2 * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
4 * Copyright (c) 2015, 2016 The FreeBSD Foundation
5 * Copyright (c) 2004, David Xu <davidxu@freebsd.org>
6 * Copyright (c) 2002, Jeffrey Roberson <jeff@freebsd.org>
9 * Portions of this software were developed by Konstantin Belousov
10 * under sponsorship from the FreeBSD Foundation.
12 * Redistribution and use in source and binary forms, with or without
13 * modification, are permitted provided that the following conditions
15 * 1. Redistributions of source code must retain the above copyright
16 * notice unmodified, this list of conditions, and the following
18 * 2. Redistributions in binary form must reproduce the above copyright
19 * notice, this list of conditions and the following disclaimer in the
20 * documentation and/or other materials provided with the distribution.
22 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
23 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
24 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
25 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
26 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
27 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
28 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
29 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
30 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
31 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
34 #include <sys/cdefs.h>
35 __FBSDID("$FreeBSD$");
37 #include "opt_umtx_profiling.h"
39 #include <sys/param.h>
40 #include <sys/kernel.h>
41 #include <sys/fcntl.h>
43 #include <sys/filedesc.h>
44 #include <sys/limits.h>
46 #include <sys/malloc.h>
48 #include <sys/mutex.h>
51 #include <sys/resource.h>
52 #include <sys/resourcevar.h>
53 #include <sys/rwlock.h>
55 #include <sys/sched.h>
57 #include <sys/sysctl.h>
58 #include <sys/sysent.h>
59 #include <sys/systm.h>
60 #include <sys/sysproto.h>
61 #include <sys/syscallsubr.h>
62 #include <sys/taskqueue.h>
64 #include <sys/eventhandler.h>
66 #include <sys/umtxvar.h>
68 #include <security/mac/mac_framework.h>
71 #include <vm/vm_param.h>
73 #include <vm/vm_map.h>
74 #include <vm/vm_object.h>
76 #include <machine/atomic.h>
77 #include <machine/cpu.h>
79 #include <compat/freebsd32/freebsd32.h>
80 #ifdef COMPAT_FREEBSD32
81 #include <compat/freebsd32/freebsd32_proto.h>
85 #define _UMUTEX_WAIT 2
88 #define UPROF_PERC_BIGGER(w, f, sw, sf) \
89 (((w) > (sw)) || ((w) == (sw) && (f) > (sf)))
92 #define UMTXQ_LOCKED_ASSERT(uc) mtx_assert(&(uc)->uc_lock, MA_OWNED)
95 * Don't propagate time-sharing priority, there is a security reason,
96 * a user can simply introduce PI-mutex, let thread A lock the mutex,
97 * and let another thread B block on the mutex, because B is
98 * sleeping, its priority will be boosted, this causes A's priority to
99 * be boosted via priority propagating too and will never be lowered even
100 * if it is using 100%CPU, this is unfair to other processes.
103 #define UPRI(td) (((td)->td_user_pri >= PRI_MIN_TIMESHARE &&\
104 (td)->td_user_pri <= PRI_MAX_TIMESHARE) ?\
105 PRI_MAX_TIMESHARE : (td)->td_user_pri)
107 #define GOLDEN_RATIO_PRIME 2654404609U
109 #define UMTX_CHAINS 512
111 #define UMTX_SHIFTS (__WORD_BIT - 9)
113 #define GET_SHARE(flags) \
114 (((flags) & USYNC_PROCESS_SHARED) == 0 ? THREAD_SHARE : PROCESS_SHARE)
116 #define BUSY_SPINS 200
118 struct umtx_copyops {
119 int (*copyin_timeout)(const void *uaddr, struct timespec *tsp);
120 int (*copyin_umtx_time)(const void *uaddr, size_t size,
121 struct _umtx_time *tp);
122 int (*copyin_robust_lists)(const void *uaddr, size_t size,
123 struct umtx_robust_lists_params *rbp);
124 int (*copyout_timeout)(void *uaddr, size_t size,
125 struct timespec *tsp);
126 const size_t timespec_sz;
127 const size_t umtx_time_sz;
131 _Static_assert(sizeof(struct umutex) == sizeof(struct umutex32), "umutex32");
132 _Static_assert(__offsetof(struct umutex, m_spare[0]) ==
133 __offsetof(struct umutex32, m_spare[0]), "m_spare32");
135 int umtx_shm_vnobj_persistent = 0;
136 SYSCTL_INT(_kern_ipc, OID_AUTO, umtx_vnode_persistent, CTLFLAG_RWTUN,
137 &umtx_shm_vnobj_persistent, 0,
138 "False forces destruction of umtx attached to file, on last close");
139 static int umtx_max_rb = 1000;
140 SYSCTL_INT(_kern_ipc, OID_AUTO, umtx_max_robust, CTLFLAG_RWTUN,
142 "Maximum number of robust mutexes allowed for each thread");
144 static uma_zone_t umtx_pi_zone;
145 static struct umtxq_chain umtxq_chains[2][UMTX_CHAINS];
146 static MALLOC_DEFINE(M_UMTX, "umtx", "UMTX queue memory");
147 static int umtx_pi_allocated;
149 static SYSCTL_NODE(_debug, OID_AUTO, umtx, CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
151 SYSCTL_INT(_debug_umtx, OID_AUTO, umtx_pi_allocated, CTLFLAG_RD,
152 &umtx_pi_allocated, 0, "Allocated umtx_pi");
153 static int umtx_verbose_rb = 1;
154 SYSCTL_INT(_debug_umtx, OID_AUTO, robust_faults_verbose, CTLFLAG_RWTUN,
158 #ifdef UMTX_PROFILING
159 static long max_length;
160 SYSCTL_LONG(_debug_umtx, OID_AUTO, max_length, CTLFLAG_RD, &max_length, 0, "max_length");
161 static SYSCTL_NODE(_debug_umtx, OID_AUTO, chains, CTLFLAG_RD | CTLFLAG_MPSAFE, 0,
165 static inline void umtx_abs_timeout_init2(struct umtx_abs_timeout *timo,
166 const struct _umtx_time *umtxtime);
167 static int umtx_abs_timeout_gethz(struct umtx_abs_timeout *timo);
168 static inline void umtx_abs_timeout_update(struct umtx_abs_timeout *timo);
170 static void umtx_shm_init(void);
171 static void umtxq_sysinit(void *);
172 static void umtxq_hash(struct umtx_key *key);
173 static struct umtx_pi *umtx_pi_alloc(int);
174 static void umtx_pi_free(struct umtx_pi *pi);
175 static int do_unlock_pp(struct thread *td, struct umutex *m, uint32_t flags,
177 static void umtx_thread_cleanup(struct thread *td);
178 SYSINIT(umtx, SI_SUB_EVENTHANDLER+1, SI_ORDER_MIDDLE, umtxq_sysinit, NULL);
180 #define umtxq_signal(key, nwake) umtxq_signal_queue((key), (nwake), UMTX_SHARED_QUEUE)
182 static struct mtx umtx_lock;
184 #ifdef UMTX_PROFILING
186 umtx_init_profiling(void)
188 struct sysctl_oid *chain_oid;
192 for (i = 0; i < UMTX_CHAINS; ++i) {
193 snprintf(chain_name, sizeof(chain_name), "%d", i);
194 chain_oid = SYSCTL_ADD_NODE(NULL,
195 SYSCTL_STATIC_CHILDREN(_debug_umtx_chains), OID_AUTO,
196 chain_name, CTLFLAG_RD | CTLFLAG_MPSAFE, NULL,
198 SYSCTL_ADD_INT(NULL, SYSCTL_CHILDREN(chain_oid), OID_AUTO,
199 "max_length0", CTLFLAG_RD, &umtxq_chains[0][i].max_length, 0, NULL);
200 SYSCTL_ADD_INT(NULL, SYSCTL_CHILDREN(chain_oid), OID_AUTO,
201 "max_length1", CTLFLAG_RD, &umtxq_chains[1][i].max_length, 0, NULL);
206 sysctl_debug_umtx_chains_peaks(SYSCTL_HANDLER_ARGS)
210 struct umtxq_chain *uc;
211 u_int fract, i, j, tot, whole;
212 u_int sf0, sf1, sf2, sf3, sf4;
213 u_int si0, si1, si2, si3, si4;
214 u_int sw0, sw1, sw2, sw3, sw4;
216 sbuf_new(&sb, buf, sizeof(buf), SBUF_FIXEDLEN);
217 for (i = 0; i < 2; i++) {
219 for (j = 0; j < UMTX_CHAINS; ++j) {
220 uc = &umtxq_chains[i][j];
221 mtx_lock(&uc->uc_lock);
222 tot += uc->max_length;
223 mtx_unlock(&uc->uc_lock);
226 sbuf_printf(&sb, "%u) Empty ", i);
228 sf0 = sf1 = sf2 = sf3 = sf4 = 0;
229 si0 = si1 = si2 = si3 = si4 = 0;
230 sw0 = sw1 = sw2 = sw3 = sw4 = 0;
231 for (j = 0; j < UMTX_CHAINS; j++) {
232 uc = &umtxq_chains[i][j];
233 mtx_lock(&uc->uc_lock);
234 whole = uc->max_length * 100;
235 mtx_unlock(&uc->uc_lock);
236 fract = (whole % tot) * 100;
237 if (UPROF_PERC_BIGGER(whole, fract, sw0, sf0)) {
241 } else if (UPROF_PERC_BIGGER(whole, fract, sw1,
246 } else if (UPROF_PERC_BIGGER(whole, fract, sw2,
251 } else if (UPROF_PERC_BIGGER(whole, fract, sw3,
256 } else if (UPROF_PERC_BIGGER(whole, fract, sw4,
263 sbuf_printf(&sb, "queue %u:\n", i);
264 sbuf_printf(&sb, "1st: %u.%u%% idx: %u\n", sw0 / tot,
266 sbuf_printf(&sb, "2nd: %u.%u%% idx: %u\n", sw1 / tot,
268 sbuf_printf(&sb, "3rd: %u.%u%% idx: %u\n", sw2 / tot,
270 sbuf_printf(&sb, "4th: %u.%u%% idx: %u\n", sw3 / tot,
272 sbuf_printf(&sb, "5th: %u.%u%% idx: %u\n", sw4 / tot,
278 sysctl_handle_string(oidp, sbuf_data(&sb), sbuf_len(&sb), req);
284 sysctl_debug_umtx_chains_clear(SYSCTL_HANDLER_ARGS)
286 struct umtxq_chain *uc;
291 error = sysctl_handle_int(oidp, &clear, 0, req);
292 if (error != 0 || req->newptr == NULL)
296 for (i = 0; i < 2; ++i) {
297 for (j = 0; j < UMTX_CHAINS; ++j) {
298 uc = &umtxq_chains[i][j];
299 mtx_lock(&uc->uc_lock);
302 mtx_unlock(&uc->uc_lock);
309 SYSCTL_PROC(_debug_umtx_chains, OID_AUTO, clear,
310 CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE, 0, 0,
311 sysctl_debug_umtx_chains_clear, "I",
312 "Clear umtx chains statistics");
313 SYSCTL_PROC(_debug_umtx_chains, OID_AUTO, peaks,
314 CTLTYPE_STRING | CTLFLAG_RD | CTLFLAG_MPSAFE, 0, 0,
315 sysctl_debug_umtx_chains_peaks, "A",
316 "Highest peaks in chains max length");
320 umtxq_sysinit(void *arg __unused)
324 umtx_pi_zone = uma_zcreate("umtx pi", sizeof(struct umtx_pi),
325 NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, 0);
326 for (i = 0; i < 2; ++i) {
327 for (j = 0; j < UMTX_CHAINS; ++j) {
328 mtx_init(&umtxq_chains[i][j].uc_lock, "umtxql", NULL,
329 MTX_DEF | MTX_DUPOK);
330 LIST_INIT(&umtxq_chains[i][j].uc_queue[0]);
331 LIST_INIT(&umtxq_chains[i][j].uc_queue[1]);
332 LIST_INIT(&umtxq_chains[i][j].uc_spare_queue);
333 TAILQ_INIT(&umtxq_chains[i][j].uc_pi_list);
334 umtxq_chains[i][j].uc_busy = 0;
335 umtxq_chains[i][j].uc_waiters = 0;
336 #ifdef UMTX_PROFILING
337 umtxq_chains[i][j].length = 0;
338 umtxq_chains[i][j].max_length = 0;
342 #ifdef UMTX_PROFILING
343 umtx_init_profiling();
345 mtx_init(&umtx_lock, "umtx lock", NULL, MTX_DEF);
354 uq = malloc(sizeof(struct umtx_q), M_UMTX, M_WAITOK | M_ZERO);
355 uq->uq_spare_queue = malloc(sizeof(struct umtxq_queue), M_UMTX,
357 TAILQ_INIT(&uq->uq_spare_queue->head);
358 TAILQ_INIT(&uq->uq_pi_contested);
359 uq->uq_inherited_pri = PRI_MAX;
364 umtxq_free(struct umtx_q *uq)
367 MPASS(uq->uq_spare_queue != NULL);
368 free(uq->uq_spare_queue, M_UMTX);
373 umtxq_hash(struct umtx_key *key)
377 n = (uintptr_t)key->info.both.a + key->info.both.b;
378 key->hash = ((n * GOLDEN_RATIO_PRIME) >> UMTX_SHIFTS) % UMTX_CHAINS;
382 umtxq_getchain(struct umtx_key *key)
385 if (key->type <= TYPE_SEM)
386 return (&umtxq_chains[1][key->hash]);
387 return (&umtxq_chains[0][key->hash]);
391 * Set chain to busy state when following operation
392 * may be blocked (kernel mutex can not be used).
395 umtxq_busy(struct umtx_key *key)
397 struct umtxq_chain *uc;
399 uc = umtxq_getchain(key);
400 mtx_assert(&uc->uc_lock, MA_OWNED);
404 int count = BUSY_SPINS;
407 while (uc->uc_busy && --count > 0)
413 while (uc->uc_busy) {
415 msleep(uc, &uc->uc_lock, 0, "umtxqb", 0);
426 umtxq_unbusy(struct umtx_key *key)
428 struct umtxq_chain *uc;
430 uc = umtxq_getchain(key);
431 mtx_assert(&uc->uc_lock, MA_OWNED);
432 KASSERT(uc->uc_busy != 0, ("not busy"));
439 umtxq_unbusy_unlocked(struct umtx_key *key)
447 static struct umtxq_queue *
448 umtxq_queue_lookup(struct umtx_key *key, int q)
450 struct umtxq_queue *uh;
451 struct umtxq_chain *uc;
453 uc = umtxq_getchain(key);
454 UMTXQ_LOCKED_ASSERT(uc);
455 LIST_FOREACH(uh, &uc->uc_queue[q], link) {
456 if (umtx_key_match(&uh->key, key))
464 umtxq_insert_queue(struct umtx_q *uq, int q)
466 struct umtxq_queue *uh;
467 struct umtxq_chain *uc;
469 uc = umtxq_getchain(&uq->uq_key);
470 UMTXQ_LOCKED_ASSERT(uc);
471 KASSERT((uq->uq_flags & UQF_UMTXQ) == 0, ("umtx_q is already on queue"));
472 uh = umtxq_queue_lookup(&uq->uq_key, q);
474 LIST_INSERT_HEAD(&uc->uc_spare_queue, uq->uq_spare_queue, link);
476 uh = uq->uq_spare_queue;
477 uh->key = uq->uq_key;
478 LIST_INSERT_HEAD(&uc->uc_queue[q], uh, link);
479 #ifdef UMTX_PROFILING
481 if (uc->length > uc->max_length) {
482 uc->max_length = uc->length;
483 if (uc->max_length > max_length)
484 max_length = uc->max_length;
488 uq->uq_spare_queue = NULL;
490 TAILQ_INSERT_TAIL(&uh->head, uq, uq_link);
492 uq->uq_flags |= UQF_UMTXQ;
493 uq->uq_cur_queue = uh;
498 umtxq_remove_queue(struct umtx_q *uq, int q)
500 struct umtxq_chain *uc;
501 struct umtxq_queue *uh;
503 uc = umtxq_getchain(&uq->uq_key);
504 UMTXQ_LOCKED_ASSERT(uc);
505 if (uq->uq_flags & UQF_UMTXQ) {
506 uh = uq->uq_cur_queue;
507 TAILQ_REMOVE(&uh->head, uq, uq_link);
509 uq->uq_flags &= ~UQF_UMTXQ;
510 if (TAILQ_EMPTY(&uh->head)) {
511 KASSERT(uh->length == 0,
512 ("inconsistent umtxq_queue length"));
513 #ifdef UMTX_PROFILING
516 LIST_REMOVE(uh, link);
518 uh = LIST_FIRST(&uc->uc_spare_queue);
519 KASSERT(uh != NULL, ("uc_spare_queue is empty"));
520 LIST_REMOVE(uh, link);
522 uq->uq_spare_queue = uh;
523 uq->uq_cur_queue = NULL;
528 * Check if there are multiple waiters
531 umtxq_count(struct umtx_key *key)
533 struct umtxq_queue *uh;
535 UMTXQ_LOCKED_ASSERT(umtxq_getchain(key));
536 uh = umtxq_queue_lookup(key, UMTX_SHARED_QUEUE);
543 * Check if there are multiple PI waiters and returns first
547 umtxq_count_pi(struct umtx_key *key, struct umtx_q **first)
549 struct umtxq_queue *uh;
552 UMTXQ_LOCKED_ASSERT(umtxq_getchain(key));
553 uh = umtxq_queue_lookup(key, UMTX_SHARED_QUEUE);
555 *first = TAILQ_FIRST(&uh->head);
562 * Wake up threads waiting on an userland object by a bit mask.
565 umtxq_signal_mask(struct umtx_key *key, int n_wake, u_int bitset)
567 struct umtxq_queue *uh;
568 struct umtx_q *uq, *uq_temp;
572 UMTXQ_LOCKED_ASSERT(umtxq_getchain(key));
573 uh = umtxq_queue_lookup(key, UMTX_SHARED_QUEUE);
576 TAILQ_FOREACH_SAFE(uq, &uh->head, uq_link, uq_temp) {
577 if ((uq->uq_bitset & bitset) == 0)
579 umtxq_remove_queue(uq, UMTX_SHARED_QUEUE);
588 * Wake up threads waiting on an userland object.
592 umtxq_signal_queue(struct umtx_key *key, int n_wake, int q)
594 struct umtxq_queue *uh;
599 UMTXQ_LOCKED_ASSERT(umtxq_getchain(key));
600 uh = umtxq_queue_lookup(key, q);
602 while ((uq = TAILQ_FIRST(&uh->head)) != NULL) {
603 umtxq_remove_queue(uq, q);
613 * Wake up specified thread.
616 umtxq_signal_thread(struct umtx_q *uq)
619 UMTXQ_LOCKED_ASSERT(umtxq_getchain(&uq->uq_key));
625 tstohz(const struct timespec *tsp)
629 TIMESPEC_TO_TIMEVAL(&tv, tsp);
634 umtx_abs_timeout_init(struct umtx_abs_timeout *timo, int clockid,
635 int absolute, const struct timespec *timeout)
638 timo->clockid = clockid;
640 timo->is_abs_real = false;
641 umtx_abs_timeout_update(timo);
642 timespecadd(&timo->cur, timeout, &timo->end);
644 timo->end = *timeout;
645 timo->is_abs_real = clockid == CLOCK_REALTIME ||
646 clockid == CLOCK_REALTIME_FAST ||
647 clockid == CLOCK_REALTIME_PRECISE;
649 * If is_abs_real, umtxq_sleep will read the clock
650 * after setting td_rtcgen; otherwise, read it here.
652 if (!timo->is_abs_real) {
653 umtx_abs_timeout_update(timo);
659 umtx_abs_timeout_init2(struct umtx_abs_timeout *timo,
660 const struct _umtx_time *umtxtime)
663 umtx_abs_timeout_init(timo, umtxtime->_clockid,
664 (umtxtime->_flags & UMTX_ABSTIME) != 0, &umtxtime->_timeout);
668 umtx_abs_timeout_update(struct umtx_abs_timeout *timo)
671 kern_clock_gettime(curthread, timo->clockid, &timo->cur);
675 umtx_abs_timeout_gethz(struct umtx_abs_timeout *timo)
679 if (timespeccmp(&timo->end, &timo->cur, <=))
681 timespecsub(&timo->end, &timo->cur, &tts);
682 return (tstohz(&tts));
686 umtx_unlock_val(uint32_t flags, bool rb)
690 return (UMUTEX_RB_OWNERDEAD);
691 else if ((flags & UMUTEX_NONCONSISTENT) != 0)
692 return (UMUTEX_RB_NOTRECOV);
694 return (UMUTEX_UNOWNED);
699 * Put thread into sleep state, before sleeping, check if
700 * thread was removed from umtx queue.
703 umtxq_sleep(struct umtx_q *uq, const char *wmesg,
704 struct umtx_abs_timeout *abstime)
706 struct umtxq_chain *uc;
709 if (abstime != NULL && abstime->is_abs_real) {
710 curthread->td_rtcgen = atomic_load_acq_int(&rtc_generation);
711 umtx_abs_timeout_update(abstime);
714 uc = umtxq_getchain(&uq->uq_key);
715 UMTXQ_LOCKED_ASSERT(uc);
717 if (!(uq->uq_flags & UQF_UMTXQ)) {
721 if (abstime != NULL) {
722 timo = umtx_abs_timeout_gethz(abstime);
729 error = msleep(uq, &uc->uc_lock, PCATCH | PDROP, wmesg, timo);
730 if (error == EINTR || error == ERESTART) {
731 umtxq_lock(&uq->uq_key);
734 if (abstime != NULL) {
735 if (abstime->is_abs_real)
736 curthread->td_rtcgen =
737 atomic_load_acq_int(&rtc_generation);
738 umtx_abs_timeout_update(abstime);
740 umtxq_lock(&uq->uq_key);
743 curthread->td_rtcgen = 0;
748 * Convert userspace address into unique logical address.
751 umtx_key_get(const void *addr, int type, int share, struct umtx_key *key)
753 struct thread *td = curthread;
755 vm_map_entry_t entry;
761 if (share == THREAD_SHARE) {
763 key->info.private.vs = td->td_proc->p_vmspace;
764 key->info.private.addr = (uintptr_t)addr;
766 MPASS(share == PROCESS_SHARE || share == AUTO_SHARE);
767 map = &td->td_proc->p_vmspace->vm_map;
768 if (vm_map_lookup(&map, (vm_offset_t)addr, VM_PROT_WRITE,
769 &entry, &key->info.shared.object, &pindex, &prot,
770 &wired) != KERN_SUCCESS) {
774 if ((share == PROCESS_SHARE) ||
775 (share == AUTO_SHARE &&
776 VM_INHERIT_SHARE == entry->inheritance)) {
778 key->info.shared.offset = (vm_offset_t)addr -
779 entry->start + entry->offset;
780 vm_object_reference(key->info.shared.object);
783 key->info.private.vs = td->td_proc->p_vmspace;
784 key->info.private.addr = (uintptr_t)addr;
786 vm_map_lookup_done(map, entry);
797 umtx_key_release(struct umtx_key *key)
800 vm_object_deallocate(key->info.shared.object);
803 #ifdef COMPAT_FREEBSD10
805 * Lock a umtx object.
808 do_lock_umtx(struct thread *td, struct umtx *umtx, u_long id,
809 const struct timespec *timeout)
811 struct umtx_abs_timeout timo;
819 umtx_abs_timeout_init(&timo, CLOCK_REALTIME, 0, timeout);
822 * Care must be exercised when dealing with umtx structure. It
823 * can fault on any access.
827 * Try the uncontested case. This should be done in userland.
829 owner = casuword(&umtx->u_owner, UMTX_UNOWNED, id);
831 /* The acquire succeeded. */
832 if (owner == UMTX_UNOWNED)
835 /* The address was invalid. */
839 /* If no one owns it but it is contested try to acquire it. */
840 if (owner == UMTX_CONTESTED) {
841 owner = casuword(&umtx->u_owner,
842 UMTX_CONTESTED, id | UMTX_CONTESTED);
844 if (owner == UMTX_CONTESTED)
847 /* The address was invalid. */
851 error = thread_check_susp(td, false);
855 /* If this failed the lock has changed, restart. */
860 * If we caught a signal, we have retried and now
866 if ((error = umtx_key_get(umtx, TYPE_SIMPLE_LOCK,
867 AUTO_SHARE, &uq->uq_key)) != 0)
870 umtxq_lock(&uq->uq_key);
871 umtxq_busy(&uq->uq_key);
873 umtxq_unbusy(&uq->uq_key);
874 umtxq_unlock(&uq->uq_key);
877 * Set the contested bit so that a release in user space
878 * knows to use the system call for unlock. If this fails
879 * either some one else has acquired the lock or it has been
882 old = casuword(&umtx->u_owner, owner, owner | UMTX_CONTESTED);
884 /* The address was invalid. */
886 umtxq_lock(&uq->uq_key);
888 umtxq_unlock(&uq->uq_key);
889 umtx_key_release(&uq->uq_key);
894 * We set the contested bit, sleep. Otherwise the lock changed
895 * and we need to retry or we lost a race to the thread
896 * unlocking the umtx.
898 umtxq_lock(&uq->uq_key);
900 error = umtxq_sleep(uq, "umtx", timeout == NULL ? NULL :
903 umtxq_unlock(&uq->uq_key);
904 umtx_key_release(&uq->uq_key);
907 error = thread_check_susp(td, false);
910 if (timeout == NULL) {
911 /* Mutex locking is restarted if it is interrupted. */
915 /* Timed-locking is not restarted. */
916 if (error == ERESTART)
923 * Unlock a umtx object.
926 do_unlock_umtx(struct thread *td, struct umtx *umtx, u_long id)
935 * Make sure we own this mtx.
937 owner = fuword(__DEVOLATILE(u_long *, &umtx->u_owner));
941 if ((owner & ~UMTX_CONTESTED) != id)
944 /* This should be done in userland */
945 if ((owner & UMTX_CONTESTED) == 0) {
946 old = casuword(&umtx->u_owner, owner, UMTX_UNOWNED);
954 /* We should only ever be in here for contested locks */
955 if ((error = umtx_key_get(umtx, TYPE_SIMPLE_LOCK, AUTO_SHARE,
961 count = umtxq_count(&key);
965 * When unlocking the umtx, it must be marked as unowned if
966 * there is zero or one thread only waiting for it.
967 * Otherwise, it must be marked as contested.
969 old = casuword(&umtx->u_owner, owner,
970 count <= 1 ? UMTX_UNOWNED : UMTX_CONTESTED);
972 umtxq_signal(&key,1);
975 umtx_key_release(&key);
983 #ifdef COMPAT_FREEBSD32
986 * Lock a umtx object.
989 do_lock_umtx32(struct thread *td, uint32_t *m, uint32_t id,
990 const struct timespec *timeout)
992 struct umtx_abs_timeout timo;
1000 if (timeout != NULL)
1001 umtx_abs_timeout_init(&timo, CLOCK_REALTIME, 0, timeout);
1004 * Care must be exercised when dealing with umtx structure. It
1005 * can fault on any access.
1009 * Try the uncontested case. This should be done in userland.
1011 owner = casuword32(m, UMUTEX_UNOWNED, id);
1013 /* The acquire succeeded. */
1014 if (owner == UMUTEX_UNOWNED)
1017 /* The address was invalid. */
1021 /* If no one owns it but it is contested try to acquire it. */
1022 if (owner == UMUTEX_CONTESTED) {
1023 owner = casuword32(m,
1024 UMUTEX_CONTESTED, id | UMUTEX_CONTESTED);
1025 if (owner == UMUTEX_CONTESTED)
1028 /* The address was invalid. */
1032 error = thread_check_susp(td, false);
1036 /* If this failed the lock has changed, restart. */
1041 * If we caught a signal, we have retried and now
1047 if ((error = umtx_key_get(m, TYPE_SIMPLE_LOCK,
1048 AUTO_SHARE, &uq->uq_key)) != 0)
1051 umtxq_lock(&uq->uq_key);
1052 umtxq_busy(&uq->uq_key);
1054 umtxq_unbusy(&uq->uq_key);
1055 umtxq_unlock(&uq->uq_key);
1058 * Set the contested bit so that a release in user space
1059 * knows to use the system call for unlock. If this fails
1060 * either some one else has acquired the lock or it has been
1063 old = casuword32(m, owner, owner | UMUTEX_CONTESTED);
1065 /* The address was invalid. */
1067 umtxq_lock(&uq->uq_key);
1069 umtxq_unlock(&uq->uq_key);
1070 umtx_key_release(&uq->uq_key);
1075 * We set the contested bit, sleep. Otherwise the lock changed
1076 * and we need to retry or we lost a race to the thread
1077 * unlocking the umtx.
1079 umtxq_lock(&uq->uq_key);
1081 error = umtxq_sleep(uq, "umtx", timeout == NULL ?
1084 umtxq_unlock(&uq->uq_key);
1085 umtx_key_release(&uq->uq_key);
1088 error = thread_check_susp(td, false);
1091 if (timeout == NULL) {
1092 /* Mutex locking is restarted if it is interrupted. */
1096 /* Timed-locking is not restarted. */
1097 if (error == ERESTART)
1104 * Unlock a umtx object.
1107 do_unlock_umtx32(struct thread *td, uint32_t *m, uint32_t id)
1109 struct umtx_key key;
1116 * Make sure we own this mtx.
1118 owner = fuword32(m);
1122 if ((owner & ~UMUTEX_CONTESTED) != id)
1125 /* This should be done in userland */
1126 if ((owner & UMUTEX_CONTESTED) == 0) {
1127 old = casuword32(m, owner, UMUTEX_UNOWNED);
1135 /* We should only ever be in here for contested locks */
1136 if ((error = umtx_key_get(m, TYPE_SIMPLE_LOCK, AUTO_SHARE,
1142 count = umtxq_count(&key);
1146 * When unlocking the umtx, it must be marked as unowned if
1147 * there is zero or one thread only waiting for it.
1148 * Otherwise, it must be marked as contested.
1150 old = casuword32(m, owner,
1151 count <= 1 ? UMUTEX_UNOWNED : UMUTEX_CONTESTED);
1153 umtxq_signal(&key,1);
1156 umtx_key_release(&key);
1163 #endif /* COMPAT_FREEBSD32 */
1164 #endif /* COMPAT_FREEBSD10 */
1167 * Fetch and compare value, sleep on the address if value is not changed.
1170 do_wait(struct thread *td, void *addr, u_long id,
1171 struct _umtx_time *timeout, int compat32, int is_private)
1173 struct umtx_abs_timeout timo;
1180 if ((error = umtx_key_get(addr, TYPE_SIMPLE_WAIT,
1181 is_private ? THREAD_SHARE : AUTO_SHARE, &uq->uq_key)) != 0)
1184 if (timeout != NULL)
1185 umtx_abs_timeout_init2(&timo, timeout);
1187 umtxq_lock(&uq->uq_key);
1189 umtxq_unlock(&uq->uq_key);
1190 if (compat32 == 0) {
1191 error = fueword(addr, &tmp);
1195 error = fueword32(addr, &tmp32);
1201 umtxq_lock(&uq->uq_key);
1204 error = umtxq_sleep(uq, "uwait", timeout == NULL ?
1206 if ((uq->uq_flags & UQF_UMTXQ) == 0)
1210 } else if ((uq->uq_flags & UQF_UMTXQ) != 0) {
1213 umtxq_unlock(&uq->uq_key);
1214 umtx_key_release(&uq->uq_key);
1215 if (error == ERESTART)
1221 * Wake up threads sleeping on the specified address.
1224 kern_umtx_wake(struct thread *td, void *uaddr, int n_wake, int is_private)
1226 struct umtx_key key;
1229 if ((ret = umtx_key_get(uaddr, TYPE_SIMPLE_WAIT,
1230 is_private ? THREAD_SHARE : AUTO_SHARE, &key)) != 0)
1233 umtxq_signal(&key, n_wake);
1235 umtx_key_release(&key);
1240 * Lock PTHREAD_PRIO_NONE protocol POSIX mutex.
1243 do_lock_normal(struct thread *td, struct umutex *m, uint32_t flags,
1244 struct _umtx_time *timeout, int mode)
1246 struct umtx_abs_timeout timo;
1248 uint32_t owner, old, id;
1254 if (timeout != NULL)
1255 umtx_abs_timeout_init2(&timo, timeout);
1258 * Care must be exercised when dealing with umtx structure. It
1259 * can fault on any access.
1262 rv = fueword32(&m->m_owner, &owner);
1265 if (mode == _UMUTEX_WAIT) {
1266 if (owner == UMUTEX_UNOWNED ||
1267 owner == UMUTEX_CONTESTED ||
1268 owner == UMUTEX_RB_OWNERDEAD ||
1269 owner == UMUTEX_RB_NOTRECOV)
1273 * Robust mutex terminated. Kernel duty is to
1274 * return EOWNERDEAD to the userspace. The
1275 * umutex.m_flags UMUTEX_NONCONSISTENT is set
1276 * by the common userspace code.
1278 if (owner == UMUTEX_RB_OWNERDEAD) {
1279 rv = casueword32(&m->m_owner,
1280 UMUTEX_RB_OWNERDEAD, &owner,
1281 id | UMUTEX_CONTESTED);
1285 MPASS(owner == UMUTEX_RB_OWNERDEAD);
1286 return (EOWNERDEAD); /* success */
1289 rv = thread_check_susp(td, false);
1294 if (owner == UMUTEX_RB_NOTRECOV)
1295 return (ENOTRECOVERABLE);
1298 * Try the uncontested case. This should be
1301 rv = casueword32(&m->m_owner, UMUTEX_UNOWNED,
1303 /* The address was invalid. */
1307 /* The acquire succeeded. */
1309 MPASS(owner == UMUTEX_UNOWNED);
1314 * If no one owns it but it is contested try
1318 if (owner == UMUTEX_CONTESTED) {
1319 rv = casueword32(&m->m_owner,
1320 UMUTEX_CONTESTED, &owner,
1321 id | UMUTEX_CONTESTED);
1322 /* The address was invalid. */
1326 MPASS(owner == UMUTEX_CONTESTED);
1330 rv = thread_check_susp(td, false);
1336 * If this failed the lock has
1342 /* rv == 1 but not contested, likely store failure */
1343 rv = thread_check_susp(td, false);
1348 if (mode == _UMUTEX_TRY)
1352 * If we caught a signal, we have retried and now
1358 if ((error = umtx_key_get(m, TYPE_NORMAL_UMUTEX,
1359 GET_SHARE(flags), &uq->uq_key)) != 0)
1362 umtxq_lock(&uq->uq_key);
1363 umtxq_busy(&uq->uq_key);
1365 umtxq_unlock(&uq->uq_key);
1368 * Set the contested bit so that a release in user space
1369 * knows to use the system call for unlock. If this fails
1370 * either some one else has acquired the lock or it has been
1373 rv = casueword32(&m->m_owner, owner, &old,
1374 owner | UMUTEX_CONTESTED);
1376 /* The address was invalid or casueword failed to store. */
1377 if (rv == -1 || rv == 1) {
1378 umtxq_lock(&uq->uq_key);
1380 umtxq_unbusy(&uq->uq_key);
1381 umtxq_unlock(&uq->uq_key);
1382 umtx_key_release(&uq->uq_key);
1386 rv = thread_check_susp(td, false);
1394 * We set the contested bit, sleep. Otherwise the lock changed
1395 * and we need to retry or we lost a race to the thread
1396 * unlocking the umtx.
1398 umtxq_lock(&uq->uq_key);
1399 umtxq_unbusy(&uq->uq_key);
1400 MPASS(old == owner);
1401 error = umtxq_sleep(uq, "umtxn", timeout == NULL ?
1404 umtxq_unlock(&uq->uq_key);
1405 umtx_key_release(&uq->uq_key);
1408 error = thread_check_susp(td, false);
1415 * Unlock PTHREAD_PRIO_NONE protocol POSIX mutex.
1418 do_unlock_normal(struct thread *td, struct umutex *m, uint32_t flags, bool rb)
1420 struct umtx_key key;
1421 uint32_t owner, old, id, newlock;
1428 * Make sure we own this mtx.
1430 error = fueword32(&m->m_owner, &owner);
1434 if ((owner & ~UMUTEX_CONTESTED) != id)
1437 newlock = umtx_unlock_val(flags, rb);
1438 if ((owner & UMUTEX_CONTESTED) == 0) {
1439 error = casueword32(&m->m_owner, owner, &old, newlock);
1443 error = thread_check_susp(td, false);
1448 MPASS(old == owner);
1452 /* We should only ever be in here for contested locks */
1453 if ((error = umtx_key_get(m, TYPE_NORMAL_UMUTEX, GET_SHARE(flags),
1459 count = umtxq_count(&key);
1463 * When unlocking the umtx, it must be marked as unowned if
1464 * there is zero or one thread only waiting for it.
1465 * Otherwise, it must be marked as contested.
1468 newlock |= UMUTEX_CONTESTED;
1469 error = casueword32(&m->m_owner, owner, &old, newlock);
1471 umtxq_signal(&key, 1);
1474 umtx_key_release(&key);
1480 error = thread_check_susp(td, false);
1489 * Check if the mutex is available and wake up a waiter,
1490 * only for simple mutex.
1493 do_wake_umutex(struct thread *td, struct umutex *m)
1495 struct umtx_key key;
1502 error = fueword32(&m->m_owner, &owner);
1506 if ((owner & ~UMUTEX_CONTESTED) != 0 && owner != UMUTEX_RB_OWNERDEAD &&
1507 owner != UMUTEX_RB_NOTRECOV)
1510 error = fueword32(&m->m_flags, &flags);
1514 /* We should only ever be in here for contested locks */
1515 if ((error = umtx_key_get(m, TYPE_NORMAL_UMUTEX, GET_SHARE(flags),
1521 count = umtxq_count(&key);
1524 if (count <= 1 && owner != UMUTEX_RB_OWNERDEAD &&
1525 owner != UMUTEX_RB_NOTRECOV) {
1526 error = casueword32(&m->m_owner, UMUTEX_CONTESTED, &owner,
1530 } else if (error == 1) {
1534 umtx_key_release(&key);
1535 error = thread_check_susp(td, false);
1543 if (error == 0 && count != 0) {
1544 MPASS((owner & ~UMUTEX_CONTESTED) == 0 ||
1545 owner == UMUTEX_RB_OWNERDEAD ||
1546 owner == UMUTEX_RB_NOTRECOV);
1547 umtxq_signal(&key, 1);
1551 umtx_key_release(&key);
1556 * Check if the mutex has waiters and tries to fix contention bit.
1559 do_wake2_umutex(struct thread *td, struct umutex *m, uint32_t flags)
1561 struct umtx_key key;
1562 uint32_t owner, old;
1567 switch (flags & (UMUTEX_PRIO_INHERIT | UMUTEX_PRIO_PROTECT |
1571 type = TYPE_NORMAL_UMUTEX;
1573 case UMUTEX_PRIO_INHERIT:
1574 type = TYPE_PI_UMUTEX;
1576 case (UMUTEX_PRIO_INHERIT | UMUTEX_ROBUST):
1577 type = TYPE_PI_ROBUST_UMUTEX;
1579 case UMUTEX_PRIO_PROTECT:
1580 type = TYPE_PP_UMUTEX;
1582 case (UMUTEX_PRIO_PROTECT | UMUTEX_ROBUST):
1583 type = TYPE_PP_ROBUST_UMUTEX;
1588 if ((error = umtx_key_get(m, type, GET_SHARE(flags), &key)) != 0)
1594 count = umtxq_count(&key);
1597 error = fueword32(&m->m_owner, &owner);
1602 * Only repair contention bit if there is a waiter, this means
1603 * the mutex is still being referenced by userland code,
1604 * otherwise don't update any memory.
1606 while (error == 0 && (owner & UMUTEX_CONTESTED) == 0 &&
1607 (count > 1 || (count == 1 && (owner & ~UMUTEX_CONTESTED) != 0))) {
1608 error = casueword32(&m->m_owner, owner, &old,
1609 owner | UMUTEX_CONTESTED);
1615 MPASS(old == owner);
1619 error = thread_check_susp(td, false);
1623 if (error == EFAULT) {
1624 umtxq_signal(&key, INT_MAX);
1625 } else if (count != 0 && ((owner & ~UMUTEX_CONTESTED) == 0 ||
1626 owner == UMUTEX_RB_OWNERDEAD || owner == UMUTEX_RB_NOTRECOV))
1627 umtxq_signal(&key, 1);
1630 umtx_key_release(&key);
1634 static inline struct umtx_pi *
1635 umtx_pi_alloc(int flags)
1639 pi = uma_zalloc(umtx_pi_zone, M_ZERO | flags);
1640 TAILQ_INIT(&pi->pi_blocked);
1641 atomic_add_int(&umtx_pi_allocated, 1);
1646 umtx_pi_free(struct umtx_pi *pi)
1648 uma_zfree(umtx_pi_zone, pi);
1649 atomic_add_int(&umtx_pi_allocated, -1);
1653 * Adjust the thread's position on a pi_state after its priority has been
1657 umtx_pi_adjust_thread(struct umtx_pi *pi, struct thread *td)
1659 struct umtx_q *uq, *uq1, *uq2;
1662 mtx_assert(&umtx_lock, MA_OWNED);
1669 * Check if the thread needs to be moved on the blocked chain.
1670 * It needs to be moved if either its priority is lower than
1671 * the previous thread or higher than the next thread.
1673 uq1 = TAILQ_PREV(uq, umtxq_head, uq_lockq);
1674 uq2 = TAILQ_NEXT(uq, uq_lockq);
1675 if ((uq1 != NULL && UPRI(td) < UPRI(uq1->uq_thread)) ||
1676 (uq2 != NULL && UPRI(td) > UPRI(uq2->uq_thread))) {
1678 * Remove thread from blocked chain and determine where
1679 * it should be moved to.
1681 TAILQ_REMOVE(&pi->pi_blocked, uq, uq_lockq);
1682 TAILQ_FOREACH(uq1, &pi->pi_blocked, uq_lockq) {
1683 td1 = uq1->uq_thread;
1684 MPASS(td1->td_proc->p_magic == P_MAGIC);
1685 if (UPRI(td1) > UPRI(td))
1690 TAILQ_INSERT_TAIL(&pi->pi_blocked, uq, uq_lockq);
1692 TAILQ_INSERT_BEFORE(uq1, uq, uq_lockq);
1697 static struct umtx_pi *
1698 umtx_pi_next(struct umtx_pi *pi)
1700 struct umtx_q *uq_owner;
1702 if (pi->pi_owner == NULL)
1704 uq_owner = pi->pi_owner->td_umtxq;
1705 if (uq_owner == NULL)
1707 return (uq_owner->uq_pi_blocked);
1711 * Floyd's Cycle-Finding Algorithm.
1714 umtx_pi_check_loop(struct umtx_pi *pi)
1716 struct umtx_pi *pi1; /* fast iterator */
1718 mtx_assert(&umtx_lock, MA_OWNED);
1723 pi = umtx_pi_next(pi);
1726 pi1 = umtx_pi_next(pi1);
1729 pi1 = umtx_pi_next(pi1);
1739 * Propagate priority when a thread is blocked on POSIX
1743 umtx_propagate_priority(struct thread *td)
1749 mtx_assert(&umtx_lock, MA_OWNED);
1752 pi = uq->uq_pi_blocked;
1755 if (umtx_pi_check_loop(pi))
1760 if (td == NULL || td == curthread)
1763 MPASS(td->td_proc != NULL);
1764 MPASS(td->td_proc->p_magic == P_MAGIC);
1767 if (td->td_lend_user_pri > pri)
1768 sched_lend_user_prio(td, pri);
1776 * Pick up the lock that td is blocked on.
1779 pi = uq->uq_pi_blocked;
1782 /* Resort td on the list if needed. */
1783 umtx_pi_adjust_thread(pi, td);
1788 * Unpropagate priority for a PI mutex when a thread blocked on
1789 * it is interrupted by signal or resumed by others.
1792 umtx_repropagate_priority(struct umtx_pi *pi)
1794 struct umtx_q *uq, *uq_owner;
1795 struct umtx_pi *pi2;
1798 mtx_assert(&umtx_lock, MA_OWNED);
1800 if (umtx_pi_check_loop(pi))
1802 while (pi != NULL && pi->pi_owner != NULL) {
1804 uq_owner = pi->pi_owner->td_umtxq;
1806 TAILQ_FOREACH(pi2, &uq_owner->uq_pi_contested, pi_link) {
1807 uq = TAILQ_FIRST(&pi2->pi_blocked);
1809 if (pri > UPRI(uq->uq_thread))
1810 pri = UPRI(uq->uq_thread);
1814 if (pri > uq_owner->uq_inherited_pri)
1815 pri = uq_owner->uq_inherited_pri;
1816 thread_lock(pi->pi_owner);
1817 sched_lend_user_prio(pi->pi_owner, pri);
1818 thread_unlock(pi->pi_owner);
1819 if ((pi = uq_owner->uq_pi_blocked) != NULL)
1820 umtx_pi_adjust_thread(pi, uq_owner->uq_thread);
1825 * Insert a PI mutex into owned list.
1828 umtx_pi_setowner(struct umtx_pi *pi, struct thread *owner)
1830 struct umtx_q *uq_owner;
1832 uq_owner = owner->td_umtxq;
1833 mtx_assert(&umtx_lock, MA_OWNED);
1834 MPASS(pi->pi_owner == NULL);
1835 pi->pi_owner = owner;
1836 TAILQ_INSERT_TAIL(&uq_owner->uq_pi_contested, pi, pi_link);
1840 * Disown a PI mutex, and remove it from the owned list.
1843 umtx_pi_disown(struct umtx_pi *pi)
1846 mtx_assert(&umtx_lock, MA_OWNED);
1847 TAILQ_REMOVE(&pi->pi_owner->td_umtxq->uq_pi_contested, pi, pi_link);
1848 pi->pi_owner = NULL;
1852 * Claim ownership of a PI mutex.
1855 umtx_pi_claim(struct umtx_pi *pi, struct thread *owner)
1860 mtx_lock(&umtx_lock);
1861 if (pi->pi_owner == owner) {
1862 mtx_unlock(&umtx_lock);
1866 if (pi->pi_owner != NULL) {
1868 * userland may have already messed the mutex, sigh.
1870 mtx_unlock(&umtx_lock);
1873 umtx_pi_setowner(pi, owner);
1874 uq = TAILQ_FIRST(&pi->pi_blocked);
1876 pri = UPRI(uq->uq_thread);
1878 if (pri < UPRI(owner))
1879 sched_lend_user_prio(owner, pri);
1880 thread_unlock(owner);
1882 mtx_unlock(&umtx_lock);
1887 * Adjust a thread's order position in its blocked PI mutex,
1888 * this may result new priority propagating process.
1891 umtx_pi_adjust(struct thread *td, u_char oldpri)
1897 mtx_lock(&umtx_lock);
1899 * Pick up the lock that td is blocked on.
1901 pi = uq->uq_pi_blocked;
1903 umtx_pi_adjust_thread(pi, td);
1904 umtx_repropagate_priority(pi);
1906 mtx_unlock(&umtx_lock);
1910 * Sleep on a PI mutex.
1913 umtxq_sleep_pi(struct umtx_q *uq, struct umtx_pi *pi, uint32_t owner,
1914 const char *wmesg, struct umtx_abs_timeout *timo, bool shared)
1916 struct thread *td, *td1;
1920 struct umtxq_chain *uc;
1922 uc = umtxq_getchain(&pi->pi_key);
1926 KASSERT(td == curthread, ("inconsistent uq_thread"));
1927 UMTXQ_LOCKED_ASSERT(umtxq_getchain(&uq->uq_key));
1928 KASSERT(uc->uc_busy != 0, ("umtx chain is not busy"));
1930 mtx_lock(&umtx_lock);
1931 if (pi->pi_owner == NULL) {
1932 mtx_unlock(&umtx_lock);
1933 td1 = tdfind(owner, shared ? -1 : td->td_proc->p_pid);
1934 mtx_lock(&umtx_lock);
1936 if (pi->pi_owner == NULL)
1937 umtx_pi_setowner(pi, td1);
1938 PROC_UNLOCK(td1->td_proc);
1942 TAILQ_FOREACH(uq1, &pi->pi_blocked, uq_lockq) {
1943 pri = UPRI(uq1->uq_thread);
1949 TAILQ_INSERT_BEFORE(uq1, uq, uq_lockq);
1951 TAILQ_INSERT_TAIL(&pi->pi_blocked, uq, uq_lockq);
1953 uq->uq_pi_blocked = pi;
1955 td->td_flags |= TDF_UPIBLOCKED;
1957 umtx_propagate_priority(td);
1958 mtx_unlock(&umtx_lock);
1959 umtxq_unbusy(&uq->uq_key);
1961 error = umtxq_sleep(uq, wmesg, timo);
1964 mtx_lock(&umtx_lock);
1965 uq->uq_pi_blocked = NULL;
1967 td->td_flags &= ~TDF_UPIBLOCKED;
1969 TAILQ_REMOVE(&pi->pi_blocked, uq, uq_lockq);
1970 umtx_repropagate_priority(pi);
1971 mtx_unlock(&umtx_lock);
1972 umtxq_unlock(&uq->uq_key);
1978 * Add reference count for a PI mutex.
1981 umtx_pi_ref(struct umtx_pi *pi)
1984 UMTXQ_LOCKED_ASSERT(umtxq_getchain(&pi->pi_key));
1989 * Decrease reference count for a PI mutex, if the counter
1990 * is decreased to zero, its memory space is freed.
1993 umtx_pi_unref(struct umtx_pi *pi)
1995 struct umtxq_chain *uc;
1997 uc = umtxq_getchain(&pi->pi_key);
1998 UMTXQ_LOCKED_ASSERT(uc);
1999 KASSERT(pi->pi_refcount > 0, ("invalid reference count"));
2000 if (--pi->pi_refcount == 0) {
2001 mtx_lock(&umtx_lock);
2002 if (pi->pi_owner != NULL)
2004 KASSERT(TAILQ_EMPTY(&pi->pi_blocked),
2005 ("blocked queue not empty"));
2006 mtx_unlock(&umtx_lock);
2007 TAILQ_REMOVE(&uc->uc_pi_list, pi, pi_hashlink);
2013 * Find a PI mutex in hash table.
2015 static struct umtx_pi *
2016 umtx_pi_lookup(struct umtx_key *key)
2018 struct umtxq_chain *uc;
2021 uc = umtxq_getchain(key);
2022 UMTXQ_LOCKED_ASSERT(uc);
2024 TAILQ_FOREACH(pi, &uc->uc_pi_list, pi_hashlink) {
2025 if (umtx_key_match(&pi->pi_key, key)) {
2033 * Insert a PI mutex into hash table.
2036 umtx_pi_insert(struct umtx_pi *pi)
2038 struct umtxq_chain *uc;
2040 uc = umtxq_getchain(&pi->pi_key);
2041 UMTXQ_LOCKED_ASSERT(uc);
2042 TAILQ_INSERT_TAIL(&uc->uc_pi_list, pi, pi_hashlink);
2049 do_lock_pi(struct thread *td, struct umutex *m, uint32_t flags,
2050 struct _umtx_time *timeout, int try)
2052 struct umtx_abs_timeout timo;
2054 struct umtx_pi *pi, *new_pi;
2055 uint32_t id, old_owner, owner, old;
2061 if ((error = umtx_key_get(m, (flags & UMUTEX_ROBUST) != 0 ?
2062 TYPE_PI_ROBUST_UMUTEX : TYPE_PI_UMUTEX, GET_SHARE(flags),
2066 if (timeout != NULL)
2067 umtx_abs_timeout_init2(&timo, timeout);
2069 umtxq_lock(&uq->uq_key);
2070 pi = umtx_pi_lookup(&uq->uq_key);
2072 new_pi = umtx_pi_alloc(M_NOWAIT);
2073 if (new_pi == NULL) {
2074 umtxq_unlock(&uq->uq_key);
2075 new_pi = umtx_pi_alloc(M_WAITOK);
2076 umtxq_lock(&uq->uq_key);
2077 pi = umtx_pi_lookup(&uq->uq_key);
2079 umtx_pi_free(new_pi);
2083 if (new_pi != NULL) {
2084 new_pi->pi_key = uq->uq_key;
2085 umtx_pi_insert(new_pi);
2090 umtxq_unlock(&uq->uq_key);
2093 * Care must be exercised when dealing with umtx structure. It
2094 * can fault on any access.
2098 * Try the uncontested case. This should be done in userland.
2100 rv = casueword32(&m->m_owner, UMUTEX_UNOWNED, &owner, id);
2101 /* The address was invalid. */
2106 /* The acquire succeeded. */
2108 MPASS(owner == UMUTEX_UNOWNED);
2113 if (owner == UMUTEX_RB_NOTRECOV) {
2114 error = ENOTRECOVERABLE;
2119 * Nobody owns it, but the acquire failed. This can happen
2120 * with ll/sc atomics.
2122 if (owner == UMUTEX_UNOWNED) {
2123 error = thread_check_susp(td, true);
2130 * Avoid overwriting a possible error from sleep due
2131 * to the pending signal with suspension check result.
2134 error = thread_check_susp(td, true);
2139 /* If no one owns it but it is contested try to acquire it. */
2140 if (owner == UMUTEX_CONTESTED || owner == UMUTEX_RB_OWNERDEAD) {
2142 rv = casueword32(&m->m_owner, owner, &owner,
2143 id | UMUTEX_CONTESTED);
2144 /* The address was invalid. */
2151 error = thread_check_susp(td, true);
2157 * If this failed the lock could
2164 MPASS(owner == old_owner);
2165 umtxq_lock(&uq->uq_key);
2166 umtxq_busy(&uq->uq_key);
2167 error = umtx_pi_claim(pi, td);
2168 umtxq_unbusy(&uq->uq_key);
2169 umtxq_unlock(&uq->uq_key);
2172 * Since we're going to return an
2173 * error, restore the m_owner to its
2174 * previous, unowned state to avoid
2175 * compounding the problem.
2177 (void)casuword32(&m->m_owner,
2178 id | UMUTEX_CONTESTED, old_owner);
2180 if (error == 0 && old_owner == UMUTEX_RB_OWNERDEAD)
2185 if ((owner & ~UMUTEX_CONTESTED) == id) {
2196 * If we caught a signal, we have retried and now
2202 umtxq_lock(&uq->uq_key);
2203 umtxq_busy(&uq->uq_key);
2204 umtxq_unlock(&uq->uq_key);
2207 * Set the contested bit so that a release in user space
2208 * knows to use the system call for unlock. If this fails
2209 * either some one else has acquired the lock or it has been
2212 rv = casueword32(&m->m_owner, owner, &old, owner |
2215 /* The address was invalid. */
2217 umtxq_unbusy_unlocked(&uq->uq_key);
2222 umtxq_unbusy_unlocked(&uq->uq_key);
2223 error = thread_check_susp(td, true);
2228 * The lock changed and we need to retry or we
2229 * lost a race to the thread unlocking the
2230 * umtx. Note that the UMUTEX_RB_OWNERDEAD
2231 * value for owner is impossible there.
2236 umtxq_lock(&uq->uq_key);
2238 /* We set the contested bit, sleep. */
2239 MPASS(old == owner);
2240 error = umtxq_sleep_pi(uq, pi, owner & ~UMUTEX_CONTESTED,
2241 "umtxpi", timeout == NULL ? NULL : &timo,
2242 (flags & USYNC_PROCESS_SHARED) != 0);
2246 error = thread_check_susp(td, false);
2251 umtxq_lock(&uq->uq_key);
2253 umtxq_unlock(&uq->uq_key);
2255 umtx_key_release(&uq->uq_key);
2260 * Unlock a PI mutex.
2263 do_unlock_pi(struct thread *td, struct umutex *m, uint32_t flags, bool rb)
2265 struct umtx_key key;
2266 struct umtx_q *uq_first, *uq_first2, *uq_me;
2267 struct umtx_pi *pi, *pi2;
2268 uint32_t id, new_owner, old, owner;
2269 int count, error, pri;
2275 * Make sure we own this mtx.
2277 error = fueword32(&m->m_owner, &owner);
2281 if ((owner & ~UMUTEX_CONTESTED) != id)
2284 new_owner = umtx_unlock_val(flags, rb);
2286 /* This should be done in userland */
2287 if ((owner & UMUTEX_CONTESTED) == 0) {
2288 error = casueword32(&m->m_owner, owner, &old, new_owner);
2292 error = thread_check_susp(td, true);
2302 /* We should only ever be in here for contested locks */
2303 if ((error = umtx_key_get(m, (flags & UMUTEX_ROBUST) != 0 ?
2304 TYPE_PI_ROBUST_UMUTEX : TYPE_PI_UMUTEX, GET_SHARE(flags),
2310 count = umtxq_count_pi(&key, &uq_first);
2311 if (uq_first != NULL) {
2312 mtx_lock(&umtx_lock);
2313 pi = uq_first->uq_pi_blocked;
2314 KASSERT(pi != NULL, ("pi == NULL?"));
2315 if (pi->pi_owner != td && !(rb && pi->pi_owner == NULL)) {
2316 mtx_unlock(&umtx_lock);
2319 umtx_key_release(&key);
2320 /* userland messed the mutex */
2323 uq_me = td->td_umtxq;
2324 if (pi->pi_owner == td)
2326 /* get highest priority thread which is still sleeping. */
2327 uq_first = TAILQ_FIRST(&pi->pi_blocked);
2328 while (uq_first != NULL &&
2329 (uq_first->uq_flags & UQF_UMTXQ) == 0) {
2330 uq_first = TAILQ_NEXT(uq_first, uq_lockq);
2333 TAILQ_FOREACH(pi2, &uq_me->uq_pi_contested, pi_link) {
2334 uq_first2 = TAILQ_FIRST(&pi2->pi_blocked);
2335 if (uq_first2 != NULL) {
2336 if (pri > UPRI(uq_first2->uq_thread))
2337 pri = UPRI(uq_first2->uq_thread);
2341 sched_lend_user_prio(td, pri);
2343 mtx_unlock(&umtx_lock);
2345 umtxq_signal_thread(uq_first);
2347 pi = umtx_pi_lookup(&key);
2349 * A umtx_pi can exist if a signal or timeout removed the
2350 * last waiter from the umtxq, but there is still
2351 * a thread in do_lock_pi() holding the umtx_pi.
2355 * The umtx_pi can be unowned, such as when a thread
2356 * has just entered do_lock_pi(), allocated the
2357 * umtx_pi, and unlocked the umtxq.
2358 * If the current thread owns it, it must disown it.
2360 mtx_lock(&umtx_lock);
2361 if (pi->pi_owner == td)
2363 mtx_unlock(&umtx_lock);
2369 * When unlocking the umtx, it must be marked as unowned if
2370 * there is zero or one thread only waiting for it.
2371 * Otherwise, it must be marked as contested.
2375 new_owner |= UMUTEX_CONTESTED;
2377 error = casueword32(&m->m_owner, owner, &old, new_owner);
2379 error = thread_check_susp(td, false);
2383 umtxq_unbusy_unlocked(&key);
2384 umtx_key_release(&key);
2387 if (error == 0 && old != owner)
2396 do_lock_pp(struct thread *td, struct umutex *m, uint32_t flags,
2397 struct _umtx_time *timeout, int try)
2399 struct umtx_abs_timeout timo;
2400 struct umtx_q *uq, *uq2;
2404 int error, pri, old_inherited_pri, su, rv;
2408 if ((error = umtx_key_get(m, (flags & UMUTEX_ROBUST) != 0 ?
2409 TYPE_PP_ROBUST_UMUTEX : TYPE_PP_UMUTEX, GET_SHARE(flags),
2413 if (timeout != NULL)
2414 umtx_abs_timeout_init2(&timo, timeout);
2416 su = (priv_check(td, PRIV_SCHED_RTPRIO) == 0);
2418 old_inherited_pri = uq->uq_inherited_pri;
2419 umtxq_lock(&uq->uq_key);
2420 umtxq_busy(&uq->uq_key);
2421 umtxq_unlock(&uq->uq_key);
2423 rv = fueword32(&m->m_ceilings[0], &ceiling);
2428 ceiling = RTP_PRIO_MAX - ceiling;
2429 if (ceiling > RTP_PRIO_MAX) {
2434 mtx_lock(&umtx_lock);
2435 if (UPRI(td) < PRI_MIN_REALTIME + ceiling) {
2436 mtx_unlock(&umtx_lock);
2440 if (su && PRI_MIN_REALTIME + ceiling < uq->uq_inherited_pri) {
2441 uq->uq_inherited_pri = PRI_MIN_REALTIME + ceiling;
2443 if (uq->uq_inherited_pri < UPRI(td))
2444 sched_lend_user_prio(td, uq->uq_inherited_pri);
2447 mtx_unlock(&umtx_lock);
2449 rv = casueword32(&m->m_owner, UMUTEX_CONTESTED, &owner,
2450 id | UMUTEX_CONTESTED);
2451 /* The address was invalid. */
2457 MPASS(owner == UMUTEX_CONTESTED);
2462 if (owner == UMUTEX_RB_OWNERDEAD) {
2463 rv = casueword32(&m->m_owner, UMUTEX_RB_OWNERDEAD,
2464 &owner, id | UMUTEX_CONTESTED);
2470 MPASS(owner == UMUTEX_RB_OWNERDEAD);
2471 error = EOWNERDEAD; /* success */
2476 * rv == 1, only check for suspension if we
2477 * did not already catched a signal. If we
2478 * get an error from the check, the same
2479 * condition is checked by the umtxq_sleep()
2480 * call below, so we should obliterate the
2481 * error to not skip the last loop iteration.
2484 error = thread_check_susp(td, false);
2493 } else if (owner == UMUTEX_RB_NOTRECOV) {
2494 error = ENOTRECOVERABLE;
2501 * If we caught a signal, we have retried and now
2507 umtxq_lock(&uq->uq_key);
2509 umtxq_unbusy(&uq->uq_key);
2510 error = umtxq_sleep(uq, "umtxpp", timeout == NULL ?
2513 umtxq_unlock(&uq->uq_key);
2515 mtx_lock(&umtx_lock);
2516 uq->uq_inherited_pri = old_inherited_pri;
2518 TAILQ_FOREACH(pi, &uq->uq_pi_contested, pi_link) {
2519 uq2 = TAILQ_FIRST(&pi->pi_blocked);
2521 if (pri > UPRI(uq2->uq_thread))
2522 pri = UPRI(uq2->uq_thread);
2525 if (pri > uq->uq_inherited_pri)
2526 pri = uq->uq_inherited_pri;
2528 sched_lend_user_prio(td, pri);
2530 mtx_unlock(&umtx_lock);
2533 if (error != 0 && error != EOWNERDEAD) {
2534 mtx_lock(&umtx_lock);
2535 uq->uq_inherited_pri = old_inherited_pri;
2537 TAILQ_FOREACH(pi, &uq->uq_pi_contested, pi_link) {
2538 uq2 = TAILQ_FIRST(&pi->pi_blocked);
2540 if (pri > UPRI(uq2->uq_thread))
2541 pri = UPRI(uq2->uq_thread);
2544 if (pri > uq->uq_inherited_pri)
2545 pri = uq->uq_inherited_pri;
2547 sched_lend_user_prio(td, pri);
2549 mtx_unlock(&umtx_lock);
2553 umtxq_unbusy_unlocked(&uq->uq_key);
2554 umtx_key_release(&uq->uq_key);
2559 * Unlock a PP mutex.
2562 do_unlock_pp(struct thread *td, struct umutex *m, uint32_t flags, bool rb)
2564 struct umtx_key key;
2565 struct umtx_q *uq, *uq2;
2567 uint32_t id, owner, rceiling;
2568 int error, pri, new_inherited_pri, su;
2572 su = (priv_check(td, PRIV_SCHED_RTPRIO) == 0);
2575 * Make sure we own this mtx.
2577 error = fueword32(&m->m_owner, &owner);
2581 if ((owner & ~UMUTEX_CONTESTED) != id)
2584 error = copyin(&m->m_ceilings[1], &rceiling, sizeof(uint32_t));
2589 new_inherited_pri = PRI_MAX;
2591 rceiling = RTP_PRIO_MAX - rceiling;
2592 if (rceiling > RTP_PRIO_MAX)
2594 new_inherited_pri = PRI_MIN_REALTIME + rceiling;
2597 if ((error = umtx_key_get(m, (flags & UMUTEX_ROBUST) != 0 ?
2598 TYPE_PP_ROBUST_UMUTEX : TYPE_PP_UMUTEX, GET_SHARE(flags),
2605 * For priority protected mutex, always set unlocked state
2606 * to UMUTEX_CONTESTED, so that userland always enters kernel
2607 * to lock the mutex, it is necessary because thread priority
2608 * has to be adjusted for such mutex.
2610 error = suword32(&m->m_owner, umtx_unlock_val(flags, rb) |
2615 umtxq_signal(&key, 1);
2622 mtx_lock(&umtx_lock);
2624 uq->uq_inherited_pri = new_inherited_pri;
2626 TAILQ_FOREACH(pi, &uq->uq_pi_contested, pi_link) {
2627 uq2 = TAILQ_FIRST(&pi->pi_blocked);
2629 if (pri > UPRI(uq2->uq_thread))
2630 pri = UPRI(uq2->uq_thread);
2633 if (pri > uq->uq_inherited_pri)
2634 pri = uq->uq_inherited_pri;
2636 sched_lend_user_prio(td, pri);
2638 mtx_unlock(&umtx_lock);
2640 umtx_key_release(&key);
2645 do_set_ceiling(struct thread *td, struct umutex *m, uint32_t ceiling,
2646 uint32_t *old_ceiling)
2649 uint32_t flags, id, owner, save_ceiling;
2652 error = fueword32(&m->m_flags, &flags);
2655 if ((flags & UMUTEX_PRIO_PROTECT) == 0)
2657 if (ceiling > RTP_PRIO_MAX)
2661 if ((error = umtx_key_get(m, (flags & UMUTEX_ROBUST) != 0 ?
2662 TYPE_PP_ROBUST_UMUTEX : TYPE_PP_UMUTEX, GET_SHARE(flags),
2666 umtxq_lock(&uq->uq_key);
2667 umtxq_busy(&uq->uq_key);
2668 umtxq_unlock(&uq->uq_key);
2670 rv = fueword32(&m->m_ceilings[0], &save_ceiling);
2676 rv = casueword32(&m->m_owner, UMUTEX_CONTESTED, &owner,
2677 id | UMUTEX_CONTESTED);
2684 MPASS(owner == UMUTEX_CONTESTED);
2685 rv = suword32(&m->m_ceilings[0], ceiling);
2686 rv1 = suword32(&m->m_owner, UMUTEX_CONTESTED);
2687 error = (rv == 0 && rv1 == 0) ? 0: EFAULT;
2691 if ((owner & ~UMUTEX_CONTESTED) == id) {
2692 rv = suword32(&m->m_ceilings[0], ceiling);
2693 error = rv == 0 ? 0 : EFAULT;
2697 if (owner == UMUTEX_RB_OWNERDEAD) {
2700 } else if (owner == UMUTEX_RB_NOTRECOV) {
2701 error = ENOTRECOVERABLE;
2706 * If we caught a signal, we have retried and now
2713 * We set the contested bit, sleep. Otherwise the lock changed
2714 * and we need to retry or we lost a race to the thread
2715 * unlocking the umtx.
2717 umtxq_lock(&uq->uq_key);
2719 umtxq_unbusy(&uq->uq_key);
2720 error = umtxq_sleep(uq, "umtxpp", NULL);
2722 umtxq_unlock(&uq->uq_key);
2724 umtxq_lock(&uq->uq_key);
2726 umtxq_signal(&uq->uq_key, INT_MAX);
2727 umtxq_unbusy(&uq->uq_key);
2728 umtxq_unlock(&uq->uq_key);
2729 umtx_key_release(&uq->uq_key);
2730 if (error == 0 && old_ceiling != NULL) {
2731 rv = suword32(old_ceiling, save_ceiling);
2732 error = rv == 0 ? 0 : EFAULT;
2738 * Lock a userland POSIX mutex.
2741 do_lock_umutex(struct thread *td, struct umutex *m,
2742 struct _umtx_time *timeout, int mode)
2747 error = fueword32(&m->m_flags, &flags);
2751 switch (flags & (UMUTEX_PRIO_INHERIT | UMUTEX_PRIO_PROTECT)) {
2753 error = do_lock_normal(td, m, flags, timeout, mode);
2755 case UMUTEX_PRIO_INHERIT:
2756 error = do_lock_pi(td, m, flags, timeout, mode);
2758 case UMUTEX_PRIO_PROTECT:
2759 error = do_lock_pp(td, m, flags, timeout, mode);
2764 if (timeout == NULL) {
2765 if (error == EINTR && mode != _UMUTEX_WAIT)
2768 /* Timed-locking is not restarted. */
2769 if (error == ERESTART)
2776 * Unlock a userland POSIX mutex.
2779 do_unlock_umutex(struct thread *td, struct umutex *m, bool rb)
2784 error = fueword32(&m->m_flags, &flags);
2788 switch (flags & (UMUTEX_PRIO_INHERIT | UMUTEX_PRIO_PROTECT)) {
2790 return (do_unlock_normal(td, m, flags, rb));
2791 case UMUTEX_PRIO_INHERIT:
2792 return (do_unlock_pi(td, m, flags, rb));
2793 case UMUTEX_PRIO_PROTECT:
2794 return (do_unlock_pp(td, m, flags, rb));
2801 do_cv_wait(struct thread *td, struct ucond *cv, struct umutex *m,
2802 struct timespec *timeout, u_long wflags)
2804 struct umtx_abs_timeout timo;
2806 uint32_t flags, clockid, hasw;
2810 error = fueword32(&cv->c_flags, &flags);
2813 error = umtx_key_get(cv, TYPE_CV, GET_SHARE(flags), &uq->uq_key);
2817 if ((wflags & CVWAIT_CLOCKID) != 0) {
2818 error = fueword32(&cv->c_clockid, &clockid);
2820 umtx_key_release(&uq->uq_key);
2823 if (clockid < CLOCK_REALTIME ||
2824 clockid >= CLOCK_THREAD_CPUTIME_ID) {
2825 /* hmm, only HW clock id will work. */
2826 umtx_key_release(&uq->uq_key);
2830 clockid = CLOCK_REALTIME;
2833 umtxq_lock(&uq->uq_key);
2834 umtxq_busy(&uq->uq_key);
2836 umtxq_unlock(&uq->uq_key);
2839 * Set c_has_waiters to 1 before releasing user mutex, also
2840 * don't modify cache line when unnecessary.
2842 error = fueword32(&cv->c_has_waiters, &hasw);
2843 if (error == 0 && hasw == 0)
2844 suword32(&cv->c_has_waiters, 1);
2846 umtxq_unbusy_unlocked(&uq->uq_key);
2848 error = do_unlock_umutex(td, m, false);
2850 if (timeout != NULL)
2851 umtx_abs_timeout_init(&timo, clockid,
2852 (wflags & CVWAIT_ABSTIME) != 0, timeout);
2854 umtxq_lock(&uq->uq_key);
2856 error = umtxq_sleep(uq, "ucond", timeout == NULL ?
2860 if ((uq->uq_flags & UQF_UMTXQ) == 0)
2864 * This must be timeout,interrupted by signal or
2865 * surprious wakeup, clear c_has_waiter flag when
2868 umtxq_busy(&uq->uq_key);
2869 if ((uq->uq_flags & UQF_UMTXQ) != 0) {
2870 int oldlen = uq->uq_cur_queue->length;
2873 umtxq_unlock(&uq->uq_key);
2874 suword32(&cv->c_has_waiters, 0);
2875 umtxq_lock(&uq->uq_key);
2878 umtxq_unbusy(&uq->uq_key);
2879 if (error == ERESTART)
2883 umtxq_unlock(&uq->uq_key);
2884 umtx_key_release(&uq->uq_key);
2889 * Signal a userland condition variable.
2892 do_cv_signal(struct thread *td, struct ucond *cv)
2894 struct umtx_key key;
2895 int error, cnt, nwake;
2898 error = fueword32(&cv->c_flags, &flags);
2901 if ((error = umtx_key_get(cv, TYPE_CV, GET_SHARE(flags), &key)) != 0)
2905 cnt = umtxq_count(&key);
2906 nwake = umtxq_signal(&key, 1);
2909 error = suword32(&cv->c_has_waiters, 0);
2916 umtx_key_release(&key);
2921 do_cv_broadcast(struct thread *td, struct ucond *cv)
2923 struct umtx_key key;
2927 error = fueword32(&cv->c_flags, &flags);
2930 if ((error = umtx_key_get(cv, TYPE_CV, GET_SHARE(flags), &key)) != 0)
2935 umtxq_signal(&key, INT_MAX);
2938 error = suword32(&cv->c_has_waiters, 0);
2942 umtxq_unbusy_unlocked(&key);
2944 umtx_key_release(&key);
2949 do_rw_rdlock(struct thread *td, struct urwlock *rwlock, long fflag,
2950 struct _umtx_time *timeout)
2952 struct umtx_abs_timeout timo;
2954 uint32_t flags, wrflags;
2955 int32_t state, oldstate;
2956 int32_t blocked_readers;
2957 int error, error1, rv;
2960 error = fueword32(&rwlock->rw_flags, &flags);
2963 error = umtx_key_get(rwlock, TYPE_RWLOCK, GET_SHARE(flags), &uq->uq_key);
2967 if (timeout != NULL)
2968 umtx_abs_timeout_init2(&timo, timeout);
2970 wrflags = URWLOCK_WRITE_OWNER;
2971 if (!(fflag & URWLOCK_PREFER_READER) && !(flags & URWLOCK_PREFER_READER))
2972 wrflags |= URWLOCK_WRITE_WAITERS;
2975 rv = fueword32(&rwlock->rw_state, &state);
2977 umtx_key_release(&uq->uq_key);
2981 /* try to lock it */
2982 while (!(state & wrflags)) {
2983 if (__predict_false(URWLOCK_READER_COUNT(state) ==
2984 URWLOCK_MAX_READERS)) {
2985 umtx_key_release(&uq->uq_key);
2988 rv = casueword32(&rwlock->rw_state, state,
2989 &oldstate, state + 1);
2991 umtx_key_release(&uq->uq_key);
2995 MPASS(oldstate == state);
2996 umtx_key_release(&uq->uq_key);
2999 error = thread_check_susp(td, true);
3008 /* grab monitor lock */
3009 umtxq_lock(&uq->uq_key);
3010 umtxq_busy(&uq->uq_key);
3011 umtxq_unlock(&uq->uq_key);
3014 * re-read the state, in case it changed between the try-lock above
3015 * and the check below
3017 rv = fueword32(&rwlock->rw_state, &state);
3021 /* set read contention bit */
3022 while (error == 0 && (state & wrflags) &&
3023 !(state & URWLOCK_READ_WAITERS)) {
3024 rv = casueword32(&rwlock->rw_state, state,
3025 &oldstate, state | URWLOCK_READ_WAITERS);
3031 MPASS(oldstate == state);
3035 error = thread_check_susp(td, false);
3040 umtxq_unbusy_unlocked(&uq->uq_key);
3044 /* state is changed while setting flags, restart */
3045 if (!(state & wrflags)) {
3046 umtxq_unbusy_unlocked(&uq->uq_key);
3047 error = thread_check_susp(td, true);
3055 * Contention bit is set, before sleeping, increase
3056 * read waiter count.
3058 rv = fueword32(&rwlock->rw_blocked_readers,
3061 umtxq_unbusy_unlocked(&uq->uq_key);
3065 suword32(&rwlock->rw_blocked_readers, blocked_readers+1);
3067 while (state & wrflags) {
3068 umtxq_lock(&uq->uq_key);
3070 umtxq_unbusy(&uq->uq_key);
3072 error = umtxq_sleep(uq, "urdlck", timeout == NULL ?
3075 umtxq_busy(&uq->uq_key);
3077 umtxq_unlock(&uq->uq_key);
3080 rv = fueword32(&rwlock->rw_state, &state);
3087 /* decrease read waiter count, and may clear read contention bit */
3088 rv = fueword32(&rwlock->rw_blocked_readers,
3091 umtxq_unbusy_unlocked(&uq->uq_key);
3095 suword32(&rwlock->rw_blocked_readers, blocked_readers-1);
3096 if (blocked_readers == 1) {
3097 rv = fueword32(&rwlock->rw_state, &state);
3099 umtxq_unbusy_unlocked(&uq->uq_key);
3104 rv = casueword32(&rwlock->rw_state, state,
3105 &oldstate, state & ~URWLOCK_READ_WAITERS);
3111 MPASS(oldstate == state);
3115 error1 = thread_check_susp(td, false);
3124 umtxq_unbusy_unlocked(&uq->uq_key);
3128 umtx_key_release(&uq->uq_key);
3129 if (error == ERESTART)
3135 do_rw_wrlock(struct thread *td, struct urwlock *rwlock, struct _umtx_time *timeout)
3137 struct umtx_abs_timeout timo;
3140 int32_t state, oldstate;
3141 int32_t blocked_writers;
3142 int32_t blocked_readers;
3143 int error, error1, rv;
3146 error = fueword32(&rwlock->rw_flags, &flags);
3149 error = umtx_key_get(rwlock, TYPE_RWLOCK, GET_SHARE(flags), &uq->uq_key);
3153 if (timeout != NULL)
3154 umtx_abs_timeout_init2(&timo, timeout);
3156 blocked_readers = 0;
3158 rv = fueword32(&rwlock->rw_state, &state);
3160 umtx_key_release(&uq->uq_key);
3163 while ((state & URWLOCK_WRITE_OWNER) == 0 &&
3164 URWLOCK_READER_COUNT(state) == 0) {
3165 rv = casueword32(&rwlock->rw_state, state,
3166 &oldstate, state | URWLOCK_WRITE_OWNER);
3168 umtx_key_release(&uq->uq_key);
3172 MPASS(oldstate == state);
3173 umtx_key_release(&uq->uq_key);
3177 error = thread_check_susp(td, true);
3183 if ((state & (URWLOCK_WRITE_OWNER |
3184 URWLOCK_WRITE_WAITERS)) == 0 &&
3185 blocked_readers != 0) {
3186 umtxq_lock(&uq->uq_key);
3187 umtxq_busy(&uq->uq_key);
3188 umtxq_signal_queue(&uq->uq_key, INT_MAX,
3190 umtxq_unbusy(&uq->uq_key);
3191 umtxq_unlock(&uq->uq_key);
3197 /* grab monitor lock */
3198 umtxq_lock(&uq->uq_key);
3199 umtxq_busy(&uq->uq_key);
3200 umtxq_unlock(&uq->uq_key);
3203 * Re-read the state, in case it changed between the
3204 * try-lock above and the check below.
3206 rv = fueword32(&rwlock->rw_state, &state);
3210 while (error == 0 && ((state & URWLOCK_WRITE_OWNER) ||
3211 URWLOCK_READER_COUNT(state) != 0) &&
3212 (state & URWLOCK_WRITE_WAITERS) == 0) {
3213 rv = casueword32(&rwlock->rw_state, state,
3214 &oldstate, state | URWLOCK_WRITE_WAITERS);
3220 MPASS(oldstate == state);
3224 error = thread_check_susp(td, false);
3229 umtxq_unbusy_unlocked(&uq->uq_key);
3233 if ((state & URWLOCK_WRITE_OWNER) == 0 &&
3234 URWLOCK_READER_COUNT(state) == 0) {
3235 umtxq_unbusy_unlocked(&uq->uq_key);
3236 error = thread_check_susp(td, false);
3242 rv = fueword32(&rwlock->rw_blocked_writers,
3245 umtxq_unbusy_unlocked(&uq->uq_key);
3249 suword32(&rwlock->rw_blocked_writers, blocked_writers + 1);
3251 while ((state & URWLOCK_WRITE_OWNER) ||
3252 URWLOCK_READER_COUNT(state) != 0) {
3253 umtxq_lock(&uq->uq_key);
3254 umtxq_insert_queue(uq, UMTX_EXCLUSIVE_QUEUE);
3255 umtxq_unbusy(&uq->uq_key);
3257 error = umtxq_sleep(uq, "uwrlck", timeout == NULL ?
3260 umtxq_busy(&uq->uq_key);
3261 umtxq_remove_queue(uq, UMTX_EXCLUSIVE_QUEUE);
3262 umtxq_unlock(&uq->uq_key);
3265 rv = fueword32(&rwlock->rw_state, &state);
3272 rv = fueword32(&rwlock->rw_blocked_writers,
3275 umtxq_unbusy_unlocked(&uq->uq_key);
3279 suword32(&rwlock->rw_blocked_writers, blocked_writers-1);
3280 if (blocked_writers == 1) {
3281 rv = fueword32(&rwlock->rw_state, &state);
3283 umtxq_unbusy_unlocked(&uq->uq_key);
3288 rv = casueword32(&rwlock->rw_state, state,
3289 &oldstate, state & ~URWLOCK_WRITE_WAITERS);
3295 MPASS(oldstate == state);
3299 error1 = thread_check_susp(td, false);
3301 * We are leaving the URWLOCK_WRITE_WAITERS
3302 * behind, but this should not harm the
3311 rv = fueword32(&rwlock->rw_blocked_readers,
3314 umtxq_unbusy_unlocked(&uq->uq_key);
3319 blocked_readers = 0;
3321 umtxq_unbusy_unlocked(&uq->uq_key);
3324 umtx_key_release(&uq->uq_key);
3325 if (error == ERESTART)
3331 do_rw_unlock(struct thread *td, struct urwlock *rwlock)
3335 int32_t state, oldstate;
3336 int error, rv, q, count;
3339 error = fueword32(&rwlock->rw_flags, &flags);
3342 error = umtx_key_get(rwlock, TYPE_RWLOCK, GET_SHARE(flags), &uq->uq_key);
3346 error = fueword32(&rwlock->rw_state, &state);
3351 if (state & URWLOCK_WRITE_OWNER) {
3353 rv = casueword32(&rwlock->rw_state, state,
3354 &oldstate, state & ~URWLOCK_WRITE_OWNER);
3361 if (!(oldstate & URWLOCK_WRITE_OWNER)) {
3365 error = thread_check_susp(td, true);
3371 } else if (URWLOCK_READER_COUNT(state) != 0) {
3373 rv = casueword32(&rwlock->rw_state, state,
3374 &oldstate, state - 1);
3381 if (URWLOCK_READER_COUNT(oldstate) == 0) {
3385 error = thread_check_susp(td, true);
3398 if (!(flags & URWLOCK_PREFER_READER)) {
3399 if (state & URWLOCK_WRITE_WAITERS) {
3401 q = UMTX_EXCLUSIVE_QUEUE;
3402 } else if (state & URWLOCK_READ_WAITERS) {
3404 q = UMTX_SHARED_QUEUE;
3407 if (state & URWLOCK_READ_WAITERS) {
3409 q = UMTX_SHARED_QUEUE;
3410 } else if (state & URWLOCK_WRITE_WAITERS) {
3412 q = UMTX_EXCLUSIVE_QUEUE;
3417 umtxq_lock(&uq->uq_key);
3418 umtxq_busy(&uq->uq_key);
3419 umtxq_signal_queue(&uq->uq_key, count, q);
3420 umtxq_unbusy(&uq->uq_key);
3421 umtxq_unlock(&uq->uq_key);
3424 umtx_key_release(&uq->uq_key);
3428 #if defined(COMPAT_FREEBSD9) || defined(COMPAT_FREEBSD10)
3430 do_sem_wait(struct thread *td, struct _usem *sem, struct _umtx_time *timeout)
3432 struct umtx_abs_timeout timo;
3434 uint32_t flags, count, count1;
3438 error = fueword32(&sem->_flags, &flags);
3441 error = umtx_key_get(sem, TYPE_SEM, GET_SHARE(flags), &uq->uq_key);
3445 if (timeout != NULL)
3446 umtx_abs_timeout_init2(&timo, timeout);
3449 umtxq_lock(&uq->uq_key);
3450 umtxq_busy(&uq->uq_key);
3452 umtxq_unlock(&uq->uq_key);
3453 rv = casueword32(&sem->_has_waiters, 0, &count1, 1);
3455 rv1 = fueword32(&sem->_count, &count);
3456 if (rv == -1 || (rv == 0 && (rv1 == -1 || count != 0)) ||
3457 (rv == 1 && count1 == 0)) {
3458 umtxq_lock(&uq->uq_key);
3459 umtxq_unbusy(&uq->uq_key);
3461 umtxq_unlock(&uq->uq_key);
3463 rv = thread_check_susp(td, true);
3471 error = rv == -1 ? EFAULT : 0;
3474 umtxq_lock(&uq->uq_key);
3475 umtxq_unbusy(&uq->uq_key);
3477 error = umtxq_sleep(uq, "usem", timeout == NULL ? NULL : &timo);
3479 if ((uq->uq_flags & UQF_UMTXQ) == 0)
3483 /* A relative timeout cannot be restarted. */
3484 if (error == ERESTART && timeout != NULL &&
3485 (timeout->_flags & UMTX_ABSTIME) == 0)
3488 umtxq_unlock(&uq->uq_key);
3490 umtx_key_release(&uq->uq_key);
3495 * Signal a userland semaphore.
3498 do_sem_wake(struct thread *td, struct _usem *sem)
3500 struct umtx_key key;
3504 error = fueword32(&sem->_flags, &flags);
3507 if ((error = umtx_key_get(sem, TYPE_SEM, GET_SHARE(flags), &key)) != 0)
3511 cnt = umtxq_count(&key);
3514 * Check if count is greater than 0, this means the memory is
3515 * still being referenced by user code, so we can safely
3516 * update _has_waiters flag.
3520 error = suword32(&sem->_has_waiters, 0);
3525 umtxq_signal(&key, 1);
3529 umtx_key_release(&key);
3535 do_sem2_wait(struct thread *td, struct _usem2 *sem, struct _umtx_time *timeout)
3537 struct umtx_abs_timeout timo;
3539 uint32_t count, flags;
3543 flags = fuword32(&sem->_flags);
3544 if (timeout != NULL)
3545 umtx_abs_timeout_init2(&timo, timeout);
3548 error = umtx_key_get(sem, TYPE_SEM, GET_SHARE(flags), &uq->uq_key);
3551 umtxq_lock(&uq->uq_key);
3552 umtxq_busy(&uq->uq_key);
3554 umtxq_unlock(&uq->uq_key);
3555 rv = fueword32(&sem->_count, &count);
3557 umtxq_lock(&uq->uq_key);
3558 umtxq_unbusy(&uq->uq_key);
3560 umtxq_unlock(&uq->uq_key);
3561 umtx_key_release(&uq->uq_key);
3565 if (USEM_COUNT(count) != 0) {
3566 umtxq_lock(&uq->uq_key);
3567 umtxq_unbusy(&uq->uq_key);
3569 umtxq_unlock(&uq->uq_key);
3570 umtx_key_release(&uq->uq_key);
3573 if (count == USEM_HAS_WAITERS)
3575 rv = casueword32(&sem->_count, 0, &count, USEM_HAS_WAITERS);
3578 umtxq_lock(&uq->uq_key);
3579 umtxq_unbusy(&uq->uq_key);
3581 umtxq_unlock(&uq->uq_key);
3582 umtx_key_release(&uq->uq_key);
3585 rv = thread_check_susp(td, true);
3590 umtxq_lock(&uq->uq_key);
3591 umtxq_unbusy(&uq->uq_key);
3593 error = umtxq_sleep(uq, "usem", timeout == NULL ? NULL : &timo);
3595 if ((uq->uq_flags & UQF_UMTXQ) == 0)
3599 if (timeout != NULL && (timeout->_flags & UMTX_ABSTIME) == 0) {
3600 /* A relative timeout cannot be restarted. */
3601 if (error == ERESTART)
3603 if (error == EINTR) {
3604 umtx_abs_timeout_update(&timo);
3605 timespecsub(&timo.end, &timo.cur,
3606 &timeout->_timeout);
3610 umtxq_unlock(&uq->uq_key);
3611 umtx_key_release(&uq->uq_key);
3616 * Signal a userland semaphore.
3619 do_sem2_wake(struct thread *td, struct _usem2 *sem)
3621 struct umtx_key key;
3623 uint32_t count, flags;
3625 rv = fueword32(&sem->_flags, &flags);
3628 if ((error = umtx_key_get(sem, TYPE_SEM, GET_SHARE(flags), &key)) != 0)
3632 cnt = umtxq_count(&key);
3635 * If this was the last sleeping thread, clear the waiters
3640 rv = fueword32(&sem->_count, &count);
3641 while (rv != -1 && count & USEM_HAS_WAITERS) {
3642 rv = casueword32(&sem->_count, count, &count,
3643 count & ~USEM_HAS_WAITERS);
3645 rv = thread_check_susp(td, true);
3658 umtxq_signal(&key, 1);
3662 umtx_key_release(&key);
3666 #ifdef COMPAT_FREEBSD10
3668 freebsd10__umtx_lock(struct thread *td, struct freebsd10__umtx_lock_args *uap)
3670 return (do_lock_umtx(td, uap->umtx, td->td_tid, 0));
3674 freebsd10__umtx_unlock(struct thread *td,
3675 struct freebsd10__umtx_unlock_args *uap)
3677 return (do_unlock_umtx(td, uap->umtx, td->td_tid));
3682 umtx_copyin_timeout(const void *uaddr, struct timespec *tsp)
3686 error = copyin(uaddr, tsp, sizeof(*tsp));
3688 if (tsp->tv_sec < 0 ||
3689 tsp->tv_nsec >= 1000000000 ||
3697 umtx_copyin_umtx_time(const void *uaddr, size_t size, struct _umtx_time *tp)
3701 if (size <= sizeof(tp->_timeout)) {
3702 tp->_clockid = CLOCK_REALTIME;
3704 error = copyin(uaddr, &tp->_timeout, sizeof(tp->_timeout));
3706 error = copyin(uaddr, tp, sizeof(*tp));
3709 if (tp->_timeout.tv_sec < 0 ||
3710 tp->_timeout.tv_nsec >= 1000000000 || tp->_timeout.tv_nsec < 0)
3716 umtx_copyin_robust_lists(const void *uaddr, size_t size,
3717 struct umtx_robust_lists_params *rb)
3720 if (size > sizeof(*rb))
3722 return (copyin(uaddr, rb, size));
3726 umtx_copyout_timeout(void *uaddr, size_t sz, struct timespec *tsp)
3730 * Should be guaranteed by the caller, sz == uaddr1 - sizeof(_umtx_time)
3731 * and we're only called if sz >= sizeof(timespec) as supplied in the
3734 KASSERT(sz >= sizeof(*tsp),
3735 ("umtx_copyops specifies incorrect sizes"));
3737 return (copyout(tsp, uaddr, sizeof(*tsp)));
3740 #ifdef COMPAT_FREEBSD10
3742 __umtx_op_lock_umtx(struct thread *td, struct _umtx_op_args *uap,
3743 const struct umtx_copyops *ops)
3745 struct timespec *ts, timeout;
3748 /* Allow a null timespec (wait forever). */
3749 if (uap->uaddr2 == NULL)
3752 error = ops->copyin_timeout(uap->uaddr2, &timeout);
3757 #ifdef COMPAT_FREEBSD32
3759 return (do_lock_umtx32(td, uap->obj, uap->val, ts));
3761 return (do_lock_umtx(td, uap->obj, uap->val, ts));
3765 __umtx_op_unlock_umtx(struct thread *td, struct _umtx_op_args *uap,
3766 const struct umtx_copyops *ops)
3768 #ifdef COMPAT_FREEBSD32
3770 return (do_unlock_umtx32(td, uap->obj, uap->val));
3772 return (do_unlock_umtx(td, uap->obj, uap->val));
3774 #endif /* COMPAT_FREEBSD10 */
3776 #if !defined(COMPAT_FREEBSD10)
3778 __umtx_op_unimpl(struct thread *td __unused, struct _umtx_op_args *uap __unused,
3779 const struct umtx_copyops *ops __unused)
3781 return (EOPNOTSUPP);
3783 #endif /* COMPAT_FREEBSD10 */
3786 __umtx_op_wait(struct thread *td, struct _umtx_op_args *uap,
3787 const struct umtx_copyops *ops)
3789 struct _umtx_time timeout, *tm_p;
3792 if (uap->uaddr2 == NULL)
3795 error = ops->copyin_umtx_time(
3796 uap->uaddr2, (size_t)uap->uaddr1, &timeout);
3801 return (do_wait(td, uap->obj, uap->val, tm_p, ops->compat32, 0));
3805 __umtx_op_wait_uint(struct thread *td, struct _umtx_op_args *uap,
3806 const struct umtx_copyops *ops)
3808 struct _umtx_time timeout, *tm_p;
3811 if (uap->uaddr2 == NULL)
3814 error = ops->copyin_umtx_time(
3815 uap->uaddr2, (size_t)uap->uaddr1, &timeout);
3820 return (do_wait(td, uap->obj, uap->val, tm_p, 1, 0));
3824 __umtx_op_wait_uint_private(struct thread *td, struct _umtx_op_args *uap,
3825 const struct umtx_copyops *ops)
3827 struct _umtx_time *tm_p, timeout;
3830 if (uap->uaddr2 == NULL)
3833 error = ops->copyin_umtx_time(
3834 uap->uaddr2, (size_t)uap->uaddr1, &timeout);
3839 return (do_wait(td, uap->obj, uap->val, tm_p, 1, 1));
3843 __umtx_op_wake(struct thread *td, struct _umtx_op_args *uap,
3844 const struct umtx_copyops *ops __unused)
3847 return (kern_umtx_wake(td, uap->obj, uap->val, 0));
3850 #define BATCH_SIZE 128
3852 __umtx_op_nwake_private_native(struct thread *td, struct _umtx_op_args *uap)
3854 char *uaddrs[BATCH_SIZE], **upp;
3855 int count, error, i, pos, tocopy;
3857 upp = (char **)uap->obj;
3859 for (count = uap->val, pos = 0; count > 0; count -= tocopy,
3861 tocopy = MIN(count, BATCH_SIZE);
3862 error = copyin(upp + pos, uaddrs, tocopy * sizeof(char *));
3865 for (i = 0; i < tocopy; ++i) {
3866 kern_umtx_wake(td, uaddrs[i], INT_MAX, 1);
3874 __umtx_op_nwake_private_compat32(struct thread *td, struct _umtx_op_args *uap)
3876 uint32_t uaddrs[BATCH_SIZE], *upp;
3877 int count, error, i, pos, tocopy;
3879 upp = (uint32_t *)uap->obj;
3881 for (count = uap->val, pos = 0; count > 0; count -= tocopy,
3883 tocopy = MIN(count, BATCH_SIZE);
3884 error = copyin(upp + pos, uaddrs, tocopy * sizeof(uint32_t));
3887 for (i = 0; i < tocopy; ++i) {
3888 kern_umtx_wake(td, (void *)(uintptr_t)uaddrs[i],
3897 __umtx_op_nwake_private(struct thread *td, struct _umtx_op_args *uap,
3898 const struct umtx_copyops *ops)
3902 return (__umtx_op_nwake_private_compat32(td, uap));
3903 return (__umtx_op_nwake_private_native(td, uap));
3907 __umtx_op_wake_private(struct thread *td, struct _umtx_op_args *uap,
3908 const struct umtx_copyops *ops __unused)
3911 return (kern_umtx_wake(td, uap->obj, uap->val, 1));
3915 __umtx_op_lock_umutex(struct thread *td, struct _umtx_op_args *uap,
3916 const struct umtx_copyops *ops)
3918 struct _umtx_time *tm_p, timeout;
3921 /* Allow a null timespec (wait forever). */
3922 if (uap->uaddr2 == NULL)
3925 error = ops->copyin_umtx_time(
3926 uap->uaddr2, (size_t)uap->uaddr1, &timeout);
3931 return (do_lock_umutex(td, uap->obj, tm_p, 0));
3935 __umtx_op_trylock_umutex(struct thread *td, struct _umtx_op_args *uap,
3936 const struct umtx_copyops *ops __unused)
3939 return (do_lock_umutex(td, uap->obj, NULL, _UMUTEX_TRY));
3943 __umtx_op_wait_umutex(struct thread *td, struct _umtx_op_args *uap,
3944 const struct umtx_copyops *ops)
3946 struct _umtx_time *tm_p, timeout;
3949 /* Allow a null timespec (wait forever). */
3950 if (uap->uaddr2 == NULL)
3953 error = ops->copyin_umtx_time(
3954 uap->uaddr2, (size_t)uap->uaddr1, &timeout);
3959 return (do_lock_umutex(td, uap->obj, tm_p, _UMUTEX_WAIT));
3963 __umtx_op_wake_umutex(struct thread *td, struct _umtx_op_args *uap,
3964 const struct umtx_copyops *ops __unused)
3967 return (do_wake_umutex(td, uap->obj));
3971 __umtx_op_unlock_umutex(struct thread *td, struct _umtx_op_args *uap,
3972 const struct umtx_copyops *ops __unused)
3975 return (do_unlock_umutex(td, uap->obj, false));
3979 __umtx_op_set_ceiling(struct thread *td, struct _umtx_op_args *uap,
3980 const struct umtx_copyops *ops __unused)
3983 return (do_set_ceiling(td, uap->obj, uap->val, uap->uaddr1));
3987 __umtx_op_cv_wait(struct thread *td, struct _umtx_op_args *uap,
3988 const struct umtx_copyops *ops)
3990 struct timespec *ts, timeout;
3993 /* Allow a null timespec (wait forever). */
3994 if (uap->uaddr2 == NULL)
3997 error = ops->copyin_timeout(uap->uaddr2, &timeout);
4002 return (do_cv_wait(td, uap->obj, uap->uaddr1, ts, uap->val));
4006 __umtx_op_cv_signal(struct thread *td, struct _umtx_op_args *uap,
4007 const struct umtx_copyops *ops __unused)
4010 return (do_cv_signal(td, uap->obj));
4014 __umtx_op_cv_broadcast(struct thread *td, struct _umtx_op_args *uap,
4015 const struct umtx_copyops *ops __unused)
4018 return (do_cv_broadcast(td, uap->obj));
4022 __umtx_op_rw_rdlock(struct thread *td, struct _umtx_op_args *uap,
4023 const struct umtx_copyops *ops)
4025 struct _umtx_time timeout;
4028 /* Allow a null timespec (wait forever). */
4029 if (uap->uaddr2 == NULL) {
4030 error = do_rw_rdlock(td, uap->obj, uap->val, 0);
4032 error = ops->copyin_umtx_time(uap->uaddr2,
4033 (size_t)uap->uaddr1, &timeout);
4036 error = do_rw_rdlock(td, uap->obj, uap->val, &timeout);
4042 __umtx_op_rw_wrlock(struct thread *td, struct _umtx_op_args *uap,
4043 const struct umtx_copyops *ops)
4045 struct _umtx_time timeout;
4048 /* Allow a null timespec (wait forever). */
4049 if (uap->uaddr2 == NULL) {
4050 error = do_rw_wrlock(td, uap->obj, 0);
4052 error = ops->copyin_umtx_time(uap->uaddr2,
4053 (size_t)uap->uaddr1, &timeout);
4057 error = do_rw_wrlock(td, uap->obj, &timeout);
4063 __umtx_op_rw_unlock(struct thread *td, struct _umtx_op_args *uap,
4064 const struct umtx_copyops *ops __unused)
4067 return (do_rw_unlock(td, uap->obj));
4070 #if defined(COMPAT_FREEBSD9) || defined(COMPAT_FREEBSD10)
4072 __umtx_op_sem_wait(struct thread *td, struct _umtx_op_args *uap,
4073 const struct umtx_copyops *ops)
4075 struct _umtx_time *tm_p, timeout;
4078 /* Allow a null timespec (wait forever). */
4079 if (uap->uaddr2 == NULL)
4082 error = ops->copyin_umtx_time(
4083 uap->uaddr2, (size_t)uap->uaddr1, &timeout);
4088 return (do_sem_wait(td, uap->obj, tm_p));
4092 __umtx_op_sem_wake(struct thread *td, struct _umtx_op_args *uap,
4093 const struct umtx_copyops *ops __unused)
4096 return (do_sem_wake(td, uap->obj));
4101 __umtx_op_wake2_umutex(struct thread *td, struct _umtx_op_args *uap,
4102 const struct umtx_copyops *ops __unused)
4105 return (do_wake2_umutex(td, uap->obj, uap->val));
4109 __umtx_op_sem2_wait(struct thread *td, struct _umtx_op_args *uap,
4110 const struct umtx_copyops *ops)
4112 struct _umtx_time *tm_p, timeout;
4116 /* Allow a null timespec (wait forever). */
4117 if (uap->uaddr2 == NULL) {
4121 uasize = (size_t)uap->uaddr1;
4122 error = ops->copyin_umtx_time(uap->uaddr2, uasize, &timeout);
4127 error = do_sem2_wait(td, uap->obj, tm_p);
4128 if (error == EINTR && uap->uaddr2 != NULL &&
4129 (timeout._flags & UMTX_ABSTIME) == 0 &&
4130 uasize >= ops->umtx_time_sz + ops->timespec_sz) {
4131 error = ops->copyout_timeout(
4132 (void *)((uintptr_t)uap->uaddr2 + ops->umtx_time_sz),
4133 uasize - ops->umtx_time_sz, &timeout._timeout);
4143 __umtx_op_sem2_wake(struct thread *td, struct _umtx_op_args *uap,
4144 const struct umtx_copyops *ops __unused)
4147 return (do_sem2_wake(td, uap->obj));
4150 #define USHM_OBJ_UMTX(o) \
4151 ((struct umtx_shm_obj_list *)(&(o)->umtx_data))
4153 #define USHMF_REG_LINKED 0x0001
4154 #define USHMF_OBJ_LINKED 0x0002
4155 struct umtx_shm_reg {
4156 TAILQ_ENTRY(umtx_shm_reg) ushm_reg_link;
4157 LIST_ENTRY(umtx_shm_reg) ushm_obj_link;
4158 struct umtx_key ushm_key;
4159 struct ucred *ushm_cred;
4160 struct shmfd *ushm_obj;
4165 LIST_HEAD(umtx_shm_obj_list, umtx_shm_reg);
4166 TAILQ_HEAD(umtx_shm_reg_head, umtx_shm_reg);
4168 static uma_zone_t umtx_shm_reg_zone;
4169 static struct umtx_shm_reg_head umtx_shm_registry[UMTX_CHAINS];
4170 static struct mtx umtx_shm_lock;
4171 static struct umtx_shm_reg_head umtx_shm_reg_delfree =
4172 TAILQ_HEAD_INITIALIZER(umtx_shm_reg_delfree);
4174 static void umtx_shm_free_reg(struct umtx_shm_reg *reg);
4177 umtx_shm_reg_delfree_tq(void *context __unused, int pending __unused)
4179 struct umtx_shm_reg_head d;
4180 struct umtx_shm_reg *reg, *reg1;
4183 mtx_lock(&umtx_shm_lock);
4184 TAILQ_CONCAT(&d, &umtx_shm_reg_delfree, ushm_reg_link);
4185 mtx_unlock(&umtx_shm_lock);
4186 TAILQ_FOREACH_SAFE(reg, &d, ushm_reg_link, reg1) {
4187 TAILQ_REMOVE(&d, reg, ushm_reg_link);
4188 umtx_shm_free_reg(reg);
4192 static struct task umtx_shm_reg_delfree_task =
4193 TASK_INITIALIZER(0, umtx_shm_reg_delfree_tq, NULL);
4195 static struct umtx_shm_reg *
4196 umtx_shm_find_reg_locked(const struct umtx_key *key)
4198 struct umtx_shm_reg *reg;
4199 struct umtx_shm_reg_head *reg_head;
4201 KASSERT(key->shared, ("umtx_p_find_rg: private key"));
4202 mtx_assert(&umtx_shm_lock, MA_OWNED);
4203 reg_head = &umtx_shm_registry[key->hash];
4204 TAILQ_FOREACH(reg, reg_head, ushm_reg_link) {
4205 KASSERT(reg->ushm_key.shared,
4206 ("non-shared key on reg %p %d", reg, reg->ushm_key.shared));
4207 if (reg->ushm_key.info.shared.object ==
4208 key->info.shared.object &&
4209 reg->ushm_key.info.shared.offset ==
4210 key->info.shared.offset) {
4211 KASSERT(reg->ushm_key.type == TYPE_SHM, ("TYPE_USHM"));
4212 KASSERT(reg->ushm_refcnt > 0,
4213 ("reg %p refcnt 0 onlist", reg));
4214 KASSERT((reg->ushm_flags & USHMF_REG_LINKED) != 0,
4215 ("reg %p not linked", reg));
4223 static struct umtx_shm_reg *
4224 umtx_shm_find_reg(const struct umtx_key *key)
4226 struct umtx_shm_reg *reg;
4228 mtx_lock(&umtx_shm_lock);
4229 reg = umtx_shm_find_reg_locked(key);
4230 mtx_unlock(&umtx_shm_lock);
4235 umtx_shm_free_reg(struct umtx_shm_reg *reg)
4238 chgumtxcnt(reg->ushm_cred->cr_ruidinfo, -1, 0);
4239 crfree(reg->ushm_cred);
4240 shm_drop(reg->ushm_obj);
4241 uma_zfree(umtx_shm_reg_zone, reg);
4245 umtx_shm_unref_reg_locked(struct umtx_shm_reg *reg, bool force)
4249 mtx_assert(&umtx_shm_lock, MA_OWNED);
4250 KASSERT(reg->ushm_refcnt > 0, ("ushm_reg %p refcnt 0", reg));
4252 res = reg->ushm_refcnt == 0;
4254 if ((reg->ushm_flags & USHMF_REG_LINKED) != 0) {
4255 TAILQ_REMOVE(&umtx_shm_registry[reg->ushm_key.hash],
4256 reg, ushm_reg_link);
4257 reg->ushm_flags &= ~USHMF_REG_LINKED;
4259 if ((reg->ushm_flags & USHMF_OBJ_LINKED) != 0) {
4260 LIST_REMOVE(reg, ushm_obj_link);
4261 reg->ushm_flags &= ~USHMF_OBJ_LINKED;
4268 umtx_shm_unref_reg(struct umtx_shm_reg *reg, bool force)
4274 object = reg->ushm_obj->shm_object;
4275 VM_OBJECT_WLOCK(object);
4276 object->flags |= OBJ_UMTXDEAD;
4277 VM_OBJECT_WUNLOCK(object);
4279 mtx_lock(&umtx_shm_lock);
4280 dofree = umtx_shm_unref_reg_locked(reg, force);
4281 mtx_unlock(&umtx_shm_lock);
4283 umtx_shm_free_reg(reg);
4287 umtx_shm_object_init(vm_object_t object)
4290 LIST_INIT(USHM_OBJ_UMTX(object));
4294 umtx_shm_object_terminated(vm_object_t object)
4296 struct umtx_shm_reg *reg, *reg1;
4299 if (LIST_EMPTY(USHM_OBJ_UMTX(object)))
4303 mtx_lock(&umtx_shm_lock);
4304 LIST_FOREACH_SAFE(reg, USHM_OBJ_UMTX(object), ushm_obj_link, reg1) {
4305 if (umtx_shm_unref_reg_locked(reg, true)) {
4306 TAILQ_INSERT_TAIL(&umtx_shm_reg_delfree, reg,
4311 mtx_unlock(&umtx_shm_lock);
4313 taskqueue_enqueue(taskqueue_thread, &umtx_shm_reg_delfree_task);
4317 umtx_shm_create_reg(struct thread *td, const struct umtx_key *key,
4318 struct umtx_shm_reg **res)
4320 struct umtx_shm_reg *reg, *reg1;
4324 reg = umtx_shm_find_reg(key);
4329 cred = td->td_ucred;
4330 if (!chgumtxcnt(cred->cr_ruidinfo, 1, lim_cur(td, RLIMIT_UMTXP)))
4332 reg = uma_zalloc(umtx_shm_reg_zone, M_WAITOK | M_ZERO);
4333 reg->ushm_refcnt = 1;
4334 bcopy(key, ®->ushm_key, sizeof(*key));
4335 reg->ushm_obj = shm_alloc(td->td_ucred, O_RDWR, false);
4336 reg->ushm_cred = crhold(cred);
4337 error = shm_dotruncate(reg->ushm_obj, PAGE_SIZE);
4339 umtx_shm_free_reg(reg);
4342 mtx_lock(&umtx_shm_lock);
4343 reg1 = umtx_shm_find_reg_locked(key);
4345 mtx_unlock(&umtx_shm_lock);
4346 umtx_shm_free_reg(reg);
4351 TAILQ_INSERT_TAIL(&umtx_shm_registry[key->hash], reg, ushm_reg_link);
4352 LIST_INSERT_HEAD(USHM_OBJ_UMTX(key->info.shared.object), reg,
4354 reg->ushm_flags = USHMF_REG_LINKED | USHMF_OBJ_LINKED;
4355 mtx_unlock(&umtx_shm_lock);
4361 umtx_shm_alive(struct thread *td, void *addr)
4364 vm_map_entry_t entry;
4371 map = &td->td_proc->p_vmspace->vm_map;
4372 res = vm_map_lookup(&map, (uintptr_t)addr, VM_PROT_READ, &entry,
4373 &object, &pindex, &prot, &wired);
4374 if (res != KERN_SUCCESS)
4379 ret = (object->flags & OBJ_UMTXDEAD) != 0 ? ENOTTY : 0;
4380 vm_map_lookup_done(map, entry);
4389 umtx_shm_reg_zone = uma_zcreate("umtx_shm", sizeof(struct umtx_shm_reg),
4390 NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, 0);
4391 mtx_init(&umtx_shm_lock, "umtxshm", NULL, MTX_DEF);
4392 for (i = 0; i < nitems(umtx_shm_registry); i++)
4393 TAILQ_INIT(&umtx_shm_registry[i]);
4397 umtx_shm(struct thread *td, void *addr, u_int flags)
4399 struct umtx_key key;
4400 struct umtx_shm_reg *reg;
4404 if (__bitcount(flags & (UMTX_SHM_CREAT | UMTX_SHM_LOOKUP |
4405 UMTX_SHM_DESTROY| UMTX_SHM_ALIVE)) != 1)
4407 if ((flags & UMTX_SHM_ALIVE) != 0)
4408 return (umtx_shm_alive(td, addr));
4409 error = umtx_key_get(addr, TYPE_SHM, PROCESS_SHARE, &key);
4412 KASSERT(key.shared == 1, ("non-shared key"));
4413 if ((flags & UMTX_SHM_CREAT) != 0) {
4414 error = umtx_shm_create_reg(td, &key, ®);
4416 reg = umtx_shm_find_reg(&key);
4420 umtx_key_release(&key);
4423 KASSERT(reg != NULL, ("no reg"));
4424 if ((flags & UMTX_SHM_DESTROY) != 0) {
4425 umtx_shm_unref_reg(reg, true);
4429 error = mac_posixshm_check_open(td->td_ucred,
4430 reg->ushm_obj, FFLAGS(O_RDWR));
4433 error = shm_access(reg->ushm_obj, td->td_ucred,
4437 error = falloc_caps(td, &fp, &fd, O_CLOEXEC, NULL);
4439 shm_hold(reg->ushm_obj);
4440 finit(fp, FFLAGS(O_RDWR), DTYPE_SHM, reg->ushm_obj,
4442 td->td_retval[0] = fd;
4446 umtx_shm_unref_reg(reg, false);
4451 __umtx_op_shm(struct thread *td, struct _umtx_op_args *uap,
4452 const struct umtx_copyops *ops __unused)
4455 return (umtx_shm(td, uap->uaddr1, uap->val));
4459 __umtx_op_robust_lists(struct thread *td, struct _umtx_op_args *uap,
4460 const struct umtx_copyops *ops)
4462 struct umtx_robust_lists_params rb;
4465 if (ops->compat32) {
4466 if ((td->td_pflags2 & TDP2_COMPAT32RB) == 0 &&
4467 (td->td_rb_list != 0 || td->td_rbp_list != 0 ||
4468 td->td_rb_inact != 0))
4470 } else if ((td->td_pflags2 & TDP2_COMPAT32RB) != 0) {
4474 bzero(&rb, sizeof(rb));
4475 error = ops->copyin_robust_lists(uap->uaddr1, uap->val, &rb);
4480 td->td_pflags2 |= TDP2_COMPAT32RB;
4482 td->td_rb_list = rb.robust_list_offset;
4483 td->td_rbp_list = rb.robust_priv_list_offset;
4484 td->td_rb_inact = rb.robust_inact_offset;
4488 #if defined(__i386__) || defined(__amd64__)
4490 * Provide the standard 32-bit definitions for x86, since native/compat32 use a
4491 * 32-bit time_t there. Other architectures just need the i386 definitions
4492 * along with their standard compat32.
4494 struct timespecx32 {
4499 struct umtx_timex32 {
4500 struct timespecx32 _timeout;
4506 #define timespeci386 timespec32
4507 #define umtx_timei386 umtx_time32
4509 #else /* !__i386__ && !__amd64__ */
4510 /* 32-bit architectures can emulate i386, so define these almost everywhere. */
4511 struct timespeci386 {
4516 struct umtx_timei386 {
4517 struct timespeci386 _timeout;
4522 #if defined(__LP64__)
4523 #define timespecx32 timespec32
4524 #define umtx_timex32 umtx_time32
4529 umtx_copyin_robust_lists32(const void *uaddr, size_t size,
4530 struct umtx_robust_lists_params *rbp)
4532 struct umtx_robust_lists_params_compat32 rb32;
4535 if (size > sizeof(rb32))
4537 bzero(&rb32, sizeof(rb32));
4538 error = copyin(uaddr, &rb32, size);
4541 CP(rb32, *rbp, robust_list_offset);
4542 CP(rb32, *rbp, robust_priv_list_offset);
4543 CP(rb32, *rbp, robust_inact_offset);
4549 umtx_copyin_timeouti386(const void *uaddr, struct timespec *tsp)
4551 struct timespeci386 ts32;
4554 error = copyin(uaddr, &ts32, sizeof(ts32));
4556 if (ts32.tv_sec < 0 ||
4557 ts32.tv_nsec >= 1000000000 ||
4561 CP(ts32, *tsp, tv_sec);
4562 CP(ts32, *tsp, tv_nsec);
4569 umtx_copyin_umtx_timei386(const void *uaddr, size_t size, struct _umtx_time *tp)
4571 struct umtx_timei386 t32;
4574 t32._clockid = CLOCK_REALTIME;
4576 if (size <= sizeof(t32._timeout))
4577 error = copyin(uaddr, &t32._timeout, sizeof(t32._timeout));
4579 error = copyin(uaddr, &t32, sizeof(t32));
4582 if (t32._timeout.tv_sec < 0 ||
4583 t32._timeout.tv_nsec >= 1000000000 || t32._timeout.tv_nsec < 0)
4585 TS_CP(t32, *tp, _timeout);
4586 CP(t32, *tp, _flags);
4587 CP(t32, *tp, _clockid);
4592 umtx_copyout_timeouti386(void *uaddr, size_t sz, struct timespec *tsp)
4594 struct timespeci386 remain32 = {
4595 .tv_sec = tsp->tv_sec,
4596 .tv_nsec = tsp->tv_nsec,
4600 * Should be guaranteed by the caller, sz == uaddr1 - sizeof(_umtx_time)
4601 * and we're only called if sz >= sizeof(timespec) as supplied in the
4604 KASSERT(sz >= sizeof(remain32),
4605 ("umtx_copyops specifies incorrect sizes"));
4607 return (copyout(&remain32, uaddr, sizeof(remain32)));
4609 #endif /* !__i386__ */
4611 #if defined(__i386__) || defined(__LP64__)
4613 umtx_copyin_timeoutx32(const void *uaddr, struct timespec *tsp)
4615 struct timespecx32 ts32;
4618 error = copyin(uaddr, &ts32, sizeof(ts32));
4620 if (ts32.tv_sec < 0 ||
4621 ts32.tv_nsec >= 1000000000 ||
4625 CP(ts32, *tsp, tv_sec);
4626 CP(ts32, *tsp, tv_nsec);
4633 umtx_copyin_umtx_timex32(const void *uaddr, size_t size, struct _umtx_time *tp)
4635 struct umtx_timex32 t32;
4638 t32._clockid = CLOCK_REALTIME;
4640 if (size <= sizeof(t32._timeout))
4641 error = copyin(uaddr, &t32._timeout, sizeof(t32._timeout));
4643 error = copyin(uaddr, &t32, sizeof(t32));
4646 if (t32._timeout.tv_sec < 0 ||
4647 t32._timeout.tv_nsec >= 1000000000 || t32._timeout.tv_nsec < 0)
4649 TS_CP(t32, *tp, _timeout);
4650 CP(t32, *tp, _flags);
4651 CP(t32, *tp, _clockid);
4656 umtx_copyout_timeoutx32(void *uaddr, size_t sz, struct timespec *tsp)
4658 struct timespecx32 remain32 = {
4659 .tv_sec = tsp->tv_sec,
4660 .tv_nsec = tsp->tv_nsec,
4664 * Should be guaranteed by the caller, sz == uaddr1 - sizeof(_umtx_time)
4665 * and we're only called if sz >= sizeof(timespec) as supplied in the
4668 KASSERT(sz >= sizeof(remain32),
4669 ("umtx_copyops specifies incorrect sizes"));
4671 return (copyout(&remain32, uaddr, sizeof(remain32)));
4673 #endif /* __i386__ || __LP64__ */
4675 typedef int (*_umtx_op_func)(struct thread *td, struct _umtx_op_args *uap,
4676 const struct umtx_copyops *umtx_ops);
4678 static const _umtx_op_func op_table[] = {
4679 #ifdef COMPAT_FREEBSD10
4680 [UMTX_OP_LOCK] = __umtx_op_lock_umtx,
4681 [UMTX_OP_UNLOCK] = __umtx_op_unlock_umtx,
4683 [UMTX_OP_LOCK] = __umtx_op_unimpl,
4684 [UMTX_OP_UNLOCK] = __umtx_op_unimpl,
4686 [UMTX_OP_WAIT] = __umtx_op_wait,
4687 [UMTX_OP_WAKE] = __umtx_op_wake,
4688 [UMTX_OP_MUTEX_TRYLOCK] = __umtx_op_trylock_umutex,
4689 [UMTX_OP_MUTEX_LOCK] = __umtx_op_lock_umutex,
4690 [UMTX_OP_MUTEX_UNLOCK] = __umtx_op_unlock_umutex,
4691 [UMTX_OP_SET_CEILING] = __umtx_op_set_ceiling,
4692 [UMTX_OP_CV_WAIT] = __umtx_op_cv_wait,
4693 [UMTX_OP_CV_SIGNAL] = __umtx_op_cv_signal,
4694 [UMTX_OP_CV_BROADCAST] = __umtx_op_cv_broadcast,
4695 [UMTX_OP_WAIT_UINT] = __umtx_op_wait_uint,
4696 [UMTX_OP_RW_RDLOCK] = __umtx_op_rw_rdlock,
4697 [UMTX_OP_RW_WRLOCK] = __umtx_op_rw_wrlock,
4698 [UMTX_OP_RW_UNLOCK] = __umtx_op_rw_unlock,
4699 [UMTX_OP_WAIT_UINT_PRIVATE] = __umtx_op_wait_uint_private,
4700 [UMTX_OP_WAKE_PRIVATE] = __umtx_op_wake_private,
4701 [UMTX_OP_MUTEX_WAIT] = __umtx_op_wait_umutex,
4702 [UMTX_OP_MUTEX_WAKE] = __umtx_op_wake_umutex,
4703 #if defined(COMPAT_FREEBSD9) || defined(COMPAT_FREEBSD10)
4704 [UMTX_OP_SEM_WAIT] = __umtx_op_sem_wait,
4705 [UMTX_OP_SEM_WAKE] = __umtx_op_sem_wake,
4707 [UMTX_OP_SEM_WAIT] = __umtx_op_unimpl,
4708 [UMTX_OP_SEM_WAKE] = __umtx_op_unimpl,
4710 [UMTX_OP_NWAKE_PRIVATE] = __umtx_op_nwake_private,
4711 [UMTX_OP_MUTEX_WAKE2] = __umtx_op_wake2_umutex,
4712 [UMTX_OP_SEM2_WAIT] = __umtx_op_sem2_wait,
4713 [UMTX_OP_SEM2_WAKE] = __umtx_op_sem2_wake,
4714 [UMTX_OP_SHM] = __umtx_op_shm,
4715 [UMTX_OP_ROBUST_LISTS] = __umtx_op_robust_lists,
4718 static const struct umtx_copyops umtx_native_ops = {
4719 .copyin_timeout = umtx_copyin_timeout,
4720 .copyin_umtx_time = umtx_copyin_umtx_time,
4721 .copyin_robust_lists = umtx_copyin_robust_lists,
4722 .copyout_timeout = umtx_copyout_timeout,
4723 .timespec_sz = sizeof(struct timespec),
4724 .umtx_time_sz = sizeof(struct _umtx_time),
4728 static const struct umtx_copyops umtx_native_opsi386 = {
4729 .copyin_timeout = umtx_copyin_timeouti386,
4730 .copyin_umtx_time = umtx_copyin_umtx_timei386,
4731 .copyin_robust_lists = umtx_copyin_robust_lists32,
4732 .copyout_timeout = umtx_copyout_timeouti386,
4733 .timespec_sz = sizeof(struct timespeci386),
4734 .umtx_time_sz = sizeof(struct umtx_timei386),
4739 #if defined(__i386__) || defined(__LP64__)
4740 /* i386 can emulate other 32-bit archs, too! */
4741 static const struct umtx_copyops umtx_native_opsx32 = {
4742 .copyin_timeout = umtx_copyin_timeoutx32,
4743 .copyin_umtx_time = umtx_copyin_umtx_timex32,
4744 .copyin_robust_lists = umtx_copyin_robust_lists32,
4745 .copyout_timeout = umtx_copyout_timeoutx32,
4746 .timespec_sz = sizeof(struct timespecx32),
4747 .umtx_time_sz = sizeof(struct umtx_timex32),
4751 #ifdef COMPAT_FREEBSD32
4753 #define umtx_native_ops32 umtx_native_opsi386
4755 #define umtx_native_ops32 umtx_native_opsx32
4757 #endif /* COMPAT_FREEBSD32 */
4758 #endif /* __i386__ || __LP64__ */
4760 #define UMTX_OP__FLAGS (UMTX_OP__32BIT | UMTX_OP__I386)
4763 kern__umtx_op(struct thread *td, void *obj, int op, unsigned long val,
4764 void *uaddr1, void *uaddr2, const struct umtx_copyops *ops)
4766 struct _umtx_op_args uap = {
4768 .op = op & ~UMTX_OP__FLAGS,
4774 if ((uap.op >= nitems(op_table)))
4776 return ((*op_table[uap.op])(td, &uap, ops));
4780 sys__umtx_op(struct thread *td, struct _umtx_op_args *uap)
4782 static const struct umtx_copyops *umtx_ops;
4784 umtx_ops = &umtx_native_ops;
4786 if ((uap->op & (UMTX_OP__32BIT | UMTX_OP__I386)) != 0) {
4787 if ((uap->op & UMTX_OP__I386) != 0)
4788 umtx_ops = &umtx_native_opsi386;
4790 umtx_ops = &umtx_native_opsx32;
4792 #elif !defined(__i386__)
4793 /* We consider UMTX_OP__32BIT a nop on !i386 ILP32. */
4794 if ((uap->op & UMTX_OP__I386) != 0)
4795 umtx_ops = &umtx_native_opsi386;
4797 /* Likewise, UMTX_OP__I386 is a nop on i386. */
4798 if ((uap->op & UMTX_OP__32BIT) != 0)
4799 umtx_ops = &umtx_native_opsx32;
4801 return (kern__umtx_op(td, uap->obj, uap->op, uap->val, uap->uaddr1,
4802 uap->uaddr2, umtx_ops));
4805 #ifdef COMPAT_FREEBSD32
4806 #ifdef COMPAT_FREEBSD10
4808 freebsd10_freebsd32_umtx_lock(struct thread *td,
4809 struct freebsd10_freebsd32_umtx_lock_args *uap)
4811 return (do_lock_umtx32(td, (uint32_t *)uap->umtx, td->td_tid, NULL));
4815 freebsd10_freebsd32_umtx_unlock(struct thread *td,
4816 struct freebsd10_freebsd32_umtx_unlock_args *uap)
4818 return (do_unlock_umtx32(td, (uint32_t *)uap->umtx, td->td_tid));
4820 #endif /* COMPAT_FREEBSD10 */
4823 freebsd32__umtx_op(struct thread *td, struct freebsd32__umtx_op_args *uap)
4826 return (kern__umtx_op(td, uap->obj, uap->op, uap->val, uap->uaddr,
4827 uap->uaddr2, &umtx_native_ops32));
4829 #endif /* COMPAT_FREEBSD32 */
4832 umtx_thread_init(struct thread *td)
4835 td->td_umtxq = umtxq_alloc();
4836 td->td_umtxq->uq_thread = td;
4840 umtx_thread_fini(struct thread *td)
4843 umtxq_free(td->td_umtxq);
4847 * It will be called when new thread is created, e.g fork().
4850 umtx_thread_alloc(struct thread *td)
4855 uq->uq_inherited_pri = PRI_MAX;
4857 KASSERT(uq->uq_flags == 0, ("uq_flags != 0"));
4858 KASSERT(uq->uq_thread == td, ("uq_thread != td"));
4859 KASSERT(uq->uq_pi_blocked == NULL, ("uq_pi_blocked != NULL"));
4860 KASSERT(TAILQ_EMPTY(&uq->uq_pi_contested), ("uq_pi_contested is not empty"));
4866 * Clear robust lists for all process' threads, not delaying the
4867 * cleanup to thread exit, since the relevant address space is
4868 * destroyed right now.
4871 umtx_exec(struct proc *p)
4875 KASSERT(p == curproc, ("need curproc"));
4876 KASSERT((p->p_flag & P_HADTHREADS) == 0 ||
4877 (p->p_flag & P_STOPPED_SINGLE) != 0,
4878 ("curproc must be single-threaded"));
4880 * There is no need to lock the list as only this thread can be
4883 FOREACH_THREAD_IN_PROC(p, td) {
4884 KASSERT(td == curthread ||
4885 ((td->td_flags & TDF_BOUNDARY) != 0 && TD_IS_SUSPENDED(td)),
4886 ("running thread %p %p", p, td));
4887 umtx_thread_cleanup(td);
4888 td->td_rb_list = td->td_rbp_list = td->td_rb_inact = 0;
4896 umtx_thread_exit(struct thread *td)
4899 umtx_thread_cleanup(td);
4903 umtx_read_uptr(struct thread *td, uintptr_t ptr, uintptr_t *res, bool compat32)
4910 error = fueword32((void *)ptr, &res32);
4914 error = fueword((void *)ptr, &res1);
4924 umtx_read_rb_list(struct thread *td, struct umutex *m, uintptr_t *rb_list,
4927 struct umutex32 m32;
4930 memcpy(&m32, m, sizeof(m32));
4931 *rb_list = m32.m_rb_lnk;
4933 *rb_list = m->m_rb_lnk;
4938 umtx_handle_rb(struct thread *td, uintptr_t rbp, uintptr_t *rb_list, bool inact,
4944 KASSERT(td->td_proc == curproc, ("need current vmspace"));
4945 error = copyin((void *)rbp, &m, sizeof(m));
4948 if (rb_list != NULL)
4949 umtx_read_rb_list(td, &m, rb_list, compat32);
4950 if ((m.m_flags & UMUTEX_ROBUST) == 0)
4952 if ((m.m_owner & ~UMUTEX_CONTESTED) != td->td_tid)
4953 /* inact is cleared after unlock, allow the inconsistency */
4954 return (inact ? 0 : EINVAL);
4955 return (do_unlock_umutex(td, (struct umutex *)rbp, true));
4959 umtx_cleanup_rb_list(struct thread *td, uintptr_t rb_list, uintptr_t *rb_inact,
4960 const char *name, bool compat32)
4968 error = umtx_read_uptr(td, rb_list, &rbp, compat32);
4969 for (i = 0; error == 0 && rbp != 0 && i < umtx_max_rb; i++) {
4970 if (rbp == *rb_inact) {
4975 error = umtx_handle_rb(td, rbp, &rbp, inact, compat32);
4977 if (i == umtx_max_rb && umtx_verbose_rb) {
4978 uprintf("comm %s pid %d: reached umtx %smax rb %d\n",
4979 td->td_proc->p_comm, td->td_proc->p_pid, name, umtx_max_rb);
4981 if (error != 0 && umtx_verbose_rb) {
4982 uprintf("comm %s pid %d: handling %srb error %d\n",
4983 td->td_proc->p_comm, td->td_proc->p_pid, name, error);
4988 * Clean up umtx data.
4991 umtx_thread_cleanup(struct thread *td)
4999 * Disown pi mutexes.
5003 if (uq->uq_inherited_pri != PRI_MAX ||
5004 !TAILQ_EMPTY(&uq->uq_pi_contested)) {
5005 mtx_lock(&umtx_lock);
5006 uq->uq_inherited_pri = PRI_MAX;
5007 while ((pi = TAILQ_FIRST(&uq->uq_pi_contested)) != NULL) {
5008 pi->pi_owner = NULL;
5009 TAILQ_REMOVE(&uq->uq_pi_contested, pi, pi_link);
5011 mtx_unlock(&umtx_lock);
5013 sched_lend_user_prio_cond(td, PRI_MAX);
5016 compat32 = (td->td_pflags2 & TDP2_COMPAT32RB) != 0;
5017 td->td_pflags2 &= ~TDP2_COMPAT32RB;
5019 if (td->td_rb_inact == 0 && td->td_rb_list == 0 && td->td_rbp_list == 0)
5023 * Handle terminated robust mutexes. Must be done after
5024 * robust pi disown, otherwise unlock could see unowned
5027 rb_inact = td->td_rb_inact;
5029 (void)umtx_read_uptr(td, rb_inact, &rb_inact, compat32);
5030 umtx_cleanup_rb_list(td, td->td_rb_list, &rb_inact, "", compat32);
5031 umtx_cleanup_rb_list(td, td->td_rbp_list, &rb_inact, "priv ", compat32);
5033 (void)umtx_handle_rb(td, rb_inact, NULL, true, compat32);
projects / FreeBSD / FreeBSD.git / blob