2 * SPDX-License-Identifier: BSD-2-Clause
4 * Copyright (c) 2015, 2016 The FreeBSD Foundation
5 * Copyright (c) 2004, David Xu <davidxu@freebsd.org>
6 * Copyright (c) 2002, Jeffrey Roberson <jeff@freebsd.org>
9 * Portions of this software were developed by Konstantin Belousov
10 * under sponsorship from the FreeBSD Foundation.
12 * Redistribution and use in source and binary forms, with or without
13 * modification, are permitted provided that the following conditions
15 * 1. Redistributions of source code must retain the above copyright
16 * notice unmodified, this list of conditions, and the following
18 * 2. Redistributions in binary form must reproduce the above copyright
19 * notice, this list of conditions and the following disclaimer in the
20 * documentation and/or other materials provided with the distribution.
22 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
23 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
24 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
25 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
26 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
27 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
28 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
29 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
30 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
31 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
34 #include <sys/cdefs.h>
35 __FBSDID("$FreeBSD$");
37 #include "opt_umtx_profiling.h"
39 #include <sys/param.h>
40 #include <sys/kernel.h>
41 #include <sys/fcntl.h>
43 #include <sys/filedesc.h>
44 #include <sys/limits.h>
46 #include <sys/malloc.h>
48 #include <sys/mutex.h>
51 #include <sys/resource.h>
52 #include <sys/resourcevar.h>
53 #include <sys/rwlock.h>
55 #include <sys/sched.h>
57 #include <sys/sysctl.h>
58 #include <sys/systm.h>
59 #include <sys/sysproto.h>
60 #include <sys/syscallsubr.h>
61 #include <sys/taskqueue.h>
63 #include <sys/eventhandler.h>
65 #include <sys/umtxvar.h>
67 #include <security/mac/mac_framework.h>
70 #include <vm/vm_param.h>
72 #include <vm/vm_map.h>
73 #include <vm/vm_object.h>
75 #include <machine/atomic.h>
76 #include <machine/cpu.h>
78 #include <compat/freebsd32/freebsd32.h>
79 #ifdef COMPAT_FREEBSD32
80 #include <compat/freebsd32/freebsd32_proto.h>
84 #define _UMUTEX_WAIT 2
87 #define UPROF_PERC_BIGGER(w, f, sw, sf) \
88 (((w) > (sw)) || ((w) == (sw) && (f) > (sf)))
91 #define UMTXQ_LOCKED_ASSERT(uc) mtx_assert(&(uc)->uc_lock, MA_OWNED)
93 #define UMTXQ_ASSERT_LOCKED_BUSY(key) do { \
94 struct umtxq_chain *uc; \
96 uc = umtxq_getchain(key); \
97 mtx_assert(&uc->uc_lock, MA_OWNED); \
98 KASSERT(uc->uc_busy != 0, ("umtx chain is not busy")); \
101 #define UMTXQ_ASSERT_LOCKED_BUSY(key) do {} while (0)
105 * Don't propagate time-sharing priority, there is a security reason,
106 * a user can simply introduce PI-mutex, let thread A lock the mutex,
107 * and let another thread B block on the mutex, because B is
108 * sleeping, its priority will be boosted, this causes A's priority to
109 * be boosted via priority propagating too and will never be lowered even
110 * if it is using 100%CPU, this is unfair to other processes.
113 #define UPRI(td) (((td)->td_user_pri >= PRI_MIN_TIMESHARE &&\
114 (td)->td_user_pri <= PRI_MAX_TIMESHARE) ?\
115 PRI_MAX_TIMESHARE : (td)->td_user_pri)
117 #define GOLDEN_RATIO_PRIME 2654404609U
119 #define UMTX_CHAINS 512
121 #define UMTX_SHIFTS (__WORD_BIT - 9)
123 #define GET_SHARE(flags) \
124 (((flags) & USYNC_PROCESS_SHARED) == 0 ? THREAD_SHARE : PROCESS_SHARE)
126 #define BUSY_SPINS 200
128 struct umtx_copyops {
129 int (*copyin_timeout)(const void *uaddr, struct timespec *tsp);
130 int (*copyin_umtx_time)(const void *uaddr, size_t size,
131 struct _umtx_time *tp);
132 int (*copyin_robust_lists)(const void *uaddr, size_t size,
133 struct umtx_robust_lists_params *rbp);
134 int (*copyout_timeout)(void *uaddr, size_t size,
135 struct timespec *tsp);
136 const size_t timespec_sz;
137 const size_t umtx_time_sz;
141 _Static_assert(sizeof(struct umutex) == sizeof(struct umutex32), "umutex32");
142 _Static_assert(__offsetof(struct umutex, m_spare[0]) ==
143 __offsetof(struct umutex32, m_spare[0]), "m_spare32");
145 int umtx_shm_vnobj_persistent = 0;
146 SYSCTL_INT(_kern_ipc, OID_AUTO, umtx_vnode_persistent, CTLFLAG_RWTUN,
147 &umtx_shm_vnobj_persistent, 0,
148 "False forces destruction of umtx attached to file, on last close");
149 static int umtx_max_rb = 1000;
150 SYSCTL_INT(_kern_ipc, OID_AUTO, umtx_max_robust, CTLFLAG_RWTUN,
152 "Maximum number of robust mutexes allowed for each thread");
154 static uma_zone_t umtx_pi_zone;
155 static struct umtxq_chain umtxq_chains[2][UMTX_CHAINS];
156 static MALLOC_DEFINE(M_UMTX, "umtx", "UMTX queue memory");
157 static int umtx_pi_allocated;
159 static SYSCTL_NODE(_debug, OID_AUTO, umtx, CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
161 SYSCTL_INT(_debug_umtx, OID_AUTO, umtx_pi_allocated, CTLFLAG_RD,
162 &umtx_pi_allocated, 0, "Allocated umtx_pi");
163 static int umtx_verbose_rb = 1;
164 SYSCTL_INT(_debug_umtx, OID_AUTO, robust_faults_verbose, CTLFLAG_RWTUN,
168 #ifdef UMTX_PROFILING
169 static long max_length;
170 SYSCTL_LONG(_debug_umtx, OID_AUTO, max_length, CTLFLAG_RD, &max_length, 0, "max_length");
171 static SYSCTL_NODE(_debug_umtx, OID_AUTO, chains, CTLFLAG_RD | CTLFLAG_MPSAFE, 0,
175 static inline void umtx_abs_timeout_init2(struct umtx_abs_timeout *timo,
176 const struct _umtx_time *umtxtime);
178 static void umtx_shm_init(void);
179 static void umtxq_sysinit(void *);
180 static void umtxq_hash(struct umtx_key *key);
181 static int do_unlock_pp(struct thread *td, struct umutex *m, uint32_t flags,
183 static void umtx_thread_cleanup(struct thread *td);
184 SYSINIT(umtx, SI_SUB_EVENTHANDLER+1, SI_ORDER_MIDDLE, umtxq_sysinit, NULL);
186 #define umtxq_signal(key, nwake) umtxq_signal_queue((key), (nwake), UMTX_SHARED_QUEUE)
188 static struct mtx umtx_lock;
190 #ifdef UMTX_PROFILING
192 umtx_init_profiling(void)
194 struct sysctl_oid *chain_oid;
198 for (i = 0; i < UMTX_CHAINS; ++i) {
199 snprintf(chain_name, sizeof(chain_name), "%d", i);
200 chain_oid = SYSCTL_ADD_NODE(NULL,
201 SYSCTL_STATIC_CHILDREN(_debug_umtx_chains), OID_AUTO,
202 chain_name, CTLFLAG_RD | CTLFLAG_MPSAFE, NULL,
204 SYSCTL_ADD_INT(NULL, SYSCTL_CHILDREN(chain_oid), OID_AUTO,
205 "max_length0", CTLFLAG_RD, &umtxq_chains[0][i].max_length, 0, NULL);
206 SYSCTL_ADD_INT(NULL, SYSCTL_CHILDREN(chain_oid), OID_AUTO,
207 "max_length1", CTLFLAG_RD, &umtxq_chains[1][i].max_length, 0, NULL);
212 sysctl_debug_umtx_chains_peaks(SYSCTL_HANDLER_ARGS)
216 struct umtxq_chain *uc;
217 u_int fract, i, j, tot, whole;
218 u_int sf0, sf1, sf2, sf3, sf4;
219 u_int si0, si1, si2, si3, si4;
220 u_int sw0, sw1, sw2, sw3, sw4;
222 sbuf_new(&sb, buf, sizeof(buf), SBUF_FIXEDLEN);
223 for (i = 0; i < 2; i++) {
225 for (j = 0; j < UMTX_CHAINS; ++j) {
226 uc = &umtxq_chains[i][j];
227 mtx_lock(&uc->uc_lock);
228 tot += uc->max_length;
229 mtx_unlock(&uc->uc_lock);
232 sbuf_printf(&sb, "%u) Empty ", i);
234 sf0 = sf1 = sf2 = sf3 = sf4 = 0;
235 si0 = si1 = si2 = si3 = si4 = 0;
236 sw0 = sw1 = sw2 = sw3 = sw4 = 0;
237 for (j = 0; j < UMTX_CHAINS; j++) {
238 uc = &umtxq_chains[i][j];
239 mtx_lock(&uc->uc_lock);
240 whole = uc->max_length * 100;
241 mtx_unlock(&uc->uc_lock);
242 fract = (whole % tot) * 100;
243 if (UPROF_PERC_BIGGER(whole, fract, sw0, sf0)) {
247 } else if (UPROF_PERC_BIGGER(whole, fract, sw1,
252 } else if (UPROF_PERC_BIGGER(whole, fract, sw2,
257 } else if (UPROF_PERC_BIGGER(whole, fract, sw3,
262 } else if (UPROF_PERC_BIGGER(whole, fract, sw4,
269 sbuf_printf(&sb, "queue %u:\n", i);
270 sbuf_printf(&sb, "1st: %u.%u%% idx: %u\n", sw0 / tot,
272 sbuf_printf(&sb, "2nd: %u.%u%% idx: %u\n", sw1 / tot,
274 sbuf_printf(&sb, "3rd: %u.%u%% idx: %u\n", sw2 / tot,
276 sbuf_printf(&sb, "4th: %u.%u%% idx: %u\n", sw3 / tot,
278 sbuf_printf(&sb, "5th: %u.%u%% idx: %u\n", sw4 / tot,
284 sysctl_handle_string(oidp, sbuf_data(&sb), sbuf_len(&sb), req);
290 sysctl_debug_umtx_chains_clear(SYSCTL_HANDLER_ARGS)
292 struct umtxq_chain *uc;
297 error = sysctl_handle_int(oidp, &clear, 0, req);
298 if (error != 0 || req->newptr == NULL)
302 for (i = 0; i < 2; ++i) {
303 for (j = 0; j < UMTX_CHAINS; ++j) {
304 uc = &umtxq_chains[i][j];
305 mtx_lock(&uc->uc_lock);
308 mtx_unlock(&uc->uc_lock);
315 SYSCTL_PROC(_debug_umtx_chains, OID_AUTO, clear,
316 CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE, 0, 0,
317 sysctl_debug_umtx_chains_clear, "I",
318 "Clear umtx chains statistics");
319 SYSCTL_PROC(_debug_umtx_chains, OID_AUTO, peaks,
320 CTLTYPE_STRING | CTLFLAG_RD | CTLFLAG_MPSAFE, 0, 0,
321 sysctl_debug_umtx_chains_peaks, "A",
322 "Highest peaks in chains max length");
326 umtxq_sysinit(void *arg __unused)
330 umtx_pi_zone = uma_zcreate("umtx pi", sizeof(struct umtx_pi),
331 NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, 0);
332 for (i = 0; i < 2; ++i) {
333 for (j = 0; j < UMTX_CHAINS; ++j) {
334 mtx_init(&umtxq_chains[i][j].uc_lock, "umtxql", NULL,
335 MTX_DEF | MTX_DUPOK);
336 LIST_INIT(&umtxq_chains[i][j].uc_queue[0]);
337 LIST_INIT(&umtxq_chains[i][j].uc_queue[1]);
338 LIST_INIT(&umtxq_chains[i][j].uc_spare_queue);
339 TAILQ_INIT(&umtxq_chains[i][j].uc_pi_list);
340 umtxq_chains[i][j].uc_busy = 0;
341 umtxq_chains[i][j].uc_waiters = 0;
342 #ifdef UMTX_PROFILING
343 umtxq_chains[i][j].length = 0;
344 umtxq_chains[i][j].max_length = 0;
348 #ifdef UMTX_PROFILING
349 umtx_init_profiling();
351 mtx_init(&umtx_lock, "umtx lock", NULL, MTX_DEF);
360 uq = malloc(sizeof(struct umtx_q), M_UMTX, M_WAITOK | M_ZERO);
361 uq->uq_spare_queue = malloc(sizeof(struct umtxq_queue), M_UMTX,
363 TAILQ_INIT(&uq->uq_spare_queue->head);
364 TAILQ_INIT(&uq->uq_pi_contested);
365 uq->uq_inherited_pri = PRI_MAX;
370 umtxq_free(struct umtx_q *uq)
373 MPASS(uq->uq_spare_queue != NULL);
374 free(uq->uq_spare_queue, M_UMTX);
379 umtxq_hash(struct umtx_key *key)
383 n = (uintptr_t)key->info.both.a + key->info.both.b;
384 key->hash = ((n * GOLDEN_RATIO_PRIME) >> UMTX_SHIFTS) % UMTX_CHAINS;
388 umtxq_getchain(struct umtx_key *key)
391 if (key->type <= TYPE_SEM)
392 return (&umtxq_chains[1][key->hash]);
393 return (&umtxq_chains[0][key->hash]);
397 * Set chain to busy state when following operation
398 * may be blocked (kernel mutex can not be used).
401 umtxq_busy(struct umtx_key *key)
403 struct umtxq_chain *uc;
405 uc = umtxq_getchain(key);
406 mtx_assert(&uc->uc_lock, MA_OWNED);
410 int count = BUSY_SPINS;
413 while (uc->uc_busy && --count > 0)
419 while (uc->uc_busy) {
421 msleep(uc, &uc->uc_lock, 0, "umtxqb", 0);
432 umtxq_unbusy(struct umtx_key *key)
434 struct umtxq_chain *uc;
436 uc = umtxq_getchain(key);
437 mtx_assert(&uc->uc_lock, MA_OWNED);
438 KASSERT(uc->uc_busy != 0, ("not busy"));
445 umtxq_unbusy_unlocked(struct umtx_key *key)
453 static struct umtxq_queue *
454 umtxq_queue_lookup(struct umtx_key *key, int q)
456 struct umtxq_queue *uh;
457 struct umtxq_chain *uc;
459 uc = umtxq_getchain(key);
460 UMTXQ_LOCKED_ASSERT(uc);
461 LIST_FOREACH(uh, &uc->uc_queue[q], link) {
462 if (umtx_key_match(&uh->key, key))
470 umtxq_insert_queue(struct umtx_q *uq, int q)
472 struct umtxq_queue *uh;
473 struct umtxq_chain *uc;
475 uc = umtxq_getchain(&uq->uq_key);
476 UMTXQ_LOCKED_ASSERT(uc);
477 KASSERT((uq->uq_flags & UQF_UMTXQ) == 0, ("umtx_q is already on queue"));
478 uh = umtxq_queue_lookup(&uq->uq_key, q);
480 LIST_INSERT_HEAD(&uc->uc_spare_queue, uq->uq_spare_queue, link);
482 uh = uq->uq_spare_queue;
483 uh->key = uq->uq_key;
484 LIST_INSERT_HEAD(&uc->uc_queue[q], uh, link);
485 #ifdef UMTX_PROFILING
487 if (uc->length > uc->max_length) {
488 uc->max_length = uc->length;
489 if (uc->max_length > max_length)
490 max_length = uc->max_length;
494 uq->uq_spare_queue = NULL;
496 TAILQ_INSERT_TAIL(&uh->head, uq, uq_link);
498 uq->uq_flags |= UQF_UMTXQ;
499 uq->uq_cur_queue = uh;
504 umtxq_remove_queue(struct umtx_q *uq, int q)
506 struct umtxq_chain *uc;
507 struct umtxq_queue *uh;
509 uc = umtxq_getchain(&uq->uq_key);
510 UMTXQ_LOCKED_ASSERT(uc);
511 if (uq->uq_flags & UQF_UMTXQ) {
512 uh = uq->uq_cur_queue;
513 TAILQ_REMOVE(&uh->head, uq, uq_link);
515 uq->uq_flags &= ~UQF_UMTXQ;
516 if (TAILQ_EMPTY(&uh->head)) {
517 KASSERT(uh->length == 0,
518 ("inconsistent umtxq_queue length"));
519 #ifdef UMTX_PROFILING
522 LIST_REMOVE(uh, link);
524 uh = LIST_FIRST(&uc->uc_spare_queue);
525 KASSERT(uh != NULL, ("uc_spare_queue is empty"));
526 LIST_REMOVE(uh, link);
528 uq->uq_spare_queue = uh;
529 uq->uq_cur_queue = NULL;
534 * Check if there are multiple waiters
537 umtxq_count(struct umtx_key *key)
539 struct umtxq_queue *uh;
541 UMTXQ_LOCKED_ASSERT(umtxq_getchain(key));
542 uh = umtxq_queue_lookup(key, UMTX_SHARED_QUEUE);
549 * Check if there are multiple PI waiters and returns first
553 umtxq_count_pi(struct umtx_key *key, struct umtx_q **first)
555 struct umtxq_queue *uh;
558 UMTXQ_LOCKED_ASSERT(umtxq_getchain(key));
559 uh = umtxq_queue_lookup(key, UMTX_SHARED_QUEUE);
561 *first = TAILQ_FIRST(&uh->head);
568 * Wake up threads waiting on an userland object by a bit mask.
571 umtxq_signal_mask(struct umtx_key *key, int n_wake, u_int bitset)
573 struct umtxq_queue *uh;
574 struct umtx_q *uq, *uq_temp;
578 UMTXQ_LOCKED_ASSERT(umtxq_getchain(key));
579 uh = umtxq_queue_lookup(key, UMTX_SHARED_QUEUE);
582 TAILQ_FOREACH_SAFE(uq, &uh->head, uq_link, uq_temp) {
583 if ((uq->uq_bitset & bitset) == 0)
585 umtxq_remove_queue(uq, UMTX_SHARED_QUEUE);
594 * Wake up threads waiting on an userland object.
598 umtxq_signal_queue(struct umtx_key *key, int n_wake, int q)
600 struct umtxq_queue *uh;
605 UMTXQ_LOCKED_ASSERT(umtxq_getchain(key));
606 uh = umtxq_queue_lookup(key, q);
608 while ((uq = TAILQ_FIRST(&uh->head)) != NULL) {
609 umtxq_remove_queue(uq, q);
619 * Wake up specified thread.
622 umtxq_signal_thread(struct umtx_q *uq)
625 UMTXQ_LOCKED_ASSERT(umtxq_getchain(&uq->uq_key));
631 * Wake up a maximum of n_wake threads that are waiting on an userland
632 * object identified by key. The remaining threads are removed from queue
633 * identified by key and added to the queue identified by key2 (requeued).
634 * The n_requeue specifies an upper limit on the number of threads that
635 * are requeued to the second queue.
638 umtxq_requeue(struct umtx_key *key, int n_wake, struct umtx_key *key2,
641 struct umtxq_queue *uh, *uh2;
642 struct umtx_q *uq, *uq_temp;
646 UMTXQ_LOCKED_ASSERT(umtxq_getchain(key));
647 UMTXQ_LOCKED_ASSERT(umtxq_getchain(key2));
648 uh = umtxq_queue_lookup(key, UMTX_SHARED_QUEUE);
649 uh2 = umtxq_queue_lookup(key2, UMTX_SHARED_QUEUE);
652 TAILQ_FOREACH_SAFE(uq, &uh->head, uq_link, uq_temp) {
653 if (++ret <= n_wake) {
660 if (ret - n_wake == n_requeue)
668 tstohz(const struct timespec *tsp)
672 TIMESPEC_TO_TIMEVAL(&tv, tsp);
677 umtx_abs_timeout_init(struct umtx_abs_timeout *timo, int clockid,
678 int absolute, const struct timespec *timeout)
681 timo->clockid = clockid;
683 timo->is_abs_real = false;
684 kern_clock_gettime(curthread, timo->clockid, &timo->cur);
685 timespecadd(&timo->cur, timeout, &timo->end);
687 timo->end = *timeout;
688 timo->is_abs_real = clockid == CLOCK_REALTIME ||
689 clockid == CLOCK_REALTIME_FAST ||
690 clockid == CLOCK_REALTIME_PRECISE ||
691 clockid == CLOCK_SECOND;
696 umtx_abs_timeout_init2(struct umtx_abs_timeout *timo,
697 const struct _umtx_time *umtxtime)
700 umtx_abs_timeout_init(timo, umtxtime->_clockid,
701 (umtxtime->_flags & UMTX_ABSTIME) != 0, &umtxtime->_timeout);
705 umtx_abs_timeout_enforce_min(sbintime_t *sbt)
707 sbintime_t when, mint;
709 mint = curproc->p_umtx_min_timeout;
710 if (__predict_false(mint != 0)) {
711 when = sbinuptime() + mint;
718 umtx_abs_timeout_getsbt(struct umtx_abs_timeout *timo, sbintime_t *sbt,
721 struct bintime bt, bbt;
725 switch (timo->clockid) {
727 /* Clocks that can be converted into absolute time. */
729 case CLOCK_REALTIME_PRECISE:
730 case CLOCK_REALTIME_FAST:
731 case CLOCK_MONOTONIC:
732 case CLOCK_MONOTONIC_PRECISE:
733 case CLOCK_MONOTONIC_FAST:
735 case CLOCK_UPTIME_PRECISE:
736 case CLOCK_UPTIME_FAST:
738 timespec2bintime(&timo->end, &bt);
739 switch (timo->clockid) {
741 case CLOCK_REALTIME_PRECISE:
742 case CLOCK_REALTIME_FAST:
744 getboottimebin(&bbt);
745 bintime_sub(&bt, &bbt);
750 if (bt.sec >= (SBT_MAX >> 32)) {
756 umtx_abs_timeout_enforce_min(sbt);
759 * Check if the absolute time should be aligned to
760 * avoid firing multiple timer events in non-periodic
763 switch (timo->clockid) {
764 case CLOCK_REALTIME_FAST:
765 case CLOCK_MONOTONIC_FAST:
766 case CLOCK_UPTIME_FAST:
767 rem = *sbt % tc_tick_sbt;
768 if (__predict_true(rem != 0))
769 *sbt += tc_tick_sbt - rem;
773 if (__predict_true(rem != 0))
774 *sbt += SBT_1S - rem;
780 /* Clocks that has to be periodically polled. */
783 case CLOCK_THREAD_CPUTIME_ID:
784 case CLOCK_PROCESS_CPUTIME_ID:
786 kern_clock_gettime(curthread, timo->clockid, &timo->cur);
787 if (timespeccmp(&timo->end, &timo->cur, <=))
789 timespecsub(&timo->end, &timo->cur, &tts);
790 *sbt = tick_sbt * tstohz(&tts);
791 *flags = C_HARDCLOCK;
797 umtx_unlock_val(uint32_t flags, bool rb)
801 return (UMUTEX_RB_OWNERDEAD);
802 else if ((flags & UMUTEX_NONCONSISTENT) != 0)
803 return (UMUTEX_RB_NOTRECOV);
805 return (UMUTEX_UNOWNED);
810 * Put thread into sleep state, before sleeping, check if
811 * thread was removed from umtx queue.
814 umtxq_sleep(struct umtx_q *uq, const char *wmesg,
815 struct umtx_abs_timeout *timo)
817 struct umtxq_chain *uc;
819 int error, flags = 0;
821 uc = umtxq_getchain(&uq->uq_key);
822 UMTXQ_LOCKED_ASSERT(uc);
824 if (!(uq->uq_flags & UQF_UMTXQ)) {
829 if (timo->is_abs_real)
830 curthread->td_rtcgen =
831 atomic_load_acq_int(&rtc_generation);
832 error = umtx_abs_timeout_getsbt(timo, &sbt, &flags);
836 error = msleep_sbt(uq, &uc->uc_lock, PCATCH | PDROP, wmesg,
838 uc = umtxq_getchain(&uq->uq_key);
839 mtx_lock(&uc->uc_lock);
840 if (error == EINTR || error == ERESTART)
842 if (error == EWOULDBLOCK && (flags & C_ABSOLUTE) != 0) {
848 curthread->td_rtcgen = 0;
853 * Convert userspace address into unique logical address.
856 umtx_key_get(const void *addr, int type, int share, struct umtx_key *key)
858 struct thread *td = curthread;
860 vm_map_entry_t entry;
866 if (share == THREAD_SHARE) {
868 key->info.private.vs = td->td_proc->p_vmspace;
869 key->info.private.addr = (uintptr_t)addr;
871 MPASS(share == PROCESS_SHARE || share == AUTO_SHARE);
872 map = &td->td_proc->p_vmspace->vm_map;
873 if (vm_map_lookup(&map, (vm_offset_t)addr, VM_PROT_WRITE,
874 &entry, &key->info.shared.object, &pindex, &prot,
875 &wired) != KERN_SUCCESS) {
879 if ((share == PROCESS_SHARE) ||
880 (share == AUTO_SHARE &&
881 VM_INHERIT_SHARE == entry->inheritance)) {
883 key->info.shared.offset = (vm_offset_t)addr -
884 entry->start + entry->offset;
885 vm_object_reference(key->info.shared.object);
888 key->info.private.vs = td->td_proc->p_vmspace;
889 key->info.private.addr = (uintptr_t)addr;
891 vm_map_lookup_done(map, entry);
902 umtx_key_release(struct umtx_key *key)
905 vm_object_deallocate(key->info.shared.object);
908 #ifdef COMPAT_FREEBSD10
910 * Lock a umtx object.
913 do_lock_umtx(struct thread *td, struct umtx *umtx, u_long id,
914 const struct timespec *timeout)
916 struct umtx_abs_timeout timo;
924 umtx_abs_timeout_init(&timo, CLOCK_REALTIME, 0, timeout);
927 * Care must be exercised when dealing with umtx structure. It
928 * can fault on any access.
932 * Try the uncontested case. This should be done in userland.
934 owner = casuword(&umtx->u_owner, UMTX_UNOWNED, id);
936 /* The acquire succeeded. */
937 if (owner == UMTX_UNOWNED)
940 /* The address was invalid. */
944 /* If no one owns it but it is contested try to acquire it. */
945 if (owner == UMTX_CONTESTED) {
946 owner = casuword(&umtx->u_owner,
947 UMTX_CONTESTED, id | UMTX_CONTESTED);
949 if (owner == UMTX_CONTESTED)
952 /* The address was invalid. */
956 error = thread_check_susp(td, false);
960 /* If this failed the lock has changed, restart. */
965 * If we caught a signal, we have retried and now
971 if ((error = umtx_key_get(umtx, TYPE_SIMPLE_LOCK,
972 AUTO_SHARE, &uq->uq_key)) != 0)
975 umtxq_lock(&uq->uq_key);
976 umtxq_busy(&uq->uq_key);
978 umtxq_unbusy(&uq->uq_key);
979 umtxq_unlock(&uq->uq_key);
982 * Set the contested bit so that a release in user space
983 * knows to use the system call for unlock. If this fails
984 * either some one else has acquired the lock or it has been
987 old = casuword(&umtx->u_owner, owner, owner | UMTX_CONTESTED);
989 /* The address was invalid. */
991 umtxq_lock(&uq->uq_key);
993 umtxq_unlock(&uq->uq_key);
994 umtx_key_release(&uq->uq_key);
999 * We set the contested bit, sleep. Otherwise the lock changed
1000 * and we need to retry or we lost a race to the thread
1001 * unlocking the umtx.
1003 umtxq_lock(&uq->uq_key);
1005 error = umtxq_sleep(uq, "umtx", timeout == NULL ? NULL :
1008 umtxq_unlock(&uq->uq_key);
1009 umtx_key_release(&uq->uq_key);
1012 error = thread_check_susp(td, false);
1015 if (timeout == NULL) {
1016 /* Mutex locking is restarted if it is interrupted. */
1020 /* Timed-locking is not restarted. */
1021 if (error == ERESTART)
1028 * Unlock a umtx object.
1031 do_unlock_umtx(struct thread *td, struct umtx *umtx, u_long id)
1033 struct umtx_key key;
1040 * Make sure we own this mtx.
1042 owner = fuword(__DEVOLATILE(u_long *, &umtx->u_owner));
1046 if ((owner & ~UMTX_CONTESTED) != id)
1049 /* This should be done in userland */
1050 if ((owner & UMTX_CONTESTED) == 0) {
1051 old = casuword(&umtx->u_owner, owner, UMTX_UNOWNED);
1059 /* We should only ever be in here for contested locks */
1060 if ((error = umtx_key_get(umtx, TYPE_SIMPLE_LOCK, AUTO_SHARE,
1066 count = umtxq_count(&key);
1070 * When unlocking the umtx, it must be marked as unowned if
1071 * there is zero or one thread only waiting for it.
1072 * Otherwise, it must be marked as contested.
1074 old = casuword(&umtx->u_owner, owner,
1075 count <= 1 ? UMTX_UNOWNED : UMTX_CONTESTED);
1077 umtxq_signal(&key,1);
1080 umtx_key_release(&key);
1088 #ifdef COMPAT_FREEBSD32
1091 * Lock a umtx object.
1094 do_lock_umtx32(struct thread *td, uint32_t *m, uint32_t id,
1095 const struct timespec *timeout)
1097 struct umtx_abs_timeout timo;
1105 if (timeout != NULL)
1106 umtx_abs_timeout_init(&timo, CLOCK_REALTIME, 0, timeout);
1109 * Care must be exercised when dealing with umtx structure. It
1110 * can fault on any access.
1114 * Try the uncontested case. This should be done in userland.
1116 owner = casuword32(m, UMUTEX_UNOWNED, id);
1118 /* The acquire succeeded. */
1119 if (owner == UMUTEX_UNOWNED)
1122 /* The address was invalid. */
1126 /* If no one owns it but it is contested try to acquire it. */
1127 if (owner == UMUTEX_CONTESTED) {
1128 owner = casuword32(m,
1129 UMUTEX_CONTESTED, id | UMUTEX_CONTESTED);
1130 if (owner == UMUTEX_CONTESTED)
1133 /* The address was invalid. */
1137 error = thread_check_susp(td, false);
1141 /* If this failed the lock has changed, restart. */
1146 * If we caught a signal, we have retried and now
1152 if ((error = umtx_key_get(m, TYPE_SIMPLE_LOCK,
1153 AUTO_SHARE, &uq->uq_key)) != 0)
1156 umtxq_lock(&uq->uq_key);
1157 umtxq_busy(&uq->uq_key);
1159 umtxq_unbusy(&uq->uq_key);
1160 umtxq_unlock(&uq->uq_key);
1163 * Set the contested bit so that a release in user space
1164 * knows to use the system call for unlock. If this fails
1165 * either some one else has acquired the lock or it has been
1168 old = casuword32(m, owner, owner | UMUTEX_CONTESTED);
1170 /* The address was invalid. */
1172 umtxq_lock(&uq->uq_key);
1174 umtxq_unlock(&uq->uq_key);
1175 umtx_key_release(&uq->uq_key);
1180 * We set the contested bit, sleep. Otherwise the lock changed
1181 * and we need to retry or we lost a race to the thread
1182 * unlocking the umtx.
1184 umtxq_lock(&uq->uq_key);
1186 error = umtxq_sleep(uq, "umtx", timeout == NULL ?
1189 umtxq_unlock(&uq->uq_key);
1190 umtx_key_release(&uq->uq_key);
1193 error = thread_check_susp(td, false);
1196 if (timeout == NULL) {
1197 /* Mutex locking is restarted if it is interrupted. */
1201 /* Timed-locking is not restarted. */
1202 if (error == ERESTART)
1209 * Unlock a umtx object.
1212 do_unlock_umtx32(struct thread *td, uint32_t *m, uint32_t id)
1214 struct umtx_key key;
1221 * Make sure we own this mtx.
1223 owner = fuword32(m);
1227 if ((owner & ~UMUTEX_CONTESTED) != id)
1230 /* This should be done in userland */
1231 if ((owner & UMUTEX_CONTESTED) == 0) {
1232 old = casuword32(m, owner, UMUTEX_UNOWNED);
1240 /* We should only ever be in here for contested locks */
1241 if ((error = umtx_key_get(m, TYPE_SIMPLE_LOCK, AUTO_SHARE,
1247 count = umtxq_count(&key);
1251 * When unlocking the umtx, it must be marked as unowned if
1252 * there is zero or one thread only waiting for it.
1253 * Otherwise, it must be marked as contested.
1255 old = casuword32(m, owner,
1256 count <= 1 ? UMUTEX_UNOWNED : UMUTEX_CONTESTED);
1258 umtxq_signal(&key,1);
1261 umtx_key_release(&key);
1268 #endif /* COMPAT_FREEBSD32 */
1269 #endif /* COMPAT_FREEBSD10 */
1272 * Fetch and compare value, sleep on the address if value is not changed.
1275 do_wait(struct thread *td, void *addr, u_long id,
1276 struct _umtx_time *timeout, int compat32, int is_private)
1278 struct umtx_abs_timeout timo;
1285 if ((error = umtx_key_get(addr, TYPE_SIMPLE_WAIT,
1286 is_private ? THREAD_SHARE : AUTO_SHARE, &uq->uq_key)) != 0)
1289 if (timeout != NULL)
1290 umtx_abs_timeout_init2(&timo, timeout);
1292 umtxq_lock(&uq->uq_key);
1294 umtxq_unlock(&uq->uq_key);
1295 if (compat32 == 0) {
1296 error = fueword(addr, &tmp);
1300 error = fueword32(addr, &tmp32);
1306 umtxq_lock(&uq->uq_key);
1309 error = umtxq_sleep(uq, "uwait", timeout == NULL ?
1311 if ((uq->uq_flags & UQF_UMTXQ) == 0)
1315 } else if ((uq->uq_flags & UQF_UMTXQ) != 0) {
1318 umtxq_unlock(&uq->uq_key);
1319 umtx_key_release(&uq->uq_key);
1320 if (error == ERESTART)
1326 * Wake up threads sleeping on the specified address.
1329 kern_umtx_wake(struct thread *td, void *uaddr, int n_wake, int is_private)
1331 struct umtx_key key;
1334 if ((ret = umtx_key_get(uaddr, TYPE_SIMPLE_WAIT,
1335 is_private ? THREAD_SHARE : AUTO_SHARE, &key)) != 0)
1338 umtxq_signal(&key, n_wake);
1340 umtx_key_release(&key);
1345 * Lock PTHREAD_PRIO_NONE protocol POSIX mutex.
1348 do_lock_normal(struct thread *td, struct umutex *m, uint32_t flags,
1349 struct _umtx_time *timeout, int mode)
1351 struct umtx_abs_timeout timo;
1353 uint32_t owner, old, id;
1359 if (timeout != NULL)
1360 umtx_abs_timeout_init2(&timo, timeout);
1363 * Care must be exercised when dealing with umtx structure. It
1364 * can fault on any access.
1367 rv = fueword32(&m->m_owner, &owner);
1370 if (mode == _UMUTEX_WAIT) {
1371 if (owner == UMUTEX_UNOWNED ||
1372 owner == UMUTEX_CONTESTED ||
1373 owner == UMUTEX_RB_OWNERDEAD ||
1374 owner == UMUTEX_RB_NOTRECOV)
1378 * Robust mutex terminated. Kernel duty is to
1379 * return EOWNERDEAD to the userspace. The
1380 * umutex.m_flags UMUTEX_NONCONSISTENT is set
1381 * by the common userspace code.
1383 if (owner == UMUTEX_RB_OWNERDEAD) {
1384 rv = casueword32(&m->m_owner,
1385 UMUTEX_RB_OWNERDEAD, &owner,
1386 id | UMUTEX_CONTESTED);
1390 MPASS(owner == UMUTEX_RB_OWNERDEAD);
1391 return (EOWNERDEAD); /* success */
1394 rv = thread_check_susp(td, false);
1399 if (owner == UMUTEX_RB_NOTRECOV)
1400 return (ENOTRECOVERABLE);
1403 * Try the uncontested case. This should be
1406 rv = casueword32(&m->m_owner, UMUTEX_UNOWNED,
1408 /* The address was invalid. */
1412 /* The acquire succeeded. */
1414 MPASS(owner == UMUTEX_UNOWNED);
1419 * If no one owns it but it is contested try
1423 if (owner == UMUTEX_CONTESTED) {
1424 rv = casueword32(&m->m_owner,
1425 UMUTEX_CONTESTED, &owner,
1426 id | UMUTEX_CONTESTED);
1427 /* The address was invalid. */
1431 MPASS(owner == UMUTEX_CONTESTED);
1435 rv = thread_check_susp(td, false);
1441 * If this failed the lock has
1447 /* rv == 1 but not contested, likely store failure */
1448 rv = thread_check_susp(td, false);
1453 if (mode == _UMUTEX_TRY)
1457 * If we caught a signal, we have retried and now
1463 if ((error = umtx_key_get(m, TYPE_NORMAL_UMUTEX,
1464 GET_SHARE(flags), &uq->uq_key)) != 0)
1467 umtxq_lock(&uq->uq_key);
1468 umtxq_busy(&uq->uq_key);
1470 umtxq_unlock(&uq->uq_key);
1473 * Set the contested bit so that a release in user space
1474 * knows to use the system call for unlock. If this fails
1475 * either some one else has acquired the lock or it has been
1478 rv = casueword32(&m->m_owner, owner, &old,
1479 owner | UMUTEX_CONTESTED);
1481 /* The address was invalid or casueword failed to store. */
1482 if (rv == -1 || rv == 1) {
1483 umtxq_lock(&uq->uq_key);
1485 umtxq_unbusy(&uq->uq_key);
1486 umtxq_unlock(&uq->uq_key);
1487 umtx_key_release(&uq->uq_key);
1491 rv = thread_check_susp(td, false);
1499 * We set the contested bit, sleep. Otherwise the lock changed
1500 * and we need to retry or we lost a race to the thread
1501 * unlocking the umtx.
1503 umtxq_lock(&uq->uq_key);
1504 umtxq_unbusy(&uq->uq_key);
1505 MPASS(old == owner);
1506 error = umtxq_sleep(uq, "umtxn", timeout == NULL ?
1509 umtxq_unlock(&uq->uq_key);
1510 umtx_key_release(&uq->uq_key);
1513 error = thread_check_susp(td, false);
1520 * Unlock PTHREAD_PRIO_NONE protocol POSIX mutex.
1523 do_unlock_normal(struct thread *td, struct umutex *m, uint32_t flags, bool rb)
1525 struct umtx_key key;
1526 uint32_t owner, old, id, newlock;
1533 * Make sure we own this mtx.
1535 error = fueword32(&m->m_owner, &owner);
1539 if ((owner & ~UMUTEX_CONTESTED) != id)
1542 newlock = umtx_unlock_val(flags, rb);
1543 if ((owner & UMUTEX_CONTESTED) == 0) {
1544 error = casueword32(&m->m_owner, owner, &old, newlock);
1548 error = thread_check_susp(td, false);
1553 MPASS(old == owner);
1557 /* We should only ever be in here for contested locks */
1558 if ((error = umtx_key_get(m, TYPE_NORMAL_UMUTEX, GET_SHARE(flags),
1564 count = umtxq_count(&key);
1568 * When unlocking the umtx, it must be marked as unowned if
1569 * there is zero or one thread only waiting for it.
1570 * Otherwise, it must be marked as contested.
1573 newlock |= UMUTEX_CONTESTED;
1574 error = casueword32(&m->m_owner, owner, &old, newlock);
1576 umtxq_signal(&key, 1);
1579 umtx_key_release(&key);
1585 error = thread_check_susp(td, false);
1594 * Check if the mutex is available and wake up a waiter,
1595 * only for simple mutex.
1598 do_wake_umutex(struct thread *td, struct umutex *m)
1600 struct umtx_key key;
1607 error = fueword32(&m->m_owner, &owner);
1611 if ((owner & ~UMUTEX_CONTESTED) != 0 && owner != UMUTEX_RB_OWNERDEAD &&
1612 owner != UMUTEX_RB_NOTRECOV)
1615 error = fueword32(&m->m_flags, &flags);
1619 /* We should only ever be in here for contested locks */
1620 if ((error = umtx_key_get(m, TYPE_NORMAL_UMUTEX, GET_SHARE(flags),
1626 count = umtxq_count(&key);
1629 if (count <= 1 && owner != UMUTEX_RB_OWNERDEAD &&
1630 owner != UMUTEX_RB_NOTRECOV) {
1631 error = casueword32(&m->m_owner, UMUTEX_CONTESTED, &owner,
1635 } else if (error == 1) {
1639 umtx_key_release(&key);
1640 error = thread_check_susp(td, false);
1648 if (error == 0 && count != 0) {
1649 MPASS((owner & ~UMUTEX_CONTESTED) == 0 ||
1650 owner == UMUTEX_RB_OWNERDEAD ||
1651 owner == UMUTEX_RB_NOTRECOV);
1652 umtxq_signal(&key, 1);
1656 umtx_key_release(&key);
1661 * Check if the mutex has waiters and tries to fix contention bit.
1664 do_wake2_umutex(struct thread *td, struct umutex *m, uint32_t flags)
1666 struct umtx_key key;
1667 uint32_t owner, old;
1672 switch (flags & (UMUTEX_PRIO_INHERIT | UMUTEX_PRIO_PROTECT |
1676 type = TYPE_NORMAL_UMUTEX;
1678 case UMUTEX_PRIO_INHERIT:
1679 type = TYPE_PI_UMUTEX;
1681 case (UMUTEX_PRIO_INHERIT | UMUTEX_ROBUST):
1682 type = TYPE_PI_ROBUST_UMUTEX;
1684 case UMUTEX_PRIO_PROTECT:
1685 type = TYPE_PP_UMUTEX;
1687 case (UMUTEX_PRIO_PROTECT | UMUTEX_ROBUST):
1688 type = TYPE_PP_ROBUST_UMUTEX;
1693 if ((error = umtx_key_get(m, type, GET_SHARE(flags), &key)) != 0)
1699 count = umtxq_count(&key);
1702 error = fueword32(&m->m_owner, &owner);
1707 * Only repair contention bit if there is a waiter, this means
1708 * the mutex is still being referenced by userland code,
1709 * otherwise don't update any memory.
1711 while (error == 0 && (owner & UMUTEX_CONTESTED) == 0 &&
1712 (count > 1 || (count == 1 && (owner & ~UMUTEX_CONTESTED) != 0))) {
1713 error = casueword32(&m->m_owner, owner, &old,
1714 owner | UMUTEX_CONTESTED);
1720 MPASS(old == owner);
1724 error = thread_check_susp(td, false);
1728 if (error == EFAULT) {
1729 umtxq_signal(&key, INT_MAX);
1730 } else if (count != 0 && ((owner & ~UMUTEX_CONTESTED) == 0 ||
1731 owner == UMUTEX_RB_OWNERDEAD || owner == UMUTEX_RB_NOTRECOV))
1732 umtxq_signal(&key, 1);
1735 umtx_key_release(&key);
1740 umtx_pi_alloc(int flags)
1744 pi = uma_zalloc(umtx_pi_zone, M_ZERO | flags);
1745 TAILQ_INIT(&pi->pi_blocked);
1746 atomic_add_int(&umtx_pi_allocated, 1);
1751 umtx_pi_free(struct umtx_pi *pi)
1753 uma_zfree(umtx_pi_zone, pi);
1754 atomic_add_int(&umtx_pi_allocated, -1);
1758 * Adjust the thread's position on a pi_state after its priority has been
1762 umtx_pi_adjust_thread(struct umtx_pi *pi, struct thread *td)
1764 struct umtx_q *uq, *uq1, *uq2;
1767 mtx_assert(&umtx_lock, MA_OWNED);
1774 * Check if the thread needs to be moved on the blocked chain.
1775 * It needs to be moved if either its priority is lower than
1776 * the previous thread or higher than the next thread.
1778 uq1 = TAILQ_PREV(uq, umtxq_head, uq_lockq);
1779 uq2 = TAILQ_NEXT(uq, uq_lockq);
1780 if ((uq1 != NULL && UPRI(td) < UPRI(uq1->uq_thread)) ||
1781 (uq2 != NULL && UPRI(td) > UPRI(uq2->uq_thread))) {
1783 * Remove thread from blocked chain and determine where
1784 * it should be moved to.
1786 TAILQ_REMOVE(&pi->pi_blocked, uq, uq_lockq);
1787 TAILQ_FOREACH(uq1, &pi->pi_blocked, uq_lockq) {
1788 td1 = uq1->uq_thread;
1789 MPASS(td1->td_proc->p_magic == P_MAGIC);
1790 if (UPRI(td1) > UPRI(td))
1795 TAILQ_INSERT_TAIL(&pi->pi_blocked, uq, uq_lockq);
1797 TAILQ_INSERT_BEFORE(uq1, uq, uq_lockq);
1802 static struct umtx_pi *
1803 umtx_pi_next(struct umtx_pi *pi)
1805 struct umtx_q *uq_owner;
1807 if (pi->pi_owner == NULL)
1809 uq_owner = pi->pi_owner->td_umtxq;
1810 if (uq_owner == NULL)
1812 return (uq_owner->uq_pi_blocked);
1816 * Floyd's Cycle-Finding Algorithm.
1819 umtx_pi_check_loop(struct umtx_pi *pi)
1821 struct umtx_pi *pi1; /* fast iterator */
1823 mtx_assert(&umtx_lock, MA_OWNED);
1828 pi = umtx_pi_next(pi);
1831 pi1 = umtx_pi_next(pi1);
1834 pi1 = umtx_pi_next(pi1);
1844 * Propagate priority when a thread is blocked on POSIX
1848 umtx_propagate_priority(struct thread *td)
1854 mtx_assert(&umtx_lock, MA_OWNED);
1857 pi = uq->uq_pi_blocked;
1860 if (umtx_pi_check_loop(pi))
1865 if (td == NULL || td == curthread)
1868 MPASS(td->td_proc != NULL);
1869 MPASS(td->td_proc->p_magic == P_MAGIC);
1872 if (td->td_lend_user_pri > pri)
1873 sched_lend_user_prio(td, pri);
1881 * Pick up the lock that td is blocked on.
1884 pi = uq->uq_pi_blocked;
1887 /* Resort td on the list if needed. */
1888 umtx_pi_adjust_thread(pi, td);
1893 * Unpropagate priority for a PI mutex when a thread blocked on
1894 * it is interrupted by signal or resumed by others.
1897 umtx_repropagate_priority(struct umtx_pi *pi)
1899 struct umtx_q *uq, *uq_owner;
1900 struct umtx_pi *pi2;
1903 mtx_assert(&umtx_lock, MA_OWNED);
1905 if (umtx_pi_check_loop(pi))
1907 while (pi != NULL && pi->pi_owner != NULL) {
1909 uq_owner = pi->pi_owner->td_umtxq;
1911 TAILQ_FOREACH(pi2, &uq_owner->uq_pi_contested, pi_link) {
1912 uq = TAILQ_FIRST(&pi2->pi_blocked);
1914 if (pri > UPRI(uq->uq_thread))
1915 pri = UPRI(uq->uq_thread);
1919 if (pri > uq_owner->uq_inherited_pri)
1920 pri = uq_owner->uq_inherited_pri;
1921 thread_lock(pi->pi_owner);
1922 sched_lend_user_prio(pi->pi_owner, pri);
1923 thread_unlock(pi->pi_owner);
1924 if ((pi = uq_owner->uq_pi_blocked) != NULL)
1925 umtx_pi_adjust_thread(pi, uq_owner->uq_thread);
1930 * Insert a PI mutex into owned list.
1933 umtx_pi_setowner(struct umtx_pi *pi, struct thread *owner)
1935 struct umtx_q *uq_owner;
1937 uq_owner = owner->td_umtxq;
1938 mtx_assert(&umtx_lock, MA_OWNED);
1939 MPASS(pi->pi_owner == NULL);
1940 pi->pi_owner = owner;
1941 TAILQ_INSERT_TAIL(&uq_owner->uq_pi_contested, pi, pi_link);
1945 * Disown a PI mutex, and remove it from the owned list.
1948 umtx_pi_disown(struct umtx_pi *pi)
1951 mtx_assert(&umtx_lock, MA_OWNED);
1952 TAILQ_REMOVE(&pi->pi_owner->td_umtxq->uq_pi_contested, pi, pi_link);
1953 pi->pi_owner = NULL;
1957 * Claim ownership of a PI mutex.
1960 umtx_pi_claim(struct umtx_pi *pi, struct thread *owner)
1965 mtx_lock(&umtx_lock);
1966 if (pi->pi_owner == owner) {
1967 mtx_unlock(&umtx_lock);
1971 if (pi->pi_owner != NULL) {
1973 * userland may have already messed the mutex, sigh.
1975 mtx_unlock(&umtx_lock);
1978 umtx_pi_setowner(pi, owner);
1979 uq = TAILQ_FIRST(&pi->pi_blocked);
1981 pri = UPRI(uq->uq_thread);
1983 if (pri < UPRI(owner))
1984 sched_lend_user_prio(owner, pri);
1985 thread_unlock(owner);
1987 mtx_unlock(&umtx_lock);
1992 * Adjust a thread's order position in its blocked PI mutex,
1993 * this may result new priority propagating process.
1996 umtx_pi_adjust(struct thread *td, u_char oldpri)
2002 mtx_lock(&umtx_lock);
2004 * Pick up the lock that td is blocked on.
2006 pi = uq->uq_pi_blocked;
2008 umtx_pi_adjust_thread(pi, td);
2009 umtx_repropagate_priority(pi);
2011 mtx_unlock(&umtx_lock);
2015 * Sleep on a PI mutex.
2018 umtxq_sleep_pi(struct umtx_q *uq, struct umtx_pi *pi, uint32_t owner,
2019 const char *wmesg, struct umtx_abs_timeout *timo, bool shared)
2021 struct thread *td, *td1;
2025 struct umtxq_chain *uc;
2027 uc = umtxq_getchain(&pi->pi_key);
2031 KASSERT(td == curthread, ("inconsistent uq_thread"));
2032 UMTXQ_LOCKED_ASSERT(umtxq_getchain(&uq->uq_key));
2033 KASSERT(uc->uc_busy != 0, ("umtx chain is not busy"));
2035 mtx_lock(&umtx_lock);
2036 if (pi->pi_owner == NULL) {
2037 mtx_unlock(&umtx_lock);
2038 td1 = tdfind(owner, shared ? -1 : td->td_proc->p_pid);
2039 mtx_lock(&umtx_lock);
2041 if (pi->pi_owner == NULL)
2042 umtx_pi_setowner(pi, td1);
2043 PROC_UNLOCK(td1->td_proc);
2047 TAILQ_FOREACH(uq1, &pi->pi_blocked, uq_lockq) {
2048 pri = UPRI(uq1->uq_thread);
2054 TAILQ_INSERT_BEFORE(uq1, uq, uq_lockq);
2056 TAILQ_INSERT_TAIL(&pi->pi_blocked, uq, uq_lockq);
2058 uq->uq_pi_blocked = pi;
2060 td->td_flags |= TDF_UPIBLOCKED;
2062 umtx_propagate_priority(td);
2063 mtx_unlock(&umtx_lock);
2064 umtxq_unbusy(&uq->uq_key);
2066 error = umtxq_sleep(uq, wmesg, timo);
2069 mtx_lock(&umtx_lock);
2070 uq->uq_pi_blocked = NULL;
2072 td->td_flags &= ~TDF_UPIBLOCKED;
2074 TAILQ_REMOVE(&pi->pi_blocked, uq, uq_lockq);
2075 umtx_repropagate_priority(pi);
2076 mtx_unlock(&umtx_lock);
2077 umtxq_unlock(&uq->uq_key);
2083 * Add reference count for a PI mutex.
2086 umtx_pi_ref(struct umtx_pi *pi)
2089 UMTXQ_LOCKED_ASSERT(umtxq_getchain(&pi->pi_key));
2094 * Decrease reference count for a PI mutex, if the counter
2095 * is decreased to zero, its memory space is freed.
2098 umtx_pi_unref(struct umtx_pi *pi)
2100 struct umtxq_chain *uc;
2102 uc = umtxq_getchain(&pi->pi_key);
2103 UMTXQ_LOCKED_ASSERT(uc);
2104 KASSERT(pi->pi_refcount > 0, ("invalid reference count"));
2105 if (--pi->pi_refcount == 0) {
2106 mtx_lock(&umtx_lock);
2107 if (pi->pi_owner != NULL)
2109 KASSERT(TAILQ_EMPTY(&pi->pi_blocked),
2110 ("blocked queue not empty"));
2111 mtx_unlock(&umtx_lock);
2112 TAILQ_REMOVE(&uc->uc_pi_list, pi, pi_hashlink);
2118 * Find a PI mutex in hash table.
2121 umtx_pi_lookup(struct umtx_key *key)
2123 struct umtxq_chain *uc;
2126 uc = umtxq_getchain(key);
2127 UMTXQ_LOCKED_ASSERT(uc);
2129 TAILQ_FOREACH(pi, &uc->uc_pi_list, pi_hashlink) {
2130 if (umtx_key_match(&pi->pi_key, key)) {
2138 * Insert a PI mutex into hash table.
2141 umtx_pi_insert(struct umtx_pi *pi)
2143 struct umtxq_chain *uc;
2145 uc = umtxq_getchain(&pi->pi_key);
2146 UMTXQ_LOCKED_ASSERT(uc);
2147 TAILQ_INSERT_TAIL(&uc->uc_pi_list, pi, pi_hashlink);
2151 * Drop a PI mutex and wakeup a top waiter.
2154 umtx_pi_drop(struct thread *td, struct umtx_key *key, bool rb, int *count)
2156 struct umtx_q *uq_first, *uq_first2, *uq_me;
2157 struct umtx_pi *pi, *pi2;
2160 UMTXQ_ASSERT_LOCKED_BUSY(key);
2161 *count = umtxq_count_pi(key, &uq_first);
2162 if (uq_first != NULL) {
2163 mtx_lock(&umtx_lock);
2164 pi = uq_first->uq_pi_blocked;
2165 KASSERT(pi != NULL, ("pi == NULL?"));
2166 if (pi->pi_owner != td && !(rb && pi->pi_owner == NULL)) {
2167 mtx_unlock(&umtx_lock);
2168 /* userland messed the mutex */
2171 uq_me = td->td_umtxq;
2172 if (pi->pi_owner == td)
2174 /* get highest priority thread which is still sleeping. */
2175 uq_first = TAILQ_FIRST(&pi->pi_blocked);
2176 while (uq_first != NULL &&
2177 (uq_first->uq_flags & UQF_UMTXQ) == 0) {
2178 uq_first = TAILQ_NEXT(uq_first, uq_lockq);
2181 TAILQ_FOREACH(pi2, &uq_me->uq_pi_contested, pi_link) {
2182 uq_first2 = TAILQ_FIRST(&pi2->pi_blocked);
2183 if (uq_first2 != NULL) {
2184 if (pri > UPRI(uq_first2->uq_thread))
2185 pri = UPRI(uq_first2->uq_thread);
2189 sched_lend_user_prio(td, pri);
2191 mtx_unlock(&umtx_lock);
2193 umtxq_signal_thread(uq_first);
2195 pi = umtx_pi_lookup(key);
2197 * A umtx_pi can exist if a signal or timeout removed the
2198 * last waiter from the umtxq, but there is still
2199 * a thread in do_lock_pi() holding the umtx_pi.
2203 * The umtx_pi can be unowned, such as when a thread
2204 * has just entered do_lock_pi(), allocated the
2205 * umtx_pi, and unlocked the umtxq.
2206 * If the current thread owns it, it must disown it.
2208 mtx_lock(&umtx_lock);
2209 if (pi->pi_owner == td)
2211 mtx_unlock(&umtx_lock);
2221 do_lock_pi(struct thread *td, struct umutex *m, uint32_t flags,
2222 struct _umtx_time *timeout, int try)
2224 struct umtx_abs_timeout timo;
2226 struct umtx_pi *pi, *new_pi;
2227 uint32_t id, old_owner, owner, old;
2233 if ((error = umtx_key_get(m, (flags & UMUTEX_ROBUST) != 0 ?
2234 TYPE_PI_ROBUST_UMUTEX : TYPE_PI_UMUTEX, GET_SHARE(flags),
2238 if (timeout != NULL)
2239 umtx_abs_timeout_init2(&timo, timeout);
2241 umtxq_lock(&uq->uq_key);
2242 pi = umtx_pi_lookup(&uq->uq_key);
2244 new_pi = umtx_pi_alloc(M_NOWAIT);
2245 if (new_pi == NULL) {
2246 umtxq_unlock(&uq->uq_key);
2247 new_pi = umtx_pi_alloc(M_WAITOK);
2248 umtxq_lock(&uq->uq_key);
2249 pi = umtx_pi_lookup(&uq->uq_key);
2251 umtx_pi_free(new_pi);
2255 if (new_pi != NULL) {
2256 new_pi->pi_key = uq->uq_key;
2257 umtx_pi_insert(new_pi);
2262 umtxq_unlock(&uq->uq_key);
2265 * Care must be exercised when dealing with umtx structure. It
2266 * can fault on any access.
2270 * Try the uncontested case. This should be done in userland.
2272 rv = casueword32(&m->m_owner, UMUTEX_UNOWNED, &owner, id);
2273 /* The address was invalid. */
2278 /* The acquire succeeded. */
2280 MPASS(owner == UMUTEX_UNOWNED);
2285 if (owner == UMUTEX_RB_NOTRECOV) {
2286 error = ENOTRECOVERABLE;
2291 * Nobody owns it, but the acquire failed. This can happen
2292 * with ll/sc atomics.
2294 if (owner == UMUTEX_UNOWNED) {
2295 error = thread_check_susp(td, true);
2302 * Avoid overwriting a possible error from sleep due
2303 * to the pending signal with suspension check result.
2306 error = thread_check_susp(td, true);
2311 /* If no one owns it but it is contested try to acquire it. */
2312 if (owner == UMUTEX_CONTESTED || owner == UMUTEX_RB_OWNERDEAD) {
2314 rv = casueword32(&m->m_owner, owner, &owner,
2315 id | UMUTEX_CONTESTED);
2316 /* The address was invalid. */
2323 error = thread_check_susp(td, true);
2329 * If this failed the lock could
2336 MPASS(owner == old_owner);
2337 umtxq_lock(&uq->uq_key);
2338 umtxq_busy(&uq->uq_key);
2339 error = umtx_pi_claim(pi, td);
2340 umtxq_unbusy(&uq->uq_key);
2341 umtxq_unlock(&uq->uq_key);
2344 * Since we're going to return an
2345 * error, restore the m_owner to its
2346 * previous, unowned state to avoid
2347 * compounding the problem.
2349 (void)casuword32(&m->m_owner,
2350 id | UMUTEX_CONTESTED, old_owner);
2352 if (error == 0 && old_owner == UMUTEX_RB_OWNERDEAD)
2357 if ((owner & ~UMUTEX_CONTESTED) == id) {
2368 * If we caught a signal, we have retried and now
2374 umtxq_lock(&uq->uq_key);
2375 umtxq_busy(&uq->uq_key);
2376 umtxq_unlock(&uq->uq_key);
2379 * Set the contested bit so that a release in user space
2380 * knows to use the system call for unlock. If this fails
2381 * either some one else has acquired the lock or it has been
2384 rv = casueword32(&m->m_owner, owner, &old, owner |
2387 /* The address was invalid. */
2389 umtxq_unbusy_unlocked(&uq->uq_key);
2394 umtxq_unbusy_unlocked(&uq->uq_key);
2395 error = thread_check_susp(td, true);
2400 * The lock changed and we need to retry or we
2401 * lost a race to the thread unlocking the
2402 * umtx. Note that the UMUTEX_RB_OWNERDEAD
2403 * value for owner is impossible there.
2408 umtxq_lock(&uq->uq_key);
2410 /* We set the contested bit, sleep. */
2411 MPASS(old == owner);
2412 error = umtxq_sleep_pi(uq, pi, owner & ~UMUTEX_CONTESTED,
2413 "umtxpi", timeout == NULL ? NULL : &timo,
2414 (flags & USYNC_PROCESS_SHARED) != 0);
2418 error = thread_check_susp(td, false);
2423 umtxq_lock(&uq->uq_key);
2425 umtxq_unlock(&uq->uq_key);
2427 umtx_key_release(&uq->uq_key);
2432 * Unlock a PI mutex.
2435 do_unlock_pi(struct thread *td, struct umutex *m, uint32_t flags, bool rb)
2437 struct umtx_key key;
2438 uint32_t id, new_owner, old, owner;
2445 * Make sure we own this mtx.
2447 error = fueword32(&m->m_owner, &owner);
2451 if ((owner & ~UMUTEX_CONTESTED) != id)
2454 new_owner = umtx_unlock_val(flags, rb);
2456 /* This should be done in userland */
2457 if ((owner & UMUTEX_CONTESTED) == 0) {
2458 error = casueword32(&m->m_owner, owner, &old, new_owner);
2462 error = thread_check_susp(td, true);
2472 /* We should only ever be in here for contested locks */
2473 if ((error = umtx_key_get(m, (flags & UMUTEX_ROBUST) != 0 ?
2474 TYPE_PI_ROBUST_UMUTEX : TYPE_PI_UMUTEX, GET_SHARE(flags),
2480 error = umtx_pi_drop(td, &key, rb, &count);
2484 umtx_key_release(&key);
2485 /* userland messed the mutex */
2491 * When unlocking the umtx, it must be marked as unowned if
2492 * there is zero or one thread only waiting for it.
2493 * Otherwise, it must be marked as contested.
2497 new_owner |= UMUTEX_CONTESTED;
2499 error = casueword32(&m->m_owner, owner, &old, new_owner);
2501 error = thread_check_susp(td, false);
2505 umtxq_unbusy_unlocked(&key);
2506 umtx_key_release(&key);
2509 if (error == 0 && old != owner)
2518 do_lock_pp(struct thread *td, struct umutex *m, uint32_t flags,
2519 struct _umtx_time *timeout, int try)
2521 struct umtx_abs_timeout timo;
2522 struct umtx_q *uq, *uq2;
2526 int error, pri, old_inherited_pri, su, rv;
2530 if ((error = umtx_key_get(m, (flags & UMUTEX_ROBUST) != 0 ?
2531 TYPE_PP_ROBUST_UMUTEX : TYPE_PP_UMUTEX, GET_SHARE(flags),
2535 if (timeout != NULL)
2536 umtx_abs_timeout_init2(&timo, timeout);
2538 su = (priv_check(td, PRIV_SCHED_RTPRIO) == 0);
2540 old_inherited_pri = uq->uq_inherited_pri;
2541 umtxq_lock(&uq->uq_key);
2542 umtxq_busy(&uq->uq_key);
2543 umtxq_unlock(&uq->uq_key);
2545 rv = fueword32(&m->m_ceilings[0], &ceiling);
2550 ceiling = RTP_PRIO_MAX - ceiling;
2551 if (ceiling > RTP_PRIO_MAX) {
2556 mtx_lock(&umtx_lock);
2557 if (UPRI(td) < PRI_MIN_REALTIME + ceiling) {
2558 mtx_unlock(&umtx_lock);
2562 if (su && PRI_MIN_REALTIME + ceiling < uq->uq_inherited_pri) {
2563 uq->uq_inherited_pri = PRI_MIN_REALTIME + ceiling;
2565 if (uq->uq_inherited_pri < UPRI(td))
2566 sched_lend_user_prio(td, uq->uq_inherited_pri);
2569 mtx_unlock(&umtx_lock);
2571 rv = casueword32(&m->m_owner, UMUTEX_CONTESTED, &owner,
2572 id | UMUTEX_CONTESTED);
2573 /* The address was invalid. */
2579 MPASS(owner == UMUTEX_CONTESTED);
2584 if (owner == UMUTEX_RB_OWNERDEAD) {
2585 rv = casueword32(&m->m_owner, UMUTEX_RB_OWNERDEAD,
2586 &owner, id | UMUTEX_CONTESTED);
2592 MPASS(owner == UMUTEX_RB_OWNERDEAD);
2593 error = EOWNERDEAD; /* success */
2598 * rv == 1, only check for suspension if we
2599 * did not already catched a signal. If we
2600 * get an error from the check, the same
2601 * condition is checked by the umtxq_sleep()
2602 * call below, so we should obliterate the
2603 * error to not skip the last loop iteration.
2606 error = thread_check_susp(td, false);
2615 } else if (owner == UMUTEX_RB_NOTRECOV) {
2616 error = ENOTRECOVERABLE;
2623 * If we caught a signal, we have retried and now
2629 umtxq_lock(&uq->uq_key);
2631 umtxq_unbusy(&uq->uq_key);
2632 error = umtxq_sleep(uq, "umtxpp", timeout == NULL ?
2635 umtxq_unlock(&uq->uq_key);
2637 mtx_lock(&umtx_lock);
2638 uq->uq_inherited_pri = old_inherited_pri;
2640 TAILQ_FOREACH(pi, &uq->uq_pi_contested, pi_link) {
2641 uq2 = TAILQ_FIRST(&pi->pi_blocked);
2643 if (pri > UPRI(uq2->uq_thread))
2644 pri = UPRI(uq2->uq_thread);
2647 if (pri > uq->uq_inherited_pri)
2648 pri = uq->uq_inherited_pri;
2650 sched_lend_user_prio(td, pri);
2652 mtx_unlock(&umtx_lock);
2655 if (error != 0 && error != EOWNERDEAD) {
2656 mtx_lock(&umtx_lock);
2657 uq->uq_inherited_pri = old_inherited_pri;
2659 TAILQ_FOREACH(pi, &uq->uq_pi_contested, pi_link) {
2660 uq2 = TAILQ_FIRST(&pi->pi_blocked);
2662 if (pri > UPRI(uq2->uq_thread))
2663 pri = UPRI(uq2->uq_thread);
2666 if (pri > uq->uq_inherited_pri)
2667 pri = uq->uq_inherited_pri;
2669 sched_lend_user_prio(td, pri);
2671 mtx_unlock(&umtx_lock);
2675 umtxq_unbusy_unlocked(&uq->uq_key);
2676 umtx_key_release(&uq->uq_key);
2681 * Unlock a PP mutex.
2684 do_unlock_pp(struct thread *td, struct umutex *m, uint32_t flags, bool rb)
2686 struct umtx_key key;
2687 struct umtx_q *uq, *uq2;
2689 uint32_t id, owner, rceiling;
2690 int error, pri, new_inherited_pri, su;
2694 su = (priv_check(td, PRIV_SCHED_RTPRIO) == 0);
2697 * Make sure we own this mtx.
2699 error = fueword32(&m->m_owner, &owner);
2703 if ((owner & ~UMUTEX_CONTESTED) != id)
2706 error = copyin(&m->m_ceilings[1], &rceiling, sizeof(uint32_t));
2711 new_inherited_pri = PRI_MAX;
2713 rceiling = RTP_PRIO_MAX - rceiling;
2714 if (rceiling > RTP_PRIO_MAX)
2716 new_inherited_pri = PRI_MIN_REALTIME + rceiling;
2719 if ((error = umtx_key_get(m, (flags & UMUTEX_ROBUST) != 0 ?
2720 TYPE_PP_ROBUST_UMUTEX : TYPE_PP_UMUTEX, GET_SHARE(flags),
2727 * For priority protected mutex, always set unlocked state
2728 * to UMUTEX_CONTESTED, so that userland always enters kernel
2729 * to lock the mutex, it is necessary because thread priority
2730 * has to be adjusted for such mutex.
2732 error = suword32(&m->m_owner, umtx_unlock_val(flags, rb) |
2737 umtxq_signal(&key, 1);
2744 mtx_lock(&umtx_lock);
2746 uq->uq_inherited_pri = new_inherited_pri;
2748 TAILQ_FOREACH(pi, &uq->uq_pi_contested, pi_link) {
2749 uq2 = TAILQ_FIRST(&pi->pi_blocked);
2751 if (pri > UPRI(uq2->uq_thread))
2752 pri = UPRI(uq2->uq_thread);
2755 if (pri > uq->uq_inherited_pri)
2756 pri = uq->uq_inherited_pri;
2758 sched_lend_user_prio(td, pri);
2760 mtx_unlock(&umtx_lock);
2762 umtx_key_release(&key);
2767 do_set_ceiling(struct thread *td, struct umutex *m, uint32_t ceiling,
2768 uint32_t *old_ceiling)
2771 uint32_t flags, id, owner, save_ceiling;
2774 error = fueword32(&m->m_flags, &flags);
2777 if ((flags & UMUTEX_PRIO_PROTECT) == 0)
2779 if (ceiling > RTP_PRIO_MAX)
2783 if ((error = umtx_key_get(m, (flags & UMUTEX_ROBUST) != 0 ?
2784 TYPE_PP_ROBUST_UMUTEX : TYPE_PP_UMUTEX, GET_SHARE(flags),
2788 umtxq_lock(&uq->uq_key);
2789 umtxq_busy(&uq->uq_key);
2790 umtxq_unlock(&uq->uq_key);
2792 rv = fueword32(&m->m_ceilings[0], &save_ceiling);
2798 rv = casueword32(&m->m_owner, UMUTEX_CONTESTED, &owner,
2799 id | UMUTEX_CONTESTED);
2806 MPASS(owner == UMUTEX_CONTESTED);
2807 rv = suword32(&m->m_ceilings[0], ceiling);
2808 rv1 = suword32(&m->m_owner, UMUTEX_CONTESTED);
2809 error = (rv == 0 && rv1 == 0) ? 0: EFAULT;
2813 if ((owner & ~UMUTEX_CONTESTED) == id) {
2814 rv = suword32(&m->m_ceilings[0], ceiling);
2815 error = rv == 0 ? 0 : EFAULT;
2819 if (owner == UMUTEX_RB_OWNERDEAD) {
2822 } else if (owner == UMUTEX_RB_NOTRECOV) {
2823 error = ENOTRECOVERABLE;
2828 * If we caught a signal, we have retried and now
2835 * We set the contested bit, sleep. Otherwise the lock changed
2836 * and we need to retry or we lost a race to the thread
2837 * unlocking the umtx.
2839 umtxq_lock(&uq->uq_key);
2841 umtxq_unbusy(&uq->uq_key);
2842 error = umtxq_sleep(uq, "umtxpp", NULL);
2844 umtxq_unlock(&uq->uq_key);
2846 umtxq_lock(&uq->uq_key);
2848 umtxq_signal(&uq->uq_key, INT_MAX);
2849 umtxq_unbusy(&uq->uq_key);
2850 umtxq_unlock(&uq->uq_key);
2851 umtx_key_release(&uq->uq_key);
2852 if (error == 0 && old_ceiling != NULL) {
2853 rv = suword32(old_ceiling, save_ceiling);
2854 error = rv == 0 ? 0 : EFAULT;
2860 * Lock a userland POSIX mutex.
2863 do_lock_umutex(struct thread *td, struct umutex *m,
2864 struct _umtx_time *timeout, int mode)
2869 error = fueword32(&m->m_flags, &flags);
2873 switch (flags & (UMUTEX_PRIO_INHERIT | UMUTEX_PRIO_PROTECT)) {
2875 error = do_lock_normal(td, m, flags, timeout, mode);
2877 case UMUTEX_PRIO_INHERIT:
2878 error = do_lock_pi(td, m, flags, timeout, mode);
2880 case UMUTEX_PRIO_PROTECT:
2881 error = do_lock_pp(td, m, flags, timeout, mode);
2886 if (timeout == NULL) {
2887 if (error == EINTR && mode != _UMUTEX_WAIT)
2890 /* Timed-locking is not restarted. */
2891 if (error == ERESTART)
2898 * Unlock a userland POSIX mutex.
2901 do_unlock_umutex(struct thread *td, struct umutex *m, bool rb)
2906 error = fueword32(&m->m_flags, &flags);
2910 switch (flags & (UMUTEX_PRIO_INHERIT | UMUTEX_PRIO_PROTECT)) {
2912 return (do_unlock_normal(td, m, flags, rb));
2913 case UMUTEX_PRIO_INHERIT:
2914 return (do_unlock_pi(td, m, flags, rb));
2915 case UMUTEX_PRIO_PROTECT:
2916 return (do_unlock_pp(td, m, flags, rb));
2923 do_cv_wait(struct thread *td, struct ucond *cv, struct umutex *m,
2924 struct timespec *timeout, u_long wflags)
2926 struct umtx_abs_timeout timo;
2928 uint32_t flags, clockid, hasw;
2932 error = fueword32(&cv->c_flags, &flags);
2935 error = umtx_key_get(cv, TYPE_CV, GET_SHARE(flags), &uq->uq_key);
2939 if ((wflags & CVWAIT_CLOCKID) != 0) {
2940 error = fueword32(&cv->c_clockid, &clockid);
2942 umtx_key_release(&uq->uq_key);
2945 if (clockid < CLOCK_REALTIME ||
2946 clockid >= CLOCK_THREAD_CPUTIME_ID) {
2947 /* hmm, only HW clock id will work. */
2948 umtx_key_release(&uq->uq_key);
2952 clockid = CLOCK_REALTIME;
2955 umtxq_lock(&uq->uq_key);
2956 umtxq_busy(&uq->uq_key);
2958 umtxq_unlock(&uq->uq_key);
2961 * Set c_has_waiters to 1 before releasing user mutex, also
2962 * don't modify cache line when unnecessary.
2964 error = fueword32(&cv->c_has_waiters, &hasw);
2965 if (error == 0 && hasw == 0)
2966 suword32(&cv->c_has_waiters, 1);
2968 umtxq_unbusy_unlocked(&uq->uq_key);
2970 error = do_unlock_umutex(td, m, false);
2972 if (timeout != NULL)
2973 umtx_abs_timeout_init(&timo, clockid,
2974 (wflags & CVWAIT_ABSTIME) != 0, timeout);
2976 umtxq_lock(&uq->uq_key);
2978 error = umtxq_sleep(uq, "ucond", timeout == NULL ?
2982 if ((uq->uq_flags & UQF_UMTXQ) == 0)
2986 * This must be timeout,interrupted by signal or
2987 * surprious wakeup, clear c_has_waiter flag when
2990 umtxq_busy(&uq->uq_key);
2991 if ((uq->uq_flags & UQF_UMTXQ) != 0) {
2992 int oldlen = uq->uq_cur_queue->length;
2995 umtxq_unlock(&uq->uq_key);
2996 suword32(&cv->c_has_waiters, 0);
2997 umtxq_lock(&uq->uq_key);
3000 umtxq_unbusy(&uq->uq_key);
3001 if (error == ERESTART)
3005 umtxq_unlock(&uq->uq_key);
3006 umtx_key_release(&uq->uq_key);
3011 * Signal a userland condition variable.
3014 do_cv_signal(struct thread *td, struct ucond *cv)
3016 struct umtx_key key;
3017 int error, cnt, nwake;
3020 error = fueword32(&cv->c_flags, &flags);
3023 if ((error = umtx_key_get(cv, TYPE_CV, GET_SHARE(flags), &key)) != 0)
3027 cnt = umtxq_count(&key);
3028 nwake = umtxq_signal(&key, 1);
3031 error = suword32(&cv->c_has_waiters, 0);
3038 umtx_key_release(&key);
3043 do_cv_broadcast(struct thread *td, struct ucond *cv)
3045 struct umtx_key key;
3049 error = fueword32(&cv->c_flags, &flags);
3052 if ((error = umtx_key_get(cv, TYPE_CV, GET_SHARE(flags), &key)) != 0)
3057 umtxq_signal(&key, INT_MAX);
3060 error = suword32(&cv->c_has_waiters, 0);
3064 umtxq_unbusy_unlocked(&key);
3066 umtx_key_release(&key);
3071 do_rw_rdlock(struct thread *td, struct urwlock *rwlock, long fflag,
3072 struct _umtx_time *timeout)
3074 struct umtx_abs_timeout timo;
3076 uint32_t flags, wrflags;
3077 int32_t state, oldstate;
3078 int32_t blocked_readers;
3079 int error, error1, rv;
3082 error = fueword32(&rwlock->rw_flags, &flags);
3085 error = umtx_key_get(rwlock, TYPE_RWLOCK, GET_SHARE(flags), &uq->uq_key);
3089 if (timeout != NULL)
3090 umtx_abs_timeout_init2(&timo, timeout);
3092 wrflags = URWLOCK_WRITE_OWNER;
3093 if (!(fflag & URWLOCK_PREFER_READER) && !(flags & URWLOCK_PREFER_READER))
3094 wrflags |= URWLOCK_WRITE_WAITERS;
3097 rv = fueword32(&rwlock->rw_state, &state);
3099 umtx_key_release(&uq->uq_key);
3103 /* try to lock it */
3104 while (!(state & wrflags)) {
3105 if (__predict_false(URWLOCK_READER_COUNT(state) ==
3106 URWLOCK_MAX_READERS)) {
3107 umtx_key_release(&uq->uq_key);
3110 rv = casueword32(&rwlock->rw_state, state,
3111 &oldstate, state + 1);
3113 umtx_key_release(&uq->uq_key);
3117 MPASS(oldstate == state);
3118 umtx_key_release(&uq->uq_key);
3121 error = thread_check_susp(td, true);
3130 /* grab monitor lock */
3131 umtxq_lock(&uq->uq_key);
3132 umtxq_busy(&uq->uq_key);
3133 umtxq_unlock(&uq->uq_key);
3136 * re-read the state, in case it changed between the try-lock above
3137 * and the check below
3139 rv = fueword32(&rwlock->rw_state, &state);
3143 /* set read contention bit */
3144 while (error == 0 && (state & wrflags) &&
3145 !(state & URWLOCK_READ_WAITERS)) {
3146 rv = casueword32(&rwlock->rw_state, state,
3147 &oldstate, state | URWLOCK_READ_WAITERS);
3153 MPASS(oldstate == state);
3157 error = thread_check_susp(td, false);
3162 umtxq_unbusy_unlocked(&uq->uq_key);
3166 /* state is changed while setting flags, restart */
3167 if (!(state & wrflags)) {
3168 umtxq_unbusy_unlocked(&uq->uq_key);
3169 error = thread_check_susp(td, true);
3177 * Contention bit is set, before sleeping, increase
3178 * read waiter count.
3180 rv = fueword32(&rwlock->rw_blocked_readers,
3183 umtxq_unbusy_unlocked(&uq->uq_key);
3187 suword32(&rwlock->rw_blocked_readers, blocked_readers+1);
3189 while (state & wrflags) {
3190 umtxq_lock(&uq->uq_key);
3192 umtxq_unbusy(&uq->uq_key);
3194 error = umtxq_sleep(uq, "urdlck", timeout == NULL ?
3197 umtxq_busy(&uq->uq_key);
3199 umtxq_unlock(&uq->uq_key);
3202 rv = fueword32(&rwlock->rw_state, &state);
3209 /* decrease read waiter count, and may clear read contention bit */
3210 rv = fueword32(&rwlock->rw_blocked_readers,
3213 umtxq_unbusy_unlocked(&uq->uq_key);
3217 suword32(&rwlock->rw_blocked_readers, blocked_readers-1);
3218 if (blocked_readers == 1) {
3219 rv = fueword32(&rwlock->rw_state, &state);
3221 umtxq_unbusy_unlocked(&uq->uq_key);
3226 rv = casueword32(&rwlock->rw_state, state,
3227 &oldstate, state & ~URWLOCK_READ_WAITERS);
3233 MPASS(oldstate == state);
3237 error1 = thread_check_susp(td, false);
3246 umtxq_unbusy_unlocked(&uq->uq_key);
3250 umtx_key_release(&uq->uq_key);
3251 if (error == ERESTART)
3257 do_rw_wrlock(struct thread *td, struct urwlock *rwlock, struct _umtx_time *timeout)
3259 struct umtx_abs_timeout timo;
3262 int32_t state, oldstate;
3263 int32_t blocked_writers;
3264 int32_t blocked_readers;
3265 int error, error1, rv;
3268 error = fueword32(&rwlock->rw_flags, &flags);
3271 error = umtx_key_get(rwlock, TYPE_RWLOCK, GET_SHARE(flags), &uq->uq_key);
3275 if (timeout != NULL)
3276 umtx_abs_timeout_init2(&timo, timeout);
3278 blocked_readers = 0;
3280 rv = fueword32(&rwlock->rw_state, &state);
3282 umtx_key_release(&uq->uq_key);
3285 while ((state & URWLOCK_WRITE_OWNER) == 0 &&
3286 URWLOCK_READER_COUNT(state) == 0) {
3287 rv = casueword32(&rwlock->rw_state, state,
3288 &oldstate, state | URWLOCK_WRITE_OWNER);
3290 umtx_key_release(&uq->uq_key);
3294 MPASS(oldstate == state);
3295 umtx_key_release(&uq->uq_key);
3299 error = thread_check_susp(td, true);
3305 if ((state & (URWLOCK_WRITE_OWNER |
3306 URWLOCK_WRITE_WAITERS)) == 0 &&
3307 blocked_readers != 0) {
3308 umtxq_lock(&uq->uq_key);
3309 umtxq_busy(&uq->uq_key);
3310 umtxq_signal_queue(&uq->uq_key, INT_MAX,
3312 umtxq_unbusy(&uq->uq_key);
3313 umtxq_unlock(&uq->uq_key);
3319 /* grab monitor lock */
3320 umtxq_lock(&uq->uq_key);
3321 umtxq_busy(&uq->uq_key);
3322 umtxq_unlock(&uq->uq_key);
3325 * Re-read the state, in case it changed between the
3326 * try-lock above and the check below.
3328 rv = fueword32(&rwlock->rw_state, &state);
3332 while (error == 0 && ((state & URWLOCK_WRITE_OWNER) ||
3333 URWLOCK_READER_COUNT(state) != 0) &&
3334 (state & URWLOCK_WRITE_WAITERS) == 0) {
3335 rv = casueword32(&rwlock->rw_state, state,
3336 &oldstate, state | URWLOCK_WRITE_WAITERS);
3342 MPASS(oldstate == state);
3346 error = thread_check_susp(td, false);
3351 umtxq_unbusy_unlocked(&uq->uq_key);
3355 if ((state & URWLOCK_WRITE_OWNER) == 0 &&
3356 URWLOCK_READER_COUNT(state) == 0) {
3357 umtxq_unbusy_unlocked(&uq->uq_key);
3358 error = thread_check_susp(td, false);
3364 rv = fueword32(&rwlock->rw_blocked_writers,
3367 umtxq_unbusy_unlocked(&uq->uq_key);
3371 suword32(&rwlock->rw_blocked_writers, blocked_writers + 1);
3373 while ((state & URWLOCK_WRITE_OWNER) ||
3374 URWLOCK_READER_COUNT(state) != 0) {
3375 umtxq_lock(&uq->uq_key);
3376 umtxq_insert_queue(uq, UMTX_EXCLUSIVE_QUEUE);
3377 umtxq_unbusy(&uq->uq_key);
3379 error = umtxq_sleep(uq, "uwrlck", timeout == NULL ?
3382 umtxq_busy(&uq->uq_key);
3383 umtxq_remove_queue(uq, UMTX_EXCLUSIVE_QUEUE);
3384 umtxq_unlock(&uq->uq_key);
3387 rv = fueword32(&rwlock->rw_state, &state);
3394 rv = fueword32(&rwlock->rw_blocked_writers,
3397 umtxq_unbusy_unlocked(&uq->uq_key);
3401 suword32(&rwlock->rw_blocked_writers, blocked_writers-1);
3402 if (blocked_writers == 1) {
3403 rv = fueword32(&rwlock->rw_state, &state);
3405 umtxq_unbusy_unlocked(&uq->uq_key);
3410 rv = casueword32(&rwlock->rw_state, state,
3411 &oldstate, state & ~URWLOCK_WRITE_WAITERS);
3417 MPASS(oldstate == state);
3421 error1 = thread_check_susp(td, false);
3423 * We are leaving the URWLOCK_WRITE_WAITERS
3424 * behind, but this should not harm the
3433 rv = fueword32(&rwlock->rw_blocked_readers,
3436 umtxq_unbusy_unlocked(&uq->uq_key);
3441 blocked_readers = 0;
3443 umtxq_unbusy_unlocked(&uq->uq_key);
3446 umtx_key_release(&uq->uq_key);
3447 if (error == ERESTART)
3453 do_rw_unlock(struct thread *td, struct urwlock *rwlock)
3457 int32_t state, oldstate;
3458 int error, rv, q, count;
3461 error = fueword32(&rwlock->rw_flags, &flags);
3464 error = umtx_key_get(rwlock, TYPE_RWLOCK, GET_SHARE(flags), &uq->uq_key);
3468 error = fueword32(&rwlock->rw_state, &state);
3473 if (state & URWLOCK_WRITE_OWNER) {
3475 rv = casueword32(&rwlock->rw_state, state,
3476 &oldstate, state & ~URWLOCK_WRITE_OWNER);
3483 if (!(oldstate & URWLOCK_WRITE_OWNER)) {
3487 error = thread_check_susp(td, true);
3493 } else if (URWLOCK_READER_COUNT(state) != 0) {
3495 rv = casueword32(&rwlock->rw_state, state,
3496 &oldstate, state - 1);
3503 if (URWLOCK_READER_COUNT(oldstate) == 0) {
3507 error = thread_check_susp(td, true);
3520 if (!(flags & URWLOCK_PREFER_READER)) {
3521 if (state & URWLOCK_WRITE_WAITERS) {
3523 q = UMTX_EXCLUSIVE_QUEUE;
3524 } else if (state & URWLOCK_READ_WAITERS) {
3526 q = UMTX_SHARED_QUEUE;
3529 if (state & URWLOCK_READ_WAITERS) {
3531 q = UMTX_SHARED_QUEUE;
3532 } else if (state & URWLOCK_WRITE_WAITERS) {
3534 q = UMTX_EXCLUSIVE_QUEUE;
3539 umtxq_lock(&uq->uq_key);
3540 umtxq_busy(&uq->uq_key);
3541 umtxq_signal_queue(&uq->uq_key, count, q);
3542 umtxq_unbusy(&uq->uq_key);
3543 umtxq_unlock(&uq->uq_key);
3546 umtx_key_release(&uq->uq_key);
3550 #if defined(COMPAT_FREEBSD9) || defined(COMPAT_FREEBSD10)
3552 do_sem_wait(struct thread *td, struct _usem *sem, struct _umtx_time *timeout)
3554 struct umtx_abs_timeout timo;
3556 uint32_t flags, count, count1;
3560 error = fueword32(&sem->_flags, &flags);
3563 error = umtx_key_get(sem, TYPE_SEM, GET_SHARE(flags), &uq->uq_key);
3567 if (timeout != NULL)
3568 umtx_abs_timeout_init2(&timo, timeout);
3571 umtxq_lock(&uq->uq_key);
3572 umtxq_busy(&uq->uq_key);
3574 umtxq_unlock(&uq->uq_key);
3575 rv = casueword32(&sem->_has_waiters, 0, &count1, 1);
3577 rv1 = fueword32(&sem->_count, &count);
3578 if (rv == -1 || rv1 == -1 || count != 0 || (rv == 1 && count1 == 0)) {
3580 suword32(&sem->_has_waiters, 0);
3581 umtxq_lock(&uq->uq_key);
3582 umtxq_unbusy(&uq->uq_key);
3584 umtxq_unlock(&uq->uq_key);
3585 if (rv == -1 || rv1 == -1) {
3593 MPASS(rv == 1 && count1 == 0);
3594 rv = thread_check_susp(td, true);
3600 umtxq_lock(&uq->uq_key);
3601 umtxq_unbusy(&uq->uq_key);
3603 error = umtxq_sleep(uq, "usem", timeout == NULL ? NULL : &timo);
3605 if ((uq->uq_flags & UQF_UMTXQ) == 0)
3609 /* A relative timeout cannot be restarted. */
3610 if (error == ERESTART && timeout != NULL &&
3611 (timeout->_flags & UMTX_ABSTIME) == 0)
3614 umtxq_unlock(&uq->uq_key);
3616 umtx_key_release(&uq->uq_key);
3621 * Signal a userland semaphore.
3624 do_sem_wake(struct thread *td, struct _usem *sem)
3626 struct umtx_key key;
3630 error = fueword32(&sem->_flags, &flags);
3633 if ((error = umtx_key_get(sem, TYPE_SEM, GET_SHARE(flags), &key)) != 0)
3637 cnt = umtxq_count(&key);
3640 * Check if count is greater than 0, this means the memory is
3641 * still being referenced by user code, so we can safely
3642 * update _has_waiters flag.
3646 error = suword32(&sem->_has_waiters, 0);
3651 umtxq_signal(&key, 1);
3655 umtx_key_release(&key);
3661 do_sem2_wait(struct thread *td, struct _usem2 *sem, struct _umtx_time *timeout)
3663 struct umtx_abs_timeout timo;
3665 uint32_t count, flags;
3669 flags = fuword32(&sem->_flags);
3670 if (timeout != NULL)
3671 umtx_abs_timeout_init2(&timo, timeout);
3674 error = umtx_key_get(sem, TYPE_SEM, GET_SHARE(flags), &uq->uq_key);
3677 umtxq_lock(&uq->uq_key);
3678 umtxq_busy(&uq->uq_key);
3680 umtxq_unlock(&uq->uq_key);
3681 rv = fueword32(&sem->_count, &count);
3683 umtxq_lock(&uq->uq_key);
3684 umtxq_unbusy(&uq->uq_key);
3686 umtxq_unlock(&uq->uq_key);
3687 umtx_key_release(&uq->uq_key);
3691 if (USEM_COUNT(count) != 0) {
3692 umtxq_lock(&uq->uq_key);
3693 umtxq_unbusy(&uq->uq_key);
3695 umtxq_unlock(&uq->uq_key);
3696 umtx_key_release(&uq->uq_key);
3699 if (count == USEM_HAS_WAITERS)
3701 rv = casueword32(&sem->_count, 0, &count, USEM_HAS_WAITERS);
3704 umtxq_lock(&uq->uq_key);
3705 umtxq_unbusy(&uq->uq_key);
3707 umtxq_unlock(&uq->uq_key);
3708 umtx_key_release(&uq->uq_key);
3711 rv = thread_check_susp(td, true);
3716 umtxq_lock(&uq->uq_key);
3717 umtxq_unbusy(&uq->uq_key);
3719 error = umtxq_sleep(uq, "usem", timeout == NULL ? NULL : &timo);
3721 if ((uq->uq_flags & UQF_UMTXQ) == 0)
3725 if (timeout != NULL && (timeout->_flags & UMTX_ABSTIME) == 0) {
3726 /* A relative timeout cannot be restarted. */
3727 if (error == ERESTART)
3729 if (error == EINTR) {
3730 kern_clock_gettime(curthread, timo.clockid,
3732 timespecsub(&timo.end, &timo.cur,
3733 &timeout->_timeout);
3737 umtxq_unlock(&uq->uq_key);
3738 umtx_key_release(&uq->uq_key);
3743 * Signal a userland semaphore.
3746 do_sem2_wake(struct thread *td, struct _usem2 *sem)
3748 struct umtx_key key;
3750 uint32_t count, flags;
3752 rv = fueword32(&sem->_flags, &flags);
3755 if ((error = umtx_key_get(sem, TYPE_SEM, GET_SHARE(flags), &key)) != 0)
3759 cnt = umtxq_count(&key);
3762 * If this was the last sleeping thread, clear the waiters
3767 rv = fueword32(&sem->_count, &count);
3768 while (rv != -1 && count & USEM_HAS_WAITERS) {
3769 rv = casueword32(&sem->_count, count, &count,
3770 count & ~USEM_HAS_WAITERS);
3772 rv = thread_check_susp(td, true);
3785 umtxq_signal(&key, 1);
3789 umtx_key_release(&key);
3793 #ifdef COMPAT_FREEBSD10
3795 freebsd10__umtx_lock(struct thread *td, struct freebsd10__umtx_lock_args *uap)
3797 return (do_lock_umtx(td, uap->umtx, td->td_tid, 0));
3801 freebsd10__umtx_unlock(struct thread *td,
3802 struct freebsd10__umtx_unlock_args *uap)
3804 return (do_unlock_umtx(td, uap->umtx, td->td_tid));
3809 umtx_copyin_timeout(const void *uaddr, struct timespec *tsp)
3813 error = copyin(uaddr, tsp, sizeof(*tsp));
3815 if (!timespecvalid_interval(tsp))
3822 umtx_copyin_umtx_time(const void *uaddr, size_t size, struct _umtx_time *tp)
3826 if (size <= sizeof(tp->_timeout)) {
3827 tp->_clockid = CLOCK_REALTIME;
3829 error = copyin(uaddr, &tp->_timeout, sizeof(tp->_timeout));
3831 error = copyin(uaddr, tp, sizeof(*tp));
3834 if (!timespecvalid_interval(&tp->_timeout))
3840 umtx_copyin_robust_lists(const void *uaddr, size_t size,
3841 struct umtx_robust_lists_params *rb)
3844 if (size > sizeof(*rb))
3846 return (copyin(uaddr, rb, size));
3850 umtx_copyout_timeout(void *uaddr, size_t sz, struct timespec *tsp)
3854 * Should be guaranteed by the caller, sz == uaddr1 - sizeof(_umtx_time)
3855 * and we're only called if sz >= sizeof(timespec) as supplied in the
3858 KASSERT(sz >= sizeof(*tsp),
3859 ("umtx_copyops specifies incorrect sizes"));
3861 return (copyout(tsp, uaddr, sizeof(*tsp)));
3864 #ifdef COMPAT_FREEBSD10
3866 __umtx_op_lock_umtx(struct thread *td, struct _umtx_op_args *uap,
3867 const struct umtx_copyops *ops)
3869 struct timespec *ts, timeout;
3872 /* Allow a null timespec (wait forever). */
3873 if (uap->uaddr2 == NULL)
3876 error = ops->copyin_timeout(uap->uaddr2, &timeout);
3881 #ifdef COMPAT_FREEBSD32
3883 return (do_lock_umtx32(td, uap->obj, uap->val, ts));
3885 return (do_lock_umtx(td, uap->obj, uap->val, ts));
3889 __umtx_op_unlock_umtx(struct thread *td, struct _umtx_op_args *uap,
3890 const struct umtx_copyops *ops)
3892 #ifdef COMPAT_FREEBSD32
3894 return (do_unlock_umtx32(td, uap->obj, uap->val));
3896 return (do_unlock_umtx(td, uap->obj, uap->val));
3898 #endif /* COMPAT_FREEBSD10 */
3900 #if !defined(COMPAT_FREEBSD10)
3902 __umtx_op_unimpl(struct thread *td __unused, struct _umtx_op_args *uap __unused,
3903 const struct umtx_copyops *ops __unused)
3905 return (EOPNOTSUPP);
3907 #endif /* COMPAT_FREEBSD10 */
3910 __umtx_op_wait(struct thread *td, struct _umtx_op_args *uap,
3911 const struct umtx_copyops *ops)
3913 struct _umtx_time timeout, *tm_p;
3916 if (uap->uaddr2 == NULL)
3919 error = ops->copyin_umtx_time(
3920 uap->uaddr2, (size_t)uap->uaddr1, &timeout);
3925 return (do_wait(td, uap->obj, uap->val, tm_p, ops->compat32, 0));
3929 __umtx_op_wait_uint(struct thread *td, struct _umtx_op_args *uap,
3930 const struct umtx_copyops *ops)
3932 struct _umtx_time timeout, *tm_p;
3935 if (uap->uaddr2 == NULL)
3938 error = ops->copyin_umtx_time(
3939 uap->uaddr2, (size_t)uap->uaddr1, &timeout);
3944 return (do_wait(td, uap->obj, uap->val, tm_p, 1, 0));
3948 __umtx_op_wait_uint_private(struct thread *td, struct _umtx_op_args *uap,
3949 const struct umtx_copyops *ops)
3951 struct _umtx_time *tm_p, timeout;
3954 if (uap->uaddr2 == NULL)
3957 error = ops->copyin_umtx_time(
3958 uap->uaddr2, (size_t)uap->uaddr1, &timeout);
3963 return (do_wait(td, uap->obj, uap->val, tm_p, 1, 1));
3967 __umtx_op_wake(struct thread *td, struct _umtx_op_args *uap,
3968 const struct umtx_copyops *ops __unused)
3971 return (kern_umtx_wake(td, uap->obj, uap->val, 0));
3974 #define BATCH_SIZE 128
3976 __umtx_op_nwake_private_native(struct thread *td, struct _umtx_op_args *uap)
3978 char *uaddrs[BATCH_SIZE], **upp;
3979 int count, error, i, pos, tocopy;
3981 upp = (char **)uap->obj;
3983 for (count = uap->val, pos = 0; count > 0; count -= tocopy,
3985 tocopy = MIN(count, BATCH_SIZE);
3986 error = copyin(upp + pos, uaddrs, tocopy * sizeof(char *));
3989 for (i = 0; i < tocopy; ++i) {
3990 kern_umtx_wake(td, uaddrs[i], INT_MAX, 1);
3998 __umtx_op_nwake_private_compat32(struct thread *td, struct _umtx_op_args *uap)
4000 uint32_t uaddrs[BATCH_SIZE], *upp;
4001 int count, error, i, pos, tocopy;
4003 upp = (uint32_t *)uap->obj;
4005 for (count = uap->val, pos = 0; count > 0; count -= tocopy,
4007 tocopy = MIN(count, BATCH_SIZE);
4008 error = copyin(upp + pos, uaddrs, tocopy * sizeof(uint32_t));
4011 for (i = 0; i < tocopy; ++i) {
4012 kern_umtx_wake(td, (void *)(uintptr_t)uaddrs[i],
4021 __umtx_op_nwake_private(struct thread *td, struct _umtx_op_args *uap,
4022 const struct umtx_copyops *ops)
4026 return (__umtx_op_nwake_private_compat32(td, uap));
4027 return (__umtx_op_nwake_private_native(td, uap));
4031 __umtx_op_wake_private(struct thread *td, struct _umtx_op_args *uap,
4032 const struct umtx_copyops *ops __unused)
4035 return (kern_umtx_wake(td, uap->obj, uap->val, 1));
4039 __umtx_op_lock_umutex(struct thread *td, struct _umtx_op_args *uap,
4040 const struct umtx_copyops *ops)
4042 struct _umtx_time *tm_p, timeout;
4045 /* Allow a null timespec (wait forever). */
4046 if (uap->uaddr2 == NULL)
4049 error = ops->copyin_umtx_time(
4050 uap->uaddr2, (size_t)uap->uaddr1, &timeout);
4055 return (do_lock_umutex(td, uap->obj, tm_p, 0));
4059 __umtx_op_trylock_umutex(struct thread *td, struct _umtx_op_args *uap,
4060 const struct umtx_copyops *ops __unused)
4063 return (do_lock_umutex(td, uap->obj, NULL, _UMUTEX_TRY));
4067 __umtx_op_wait_umutex(struct thread *td, struct _umtx_op_args *uap,
4068 const struct umtx_copyops *ops)
4070 struct _umtx_time *tm_p, timeout;
4073 /* Allow a null timespec (wait forever). */
4074 if (uap->uaddr2 == NULL)
4077 error = ops->copyin_umtx_time(
4078 uap->uaddr2, (size_t)uap->uaddr1, &timeout);
4083 return (do_lock_umutex(td, uap->obj, tm_p, _UMUTEX_WAIT));
4087 __umtx_op_wake_umutex(struct thread *td, struct _umtx_op_args *uap,
4088 const struct umtx_copyops *ops __unused)
4091 return (do_wake_umutex(td, uap->obj));
4095 __umtx_op_unlock_umutex(struct thread *td, struct _umtx_op_args *uap,
4096 const struct umtx_copyops *ops __unused)
4099 return (do_unlock_umutex(td, uap->obj, false));
4103 __umtx_op_set_ceiling(struct thread *td, struct _umtx_op_args *uap,
4104 const struct umtx_copyops *ops __unused)
4107 return (do_set_ceiling(td, uap->obj, uap->val, uap->uaddr1));
4111 __umtx_op_cv_wait(struct thread *td, struct _umtx_op_args *uap,
4112 const struct umtx_copyops *ops)
4114 struct timespec *ts, timeout;
4117 /* Allow a null timespec (wait forever). */
4118 if (uap->uaddr2 == NULL)
4121 error = ops->copyin_timeout(uap->uaddr2, &timeout);
4126 return (do_cv_wait(td, uap->obj, uap->uaddr1, ts, uap->val));
4130 __umtx_op_cv_signal(struct thread *td, struct _umtx_op_args *uap,
4131 const struct umtx_copyops *ops __unused)
4134 return (do_cv_signal(td, uap->obj));
4138 __umtx_op_cv_broadcast(struct thread *td, struct _umtx_op_args *uap,
4139 const struct umtx_copyops *ops __unused)
4142 return (do_cv_broadcast(td, uap->obj));
4146 __umtx_op_rw_rdlock(struct thread *td, struct _umtx_op_args *uap,
4147 const struct umtx_copyops *ops)
4149 struct _umtx_time timeout;
4152 /* Allow a null timespec (wait forever). */
4153 if (uap->uaddr2 == NULL) {
4154 error = do_rw_rdlock(td, uap->obj, uap->val, 0);
4156 error = ops->copyin_umtx_time(uap->uaddr2,
4157 (size_t)uap->uaddr1, &timeout);
4160 error = do_rw_rdlock(td, uap->obj, uap->val, &timeout);
4166 __umtx_op_rw_wrlock(struct thread *td, struct _umtx_op_args *uap,
4167 const struct umtx_copyops *ops)
4169 struct _umtx_time timeout;
4172 /* Allow a null timespec (wait forever). */
4173 if (uap->uaddr2 == NULL) {
4174 error = do_rw_wrlock(td, uap->obj, 0);
4176 error = ops->copyin_umtx_time(uap->uaddr2,
4177 (size_t)uap->uaddr1, &timeout);
4181 error = do_rw_wrlock(td, uap->obj, &timeout);
4187 __umtx_op_rw_unlock(struct thread *td, struct _umtx_op_args *uap,
4188 const struct umtx_copyops *ops __unused)
4191 return (do_rw_unlock(td, uap->obj));
4194 #if defined(COMPAT_FREEBSD9) || defined(COMPAT_FREEBSD10)
4196 __umtx_op_sem_wait(struct thread *td, struct _umtx_op_args *uap,
4197 const struct umtx_copyops *ops)
4199 struct _umtx_time *tm_p, timeout;
4202 /* Allow a null timespec (wait forever). */
4203 if (uap->uaddr2 == NULL)
4206 error = ops->copyin_umtx_time(
4207 uap->uaddr2, (size_t)uap->uaddr1, &timeout);
4212 return (do_sem_wait(td, uap->obj, tm_p));
4216 __umtx_op_sem_wake(struct thread *td, struct _umtx_op_args *uap,
4217 const struct umtx_copyops *ops __unused)
4220 return (do_sem_wake(td, uap->obj));
4225 __umtx_op_wake2_umutex(struct thread *td, struct _umtx_op_args *uap,
4226 const struct umtx_copyops *ops __unused)
4229 return (do_wake2_umutex(td, uap->obj, uap->val));
4233 __umtx_op_sem2_wait(struct thread *td, struct _umtx_op_args *uap,
4234 const struct umtx_copyops *ops)
4236 struct _umtx_time *tm_p, timeout;
4240 /* Allow a null timespec (wait forever). */
4241 if (uap->uaddr2 == NULL) {
4245 uasize = (size_t)uap->uaddr1;
4246 error = ops->copyin_umtx_time(uap->uaddr2, uasize, &timeout);
4251 error = do_sem2_wait(td, uap->obj, tm_p);
4252 if (error == EINTR && uap->uaddr2 != NULL &&
4253 (timeout._flags & UMTX_ABSTIME) == 0 &&
4254 uasize >= ops->umtx_time_sz + ops->timespec_sz) {
4255 error = ops->copyout_timeout(
4256 (void *)((uintptr_t)uap->uaddr2 + ops->umtx_time_sz),
4257 uasize - ops->umtx_time_sz, &timeout._timeout);
4267 __umtx_op_sem2_wake(struct thread *td, struct _umtx_op_args *uap,
4268 const struct umtx_copyops *ops __unused)
4271 return (do_sem2_wake(td, uap->obj));
4274 #define USHM_OBJ_UMTX(o) \
4275 ((struct umtx_shm_obj_list *)(&(o)->umtx_data))
4277 #define USHMF_REG_LINKED 0x0001
4278 #define USHMF_OBJ_LINKED 0x0002
4279 struct umtx_shm_reg {
4280 TAILQ_ENTRY(umtx_shm_reg) ushm_reg_link;
4281 LIST_ENTRY(umtx_shm_reg) ushm_obj_link;
4282 struct umtx_key ushm_key;
4283 struct ucred *ushm_cred;
4284 struct shmfd *ushm_obj;
4289 LIST_HEAD(umtx_shm_obj_list, umtx_shm_reg);
4290 TAILQ_HEAD(umtx_shm_reg_head, umtx_shm_reg);
4292 static uma_zone_t umtx_shm_reg_zone;
4293 static struct umtx_shm_reg_head umtx_shm_registry[UMTX_CHAINS];
4294 static struct mtx umtx_shm_lock;
4295 static struct umtx_shm_reg_head umtx_shm_reg_delfree =
4296 TAILQ_HEAD_INITIALIZER(umtx_shm_reg_delfree);
4298 static void umtx_shm_free_reg(struct umtx_shm_reg *reg);
4301 umtx_shm_reg_delfree_tq(void *context __unused, int pending __unused)
4303 struct umtx_shm_reg_head d;
4304 struct umtx_shm_reg *reg, *reg1;
4307 mtx_lock(&umtx_shm_lock);
4308 TAILQ_CONCAT(&d, &umtx_shm_reg_delfree, ushm_reg_link);
4309 mtx_unlock(&umtx_shm_lock);
4310 TAILQ_FOREACH_SAFE(reg, &d, ushm_reg_link, reg1) {
4311 TAILQ_REMOVE(&d, reg, ushm_reg_link);
4312 umtx_shm_free_reg(reg);
4316 static struct task umtx_shm_reg_delfree_task =
4317 TASK_INITIALIZER(0, umtx_shm_reg_delfree_tq, NULL);
4319 static struct umtx_shm_reg *
4320 umtx_shm_find_reg_locked(const struct umtx_key *key)
4322 struct umtx_shm_reg *reg;
4323 struct umtx_shm_reg_head *reg_head;
4325 KASSERT(key->shared, ("umtx_p_find_rg: private key"));
4326 mtx_assert(&umtx_shm_lock, MA_OWNED);
4327 reg_head = &umtx_shm_registry[key->hash];
4328 TAILQ_FOREACH(reg, reg_head, ushm_reg_link) {
4329 KASSERT(reg->ushm_key.shared,
4330 ("non-shared key on reg %p %d", reg, reg->ushm_key.shared));
4331 if (reg->ushm_key.info.shared.object ==
4332 key->info.shared.object &&
4333 reg->ushm_key.info.shared.offset ==
4334 key->info.shared.offset) {
4335 KASSERT(reg->ushm_key.type == TYPE_SHM, ("TYPE_USHM"));
4336 KASSERT(reg->ushm_refcnt > 0,
4337 ("reg %p refcnt 0 onlist", reg));
4338 KASSERT((reg->ushm_flags & USHMF_REG_LINKED) != 0,
4339 ("reg %p not linked", reg));
4347 static struct umtx_shm_reg *
4348 umtx_shm_find_reg(const struct umtx_key *key)
4350 struct umtx_shm_reg *reg;
4352 mtx_lock(&umtx_shm_lock);
4353 reg = umtx_shm_find_reg_locked(key);
4354 mtx_unlock(&umtx_shm_lock);
4359 umtx_shm_free_reg(struct umtx_shm_reg *reg)
4362 chgumtxcnt(reg->ushm_cred->cr_ruidinfo, -1, 0);
4363 crfree(reg->ushm_cred);
4364 shm_drop(reg->ushm_obj);
4365 uma_zfree(umtx_shm_reg_zone, reg);
4369 umtx_shm_unref_reg_locked(struct umtx_shm_reg *reg, bool force)
4373 mtx_assert(&umtx_shm_lock, MA_OWNED);
4374 KASSERT(reg->ushm_refcnt > 0, ("ushm_reg %p refcnt 0", reg));
4376 res = reg->ushm_refcnt == 0;
4378 if ((reg->ushm_flags & USHMF_REG_LINKED) != 0) {
4379 TAILQ_REMOVE(&umtx_shm_registry[reg->ushm_key.hash],
4380 reg, ushm_reg_link);
4381 reg->ushm_flags &= ~USHMF_REG_LINKED;
4383 if ((reg->ushm_flags & USHMF_OBJ_LINKED) != 0) {
4384 LIST_REMOVE(reg, ushm_obj_link);
4385 reg->ushm_flags &= ~USHMF_OBJ_LINKED;
4392 umtx_shm_unref_reg(struct umtx_shm_reg *reg, bool force)
4398 object = reg->ushm_obj->shm_object;
4399 VM_OBJECT_WLOCK(object);
4400 vm_object_set_flag(object, OBJ_UMTXDEAD);
4401 VM_OBJECT_WUNLOCK(object);
4403 mtx_lock(&umtx_shm_lock);
4404 dofree = umtx_shm_unref_reg_locked(reg, force);
4405 mtx_unlock(&umtx_shm_lock);
4407 umtx_shm_free_reg(reg);
4411 umtx_shm_object_init(vm_object_t object)
4414 LIST_INIT(USHM_OBJ_UMTX(object));
4418 umtx_shm_object_terminated(vm_object_t object)
4420 struct umtx_shm_reg *reg, *reg1;
4423 if (LIST_EMPTY(USHM_OBJ_UMTX(object)))
4427 mtx_lock(&umtx_shm_lock);
4428 LIST_FOREACH_SAFE(reg, USHM_OBJ_UMTX(object), ushm_obj_link, reg1) {
4429 if (umtx_shm_unref_reg_locked(reg, true)) {
4430 TAILQ_INSERT_TAIL(&umtx_shm_reg_delfree, reg,
4435 mtx_unlock(&umtx_shm_lock);
4437 taskqueue_enqueue(taskqueue_thread, &umtx_shm_reg_delfree_task);
4441 umtx_shm_create_reg(struct thread *td, const struct umtx_key *key,
4442 struct umtx_shm_reg **res)
4444 struct umtx_shm_reg *reg, *reg1;
4448 reg = umtx_shm_find_reg(key);
4453 cred = td->td_ucred;
4454 if (!chgumtxcnt(cred->cr_ruidinfo, 1, lim_cur(td, RLIMIT_UMTXP)))
4456 reg = uma_zalloc(umtx_shm_reg_zone, M_WAITOK | M_ZERO);
4457 reg->ushm_refcnt = 1;
4458 bcopy(key, ®->ushm_key, sizeof(*key));
4459 reg->ushm_obj = shm_alloc(td->td_ucred, O_RDWR, false);
4460 reg->ushm_cred = crhold(cred);
4461 error = shm_dotruncate(reg->ushm_obj, PAGE_SIZE);
4463 umtx_shm_free_reg(reg);
4466 mtx_lock(&umtx_shm_lock);
4467 reg1 = umtx_shm_find_reg_locked(key);
4469 mtx_unlock(&umtx_shm_lock);
4470 umtx_shm_free_reg(reg);
4475 TAILQ_INSERT_TAIL(&umtx_shm_registry[key->hash], reg, ushm_reg_link);
4476 LIST_INSERT_HEAD(USHM_OBJ_UMTX(key->info.shared.object), reg,
4478 reg->ushm_flags = USHMF_REG_LINKED | USHMF_OBJ_LINKED;
4479 mtx_unlock(&umtx_shm_lock);
4485 umtx_shm_alive(struct thread *td, void *addr)
4488 vm_map_entry_t entry;
4495 map = &td->td_proc->p_vmspace->vm_map;
4496 res = vm_map_lookup(&map, (uintptr_t)addr, VM_PROT_READ, &entry,
4497 &object, &pindex, &prot, &wired);
4498 if (res != KERN_SUCCESS)
4503 ret = (object->flags & OBJ_UMTXDEAD) != 0 ? ENOTTY : 0;
4504 vm_map_lookup_done(map, entry);
4513 umtx_shm_reg_zone = uma_zcreate("umtx_shm", sizeof(struct umtx_shm_reg),
4514 NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, 0);
4515 mtx_init(&umtx_shm_lock, "umtxshm", NULL, MTX_DEF);
4516 for (i = 0; i < nitems(umtx_shm_registry); i++)
4517 TAILQ_INIT(&umtx_shm_registry[i]);
4521 umtx_shm(struct thread *td, void *addr, u_int flags)
4523 struct umtx_key key;
4524 struct umtx_shm_reg *reg;
4528 if (__bitcount(flags & (UMTX_SHM_CREAT | UMTX_SHM_LOOKUP |
4529 UMTX_SHM_DESTROY| UMTX_SHM_ALIVE)) != 1)
4531 if ((flags & UMTX_SHM_ALIVE) != 0)
4532 return (umtx_shm_alive(td, addr));
4533 error = umtx_key_get(addr, TYPE_SHM, PROCESS_SHARE, &key);
4536 KASSERT(key.shared == 1, ("non-shared key"));
4537 if ((flags & UMTX_SHM_CREAT) != 0) {
4538 error = umtx_shm_create_reg(td, &key, ®);
4540 reg = umtx_shm_find_reg(&key);
4544 umtx_key_release(&key);
4547 KASSERT(reg != NULL, ("no reg"));
4548 if ((flags & UMTX_SHM_DESTROY) != 0) {
4549 umtx_shm_unref_reg(reg, true);
4553 error = mac_posixshm_check_open(td->td_ucred,
4554 reg->ushm_obj, FFLAGS(O_RDWR));
4557 error = shm_access(reg->ushm_obj, td->td_ucred,
4561 error = falloc_caps(td, &fp, &fd, O_CLOEXEC, NULL);
4563 shm_hold(reg->ushm_obj);
4564 finit(fp, FFLAGS(O_RDWR), DTYPE_SHM, reg->ushm_obj,
4566 td->td_retval[0] = fd;
4570 umtx_shm_unref_reg(reg, false);
4575 __umtx_op_shm(struct thread *td, struct _umtx_op_args *uap,
4576 const struct umtx_copyops *ops __unused)
4579 return (umtx_shm(td, uap->uaddr1, uap->val));
4583 __umtx_op_robust_lists(struct thread *td, struct _umtx_op_args *uap,
4584 const struct umtx_copyops *ops)
4586 struct umtx_robust_lists_params rb;
4589 if (ops->compat32) {
4590 if ((td->td_pflags2 & TDP2_COMPAT32RB) == 0 &&
4591 (td->td_rb_list != 0 || td->td_rbp_list != 0 ||
4592 td->td_rb_inact != 0))
4594 } else if ((td->td_pflags2 & TDP2_COMPAT32RB) != 0) {
4598 bzero(&rb, sizeof(rb));
4599 error = ops->copyin_robust_lists(uap->uaddr1, uap->val, &rb);
4604 td->td_pflags2 |= TDP2_COMPAT32RB;
4606 td->td_rb_list = rb.robust_list_offset;
4607 td->td_rbp_list = rb.robust_priv_list_offset;
4608 td->td_rb_inact = rb.robust_inact_offset;
4613 __umtx_op_get_min_timeout(struct thread *td, struct _umtx_op_args *uap,
4614 const struct umtx_copyops *ops)
4619 val = sbttons(td->td_proc->p_umtx_min_timeout);
4620 if (ops->compat32) {
4622 error = copyout(&val1, uap->uaddr1, sizeof(val1));
4624 error = copyout(&val, uap->uaddr1, sizeof(val));
4630 __umtx_op_set_min_timeout(struct thread *td, struct _umtx_op_args *uap,
4631 const struct umtx_copyops *ops)
4635 td->td_proc->p_umtx_min_timeout = nstosbt(uap->val);
4639 #if defined(__i386__) || defined(__amd64__)
4641 * Provide the standard 32-bit definitions for x86, since native/compat32 use a
4642 * 32-bit time_t there. Other architectures just need the i386 definitions
4643 * along with their standard compat32.
4645 struct timespecx32 {
4650 struct umtx_timex32 {
4651 struct timespecx32 _timeout;
4657 #define timespeci386 timespec32
4658 #define umtx_timei386 umtx_time32
4660 #else /* !__i386__ && !__amd64__ */
4661 /* 32-bit architectures can emulate i386, so define these almost everywhere. */
4662 struct timespeci386 {
4667 struct umtx_timei386 {
4668 struct timespeci386 _timeout;
4673 #if defined(__LP64__)
4674 #define timespecx32 timespec32
4675 #define umtx_timex32 umtx_time32
4680 umtx_copyin_robust_lists32(const void *uaddr, size_t size,
4681 struct umtx_robust_lists_params *rbp)
4683 struct umtx_robust_lists_params_compat32 rb32;
4686 if (size > sizeof(rb32))
4688 bzero(&rb32, sizeof(rb32));
4689 error = copyin(uaddr, &rb32, size);
4692 CP(rb32, *rbp, robust_list_offset);
4693 CP(rb32, *rbp, robust_priv_list_offset);
4694 CP(rb32, *rbp, robust_inact_offset);
4700 umtx_copyin_timeouti386(const void *uaddr, struct timespec *tsp)
4702 struct timespeci386 ts32;
4705 error = copyin(uaddr, &ts32, sizeof(ts32));
4707 if (!timespecvalid_interval(&ts32))
4710 CP(ts32, *tsp, tv_sec);
4711 CP(ts32, *tsp, tv_nsec);
4718 umtx_copyin_umtx_timei386(const void *uaddr, size_t size, struct _umtx_time *tp)
4720 struct umtx_timei386 t32;
4723 t32._clockid = CLOCK_REALTIME;
4725 if (size <= sizeof(t32._timeout))
4726 error = copyin(uaddr, &t32._timeout, sizeof(t32._timeout));
4728 error = copyin(uaddr, &t32, sizeof(t32));
4731 if (!timespecvalid_interval(&t32._timeout))
4733 TS_CP(t32, *tp, _timeout);
4734 CP(t32, *tp, _flags);
4735 CP(t32, *tp, _clockid);
4740 umtx_copyout_timeouti386(void *uaddr, size_t sz, struct timespec *tsp)
4742 struct timespeci386 remain32 = {
4743 .tv_sec = tsp->tv_sec,
4744 .tv_nsec = tsp->tv_nsec,
4748 * Should be guaranteed by the caller, sz == uaddr1 - sizeof(_umtx_time)
4749 * and we're only called if sz >= sizeof(timespec) as supplied in the
4752 KASSERT(sz >= sizeof(remain32),
4753 ("umtx_copyops specifies incorrect sizes"));
4755 return (copyout(&remain32, uaddr, sizeof(remain32)));
4757 #endif /* !__i386__ */
4759 #if defined(__i386__) || defined(__LP64__)
4761 umtx_copyin_timeoutx32(const void *uaddr, struct timespec *tsp)
4763 struct timespecx32 ts32;
4766 error = copyin(uaddr, &ts32, sizeof(ts32));
4768 if (!timespecvalid_interval(&ts32))
4771 CP(ts32, *tsp, tv_sec);
4772 CP(ts32, *tsp, tv_nsec);
4779 umtx_copyin_umtx_timex32(const void *uaddr, size_t size, struct _umtx_time *tp)
4781 struct umtx_timex32 t32;
4784 t32._clockid = CLOCK_REALTIME;
4786 if (size <= sizeof(t32._timeout))
4787 error = copyin(uaddr, &t32._timeout, sizeof(t32._timeout));
4789 error = copyin(uaddr, &t32, sizeof(t32));
4792 if (!timespecvalid_interval(&t32._timeout))
4794 TS_CP(t32, *tp, _timeout);
4795 CP(t32, *tp, _flags);
4796 CP(t32, *tp, _clockid);
4801 umtx_copyout_timeoutx32(void *uaddr, size_t sz, struct timespec *tsp)
4803 struct timespecx32 remain32 = {
4804 .tv_sec = tsp->tv_sec,
4805 .tv_nsec = tsp->tv_nsec,
4809 * Should be guaranteed by the caller, sz == uaddr1 - sizeof(_umtx_time)
4810 * and we're only called if sz >= sizeof(timespec) as supplied in the
4813 KASSERT(sz >= sizeof(remain32),
4814 ("umtx_copyops specifies incorrect sizes"));
4816 return (copyout(&remain32, uaddr, sizeof(remain32)));
4818 #endif /* __i386__ || __LP64__ */
4820 typedef int (*_umtx_op_func)(struct thread *td, struct _umtx_op_args *uap,
4821 const struct umtx_copyops *umtx_ops);
4823 static const _umtx_op_func op_table[] = {
4824 #ifdef COMPAT_FREEBSD10
4825 [UMTX_OP_LOCK] = __umtx_op_lock_umtx,
4826 [UMTX_OP_UNLOCK] = __umtx_op_unlock_umtx,
4828 [UMTX_OP_LOCK] = __umtx_op_unimpl,
4829 [UMTX_OP_UNLOCK] = __umtx_op_unimpl,
4831 [UMTX_OP_WAIT] = __umtx_op_wait,
4832 [UMTX_OP_WAKE] = __umtx_op_wake,
4833 [UMTX_OP_MUTEX_TRYLOCK] = __umtx_op_trylock_umutex,
4834 [UMTX_OP_MUTEX_LOCK] = __umtx_op_lock_umutex,
4835 [UMTX_OP_MUTEX_UNLOCK] = __umtx_op_unlock_umutex,
4836 [UMTX_OP_SET_CEILING] = __umtx_op_set_ceiling,
4837 [UMTX_OP_CV_WAIT] = __umtx_op_cv_wait,
4838 [UMTX_OP_CV_SIGNAL] = __umtx_op_cv_signal,
4839 [UMTX_OP_CV_BROADCAST] = __umtx_op_cv_broadcast,
4840 [UMTX_OP_WAIT_UINT] = __umtx_op_wait_uint,
4841 [UMTX_OP_RW_RDLOCK] = __umtx_op_rw_rdlock,
4842 [UMTX_OP_RW_WRLOCK] = __umtx_op_rw_wrlock,
4843 [UMTX_OP_RW_UNLOCK] = __umtx_op_rw_unlock,
4844 [UMTX_OP_WAIT_UINT_PRIVATE] = __umtx_op_wait_uint_private,
4845 [UMTX_OP_WAKE_PRIVATE] = __umtx_op_wake_private,
4846 [UMTX_OP_MUTEX_WAIT] = __umtx_op_wait_umutex,
4847 [UMTX_OP_MUTEX_WAKE] = __umtx_op_wake_umutex,
4848 #if defined(COMPAT_FREEBSD9) || defined(COMPAT_FREEBSD10)
4849 [UMTX_OP_SEM_WAIT] = __umtx_op_sem_wait,
4850 [UMTX_OP_SEM_WAKE] = __umtx_op_sem_wake,
4852 [UMTX_OP_SEM_WAIT] = __umtx_op_unimpl,
4853 [UMTX_OP_SEM_WAKE] = __umtx_op_unimpl,
4855 [UMTX_OP_NWAKE_PRIVATE] = __umtx_op_nwake_private,
4856 [UMTX_OP_MUTEX_WAKE2] = __umtx_op_wake2_umutex,
4857 [UMTX_OP_SEM2_WAIT] = __umtx_op_sem2_wait,
4858 [UMTX_OP_SEM2_WAKE] = __umtx_op_sem2_wake,
4859 [UMTX_OP_SHM] = __umtx_op_shm,
4860 [UMTX_OP_ROBUST_LISTS] = __umtx_op_robust_lists,
4861 [UMTX_OP_GET_MIN_TIMEOUT] = __umtx_op_get_min_timeout,
4862 [UMTX_OP_SET_MIN_TIMEOUT] = __umtx_op_set_min_timeout,
4865 static const struct umtx_copyops umtx_native_ops = {
4866 .copyin_timeout = umtx_copyin_timeout,
4867 .copyin_umtx_time = umtx_copyin_umtx_time,
4868 .copyin_robust_lists = umtx_copyin_robust_lists,
4869 .copyout_timeout = umtx_copyout_timeout,
4870 .timespec_sz = sizeof(struct timespec),
4871 .umtx_time_sz = sizeof(struct _umtx_time),
4875 static const struct umtx_copyops umtx_native_opsi386 = {
4876 .copyin_timeout = umtx_copyin_timeouti386,
4877 .copyin_umtx_time = umtx_copyin_umtx_timei386,
4878 .copyin_robust_lists = umtx_copyin_robust_lists32,
4879 .copyout_timeout = umtx_copyout_timeouti386,
4880 .timespec_sz = sizeof(struct timespeci386),
4881 .umtx_time_sz = sizeof(struct umtx_timei386),
4886 #if defined(__i386__) || defined(__LP64__)
4887 /* i386 can emulate other 32-bit archs, too! */
4888 static const struct umtx_copyops umtx_native_opsx32 = {
4889 .copyin_timeout = umtx_copyin_timeoutx32,
4890 .copyin_umtx_time = umtx_copyin_umtx_timex32,
4891 .copyin_robust_lists = umtx_copyin_robust_lists32,
4892 .copyout_timeout = umtx_copyout_timeoutx32,
4893 .timespec_sz = sizeof(struct timespecx32),
4894 .umtx_time_sz = sizeof(struct umtx_timex32),
4898 #ifdef COMPAT_FREEBSD32
4900 #define umtx_native_ops32 umtx_native_opsi386
4902 #define umtx_native_ops32 umtx_native_opsx32
4904 #endif /* COMPAT_FREEBSD32 */
4905 #endif /* __i386__ || __LP64__ */
4907 #define UMTX_OP__FLAGS (UMTX_OP__32BIT | UMTX_OP__I386)
4910 kern__umtx_op(struct thread *td, void *obj, int op, unsigned long val,
4911 void *uaddr1, void *uaddr2, const struct umtx_copyops *ops)
4913 struct _umtx_op_args uap = {
4915 .op = op & ~UMTX_OP__FLAGS,
4921 if ((uap.op >= nitems(op_table)))
4923 return ((*op_table[uap.op])(td, &uap, ops));
4927 sys__umtx_op(struct thread *td, struct _umtx_op_args *uap)
4929 static const struct umtx_copyops *umtx_ops;
4931 umtx_ops = &umtx_native_ops;
4933 if ((uap->op & (UMTX_OP__32BIT | UMTX_OP__I386)) != 0) {
4934 if ((uap->op & UMTX_OP__I386) != 0)
4935 umtx_ops = &umtx_native_opsi386;
4937 umtx_ops = &umtx_native_opsx32;
4939 #elif !defined(__i386__)
4940 /* We consider UMTX_OP__32BIT a nop on !i386 ILP32. */
4941 if ((uap->op & UMTX_OP__I386) != 0)
4942 umtx_ops = &umtx_native_opsi386;
4944 /* Likewise, UMTX_OP__I386 is a nop on i386. */
4945 if ((uap->op & UMTX_OP__32BIT) != 0)
4946 umtx_ops = &umtx_native_opsx32;
4948 return (kern__umtx_op(td, uap->obj, uap->op, uap->val, uap->uaddr1,
4949 uap->uaddr2, umtx_ops));
4952 #ifdef COMPAT_FREEBSD32
4953 #ifdef COMPAT_FREEBSD10
4955 freebsd10_freebsd32_umtx_lock(struct thread *td,
4956 struct freebsd10_freebsd32_umtx_lock_args *uap)
4958 return (do_lock_umtx32(td, (uint32_t *)uap->umtx, td->td_tid, NULL));
4962 freebsd10_freebsd32_umtx_unlock(struct thread *td,
4963 struct freebsd10_freebsd32_umtx_unlock_args *uap)
4965 return (do_unlock_umtx32(td, (uint32_t *)uap->umtx, td->td_tid));
4967 #endif /* COMPAT_FREEBSD10 */
4970 freebsd32__umtx_op(struct thread *td, struct freebsd32__umtx_op_args *uap)
4973 return (kern__umtx_op(td, uap->obj, uap->op, uap->val, uap->uaddr,
4974 uap->uaddr2, &umtx_native_ops32));
4976 #endif /* COMPAT_FREEBSD32 */
4979 umtx_thread_init(struct thread *td)
4982 td->td_umtxq = umtxq_alloc();
4983 td->td_umtxq->uq_thread = td;
4987 umtx_thread_fini(struct thread *td)
4990 umtxq_free(td->td_umtxq);
4994 * It will be called when new thread is created, e.g fork().
4997 umtx_thread_alloc(struct thread *td)
5002 uq->uq_inherited_pri = PRI_MAX;
5004 KASSERT(uq->uq_flags == 0, ("uq_flags != 0"));
5005 KASSERT(uq->uq_thread == td, ("uq_thread != td"));
5006 KASSERT(uq->uq_pi_blocked == NULL, ("uq_pi_blocked != NULL"));
5007 KASSERT(TAILQ_EMPTY(&uq->uq_pi_contested), ("uq_pi_contested is not empty"));
5013 * Clear robust lists for all process' threads, not delaying the
5014 * cleanup to thread exit, since the relevant address space is
5015 * destroyed right now.
5018 umtx_exec(struct proc *p)
5022 KASSERT(p == curproc, ("need curproc"));
5023 KASSERT((p->p_flag & P_HADTHREADS) == 0 ||
5024 (p->p_flag & P_STOPPED_SINGLE) != 0,
5025 ("curproc must be single-threaded"));
5027 * There is no need to lock the list as only this thread can be
5030 FOREACH_THREAD_IN_PROC(p, td) {
5031 KASSERT(td == curthread ||
5032 ((td->td_flags & TDF_BOUNDARY) != 0 && TD_IS_SUSPENDED(td)),
5033 ("running thread %p %p", p, td));
5034 umtx_thread_cleanup(td);
5035 td->td_rb_list = td->td_rbp_list = td->td_rb_inact = 0;
5038 p->p_umtx_min_timeout = 0;
5045 umtx_thread_exit(struct thread *td)
5048 umtx_thread_cleanup(td);
5052 umtx_read_uptr(struct thread *td, uintptr_t ptr, uintptr_t *res, bool compat32)
5059 error = fueword32((void *)ptr, &res32);
5063 error = fueword((void *)ptr, &res1);
5073 umtx_read_rb_list(struct thread *td, struct umutex *m, uintptr_t *rb_list,
5076 struct umutex32 m32;
5079 memcpy(&m32, m, sizeof(m32));
5080 *rb_list = m32.m_rb_lnk;
5082 *rb_list = m->m_rb_lnk;
5087 umtx_handle_rb(struct thread *td, uintptr_t rbp, uintptr_t *rb_list, bool inact,
5093 KASSERT(td->td_proc == curproc, ("need current vmspace"));
5094 error = copyin((void *)rbp, &m, sizeof(m));
5097 if (rb_list != NULL)
5098 umtx_read_rb_list(td, &m, rb_list, compat32);
5099 if ((m.m_flags & UMUTEX_ROBUST) == 0)
5101 if ((m.m_owner & ~UMUTEX_CONTESTED) != td->td_tid)
5102 /* inact is cleared after unlock, allow the inconsistency */
5103 return (inact ? 0 : EINVAL);
5104 return (do_unlock_umutex(td, (struct umutex *)rbp, true));
5108 umtx_cleanup_rb_list(struct thread *td, uintptr_t rb_list, uintptr_t *rb_inact,
5109 const char *name, bool compat32)
5117 error = umtx_read_uptr(td, rb_list, &rbp, compat32);
5118 for (i = 0; error == 0 && rbp != 0 && i < umtx_max_rb; i++) {
5119 if (rbp == *rb_inact) {
5124 error = umtx_handle_rb(td, rbp, &rbp, inact, compat32);
5126 if (i == umtx_max_rb && umtx_verbose_rb) {
5127 uprintf("comm %s pid %d: reached umtx %smax rb %d\n",
5128 td->td_proc->p_comm, td->td_proc->p_pid, name, umtx_max_rb);
5130 if (error != 0 && umtx_verbose_rb) {
5131 uprintf("comm %s pid %d: handling %srb error %d\n",
5132 td->td_proc->p_comm, td->td_proc->p_pid, name, error);
5137 * Clean up umtx data.
5140 umtx_thread_cleanup(struct thread *td)
5148 * Disown pi mutexes.
5152 if (uq->uq_inherited_pri != PRI_MAX ||
5153 !TAILQ_EMPTY(&uq->uq_pi_contested)) {
5154 mtx_lock(&umtx_lock);
5155 uq->uq_inherited_pri = PRI_MAX;
5156 while ((pi = TAILQ_FIRST(&uq->uq_pi_contested)) != NULL) {
5157 pi->pi_owner = NULL;
5158 TAILQ_REMOVE(&uq->uq_pi_contested, pi, pi_link);
5160 mtx_unlock(&umtx_lock);
5162 sched_lend_user_prio_cond(td, PRI_MAX);
5165 compat32 = (td->td_pflags2 & TDP2_COMPAT32RB) != 0;
5166 td->td_pflags2 &= ~TDP2_COMPAT32RB;
5168 if (td->td_rb_inact == 0 && td->td_rb_list == 0 && td->td_rbp_list == 0)
5172 * Handle terminated robust mutexes. Must be done after
5173 * robust pi disown, otherwise unlock could see unowned
5176 rb_inact = td->td_rb_inact;
5178 (void)umtx_read_uptr(td, rb_inact, &rb_inact, compat32);
5179 umtx_cleanup_rb_list(td, td->td_rb_list, &rb_inact, "", compat32);
5180 umtx_cleanup_rb_list(td, td->td_rbp_list, &rb_inact, "priv ", compat32);
5182 (void)umtx_handle_rb(td, rb_inact, NULL, true, compat32);
projects / FreeBSD / FreeBSD.git / blob