2 * SPDX-License-Identifier: BSD-2-Clause
4 * Copyright (c) 2015, 2016 The FreeBSD Foundation
5 * Copyright (c) 2004, David Xu <davidxu@freebsd.org>
6 * Copyright (c) 2002, Jeffrey Roberson <jeff@freebsd.org>
9 * Portions of this software were developed by Konstantin Belousov
10 * under sponsorship from the FreeBSD Foundation.
12 * Redistribution and use in source and binary forms, with or without
13 * modification, are permitted provided that the following conditions
15 * 1. Redistributions of source code must retain the above copyright
16 * notice unmodified, this list of conditions, and the following
18 * 2. Redistributions in binary form must reproduce the above copyright
19 * notice, this list of conditions and the following disclaimer in the
20 * documentation and/or other materials provided with the distribution.
22 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
23 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
24 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
25 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
26 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
27 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
28 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
29 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
30 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
31 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
34 #include <sys/cdefs.h>
35 #include "opt_umtx_profiling.h"
37 #include <sys/param.h>
38 #include <sys/kernel.h>
39 #include <sys/fcntl.h>
41 #include <sys/filedesc.h>
42 #include <sys/limits.h>
44 #include <sys/malloc.h>
46 #include <sys/mutex.h>
49 #include <sys/resource.h>
50 #include <sys/resourcevar.h>
51 #include <sys/rwlock.h>
53 #include <sys/sched.h>
55 #include <sys/sysctl.h>
56 #include <sys/systm.h>
57 #include <sys/sysproto.h>
58 #include <sys/syscallsubr.h>
59 #include <sys/taskqueue.h>
61 #include <sys/eventhandler.h>
63 #include <sys/umtxvar.h>
65 #include <security/mac/mac_framework.h>
68 #include <vm/vm_param.h>
70 #include <vm/vm_map.h>
71 #include <vm/vm_object.h>
73 #include <machine/atomic.h>
74 #include <machine/cpu.h>
76 #include <compat/freebsd32/freebsd32.h>
77 #ifdef COMPAT_FREEBSD32
78 #include <compat/freebsd32/freebsd32_proto.h>
82 #define _UMUTEX_WAIT 2
85 #define UPROF_PERC_BIGGER(w, f, sw, sf) \
86 (((w) > (sw)) || ((w) == (sw) && (f) > (sf)))
89 #define UMTXQ_LOCKED_ASSERT(uc) mtx_assert(&(uc)->uc_lock, MA_OWNED)
91 #define UMTXQ_ASSERT_LOCKED_BUSY(key) do { \
92 struct umtxq_chain *uc; \
94 uc = umtxq_getchain(key); \
95 mtx_assert(&uc->uc_lock, MA_OWNED); \
96 KASSERT(uc->uc_busy != 0, ("umtx chain is not busy")); \
99 #define UMTXQ_ASSERT_LOCKED_BUSY(key) do {} while (0)
103 * Don't propagate time-sharing priority, there is a security reason,
104 * a user can simply introduce PI-mutex, let thread A lock the mutex,
105 * and let another thread B block on the mutex, because B is
106 * sleeping, its priority will be boosted, this causes A's priority to
107 * be boosted via priority propagating too and will never be lowered even
108 * if it is using 100%CPU, this is unfair to other processes.
111 #define UPRI(td) (((td)->td_user_pri >= PRI_MIN_TIMESHARE &&\
112 (td)->td_user_pri <= PRI_MAX_TIMESHARE) ?\
113 PRI_MAX_TIMESHARE : (td)->td_user_pri)
115 #define GOLDEN_RATIO_PRIME 2654404609U
117 #define UMTX_CHAINS 512
119 #define UMTX_SHIFTS (__WORD_BIT - 9)
121 #define GET_SHARE(flags) \
122 (((flags) & USYNC_PROCESS_SHARED) == 0 ? THREAD_SHARE : PROCESS_SHARE)
124 #define BUSY_SPINS 200
126 struct umtx_copyops {
127 int (*copyin_timeout)(const void *uaddr, struct timespec *tsp);
128 int (*copyin_umtx_time)(const void *uaddr, size_t size,
129 struct _umtx_time *tp);
130 int (*copyin_robust_lists)(const void *uaddr, size_t size,
131 struct umtx_robust_lists_params *rbp);
132 int (*copyout_timeout)(void *uaddr, size_t size,
133 struct timespec *tsp);
134 const size_t timespec_sz;
135 const size_t umtx_time_sz;
139 _Static_assert(sizeof(struct umutex) == sizeof(struct umutex32), "umutex32");
140 _Static_assert(__offsetof(struct umutex, m_spare[0]) ==
141 __offsetof(struct umutex32, m_spare[0]), "m_spare32");
143 int umtx_shm_vnobj_persistent = 0;
144 SYSCTL_INT(_kern_ipc, OID_AUTO, umtx_vnode_persistent, CTLFLAG_RWTUN,
145 &umtx_shm_vnobj_persistent, 0,
146 "False forces destruction of umtx attached to file, on last close");
147 static int umtx_max_rb = 1000;
148 SYSCTL_INT(_kern_ipc, OID_AUTO, umtx_max_robust, CTLFLAG_RWTUN,
150 "Maximum number of robust mutexes allowed for each thread");
152 static uma_zone_t umtx_pi_zone;
153 static struct umtxq_chain umtxq_chains[2][UMTX_CHAINS];
154 static MALLOC_DEFINE(M_UMTX, "umtx", "UMTX queue memory");
155 static int umtx_pi_allocated;
157 static SYSCTL_NODE(_debug, OID_AUTO, umtx, CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
159 SYSCTL_INT(_debug_umtx, OID_AUTO, umtx_pi_allocated, CTLFLAG_RD,
160 &umtx_pi_allocated, 0, "Allocated umtx_pi");
161 static int umtx_verbose_rb = 1;
162 SYSCTL_INT(_debug_umtx, OID_AUTO, robust_faults_verbose, CTLFLAG_RWTUN,
166 #ifdef UMTX_PROFILING
167 static long max_length;
168 SYSCTL_LONG(_debug_umtx, OID_AUTO, max_length, CTLFLAG_RD, &max_length, 0, "max_length");
169 static SYSCTL_NODE(_debug_umtx, OID_AUTO, chains, CTLFLAG_RD | CTLFLAG_MPSAFE, 0,
173 static inline void umtx_abs_timeout_init2(struct umtx_abs_timeout *timo,
174 const struct _umtx_time *umtxtime);
176 static void umtx_shm_init(void);
177 static void umtxq_sysinit(void *);
178 static void umtxq_hash(struct umtx_key *key);
179 static int do_unlock_pp(struct thread *td, struct umutex *m, uint32_t flags,
181 static void umtx_thread_cleanup(struct thread *td);
182 SYSINIT(umtx, SI_SUB_EVENTHANDLER+1, SI_ORDER_MIDDLE, umtxq_sysinit, NULL);
184 #define umtxq_signal(key, nwake) umtxq_signal_queue((key), (nwake), UMTX_SHARED_QUEUE)
186 static struct mtx umtx_lock;
188 #ifdef UMTX_PROFILING
190 umtx_init_profiling(void)
192 struct sysctl_oid *chain_oid;
196 for (i = 0; i < UMTX_CHAINS; ++i) {
197 snprintf(chain_name, sizeof(chain_name), "%d", i);
198 chain_oid = SYSCTL_ADD_NODE(NULL,
199 SYSCTL_STATIC_CHILDREN(_debug_umtx_chains), OID_AUTO,
200 chain_name, CTLFLAG_RD | CTLFLAG_MPSAFE, NULL,
202 SYSCTL_ADD_INT(NULL, SYSCTL_CHILDREN(chain_oid), OID_AUTO,
203 "max_length0", CTLFLAG_RD, &umtxq_chains[0][i].max_length, 0, NULL);
204 SYSCTL_ADD_INT(NULL, SYSCTL_CHILDREN(chain_oid), OID_AUTO,
205 "max_length1", CTLFLAG_RD, &umtxq_chains[1][i].max_length, 0, NULL);
210 sysctl_debug_umtx_chains_peaks(SYSCTL_HANDLER_ARGS)
214 struct umtxq_chain *uc;
215 u_int fract, i, j, tot, whole;
216 u_int sf0, sf1, sf2, sf3, sf4;
217 u_int si0, si1, si2, si3, si4;
218 u_int sw0, sw1, sw2, sw3, sw4;
220 sbuf_new(&sb, buf, sizeof(buf), SBUF_FIXEDLEN);
221 for (i = 0; i < 2; i++) {
223 for (j = 0; j < UMTX_CHAINS; ++j) {
224 uc = &umtxq_chains[i][j];
225 mtx_lock(&uc->uc_lock);
226 tot += uc->max_length;
227 mtx_unlock(&uc->uc_lock);
230 sbuf_printf(&sb, "%u) Empty ", i);
232 sf0 = sf1 = sf2 = sf3 = sf4 = 0;
233 si0 = si1 = si2 = si3 = si4 = 0;
234 sw0 = sw1 = sw2 = sw3 = sw4 = 0;
235 for (j = 0; j < UMTX_CHAINS; j++) {
236 uc = &umtxq_chains[i][j];
237 mtx_lock(&uc->uc_lock);
238 whole = uc->max_length * 100;
239 mtx_unlock(&uc->uc_lock);
240 fract = (whole % tot) * 100;
241 if (UPROF_PERC_BIGGER(whole, fract, sw0, sf0)) {
245 } else if (UPROF_PERC_BIGGER(whole, fract, sw1,
250 } else if (UPROF_PERC_BIGGER(whole, fract, sw2,
255 } else if (UPROF_PERC_BIGGER(whole, fract, sw3,
260 } else if (UPROF_PERC_BIGGER(whole, fract, sw4,
267 sbuf_printf(&sb, "queue %u:\n", i);
268 sbuf_printf(&sb, "1st: %u.%u%% idx: %u\n", sw0 / tot,
270 sbuf_printf(&sb, "2nd: %u.%u%% idx: %u\n", sw1 / tot,
272 sbuf_printf(&sb, "3rd: %u.%u%% idx: %u\n", sw2 / tot,
274 sbuf_printf(&sb, "4th: %u.%u%% idx: %u\n", sw3 / tot,
276 sbuf_printf(&sb, "5th: %u.%u%% idx: %u\n", sw4 / tot,
282 sysctl_handle_string(oidp, sbuf_data(&sb), sbuf_len(&sb), req);
288 sysctl_debug_umtx_chains_clear(SYSCTL_HANDLER_ARGS)
290 struct umtxq_chain *uc;
295 error = sysctl_handle_int(oidp, &clear, 0, req);
296 if (error != 0 || req->newptr == NULL)
300 for (i = 0; i < 2; ++i) {
301 for (j = 0; j < UMTX_CHAINS; ++j) {
302 uc = &umtxq_chains[i][j];
303 mtx_lock(&uc->uc_lock);
306 mtx_unlock(&uc->uc_lock);
313 SYSCTL_PROC(_debug_umtx_chains, OID_AUTO, clear,
314 CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE, 0, 0,
315 sysctl_debug_umtx_chains_clear, "I",
316 "Clear umtx chains statistics");
317 SYSCTL_PROC(_debug_umtx_chains, OID_AUTO, peaks,
318 CTLTYPE_STRING | CTLFLAG_RD | CTLFLAG_MPSAFE, 0, 0,
319 sysctl_debug_umtx_chains_peaks, "A",
320 "Highest peaks in chains max length");
324 umtxq_sysinit(void *arg __unused)
328 umtx_pi_zone = uma_zcreate("umtx pi", sizeof(struct umtx_pi),
329 NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, 0);
330 for (i = 0; i < 2; ++i) {
331 for (j = 0; j < UMTX_CHAINS; ++j) {
332 mtx_init(&umtxq_chains[i][j].uc_lock, "umtxql", NULL,
333 MTX_DEF | MTX_DUPOK);
334 LIST_INIT(&umtxq_chains[i][j].uc_queue[0]);
335 LIST_INIT(&umtxq_chains[i][j].uc_queue[1]);
336 LIST_INIT(&umtxq_chains[i][j].uc_spare_queue);
337 TAILQ_INIT(&umtxq_chains[i][j].uc_pi_list);
338 umtxq_chains[i][j].uc_busy = 0;
339 umtxq_chains[i][j].uc_waiters = 0;
340 #ifdef UMTX_PROFILING
341 umtxq_chains[i][j].length = 0;
342 umtxq_chains[i][j].max_length = 0;
346 #ifdef UMTX_PROFILING
347 umtx_init_profiling();
349 mtx_init(&umtx_lock, "umtx lock", NULL, MTX_DEF);
358 uq = malloc(sizeof(struct umtx_q), M_UMTX, M_WAITOK | M_ZERO);
359 uq->uq_spare_queue = malloc(sizeof(struct umtxq_queue), M_UMTX,
361 TAILQ_INIT(&uq->uq_spare_queue->head);
362 TAILQ_INIT(&uq->uq_pi_contested);
363 uq->uq_inherited_pri = PRI_MAX;
368 umtxq_free(struct umtx_q *uq)
371 MPASS(uq->uq_spare_queue != NULL);
372 free(uq->uq_spare_queue, M_UMTX);
377 umtxq_hash(struct umtx_key *key)
381 n = (uintptr_t)key->info.both.a + key->info.both.b;
382 key->hash = ((n * GOLDEN_RATIO_PRIME) >> UMTX_SHIFTS) % UMTX_CHAINS;
386 umtxq_getchain(struct umtx_key *key)
389 if (key->type <= TYPE_SEM)
390 return (&umtxq_chains[1][key->hash]);
391 return (&umtxq_chains[0][key->hash]);
395 * Set chain to busy state when following operation
396 * may be blocked (kernel mutex can not be used).
399 umtxq_busy(struct umtx_key *key)
401 struct umtxq_chain *uc;
403 uc = umtxq_getchain(key);
404 mtx_assert(&uc->uc_lock, MA_OWNED);
408 int count = BUSY_SPINS;
411 while (uc->uc_busy && --count > 0)
417 while (uc->uc_busy) {
419 msleep(uc, &uc->uc_lock, 0, "umtxqb", 0);
430 umtxq_unbusy(struct umtx_key *key)
432 struct umtxq_chain *uc;
434 uc = umtxq_getchain(key);
435 mtx_assert(&uc->uc_lock, MA_OWNED);
436 KASSERT(uc->uc_busy != 0, ("not busy"));
443 umtxq_unbusy_unlocked(struct umtx_key *key)
451 static struct umtxq_queue *
452 umtxq_queue_lookup(struct umtx_key *key, int q)
454 struct umtxq_queue *uh;
455 struct umtxq_chain *uc;
457 uc = umtxq_getchain(key);
458 UMTXQ_LOCKED_ASSERT(uc);
459 LIST_FOREACH(uh, &uc->uc_queue[q], link) {
460 if (umtx_key_match(&uh->key, key))
468 umtxq_insert_queue(struct umtx_q *uq, int q)
470 struct umtxq_queue *uh;
471 struct umtxq_chain *uc;
473 uc = umtxq_getchain(&uq->uq_key);
474 UMTXQ_LOCKED_ASSERT(uc);
475 KASSERT((uq->uq_flags & UQF_UMTXQ) == 0, ("umtx_q is already on queue"));
476 uh = umtxq_queue_lookup(&uq->uq_key, q);
478 LIST_INSERT_HEAD(&uc->uc_spare_queue, uq->uq_spare_queue, link);
480 uh = uq->uq_spare_queue;
481 uh->key = uq->uq_key;
482 LIST_INSERT_HEAD(&uc->uc_queue[q], uh, link);
483 #ifdef UMTX_PROFILING
485 if (uc->length > uc->max_length) {
486 uc->max_length = uc->length;
487 if (uc->max_length > max_length)
488 max_length = uc->max_length;
492 uq->uq_spare_queue = NULL;
494 TAILQ_INSERT_TAIL(&uh->head, uq, uq_link);
496 uq->uq_flags |= UQF_UMTXQ;
497 uq->uq_cur_queue = uh;
502 umtxq_remove_queue(struct umtx_q *uq, int q)
504 struct umtxq_chain *uc;
505 struct umtxq_queue *uh;
507 uc = umtxq_getchain(&uq->uq_key);
508 UMTXQ_LOCKED_ASSERT(uc);
509 if (uq->uq_flags & UQF_UMTXQ) {
510 uh = uq->uq_cur_queue;
511 TAILQ_REMOVE(&uh->head, uq, uq_link);
513 uq->uq_flags &= ~UQF_UMTXQ;
514 if (TAILQ_EMPTY(&uh->head)) {
515 KASSERT(uh->length == 0,
516 ("inconsistent umtxq_queue length"));
517 #ifdef UMTX_PROFILING
520 LIST_REMOVE(uh, link);
522 uh = LIST_FIRST(&uc->uc_spare_queue);
523 KASSERT(uh != NULL, ("uc_spare_queue is empty"));
524 LIST_REMOVE(uh, link);
526 uq->uq_spare_queue = uh;
527 uq->uq_cur_queue = NULL;
532 * Check if there are multiple waiters
535 umtxq_count(struct umtx_key *key)
537 struct umtxq_queue *uh;
539 UMTXQ_LOCKED_ASSERT(umtxq_getchain(key));
540 uh = umtxq_queue_lookup(key, UMTX_SHARED_QUEUE);
547 * Check if there are multiple PI waiters and returns first
551 umtxq_count_pi(struct umtx_key *key, struct umtx_q **first)
553 struct umtxq_queue *uh;
556 UMTXQ_LOCKED_ASSERT(umtxq_getchain(key));
557 uh = umtxq_queue_lookup(key, UMTX_SHARED_QUEUE);
559 *first = TAILQ_FIRST(&uh->head);
566 * Wake up threads waiting on an userland object by a bit mask.
569 umtxq_signal_mask(struct umtx_key *key, int n_wake, u_int bitset)
571 struct umtxq_queue *uh;
572 struct umtx_q *uq, *uq_temp;
576 UMTXQ_LOCKED_ASSERT(umtxq_getchain(key));
577 uh = umtxq_queue_lookup(key, UMTX_SHARED_QUEUE);
580 TAILQ_FOREACH_SAFE(uq, &uh->head, uq_link, uq_temp) {
581 if ((uq->uq_bitset & bitset) == 0)
583 umtxq_remove_queue(uq, UMTX_SHARED_QUEUE);
592 * Wake up threads waiting on an userland object.
596 umtxq_signal_queue(struct umtx_key *key, int n_wake, int q)
598 struct umtxq_queue *uh;
603 UMTXQ_LOCKED_ASSERT(umtxq_getchain(key));
604 uh = umtxq_queue_lookup(key, q);
606 while ((uq = TAILQ_FIRST(&uh->head)) != NULL) {
607 umtxq_remove_queue(uq, q);
617 * Wake up specified thread.
620 umtxq_signal_thread(struct umtx_q *uq)
623 UMTXQ_LOCKED_ASSERT(umtxq_getchain(&uq->uq_key));
629 * Wake up a maximum of n_wake threads that are waiting on an userland
630 * object identified by key. The remaining threads are removed from queue
631 * identified by key and added to the queue identified by key2 (requeued).
632 * The n_requeue specifies an upper limit on the number of threads that
633 * are requeued to the second queue.
636 umtxq_requeue(struct umtx_key *key, int n_wake, struct umtx_key *key2,
639 struct umtxq_queue *uh;
640 struct umtx_q *uq, *uq_temp;
644 UMTXQ_LOCKED_ASSERT(umtxq_getchain(key));
645 UMTXQ_LOCKED_ASSERT(umtxq_getchain(key2));
646 uh = umtxq_queue_lookup(key, UMTX_SHARED_QUEUE);
649 TAILQ_FOREACH_SAFE(uq, &uh->head, uq_link, uq_temp) {
650 if (++ret <= n_wake) {
657 if (ret - n_wake == n_requeue)
665 tstohz(const struct timespec *tsp)
669 TIMESPEC_TO_TIMEVAL(&tv, tsp);
674 umtx_abs_timeout_init(struct umtx_abs_timeout *timo, int clockid,
675 int absolute, const struct timespec *timeout)
678 timo->clockid = clockid;
680 timo->is_abs_real = false;
681 kern_clock_gettime(curthread, timo->clockid, &timo->cur);
682 timespecadd(&timo->cur, timeout, &timo->end);
684 timo->end = *timeout;
685 timo->is_abs_real = clockid == CLOCK_REALTIME ||
686 clockid == CLOCK_REALTIME_FAST ||
687 clockid == CLOCK_REALTIME_PRECISE ||
688 clockid == CLOCK_SECOND;
693 umtx_abs_timeout_init2(struct umtx_abs_timeout *timo,
694 const struct _umtx_time *umtxtime)
697 umtx_abs_timeout_init(timo, umtxtime->_clockid,
698 (umtxtime->_flags & UMTX_ABSTIME) != 0, &umtxtime->_timeout);
702 umtx_abs_timeout_enforce_min(sbintime_t *sbt)
704 sbintime_t when, mint;
706 mint = curproc->p_umtx_min_timeout;
707 if (__predict_false(mint != 0)) {
708 when = sbinuptime() + mint;
715 umtx_abs_timeout_getsbt(struct umtx_abs_timeout *timo, sbintime_t *sbt,
718 struct bintime bt, bbt;
722 switch (timo->clockid) {
724 /* Clocks that can be converted into absolute time. */
726 case CLOCK_REALTIME_PRECISE:
727 case CLOCK_REALTIME_FAST:
728 case CLOCK_MONOTONIC:
729 case CLOCK_MONOTONIC_PRECISE:
730 case CLOCK_MONOTONIC_FAST:
732 case CLOCK_UPTIME_PRECISE:
733 case CLOCK_UPTIME_FAST:
735 timespec2bintime(&timo->end, &bt);
736 switch (timo->clockid) {
738 case CLOCK_REALTIME_PRECISE:
739 case CLOCK_REALTIME_FAST:
741 getboottimebin(&bbt);
742 bintime_sub(&bt, &bbt);
747 if (bt.sec >= (SBT_MAX >> 32)) {
753 umtx_abs_timeout_enforce_min(sbt);
756 * Check if the absolute time should be aligned to
757 * avoid firing multiple timer events in non-periodic
760 switch (timo->clockid) {
761 case CLOCK_REALTIME_FAST:
762 case CLOCK_MONOTONIC_FAST:
763 case CLOCK_UPTIME_FAST:
764 rem = *sbt % tc_tick_sbt;
765 if (__predict_true(rem != 0))
766 *sbt += tc_tick_sbt - rem;
770 if (__predict_true(rem != 0))
771 *sbt += SBT_1S - rem;
777 /* Clocks that has to be periodically polled. */
780 case CLOCK_THREAD_CPUTIME_ID:
781 case CLOCK_PROCESS_CPUTIME_ID:
783 kern_clock_gettime(curthread, timo->clockid, &timo->cur);
784 if (timespeccmp(&timo->end, &timo->cur, <=))
786 timespecsub(&timo->end, &timo->cur, &tts);
787 *sbt = tick_sbt * tstohz(&tts);
788 *flags = C_HARDCLOCK;
794 umtx_unlock_val(uint32_t flags, bool rb)
798 return (UMUTEX_RB_OWNERDEAD);
799 else if ((flags & UMUTEX_NONCONSISTENT) != 0)
800 return (UMUTEX_RB_NOTRECOV);
802 return (UMUTEX_UNOWNED);
807 * Put thread into sleep state, before sleeping, check if
808 * thread was removed from umtx queue.
811 umtxq_sleep(struct umtx_q *uq, const char *wmesg,
812 struct umtx_abs_timeout *timo)
814 struct umtxq_chain *uc;
816 int error, flags = 0;
818 uc = umtxq_getchain(&uq->uq_key);
819 UMTXQ_LOCKED_ASSERT(uc);
821 if (!(uq->uq_flags & UQF_UMTXQ)) {
826 if (timo->is_abs_real)
827 curthread->td_rtcgen =
828 atomic_load_acq_int(&rtc_generation);
829 error = umtx_abs_timeout_getsbt(timo, &sbt, &flags);
833 error = msleep_sbt(uq, &uc->uc_lock, PCATCH | PDROP, wmesg,
835 uc = umtxq_getchain(&uq->uq_key);
836 mtx_lock(&uc->uc_lock);
837 if (error == EINTR || error == ERESTART)
839 if (error == EWOULDBLOCK && (flags & C_ABSOLUTE) != 0) {
845 curthread->td_rtcgen = 0;
850 * Convert userspace address into unique logical address.
853 umtx_key_get(const void *addr, int type, int share, struct umtx_key *key)
855 struct thread *td = curthread;
857 vm_map_entry_t entry;
863 if (share == THREAD_SHARE) {
865 key->info.private.vs = td->td_proc->p_vmspace;
866 key->info.private.addr = (uintptr_t)addr;
868 MPASS(share == PROCESS_SHARE || share == AUTO_SHARE);
869 map = &td->td_proc->p_vmspace->vm_map;
870 if (vm_map_lookup(&map, (vm_offset_t)addr, VM_PROT_WRITE,
871 &entry, &key->info.shared.object, &pindex, &prot,
872 &wired) != KERN_SUCCESS) {
876 if ((share == PROCESS_SHARE) ||
877 (share == AUTO_SHARE &&
878 VM_INHERIT_SHARE == entry->inheritance)) {
880 key->info.shared.offset = (vm_offset_t)addr -
881 entry->start + entry->offset;
882 vm_object_reference(key->info.shared.object);
885 key->info.private.vs = td->td_proc->p_vmspace;
886 key->info.private.addr = (uintptr_t)addr;
888 vm_map_lookup_done(map, entry);
899 umtx_key_release(struct umtx_key *key)
902 vm_object_deallocate(key->info.shared.object);
905 #ifdef COMPAT_FREEBSD10
907 * Lock a umtx object.
910 do_lock_umtx(struct thread *td, struct umtx *umtx, u_long id,
911 const struct timespec *timeout)
913 struct umtx_abs_timeout timo;
921 umtx_abs_timeout_init(&timo, CLOCK_REALTIME, 0, timeout);
924 * Care must be exercised when dealing with umtx structure. It
925 * can fault on any access.
929 * Try the uncontested case. This should be done in userland.
931 owner = casuword(&umtx->u_owner, UMTX_UNOWNED, id);
933 /* The acquire succeeded. */
934 if (owner == UMTX_UNOWNED)
937 /* The address was invalid. */
941 /* If no one owns it but it is contested try to acquire it. */
942 if (owner == UMTX_CONTESTED) {
943 owner = casuword(&umtx->u_owner,
944 UMTX_CONTESTED, id | UMTX_CONTESTED);
946 if (owner == UMTX_CONTESTED)
949 /* The address was invalid. */
953 error = thread_check_susp(td, false);
957 /* If this failed the lock has changed, restart. */
962 * If we caught a signal, we have retried and now
968 if ((error = umtx_key_get(umtx, TYPE_SIMPLE_LOCK,
969 AUTO_SHARE, &uq->uq_key)) != 0)
972 umtxq_lock(&uq->uq_key);
973 umtxq_busy(&uq->uq_key);
975 umtxq_unbusy(&uq->uq_key);
976 umtxq_unlock(&uq->uq_key);
979 * Set the contested bit so that a release in user space
980 * knows to use the system call for unlock. If this fails
981 * either some one else has acquired the lock or it has been
984 old = casuword(&umtx->u_owner, owner, owner | UMTX_CONTESTED);
986 /* The address was invalid. */
988 umtxq_lock(&uq->uq_key);
990 umtxq_unlock(&uq->uq_key);
991 umtx_key_release(&uq->uq_key);
996 * We set the contested bit, sleep. Otherwise the lock changed
997 * and we need to retry or we lost a race to the thread
998 * unlocking the umtx.
1000 umtxq_lock(&uq->uq_key);
1002 error = umtxq_sleep(uq, "umtx", timeout == NULL ? NULL :
1005 umtxq_unlock(&uq->uq_key);
1006 umtx_key_release(&uq->uq_key);
1009 error = thread_check_susp(td, false);
1012 if (timeout == NULL) {
1013 /* Mutex locking is restarted if it is interrupted. */
1017 /* Timed-locking is not restarted. */
1018 if (error == ERESTART)
1025 * Unlock a umtx object.
1028 do_unlock_umtx(struct thread *td, struct umtx *umtx, u_long id)
1030 struct umtx_key key;
1037 * Make sure we own this mtx.
1039 owner = fuword(__DEVOLATILE(u_long *, &umtx->u_owner));
1043 if ((owner & ~UMTX_CONTESTED) != id)
1046 /* This should be done in userland */
1047 if ((owner & UMTX_CONTESTED) == 0) {
1048 old = casuword(&umtx->u_owner, owner, UMTX_UNOWNED);
1056 /* We should only ever be in here for contested locks */
1057 if ((error = umtx_key_get(umtx, TYPE_SIMPLE_LOCK, AUTO_SHARE,
1063 count = umtxq_count(&key);
1067 * When unlocking the umtx, it must be marked as unowned if
1068 * there is zero or one thread only waiting for it.
1069 * Otherwise, it must be marked as contested.
1071 old = casuword(&umtx->u_owner, owner,
1072 count <= 1 ? UMTX_UNOWNED : UMTX_CONTESTED);
1074 umtxq_signal(&key,1);
1077 umtx_key_release(&key);
1085 #ifdef COMPAT_FREEBSD32
1088 * Lock a umtx object.
1091 do_lock_umtx32(struct thread *td, uint32_t *m, uint32_t id,
1092 const struct timespec *timeout)
1094 struct umtx_abs_timeout timo;
1102 if (timeout != NULL)
1103 umtx_abs_timeout_init(&timo, CLOCK_REALTIME, 0, timeout);
1106 * Care must be exercised when dealing with umtx structure. It
1107 * can fault on any access.
1111 * Try the uncontested case. This should be done in userland.
1113 owner = casuword32(m, UMUTEX_UNOWNED, id);
1115 /* The acquire succeeded. */
1116 if (owner == UMUTEX_UNOWNED)
1119 /* The address was invalid. */
1123 /* If no one owns it but it is contested try to acquire it. */
1124 if (owner == UMUTEX_CONTESTED) {
1125 owner = casuword32(m,
1126 UMUTEX_CONTESTED, id | UMUTEX_CONTESTED);
1127 if (owner == UMUTEX_CONTESTED)
1130 /* The address was invalid. */
1134 error = thread_check_susp(td, false);
1138 /* If this failed the lock has changed, restart. */
1143 * If we caught a signal, we have retried and now
1149 if ((error = umtx_key_get(m, TYPE_SIMPLE_LOCK,
1150 AUTO_SHARE, &uq->uq_key)) != 0)
1153 umtxq_lock(&uq->uq_key);
1154 umtxq_busy(&uq->uq_key);
1156 umtxq_unbusy(&uq->uq_key);
1157 umtxq_unlock(&uq->uq_key);
1160 * Set the contested bit so that a release in user space
1161 * knows to use the system call for unlock. If this fails
1162 * either some one else has acquired the lock or it has been
1165 old = casuword32(m, owner, owner | UMUTEX_CONTESTED);
1167 /* The address was invalid. */
1169 umtxq_lock(&uq->uq_key);
1171 umtxq_unlock(&uq->uq_key);
1172 umtx_key_release(&uq->uq_key);
1177 * We set the contested bit, sleep. Otherwise the lock changed
1178 * and we need to retry or we lost a race to the thread
1179 * unlocking the umtx.
1181 umtxq_lock(&uq->uq_key);
1183 error = umtxq_sleep(uq, "umtx", timeout == NULL ?
1186 umtxq_unlock(&uq->uq_key);
1187 umtx_key_release(&uq->uq_key);
1190 error = thread_check_susp(td, false);
1193 if (timeout == NULL) {
1194 /* Mutex locking is restarted if it is interrupted. */
1198 /* Timed-locking is not restarted. */
1199 if (error == ERESTART)
1206 * Unlock a umtx object.
1209 do_unlock_umtx32(struct thread *td, uint32_t *m, uint32_t id)
1211 struct umtx_key key;
1218 * Make sure we own this mtx.
1220 owner = fuword32(m);
1224 if ((owner & ~UMUTEX_CONTESTED) != id)
1227 /* This should be done in userland */
1228 if ((owner & UMUTEX_CONTESTED) == 0) {
1229 old = casuword32(m, owner, UMUTEX_UNOWNED);
1237 /* We should only ever be in here for contested locks */
1238 if ((error = umtx_key_get(m, TYPE_SIMPLE_LOCK, AUTO_SHARE,
1244 count = umtxq_count(&key);
1248 * When unlocking the umtx, it must be marked as unowned if
1249 * there is zero or one thread only waiting for it.
1250 * Otherwise, it must be marked as contested.
1252 old = casuword32(m, owner,
1253 count <= 1 ? UMUTEX_UNOWNED : UMUTEX_CONTESTED);
1255 umtxq_signal(&key,1);
1258 umtx_key_release(&key);
1265 #endif /* COMPAT_FREEBSD32 */
1266 #endif /* COMPAT_FREEBSD10 */
1269 * Fetch and compare value, sleep on the address if value is not changed.
1272 do_wait(struct thread *td, void *addr, u_long id,
1273 struct _umtx_time *timeout, int compat32, int is_private)
1275 struct umtx_abs_timeout timo;
1282 if ((error = umtx_key_get(addr, TYPE_SIMPLE_WAIT,
1283 is_private ? THREAD_SHARE : AUTO_SHARE, &uq->uq_key)) != 0)
1286 if (timeout != NULL)
1287 umtx_abs_timeout_init2(&timo, timeout);
1289 umtxq_lock(&uq->uq_key);
1291 umtxq_unlock(&uq->uq_key);
1292 if (compat32 == 0) {
1293 error = fueword(addr, &tmp);
1297 error = fueword32(addr, &tmp32);
1303 umtxq_lock(&uq->uq_key);
1306 error = umtxq_sleep(uq, "uwait", timeout == NULL ?
1308 if ((uq->uq_flags & UQF_UMTXQ) == 0)
1312 } else if ((uq->uq_flags & UQF_UMTXQ) != 0) {
1315 umtxq_unlock(&uq->uq_key);
1316 umtx_key_release(&uq->uq_key);
1317 if (error == ERESTART)
1323 * Wake up threads sleeping on the specified address.
1326 kern_umtx_wake(struct thread *td, void *uaddr, int n_wake, int is_private)
1328 struct umtx_key key;
1331 if ((ret = umtx_key_get(uaddr, TYPE_SIMPLE_WAIT,
1332 is_private ? THREAD_SHARE : AUTO_SHARE, &key)) != 0)
1335 umtxq_signal(&key, n_wake);
1337 umtx_key_release(&key);
1342 * Lock PTHREAD_PRIO_NONE protocol POSIX mutex.
1345 do_lock_normal(struct thread *td, struct umutex *m, uint32_t flags,
1346 struct _umtx_time *timeout, int mode)
1348 struct umtx_abs_timeout timo;
1350 uint32_t owner, old, id;
1356 if (timeout != NULL)
1357 umtx_abs_timeout_init2(&timo, timeout);
1360 * Care must be exercised when dealing with umtx structure. It
1361 * can fault on any access.
1364 rv = fueword32(&m->m_owner, &owner);
1367 if (mode == _UMUTEX_WAIT) {
1368 if (owner == UMUTEX_UNOWNED ||
1369 owner == UMUTEX_CONTESTED ||
1370 owner == UMUTEX_RB_OWNERDEAD ||
1371 owner == UMUTEX_RB_NOTRECOV)
1375 * Robust mutex terminated. Kernel duty is to
1376 * return EOWNERDEAD to the userspace. The
1377 * umutex.m_flags UMUTEX_NONCONSISTENT is set
1378 * by the common userspace code.
1380 if (owner == UMUTEX_RB_OWNERDEAD) {
1381 rv = casueword32(&m->m_owner,
1382 UMUTEX_RB_OWNERDEAD, &owner,
1383 id | UMUTEX_CONTESTED);
1387 MPASS(owner == UMUTEX_RB_OWNERDEAD);
1388 return (EOWNERDEAD); /* success */
1391 rv = thread_check_susp(td, false);
1396 if (owner == UMUTEX_RB_NOTRECOV)
1397 return (ENOTRECOVERABLE);
1400 * Try the uncontested case. This should be
1403 rv = casueword32(&m->m_owner, UMUTEX_UNOWNED,
1405 /* The address was invalid. */
1409 /* The acquire succeeded. */
1411 MPASS(owner == UMUTEX_UNOWNED);
1416 * If no one owns it but it is contested try
1420 if (owner == UMUTEX_CONTESTED) {
1421 rv = casueword32(&m->m_owner,
1422 UMUTEX_CONTESTED, &owner,
1423 id | UMUTEX_CONTESTED);
1424 /* The address was invalid. */
1428 MPASS(owner == UMUTEX_CONTESTED);
1432 rv = thread_check_susp(td, false);
1438 * If this failed the lock has
1444 /* rv == 1 but not contested, likely store failure */
1445 rv = thread_check_susp(td, false);
1450 if (mode == _UMUTEX_TRY)
1454 * If we caught a signal, we have retried and now
1460 if ((error = umtx_key_get(m, TYPE_NORMAL_UMUTEX,
1461 GET_SHARE(flags), &uq->uq_key)) != 0)
1464 umtxq_lock(&uq->uq_key);
1465 umtxq_busy(&uq->uq_key);
1467 umtxq_unlock(&uq->uq_key);
1470 * Set the contested bit so that a release in user space
1471 * knows to use the system call for unlock. If this fails
1472 * either some one else has acquired the lock or it has been
1475 rv = casueword32(&m->m_owner, owner, &old,
1476 owner | UMUTEX_CONTESTED);
1478 /* The address was invalid or casueword failed to store. */
1479 if (rv == -1 || rv == 1) {
1480 umtxq_lock(&uq->uq_key);
1482 umtxq_unbusy(&uq->uq_key);
1483 umtxq_unlock(&uq->uq_key);
1484 umtx_key_release(&uq->uq_key);
1488 rv = thread_check_susp(td, false);
1496 * We set the contested bit, sleep. Otherwise the lock changed
1497 * and we need to retry or we lost a race to the thread
1498 * unlocking the umtx.
1500 umtxq_lock(&uq->uq_key);
1501 umtxq_unbusy(&uq->uq_key);
1502 MPASS(old == owner);
1503 error = umtxq_sleep(uq, "umtxn", timeout == NULL ?
1506 umtxq_unlock(&uq->uq_key);
1507 umtx_key_release(&uq->uq_key);
1510 error = thread_check_susp(td, false);
1517 * Unlock PTHREAD_PRIO_NONE protocol POSIX mutex.
1520 do_unlock_normal(struct thread *td, struct umutex *m, uint32_t flags, bool rb)
1522 struct umtx_key key;
1523 uint32_t owner, old, id, newlock;
1530 * Make sure we own this mtx.
1532 error = fueword32(&m->m_owner, &owner);
1536 if ((owner & ~UMUTEX_CONTESTED) != id)
1539 newlock = umtx_unlock_val(flags, rb);
1540 if ((owner & UMUTEX_CONTESTED) == 0) {
1541 error = casueword32(&m->m_owner, owner, &old, newlock);
1545 error = thread_check_susp(td, false);
1550 MPASS(old == owner);
1554 /* We should only ever be in here for contested locks */
1555 if ((error = umtx_key_get(m, TYPE_NORMAL_UMUTEX, GET_SHARE(flags),
1561 count = umtxq_count(&key);
1565 * When unlocking the umtx, it must be marked as unowned if
1566 * there is zero or one thread only waiting for it.
1567 * Otherwise, it must be marked as contested.
1570 newlock |= UMUTEX_CONTESTED;
1571 error = casueword32(&m->m_owner, owner, &old, newlock);
1573 umtxq_signal(&key, 1);
1576 umtx_key_release(&key);
1582 error = thread_check_susp(td, false);
1591 * Check if the mutex is available and wake up a waiter,
1592 * only for simple mutex.
1595 do_wake_umutex(struct thread *td, struct umutex *m)
1597 struct umtx_key key;
1604 error = fueword32(&m->m_owner, &owner);
1608 if ((owner & ~UMUTEX_CONTESTED) != 0 && owner != UMUTEX_RB_OWNERDEAD &&
1609 owner != UMUTEX_RB_NOTRECOV)
1612 error = fueword32(&m->m_flags, &flags);
1616 /* We should only ever be in here for contested locks */
1617 if ((error = umtx_key_get(m, TYPE_NORMAL_UMUTEX, GET_SHARE(flags),
1623 count = umtxq_count(&key);
1626 if (count <= 1 && owner != UMUTEX_RB_OWNERDEAD &&
1627 owner != UMUTEX_RB_NOTRECOV) {
1628 error = casueword32(&m->m_owner, UMUTEX_CONTESTED, &owner,
1632 } else if (error == 1) {
1636 umtx_key_release(&key);
1637 error = thread_check_susp(td, false);
1645 if (error == 0 && count != 0) {
1646 MPASS((owner & ~UMUTEX_CONTESTED) == 0 ||
1647 owner == UMUTEX_RB_OWNERDEAD ||
1648 owner == UMUTEX_RB_NOTRECOV);
1649 umtxq_signal(&key, 1);
1653 umtx_key_release(&key);
1658 * Check if the mutex has waiters and tries to fix contention bit.
1661 do_wake2_umutex(struct thread *td, struct umutex *m, uint32_t flags)
1663 struct umtx_key key;
1664 uint32_t owner, old;
1669 switch (flags & (UMUTEX_PRIO_INHERIT | UMUTEX_PRIO_PROTECT |
1673 type = TYPE_NORMAL_UMUTEX;
1675 case UMUTEX_PRIO_INHERIT:
1676 type = TYPE_PI_UMUTEX;
1678 case (UMUTEX_PRIO_INHERIT | UMUTEX_ROBUST):
1679 type = TYPE_PI_ROBUST_UMUTEX;
1681 case UMUTEX_PRIO_PROTECT:
1682 type = TYPE_PP_UMUTEX;
1684 case (UMUTEX_PRIO_PROTECT | UMUTEX_ROBUST):
1685 type = TYPE_PP_ROBUST_UMUTEX;
1690 if ((error = umtx_key_get(m, type, GET_SHARE(flags), &key)) != 0)
1696 count = umtxq_count(&key);
1699 error = fueword32(&m->m_owner, &owner);
1704 * Only repair contention bit if there is a waiter, this means
1705 * the mutex is still being referenced by userland code,
1706 * otherwise don't update any memory.
1708 while (error == 0 && (owner & UMUTEX_CONTESTED) == 0 &&
1709 (count > 1 || (count == 1 && (owner & ~UMUTEX_CONTESTED) != 0))) {
1710 error = casueword32(&m->m_owner, owner, &old,
1711 owner | UMUTEX_CONTESTED);
1717 MPASS(old == owner);
1721 error = thread_check_susp(td, false);
1725 if (error == EFAULT) {
1726 umtxq_signal(&key, INT_MAX);
1727 } else if (count != 0 && ((owner & ~UMUTEX_CONTESTED) == 0 ||
1728 owner == UMUTEX_RB_OWNERDEAD || owner == UMUTEX_RB_NOTRECOV))
1729 umtxq_signal(&key, 1);
1732 umtx_key_release(&key);
1737 umtx_pi_alloc(int flags)
1741 pi = uma_zalloc(umtx_pi_zone, M_ZERO | flags);
1742 TAILQ_INIT(&pi->pi_blocked);
1743 atomic_add_int(&umtx_pi_allocated, 1);
1748 umtx_pi_free(struct umtx_pi *pi)
1750 uma_zfree(umtx_pi_zone, pi);
1751 atomic_add_int(&umtx_pi_allocated, -1);
1755 * Adjust the thread's position on a pi_state after its priority has been
1759 umtx_pi_adjust_thread(struct umtx_pi *pi, struct thread *td)
1761 struct umtx_q *uq, *uq1, *uq2;
1764 mtx_assert(&umtx_lock, MA_OWNED);
1771 * Check if the thread needs to be moved on the blocked chain.
1772 * It needs to be moved if either its priority is lower than
1773 * the previous thread or higher than the next thread.
1775 uq1 = TAILQ_PREV(uq, umtxq_head, uq_lockq);
1776 uq2 = TAILQ_NEXT(uq, uq_lockq);
1777 if ((uq1 != NULL && UPRI(td) < UPRI(uq1->uq_thread)) ||
1778 (uq2 != NULL && UPRI(td) > UPRI(uq2->uq_thread))) {
1780 * Remove thread from blocked chain and determine where
1781 * it should be moved to.
1783 TAILQ_REMOVE(&pi->pi_blocked, uq, uq_lockq);
1784 TAILQ_FOREACH(uq1, &pi->pi_blocked, uq_lockq) {
1785 td1 = uq1->uq_thread;
1786 MPASS(td1->td_proc->p_magic == P_MAGIC);
1787 if (UPRI(td1) > UPRI(td))
1792 TAILQ_INSERT_TAIL(&pi->pi_blocked, uq, uq_lockq);
1794 TAILQ_INSERT_BEFORE(uq1, uq, uq_lockq);
1799 static struct umtx_pi *
1800 umtx_pi_next(struct umtx_pi *pi)
1802 struct umtx_q *uq_owner;
1804 if (pi->pi_owner == NULL)
1806 uq_owner = pi->pi_owner->td_umtxq;
1807 if (uq_owner == NULL)
1809 return (uq_owner->uq_pi_blocked);
1813 * Floyd's Cycle-Finding Algorithm.
1816 umtx_pi_check_loop(struct umtx_pi *pi)
1818 struct umtx_pi *pi1; /* fast iterator */
1820 mtx_assert(&umtx_lock, MA_OWNED);
1825 pi = umtx_pi_next(pi);
1828 pi1 = umtx_pi_next(pi1);
1831 pi1 = umtx_pi_next(pi1);
1841 * Propagate priority when a thread is blocked on POSIX
1845 umtx_propagate_priority(struct thread *td)
1851 mtx_assert(&umtx_lock, MA_OWNED);
1854 pi = uq->uq_pi_blocked;
1857 if (umtx_pi_check_loop(pi))
1862 if (td == NULL || td == curthread)
1865 MPASS(td->td_proc != NULL);
1866 MPASS(td->td_proc->p_magic == P_MAGIC);
1869 if (td->td_lend_user_pri > pri)
1870 sched_lend_user_prio(td, pri);
1878 * Pick up the lock that td is blocked on.
1881 pi = uq->uq_pi_blocked;
1884 /* Resort td on the list if needed. */
1885 umtx_pi_adjust_thread(pi, td);
1890 * Unpropagate priority for a PI mutex when a thread blocked on
1891 * it is interrupted by signal or resumed by others.
1894 umtx_repropagate_priority(struct umtx_pi *pi)
1896 struct umtx_q *uq, *uq_owner;
1897 struct umtx_pi *pi2;
1900 mtx_assert(&umtx_lock, MA_OWNED);
1902 if (umtx_pi_check_loop(pi))
1904 while (pi != NULL && pi->pi_owner != NULL) {
1906 uq_owner = pi->pi_owner->td_umtxq;
1908 TAILQ_FOREACH(pi2, &uq_owner->uq_pi_contested, pi_link) {
1909 uq = TAILQ_FIRST(&pi2->pi_blocked);
1911 if (pri > UPRI(uq->uq_thread))
1912 pri = UPRI(uq->uq_thread);
1916 if (pri > uq_owner->uq_inherited_pri)
1917 pri = uq_owner->uq_inherited_pri;
1918 thread_lock(pi->pi_owner);
1919 sched_lend_user_prio(pi->pi_owner, pri);
1920 thread_unlock(pi->pi_owner);
1921 if ((pi = uq_owner->uq_pi_blocked) != NULL)
1922 umtx_pi_adjust_thread(pi, uq_owner->uq_thread);
1927 * Insert a PI mutex into owned list.
1930 umtx_pi_setowner(struct umtx_pi *pi, struct thread *owner)
1932 struct umtx_q *uq_owner;
1934 uq_owner = owner->td_umtxq;
1935 mtx_assert(&umtx_lock, MA_OWNED);
1936 MPASS(pi->pi_owner == NULL);
1937 pi->pi_owner = owner;
1938 TAILQ_INSERT_TAIL(&uq_owner->uq_pi_contested, pi, pi_link);
1942 * Disown a PI mutex, and remove it from the owned list.
1945 umtx_pi_disown(struct umtx_pi *pi)
1948 mtx_assert(&umtx_lock, MA_OWNED);
1949 TAILQ_REMOVE(&pi->pi_owner->td_umtxq->uq_pi_contested, pi, pi_link);
1950 pi->pi_owner = NULL;
1954 * Claim ownership of a PI mutex.
1957 umtx_pi_claim(struct umtx_pi *pi, struct thread *owner)
1962 mtx_lock(&umtx_lock);
1963 if (pi->pi_owner == owner) {
1964 mtx_unlock(&umtx_lock);
1968 if (pi->pi_owner != NULL) {
1970 * userland may have already messed the mutex, sigh.
1972 mtx_unlock(&umtx_lock);
1975 umtx_pi_setowner(pi, owner);
1976 uq = TAILQ_FIRST(&pi->pi_blocked);
1978 pri = UPRI(uq->uq_thread);
1980 if (pri < UPRI(owner))
1981 sched_lend_user_prio(owner, pri);
1982 thread_unlock(owner);
1984 mtx_unlock(&umtx_lock);
1989 * Adjust a thread's order position in its blocked PI mutex,
1990 * this may result new priority propagating process.
1993 umtx_pi_adjust(struct thread *td, u_char oldpri)
1999 mtx_lock(&umtx_lock);
2001 * Pick up the lock that td is blocked on.
2003 pi = uq->uq_pi_blocked;
2005 umtx_pi_adjust_thread(pi, td);
2006 umtx_repropagate_priority(pi);
2008 mtx_unlock(&umtx_lock);
2012 * Sleep on a PI mutex.
2015 umtxq_sleep_pi(struct umtx_q *uq, struct umtx_pi *pi, uint32_t owner,
2016 const char *wmesg, struct umtx_abs_timeout *timo, bool shared)
2018 struct thread *td, *td1;
2022 struct umtxq_chain *uc;
2024 uc = umtxq_getchain(&pi->pi_key);
2028 KASSERT(td == curthread, ("inconsistent uq_thread"));
2029 UMTXQ_LOCKED_ASSERT(umtxq_getchain(&uq->uq_key));
2030 KASSERT(uc->uc_busy != 0, ("umtx chain is not busy"));
2032 mtx_lock(&umtx_lock);
2033 if (pi->pi_owner == NULL) {
2034 mtx_unlock(&umtx_lock);
2035 td1 = tdfind(owner, shared ? -1 : td->td_proc->p_pid);
2036 mtx_lock(&umtx_lock);
2038 if (pi->pi_owner == NULL)
2039 umtx_pi_setowner(pi, td1);
2040 PROC_UNLOCK(td1->td_proc);
2044 TAILQ_FOREACH(uq1, &pi->pi_blocked, uq_lockq) {
2045 pri = UPRI(uq1->uq_thread);
2051 TAILQ_INSERT_BEFORE(uq1, uq, uq_lockq);
2053 TAILQ_INSERT_TAIL(&pi->pi_blocked, uq, uq_lockq);
2055 uq->uq_pi_blocked = pi;
2057 td->td_flags |= TDF_UPIBLOCKED;
2059 umtx_propagate_priority(td);
2060 mtx_unlock(&umtx_lock);
2061 umtxq_unbusy(&uq->uq_key);
2063 error = umtxq_sleep(uq, wmesg, timo);
2066 mtx_lock(&umtx_lock);
2067 uq->uq_pi_blocked = NULL;
2069 td->td_flags &= ~TDF_UPIBLOCKED;
2071 TAILQ_REMOVE(&pi->pi_blocked, uq, uq_lockq);
2072 umtx_repropagate_priority(pi);
2073 mtx_unlock(&umtx_lock);
2074 umtxq_unlock(&uq->uq_key);
2080 * Add reference count for a PI mutex.
2083 umtx_pi_ref(struct umtx_pi *pi)
2086 UMTXQ_LOCKED_ASSERT(umtxq_getchain(&pi->pi_key));
2091 * Decrease reference count for a PI mutex, if the counter
2092 * is decreased to zero, its memory space is freed.
2095 umtx_pi_unref(struct umtx_pi *pi)
2097 struct umtxq_chain *uc;
2099 uc = umtxq_getchain(&pi->pi_key);
2100 UMTXQ_LOCKED_ASSERT(uc);
2101 KASSERT(pi->pi_refcount > 0, ("invalid reference count"));
2102 if (--pi->pi_refcount == 0) {
2103 mtx_lock(&umtx_lock);
2104 if (pi->pi_owner != NULL)
2106 KASSERT(TAILQ_EMPTY(&pi->pi_blocked),
2107 ("blocked queue not empty"));
2108 mtx_unlock(&umtx_lock);
2109 TAILQ_REMOVE(&uc->uc_pi_list, pi, pi_hashlink);
2115 * Find a PI mutex in hash table.
2118 umtx_pi_lookup(struct umtx_key *key)
2120 struct umtxq_chain *uc;
2123 uc = umtxq_getchain(key);
2124 UMTXQ_LOCKED_ASSERT(uc);
2126 TAILQ_FOREACH(pi, &uc->uc_pi_list, pi_hashlink) {
2127 if (umtx_key_match(&pi->pi_key, key)) {
2135 * Insert a PI mutex into hash table.
2138 umtx_pi_insert(struct umtx_pi *pi)
2140 struct umtxq_chain *uc;
2142 uc = umtxq_getchain(&pi->pi_key);
2143 UMTXQ_LOCKED_ASSERT(uc);
2144 TAILQ_INSERT_TAIL(&uc->uc_pi_list, pi, pi_hashlink);
2148 * Drop a PI mutex and wakeup a top waiter.
2151 umtx_pi_drop(struct thread *td, struct umtx_key *key, bool rb, int *count)
2153 struct umtx_q *uq_first, *uq_first2, *uq_me;
2154 struct umtx_pi *pi, *pi2;
2157 UMTXQ_ASSERT_LOCKED_BUSY(key);
2158 *count = umtxq_count_pi(key, &uq_first);
2159 if (uq_first != NULL) {
2160 mtx_lock(&umtx_lock);
2161 pi = uq_first->uq_pi_blocked;
2162 KASSERT(pi != NULL, ("pi == NULL?"));
2163 if (pi->pi_owner != td && !(rb && pi->pi_owner == NULL)) {
2164 mtx_unlock(&umtx_lock);
2165 /* userland messed the mutex */
2168 uq_me = td->td_umtxq;
2169 if (pi->pi_owner == td)
2171 /* get highest priority thread which is still sleeping. */
2172 uq_first = TAILQ_FIRST(&pi->pi_blocked);
2173 while (uq_first != NULL &&
2174 (uq_first->uq_flags & UQF_UMTXQ) == 0) {
2175 uq_first = TAILQ_NEXT(uq_first, uq_lockq);
2178 TAILQ_FOREACH(pi2, &uq_me->uq_pi_contested, pi_link) {
2179 uq_first2 = TAILQ_FIRST(&pi2->pi_blocked);
2180 if (uq_first2 != NULL) {
2181 if (pri > UPRI(uq_first2->uq_thread))
2182 pri = UPRI(uq_first2->uq_thread);
2186 sched_lend_user_prio(td, pri);
2188 mtx_unlock(&umtx_lock);
2190 umtxq_signal_thread(uq_first);
2192 pi = umtx_pi_lookup(key);
2194 * A umtx_pi can exist if a signal or timeout removed the
2195 * last waiter from the umtxq, but there is still
2196 * a thread in do_lock_pi() holding the umtx_pi.
2200 * The umtx_pi can be unowned, such as when a thread
2201 * has just entered do_lock_pi(), allocated the
2202 * umtx_pi, and unlocked the umtxq.
2203 * If the current thread owns it, it must disown it.
2205 mtx_lock(&umtx_lock);
2206 if (pi->pi_owner == td)
2208 mtx_unlock(&umtx_lock);
2218 do_lock_pi(struct thread *td, struct umutex *m, uint32_t flags,
2219 struct _umtx_time *timeout, int try)
2221 struct umtx_abs_timeout timo;
2223 struct umtx_pi *pi, *new_pi;
2224 uint32_t id, old_owner, owner, old;
2230 if ((error = umtx_key_get(m, (flags & UMUTEX_ROBUST) != 0 ?
2231 TYPE_PI_ROBUST_UMUTEX : TYPE_PI_UMUTEX, GET_SHARE(flags),
2235 if (timeout != NULL)
2236 umtx_abs_timeout_init2(&timo, timeout);
2238 umtxq_lock(&uq->uq_key);
2239 pi = umtx_pi_lookup(&uq->uq_key);
2241 new_pi = umtx_pi_alloc(M_NOWAIT);
2242 if (new_pi == NULL) {
2243 umtxq_unlock(&uq->uq_key);
2244 new_pi = umtx_pi_alloc(M_WAITOK);
2245 umtxq_lock(&uq->uq_key);
2246 pi = umtx_pi_lookup(&uq->uq_key);
2248 umtx_pi_free(new_pi);
2252 if (new_pi != NULL) {
2253 new_pi->pi_key = uq->uq_key;
2254 umtx_pi_insert(new_pi);
2259 umtxq_unlock(&uq->uq_key);
2262 * Care must be exercised when dealing with umtx structure. It
2263 * can fault on any access.
2267 * Try the uncontested case. This should be done in userland.
2269 rv = casueword32(&m->m_owner, UMUTEX_UNOWNED, &owner, id);
2270 /* The address was invalid. */
2275 /* The acquire succeeded. */
2277 MPASS(owner == UMUTEX_UNOWNED);
2282 if (owner == UMUTEX_RB_NOTRECOV) {
2283 error = ENOTRECOVERABLE;
2288 * Nobody owns it, but the acquire failed. This can happen
2289 * with ll/sc atomics.
2291 if (owner == UMUTEX_UNOWNED) {
2292 error = thread_check_susp(td, true);
2299 * Avoid overwriting a possible error from sleep due
2300 * to the pending signal with suspension check result.
2303 error = thread_check_susp(td, true);
2308 /* If no one owns it but it is contested try to acquire it. */
2309 if (owner == UMUTEX_CONTESTED || owner == UMUTEX_RB_OWNERDEAD) {
2311 rv = casueword32(&m->m_owner, owner, &owner,
2312 id | UMUTEX_CONTESTED);
2313 /* The address was invalid. */
2320 error = thread_check_susp(td, true);
2326 * If this failed the lock could
2333 MPASS(owner == old_owner);
2334 umtxq_lock(&uq->uq_key);
2335 umtxq_busy(&uq->uq_key);
2336 error = umtx_pi_claim(pi, td);
2337 umtxq_unbusy(&uq->uq_key);
2338 umtxq_unlock(&uq->uq_key);
2341 * Since we're going to return an
2342 * error, restore the m_owner to its
2343 * previous, unowned state to avoid
2344 * compounding the problem.
2346 (void)casuword32(&m->m_owner,
2347 id | UMUTEX_CONTESTED, old_owner);
2349 if (error == 0 && old_owner == UMUTEX_RB_OWNERDEAD)
2354 if ((owner & ~UMUTEX_CONTESTED) == id) {
2365 * If we caught a signal, we have retried and now
2371 umtxq_lock(&uq->uq_key);
2372 umtxq_busy(&uq->uq_key);
2373 umtxq_unlock(&uq->uq_key);
2376 * Set the contested bit so that a release in user space
2377 * knows to use the system call for unlock. If this fails
2378 * either some one else has acquired the lock or it has been
2381 rv = casueword32(&m->m_owner, owner, &old, owner |
2384 /* The address was invalid. */
2386 umtxq_unbusy_unlocked(&uq->uq_key);
2391 umtxq_unbusy_unlocked(&uq->uq_key);
2392 error = thread_check_susp(td, true);
2397 * The lock changed and we need to retry or we
2398 * lost a race to the thread unlocking the
2399 * umtx. Note that the UMUTEX_RB_OWNERDEAD
2400 * value for owner is impossible there.
2405 umtxq_lock(&uq->uq_key);
2407 /* We set the contested bit, sleep. */
2408 MPASS(old == owner);
2409 error = umtxq_sleep_pi(uq, pi, owner & ~UMUTEX_CONTESTED,
2410 "umtxpi", timeout == NULL ? NULL : &timo,
2411 (flags & USYNC_PROCESS_SHARED) != 0);
2415 error = thread_check_susp(td, false);
2420 umtxq_lock(&uq->uq_key);
2422 umtxq_unlock(&uq->uq_key);
2424 umtx_key_release(&uq->uq_key);
2429 * Unlock a PI mutex.
2432 do_unlock_pi(struct thread *td, struct umutex *m, uint32_t flags, bool rb)
2434 struct umtx_key key;
2435 uint32_t id, new_owner, old, owner;
2442 * Make sure we own this mtx.
2444 error = fueword32(&m->m_owner, &owner);
2448 if ((owner & ~UMUTEX_CONTESTED) != id)
2451 new_owner = umtx_unlock_val(flags, rb);
2453 /* This should be done in userland */
2454 if ((owner & UMUTEX_CONTESTED) == 0) {
2455 error = casueword32(&m->m_owner, owner, &old, new_owner);
2459 error = thread_check_susp(td, true);
2469 /* We should only ever be in here for contested locks */
2470 if ((error = umtx_key_get(m, (flags & UMUTEX_ROBUST) != 0 ?
2471 TYPE_PI_ROBUST_UMUTEX : TYPE_PI_UMUTEX, GET_SHARE(flags),
2477 error = umtx_pi_drop(td, &key, rb, &count);
2481 umtx_key_release(&key);
2482 /* userland messed the mutex */
2488 * When unlocking the umtx, it must be marked as unowned if
2489 * there is zero or one thread only waiting for it.
2490 * Otherwise, it must be marked as contested.
2494 new_owner |= UMUTEX_CONTESTED;
2496 error = casueword32(&m->m_owner, owner, &old, new_owner);
2498 error = thread_check_susp(td, false);
2502 umtxq_unbusy_unlocked(&key);
2503 umtx_key_release(&key);
2506 if (error == 0 && old != owner)
2515 do_lock_pp(struct thread *td, struct umutex *m, uint32_t flags,
2516 struct _umtx_time *timeout, int try)
2518 struct umtx_abs_timeout timo;
2519 struct umtx_q *uq, *uq2;
2523 int error, pri, old_inherited_pri, new_pri, rv;
2528 if ((error = umtx_key_get(m, (flags & UMUTEX_ROBUST) != 0 ?
2529 TYPE_PP_ROBUST_UMUTEX : TYPE_PP_UMUTEX, GET_SHARE(flags),
2533 if (timeout != NULL)
2534 umtx_abs_timeout_init2(&timo, timeout);
2536 su = (priv_check(td, PRIV_SCHED_RTPRIO) == 0);
2538 old_inherited_pri = uq->uq_inherited_pri;
2539 umtxq_lock(&uq->uq_key);
2540 umtxq_busy(&uq->uq_key);
2541 umtxq_unlock(&uq->uq_key);
2543 rv = fueword32(&m->m_ceilings[0], &ceiling);
2548 ceiling = RTP_PRIO_MAX - ceiling;
2549 if (ceiling > RTP_PRIO_MAX) {
2553 new_pri = PRI_MIN_REALTIME + ceiling;
2555 if (td->td_base_user_pri < new_pri) {
2560 mtx_lock(&umtx_lock);
2561 if (new_pri < uq->uq_inherited_pri) {
2562 uq->uq_inherited_pri = new_pri;
2564 if (new_pri < UPRI(td))
2565 sched_lend_user_prio(td, new_pri);
2568 mtx_unlock(&umtx_lock);
2571 rv = casueword32(&m->m_owner, UMUTEX_CONTESTED, &owner,
2572 id | UMUTEX_CONTESTED);
2573 /* The address was invalid. */
2579 MPASS(owner == UMUTEX_CONTESTED);
2584 if (owner == UMUTEX_RB_OWNERDEAD) {
2585 rv = casueword32(&m->m_owner, UMUTEX_RB_OWNERDEAD,
2586 &owner, id | UMUTEX_CONTESTED);
2592 MPASS(owner == UMUTEX_RB_OWNERDEAD);
2593 error = EOWNERDEAD; /* success */
2598 * rv == 1, only check for suspension if we
2599 * did not already catched a signal. If we
2600 * get an error from the check, the same
2601 * condition is checked by the umtxq_sleep()
2602 * call below, so we should obliterate the
2603 * error to not skip the last loop iteration.
2606 error = thread_check_susp(td, false);
2615 } else if (owner == UMUTEX_RB_NOTRECOV) {
2616 error = ENOTRECOVERABLE;
2623 * If we caught a signal, we have retried and now
2629 umtxq_lock(&uq->uq_key);
2631 umtxq_unbusy(&uq->uq_key);
2632 error = umtxq_sleep(uq, "umtxpp", timeout == NULL ?
2635 umtxq_unlock(&uq->uq_key);
2637 mtx_lock(&umtx_lock);
2638 uq->uq_inherited_pri = old_inherited_pri;
2640 TAILQ_FOREACH(pi, &uq->uq_pi_contested, pi_link) {
2641 uq2 = TAILQ_FIRST(&pi->pi_blocked);
2643 if (pri > UPRI(uq2->uq_thread))
2644 pri = UPRI(uq2->uq_thread);
2647 if (pri > uq->uq_inherited_pri)
2648 pri = uq->uq_inherited_pri;
2650 sched_lend_user_prio(td, pri);
2652 mtx_unlock(&umtx_lock);
2655 if (error != 0 && error != EOWNERDEAD) {
2656 mtx_lock(&umtx_lock);
2657 uq->uq_inherited_pri = old_inherited_pri;
2659 TAILQ_FOREACH(pi, &uq->uq_pi_contested, pi_link) {
2660 uq2 = TAILQ_FIRST(&pi->pi_blocked);
2662 if (pri > UPRI(uq2->uq_thread))
2663 pri = UPRI(uq2->uq_thread);
2666 if (pri > uq->uq_inherited_pri)
2667 pri = uq->uq_inherited_pri;
2669 sched_lend_user_prio(td, pri);
2671 mtx_unlock(&umtx_lock);
2675 umtxq_unbusy_unlocked(&uq->uq_key);
2676 umtx_key_release(&uq->uq_key);
2681 * Unlock a PP mutex.
2684 do_unlock_pp(struct thread *td, struct umutex *m, uint32_t flags, bool rb)
2686 struct umtx_key key;
2687 struct umtx_q *uq, *uq2;
2689 uint32_t id, owner, rceiling;
2690 int error, pri, new_inherited_pri;
2695 su = (priv_check(td, PRIV_SCHED_RTPRIO) == 0);
2698 * Make sure we own this mtx.
2700 error = fueword32(&m->m_owner, &owner);
2704 if ((owner & ~UMUTEX_CONTESTED) != id)
2707 error = copyin(&m->m_ceilings[1], &rceiling, sizeof(uint32_t));
2712 new_inherited_pri = PRI_MAX;
2714 rceiling = RTP_PRIO_MAX - rceiling;
2715 if (rceiling > RTP_PRIO_MAX)
2717 new_inherited_pri = PRI_MIN_REALTIME + rceiling;
2720 if ((error = umtx_key_get(m, (flags & UMUTEX_ROBUST) != 0 ?
2721 TYPE_PP_ROBUST_UMUTEX : TYPE_PP_UMUTEX, GET_SHARE(flags),
2728 * For priority protected mutex, always set unlocked state
2729 * to UMUTEX_CONTESTED, so that userland always enters kernel
2730 * to lock the mutex, it is necessary because thread priority
2731 * has to be adjusted for such mutex.
2733 error = suword32(&m->m_owner, umtx_unlock_val(flags, rb) |
2738 umtxq_signal(&key, 1);
2745 mtx_lock(&umtx_lock);
2746 if (su || new_inherited_pri == PRI_MAX)
2747 uq->uq_inherited_pri = new_inherited_pri;
2749 TAILQ_FOREACH(pi, &uq->uq_pi_contested, pi_link) {
2750 uq2 = TAILQ_FIRST(&pi->pi_blocked);
2752 if (pri > UPRI(uq2->uq_thread))
2753 pri = UPRI(uq2->uq_thread);
2756 if (pri > uq->uq_inherited_pri)
2757 pri = uq->uq_inherited_pri;
2759 sched_lend_user_prio(td, pri);
2761 mtx_unlock(&umtx_lock);
2763 umtx_key_release(&key);
2768 do_set_ceiling(struct thread *td, struct umutex *m, uint32_t ceiling,
2769 uint32_t *old_ceiling)
2772 uint32_t flags, id, owner, save_ceiling;
2775 error = fueword32(&m->m_flags, &flags);
2778 if ((flags & UMUTEX_PRIO_PROTECT) == 0)
2780 if (ceiling > RTP_PRIO_MAX)
2784 if ((error = umtx_key_get(m, (flags & UMUTEX_ROBUST) != 0 ?
2785 TYPE_PP_ROBUST_UMUTEX : TYPE_PP_UMUTEX, GET_SHARE(flags),
2789 umtxq_lock(&uq->uq_key);
2790 umtxq_busy(&uq->uq_key);
2791 umtxq_unlock(&uq->uq_key);
2793 rv = fueword32(&m->m_ceilings[0], &save_ceiling);
2799 rv = casueword32(&m->m_owner, UMUTEX_CONTESTED, &owner,
2800 id | UMUTEX_CONTESTED);
2807 MPASS(owner == UMUTEX_CONTESTED);
2808 rv = suword32(&m->m_ceilings[0], ceiling);
2809 rv1 = suword32(&m->m_owner, UMUTEX_CONTESTED);
2810 error = (rv == 0 && rv1 == 0) ? 0: EFAULT;
2814 if ((owner & ~UMUTEX_CONTESTED) == id) {
2815 rv = suword32(&m->m_ceilings[0], ceiling);
2816 error = rv == 0 ? 0 : EFAULT;
2820 if (owner == UMUTEX_RB_OWNERDEAD) {
2823 } else if (owner == UMUTEX_RB_NOTRECOV) {
2824 error = ENOTRECOVERABLE;
2829 * If we caught a signal, we have retried and now
2836 * We set the contested bit, sleep. Otherwise the lock changed
2837 * and we need to retry or we lost a race to the thread
2838 * unlocking the umtx.
2840 umtxq_lock(&uq->uq_key);
2842 umtxq_unbusy(&uq->uq_key);
2843 error = umtxq_sleep(uq, "umtxpp", NULL);
2845 umtxq_unlock(&uq->uq_key);
2847 umtxq_lock(&uq->uq_key);
2849 umtxq_signal(&uq->uq_key, INT_MAX);
2850 umtxq_unbusy(&uq->uq_key);
2851 umtxq_unlock(&uq->uq_key);
2852 umtx_key_release(&uq->uq_key);
2853 if (error == 0 && old_ceiling != NULL) {
2854 rv = suword32(old_ceiling, save_ceiling);
2855 error = rv == 0 ? 0 : EFAULT;
2861 * Lock a userland POSIX mutex.
2864 do_lock_umutex(struct thread *td, struct umutex *m,
2865 struct _umtx_time *timeout, int mode)
2870 error = fueword32(&m->m_flags, &flags);
2874 switch (flags & (UMUTEX_PRIO_INHERIT | UMUTEX_PRIO_PROTECT)) {
2876 error = do_lock_normal(td, m, flags, timeout, mode);
2878 case UMUTEX_PRIO_INHERIT:
2879 error = do_lock_pi(td, m, flags, timeout, mode);
2881 case UMUTEX_PRIO_PROTECT:
2882 error = do_lock_pp(td, m, flags, timeout, mode);
2887 if (timeout == NULL) {
2888 if (error == EINTR && mode != _UMUTEX_WAIT)
2891 /* Timed-locking is not restarted. */
2892 if (error == ERESTART)
2899 * Unlock a userland POSIX mutex.
2902 do_unlock_umutex(struct thread *td, struct umutex *m, bool rb)
2907 error = fueword32(&m->m_flags, &flags);
2911 switch (flags & (UMUTEX_PRIO_INHERIT | UMUTEX_PRIO_PROTECT)) {
2913 return (do_unlock_normal(td, m, flags, rb));
2914 case UMUTEX_PRIO_INHERIT:
2915 return (do_unlock_pi(td, m, flags, rb));
2916 case UMUTEX_PRIO_PROTECT:
2917 return (do_unlock_pp(td, m, flags, rb));
2924 do_cv_wait(struct thread *td, struct ucond *cv, struct umutex *m,
2925 struct timespec *timeout, u_long wflags)
2927 struct umtx_abs_timeout timo;
2929 uint32_t flags, clockid, hasw;
2933 error = fueword32(&cv->c_flags, &flags);
2936 error = umtx_key_get(cv, TYPE_CV, GET_SHARE(flags), &uq->uq_key);
2940 if ((wflags & CVWAIT_CLOCKID) != 0) {
2941 error = fueword32(&cv->c_clockid, &clockid);
2943 umtx_key_release(&uq->uq_key);
2946 if (clockid < CLOCK_REALTIME ||
2947 clockid >= CLOCK_THREAD_CPUTIME_ID) {
2948 /* hmm, only HW clock id will work. */
2949 umtx_key_release(&uq->uq_key);
2953 clockid = CLOCK_REALTIME;
2956 umtxq_lock(&uq->uq_key);
2957 umtxq_busy(&uq->uq_key);
2959 umtxq_unlock(&uq->uq_key);
2962 * Set c_has_waiters to 1 before releasing user mutex, also
2963 * don't modify cache line when unnecessary.
2965 error = fueword32(&cv->c_has_waiters, &hasw);
2966 if (error == 0 && hasw == 0)
2967 error = suword32(&cv->c_has_waiters, 1);
2969 umtxq_lock(&uq->uq_key);
2971 umtxq_unbusy(&uq->uq_key);
2976 umtxq_unbusy_unlocked(&uq->uq_key);
2978 error = do_unlock_umutex(td, m, false);
2980 if (timeout != NULL)
2981 umtx_abs_timeout_init(&timo, clockid,
2982 (wflags & CVWAIT_ABSTIME) != 0, timeout);
2984 umtxq_lock(&uq->uq_key);
2986 error = umtxq_sleep(uq, "ucond", timeout == NULL ?
2990 if ((uq->uq_flags & UQF_UMTXQ) == 0)
2994 * This must be timeout,interrupted by signal or
2995 * surprious wakeup, clear c_has_waiter flag when
2998 umtxq_busy(&uq->uq_key);
2999 if ((uq->uq_flags & UQF_UMTXQ) != 0) {
3000 int oldlen = uq->uq_cur_queue->length;
3003 umtxq_unlock(&uq->uq_key);
3004 if (suword32(&cv->c_has_waiters, 0) != 0 &&
3007 umtxq_lock(&uq->uq_key);
3010 umtxq_unbusy(&uq->uq_key);
3011 if (error == ERESTART)
3015 umtxq_unlock(&uq->uq_key);
3016 umtx_key_release(&uq->uq_key);
3021 * Signal a userland condition variable.
3024 do_cv_signal(struct thread *td, struct ucond *cv)
3026 struct umtx_key key;
3027 int error, cnt, nwake;
3030 error = fueword32(&cv->c_flags, &flags);
3033 if ((error = umtx_key_get(cv, TYPE_CV, GET_SHARE(flags), &key)) != 0)
3037 cnt = umtxq_count(&key);
3038 nwake = umtxq_signal(&key, 1);
3041 error = suword32(&cv->c_has_waiters, 0);
3048 umtx_key_release(&key);
3053 do_cv_broadcast(struct thread *td, struct ucond *cv)
3055 struct umtx_key key;
3059 error = fueword32(&cv->c_flags, &flags);
3062 if ((error = umtx_key_get(cv, TYPE_CV, GET_SHARE(flags), &key)) != 0)
3067 umtxq_signal(&key, INT_MAX);
3070 error = suword32(&cv->c_has_waiters, 0);
3074 umtxq_unbusy_unlocked(&key);
3076 umtx_key_release(&key);
3081 do_rw_rdlock(struct thread *td, struct urwlock *rwlock, long fflag,
3082 struct _umtx_time *timeout)
3084 struct umtx_abs_timeout timo;
3086 uint32_t flags, wrflags;
3087 int32_t state, oldstate;
3088 int32_t blocked_readers;
3089 int error, error1, rv;
3092 error = fueword32(&rwlock->rw_flags, &flags);
3095 error = umtx_key_get(rwlock, TYPE_RWLOCK, GET_SHARE(flags), &uq->uq_key);
3099 if (timeout != NULL)
3100 umtx_abs_timeout_init2(&timo, timeout);
3102 wrflags = URWLOCK_WRITE_OWNER;
3103 if (!(fflag & URWLOCK_PREFER_READER) && !(flags & URWLOCK_PREFER_READER))
3104 wrflags |= URWLOCK_WRITE_WAITERS;
3107 rv = fueword32(&rwlock->rw_state, &state);
3109 umtx_key_release(&uq->uq_key);
3113 /* try to lock it */
3114 while (!(state & wrflags)) {
3115 if (__predict_false(URWLOCK_READER_COUNT(state) ==
3116 URWLOCK_MAX_READERS)) {
3117 umtx_key_release(&uq->uq_key);
3120 rv = casueword32(&rwlock->rw_state, state,
3121 &oldstate, state + 1);
3123 umtx_key_release(&uq->uq_key);
3127 MPASS(oldstate == state);
3128 umtx_key_release(&uq->uq_key);
3131 error = thread_check_susp(td, true);
3140 /* grab monitor lock */
3141 umtxq_lock(&uq->uq_key);
3142 umtxq_busy(&uq->uq_key);
3143 umtxq_unlock(&uq->uq_key);
3146 * re-read the state, in case it changed between the try-lock above
3147 * and the check below
3149 rv = fueword32(&rwlock->rw_state, &state);
3153 /* set read contention bit */
3154 while (error == 0 && (state & wrflags) &&
3155 !(state & URWLOCK_READ_WAITERS)) {
3156 rv = casueword32(&rwlock->rw_state, state,
3157 &oldstate, state | URWLOCK_READ_WAITERS);
3163 MPASS(oldstate == state);
3167 error = thread_check_susp(td, false);
3172 umtxq_unbusy_unlocked(&uq->uq_key);
3176 /* state is changed while setting flags, restart */
3177 if (!(state & wrflags)) {
3178 umtxq_unbusy_unlocked(&uq->uq_key);
3179 error = thread_check_susp(td, true);
3187 * Contention bit is set, before sleeping, increase
3188 * read waiter count.
3190 rv = fueword32(&rwlock->rw_blocked_readers,
3193 rv = suword32(&rwlock->rw_blocked_readers,
3194 blocked_readers + 1);
3196 umtxq_unbusy_unlocked(&uq->uq_key);
3201 while (state & wrflags) {
3202 umtxq_lock(&uq->uq_key);
3204 umtxq_unbusy(&uq->uq_key);
3206 error = umtxq_sleep(uq, "urdlck", timeout == NULL ?
3209 umtxq_busy(&uq->uq_key);
3211 umtxq_unlock(&uq->uq_key);
3214 rv = fueword32(&rwlock->rw_state, &state);
3221 /* decrease read waiter count, and may clear read contention bit */
3222 rv = fueword32(&rwlock->rw_blocked_readers,
3225 rv = suword32(&rwlock->rw_blocked_readers,
3226 blocked_readers - 1);
3228 umtxq_unbusy_unlocked(&uq->uq_key);
3232 if (blocked_readers == 1) {
3233 rv = fueword32(&rwlock->rw_state, &state);
3235 umtxq_unbusy_unlocked(&uq->uq_key);
3240 rv = casueword32(&rwlock->rw_state, state,
3241 &oldstate, state & ~URWLOCK_READ_WAITERS);
3247 MPASS(oldstate == state);
3251 error1 = thread_check_susp(td, false);
3260 umtxq_unbusy_unlocked(&uq->uq_key);
3264 umtx_key_release(&uq->uq_key);
3265 if (error == ERESTART)
3271 do_rw_wrlock(struct thread *td, struct urwlock *rwlock, struct _umtx_time *timeout)
3273 struct umtx_abs_timeout timo;
3276 int32_t state, oldstate;
3277 int32_t blocked_writers;
3278 int32_t blocked_readers;
3279 int error, error1, rv;
3282 error = fueword32(&rwlock->rw_flags, &flags);
3285 error = umtx_key_get(rwlock, TYPE_RWLOCK, GET_SHARE(flags), &uq->uq_key);
3289 if (timeout != NULL)
3290 umtx_abs_timeout_init2(&timo, timeout);
3292 blocked_readers = 0;
3294 rv = fueword32(&rwlock->rw_state, &state);
3296 umtx_key_release(&uq->uq_key);
3299 while ((state & URWLOCK_WRITE_OWNER) == 0 &&
3300 URWLOCK_READER_COUNT(state) == 0) {
3301 rv = casueword32(&rwlock->rw_state, state,
3302 &oldstate, state | URWLOCK_WRITE_OWNER);
3304 umtx_key_release(&uq->uq_key);
3308 MPASS(oldstate == state);
3309 umtx_key_release(&uq->uq_key);
3313 error = thread_check_susp(td, true);
3319 if ((state & (URWLOCK_WRITE_OWNER |
3320 URWLOCK_WRITE_WAITERS)) == 0 &&
3321 blocked_readers != 0) {
3322 umtxq_lock(&uq->uq_key);
3323 umtxq_busy(&uq->uq_key);
3324 umtxq_signal_queue(&uq->uq_key, INT_MAX,
3326 umtxq_unbusy(&uq->uq_key);
3327 umtxq_unlock(&uq->uq_key);
3333 /* grab monitor lock */
3334 umtxq_lock(&uq->uq_key);
3335 umtxq_busy(&uq->uq_key);
3336 umtxq_unlock(&uq->uq_key);
3339 * Re-read the state, in case it changed between the
3340 * try-lock above and the check below.
3342 rv = fueword32(&rwlock->rw_state, &state);
3346 while (error == 0 && ((state & URWLOCK_WRITE_OWNER) ||
3347 URWLOCK_READER_COUNT(state) != 0) &&
3348 (state & URWLOCK_WRITE_WAITERS) == 0) {
3349 rv = casueword32(&rwlock->rw_state, state,
3350 &oldstate, state | URWLOCK_WRITE_WAITERS);
3356 MPASS(oldstate == state);
3360 error = thread_check_susp(td, false);
3365 umtxq_unbusy_unlocked(&uq->uq_key);
3369 if ((state & URWLOCK_WRITE_OWNER) == 0 &&
3370 URWLOCK_READER_COUNT(state) == 0) {
3371 umtxq_unbusy_unlocked(&uq->uq_key);
3372 error = thread_check_susp(td, false);
3378 rv = fueword32(&rwlock->rw_blocked_writers,
3381 rv = suword32(&rwlock->rw_blocked_writers,
3382 blocked_writers + 1);
3384 umtxq_unbusy_unlocked(&uq->uq_key);
3389 while ((state & URWLOCK_WRITE_OWNER) ||
3390 URWLOCK_READER_COUNT(state) != 0) {
3391 umtxq_lock(&uq->uq_key);
3392 umtxq_insert_queue(uq, UMTX_EXCLUSIVE_QUEUE);
3393 umtxq_unbusy(&uq->uq_key);
3395 error = umtxq_sleep(uq, "uwrlck", timeout == NULL ?
3398 umtxq_busy(&uq->uq_key);
3399 umtxq_remove_queue(uq, UMTX_EXCLUSIVE_QUEUE);
3400 umtxq_unlock(&uq->uq_key);
3403 rv = fueword32(&rwlock->rw_state, &state);
3410 rv = fueword32(&rwlock->rw_blocked_writers,
3413 rv = suword32(&rwlock->rw_blocked_writers,
3414 blocked_writers - 1);
3416 umtxq_unbusy_unlocked(&uq->uq_key);
3420 if (blocked_writers == 1) {
3421 rv = fueword32(&rwlock->rw_state, &state);
3423 umtxq_unbusy_unlocked(&uq->uq_key);
3428 rv = casueword32(&rwlock->rw_state, state,
3429 &oldstate, state & ~URWLOCK_WRITE_WAITERS);
3435 MPASS(oldstate == state);
3439 error1 = thread_check_susp(td, false);
3441 * We are leaving the URWLOCK_WRITE_WAITERS
3442 * behind, but this should not harm the
3451 rv = fueword32(&rwlock->rw_blocked_readers,
3454 umtxq_unbusy_unlocked(&uq->uq_key);
3459 blocked_readers = 0;
3461 umtxq_unbusy_unlocked(&uq->uq_key);
3464 umtx_key_release(&uq->uq_key);
3465 if (error == ERESTART)
3471 do_rw_unlock(struct thread *td, struct urwlock *rwlock)
3475 int32_t state, oldstate;
3476 int error, rv, q, count;
3479 error = fueword32(&rwlock->rw_flags, &flags);
3482 error = umtx_key_get(rwlock, TYPE_RWLOCK, GET_SHARE(flags), &uq->uq_key);
3486 error = fueword32(&rwlock->rw_state, &state);
3491 if (state & URWLOCK_WRITE_OWNER) {
3493 rv = casueword32(&rwlock->rw_state, state,
3494 &oldstate, state & ~URWLOCK_WRITE_OWNER);
3501 if (!(oldstate & URWLOCK_WRITE_OWNER)) {
3505 error = thread_check_susp(td, true);
3511 } else if (URWLOCK_READER_COUNT(state) != 0) {
3513 rv = casueword32(&rwlock->rw_state, state,
3514 &oldstate, state - 1);
3521 if (URWLOCK_READER_COUNT(oldstate) == 0) {
3525 error = thread_check_susp(td, true);
3538 if (!(flags & URWLOCK_PREFER_READER)) {
3539 if (state & URWLOCK_WRITE_WAITERS) {
3541 q = UMTX_EXCLUSIVE_QUEUE;
3542 } else if (state & URWLOCK_READ_WAITERS) {
3544 q = UMTX_SHARED_QUEUE;
3547 if (state & URWLOCK_READ_WAITERS) {
3549 q = UMTX_SHARED_QUEUE;
3550 } else if (state & URWLOCK_WRITE_WAITERS) {
3552 q = UMTX_EXCLUSIVE_QUEUE;
3557 umtxq_lock(&uq->uq_key);
3558 umtxq_busy(&uq->uq_key);
3559 umtxq_signal_queue(&uq->uq_key, count, q);
3560 umtxq_unbusy(&uq->uq_key);
3561 umtxq_unlock(&uq->uq_key);
3564 umtx_key_release(&uq->uq_key);
3568 #if defined(COMPAT_FREEBSD9) || defined(COMPAT_FREEBSD10)
3570 do_sem_wait(struct thread *td, struct _usem *sem, struct _umtx_time *timeout)
3572 struct umtx_abs_timeout timo;
3574 uint32_t flags, count, count1;
3578 error = fueword32(&sem->_flags, &flags);
3581 error = umtx_key_get(sem, TYPE_SEM, GET_SHARE(flags), &uq->uq_key);
3585 if (timeout != NULL)
3586 umtx_abs_timeout_init2(&timo, timeout);
3589 umtxq_lock(&uq->uq_key);
3590 umtxq_busy(&uq->uq_key);
3592 umtxq_unlock(&uq->uq_key);
3593 rv = casueword32(&sem->_has_waiters, 0, &count1, 1);
3595 rv1 = fueword32(&sem->_count, &count);
3596 if (rv == -1 || rv1 == -1 || count != 0 || (rv == 1 && count1 == 0)) {
3598 rv = suword32(&sem->_has_waiters, 0);
3599 umtxq_lock(&uq->uq_key);
3600 umtxq_unbusy(&uq->uq_key);
3602 umtxq_unlock(&uq->uq_key);
3603 if (rv == -1 || rv1 == -1) {
3611 MPASS(rv == 1 && count1 == 0);
3612 rv = thread_check_susp(td, true);
3618 umtxq_lock(&uq->uq_key);
3619 umtxq_unbusy(&uq->uq_key);
3621 error = umtxq_sleep(uq, "usem", timeout == NULL ? NULL : &timo);
3623 if ((uq->uq_flags & UQF_UMTXQ) == 0)
3627 /* A relative timeout cannot be restarted. */
3628 if (error == ERESTART && timeout != NULL &&
3629 (timeout->_flags & UMTX_ABSTIME) == 0)
3632 umtxq_unlock(&uq->uq_key);
3634 umtx_key_release(&uq->uq_key);
3639 * Signal a userland semaphore.
3642 do_sem_wake(struct thread *td, struct _usem *sem)
3644 struct umtx_key key;
3648 error = fueword32(&sem->_flags, &flags);
3651 if ((error = umtx_key_get(sem, TYPE_SEM, GET_SHARE(flags), &key)) != 0)
3655 cnt = umtxq_count(&key);
3658 * Check if count is greater than 0, this means the memory is
3659 * still being referenced by user code, so we can safely
3660 * update _has_waiters flag.
3664 error = suword32(&sem->_has_waiters, 0);
3669 umtxq_signal(&key, 1);
3673 umtx_key_release(&key);
3679 do_sem2_wait(struct thread *td, struct _usem2 *sem, struct _umtx_time *timeout)
3681 struct umtx_abs_timeout timo;
3683 uint32_t count, flags;
3687 flags = fuword32(&sem->_flags);
3688 if (timeout != NULL)
3689 umtx_abs_timeout_init2(&timo, timeout);
3692 error = umtx_key_get(sem, TYPE_SEM, GET_SHARE(flags), &uq->uq_key);
3695 umtxq_lock(&uq->uq_key);
3696 umtxq_busy(&uq->uq_key);
3698 umtxq_unlock(&uq->uq_key);
3699 rv = fueword32(&sem->_count, &count);
3701 umtxq_lock(&uq->uq_key);
3702 umtxq_unbusy(&uq->uq_key);
3704 umtxq_unlock(&uq->uq_key);
3705 umtx_key_release(&uq->uq_key);
3709 if (USEM_COUNT(count) != 0) {
3710 umtxq_lock(&uq->uq_key);
3711 umtxq_unbusy(&uq->uq_key);
3713 umtxq_unlock(&uq->uq_key);
3714 umtx_key_release(&uq->uq_key);
3717 if (count == USEM_HAS_WAITERS)
3719 rv = casueword32(&sem->_count, 0, &count, USEM_HAS_WAITERS);
3722 umtxq_lock(&uq->uq_key);
3723 umtxq_unbusy(&uq->uq_key);
3725 umtxq_unlock(&uq->uq_key);
3726 umtx_key_release(&uq->uq_key);
3729 rv = thread_check_susp(td, true);
3734 umtxq_lock(&uq->uq_key);
3735 umtxq_unbusy(&uq->uq_key);
3737 error = umtxq_sleep(uq, "usem", timeout == NULL ? NULL : &timo);
3739 if ((uq->uq_flags & UQF_UMTXQ) == 0)
3743 if (timeout != NULL && (timeout->_flags & UMTX_ABSTIME) == 0) {
3744 /* A relative timeout cannot be restarted. */
3745 if (error == ERESTART)
3747 if (error == EINTR) {
3748 kern_clock_gettime(curthread, timo.clockid,
3750 timespecsub(&timo.end, &timo.cur,
3751 &timeout->_timeout);
3755 umtxq_unlock(&uq->uq_key);
3756 umtx_key_release(&uq->uq_key);
3761 * Signal a userland semaphore.
3764 do_sem2_wake(struct thread *td, struct _usem2 *sem)
3766 struct umtx_key key;
3768 uint32_t count, flags;
3770 rv = fueword32(&sem->_flags, &flags);
3773 if ((error = umtx_key_get(sem, TYPE_SEM, GET_SHARE(flags), &key)) != 0)
3777 cnt = umtxq_count(&key);
3780 * If this was the last sleeping thread, clear the waiters
3785 rv = fueword32(&sem->_count, &count);
3786 while (rv != -1 && count & USEM_HAS_WAITERS) {
3787 rv = casueword32(&sem->_count, count, &count,
3788 count & ~USEM_HAS_WAITERS);
3790 rv = thread_check_susp(td, true);
3803 umtxq_signal(&key, 1);
3807 umtx_key_release(&key);
3811 #ifdef COMPAT_FREEBSD10
3813 freebsd10__umtx_lock(struct thread *td, struct freebsd10__umtx_lock_args *uap)
3815 return (do_lock_umtx(td, uap->umtx, td->td_tid, 0));
3819 freebsd10__umtx_unlock(struct thread *td,
3820 struct freebsd10__umtx_unlock_args *uap)
3822 return (do_unlock_umtx(td, uap->umtx, td->td_tid));
3827 umtx_copyin_timeout(const void *uaddr, struct timespec *tsp)
3831 error = copyin(uaddr, tsp, sizeof(*tsp));
3833 if (!timespecvalid_interval(tsp))
3840 umtx_copyin_umtx_time(const void *uaddr, size_t size, struct _umtx_time *tp)
3844 if (size <= sizeof(tp->_timeout)) {
3845 tp->_clockid = CLOCK_REALTIME;
3847 error = copyin(uaddr, &tp->_timeout, sizeof(tp->_timeout));
3849 error = copyin(uaddr, tp, sizeof(*tp));
3852 if (!timespecvalid_interval(&tp->_timeout))
3858 umtx_copyin_robust_lists(const void *uaddr, size_t size,
3859 struct umtx_robust_lists_params *rb)
3862 if (size > sizeof(*rb))
3864 return (copyin(uaddr, rb, size));
3868 umtx_copyout_timeout(void *uaddr, size_t sz, struct timespec *tsp)
3872 * Should be guaranteed by the caller, sz == uaddr1 - sizeof(_umtx_time)
3873 * and we're only called if sz >= sizeof(timespec) as supplied in the
3876 KASSERT(sz >= sizeof(*tsp),
3877 ("umtx_copyops specifies incorrect sizes"));
3879 return (copyout(tsp, uaddr, sizeof(*tsp)));
3882 #ifdef COMPAT_FREEBSD10
3884 __umtx_op_lock_umtx(struct thread *td, struct _umtx_op_args *uap,
3885 const struct umtx_copyops *ops)
3887 struct timespec *ts, timeout;
3890 /* Allow a null timespec (wait forever). */
3891 if (uap->uaddr2 == NULL)
3894 error = ops->copyin_timeout(uap->uaddr2, &timeout);
3899 #ifdef COMPAT_FREEBSD32
3901 return (do_lock_umtx32(td, uap->obj, uap->val, ts));
3903 return (do_lock_umtx(td, uap->obj, uap->val, ts));
3907 __umtx_op_unlock_umtx(struct thread *td, struct _umtx_op_args *uap,
3908 const struct umtx_copyops *ops)
3910 #ifdef COMPAT_FREEBSD32
3912 return (do_unlock_umtx32(td, uap->obj, uap->val));
3914 return (do_unlock_umtx(td, uap->obj, uap->val));
3916 #endif /* COMPAT_FREEBSD10 */
3918 #if !defined(COMPAT_FREEBSD10)
3920 __umtx_op_unimpl(struct thread *td __unused, struct _umtx_op_args *uap __unused,
3921 const struct umtx_copyops *ops __unused)
3923 return (EOPNOTSUPP);
3925 #endif /* COMPAT_FREEBSD10 */
3928 __umtx_op_wait(struct thread *td, struct _umtx_op_args *uap,
3929 const struct umtx_copyops *ops)
3931 struct _umtx_time timeout, *tm_p;
3934 if (uap->uaddr2 == NULL)
3937 error = ops->copyin_umtx_time(
3938 uap->uaddr2, (size_t)uap->uaddr1, &timeout);
3943 return (do_wait(td, uap->obj, uap->val, tm_p, ops->compat32, 0));
3947 __umtx_op_wait_uint(struct thread *td, struct _umtx_op_args *uap,
3948 const struct umtx_copyops *ops)
3950 struct _umtx_time timeout, *tm_p;
3953 if (uap->uaddr2 == NULL)
3956 error = ops->copyin_umtx_time(
3957 uap->uaddr2, (size_t)uap->uaddr1, &timeout);
3962 return (do_wait(td, uap->obj, uap->val, tm_p, 1, 0));
3966 __umtx_op_wait_uint_private(struct thread *td, struct _umtx_op_args *uap,
3967 const struct umtx_copyops *ops)
3969 struct _umtx_time *tm_p, timeout;
3972 if (uap->uaddr2 == NULL)
3975 error = ops->copyin_umtx_time(
3976 uap->uaddr2, (size_t)uap->uaddr1, &timeout);
3981 return (do_wait(td, uap->obj, uap->val, tm_p, 1, 1));
3985 __umtx_op_wake(struct thread *td, struct _umtx_op_args *uap,
3986 const struct umtx_copyops *ops __unused)
3989 return (kern_umtx_wake(td, uap->obj, uap->val, 0));
3992 #define BATCH_SIZE 128
3994 __umtx_op_nwake_private_native(struct thread *td, struct _umtx_op_args *uap)
3996 char *uaddrs[BATCH_SIZE], **upp;
3997 int count, error, i, pos, tocopy;
3999 upp = (char **)uap->obj;
4001 for (count = uap->val, pos = 0; count > 0; count -= tocopy,
4003 tocopy = MIN(count, BATCH_SIZE);
4004 error = copyin(upp + pos, uaddrs, tocopy * sizeof(char *));
4007 for (i = 0; i < tocopy; ++i) {
4008 kern_umtx_wake(td, uaddrs[i], INT_MAX, 1);
4016 __umtx_op_nwake_private_compat32(struct thread *td, struct _umtx_op_args *uap)
4018 uint32_t uaddrs[BATCH_SIZE], *upp;
4019 int count, error, i, pos, tocopy;
4021 upp = (uint32_t *)uap->obj;
4023 for (count = uap->val, pos = 0; count > 0; count -= tocopy,
4025 tocopy = MIN(count, BATCH_SIZE);
4026 error = copyin(upp + pos, uaddrs, tocopy * sizeof(uint32_t));
4029 for (i = 0; i < tocopy; ++i) {
4030 kern_umtx_wake(td, (void *)(uintptr_t)uaddrs[i],
4039 __umtx_op_nwake_private(struct thread *td, struct _umtx_op_args *uap,
4040 const struct umtx_copyops *ops)
4044 return (__umtx_op_nwake_private_compat32(td, uap));
4045 return (__umtx_op_nwake_private_native(td, uap));
4049 __umtx_op_wake_private(struct thread *td, struct _umtx_op_args *uap,
4050 const struct umtx_copyops *ops __unused)
4053 return (kern_umtx_wake(td, uap->obj, uap->val, 1));
4057 __umtx_op_lock_umutex(struct thread *td, struct _umtx_op_args *uap,
4058 const struct umtx_copyops *ops)
4060 struct _umtx_time *tm_p, timeout;
4063 /* Allow a null timespec (wait forever). */
4064 if (uap->uaddr2 == NULL)
4067 error = ops->copyin_umtx_time(
4068 uap->uaddr2, (size_t)uap->uaddr1, &timeout);
4073 return (do_lock_umutex(td, uap->obj, tm_p, 0));
4077 __umtx_op_trylock_umutex(struct thread *td, struct _umtx_op_args *uap,
4078 const struct umtx_copyops *ops __unused)
4081 return (do_lock_umutex(td, uap->obj, NULL, _UMUTEX_TRY));
4085 __umtx_op_wait_umutex(struct thread *td, struct _umtx_op_args *uap,
4086 const struct umtx_copyops *ops)
4088 struct _umtx_time *tm_p, timeout;
4091 /* Allow a null timespec (wait forever). */
4092 if (uap->uaddr2 == NULL)
4095 error = ops->copyin_umtx_time(
4096 uap->uaddr2, (size_t)uap->uaddr1, &timeout);
4101 return (do_lock_umutex(td, uap->obj, tm_p, _UMUTEX_WAIT));
4105 __umtx_op_wake_umutex(struct thread *td, struct _umtx_op_args *uap,
4106 const struct umtx_copyops *ops __unused)
4109 return (do_wake_umutex(td, uap->obj));
4113 __umtx_op_unlock_umutex(struct thread *td, struct _umtx_op_args *uap,
4114 const struct umtx_copyops *ops __unused)
4117 return (do_unlock_umutex(td, uap->obj, false));
4121 __umtx_op_set_ceiling(struct thread *td, struct _umtx_op_args *uap,
4122 const struct umtx_copyops *ops __unused)
4125 return (do_set_ceiling(td, uap->obj, uap->val, uap->uaddr1));
4129 __umtx_op_cv_wait(struct thread *td, struct _umtx_op_args *uap,
4130 const struct umtx_copyops *ops)
4132 struct timespec *ts, timeout;
4135 /* Allow a null timespec (wait forever). */
4136 if (uap->uaddr2 == NULL)
4139 error = ops->copyin_timeout(uap->uaddr2, &timeout);
4144 return (do_cv_wait(td, uap->obj, uap->uaddr1, ts, uap->val));
4148 __umtx_op_cv_signal(struct thread *td, struct _umtx_op_args *uap,
4149 const struct umtx_copyops *ops __unused)
4152 return (do_cv_signal(td, uap->obj));
4156 __umtx_op_cv_broadcast(struct thread *td, struct _umtx_op_args *uap,
4157 const struct umtx_copyops *ops __unused)
4160 return (do_cv_broadcast(td, uap->obj));
4164 __umtx_op_rw_rdlock(struct thread *td, struct _umtx_op_args *uap,
4165 const struct umtx_copyops *ops)
4167 struct _umtx_time timeout;
4170 /* Allow a null timespec (wait forever). */
4171 if (uap->uaddr2 == NULL) {
4172 error = do_rw_rdlock(td, uap->obj, uap->val, 0);
4174 error = ops->copyin_umtx_time(uap->uaddr2,
4175 (size_t)uap->uaddr1, &timeout);
4178 error = do_rw_rdlock(td, uap->obj, uap->val, &timeout);
4184 __umtx_op_rw_wrlock(struct thread *td, struct _umtx_op_args *uap,
4185 const struct umtx_copyops *ops)
4187 struct _umtx_time timeout;
4190 /* Allow a null timespec (wait forever). */
4191 if (uap->uaddr2 == NULL) {
4192 error = do_rw_wrlock(td, uap->obj, 0);
4194 error = ops->copyin_umtx_time(uap->uaddr2,
4195 (size_t)uap->uaddr1, &timeout);
4199 error = do_rw_wrlock(td, uap->obj, &timeout);
4205 __umtx_op_rw_unlock(struct thread *td, struct _umtx_op_args *uap,
4206 const struct umtx_copyops *ops __unused)
4209 return (do_rw_unlock(td, uap->obj));
4212 #if defined(COMPAT_FREEBSD9) || defined(COMPAT_FREEBSD10)
4214 __umtx_op_sem_wait(struct thread *td, struct _umtx_op_args *uap,
4215 const struct umtx_copyops *ops)
4217 struct _umtx_time *tm_p, timeout;
4220 /* Allow a null timespec (wait forever). */
4221 if (uap->uaddr2 == NULL)
4224 error = ops->copyin_umtx_time(
4225 uap->uaddr2, (size_t)uap->uaddr1, &timeout);
4230 return (do_sem_wait(td, uap->obj, tm_p));
4234 __umtx_op_sem_wake(struct thread *td, struct _umtx_op_args *uap,
4235 const struct umtx_copyops *ops __unused)
4238 return (do_sem_wake(td, uap->obj));
4243 __umtx_op_wake2_umutex(struct thread *td, struct _umtx_op_args *uap,
4244 const struct umtx_copyops *ops __unused)
4247 return (do_wake2_umutex(td, uap->obj, uap->val));
4251 __umtx_op_sem2_wait(struct thread *td, struct _umtx_op_args *uap,
4252 const struct umtx_copyops *ops)
4254 struct _umtx_time *tm_p, timeout;
4258 /* Allow a null timespec (wait forever). */
4259 if (uap->uaddr2 == NULL) {
4263 uasize = (size_t)uap->uaddr1;
4264 error = ops->copyin_umtx_time(uap->uaddr2, uasize, &timeout);
4269 error = do_sem2_wait(td, uap->obj, tm_p);
4270 if (error == EINTR && uap->uaddr2 != NULL &&
4271 (timeout._flags & UMTX_ABSTIME) == 0 &&
4272 uasize >= ops->umtx_time_sz + ops->timespec_sz) {
4273 error = ops->copyout_timeout(
4274 (void *)((uintptr_t)uap->uaddr2 + ops->umtx_time_sz),
4275 uasize - ops->umtx_time_sz, &timeout._timeout);
4285 __umtx_op_sem2_wake(struct thread *td, struct _umtx_op_args *uap,
4286 const struct umtx_copyops *ops __unused)
4289 return (do_sem2_wake(td, uap->obj));
4292 #define USHM_OBJ_UMTX(o) \
4293 ((struct umtx_shm_obj_list *)(&(o)->umtx_data))
4295 #define USHMF_REG_LINKED 0x0001
4296 #define USHMF_OBJ_LINKED 0x0002
4297 struct umtx_shm_reg {
4298 TAILQ_ENTRY(umtx_shm_reg) ushm_reg_link;
4299 LIST_ENTRY(umtx_shm_reg) ushm_obj_link;
4300 struct umtx_key ushm_key;
4301 struct ucred *ushm_cred;
4302 struct shmfd *ushm_obj;
4307 LIST_HEAD(umtx_shm_obj_list, umtx_shm_reg);
4308 TAILQ_HEAD(umtx_shm_reg_head, umtx_shm_reg);
4310 static uma_zone_t umtx_shm_reg_zone;
4311 static struct umtx_shm_reg_head umtx_shm_registry[UMTX_CHAINS];
4312 static struct mtx umtx_shm_lock;
4313 static struct umtx_shm_reg_head umtx_shm_reg_delfree =
4314 TAILQ_HEAD_INITIALIZER(umtx_shm_reg_delfree);
4316 static void umtx_shm_free_reg(struct umtx_shm_reg *reg);
4319 umtx_shm_reg_delfree_tq(void *context __unused, int pending __unused)
4321 struct umtx_shm_reg_head d;
4322 struct umtx_shm_reg *reg, *reg1;
4325 mtx_lock(&umtx_shm_lock);
4326 TAILQ_CONCAT(&d, &umtx_shm_reg_delfree, ushm_reg_link);
4327 mtx_unlock(&umtx_shm_lock);
4328 TAILQ_FOREACH_SAFE(reg, &d, ushm_reg_link, reg1) {
4329 TAILQ_REMOVE(&d, reg, ushm_reg_link);
4330 umtx_shm_free_reg(reg);
4334 static struct task umtx_shm_reg_delfree_task =
4335 TASK_INITIALIZER(0, umtx_shm_reg_delfree_tq, NULL);
4337 static struct umtx_shm_reg *
4338 umtx_shm_find_reg_locked(const struct umtx_key *key)
4340 struct umtx_shm_reg *reg;
4341 struct umtx_shm_reg_head *reg_head;
4343 KASSERT(key->shared, ("umtx_p_find_rg: private key"));
4344 mtx_assert(&umtx_shm_lock, MA_OWNED);
4345 reg_head = &umtx_shm_registry[key->hash];
4346 TAILQ_FOREACH(reg, reg_head, ushm_reg_link) {
4347 KASSERT(reg->ushm_key.shared,
4348 ("non-shared key on reg %p %d", reg, reg->ushm_key.shared));
4349 if (reg->ushm_key.info.shared.object ==
4350 key->info.shared.object &&
4351 reg->ushm_key.info.shared.offset ==
4352 key->info.shared.offset) {
4353 KASSERT(reg->ushm_key.type == TYPE_SHM, ("TYPE_USHM"));
4354 KASSERT(reg->ushm_refcnt > 0,
4355 ("reg %p refcnt 0 onlist", reg));
4356 KASSERT((reg->ushm_flags & USHMF_REG_LINKED) != 0,
4357 ("reg %p not linked", reg));
4365 static struct umtx_shm_reg *
4366 umtx_shm_find_reg(const struct umtx_key *key)
4368 struct umtx_shm_reg *reg;
4370 mtx_lock(&umtx_shm_lock);
4371 reg = umtx_shm_find_reg_locked(key);
4372 mtx_unlock(&umtx_shm_lock);
4377 umtx_shm_free_reg(struct umtx_shm_reg *reg)
4380 chgumtxcnt(reg->ushm_cred->cr_ruidinfo, -1, 0);
4381 crfree(reg->ushm_cred);
4382 shm_drop(reg->ushm_obj);
4383 uma_zfree(umtx_shm_reg_zone, reg);
4387 umtx_shm_unref_reg_locked(struct umtx_shm_reg *reg, bool force)
4391 mtx_assert(&umtx_shm_lock, MA_OWNED);
4392 KASSERT(reg->ushm_refcnt > 0, ("ushm_reg %p refcnt 0", reg));
4394 res = reg->ushm_refcnt == 0;
4396 if ((reg->ushm_flags & USHMF_REG_LINKED) != 0) {
4397 TAILQ_REMOVE(&umtx_shm_registry[reg->ushm_key.hash],
4398 reg, ushm_reg_link);
4399 reg->ushm_flags &= ~USHMF_REG_LINKED;
4401 if ((reg->ushm_flags & USHMF_OBJ_LINKED) != 0) {
4402 LIST_REMOVE(reg, ushm_obj_link);
4403 reg->ushm_flags &= ~USHMF_OBJ_LINKED;
4410 umtx_shm_unref_reg(struct umtx_shm_reg *reg, bool force)
4416 object = reg->ushm_obj->shm_object;
4417 VM_OBJECT_WLOCK(object);
4418 vm_object_set_flag(object, OBJ_UMTXDEAD);
4419 VM_OBJECT_WUNLOCK(object);
4421 mtx_lock(&umtx_shm_lock);
4422 dofree = umtx_shm_unref_reg_locked(reg, force);
4423 mtx_unlock(&umtx_shm_lock);
4425 umtx_shm_free_reg(reg);
4429 umtx_shm_object_init(vm_object_t object)
4432 LIST_INIT(USHM_OBJ_UMTX(object));
4436 umtx_shm_object_terminated(vm_object_t object)
4438 struct umtx_shm_reg *reg, *reg1;
4441 if (LIST_EMPTY(USHM_OBJ_UMTX(object)))
4445 mtx_lock(&umtx_shm_lock);
4446 LIST_FOREACH_SAFE(reg, USHM_OBJ_UMTX(object), ushm_obj_link, reg1) {
4447 if (umtx_shm_unref_reg_locked(reg, true)) {
4448 TAILQ_INSERT_TAIL(&umtx_shm_reg_delfree, reg,
4453 mtx_unlock(&umtx_shm_lock);
4455 taskqueue_enqueue(taskqueue_thread, &umtx_shm_reg_delfree_task);
4459 umtx_shm_create_reg(struct thread *td, const struct umtx_key *key,
4460 struct umtx_shm_reg **res)
4462 struct umtx_shm_reg *reg, *reg1;
4466 reg = umtx_shm_find_reg(key);
4471 cred = td->td_ucred;
4472 if (!chgumtxcnt(cred->cr_ruidinfo, 1, lim_cur(td, RLIMIT_UMTXP)))
4474 reg = uma_zalloc(umtx_shm_reg_zone, M_WAITOK | M_ZERO);
4475 reg->ushm_refcnt = 1;
4476 bcopy(key, ®->ushm_key, sizeof(*key));
4477 reg->ushm_obj = shm_alloc(td->td_ucred, O_RDWR, false);
4478 reg->ushm_cred = crhold(cred);
4479 error = shm_dotruncate(reg->ushm_obj, PAGE_SIZE);
4481 umtx_shm_free_reg(reg);
4484 mtx_lock(&umtx_shm_lock);
4485 reg1 = umtx_shm_find_reg_locked(key);
4487 mtx_unlock(&umtx_shm_lock);
4488 umtx_shm_free_reg(reg);
4493 TAILQ_INSERT_TAIL(&umtx_shm_registry[key->hash], reg, ushm_reg_link);
4494 LIST_INSERT_HEAD(USHM_OBJ_UMTX(key->info.shared.object), reg,
4496 reg->ushm_flags = USHMF_REG_LINKED | USHMF_OBJ_LINKED;
4497 mtx_unlock(&umtx_shm_lock);
4503 umtx_shm_alive(struct thread *td, void *addr)
4506 vm_map_entry_t entry;
4513 map = &td->td_proc->p_vmspace->vm_map;
4514 res = vm_map_lookup(&map, (uintptr_t)addr, VM_PROT_READ, &entry,
4515 &object, &pindex, &prot, &wired);
4516 if (res != KERN_SUCCESS)
4521 ret = (object->flags & OBJ_UMTXDEAD) != 0 ? ENOTTY : 0;
4522 vm_map_lookup_done(map, entry);
4531 umtx_shm_reg_zone = uma_zcreate("umtx_shm", sizeof(struct umtx_shm_reg),
4532 NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, 0);
4533 mtx_init(&umtx_shm_lock, "umtxshm", NULL, MTX_DEF);
4534 for (i = 0; i < nitems(umtx_shm_registry); i++)
4535 TAILQ_INIT(&umtx_shm_registry[i]);
4539 umtx_shm(struct thread *td, void *addr, u_int flags)
4541 struct umtx_key key;
4542 struct umtx_shm_reg *reg;
4546 if (__bitcount(flags & (UMTX_SHM_CREAT | UMTX_SHM_LOOKUP |
4547 UMTX_SHM_DESTROY| UMTX_SHM_ALIVE)) != 1)
4549 if ((flags & UMTX_SHM_ALIVE) != 0)
4550 return (umtx_shm_alive(td, addr));
4551 error = umtx_key_get(addr, TYPE_SHM, PROCESS_SHARE, &key);
4554 KASSERT(key.shared == 1, ("non-shared key"));
4555 if ((flags & UMTX_SHM_CREAT) != 0) {
4556 error = umtx_shm_create_reg(td, &key, ®);
4558 reg = umtx_shm_find_reg(&key);
4562 umtx_key_release(&key);
4565 KASSERT(reg != NULL, ("no reg"));
4566 if ((flags & UMTX_SHM_DESTROY) != 0) {
4567 umtx_shm_unref_reg(reg, true);
4571 error = mac_posixshm_check_open(td->td_ucred,
4572 reg->ushm_obj, FFLAGS(O_RDWR));
4575 error = shm_access(reg->ushm_obj, td->td_ucred,
4579 error = falloc_caps(td, &fp, &fd, O_CLOEXEC, NULL);
4581 shm_hold(reg->ushm_obj);
4582 finit(fp, FFLAGS(O_RDWR), DTYPE_SHM, reg->ushm_obj,
4584 td->td_retval[0] = fd;
4588 umtx_shm_unref_reg(reg, false);
4593 __umtx_op_shm(struct thread *td, struct _umtx_op_args *uap,
4594 const struct umtx_copyops *ops __unused)
4597 return (umtx_shm(td, uap->uaddr1, uap->val));
4601 __umtx_op_robust_lists(struct thread *td, struct _umtx_op_args *uap,
4602 const struct umtx_copyops *ops)
4604 struct umtx_robust_lists_params rb;
4607 if (ops->compat32) {
4608 if ((td->td_pflags2 & TDP2_COMPAT32RB) == 0 &&
4609 (td->td_rb_list != 0 || td->td_rbp_list != 0 ||
4610 td->td_rb_inact != 0))
4612 } else if ((td->td_pflags2 & TDP2_COMPAT32RB) != 0) {
4616 bzero(&rb, sizeof(rb));
4617 error = ops->copyin_robust_lists(uap->uaddr1, uap->val, &rb);
4622 td->td_pflags2 |= TDP2_COMPAT32RB;
4624 td->td_rb_list = rb.robust_list_offset;
4625 td->td_rbp_list = rb.robust_priv_list_offset;
4626 td->td_rb_inact = rb.robust_inact_offset;
4631 __umtx_op_get_min_timeout(struct thread *td, struct _umtx_op_args *uap,
4632 const struct umtx_copyops *ops)
4637 val = sbttons(td->td_proc->p_umtx_min_timeout);
4638 if (ops->compat32) {
4640 error = copyout(&val1, uap->uaddr1, sizeof(val1));
4642 error = copyout(&val, uap->uaddr1, sizeof(val));
4648 __umtx_op_set_min_timeout(struct thread *td, struct _umtx_op_args *uap,
4649 const struct umtx_copyops *ops)
4653 td->td_proc->p_umtx_min_timeout = nstosbt(uap->val);
4657 #if defined(__i386__) || defined(__amd64__)
4659 * Provide the standard 32-bit definitions for x86, since native/compat32 use a
4660 * 32-bit time_t there. Other architectures just need the i386 definitions
4661 * along with their standard compat32.
4663 struct timespecx32 {
4668 struct umtx_timex32 {
4669 struct timespecx32 _timeout;
4675 #define timespeci386 timespec32
4676 #define umtx_timei386 umtx_time32
4678 #else /* !__i386__ && !__amd64__ */
4679 /* 32-bit architectures can emulate i386, so define these almost everywhere. */
4680 struct timespeci386 {
4685 struct umtx_timei386 {
4686 struct timespeci386 _timeout;
4691 #if defined(__LP64__)
4692 #define timespecx32 timespec32
4693 #define umtx_timex32 umtx_time32
4698 umtx_copyin_robust_lists32(const void *uaddr, size_t size,
4699 struct umtx_robust_lists_params *rbp)
4701 struct umtx_robust_lists_params_compat32 rb32;
4704 if (size > sizeof(rb32))
4706 bzero(&rb32, sizeof(rb32));
4707 error = copyin(uaddr, &rb32, size);
4710 CP(rb32, *rbp, robust_list_offset);
4711 CP(rb32, *rbp, robust_priv_list_offset);
4712 CP(rb32, *rbp, robust_inact_offset);
4718 umtx_copyin_timeouti386(const void *uaddr, struct timespec *tsp)
4720 struct timespeci386 ts32;
4723 error = copyin(uaddr, &ts32, sizeof(ts32));
4725 if (!timespecvalid_interval(&ts32))
4728 CP(ts32, *tsp, tv_sec);
4729 CP(ts32, *tsp, tv_nsec);
4736 umtx_copyin_umtx_timei386(const void *uaddr, size_t size, struct _umtx_time *tp)
4738 struct umtx_timei386 t32;
4741 t32._clockid = CLOCK_REALTIME;
4743 if (size <= sizeof(t32._timeout))
4744 error = copyin(uaddr, &t32._timeout, sizeof(t32._timeout));
4746 error = copyin(uaddr, &t32, sizeof(t32));
4749 if (!timespecvalid_interval(&t32._timeout))
4751 TS_CP(t32, *tp, _timeout);
4752 CP(t32, *tp, _flags);
4753 CP(t32, *tp, _clockid);
4758 umtx_copyout_timeouti386(void *uaddr, size_t sz, struct timespec *tsp)
4760 struct timespeci386 remain32 = {
4761 .tv_sec = tsp->tv_sec,
4762 .tv_nsec = tsp->tv_nsec,
4766 * Should be guaranteed by the caller, sz == uaddr1 - sizeof(_umtx_time)
4767 * and we're only called if sz >= sizeof(timespec) as supplied in the
4770 KASSERT(sz >= sizeof(remain32),
4771 ("umtx_copyops specifies incorrect sizes"));
4773 return (copyout(&remain32, uaddr, sizeof(remain32)));
4775 #endif /* !__i386__ */
4777 #if defined(__i386__) || defined(__LP64__)
4779 umtx_copyin_timeoutx32(const void *uaddr, struct timespec *tsp)
4781 struct timespecx32 ts32;
4784 error = copyin(uaddr, &ts32, sizeof(ts32));
4786 if (!timespecvalid_interval(&ts32))
4789 CP(ts32, *tsp, tv_sec);
4790 CP(ts32, *tsp, tv_nsec);
4797 umtx_copyin_umtx_timex32(const void *uaddr, size_t size, struct _umtx_time *tp)
4799 struct umtx_timex32 t32;
4802 t32._clockid = CLOCK_REALTIME;
4804 if (size <= sizeof(t32._timeout))
4805 error = copyin(uaddr, &t32._timeout, sizeof(t32._timeout));
4807 error = copyin(uaddr, &t32, sizeof(t32));
4810 if (!timespecvalid_interval(&t32._timeout))
4812 TS_CP(t32, *tp, _timeout);
4813 CP(t32, *tp, _flags);
4814 CP(t32, *tp, _clockid);
4819 umtx_copyout_timeoutx32(void *uaddr, size_t sz, struct timespec *tsp)
4821 struct timespecx32 remain32 = {
4822 .tv_sec = tsp->tv_sec,
4823 .tv_nsec = tsp->tv_nsec,
4827 * Should be guaranteed by the caller, sz == uaddr1 - sizeof(_umtx_time)
4828 * and we're only called if sz >= sizeof(timespec) as supplied in the
4831 KASSERT(sz >= sizeof(remain32),
4832 ("umtx_copyops specifies incorrect sizes"));
4834 return (copyout(&remain32, uaddr, sizeof(remain32)));
4836 #endif /* __i386__ || __LP64__ */
4838 typedef int (*_umtx_op_func)(struct thread *td, struct _umtx_op_args *uap,
4839 const struct umtx_copyops *umtx_ops);
4841 static const _umtx_op_func op_table[] = {
4842 #ifdef COMPAT_FREEBSD10
4843 [UMTX_OP_LOCK] = __umtx_op_lock_umtx,
4844 [UMTX_OP_UNLOCK] = __umtx_op_unlock_umtx,
4846 [UMTX_OP_LOCK] = __umtx_op_unimpl,
4847 [UMTX_OP_UNLOCK] = __umtx_op_unimpl,
4849 [UMTX_OP_WAIT] = __umtx_op_wait,
4850 [UMTX_OP_WAKE] = __umtx_op_wake,
4851 [UMTX_OP_MUTEX_TRYLOCK] = __umtx_op_trylock_umutex,
4852 [UMTX_OP_MUTEX_LOCK] = __umtx_op_lock_umutex,
4853 [UMTX_OP_MUTEX_UNLOCK] = __umtx_op_unlock_umutex,
4854 [UMTX_OP_SET_CEILING] = __umtx_op_set_ceiling,
4855 [UMTX_OP_CV_WAIT] = __umtx_op_cv_wait,
4856 [UMTX_OP_CV_SIGNAL] = __umtx_op_cv_signal,
4857 [UMTX_OP_CV_BROADCAST] = __umtx_op_cv_broadcast,
4858 [UMTX_OP_WAIT_UINT] = __umtx_op_wait_uint,
4859 [UMTX_OP_RW_RDLOCK] = __umtx_op_rw_rdlock,
4860 [UMTX_OP_RW_WRLOCK] = __umtx_op_rw_wrlock,
4861 [UMTX_OP_RW_UNLOCK] = __umtx_op_rw_unlock,
4862 [UMTX_OP_WAIT_UINT_PRIVATE] = __umtx_op_wait_uint_private,
4863 [UMTX_OP_WAKE_PRIVATE] = __umtx_op_wake_private,
4864 [UMTX_OP_MUTEX_WAIT] = __umtx_op_wait_umutex,
4865 [UMTX_OP_MUTEX_WAKE] = __umtx_op_wake_umutex,
4866 #if defined(COMPAT_FREEBSD9) || defined(COMPAT_FREEBSD10)
4867 [UMTX_OP_SEM_WAIT] = __umtx_op_sem_wait,
4868 [UMTX_OP_SEM_WAKE] = __umtx_op_sem_wake,
4870 [UMTX_OP_SEM_WAIT] = __umtx_op_unimpl,
4871 [UMTX_OP_SEM_WAKE] = __umtx_op_unimpl,
4873 [UMTX_OP_NWAKE_PRIVATE] = __umtx_op_nwake_private,
4874 [UMTX_OP_MUTEX_WAKE2] = __umtx_op_wake2_umutex,
4875 [UMTX_OP_SEM2_WAIT] = __umtx_op_sem2_wait,
4876 [UMTX_OP_SEM2_WAKE] = __umtx_op_sem2_wake,
4877 [UMTX_OP_SHM] = __umtx_op_shm,
4878 [UMTX_OP_ROBUST_LISTS] = __umtx_op_robust_lists,
4879 [UMTX_OP_GET_MIN_TIMEOUT] = __umtx_op_get_min_timeout,
4880 [UMTX_OP_SET_MIN_TIMEOUT] = __umtx_op_set_min_timeout,
4883 static const struct umtx_copyops umtx_native_ops = {
4884 .copyin_timeout = umtx_copyin_timeout,
4885 .copyin_umtx_time = umtx_copyin_umtx_time,
4886 .copyin_robust_lists = umtx_copyin_robust_lists,
4887 .copyout_timeout = umtx_copyout_timeout,
4888 .timespec_sz = sizeof(struct timespec),
4889 .umtx_time_sz = sizeof(struct _umtx_time),
4893 static const struct umtx_copyops umtx_native_opsi386 = {
4894 .copyin_timeout = umtx_copyin_timeouti386,
4895 .copyin_umtx_time = umtx_copyin_umtx_timei386,
4896 .copyin_robust_lists = umtx_copyin_robust_lists32,
4897 .copyout_timeout = umtx_copyout_timeouti386,
4898 .timespec_sz = sizeof(struct timespeci386),
4899 .umtx_time_sz = sizeof(struct umtx_timei386),
4904 #if defined(__i386__) || defined(__LP64__)
4905 /* i386 can emulate other 32-bit archs, too! */
4906 static const struct umtx_copyops umtx_native_opsx32 = {
4907 .copyin_timeout = umtx_copyin_timeoutx32,
4908 .copyin_umtx_time = umtx_copyin_umtx_timex32,
4909 .copyin_robust_lists = umtx_copyin_robust_lists32,
4910 .copyout_timeout = umtx_copyout_timeoutx32,
4911 .timespec_sz = sizeof(struct timespecx32),
4912 .umtx_time_sz = sizeof(struct umtx_timex32),
4916 #ifdef COMPAT_FREEBSD32
4918 #define umtx_native_ops32 umtx_native_opsi386
4920 #define umtx_native_ops32 umtx_native_opsx32
4922 #endif /* COMPAT_FREEBSD32 */
4923 #endif /* __i386__ || __LP64__ */
4925 #define UMTX_OP__FLAGS (UMTX_OP__32BIT | UMTX_OP__I386)
4928 kern__umtx_op(struct thread *td, void *obj, int op, unsigned long val,
4929 void *uaddr1, void *uaddr2, const struct umtx_copyops *ops)
4931 struct _umtx_op_args uap = {
4933 .op = op & ~UMTX_OP__FLAGS,
4939 if ((uap.op >= nitems(op_table)))
4941 return ((*op_table[uap.op])(td, &uap, ops));
4945 sys__umtx_op(struct thread *td, struct _umtx_op_args *uap)
4947 static const struct umtx_copyops *umtx_ops;
4949 umtx_ops = &umtx_native_ops;
4951 if ((uap->op & (UMTX_OP__32BIT | UMTX_OP__I386)) != 0) {
4952 if ((uap->op & UMTX_OP__I386) != 0)
4953 umtx_ops = &umtx_native_opsi386;
4955 umtx_ops = &umtx_native_opsx32;
4957 #elif !defined(__i386__)
4958 /* We consider UMTX_OP__32BIT a nop on !i386 ILP32. */
4959 if ((uap->op & UMTX_OP__I386) != 0)
4960 umtx_ops = &umtx_native_opsi386;
4962 /* Likewise, UMTX_OP__I386 is a nop on i386. */
4963 if ((uap->op & UMTX_OP__32BIT) != 0)
4964 umtx_ops = &umtx_native_opsx32;
4966 return (kern__umtx_op(td, uap->obj, uap->op, uap->val, uap->uaddr1,
4967 uap->uaddr2, umtx_ops));
4970 #ifdef COMPAT_FREEBSD32
4971 #ifdef COMPAT_FREEBSD10
4973 freebsd10_freebsd32__umtx_lock(struct thread *td,
4974 struct freebsd10_freebsd32__umtx_lock_args *uap)
4976 return (do_lock_umtx32(td, (uint32_t *)uap->umtx, td->td_tid, NULL));
4980 freebsd10_freebsd32__umtx_unlock(struct thread *td,
4981 struct freebsd10_freebsd32__umtx_unlock_args *uap)
4983 return (do_unlock_umtx32(td, (uint32_t *)uap->umtx, td->td_tid));
4985 #endif /* COMPAT_FREEBSD10 */
4988 freebsd32__umtx_op(struct thread *td, struct freebsd32__umtx_op_args *uap)
4991 return (kern__umtx_op(td, uap->obj, uap->op, uap->val, uap->uaddr1,
4992 uap->uaddr2, &umtx_native_ops32));
4994 #endif /* COMPAT_FREEBSD32 */
4997 umtx_thread_init(struct thread *td)
5000 td->td_umtxq = umtxq_alloc();
5001 td->td_umtxq->uq_thread = td;
5005 umtx_thread_fini(struct thread *td)
5008 umtxq_free(td->td_umtxq);
5012 * It will be called when new thread is created, e.g fork().
5015 umtx_thread_alloc(struct thread *td)
5020 uq->uq_inherited_pri = PRI_MAX;
5022 KASSERT(uq->uq_flags == 0, ("uq_flags != 0"));
5023 KASSERT(uq->uq_thread == td, ("uq_thread != td"));
5024 KASSERT(uq->uq_pi_blocked == NULL, ("uq_pi_blocked != NULL"));
5025 KASSERT(TAILQ_EMPTY(&uq->uq_pi_contested), ("uq_pi_contested is not empty"));
5031 * Clear robust lists for all process' threads, not delaying the
5032 * cleanup to thread exit, since the relevant address space is
5033 * destroyed right now.
5036 umtx_exec(struct proc *p)
5040 KASSERT(p == curproc, ("need curproc"));
5041 KASSERT((p->p_flag & P_HADTHREADS) == 0 ||
5042 (p->p_flag & P_STOPPED_SINGLE) != 0,
5043 ("curproc must be single-threaded"));
5045 * There is no need to lock the list as only this thread can be
5048 FOREACH_THREAD_IN_PROC(p, td) {
5049 KASSERT(td == curthread ||
5050 ((td->td_flags & TDF_BOUNDARY) != 0 && TD_IS_SUSPENDED(td)),
5051 ("running thread %p %p", p, td));
5052 umtx_thread_cleanup(td);
5053 td->td_rb_list = td->td_rbp_list = td->td_rb_inact = 0;
5056 p->p_umtx_min_timeout = 0;
5063 umtx_thread_exit(struct thread *td)
5066 umtx_thread_cleanup(td);
5070 umtx_read_uptr(struct thread *td, uintptr_t ptr, uintptr_t *res, bool compat32)
5077 error = fueword32((void *)ptr, &res32);
5081 error = fueword((void *)ptr, &res1);
5091 umtx_read_rb_list(struct thread *td, struct umutex *m, uintptr_t *rb_list,
5094 struct umutex32 m32;
5097 memcpy(&m32, m, sizeof(m32));
5098 *rb_list = m32.m_rb_lnk;
5100 *rb_list = m->m_rb_lnk;
5105 umtx_handle_rb(struct thread *td, uintptr_t rbp, uintptr_t *rb_list, bool inact,
5111 KASSERT(td->td_proc == curproc, ("need current vmspace"));
5112 error = copyin((void *)rbp, &m, sizeof(m));
5115 if (rb_list != NULL)
5116 umtx_read_rb_list(td, &m, rb_list, compat32);
5117 if ((m.m_flags & UMUTEX_ROBUST) == 0)
5119 if ((m.m_owner & ~UMUTEX_CONTESTED) != td->td_tid)
5120 /* inact is cleared after unlock, allow the inconsistency */
5121 return (inact ? 0 : EINVAL);
5122 return (do_unlock_umutex(td, (struct umutex *)rbp, true));
5126 umtx_cleanup_rb_list(struct thread *td, uintptr_t rb_list, uintptr_t *rb_inact,
5127 const char *name, bool compat32)
5135 error = umtx_read_uptr(td, rb_list, &rbp, compat32);
5136 for (i = 0; error == 0 && rbp != 0 && i < umtx_max_rb; i++) {
5137 if (rbp == *rb_inact) {
5142 error = umtx_handle_rb(td, rbp, &rbp, inact, compat32);
5144 if (i == umtx_max_rb && umtx_verbose_rb) {
5145 uprintf("comm %s pid %d: reached umtx %smax rb %d\n",
5146 td->td_proc->p_comm, td->td_proc->p_pid, name, umtx_max_rb);
5148 if (error != 0 && umtx_verbose_rb) {
5149 uprintf("comm %s pid %d: handling %srb error %d\n",
5150 td->td_proc->p_comm, td->td_proc->p_pid, name, error);
5155 * Clean up umtx data.
5158 umtx_thread_cleanup(struct thread *td)
5166 * Disown pi mutexes.
5170 if (uq->uq_inherited_pri != PRI_MAX ||
5171 !TAILQ_EMPTY(&uq->uq_pi_contested)) {
5172 mtx_lock(&umtx_lock);
5173 uq->uq_inherited_pri = PRI_MAX;
5174 while ((pi = TAILQ_FIRST(&uq->uq_pi_contested)) != NULL) {
5175 pi->pi_owner = NULL;
5176 TAILQ_REMOVE(&uq->uq_pi_contested, pi, pi_link);
5178 mtx_unlock(&umtx_lock);
5180 sched_lend_user_prio_cond(td, PRI_MAX);
5183 compat32 = (td->td_pflags2 & TDP2_COMPAT32RB) != 0;
5184 td->td_pflags2 &= ~TDP2_COMPAT32RB;
5186 if (td->td_rb_inact == 0 && td->td_rb_list == 0 && td->td_rbp_list == 0)
5190 * Handle terminated robust mutexes. Must be done after
5191 * robust pi disown, otherwise unlock could see unowned
5194 rb_inact = td->td_rb_inact;
5196 (void)umtx_read_uptr(td, rb_inact, &rb_inact, compat32);
5197 umtx_cleanup_rb_list(td, td->td_rb_list, &rb_inact, "", compat32);
5198 umtx_cleanup_rb_list(td, td->td_rbp_list, &rb_inact, "priv ", compat32);
5200 (void)umtx_handle_rb(td, rb_inact, NULL, true, compat32);
projects / FreeBSD / FreeBSD.git / blob