 if (cnt <= nwake) { 2431 umtxq_unlock(&key); 2432 error = suword32(&cv->c_has_waiters, 0); 2433 if (error == -1) 2434 error = EFAULT; 2435 umtxq_lock(&key); 2436 } 2437 umtxq_unbusy(&key); 2438 umtxq_unlock(&key); 2439 umtx_key_release(&key); 2440 return (error); 2441 } 2442 2443 static int 2444 do_cv_broadcast(struct thread *td, struct ucond *cv) 2445 { 2446 struct umtx_key key; 2447 int error; 2448 uint32_t flags; 2449 2450 error = fueword32(&cv->c_flags, &flags); 2451 if (error == -1) 2452 return (EFAULT); 2453 if ((error = umtx_key_get(cv, TYPE_CV, GET_SHARE(flags), &key)) != 0) 2454 return (error); 2455 2456 umtxq_lock(&key); 2457 umtxq_busy(&key); 2458 umtxq_signal(&key, INT_MAX); 2459 umtxq_unlock(&key); 2460 2461 error = suword32(&cv->c_has_waiters, 0); 2462 if (error == -1) 2463 error = EFAULT; 2464 2465 umtxq_unbusy_unlocked(&key); 2466 2467 umtx_key_release(&key); 2468 return (error); 2469 } 2470 2471 static int 2472 do_rw_rdlock(struct thread *td, struct urwlock *rwlock, long fflag, struct _umtx_time *timeout) 2473 { 2474 struct abs_timeout timo; 2475 struct umtx_q *uq; 2476 uint32_t flags, wrflags; 2477 int32_t state, oldstate; 2478 int32_t blocked_readers; 2479 int error, rv; 2480 2481 uq = td->td_umtxq; 2482 error = fueword32(&rwlock->rw_flags, &flags); 2483 if (error == -1) 2484 return (EFAULT); 2485 error = umtx_key_get(rwlock, TYPE_RWLOCK, GET_SHARE(flags), &uq->uq_key); 2486 if (error != 0) 2487 return (error); 2488 2489 if (timeout != NULL) 2490 abs_timeout_init2(&timo, timeout); 2491 2492 wrflags = URWLOCK_WRITE_OWNER; 2493 if (!(fflag & URWLOCK_PREFER_READER) && !(flags & URWLOCK_PREFER_READER)) 2494 wrflags |= URWLOCK_WRITE_WAITERS; 2495 2496 for (;;) { 2497 rv = fueword32(&rwlock->rw_state, &state); 2498 if (rv == -1) { 2499 umtx_key_release(&uq->uq_key); 2500 return (EFAULT); 2501 } 2502 2503 /* try to lock it */ 2504 while (!(state & wrflags)) { 2505 if (__predict_false(URWLOCK_READER_COUNT(state) == URWLOCK_MAX_READERS)) { 2506 umtx_key_release(&uq->uq_key); 2507 return (EAGAIN); 2508 } 2509 rv = casueword32(&rwlock->rw_state, state, 2510 &oldstate, state + 1); 2511 if (rv == -1) { 2512 umtx_key_release(&uq->uq_key); 2513 return (EFAULT); 2514 } 2515 if (oldstate == state) { 2516 umtx_key_release(&uq->uq_key); 2517 return (0); 2518 } 2519 error = umtxq_check_susp(td); 2520 if (error != 0) 2521 break; 2522 state = oldstate; 2523 } 2524 2525 if (error) 2526 break; 2527 2528 /* grab monitor lock */ 2529 umtxq_lock(&uq->uq_key); 2530 umtxq_busy(&uq->uq_key); 2531 umtxq_unlock(&uq->uq_key); 2532 2533 /* 2534 * re-read the state, in case it changed between the try-lock above 2535 * and the check below 2536 */ 2537 rv = fueword32(&rwlock->rw_state, &state); 2538 if (rv == -1) 2539 error = EFAULT; 2540 2541 /* set read contention bit */ 2542 while (error == 0 && (state & wrflags) && 2543 !(state & URWLOCK_READ_WAITERS)) { 2544 rv = casueword32(&rwlock->rw_state, state, 2545 &oldstate, state | URWLOCK_READ_WAITERS); 2546 if (rv == -1) { 2547 error = EFAULT; 2548 break; 2549 } 2550 if (oldstate == state) 2551 goto sleep; 2552 state = oldstate; 2553 error = umtxq_check_susp(td); 2554 if (error != 0) 2555 break; 2556 } 2557 if (error != 0) { 2558 umtxq_unbusy_unlocked(&uq->uq_key); 2559 break; 2560 } 2561 2562 /* state is changed while setting flags, restart */ 2563 if (!(state & wrflags)) { 2564 umtxq_unbusy_unlocked(&uq->uq_key); 2565 error = umtxq_check_susp(td); 2566 if (error != 0) 2567 break; 2568 continue; 2569 } 2570 2571 sleep: 2572 /* contention bit is set, before sleeping, increase read waiter count */ 2573 rv = fueword32(&rwlock->rw_blocked_readers, 2574 &blocked_readers); 2575 if (rv == -1) { 2576 umtxq_unbusy_unlocked(&uq->uq_key); 2577 error = EFAULT; 2578 break; 2579 } 2580 suword32(&rwlock->rw_blocked_readers, blocked_readers+1); 2581 2582 while (state & wrflags) { 2583 umtxq_lock(&uq->uq_key); 2584 umtxq_insert(uq); 2585 umtxq_unbusy(&uq->uq_key); 2586 2587 error = umtxq_sleep(uq, "urdlck", timeout == NULL ? 2588 NULL : &timo); 2589 2590 umtxq_busy(&uq->uq_key); 2591 umtxq_remove(uq); 2592 umtxq_unlock(&uq->uq_key); 2593 if (error) 2594 break; 2595 rv = fueword32(&rwlock->rw_state, &state); 2596 if (rv == -1) { 2597 error = EFAULT; 2598 break; 2599 } 2600 } 2601 2602 /* decrease read waiter count, and may clear read contention bit */ 2603 rv = fueword32(&rwlock->rw_blocked_readers, 2604 &blocked_readers); 2605 if (rv == -1) { 2606 umtxq_unbusy_unlocked(&uq->uq_key); 2607 error = EFAULT; 2608 break; 2609 } 2610 suword32(&rwlock->rw_blocked_readers, blocked_readers-1); 2611 if (blocked_readers == 1) { 2612 rv = fueword32(&rwlock->rw_state, &state); 2613 if (rv == -1) 2614 error = EFAULT; 2615 while (error == 0) { 2616 rv = casueword32(&rwlock->rw_state, state, 2617 &oldstate, state & ~URWLOCK_READ_WAITERS); 2618 if (rv == -1) { 2619 error = EFAULT; 2620 break; 2621 } 2622 if (oldstate == state) 2623 break; 2624 state = oldstate; 2625 error = umtxq_check_susp(td); 2626 } 2627 } 2628 2629 umtxq_unbusy_unlocked(&uq->uq_key); 2630 if (error != 0) 2631 break; 2632 } 2633 umtx_key_release(&uq->uq_key); 2634 if (error == ERESTART) 2635 error = EINTR; 2636 return (error); 2637 } 2638 2639 static int 2640 do_rw_wrlock(struct thread *td, struct urwlock *rwlock, struct _umtx_time *timeout) 2641 { 2642 struct abs_timeout timo; 2643 struct umtx_q *uq; 2644 uint32_t flags; 2645 int32_t state, oldstate; 2646 int32_t blocked_writers; 2647 int32_t blocked_readers; 2648 int error, rv; 2649 2650 uq = td->td_umtxq; 2651 error = fueword32(&rwlock->rw_flags, &flags); 2652 if (error == -1) 2653 return (EFAULT); 2654 error = umtx_key_get(rwlock, TYPE_RWLOCK, GET_SHARE(flags), &uq->uq_key); 2655 if (error != 0) 2656 return (error); 2657 2658 if (timeout != NULL) 2659 abs_timeout_init2(&timo, timeout); 2660 2661 blocked_readers = 0; 2662 for (;;) { 2663 rv = fueword32(&rwlock->rw_state, &state); 2664 if (rv == -1) { 2665 umtx_key_release(&uq->uq_key); 2666 return (EFAULT); 2667 } 2668 while (!(state & URWLOCK_WRITE_OWNER) && URWLOCK_READER_COUNT(state) == 0) { 2669 rv = casueword32(&rwlock->rw_state, state, 2670 &oldstate, state | URWLOCK_WRITE_OWNER); 2671 if (rv == -1) { 2672 umtx_key_release(&uq->uq_key); 2673 return (EFAULT); 2674 } 2675 if (oldstate == state) { 2676 umtx_key_release(&uq->uq_key); 2677 return (0); 2678 } 2679 state = oldstate; 2680 error = umtxq_check_susp(td); 2681 if (error != 0) 2682 break; 2683 } 2684 2685 if (error) { 2686 if (!(state & (URWLOCK_WRITE_OWNER|URWLOCK_WRITE_WAITERS)) && 2687 blocked_readers != 0) { 2688 umtxq_lock(&uq->uq_key); 2689 umtxq_busy(&uq->uq_key); 2690 umtxq_signal_queue(&uq->uq_key, INT_MAX, UMTX_SHARED_QUEUE); 2691 umtxq_unbusy(&uq->uq_key); 2692 umtxq_unlock(&uq->uq_key); 2693 } 2694 2695 break; 2696 } 2697 2698 /* grab monitor lock */ 2699 umtxq_lock(&uq->uq_key); 2700 umtxq_busy(&uq->uq_key); 2701 umtxq_unlock(&uq->uq_key); 2702 2703 /* 2704 * re-read the state, in case it changed between the try-lock above 2705 * and the check below 2706 */ 2707 rv = fueword32(&rwlock->rw_state, &state); 2708 if (rv == -1) 2709 error = EFAULT; 2710 2711 while (error == 0 && ((state & URWLOCK_WRITE_OWNER) || 2712 URWLOCK_READER_COUNT(state) != 0) && 2713 (state & URWLOCK_WRITE_WAITERS) == 0) { 2714 rv = casueword32(&rwlock->rw_state, state, 2715 &oldstate, state | URWLOCK_WRITE_WAITERS); 2716 if (rv == -1) { 2717 error = EFAULT; 2718 break; 2719 } 2720 if (oldstate == state) 2721 goto sleep; 2722 state = oldstate; 2723 error = umtxq_check_susp(td); 2724 if (error != 0) 2725 break; 2726 } 2727 if (error != 0) { 2728 umtxq_unbusy_unlocked(&uq->uq_key); 2729 break; 2730 } 2731 2732 if (!(state & URWLOCK_WRITE_OWNER) && URWLOCK_READER_COUNT(state) == 0) { 2733 umtxq_unbusy_unlocked(&uq->uq_key); 2734 error = umtxq_check_susp(td); 2735 if (error != 0) 2736 break; 2737 continue; 2738 } 2739 sleep: 2740 rv = fueword32(&rwlock->rw_blocked_writers, 2741 &blocked_writers); 2742 if (rv == -1) { 2743 umtxq_unbusy_unlocked(&uq->uq_key); 2744 error = EFAULT; 2745 break; 2746 } 2747 suword32(&rwlock->rw_blocked_writers, blocked_writers+1); 2748 2749 while ((state & URWLOCK_WRITE_OWNER) || URWLOCK_READER_COUNT(state) != 0) { 2750 umtxq_lock(&uq->uq_key); 2751 umtxq_insert_queue(uq, UMTX_EXCLUSIVE_QUEUE); 2752 umtxq_unbusy(&uq->uq_key); 2753 2754 error = umtxq_sleep(uq, "uwrlck", timeout == NULL ? 2755 NULL : &timo); 2756 2757 umtxq_busy(&uq->uq_key); 2758 umtxq_remove_queue(uq, UMTX_EXCLUSIVE_QUEUE); 2759 umtxq_unlock(&uq->uq_key); 2760 if (error) 2761 break; 2762 rv = fueword32(&rwlock->rw_state, &state); 2763 if (rv == -1) { 2764 error = EFAULT; 2765 break; 2766 } 2767 } 2768 2769 rv = fueword32(&rwlock->rw_blocked_writers, 2770 &blocked_writers); 2771 if (rv == -1) { 2772 umtxq_unbusy_unlocked(&uq->uq_key); 2773 error = EFAULT; 2774 break; 2775 } 2776 suword32(&rwlock->rw_blocked_writers, blocked_writers-1); 2777 if (blocked_writers == 1) { 2778 rv = fueword32(&rwlock->rw_state, &state); 2779 if (rv == -1) { 2780 umtxq_unbusy_unlocked(&uq->uq_key); 2781 error = EFAULT; 2782 break; 2783 } 2784 for (;;) { 2785 rv = casueword32(&rwlock->rw_state, state, 2786 &oldstate, state & ~URWLOCK_WRITE_WAITERS); 2787 if (rv == -1) { 2788 error = EFAULT; 2789 break; 2790 } 2791 if (oldstate == state) 2792 break; 2793 state = oldstate; 2794 error = umtxq_check_susp(td); 2795 /* 2796 * We are leaving the URWLOCK_WRITE_WAITERS 2797 * behind, but this should not harm the 2798 * correctness. 2799 */ 2800 if (error != 0) 2801 break; 2802 } 2803 rv = fueword32(&rwlock->rw_blocked_readers, 2804 &blocked_readers); 2805 if (rv == -1) { 2806 umtxq_unbusy_unlocked(&uq->uq_key); 2807 error = EFAULT; 2808 break; 2809 } 2810 } else 2811 blocked_readers = 0; 2812 2813 umtxq_unbusy_unlocked(&uq->uq_key); 2814 } 2815 2816 umtx_key_release(&uq->uq_key); 2817 if (error == ERESTART) 2818 error = EINTR; 2819 return (error); 2820 } 2821 2822 static int 2823 do_rw_unlock(struct thread *td, struct urwlock *rwlock) 2824 { 2825 struct umtx_q *uq; 2826 uint32_t flags; 2827 int32_t state, oldstate; 2828 int error, rv, q, count; 2829 2830 uq = td->td_umtxq; 2831 error = fueword32(&rwlock->rw_flags, &flags); 2832 if (error == -1) 2833 return (EFAULT); 2834 error = umtx_key_get(rwlock, TYPE_RWLOCK, GET_SHARE(flags), &uq->uq_key); 2835 if (error != 0) 2836 return (error); 2837 2838 error = fueword32(&rwlock->rw_state, &state); 2839 if (error == -1) { 2840 error = EFAULT; 2841 goto out; 2842 } 2843 if (state & URWLOCK_WRITE_OWNER) { 2844 for (;;) { 2845 rv = casueword32(&rwlock->rw_state, state, 2846 &oldstate, state & ~URWLOCK_WRITE_OWNER); 2847 if (rv == -1) { 2848 error = EFAULT; 2849 goto out; 2850 } 2851 if (oldstate != state) { 2852 state = oldstate; 2853 if (!(oldstate & URWLOCK_WRITE_OWNER)) { 2854 error = EPERM; 2855 goto out; 2856 } 2857 error = umtxq_check_susp(td); 2858 if (error != 0) 2859 goto out; 2860 } else 2861 break; 2862 } 2863 } else if (URWLOCK_READER_COUNT(state) != 0) { 2864 for (;;) { 2865 rv = casueword32(&rwlock->rw_state, state, 2866 &oldstate, state - 1); 2867 if (rv == -1) { 2868 error = EFAULT; 2869 goto out; 2870 } 2871 if (oldstate != state) { 2872 state = oldstate; 2873 if (URWLOCK_READER_COUNT(oldstate) == 0) { 2874 error = EPERM; 2875 goto out; 2876 } 2877 error = umtxq_check_susp(td); 2878 if (error != 0) 2879 goto out; 2880 } else 2881 break; 2882 } 2883 } else { 2884 error = EPERM; 2885 goto out; 2886 } 2887 2888 count = 0; 2889 2890 if (!(flags & URWLOCK_PREFER_READER)) { 2891 if (state & URWLOCK_WRITE_WAITERS) { 2892 count = 1; 2893 q = UMTX_EXCLUSIVE_QUEUE; 2894 } else if (state & URWLOCK_READ_WAITERS) { 2895 count = INT_MAX; 2896 q = UMTX_SHARED_QUEUE; 2897 } 2898 } else { 2899 if (state & URWLOCK_READ_WAITERS) { 2900 count = INT_MAX; 2901 q = UMTX_SHARED_QUEUE; 2902 } else if (state & URWLOCK_WRITE_WAITERS) { 2903 count = 1; 2904 q = UMTX_EXCLUSIVE_QUEUE; 2905 } 2906 } 2907 2908 if (count) { 2909 umtxq_lock(&uq->uq_key); 2910 umtxq_busy(&uq->uq_key); 2911 umtxq_signal_queue(&uq->uq_key, count, q); 2912 umtxq_unbusy(&uq->uq_key); 2913 umtxq_unlock(&uq->uq_key); 2914 } 2915 out: 2916 umtx_key_release(&uq->uq_key); 2917 return (error); 2918 } 2919 2920 #if defined(COMPAT_FREEBSD9) || defined(COMPAT_FREEBSD10) 2921 static int 2922 do_sem_wait(struct thread *td, struct _usem *sem, struct _umtx_time *timeout) 2923 { 2924 struct abs_timeout timo; 2925 struct umtx_q *uq; 2926 uint32_t flags, count, count1; 2927 int error, rv; 2928 2929 uq = td->td_umtxq; 2930 error = fueword32(&sem->_flags, &flags); 2931 if (error == -1) 2932 return (EFAULT); 2933 error = umtx_key_get(sem, TYPE_SEM, GET_SHARE(flags), &uq->uq_key); 2934 if (error != 0) 2935 return (error); 2936 2937 if (timeout != NULL) 2938 abs_timeout_init2(&timo, timeout); 2939 2940 umtxq_lock(&uq->uq_key); 2941 umtxq_busy(&uq->uq_key); 2942 umtxq_insert(uq); 2943 umtxq_unlock(&uq->uq_key); 2944 rv = casueword32(&sem->_has_waiters, 0, &count1, 1); 2945 if (rv == 0) 2946 rv = fueword32(&sem->_count, &count); 2947 if (rv == -1 || count != 0) { 2948 umtxq_lock(&uq->uq_key); 2949 umtxq_unbusy(&uq->uq_key); 2950 umtxq_remove(uq); 2951 umtxq_unlock(&uq->uq_key); 2952 umtx_key_release(&uq->uq_key); 2953 return (rv == -1 ? EFAULT : 0); 2954 } 2955 umtxq_lock(&uq->uq_key); 2956 umtxq_unbusy(&uq->uq_key); 2957 2958 error = umtxq_sleep(uq, "usem", timeout == NULL ? NULL : &timo); 2959 2960 if ((uq->uq_flags & UQF_UMTXQ) == 0) 2961 error = 0; 2962 else { 2963 umtxq_remove(uq); 2964 /* A relative timeout cannot be restarted. */ 2965 if (error == ERESTART && timeout != NULL && 2966 (timeout->_flags & UMTX_ABSTIME) == 0) 2967 error = EINTR; 2968 } 2969 umtxq_unlock(&uq->uq_key); 2970 umtx_key_release(&uq->uq_key); 2971 return (error); 2972 } 2973 2974 /* 2975 * Signal a userland semaphore. 2976 */ 2977 static int 2978 do_sem_wake(struct thread *td, struct _usem *sem) 2979 { 2980 struct umtx_key key; 2981 int error, cnt; 2982 uint32_t flags; 2983 2984 error = fueword32(&sem->_flags, &flags); 2985 if (error == -1) 2986 return (EFAULT); 2987 if ((error = umtx_key_get(sem, TYPE_SEM, GET_SHARE(flags), &key)) != 0) 2988 return (error); 2989 umtxq_lock(&key); 2990 umtxq_busy(&key); 2991 cnt = umtxq_count(&key); 2992 if (cnt > 0) { 2993 umtxq_signal(&key, 1); 2994 /* 2995 * Check if count is greater than 0, this means the memory is 2996 * still being referenced by user code, so we can safely 2997 * update _has_waiters flag. 2998 */ 2999 if (cnt == 1) { 3000 umtxq_unlock(&key); 3001 error = suword32(&sem->_has_waiters, 0); 3002 umtxq_lock(&key); 3003 if (error == -1) 3004 error = EFAULT; 3005 } 3006 } 3007 umtxq_unbusy(&key); 3008 umtxq_unlock(&key); 3009 umtx_key_release(&key); 3010 return (error); 3011 } 3012 #endif 3013 3014 static int 3015 do_sem2_wait(struct thread *td, struct _usem2 *sem, struct _umtx_time *timeout) 3016 { 3017 struct abs_timeout timo; 3018 struct umtx_q *uq; 3019 uint32_t count, flags; 3020 int error, rv; 3021 3022 uq = td->td_umtxq; 3023 flags = fuword32(&sem->_flags); 3024 error = umtx_key_get(sem, TYPE_SEM, GET_SHARE(flags), &uq->uq_key); 3025 if (error != 0) 3026 return (error); 3027 3028 if (timeout != NULL) 3029 abs_timeout_init2(&timo, timeout); 3030 3031 umtxq_lock(&uq->uq_key); 3032 umtxq_busy(&uq->uq_key); 3033 umtxq_insert(uq); 3034 umtxq_unlock(&uq->uq_key); 3035 rv = fueword32(&sem->_count, &count); 3036 if (rv == -1) { 3037 umtxq_lock(&uq->uq_key); 3038 umtxq_unbusy(&uq->uq_key); 3039 umtxq_remove(uq); 3040 umtxq_unlock(&uq->uq_key); 3041 umtx_key_release(&uq->uq_key); 3042 return (EFAULT); 3043 } 3044 for (;;) { 3045 if (USEM_COUNT(count) != 0) { 3046 umtxq_lock(&uq->uq_key); 3047 umtxq_unbusy(&uq->uq_key); 3048 umtxq_remove(uq); 3049 umtxq_unlock(&uq->uq_key); 3050 umtx_key_release(&uq->uq_key); 3051 return (0); 3052 } 3053 if (count == USEM_HAS_WAITERS) 3054 break; 3055 rv = casueword32(&sem->_count, 0, &count, USEM_HAS_WAITERS); 3056 if (rv == -1) { 3057 umtxq_lock(&uq->uq_key); 3058 umtxq_unbusy(&uq->uq_key); 3059 umtxq_remove(uq); 3060 umtxq_unlock(&uq->uq_key); 3061 umtx_key_release(&uq->uq_key); 3062 return (EFAULT); 3063 } 3064 if (count == 0) 3065 break; 3066 } 3067 umtxq_lock(&uq->uq_key); 3068 umtxq_unbusy(&uq->uq_key); 3069 3070 error = umtxq_sleep(uq, "usem", timeout == NULL ? NULL : &timo); 3071 3072 if ((uq->uq_flags & UQF_UMTXQ) == 0) 3073 error = 0; 3074 else { 3075 umtxq_remove(uq); 3076 /* A relative timeout cannot be restarted. */ 3077 if (error == ERESTART && timeout != NULL && 3078 (timeout->_flags & UMTX_ABSTIME) == 0) 3079 error = EINTR; 3080 } 3081 umtxq_unlock(&uq->uq_key); 3082 umtx_key_release(&uq->uq_key); 3083 return (error); 3084 } 3085 3086 /* 3087 * Signal a userland semaphore. 3088 */ 3089 static int 3090 do_sem2_wake(struct thread *td, struct _usem2 *sem) 3091 { 3092 struct umtx_key key; 3093 int error, cnt, rv; 3094 uint32_t count, flags; 3095 3096 rv = fueword32(&sem->_flags, &flags); 3097 if (rv == -1) 3098 return (EFAULT); 3099 if ((error = umtx_key_get(sem, TYPE_SEM, GET_SHARE(flags), &key)) != 0) 3100 return (error); 3101 umtxq_lock(&key); 3102 umtxq_busy(&key); 3103 cnt = umtxq_count(&key); 3104 if (cnt > 0) { 3105 umtxq_signal(&key, 1); 3106 3107 /* 3108 * If this was the last sleeping thread, clear the waiters 3109 * flag in _count. 3110 */ 3111 if (cnt == 1) { 3112 umtxq_unlock(&key); 3113 rv = fueword32(&sem->_count, &count); 3114 while (rv != -1 && count & USEM_HAS_WAITERS) 3115 rv = casueword32(&sem->_count, count, &count, 3116 count & ~USEM_HAS_WAITERS); 3117 if (rv == -1) 3118 error = EFAULT; 3119 umtxq_lock(&key); 3120 } 3121 } 3122 umtxq_unbusy(&key); 3123 umtxq_unlock(&key); 3124 umtx_key_release(&key); 3125 return (error); 3126 } 3127 3128 inline int 3129 umtx_copyin_timeout(const void *addr, struct timespec *tsp) 3130 { 3131 int error; 3132 3133 error = copyin(addr, tsp, sizeof(struct timespec)); 3134 if (error == 0) { 3135 if (tsp->tv_sec < 0 || 3136 tsp->tv_nsec >= 1000000000 || 3137 tsp->tv_nsec < 0) 3138 error = EINVAL; 3139 } 3140 return (error); 3141 } 3142 3143 static inline int 3144 umtx_copyin_umtx_time(const void *addr, size_t size, struct _umtx_time *tp) 3145 { 3146 int error; 3147 3148 if (size <= sizeof(struct timespec)) { 3149 tp->_clockid = CLOCK_REALTIME; 3150 tp->_flags = 0; 3151 error = copyin(addr, &tp->_timeout, sizeof(struct timespec)); 3152 } else 3153 error = copyin(addr, tp, sizeof(struct _umtx_time)); 3154 if (error != 0) 3155 return (error); 3156 if (tp->_timeout.tv_sec < 0 || 3157 tp->_timeout.tv_nsec >= 1000000000 || tp->_timeout.tv_nsec < 0) 3158 return (EINVAL); 3159 return (0); 3160 } 3161 3162 static int 3163 __umtx_op_unimpl(struct thread *td, struct _umtx_op_args *uap) 3164 { 3165 3166 return (EOPNOTSUPP); 3167 } 3168 3169 static int 3170 __umtx_op_wait(struct thread *td, struct _umtx_op_args *uap) 3171 { 3172 struct _umtx_time timeout, *tm_p; 3173 int error; 3174 3175 if (uap->uaddr2 == NULL) 3176 tm_p = NULL; 3177 else { 3178 error = umtx_copyin_umtx_time( 3179 uap->uaddr2, (size_t)uap->uaddr1, &timeout); 3180 if (error != 0) 3181 return (error); 3182 tm_p = &timeout; 3183 } 3184 return do_wait(td, uap->obj, uap->val, tm_p, 0, 0); 3185 } 3186 3187 static int 3188 __umtx_op_wait_uint(struct thread *td, struct _umtx_op_args *uap) 3189 { 3190 struct _umtx_time timeout, *tm_p; 3191 int error; 3192 3193 if (uap->uaddr2 == NULL) 3194 tm_p = NULL; 3195 else { 3196 error = umtx_copyin_umtx_time( 3197 uap->uaddr2, (size_t)uap->uaddr1, &timeout); 3198 if (error != 0) 3199 return (error); 3200 tm_p = &timeout; 3201 } 3202 return do_wait(td, uap->obj, uap->val, tm_p, 1, 0); 3203 } 3204 3205 static int 3206 __umtx_op_wait_uint_private(struct thread *td, struct _umtx_op_args *uap) 3207 { 3208 struct _umtx_time *tm_p, timeout; 3209 int error; 3210 3211 if (uap->uaddr2 == NULL) 3212 tm_p = NULL; 3213 else { 3214 error = umtx_copyin_umtx_time( 3215 uap->uaddr2, (size_t)uap->uaddr1, &timeout); 3216 if (error != 0) 3217 return (error); 3218 tm_p = &timeout; 3219 } 3220 return do_wait(td, uap->obj, uap->val, tm_p, 1, 1); 3221 } 3222 3223 static int 3224 __umtx_op_wake(struct thread *td, struct _umtx_op_args *uap) 3225 { 3226 return (kern_umtx_wake(td, uap->obj, uap->val, 0)); 3227 } 3228 3229 #define BATCH_SIZE 128 3230 static int 3231 __umtx_op_nwake_private(struct thread *td, struct _umtx_op_args *uap) 3232 { 3233 int count = uap->val; 3234 void *uaddrs[BATCH_SIZE]; 3235 char **upp = (char **)uap->obj; 3236 int tocopy; 3237 int error = 0; 3238 int i, pos = 0; 3239 3240 while (count > 0) { 3241 tocopy = count; 3242 if (tocopy > BATCH_SIZE) 3243 tocopy = BATCH_SIZE; 3244 error = copyin(upp+pos, uaddrs, tocopy * sizeof(char *)); 3245 if (error != 0) 3246 break; 3247 for (i = 0; i < tocopy; ++i) 3248 kern_umtx_wake(td, uaddrs[i], INT_MAX, 1); 3249 count -= tocopy; 3250 pos += tocopy; 3251 } 3252 return (error); 3253 } 3254 3255 static int 3256 __umtx_op_wake_private(struct thread *td, struct _umtx_op_args *uap) 3257 { 3258 return (kern_umtx_wake(td, uap->obj, uap->val, 1)); 3259 } 3260 3261 static int 3262 __umtx_op_lock_umutex(struct thread *td, struct _umtx_op_args *uap) 3263 { 3264 struct _umtx_time *tm_p, timeout; 3265 int error; 3266 3267 /* Allow a null timespec (wait forever). */ 3268 if (uap->uaddr2 == NULL) 3269 tm_p = NULL; 3270 else { 3271 error = umtx_copyin_umtx_time( 3272 uap->uaddr2, (size_t)uap->uaddr1, &timeout); 3273 if (error != 0) 3274 return (error); 3275 tm_p = &timeout; 3276 } 3277 return do_lock_umutex(td, uap->obj, tm_p, 0); 3278 } 3279 3280 static int 3281 __umtx_op_trylock_umutex(struct thread *td, struct _umtx_op_args *uap) 3282 { 3283 return do_lock_umutex(td, uap->obj, NULL, _UMUTEX_TRY); 3284 } 3285 3286 static int 3287 __umtx_op_wait_umutex(struct thread *td, struct _umtx_op_args *uap) 3288 { 3289 struct _umtx_time *tm_p, timeout; 3290 int error; 3291 3292 /* Allow a null timespec (wait forever). */ 3293 if (uap->uaddr2 == NULL) 3294 tm_p = NULL; 3295 else { 3296 error = umtx_copyin_umtx_time( 3297 uap->uaddr2, (size_t)uap->uaddr1, &timeout); 3298 if (error != 0) 3299 return (error); 3300 tm_p = &timeout; 3301 } 3302 return do_lock_umutex(td, uap->obj, tm_p, _UMUTEX_WAIT); 3303 } 3304 3305 static int 3306 __umtx_op_wake_umutex(struct thread *td, struct _umtx_op_args *uap) 3307 { 3308 return do_wake_umutex(td, uap->obj); 3309 } 3310 3311 static int 3312 __umtx_op_unlock_umutex(struct thread *td, struct _umtx_op_args *uap) 3313 { 3314 return do_unlock_umutex(td, uap->obj); 3315 } 3316 3317 static int 3318 __umtx_op_set_ceiling(struct thread *td, struct _umtx_op_args *uap) 3319 { 3320 return do_set_ceiling(td, uap->obj, uap->val, uap->uaddr1); 3321 } 3322 3323 static int 3324 __umtx_op_cv_wait(struct thread *td, struct _umtx_op_args *uap) 3325 { 3326 struct timespec *ts, timeout; 3327 int error; 3328 3329 /* Allow a null timespec (wait forever). */ 3330 if (uap->uaddr2 == NULL) 3331 ts = NULL; 3332 else { 3333 error = umtx_copyin_timeout(uap->uaddr2, &timeout); 3334 if (error != 0) 3335 return (error); 3336 ts = &timeout; 3337 } 3338 return (do_cv_wait(td, uap->obj, uap->uaddr1, ts, uap->val)); 3339 } 3340 3341 static int 3342 __umtx_op_cv_signal(struct thread *td, struct _umtx_op_args *uap) 3343 { 3344 return do_cv_signal(td, uap->obj); 3345 } 3346 3347 static int 3348 __umtx_op_cv_broadcast(struct thread *td, struct _umtx_op_args *uap) 3349 { 3350 return do_cv_broadcast(td, uap->obj); 3351 } 3352 3353 static int 3354 __umtx_op_rw_rdlock(struct thread *td, struct _umtx_op_args *uap) 3355 { 3356 struct _umtx_time timeout; 3357 int error; 3358 3359 /* Allow a null timespec (wait forever). */ 3360 if (uap->uaddr2 == NULL) { 3361 error = do_rw_rdlock(td, uap->obj, uap->val, 0); 3362 } else { 3363 error = umtx_copyin_umtx_time(uap->uaddr2, 3364 (size_t)uap->uaddr1, &timeout); 3365 if (error != 0) 3366 return (error); 3367 error = do_rw_rdlock(td, uap->obj, uap->val, &timeout); 3368 } 3369 return (error); 3370 } 3371 3372 static int 3373 __umtx_op_rw_wrlock(struct thread *td, struct _umtx_op_args *uap) 3374 { 3375 struct _umtx_time timeout; 3376 int error; 3377 3378 /* Allow a null timespec (wait forever). */ 3379 if (uap->uaddr2 == NULL) { 3380 error = do_rw_wrlock(td, uap->obj, 0); 3381 } else { 3382 error = umtx_copyin_umtx_time(uap->uaddr2, 3383 (size_t)uap->uaddr1, &timeout); 3384 if (error != 0) 3385 return (error); 3386 3387 error = do_rw_wrlock(td, uap->obj, &timeout); 3388 } 3389 return (error); 3390 } 3391 3392 static int 3393 __umtx_op_rw_unlock(struct thread *td, struct _umtx_op_args *uap) 3394 { 3395 return do_rw_unlock(td, uap->obj); 3396 } 3397 3398 #if defined(COMPAT_FREEBSD9) || defined(COMPAT_FREEBSD10) 3399 static int 3400 __umtx_op_sem_wait(struct thread *td, struct _umtx_op_args *uap) 3401 { 3402 struct _umtx_time *tm_p, timeout; 3403 int error; 3404 3405 /* Allow a null timespec (wait forever). */ 3406 if (uap->uaddr2 == NULL) 3407 tm_p = NULL; 3408 else { 3409 error = umtx_copyin_umtx_time( 3410 uap->uaddr2, (size_t)uap->uaddr1, &timeout); 3411 if (error != 0) 3412 return (error); 3413 tm_p = &timeout; 3414 } 3415 return (do_sem_wait(td, uap->obj, tm_p)); 3416 } 3417 3418 static int 3419 __umtx_op_sem_wake(struct thread *td, struct _umtx_op_args *uap) 3420 { 3421 3422 return (do_sem_wake(td, uap->obj)); 3423 } 3424 #endif 3425 3426 static int 3427 __umtx_op_wake2_umutex(struct thread *td, struct _umtx_op_args *uap) 3428 { 3429 3430 return (do_wake2_umutex(td, uap->obj, uap->val)); 3431 } 3432 3433 static int 3434 __umtx_op_sem2_wait(struct thread *td, struct _umtx_op_args *uap) 3435 { 3436 struct _umtx_time *tm_p, timeout; 3437 int error; 3438 3439 /* Allow a null timespec (wait forever). */ 3440 if (uap->uaddr2 == NULL) 3441 tm_p = NULL; 3442 else { 3443 error = umtx_copyin_umtx_time( 3444 uap->uaddr2, (size_t)uap->uaddr1, &timeout); 3445 if (error != 0) 3446 return (error); 3447 tm_p = &timeout; 3448 } 3449 return (do_sem2_wait(td, uap->obj, tm_p)); 3450 } 3451 3452 static int 3453 __umtx_op_sem2_wake(struct thread *td, struct _umtx_op_args *uap) 3454 { 3455 3456 return (do_sem2_wake(td, uap->obj)); 3457 } 3458 3459 #define USHM_OBJ_UMTX(o) \ 3460 ((struct umtx_shm_obj_list *)(&(o)->umtx_data)) 3461 3462 #define USHMF_REG_LINKED 0x0001 3463 #define USHMF_OBJ_LINKED 0x0002 3464 struct umtx_shm_reg { 3465 TAILQ_ENTRY(umtx_shm_reg) ushm_reg_link; 3466 LIST_ENTRY(umtx_shm_reg) ushm_obj_link; 3467 struct umtx_key ushm_key; 3468 struct ucred *ushm_cred; 3469 struct shmfd *ushm_obj; 3470 u_int ushm_refcnt; 3471 u_int ushm_flags; 3472 }; 3473 3474 LIST_HEAD(umtx_shm_obj_list, umtx_shm_reg); 3475 TAILQ_HEAD(umtx_shm_reg_head, umtx_shm_reg); 3476 3477 static uma_zone_t umtx_shm_reg_zone; 3478 static struct umtx_shm_reg_head umtx_shm_registry[UMTX_CHAINS]; 3479 static struct mtx umtx_shm_lock; 3480 static struct umtx_shm_reg_head umtx_shm_reg_delfree = 3481 TAILQ_HEAD_INITIALIZER(umtx_shm_reg_delfree); 3482 3483 static void umtx_shm_free_reg(struct umtx_shm_reg *reg); 3484 3485 static void 3486 umtx_shm_reg_delfree_tq(void *context __unused, int pending __unused) 3487 { 3488 struct umtx_shm_reg_head d; 3489 struct umtx_shm_reg *reg, *reg1; 3490 3491 TAILQ_INIT(&d); 3492 mtx_lock(&umtx_shm_lock); 3493 TAILQ_CONCAT(&d, &umtx_shm_reg_delfree, ushm_reg_link); 3494 mtx_unlock(&umtx_shm_lock); 3495 TAILQ_FOREACH_SAFE(reg, &d, ushm_reg_link, reg1) { 3496 TAILQ_REMOVE(&d, reg, ushm_reg_link); 3497 umtx_shm_free_reg(reg); 3498 } 3499 } 3500 3501 static struct task umtx_shm_reg_delfree_task = 3502 TASK_INITIALIZER(0, umtx_shm_reg_delfree_tq, NULL); 3503 3504 static struct umtx_shm_reg * 3505 umtx_shm_find_reg_locked(const struct umtx_key *key) 3506 { 3507 struct umtx_shm_reg *reg; 3508 struct umtx_shm_reg_head *reg_head; 3509 3510 KASSERT(key->shared, ("umtx_p_find_rg: private key")); 3511 mtx_assert(&umtx_shm_lock, MA_OWNED); 3512 reg_head = &umtx_shm_registry[key->hash]; 3513 TAILQ_FOREACH(reg, reg_head, ushm_reg_link) { 3514 KASSERT(reg->ushm_key.shared, 3515 ("non-shared key on reg %p %d", reg, reg->ushm_key.shared)); 3516 if (reg->ushm_key.info.shared.object == 3517 key->info.shared.object && 3518 reg->ushm_key.info.shared.offset == 3519 key->info.shared.offset) { 3520 KASSERT(reg->ushm_key.type == TYPE_SHM, ("TYPE_USHM")); 3521 KASSERT(reg->ushm_refcnt > 0, 3522 ("reg %p refcnt 0 onlist", reg)); 3523 KASSERT((reg->ushm_flags & USHMF_REG_LINKED) != 0, 3524 ("reg %p not linked", reg)); 3525 reg->ushm_refcnt++; 3526 return (reg); 3527 } 3528 } 3529 return (NULL); 3530 } 3531 3532 static struct umtx_shm_reg * 3533 umtx_shm_find_reg(const struct umtx_key *key) 3534 { 3535 struct umtx_shm_reg *reg; 3536 3537 mtx_lock(&umtx_shm_lock); 3538 reg = umtx_shm_find_reg_locked(key); 3539 mtx_unlock(&umtx_shm_lock); 3540 return (reg); 3541 } 3542 3543 static void 3544 umtx_shm_free_reg(struct umtx_shm_reg *reg) 3545 { 3546 3547 chgumtxcnt(reg->ushm_cred->cr_ruidinfo, -1, 0); 3548 crfree(reg->ushm_cred); 3549 shm_drop(reg->ushm_obj); 3550 uma_zfree(umtx_shm_reg_zone, reg); 3551 } 3552 3553 static bool 3554 umtx_shm_unref_reg_locked(struct umtx_shm_reg *reg, bool force) 3555 { 3556 bool res; 3557 3558 mtx_assert(&umtx_shm_lock, MA_OWNED); 3559 KASSERT(reg->ushm_refcnt > 0, ("ushm_reg %p refcnt 0", reg)); 3560 reg->ushm_refcnt--; 3561 res = reg->ushm_refcnt == 0; 3562 if (res || force) { 3563 if ((reg->ushm_flags & USHMF_REG_LINKED) != 0) { 3564 TAILQ_REMOVE(&umtx_shm_registry[reg->ushm_key.hash], 3565 reg, ushm_reg_link); 3566 reg->ushm_flags &= ~USHMF_REG_LINKED; 3567 } 3568 if ((reg->ushm_flags & USHMF_OBJ_LINKED) != 0) { 3569 LIST_REMOVE(reg, ushm_obj_link); 3570 reg->ushm_flags &= ~USHMF_OBJ_LINKED; 3571 } 3572 } 3573 return (res); 3574 } 3575 3576 static void 3577 umtx_shm_unref_reg(struct umtx_shm_reg *reg, bool force) 3578 { 3579 vm_object_t object; 3580 bool dofree; 3581 3582 if (force) { 3583 object = reg->ushm_obj->shm_object; 3584 VM_OBJECT_WLOCK(object); 3585 object->flags |= OBJ_UMTXDEAD; 3586 VM_OBJECT_WUNLOCK(object); 3587 } 3588 mtx_lock(&umtx_shm_lock); 3589 dofree = umtx_shm_unref_reg_locked(reg, force); 3590 mtx_unlock(&umtx_shm_lock); 3591 if (dofree) 3592 umtx_shm_free_reg(reg); 3593 } 3594 3595 void 3596 umtx_shm_object_init(vm_object_t object) 3597 { 3598 3599 LIST_INIT(USHM_OBJ_UMTX(object)); 3600 } 3601 3602 void 3603 umtx_shm_object_terminated(vm_object_t object) 3604 { 3605 struct umtx_shm_reg *reg, *reg1; 3606 bool dofree; 3607 3608 dofree = false; 3609 mtx_lock(&umtx_shm_lock); 3610 LIST_FOREACH_SAFE(reg, USHM_OBJ_UMTX(object), ushm_obj_link, reg1) { 3611 if (umtx_shm_unref_reg_locked(reg, true)) { 3612 TAILQ_INSERT_TAIL(&umtx_shm_reg_delfree, reg, 3613 ushm_reg_link); 3614 dofree = true; 3615 } 3616 } 3617 mtx_unlock(&umtx_shm_lock); 3618 if (dofree) 3619 taskqueue_enqueue(taskqueue_thread, &umtx_shm_reg_delfree_task); 3620 } 3621 3622 static int 3623 umtx_shm_create_reg(struct thread *td, const struct umtx_key *key, 3624 struct umtx_shm_reg **res) 3625 { 3626 struct umtx_shm_reg *reg, *reg1; 3627 struct ucred *cred; 3628 int error; 3629 3630 reg = umtx_shm_find_reg(key); 3631 if (reg != NULL) { 3632 *res = reg; 3633 return (0); 3634 } 3635 cred = td->td_ucred; 3636 if (!chgumtxcnt(cred->cr_ruidinfo, 1, lim_cur(td, RLIMIT_UMTXP))) 3637 return (ENOMEM); 3638 reg = uma_zalloc(umtx_shm_reg_zone, M_WAITOK | M_ZERO); 3639 reg->ushm_refcnt = 1; 3640 bcopy(key, ®->ushm_key, sizeof(*key)); 3641 reg->ushm_obj = shm_alloc(td->td_ucred, O_RDWR); 3642 reg->ushm_cred = crhold(cred); 3643 error = shm_dotruncate(reg->ushm_obj, PAGE_SIZE); 3644 if (error != 0) { 3645 umtx_shm_free_reg(reg); 3646 return (error); 3647 } 3648 mtx_lock(&umtx_shm_lock); 3649 reg1 = umtx_shm_find_reg_locked(key); 3650 if (reg1 != NULL) { 3651 mtx_unlock(&umtx_shm_lock); 3652 umtx_shm_free_reg(reg); 3653 *res = reg1; 3654 return (0); 3655 } 3656 reg->ushm_refcnt++; 3657 TAILQ_INSERT_TAIL(&umtx_shm_registry[key->hash], reg, ushm_reg_link); 3658 LIST_INSERT_HEAD(USHM_OBJ_UMTX(key->info.shared.object), reg, 3659 ushm_obj_link); 3660 reg->ushm_flags = USHMF_REG_LINKED | USHMF_OBJ_LINKED; 3661 mtx_unlock(&umtx_shm_lock); 3662 *res = reg; 3663 return (0); 3664 } 3665 3666 static int 3667 umtx_shm_alive(struct thread *td, void *addr) 3668 { 3669 vm_map_t map; 3670 vm_map_entry_t entry; 3671 vm_object_t object; 3672 vm_pindex_t pindex; 3673 vm_prot_t prot; 3674 int res, ret; 3675 boolean_t wired; 3676 3677 map = &td->td_proc->p_vmspace->vm_map; 3678 res = vm_map_lookup(&map, (uintptr_t)addr, VM_PROT_READ, &entry, 3679 &object, &pindex, &prot, &wired); 3680 if (res != KERN_SUCCESS) 3681 return (EFAULT); 3682 if (object == NULL) 3683 ret = EINVAL; 3684 else 3685 ret = (object->flags & OBJ_UMTXDEAD) != 0 ? ENOTTY : 0; 3686 vm_map_lookup_done(map, entry); 3687 return (ret); 3688 } 3689 3690 static void 3691 umtx_shm_init(void) 3692 { 3693 int i; 3694 3695 umtx_shm_reg_zone = uma_zcreate("umtx_shm", sizeof(struct umtx_shm_reg), 3696 NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, 0); 3697 mtx_init(&umtx_shm_lock, "umtxshm", NULL, MTX_DEF); 3698 for (i = 0; i < nitems(umtx_shm_registry); i++) 3699 TAILQ_INIT(&umtx_shm_registry[i]); 3700 } 3701 3702 static int 3703 umtx_shm(struct thread *td, void *addr, u_int flags) 3704 { 3705 struct umtx_key key; 3706 struct umtx_shm_reg *reg; 3707 struct file *fp; 3708 int error, fd; 3709 3710 if (__bitcount(flags & (UMTX_SHM_CREAT | UMTX_SHM_LOOKUP | 3711 UMTX_SHM_DESTROY| UMTX_SHM_ALIVE)) != 1) 3712 return (EINVAL); 3713 if ((flags & UMTX_SHM_ALIVE) != 0) 3714 return (umtx_shm_alive(td, addr)); 3715 error = umtx_key_get(addr, TYPE_SHM, PROCESS_SHARE, &key); 3716 if (error != 0) 3717 return (error); 3718 KASSERT(key.shared == 1, ("non-shared key")); 3719 if ((flags & UMTX_SHM_CREAT) != 0) { 3720 error = umtx_shm_create_reg(td, &key, ®); 3721 } else { 3722 reg = umtx_shm_find_reg(&key); 3723 if (reg == NULL) 3724 error = ESRCH; 3725 } 3726 umtx_key_release(&key); 3727 if (error != 0) 3728 return (error); 3729 KASSERT(reg != NULL, ("no reg")); 3730 if ((flags & UMTX_SHM_DESTROY) != 0) { 3731 umtx_shm_unref_reg(reg, true); 3732 } else { 3733 #if 0 3734 #ifdef MAC 3735 error = mac_posixshm_check_open(td->td_ucred, 3736 reg->ushm_obj, FFLAGS(O_RDWR)); 3737 if (error == 0) 3738 #endif 3739 error = shm_access(reg->ushm_obj, td->td_ucred, 3740 FFLAGS(O_RDWR)); 3741 if (error == 0) 3742 #endif 3743 error = falloc_caps(td, &fp, &fd, O_CLOEXEC, NULL); 3744 if (error == 0) { 3745 shm_hold(reg->ushm_obj); 3746 finit(fp, FFLAGS(O_RDWR), DTYPE_SHM, reg->ushm_obj, 3747 &shm_ops); 3748 td->td_retval[0] = fd; 3749 fdrop(fp, td); 3750 } 3751 } 3752 umtx_shm_unref_reg(reg, false); 3753 return (error); 3754 } 3755 3756 static int 3757 __umtx_op_shm(struct thread *td, struct _umtx_op_args *uap) 3758 { 3759 3760 return (umtx_shm(td, uap->uaddr1, uap->val)); 3761 } 3762 3763 typedef int (*_umtx_op_func)(struct thread *td, struct _umtx_op_args *uap); 3764 3765 static const _umtx_op_func op_table[] = { 3766 [UMTX_OP_RESERVED0] = __umtx_op_unimpl, 3767 [UMTX_OP_RESERVED1] = __umtx_op_unimpl, 3768 [UMTX_OP_WAIT] = __umtx_op_wait, 3769 [UMTX_OP_WAKE] = __umtx_op_wake, 3770 [UMTX_OP_MUTEX_TRYLOCK] = __umtx_op_trylock_umutex, 3771 [UMTX_OP_MUTEX_LOCK] = __umtx_op_lock_umutex, 3772 [UMTX_OP_MUTEX_UNLOCK] = __umtx_op_unlock_umutex, 3773 [UMTX_OP_SET_CEILING] = __umtx_op_set_ceiling, 3774 [UMTX_OP_CV_WAIT] = __umtx_op_cv_wait, 3775 [UMTX_OP_CV_SIGNAL] = __umtx_op_cv_signal, 3776 [UMTX_OP_CV_BROADCAST] = __umtx_op_cv_broadcast, 3777 [UMTX_OP_WAIT_UINT] = __umtx_op_wait_uint, 3778 [UMTX_OP_RW_RDLOCK] = __umtx_op_rw_rdlock, 3779 [UMTX_OP_RW_WRLOCK] = __umtx_op_rw_wrlock, 3780 [UMTX_OP_RW_UNLOCK] = __umtx_op_rw_unlock, 3781 [UMTX_OP_WAIT_UINT_PRIVATE] = __umtx_op_wait_uint_private, 3782 [UMTX_OP_WAKE_PRIVATE] = __umtx_op_wake_private, 3783 [UMTX_OP_MUTEX_WAIT] = __umtx_op_wait_umutex, 3784 [UMTX_OP_MUTEX_WAKE] = __umtx_op_wake_umutex, 3785 #if defined(COMPAT_FREEBSD9) || defined(COMPAT_FREEBSD10) 3786 [UMTX_OP_SEM_WAIT] = __umtx_op_sem_wait, 3787 [UMTX_OP_SEM_WAKE] = __umtx_op_sem_wake, 3788 #else 3789 [UMTX_OP_SEM_WAIT] = __umtx_op_unimpl, 3790 [UMTX_OP_SEM_WAKE] = __umtx_op_unimpl, 3791 #endif 3792 [UMTX_OP_NWAKE_PRIVATE] = __umtx_op_nwake_private, 3793 [UMTX_OP_MUTEX_WAKE2] = __umtx_op_wake2_umutex, 3794 [UMTX_OP_SEM2_WAIT] = __umtx_op_sem2_wait, 3795 [UMTX_OP_SEM2_WAKE] = __umtx_op_sem2_wake, 3796 [UMTX_OP_SHM] = __umtx_op_shm, 3797 }; 3798 3799 int 3800 sys__umtx_op(struct thread *td, struct _umtx_op_args *uap) 3801 { 3802 3803 if ((unsigned)uap->op < nitems(op_table)) 3804 return (*op_table[uap->op])(td, uap); 3805 return (EINVAL); 3806 } 3807 3808 #ifdef COMPAT_FREEBSD32 3809 3810 struct timespec32 { 3811 int32_t tv_sec; 3812 int32_t tv_nsec; 3813 }; 3814 3815 struct umtx_time32 { 3816 struct timespec32 timeout; 3817 uint32_t flags; 3818 uint32_t clockid; 3819 }; 3820 3821 static inline int 3822 umtx_copyin_timeout32(void *addr, struct timespec *tsp) 3823 { 3824 struct timespec32 ts32; 3825 int error; 3826 3827 error = copyin(addr, &ts32, sizeof(struct timespec32)); 3828 if (error == 0) { 3829 if (ts32.tv_sec < 0 || 3830 ts32.tv_nsec >= 1000000000 || 3831 ts32.tv_nsec < 0) 3832 error = EINVAL; 3833 else { 3834 tsp->tv_sec = ts32.tv_sec; 3835 tsp->tv_nsec = ts32.tv_nsec; 3836 } 3837 } 3838 return (error); 3839 } 3840 3841 static inline int 3842 umtx_copyin_umtx_time32(const void *addr, size_t size, struct _umtx_time *tp) 3843 { 3844 struct umtx_time32 t32; 3845 int error; 3846 3847 t32.clockid = CLOCK_REALTIME; 3848 t32.flags = 0; 3849 if (size <= sizeof(struct timespec32)) 3850 error = copyin(addr, &t32.timeout, sizeof(struct timespec32)); 3851 else 3852 error = copyin(addr, &t32, sizeof(struct umtx_time32)); 3853 if (error != 0) 3854 return (error); 3855 if (t32.timeout.tv_sec < 0 || 3856 t32.timeout.tv_nsec >= 1000000000 || t32.timeout.tv_nsec < 0) 3857 return (EINVAL); 3858 tp->_timeout.tv_sec = t32.timeout.tv_sec; 3859 tp->_timeout.tv_nsec = t32.timeout.tv_nsec; 3860 tp->_flags = t32.flags; 3861 tp->_clockid = t32.clockid; 3862 return (0); 3863 } 3864 3865 static int 3866 __umtx_op_wait_compat32(struct thread *td, struct _umtx_op_args *uap) 3867 { 3868 struct _umtx_time *tm_p, timeout; 3869 int error; 3870 3871 if (uap->uaddr2 == NULL) 3872 tm_p = NULL; 3873 else { 3874 error = umtx_copyin_umtx_time32(uap->uaddr2, 3875 (size_t)uap->uaddr1, &timeout); 3876 if (error != 0) 3877 return (error); 3878 tm_p = &timeout; 3879 } 3880 return do_wait(td, uap->obj, uap->val, tm_p, 1, 0); 3881 } 3882 3883 static int 3884 __umtx_op_lock_umutex_compat32(struct thread *td, struct _umtx_op_args *uap) 3885 { 3886 struct _umtx_time *tm_p, timeout; 3887 int error; 3888 3889 /* Allow a null timespec (wait forever). */ 3890 if (uap->uaddr2 == NULL) 3891 tm_p = NULL; 3892 else { 3893 error = umtx_copyin_umtx_time(uap->uaddr2, 3894 (size_t)uap->uaddr1, &timeout); 3895 if (error != 0) 3896 return (error); 3897 tm_p = &timeout; 3898 } 3899 return do_lock_umutex(td, uap->obj, tm_p, 0); 3900 } 3901 3902 static int 3903 __umtx_op_wait_umutex_compat32(struct thread *td, struct _umtx_op_args *uap) 3904 { 3905 struct _umtx_time *tm_p, timeout; 3906 int error; 3907 3908 /* Allow a null timespec (wait forever). */ 3909 if (uap->uaddr2 == NULL) 3910 tm_p = NULL; 3911 else { 3912 error = umtx_copyin_umtx_time32(uap->uaddr2, 3913 (size_t)uap->uaddr1, &timeout); 3914 if (error != 0) 3915 return (error); 3916 tm_p = &timeout; 3917 } 3918 return do_lock_umutex(td, uap->obj, tm_p, _UMUTEX_WAIT); 3919 } 3920 3921 static int 3922 __umtx_op_cv_wait_compat32(struct thread *td, struct _umtx_op_args *uap) 3923 { 3924 struct timespec *ts, timeout; 3925 int error; 3926 3927 /* Allow a null timespec (wait forever). */ 3928 if (uap->uaddr2 == NULL) 3929 ts = NULL; 3930 else { 3931 error = umtx_copyin_timeout32(uap->uaddr2, &timeout); 3932 if (error != 0) 3933 return (error); 3934 ts = &timeout; 3935 } 3936 return (do_cv_wait(td, uap->obj, uap->uaddr1, ts, uap->val)); 3937 } 3938 3939 static int 3940 __umtx_op_rw_rdlock_compat32(struct thread *td, struct _umtx_op_args *uap) 3941 { 3942 struct _umtx_time timeout; 3943 int error; 3944 3945 /* Allow a null timespec (wait forever). */ 3946 if (uap->uaddr2 == NULL) { 3947 error = do_rw_rdlock(td, uap->obj, uap->val, 0); 3948 } else { 3949 error = umtx_copyin_umtx_time32(uap->uaddr2, 3950 (size_t)uap->uaddr1, &timeout); 3951 if (error != 0) 3952 return (error); 3953 error = do_rw_rdlock(td, uap->obj, uap->val, &timeout); 3954 } 3955 return (error); 3956 } 3957 3958 static int 3959 __umtx_op_rw_wrlock_compat32(struct thread *td, struct _umtx_op_args *uap) 3960 { 3961 struct _umtx_time timeout; 3962 int error; 3963 3964 /* Allow a null timespec (wait forever). */ 3965 if (uap->uaddr2 == NULL) { 3966 error = do_rw_wrlock(td, uap->obj, 0); 3967 } else { 3968 error = umtx_copyin_umtx_time32(uap->uaddr2, 3969 (size_t)uap->uaddr1, &timeout); 3970 if (error != 0) 3971 return (error); 3972 error = do_rw_wrlock(td, uap->obj, &timeout); 3973 } 3974 return (error); 3975 } 3976 3977 static int 3978 __umtx_op_wait_uint_private_compat32(struct thread *td, struct _umtx_op_args *uap) 3979 { 3980 struct _umtx_time *tm_p, timeout; 3981 int error; 3982 3983 if (uap->uaddr2 == NULL) 3984 tm_p = NULL; 3985 else { 3986 error = umtx_copyin_umtx_time32( 3987 uap->uaddr2, (size_t)uap->uaddr1,&timeout); 3988 if (error != 0) 3989 return (error); 3990 tm_p = &timeout; 3991 } 3992 return do_wait(td, uap->obj, uap->val, tm_p, 1, 1); 3993 } 3994 3995 #if defined(COMPAT_FREEBSD9) || defined(COMPAT_FREEBSD10) 3996 static int 3997 __umtx_op_sem_wait_compat32(struct thread *td, struct _umtx_op_args *uap) 3998 { 3999 struct _umtx_time *tm_p, timeout; 4000 int error; 4001 4002 /* Allow a null timespec (wait forever). */ 4003 if (uap->uaddr2 == NULL) 4004 tm_p = NULL; 4005 else { 4006 error = umtx_copyin_umtx_time32(uap->uaddr2, 4007 (size_t)uap->uaddr1, &timeout); 4008 if (error != 0) 4009 return (error); 4010 tm_p = &timeout; 4011 } 4012 return (do_sem_wait(td, uap->obj, tm_p)); 4013 } 4014 #endif 4015 4016 static int 4017 __umtx_op_sem2_wait_compat32(struct thread *td, struct _umtx_op_args *uap) 4018 { 4019 struct _umtx_time *tm_p, timeout; 4020 int error; 4021 4022 /* Allow a null timespec (wait forever). */ 4023 if (uap->uaddr2 == NULL) 4024 tm_p = NULL; 4025 else { 4026 error = umtx_copyin_umtx_time32(uap->uaddr2, 4027 (size_t)uap->uaddr1, &timeout); 4028 if (error != 0) 4029 return (error); 4030 tm_p = &timeout; 4031 } 4032 return (do_sem2_wait(td, uap->obj, tm_p)); 4033 } 4034 4035 static int 4036 __umtx_op_nwake_private32(struct thread *td, struct _umtx_op_args *uap) 4037 { 4038 int count = uap->val; 4039 uint32_t uaddrs[BATCH_SIZE]; 4040 uint32_t **upp = (uint32_t **)uap->obj; 4041 int tocopy; 4042 int error = 0; 4043 int i, pos = 0; 4044 4045 while (count > 0) { 4046 tocopy = count; 4047 if (tocopy > BATCH_SIZE) 4048 tocopy = BATCH_SIZE; 4049 error = copyin(upp+pos, uaddrs, tocopy * sizeof(uint32_t)); 4050 if (error != 0) 4051 break; 4052 for (i = 0; i < tocopy; ++i) 4053 kern_umtx_wake(td, (void *)(intptr_t)uaddrs[i], 4054 INT_MAX, 1); 4055 count -= tocopy; 4056 pos += tocopy; 4057 } 4058 return (error); 4059 } 4060 4061 static const _umtx_op_func op_table_compat32[] = { 4062 [UMTX_OP_RESERVED0] = __umtx_op_unimpl, 4063 [UMTX_OP_RESERVED1] = __umtx_op_unimpl, 4064 [UMTX_OP_WAIT] = __umtx_op_wait_compat32, 4065 [UMTX_OP_WAKE] = __umtx_op_wake, 4066 [UMTX_OP_MUTEX_TRYLOCK] = __umtx_op_trylock_umutex, 4067 [UMTX_OP_MUTEX_LOCK] = __umtx_op_lock_umutex_compat32, 4068 [UMTX_OP_MUTEX_UNLOCK] = __umtx_op_unlock_umutex, 4069 [UMTX_OP_SET_CEILING] = __umtx_op_set_ceiling, 4070 [UMTX_OP_CV_WAIT] = __umtx_op_cv_wait_compat32, 4071 [UMTX_OP_CV_SIGNAL] = __umtx_op_cv_signal, 4072 [UMTX_OP_CV_BROADCAST] = __umtx_op_cv_broadcast, 4073 [UMTX_OP_WAIT_UINT] = __umtx_op_wait_compat32, 4074 [UMTX_OP_RW_RDLOCK] = __umtx_op_rw_rdlock_compat32, 4075 [UMTX_OP_RW_WRLOCK] = __umtx_op_rw_wrlock_compat32, 4076 [UMTX_OP_RW_UNLOCK] = __umtx_op_rw_unlock, 4077 [UMTX_OP_WAIT_UINT_PRIVATE] = __umtx_op_wait_uint_private_compat32, 4078 [UMTX_OP_WAKE_PRIVATE] = __umtx_op_wake_private, 4079 [UMTX_OP_MUTEX_WAIT] = __umtx_op_wait_umutex_compat32, 4080 [UMTX_OP_MUTEX_WAKE] = __umtx_op_wake_umutex, 4081 #if defined(COMPAT_FREEBSD9) || defined(COMPAT_FREEBSD10) 4082 [UMTX_OP_SEM_WAIT] = __umtx_op_sem_wait_compat32, 4083 [UMTX_OP_SEM_WAKE] = __umtx_op_sem_wake, 4084 #else 4085 [UMTX_OP_SEM_WAIT] = __umtx_op_unimpl, 4086 [UMTX_OP_SEM_WAKE] = __umtx_op_unimpl, 4087 #endif 4088 [UMTX_OP_NWAKE_PRIVATE] = __umtx_op_nwake_private32, 4089 [UMTX_OP_MUTEX_WAKE2] = __umtx_op_wake2_umutex, 4090 [UMTX_OP_SEM2_WAIT] = __umtx_op_sem2_wait_compat32, 4091 [UMTX_OP_SEM2_WAKE] = __umtx_op_sem2_wake, 4092 [UMTX_OP_SHM] = __umtx_op_shm, 4093 }; 4094 4095 int 4096 freebsd32_umtx_op(struct thread *td, struct freebsd32_umtx_op_args *uap) 4097 { 4098 4099 if ((unsigned)uap->op < nitems(op_table_compat32)) { 4100 return (*op_table_compat32[uap->op])(td, 4101 (struct _umtx_op_args *)uap); 4102 } 4103 return (EINVAL); 4104 } 4105 #endif 4106 4107 void 4108 umtx_thread_init(struct thread *td) 4109 { 4110 td->td_umtxq = umtxq_alloc(); 4111 td->td_umtxq->uq_thread = td; 4112 } 4113 4114 void 4115 umtx_thread_fini(struct thread *td) 4116 { 4117 umtxq_free(td->td_umtxq); 4118 } 4119 4120 /* 4121 * It will be called when new thread is created, e.g fork(). 4122 */ 4123 void 4124 umtx_thread_alloc(struct thread *td) 4125 { 4126 struct umtx_q *uq; 4127 4128 uq = td->td_umtxq; 4129 uq->uq_inherited_pri = PRI_MAX; 4130 4131 KASSERT(uq->uq_flags == 0, ("uq_flags != 0")); 4132 KASSERT(uq->uq_thread == td, ("uq_thread != td")); 4133 KASSERT(uq->uq_pi_blocked == NULL, ("uq_pi_blocked != NULL")); 4134 KASSERT(TAILQ_EMPTY(&uq->uq_pi_contested), ("uq_pi_contested is not empty")); 4135 } 4136 4137 /* 4138 * exec() hook. 4139 */ 4140 static void 4141 umtx_exec_hook(void *arg __unused, struct proc *p __unused, 4142 struct image_params *imgp __unused) 4143 { 4144 umtx_thread_cleanup(curthread); 4145 } 4146 4147 /* 4148 * thread_exit() hook. 4149 */ 4150 void 4151 umtx_thread_exit(struct thread *td) 4152 { 4153 umtx_thread_cleanup(td); 4154 } 4155 4156 /* 4157 * clean up umtx data. 4158 */ 4159 static void 4160 umtx_thread_cleanup(struct thread *td) 4161 { 4162 struct umtx_q *uq; 4163 struct umtx_pi *pi; 4164 4165 if ((uq = td->td_umtxq) == NULL) 4166 return; 4167 4168 mtx_lock(&umtx_lock); 4169 uq->uq_inherited_pri = PRI_MAX; 4170 while ((pi = TAILQ_FIRST(&uq->uq_pi_contested)) != NULL) { 4171 pi->pi_owner = NULL; 4172 TAILQ_REMOVE(&uq->uq_pi_contested, pi, pi_link); 4173 } 4174 mtx_unlock(&umtx_lock); 4175 thread_lock(td); 4176 sched_lend_user_prio(td, PRI_MAX); 4177 thread_unlock(td); 4178 } 4179