2 * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
4 * Copyright (c) 2015, 2016 The FreeBSD Foundation
5 * Copyright (c) 2004, David Xu <davidxu@freebsd.org>
6 * Copyright (c) 2002, Jeffrey Roberson <jeff@freebsd.org>
9 * Portions of this software were developed by Konstantin Belousov
10 * under sponsorship from the FreeBSD Foundation.
12 * Redistribution and use in source and binary forms, with or without
13 * modification, are permitted provided that the following conditions
15 * 1. Redistributions of source code must retain the above copyright
16 * notice unmodified, this list of conditions, and the following
18 * 2. Redistributions in binary form must reproduce the above copyright
19 * notice, this list of conditions and the following disclaimer in the
20 * documentation and/or other materials provided with the distribution.
22 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
23 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
24 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
25 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
26 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
27 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
28 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
29 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
30 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
31 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
34 #include <sys/cdefs.h>
35 __FBSDID("$FreeBSD$");
37 #include "opt_umtx_profiling.h"
39 #include <sys/param.h>
40 #include <sys/kernel.h>
41 #include <sys/fcntl.h>
43 #include <sys/filedesc.h>
44 #include <sys/limits.h>
46 #include <sys/malloc.h>
48 #include <sys/mutex.h>
51 #include <sys/resource.h>
52 #include <sys/resourcevar.h>
53 #include <sys/rwlock.h>
55 #include <sys/sched.h>
57 #include <sys/sysctl.h>
58 #include <sys/sysent.h>
59 #include <sys/systm.h>
60 #include <sys/sysproto.h>
61 #include <sys/syscallsubr.h>
62 #include <sys/taskqueue.h>
64 #include <sys/eventhandler.h>
66 #include <sys/umtxvar.h>
68 #include <security/mac/mac_framework.h>
71 #include <vm/vm_param.h>
73 #include <vm/vm_map.h>
74 #include <vm/vm_object.h>
76 #include <machine/atomic.h>
77 #include <machine/cpu.h>
79 #include <compat/freebsd32/freebsd32.h>
80 #ifdef COMPAT_FREEBSD32
81 #include <compat/freebsd32/freebsd32_proto.h>
85 #define _UMUTEX_WAIT 2
88 #define UPROF_PERC_BIGGER(w, f, sw, sf) \
89 (((w) > (sw)) || ((w) == (sw) && (f) > (sf)))
92 /* Priority inheritance mutex info. */
95 struct thread *pi_owner;
100 /* List entry to link umtx holding by thread */
101 TAILQ_ENTRY(umtx_pi) pi_link;
103 /* List entry in hash */
104 TAILQ_ENTRY(umtx_pi) pi_hashlink;
106 /* List for waiters */
107 TAILQ_HEAD(,umtx_q) pi_blocked;
109 /* Identify a userland lock object */
110 struct umtx_key pi_key;
113 /* A userland synchronous object user. */
115 /* Linked list for the hash. */
116 TAILQ_ENTRY(umtx_q) uq_link;
119 struct umtx_key uq_key;
123 #define UQF_UMTXQ 0x0001
125 /* The thread waits on. */
126 struct thread *uq_thread;
129 * Blocked on PI mutex. read can use chain lock
130 * or umtx_lock, write must have both chain lock and
131 * umtx_lock being hold.
133 struct umtx_pi *uq_pi_blocked;
135 /* On blocked list */
136 TAILQ_ENTRY(umtx_q) uq_lockq;
138 /* Thread contending with us */
139 TAILQ_HEAD(,umtx_pi) uq_pi_contested;
141 /* Inherited priority from PP mutex */
142 u_char uq_inherited_pri;
144 /* Spare queue ready to be reused */
145 struct umtxq_queue *uq_spare_queue;
147 /* The queue we on */
148 struct umtxq_queue *uq_cur_queue;
151 TAILQ_HEAD(umtxq_head, umtx_q);
153 /* Per-key wait-queue */
155 struct umtxq_head head;
157 LIST_ENTRY(umtxq_queue) link;
161 LIST_HEAD(umtxq_list, umtxq_queue);
163 /* Userland lock object's wait-queue chain */
165 /* Lock for this chain. */
168 /* List of sleep queues. */
169 struct umtxq_list uc_queue[2];
170 #define UMTX_SHARED_QUEUE 0
171 #define UMTX_EXCLUSIVE_QUEUE 1
173 LIST_HEAD(, umtxq_queue) uc_spare_queue;
178 /* Chain lock waiters */
181 /* All PI in the list */
182 TAILQ_HEAD(,umtx_pi) uc_pi_list;
184 #ifdef UMTX_PROFILING
190 #define UMTXQ_LOCKED_ASSERT(uc) mtx_assert(&(uc)->uc_lock, MA_OWNED)
193 * Don't propagate time-sharing priority, there is a security reason,
194 * a user can simply introduce PI-mutex, let thread A lock the mutex,
195 * and let another thread B block on the mutex, because B is
196 * sleeping, its priority will be boosted, this causes A's priority to
197 * be boosted via priority propagating too and will never be lowered even
198 * if it is using 100%CPU, this is unfair to other processes.
201 #define UPRI(td) (((td)->td_user_pri >= PRI_MIN_TIMESHARE &&\
202 (td)->td_user_pri <= PRI_MAX_TIMESHARE) ?\
203 PRI_MAX_TIMESHARE : (td)->td_user_pri)
205 #define GOLDEN_RATIO_PRIME 2654404609U
207 #define UMTX_CHAINS 512
209 #define UMTX_SHIFTS (__WORD_BIT - 9)
211 #define GET_SHARE(flags) \
212 (((flags) & USYNC_PROCESS_SHARED) == 0 ? THREAD_SHARE : PROCESS_SHARE)
214 #define BUSY_SPINS 200
218 bool is_abs_real; /* TIMER_ABSTIME && CLOCK_REALTIME* */
223 struct umtx_copyops {
224 int (*copyin_timeout)(const void *uaddr, struct timespec *tsp);
225 int (*copyin_umtx_time)(const void *uaddr, size_t size,
226 struct _umtx_time *tp);
227 int (*copyin_robust_lists)(const void *uaddr, size_t size,
228 struct umtx_robust_lists_params *rbp);
229 int (*copyout_timeout)(void *uaddr, size_t size,
230 struct timespec *tsp);
231 const size_t timespec_sz;
232 const size_t umtx_time_sz;
236 _Static_assert(sizeof(struct umutex) == sizeof(struct umutex32), "umutex32");
237 _Static_assert(__offsetof(struct umutex, m_spare[0]) ==
238 __offsetof(struct umutex32, m_spare[0]), "m_spare32");
240 int umtx_shm_vnobj_persistent = 0;
241 SYSCTL_INT(_kern_ipc, OID_AUTO, umtx_vnode_persistent, CTLFLAG_RWTUN,
242 &umtx_shm_vnobj_persistent, 0,
243 "False forces destruction of umtx attached to file, on last close");
244 static int umtx_max_rb = 1000;
245 SYSCTL_INT(_kern_ipc, OID_AUTO, umtx_max_robust, CTLFLAG_RWTUN,
247 "Maximum number of robust mutexes allowed for each thread");
249 static uma_zone_t umtx_pi_zone;
250 static struct umtxq_chain umtxq_chains[2][UMTX_CHAINS];
251 static MALLOC_DEFINE(M_UMTX, "umtx", "UMTX queue memory");
252 static int umtx_pi_allocated;
254 static SYSCTL_NODE(_debug, OID_AUTO, umtx, CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
256 SYSCTL_INT(_debug_umtx, OID_AUTO, umtx_pi_allocated, CTLFLAG_RD,
257 &umtx_pi_allocated, 0, "Allocated umtx_pi");
258 static int umtx_verbose_rb = 1;
259 SYSCTL_INT(_debug_umtx, OID_AUTO, robust_faults_verbose, CTLFLAG_RWTUN,
263 #ifdef UMTX_PROFILING
264 static long max_length;
265 SYSCTL_LONG(_debug_umtx, OID_AUTO, max_length, CTLFLAG_RD, &max_length, 0, "max_length");
266 static SYSCTL_NODE(_debug_umtx, OID_AUTO, chains, CTLFLAG_RD | CTLFLAG_MPSAFE, 0,
270 static void abs_timeout_update(struct abs_timeout *timo);
272 static void umtx_shm_init(void);
273 static void umtxq_sysinit(void *);
274 static void umtxq_hash(struct umtx_key *key);
275 static struct umtxq_chain *umtxq_getchain(struct umtx_key *key);
276 static void umtxq_unlock(struct umtx_key *key);
277 static void umtxq_busy(struct umtx_key *key);
278 static void umtxq_unbusy(struct umtx_key *key);
279 static void umtxq_insert_queue(struct umtx_q *uq, int q);
280 static void umtxq_remove_queue(struct umtx_q *uq, int q);
281 static int umtxq_sleep(struct umtx_q *uq, const char *wmesg, struct abs_timeout *);
282 static int umtxq_count(struct umtx_key *key);
283 static struct umtx_pi *umtx_pi_alloc(int);
284 static void umtx_pi_free(struct umtx_pi *pi);
285 static int do_unlock_pp(struct thread *td, struct umutex *m, uint32_t flags,
287 static void umtx_thread_cleanup(struct thread *td);
288 SYSINIT(umtx, SI_SUB_EVENTHANDLER+1, SI_ORDER_MIDDLE, umtxq_sysinit, NULL);
290 #define umtxq_signal(key, nwake) umtxq_signal_queue((key), (nwake), UMTX_SHARED_QUEUE)
291 #define umtxq_insert(uq) umtxq_insert_queue((uq), UMTX_SHARED_QUEUE)
292 #define umtxq_remove(uq) umtxq_remove_queue((uq), UMTX_SHARED_QUEUE)
294 static struct mtx umtx_lock;
296 #ifdef UMTX_PROFILING
298 umtx_init_profiling(void)
300 struct sysctl_oid *chain_oid;
304 for (i = 0; i < UMTX_CHAINS; ++i) {
305 snprintf(chain_name, sizeof(chain_name), "%d", i);
306 chain_oid = SYSCTL_ADD_NODE(NULL,
307 SYSCTL_STATIC_CHILDREN(_debug_umtx_chains), OID_AUTO,
308 chain_name, CTLFLAG_RD | CTLFLAG_MPSAFE, NULL,
310 SYSCTL_ADD_INT(NULL, SYSCTL_CHILDREN(chain_oid), OID_AUTO,
311 "max_length0", CTLFLAG_RD, &umtxq_chains[0][i].max_length, 0, NULL);
312 SYSCTL_ADD_INT(NULL, SYSCTL_CHILDREN(chain_oid), OID_AUTO,
313 "max_length1", CTLFLAG_RD, &umtxq_chains[1][i].max_length, 0, NULL);
318 sysctl_debug_umtx_chains_peaks(SYSCTL_HANDLER_ARGS)
322 struct umtxq_chain *uc;
323 u_int fract, i, j, tot, whole;
324 u_int sf0, sf1, sf2, sf3, sf4;
325 u_int si0, si1, si2, si3, si4;
326 u_int sw0, sw1, sw2, sw3, sw4;
328 sbuf_new(&sb, buf, sizeof(buf), SBUF_FIXEDLEN);
329 for (i = 0; i < 2; i++) {
331 for (j = 0; j < UMTX_CHAINS; ++j) {
332 uc = &umtxq_chains[i][j];
333 mtx_lock(&uc->uc_lock);
334 tot += uc->max_length;
335 mtx_unlock(&uc->uc_lock);
338 sbuf_printf(&sb, "%u) Empty ", i);
340 sf0 = sf1 = sf2 = sf3 = sf4 = 0;
341 si0 = si1 = si2 = si3 = si4 = 0;
342 sw0 = sw1 = sw2 = sw3 = sw4 = 0;
343 for (j = 0; j < UMTX_CHAINS; j++) {
344 uc = &umtxq_chains[i][j];
345 mtx_lock(&uc->uc_lock);
346 whole = uc->max_length * 100;
347 mtx_unlock(&uc->uc_lock);
348 fract = (whole % tot) * 100;
349 if (UPROF_PERC_BIGGER(whole, fract, sw0, sf0)) {
353 } else if (UPROF_PERC_BIGGER(whole, fract, sw1,
358 } else if (UPROF_PERC_BIGGER(whole, fract, sw2,
363 } else if (UPROF_PERC_BIGGER(whole, fract, sw3,
368 } else if (UPROF_PERC_BIGGER(whole, fract, sw4,
375 sbuf_printf(&sb, "queue %u:\n", i);
376 sbuf_printf(&sb, "1st: %u.%u%% idx: %u\n", sw0 / tot,
378 sbuf_printf(&sb, "2nd: %u.%u%% idx: %u\n", sw1 / tot,
380 sbuf_printf(&sb, "3rd: %u.%u%% idx: %u\n", sw2 / tot,
382 sbuf_printf(&sb, "4th: %u.%u%% idx: %u\n", sw3 / tot,
384 sbuf_printf(&sb, "5th: %u.%u%% idx: %u\n", sw4 / tot,
390 sysctl_handle_string(oidp, sbuf_data(&sb), sbuf_len(&sb), req);
396 sysctl_debug_umtx_chains_clear(SYSCTL_HANDLER_ARGS)
398 struct umtxq_chain *uc;
403 error = sysctl_handle_int(oidp, &clear, 0, req);
404 if (error != 0 || req->newptr == NULL)
408 for (i = 0; i < 2; ++i) {
409 for (j = 0; j < UMTX_CHAINS; ++j) {
410 uc = &umtxq_chains[i][j];
411 mtx_lock(&uc->uc_lock);
414 mtx_unlock(&uc->uc_lock);
421 SYSCTL_PROC(_debug_umtx_chains, OID_AUTO, clear,
422 CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE, 0, 0,
423 sysctl_debug_umtx_chains_clear, "I",
424 "Clear umtx chains statistics");
425 SYSCTL_PROC(_debug_umtx_chains, OID_AUTO, peaks,
426 CTLTYPE_STRING | CTLFLAG_RD | CTLFLAG_MPSAFE, 0, 0,
427 sysctl_debug_umtx_chains_peaks, "A",
428 "Highest peaks in chains max length");
432 umtxq_sysinit(void *arg __unused)
436 umtx_pi_zone = uma_zcreate("umtx pi", sizeof(struct umtx_pi),
437 NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, 0);
438 for (i = 0; i < 2; ++i) {
439 for (j = 0; j < UMTX_CHAINS; ++j) {
440 mtx_init(&umtxq_chains[i][j].uc_lock, "umtxql", NULL,
441 MTX_DEF | MTX_DUPOK);
442 LIST_INIT(&umtxq_chains[i][j].uc_queue[0]);
443 LIST_INIT(&umtxq_chains[i][j].uc_queue[1]);
444 LIST_INIT(&umtxq_chains[i][j].uc_spare_queue);
445 TAILQ_INIT(&umtxq_chains[i][j].uc_pi_list);
446 umtxq_chains[i][j].uc_busy = 0;
447 umtxq_chains[i][j].uc_waiters = 0;
448 #ifdef UMTX_PROFILING
449 umtxq_chains[i][j].length = 0;
450 umtxq_chains[i][j].max_length = 0;
454 #ifdef UMTX_PROFILING
455 umtx_init_profiling();
457 mtx_init(&umtx_lock, "umtx lock", NULL, MTX_DEF);
466 uq = malloc(sizeof(struct umtx_q), M_UMTX, M_WAITOK | M_ZERO);
467 uq->uq_spare_queue = malloc(sizeof(struct umtxq_queue), M_UMTX,
469 TAILQ_INIT(&uq->uq_spare_queue->head);
470 TAILQ_INIT(&uq->uq_pi_contested);
471 uq->uq_inherited_pri = PRI_MAX;
476 umtxq_free(struct umtx_q *uq)
479 MPASS(uq->uq_spare_queue != NULL);
480 free(uq->uq_spare_queue, M_UMTX);
485 umtxq_hash(struct umtx_key *key)
489 n = (uintptr_t)key->info.both.a + key->info.both.b;
490 key->hash = ((n * GOLDEN_RATIO_PRIME) >> UMTX_SHIFTS) % UMTX_CHAINS;
493 static inline struct umtxq_chain *
494 umtxq_getchain(struct umtx_key *key)
497 if (key->type <= TYPE_SEM)
498 return (&umtxq_chains[1][key->hash]);
499 return (&umtxq_chains[0][key->hash]);
505 * The code is a macro so that file/line information is taken from the caller.
507 #define umtxq_lock(key) do { \
508 struct umtx_key *_key = (key); \
509 struct umtxq_chain *_uc; \
511 _uc = umtxq_getchain(_key); \
512 mtx_lock(&_uc->uc_lock); \
519 umtxq_unlock(struct umtx_key *key)
521 struct umtxq_chain *uc;
523 uc = umtxq_getchain(key);
524 mtx_unlock(&uc->uc_lock);
528 * Set chain to busy state when following operation
529 * may be blocked (kernel mutex can not be used).
532 umtxq_busy(struct umtx_key *key)
534 struct umtxq_chain *uc;
536 uc = umtxq_getchain(key);
537 mtx_assert(&uc->uc_lock, MA_OWNED);
541 int count = BUSY_SPINS;
544 while (uc->uc_busy && --count > 0)
550 while (uc->uc_busy) {
552 msleep(uc, &uc->uc_lock, 0, "umtxqb", 0);
563 umtxq_unbusy(struct umtx_key *key)
565 struct umtxq_chain *uc;
567 uc = umtxq_getchain(key);
568 mtx_assert(&uc->uc_lock, MA_OWNED);
569 KASSERT(uc->uc_busy != 0, ("not busy"));
576 umtxq_unbusy_unlocked(struct umtx_key *key)
584 static struct umtxq_queue *
585 umtxq_queue_lookup(struct umtx_key *key, int q)
587 struct umtxq_queue *uh;
588 struct umtxq_chain *uc;
590 uc = umtxq_getchain(key);
591 UMTXQ_LOCKED_ASSERT(uc);
592 LIST_FOREACH(uh, &uc->uc_queue[q], link) {
593 if (umtx_key_match(&uh->key, key))
601 umtxq_insert_queue(struct umtx_q *uq, int q)
603 struct umtxq_queue *uh;
604 struct umtxq_chain *uc;
606 uc = umtxq_getchain(&uq->uq_key);
607 UMTXQ_LOCKED_ASSERT(uc);
608 KASSERT((uq->uq_flags & UQF_UMTXQ) == 0, ("umtx_q is already on queue"));
609 uh = umtxq_queue_lookup(&uq->uq_key, q);
611 LIST_INSERT_HEAD(&uc->uc_spare_queue, uq->uq_spare_queue, link);
613 uh = uq->uq_spare_queue;
614 uh->key = uq->uq_key;
615 LIST_INSERT_HEAD(&uc->uc_queue[q], uh, link);
616 #ifdef UMTX_PROFILING
618 if (uc->length > uc->max_length) {
619 uc->max_length = uc->length;
620 if (uc->max_length > max_length)
621 max_length = uc->max_length;
625 uq->uq_spare_queue = NULL;
627 TAILQ_INSERT_TAIL(&uh->head, uq, uq_link);
629 uq->uq_flags |= UQF_UMTXQ;
630 uq->uq_cur_queue = uh;
635 umtxq_remove_queue(struct umtx_q *uq, int q)
637 struct umtxq_chain *uc;
638 struct umtxq_queue *uh;
640 uc = umtxq_getchain(&uq->uq_key);
641 UMTXQ_LOCKED_ASSERT(uc);
642 if (uq->uq_flags & UQF_UMTXQ) {
643 uh = uq->uq_cur_queue;
644 TAILQ_REMOVE(&uh->head, uq, uq_link);
646 uq->uq_flags &= ~UQF_UMTXQ;
647 if (TAILQ_EMPTY(&uh->head)) {
648 KASSERT(uh->length == 0,
649 ("inconsistent umtxq_queue length"));
650 #ifdef UMTX_PROFILING
653 LIST_REMOVE(uh, link);
655 uh = LIST_FIRST(&uc->uc_spare_queue);
656 KASSERT(uh != NULL, ("uc_spare_queue is empty"));
657 LIST_REMOVE(uh, link);
659 uq->uq_spare_queue = uh;
660 uq->uq_cur_queue = NULL;
665 * Check if there are multiple waiters
668 umtxq_count(struct umtx_key *key)
670 struct umtxq_queue *uh;
672 UMTXQ_LOCKED_ASSERT(umtxq_getchain(key));
673 uh = umtxq_queue_lookup(key, UMTX_SHARED_QUEUE);
680 * Check if there are multiple PI waiters and returns first
684 umtxq_count_pi(struct umtx_key *key, struct umtx_q **first)
686 struct umtxq_queue *uh;
689 UMTXQ_LOCKED_ASSERT(umtxq_getchain(key));
690 uh = umtxq_queue_lookup(key, UMTX_SHARED_QUEUE);
692 *first = TAILQ_FIRST(&uh->head);
699 * Wake up threads waiting on an userland object.
703 umtxq_signal_queue(struct umtx_key *key, int n_wake, int q)
705 struct umtxq_queue *uh;
710 UMTXQ_LOCKED_ASSERT(umtxq_getchain(key));
711 uh = umtxq_queue_lookup(key, q);
713 while ((uq = TAILQ_FIRST(&uh->head)) != NULL) {
714 umtxq_remove_queue(uq, q);
724 * Wake up specified thread.
727 umtxq_signal_thread(struct umtx_q *uq)
730 UMTXQ_LOCKED_ASSERT(umtxq_getchain(&uq->uq_key));
736 tstohz(const struct timespec *tsp)
740 TIMESPEC_TO_TIMEVAL(&tv, tsp);
745 abs_timeout_init(struct abs_timeout *timo, int clockid, int absolute,
746 const struct timespec *timeout)
749 timo->clockid = clockid;
751 timo->is_abs_real = false;
752 abs_timeout_update(timo);
753 timespecadd(&timo->cur, timeout, &timo->end);
755 timo->end = *timeout;
756 timo->is_abs_real = clockid == CLOCK_REALTIME ||
757 clockid == CLOCK_REALTIME_FAST ||
758 clockid == CLOCK_REALTIME_PRECISE;
760 * If is_abs_real, umtxq_sleep will read the clock
761 * after setting td_rtcgen; otherwise, read it here.
763 if (!timo->is_abs_real) {
764 abs_timeout_update(timo);
770 abs_timeout_init2(struct abs_timeout *timo, const struct _umtx_time *umtxtime)
773 abs_timeout_init(timo, umtxtime->_clockid,
774 (umtxtime->_flags & UMTX_ABSTIME) != 0, &umtxtime->_timeout);
778 abs_timeout_update(struct abs_timeout *timo)
781 kern_clock_gettime(curthread, timo->clockid, &timo->cur);
785 abs_timeout_gethz(struct abs_timeout *timo)
789 if (timespeccmp(&timo->end, &timo->cur, <=))
791 timespecsub(&timo->end, &timo->cur, &tts);
792 return (tstohz(&tts));
796 umtx_unlock_val(uint32_t flags, bool rb)
800 return (UMUTEX_RB_OWNERDEAD);
801 else if ((flags & UMUTEX_NONCONSISTENT) != 0)
802 return (UMUTEX_RB_NOTRECOV);
804 return (UMUTEX_UNOWNED);
809 * Put thread into sleep state, before sleeping, check if
810 * thread was removed from umtx queue.
813 umtxq_sleep(struct umtx_q *uq, const char *wmesg, struct abs_timeout *abstime)
815 struct umtxq_chain *uc;
818 if (abstime != NULL && abstime->is_abs_real) {
819 curthread->td_rtcgen = atomic_load_acq_int(&rtc_generation);
820 abs_timeout_update(abstime);
823 uc = umtxq_getchain(&uq->uq_key);
824 UMTXQ_LOCKED_ASSERT(uc);
826 if (!(uq->uq_flags & UQF_UMTXQ)) {
830 if (abstime != NULL) {
831 timo = abs_timeout_gethz(abstime);
838 error = msleep(uq, &uc->uc_lock, PCATCH | PDROP, wmesg, timo);
839 if (error == EINTR || error == ERESTART) {
840 umtxq_lock(&uq->uq_key);
843 if (abstime != NULL) {
844 if (abstime->is_abs_real)
845 curthread->td_rtcgen =
846 atomic_load_acq_int(&rtc_generation);
847 abs_timeout_update(abstime);
849 umtxq_lock(&uq->uq_key);
852 curthread->td_rtcgen = 0;
857 * Convert userspace address into unique logical address.
860 umtx_key_get(const void *addr, int type, int share, struct umtx_key *key)
862 struct thread *td = curthread;
864 vm_map_entry_t entry;
870 if (share == THREAD_SHARE) {
872 key->info.private.vs = td->td_proc->p_vmspace;
873 key->info.private.addr = (uintptr_t)addr;
875 MPASS(share == PROCESS_SHARE || share == AUTO_SHARE);
876 map = &td->td_proc->p_vmspace->vm_map;
877 if (vm_map_lookup(&map, (vm_offset_t)addr, VM_PROT_WRITE,
878 &entry, &key->info.shared.object, &pindex, &prot,
879 &wired) != KERN_SUCCESS) {
883 if ((share == PROCESS_SHARE) ||
884 (share == AUTO_SHARE &&
885 VM_INHERIT_SHARE == entry->inheritance)) {
887 key->info.shared.offset = (vm_offset_t)addr -
888 entry->start + entry->offset;
889 vm_object_reference(key->info.shared.object);
892 key->info.private.vs = td->td_proc->p_vmspace;
893 key->info.private.addr = (uintptr_t)addr;
895 vm_map_lookup_done(map, entry);
906 umtx_key_release(struct umtx_key *key)
909 vm_object_deallocate(key->info.shared.object);
912 #ifdef COMPAT_FREEBSD10
914 * Lock a umtx object.
917 do_lock_umtx(struct thread *td, struct umtx *umtx, u_long id,
918 const struct timespec *timeout)
920 struct abs_timeout timo;
928 abs_timeout_init(&timo, CLOCK_REALTIME, 0, timeout);
931 * Care must be exercised when dealing with umtx structure. It
932 * can fault on any access.
936 * Try the uncontested case. This should be done in userland.
938 owner = casuword(&umtx->u_owner, UMTX_UNOWNED, id);
940 /* The acquire succeeded. */
941 if (owner == UMTX_UNOWNED)
944 /* The address was invalid. */
948 /* If no one owns it but it is contested try to acquire it. */
949 if (owner == UMTX_CONTESTED) {
950 owner = casuword(&umtx->u_owner,
951 UMTX_CONTESTED, id | UMTX_CONTESTED);
953 if (owner == UMTX_CONTESTED)
956 /* The address was invalid. */
960 error = thread_check_susp(td, false);
964 /* If this failed the lock has changed, restart. */
969 * If we caught a signal, we have retried and now
975 if ((error = umtx_key_get(umtx, TYPE_SIMPLE_LOCK,
976 AUTO_SHARE, &uq->uq_key)) != 0)
979 umtxq_lock(&uq->uq_key);
980 umtxq_busy(&uq->uq_key);
982 umtxq_unbusy(&uq->uq_key);
983 umtxq_unlock(&uq->uq_key);
986 * Set the contested bit so that a release in user space
987 * knows to use the system call for unlock. If this fails
988 * either some one else has acquired the lock or it has been
991 old = casuword(&umtx->u_owner, owner, owner | UMTX_CONTESTED);
993 /* The address was invalid. */
995 umtxq_lock(&uq->uq_key);
997 umtxq_unlock(&uq->uq_key);
998 umtx_key_release(&uq->uq_key);
1003 * We set the contested bit, sleep. Otherwise the lock changed
1004 * and we need to retry or we lost a race to the thread
1005 * unlocking the umtx.
1007 umtxq_lock(&uq->uq_key);
1009 error = umtxq_sleep(uq, "umtx", timeout == NULL ? NULL :
1012 umtxq_unlock(&uq->uq_key);
1013 umtx_key_release(&uq->uq_key);
1016 error = thread_check_susp(td, false);
1019 if (timeout == NULL) {
1020 /* Mutex locking is restarted if it is interrupted. */
1024 /* Timed-locking is not restarted. */
1025 if (error == ERESTART)
1032 * Unlock a umtx object.
1035 do_unlock_umtx(struct thread *td, struct umtx *umtx, u_long id)
1037 struct umtx_key key;
1044 * Make sure we own this mtx.
1046 owner = fuword(__DEVOLATILE(u_long *, &umtx->u_owner));
1050 if ((owner & ~UMTX_CONTESTED) != id)
1053 /* This should be done in userland */
1054 if ((owner & UMTX_CONTESTED) == 0) {
1055 old = casuword(&umtx->u_owner, owner, UMTX_UNOWNED);
1063 /* We should only ever be in here for contested locks */
1064 if ((error = umtx_key_get(umtx, TYPE_SIMPLE_LOCK, AUTO_SHARE,
1070 count = umtxq_count(&key);
1074 * When unlocking the umtx, it must be marked as unowned if
1075 * there is zero or one thread only waiting for it.
1076 * Otherwise, it must be marked as contested.
1078 old = casuword(&umtx->u_owner, owner,
1079 count <= 1 ? UMTX_UNOWNED : UMTX_CONTESTED);
1081 umtxq_signal(&key,1);
1084 umtx_key_release(&key);
1092 #ifdef COMPAT_FREEBSD32
1095 * Lock a umtx object.
1098 do_lock_umtx32(struct thread *td, uint32_t *m, uint32_t id,
1099 const struct timespec *timeout)
1101 struct abs_timeout timo;
1109 if (timeout != NULL)
1110 abs_timeout_init(&timo, CLOCK_REALTIME, 0, timeout);
1113 * Care must be exercised when dealing with umtx structure. It
1114 * can fault on any access.
1118 * Try the uncontested case. This should be done in userland.
1120 owner = casuword32(m, UMUTEX_UNOWNED, id);
1122 /* The acquire succeeded. */
1123 if (owner == UMUTEX_UNOWNED)
1126 /* The address was invalid. */
1130 /* If no one owns it but it is contested try to acquire it. */
1131 if (owner == UMUTEX_CONTESTED) {
1132 owner = casuword32(m,
1133 UMUTEX_CONTESTED, id | UMUTEX_CONTESTED);
1134 if (owner == UMUTEX_CONTESTED)
1137 /* The address was invalid. */
1141 error = thread_check_susp(td, false);
1145 /* If this failed the lock has changed, restart. */
1150 * If we caught a signal, we have retried and now
1156 if ((error = umtx_key_get(m, TYPE_SIMPLE_LOCK,
1157 AUTO_SHARE, &uq->uq_key)) != 0)
1160 umtxq_lock(&uq->uq_key);
1161 umtxq_busy(&uq->uq_key);
1163 umtxq_unbusy(&uq->uq_key);
1164 umtxq_unlock(&uq->uq_key);
1167 * Set the contested bit so that a release in user space
1168 * knows to use the system call for unlock. If this fails
1169 * either some one else has acquired the lock or it has been
1172 old = casuword32(m, owner, owner | UMUTEX_CONTESTED);
1174 /* The address was invalid. */
1176 umtxq_lock(&uq->uq_key);
1178 umtxq_unlock(&uq->uq_key);
1179 umtx_key_release(&uq->uq_key);
1184 * We set the contested bit, sleep. Otherwise the lock changed
1185 * and we need to retry or we lost a race to the thread
1186 * unlocking the umtx.
1188 umtxq_lock(&uq->uq_key);
1190 error = umtxq_sleep(uq, "umtx", timeout == NULL ?
1193 umtxq_unlock(&uq->uq_key);
1194 umtx_key_release(&uq->uq_key);
1197 error = thread_check_susp(td, false);
1200 if (timeout == NULL) {
1201 /* Mutex locking is restarted if it is interrupted. */
1205 /* Timed-locking is not restarted. */
1206 if (error == ERESTART)
1213 * Unlock a umtx object.
1216 do_unlock_umtx32(struct thread *td, uint32_t *m, uint32_t id)
1218 struct umtx_key key;
1225 * Make sure we own this mtx.
1227 owner = fuword32(m);
1231 if ((owner & ~UMUTEX_CONTESTED) != id)
1234 /* This should be done in userland */
1235 if ((owner & UMUTEX_CONTESTED) == 0) {
1236 old = casuword32(m, owner, UMUTEX_UNOWNED);
1244 /* We should only ever be in here for contested locks */
1245 if ((error = umtx_key_get(m, TYPE_SIMPLE_LOCK, AUTO_SHARE,
1251 count = umtxq_count(&key);
1255 * When unlocking the umtx, it must be marked as unowned if
1256 * there is zero or one thread only waiting for it.
1257 * Otherwise, it must be marked as contested.
1259 old = casuword32(m, owner,
1260 count <= 1 ? UMUTEX_UNOWNED : UMUTEX_CONTESTED);
1262 umtxq_signal(&key,1);
1265 umtx_key_release(&key);
1272 #endif /* COMPAT_FREEBSD32 */
1273 #endif /* COMPAT_FREEBSD10 */
1276 * Fetch and compare value, sleep on the address if value is not changed.
1279 do_wait(struct thread *td, void *addr, u_long id,
1280 struct _umtx_time *timeout, int compat32, int is_private)
1282 struct abs_timeout timo;
1289 if ((error = umtx_key_get(addr, TYPE_SIMPLE_WAIT,
1290 is_private ? THREAD_SHARE : AUTO_SHARE, &uq->uq_key)) != 0)
1293 if (timeout != NULL)
1294 abs_timeout_init2(&timo, timeout);
1296 umtxq_lock(&uq->uq_key);
1298 umtxq_unlock(&uq->uq_key);
1299 if (compat32 == 0) {
1300 error = fueword(addr, &tmp);
1304 error = fueword32(addr, &tmp32);
1310 umtxq_lock(&uq->uq_key);
1313 error = umtxq_sleep(uq, "uwait", timeout == NULL ?
1315 if ((uq->uq_flags & UQF_UMTXQ) == 0)
1319 } else if ((uq->uq_flags & UQF_UMTXQ) != 0) {
1322 umtxq_unlock(&uq->uq_key);
1323 umtx_key_release(&uq->uq_key);
1324 if (error == ERESTART)
1330 * Wake up threads sleeping on the specified address.
1333 kern_umtx_wake(struct thread *td, void *uaddr, int n_wake, int is_private)
1335 struct umtx_key key;
1338 if ((ret = umtx_key_get(uaddr, TYPE_SIMPLE_WAIT,
1339 is_private ? THREAD_SHARE : AUTO_SHARE, &key)) != 0)
1342 umtxq_signal(&key, n_wake);
1344 umtx_key_release(&key);
1349 * Lock PTHREAD_PRIO_NONE protocol POSIX mutex.
1352 do_lock_normal(struct thread *td, struct umutex *m, uint32_t flags,
1353 struct _umtx_time *timeout, int mode)
1355 struct abs_timeout timo;
1357 uint32_t owner, old, id;
1363 if (timeout != NULL)
1364 abs_timeout_init2(&timo, timeout);
1367 * Care must be exercised when dealing with umtx structure. It
1368 * can fault on any access.
1371 rv = fueword32(&m->m_owner, &owner);
1374 if (mode == _UMUTEX_WAIT) {
1375 if (owner == UMUTEX_UNOWNED ||
1376 owner == UMUTEX_CONTESTED ||
1377 owner == UMUTEX_RB_OWNERDEAD ||
1378 owner == UMUTEX_RB_NOTRECOV)
1382 * Robust mutex terminated. Kernel duty is to
1383 * return EOWNERDEAD to the userspace. The
1384 * umutex.m_flags UMUTEX_NONCONSISTENT is set
1385 * by the common userspace code.
1387 if (owner == UMUTEX_RB_OWNERDEAD) {
1388 rv = casueword32(&m->m_owner,
1389 UMUTEX_RB_OWNERDEAD, &owner,
1390 id | UMUTEX_CONTESTED);
1394 MPASS(owner == UMUTEX_RB_OWNERDEAD);
1395 return (EOWNERDEAD); /* success */
1398 rv = thread_check_susp(td, false);
1403 if (owner == UMUTEX_RB_NOTRECOV)
1404 return (ENOTRECOVERABLE);
1407 * Try the uncontested case. This should be
1410 rv = casueword32(&m->m_owner, UMUTEX_UNOWNED,
1412 /* The address was invalid. */
1416 /* The acquire succeeded. */
1418 MPASS(owner == UMUTEX_UNOWNED);
1423 * If no one owns it but it is contested try
1427 if (owner == UMUTEX_CONTESTED) {
1428 rv = casueword32(&m->m_owner,
1429 UMUTEX_CONTESTED, &owner,
1430 id | UMUTEX_CONTESTED);
1431 /* The address was invalid. */
1435 MPASS(owner == UMUTEX_CONTESTED);
1439 rv = thread_check_susp(td, false);
1445 * If this failed the lock has
1451 /* rv == 1 but not contested, likely store failure */
1452 rv = thread_check_susp(td, false);
1457 if (mode == _UMUTEX_TRY)
1461 * If we caught a signal, we have retried and now
1467 if ((error = umtx_key_get(m, TYPE_NORMAL_UMUTEX,
1468 GET_SHARE(flags), &uq->uq_key)) != 0)
1471 umtxq_lock(&uq->uq_key);
1472 umtxq_busy(&uq->uq_key);
1474 umtxq_unlock(&uq->uq_key);
1477 * Set the contested bit so that a release in user space
1478 * knows to use the system call for unlock. If this fails
1479 * either some one else has acquired the lock or it has been
1482 rv = casueword32(&m->m_owner, owner, &old,
1483 owner | UMUTEX_CONTESTED);
1485 /* The address was invalid or casueword failed to store. */
1486 if (rv == -1 || rv == 1) {
1487 umtxq_lock(&uq->uq_key);
1489 umtxq_unbusy(&uq->uq_key);
1490 umtxq_unlock(&uq->uq_key);
1491 umtx_key_release(&uq->uq_key);
1495 rv = thread_check_susp(td, false);
1503 * We set the contested bit, sleep. Otherwise the lock changed
1504 * and we need to retry or we lost a race to the thread
1505 * unlocking the umtx.
1507 umtxq_lock(&uq->uq_key);
1508 umtxq_unbusy(&uq->uq_key);
1509 MPASS(old == owner);
1510 error = umtxq_sleep(uq, "umtxn", timeout == NULL ?
1513 umtxq_unlock(&uq->uq_key);
1514 umtx_key_release(&uq->uq_key);
1517 error = thread_check_susp(td, false);
1524 * Unlock PTHREAD_PRIO_NONE protocol POSIX mutex.
1527 do_unlock_normal(struct thread *td, struct umutex *m, uint32_t flags, bool rb)
1529 struct umtx_key key;
1530 uint32_t owner, old, id, newlock;
1537 * Make sure we own this mtx.
1539 error = fueword32(&m->m_owner, &owner);
1543 if ((owner & ~UMUTEX_CONTESTED) != id)
1546 newlock = umtx_unlock_val(flags, rb);
1547 if ((owner & UMUTEX_CONTESTED) == 0) {
1548 error = casueword32(&m->m_owner, owner, &old, newlock);
1552 error = thread_check_susp(td, false);
1557 MPASS(old == owner);
1561 /* We should only ever be in here for contested locks */
1562 if ((error = umtx_key_get(m, TYPE_NORMAL_UMUTEX, GET_SHARE(flags),
1568 count = umtxq_count(&key);
1572 * When unlocking the umtx, it must be marked as unowned if
1573 * there is zero or one thread only waiting for it.
1574 * Otherwise, it must be marked as contested.
1577 newlock |= UMUTEX_CONTESTED;
1578 error = casueword32(&m->m_owner, owner, &old, newlock);
1580 umtxq_signal(&key, 1);
1583 umtx_key_release(&key);
1589 error = thread_check_susp(td, false);
1598 * Check if the mutex is available and wake up a waiter,
1599 * only for simple mutex.
1602 do_wake_umutex(struct thread *td, struct umutex *m)
1604 struct umtx_key key;
1611 error = fueword32(&m->m_owner, &owner);
1615 if ((owner & ~UMUTEX_CONTESTED) != 0 && owner != UMUTEX_RB_OWNERDEAD &&
1616 owner != UMUTEX_RB_NOTRECOV)
1619 error = fueword32(&m->m_flags, &flags);
1623 /* We should only ever be in here for contested locks */
1624 if ((error = umtx_key_get(m, TYPE_NORMAL_UMUTEX, GET_SHARE(flags),
1630 count = umtxq_count(&key);
1633 if (count <= 1 && owner != UMUTEX_RB_OWNERDEAD &&
1634 owner != UMUTEX_RB_NOTRECOV) {
1635 error = casueword32(&m->m_owner, UMUTEX_CONTESTED, &owner,
1639 } else if (error == 1) {
1643 umtx_key_release(&key);
1644 error = thread_check_susp(td, false);
1652 if (error == 0 && count != 0) {
1653 MPASS((owner & ~UMUTEX_CONTESTED) == 0 ||
1654 owner == UMUTEX_RB_OWNERDEAD ||
1655 owner == UMUTEX_RB_NOTRECOV);
1656 umtxq_signal(&key, 1);
1660 umtx_key_release(&key);
1665 * Check if the mutex has waiters and tries to fix contention bit.
1668 do_wake2_umutex(struct thread *td, struct umutex *m, uint32_t flags)
1670 struct umtx_key key;
1671 uint32_t owner, old;
1676 switch (flags & (UMUTEX_PRIO_INHERIT | UMUTEX_PRIO_PROTECT |
1680 type = TYPE_NORMAL_UMUTEX;
1682 case UMUTEX_PRIO_INHERIT:
1683 type = TYPE_PI_UMUTEX;
1685 case (UMUTEX_PRIO_INHERIT | UMUTEX_ROBUST):
1686 type = TYPE_PI_ROBUST_UMUTEX;
1688 case UMUTEX_PRIO_PROTECT:
1689 type = TYPE_PP_UMUTEX;
1691 case (UMUTEX_PRIO_PROTECT | UMUTEX_ROBUST):
1692 type = TYPE_PP_ROBUST_UMUTEX;
1697 if ((error = umtx_key_get(m, type, GET_SHARE(flags), &key)) != 0)
1703 count = umtxq_count(&key);
1706 error = fueword32(&m->m_owner, &owner);
1711 * Only repair contention bit if there is a waiter, this means
1712 * the mutex is still being referenced by userland code,
1713 * otherwise don't update any memory.
1715 while (error == 0 && (owner & UMUTEX_CONTESTED) == 0 &&
1716 (count > 1 || (count == 1 && (owner & ~UMUTEX_CONTESTED) != 0))) {
1717 error = casueword32(&m->m_owner, owner, &old,
1718 owner | UMUTEX_CONTESTED);
1724 MPASS(old == owner);
1728 error = thread_check_susp(td, false);
1732 if (error == EFAULT) {
1733 umtxq_signal(&key, INT_MAX);
1734 } else if (count != 0 && ((owner & ~UMUTEX_CONTESTED) == 0 ||
1735 owner == UMUTEX_RB_OWNERDEAD || owner == UMUTEX_RB_NOTRECOV))
1736 umtxq_signal(&key, 1);
1739 umtx_key_release(&key);
1743 static inline struct umtx_pi *
1744 umtx_pi_alloc(int flags)
1748 pi = uma_zalloc(umtx_pi_zone, M_ZERO | flags);
1749 TAILQ_INIT(&pi->pi_blocked);
1750 atomic_add_int(&umtx_pi_allocated, 1);
1755 umtx_pi_free(struct umtx_pi *pi)
1757 uma_zfree(umtx_pi_zone, pi);
1758 atomic_add_int(&umtx_pi_allocated, -1);
1762 * Adjust the thread's position on a pi_state after its priority has been
1766 umtx_pi_adjust_thread(struct umtx_pi *pi, struct thread *td)
1768 struct umtx_q *uq, *uq1, *uq2;
1771 mtx_assert(&umtx_lock, MA_OWNED);
1778 * Check if the thread needs to be moved on the blocked chain.
1779 * It needs to be moved if either its priority is lower than
1780 * the previous thread or higher than the next thread.
1782 uq1 = TAILQ_PREV(uq, umtxq_head, uq_lockq);
1783 uq2 = TAILQ_NEXT(uq, uq_lockq);
1784 if ((uq1 != NULL && UPRI(td) < UPRI(uq1->uq_thread)) ||
1785 (uq2 != NULL && UPRI(td) > UPRI(uq2->uq_thread))) {
1787 * Remove thread from blocked chain and determine where
1788 * it should be moved to.
1790 TAILQ_REMOVE(&pi->pi_blocked, uq, uq_lockq);
1791 TAILQ_FOREACH(uq1, &pi->pi_blocked, uq_lockq) {
1792 td1 = uq1->uq_thread;
1793 MPASS(td1->td_proc->p_magic == P_MAGIC);
1794 if (UPRI(td1) > UPRI(td))
1799 TAILQ_INSERT_TAIL(&pi->pi_blocked, uq, uq_lockq);
1801 TAILQ_INSERT_BEFORE(uq1, uq, uq_lockq);
1806 static struct umtx_pi *
1807 umtx_pi_next(struct umtx_pi *pi)
1809 struct umtx_q *uq_owner;
1811 if (pi->pi_owner == NULL)
1813 uq_owner = pi->pi_owner->td_umtxq;
1814 if (uq_owner == NULL)
1816 return (uq_owner->uq_pi_blocked);
1820 * Floyd's Cycle-Finding Algorithm.
1823 umtx_pi_check_loop(struct umtx_pi *pi)
1825 struct umtx_pi *pi1; /* fast iterator */
1827 mtx_assert(&umtx_lock, MA_OWNED);
1832 pi = umtx_pi_next(pi);
1835 pi1 = umtx_pi_next(pi1);
1838 pi1 = umtx_pi_next(pi1);
1848 * Propagate priority when a thread is blocked on POSIX
1852 umtx_propagate_priority(struct thread *td)
1858 mtx_assert(&umtx_lock, MA_OWNED);
1861 pi = uq->uq_pi_blocked;
1864 if (umtx_pi_check_loop(pi))
1869 if (td == NULL || td == curthread)
1872 MPASS(td->td_proc != NULL);
1873 MPASS(td->td_proc->p_magic == P_MAGIC);
1876 if (td->td_lend_user_pri > pri)
1877 sched_lend_user_prio(td, pri);
1885 * Pick up the lock that td is blocked on.
1888 pi = uq->uq_pi_blocked;
1891 /* Resort td on the list if needed. */
1892 umtx_pi_adjust_thread(pi, td);
1897 * Unpropagate priority for a PI mutex when a thread blocked on
1898 * it is interrupted by signal or resumed by others.
1901 umtx_repropagate_priority(struct umtx_pi *pi)
1903 struct umtx_q *uq, *uq_owner;
1904 struct umtx_pi *pi2;
1907 mtx_assert(&umtx_lock, MA_OWNED);
1909 if (umtx_pi_check_loop(pi))
1911 while (pi != NULL && pi->pi_owner != NULL) {
1913 uq_owner = pi->pi_owner->td_umtxq;
1915 TAILQ_FOREACH(pi2, &uq_owner->uq_pi_contested, pi_link) {
1916 uq = TAILQ_FIRST(&pi2->pi_blocked);
1918 if (pri > UPRI(uq->uq_thread))
1919 pri = UPRI(uq->uq_thread);
1923 if (pri > uq_owner->uq_inherited_pri)
1924 pri = uq_owner->uq_inherited_pri;
1925 thread_lock(pi->pi_owner);
1926 sched_lend_user_prio(pi->pi_owner, pri);
1927 thread_unlock(pi->pi_owner);
1928 if ((pi = uq_owner->uq_pi_blocked) != NULL)
1929 umtx_pi_adjust_thread(pi, uq_owner->uq_thread);
1934 * Insert a PI mutex into owned list.
1937 umtx_pi_setowner(struct umtx_pi *pi, struct thread *owner)
1939 struct umtx_q *uq_owner;
1941 uq_owner = owner->td_umtxq;
1942 mtx_assert(&umtx_lock, MA_OWNED);
1943 MPASS(pi->pi_owner == NULL);
1944 pi->pi_owner = owner;
1945 TAILQ_INSERT_TAIL(&uq_owner->uq_pi_contested, pi, pi_link);
1949 * Disown a PI mutex, and remove it from the owned list.
1952 umtx_pi_disown(struct umtx_pi *pi)
1955 mtx_assert(&umtx_lock, MA_OWNED);
1956 TAILQ_REMOVE(&pi->pi_owner->td_umtxq->uq_pi_contested, pi, pi_link);
1957 pi->pi_owner = NULL;
1961 * Claim ownership of a PI mutex.
1964 umtx_pi_claim(struct umtx_pi *pi, struct thread *owner)
1969 mtx_lock(&umtx_lock);
1970 if (pi->pi_owner == owner) {
1971 mtx_unlock(&umtx_lock);
1975 if (pi->pi_owner != NULL) {
1977 * userland may have already messed the mutex, sigh.
1979 mtx_unlock(&umtx_lock);
1982 umtx_pi_setowner(pi, owner);
1983 uq = TAILQ_FIRST(&pi->pi_blocked);
1985 pri = UPRI(uq->uq_thread);
1987 if (pri < UPRI(owner))
1988 sched_lend_user_prio(owner, pri);
1989 thread_unlock(owner);
1991 mtx_unlock(&umtx_lock);
1996 * Adjust a thread's order position in its blocked PI mutex,
1997 * this may result new priority propagating process.
2000 umtx_pi_adjust(struct thread *td, u_char oldpri)
2006 mtx_lock(&umtx_lock);
2008 * Pick up the lock that td is blocked on.
2010 pi = uq->uq_pi_blocked;
2012 umtx_pi_adjust_thread(pi, td);
2013 umtx_repropagate_priority(pi);
2015 mtx_unlock(&umtx_lock);
2019 * Sleep on a PI mutex.
2022 umtxq_sleep_pi(struct umtx_q *uq, struct umtx_pi *pi, uint32_t owner,
2023 const char *wmesg, struct abs_timeout *timo, bool shared)
2025 struct thread *td, *td1;
2029 struct umtxq_chain *uc;
2031 uc = umtxq_getchain(&pi->pi_key);
2035 KASSERT(td == curthread, ("inconsistent uq_thread"));
2036 UMTXQ_LOCKED_ASSERT(umtxq_getchain(&uq->uq_key));
2037 KASSERT(uc->uc_busy != 0, ("umtx chain is not busy"));
2039 mtx_lock(&umtx_lock);
2040 if (pi->pi_owner == NULL) {
2041 mtx_unlock(&umtx_lock);
2042 td1 = tdfind(owner, shared ? -1 : td->td_proc->p_pid);
2043 mtx_lock(&umtx_lock);
2045 if (pi->pi_owner == NULL)
2046 umtx_pi_setowner(pi, td1);
2047 PROC_UNLOCK(td1->td_proc);
2051 TAILQ_FOREACH(uq1, &pi->pi_blocked, uq_lockq) {
2052 pri = UPRI(uq1->uq_thread);
2058 TAILQ_INSERT_BEFORE(uq1, uq, uq_lockq);
2060 TAILQ_INSERT_TAIL(&pi->pi_blocked, uq, uq_lockq);
2062 uq->uq_pi_blocked = pi;
2064 td->td_flags |= TDF_UPIBLOCKED;
2066 umtx_propagate_priority(td);
2067 mtx_unlock(&umtx_lock);
2068 umtxq_unbusy(&uq->uq_key);
2070 error = umtxq_sleep(uq, wmesg, timo);
2073 mtx_lock(&umtx_lock);
2074 uq->uq_pi_blocked = NULL;
2076 td->td_flags &= ~TDF_UPIBLOCKED;
2078 TAILQ_REMOVE(&pi->pi_blocked, uq, uq_lockq);
2079 umtx_repropagate_priority(pi);
2080 mtx_unlock(&umtx_lock);
2081 umtxq_unlock(&uq->uq_key);
2087 * Add reference count for a PI mutex.
2090 umtx_pi_ref(struct umtx_pi *pi)
2093 UMTXQ_LOCKED_ASSERT(umtxq_getchain(&pi->pi_key));
2098 * Decrease reference count for a PI mutex, if the counter
2099 * is decreased to zero, its memory space is freed.
2102 umtx_pi_unref(struct umtx_pi *pi)
2104 struct umtxq_chain *uc;
2106 uc = umtxq_getchain(&pi->pi_key);
2107 UMTXQ_LOCKED_ASSERT(uc);
2108 KASSERT(pi->pi_refcount > 0, ("invalid reference count"));
2109 if (--pi->pi_refcount == 0) {
2110 mtx_lock(&umtx_lock);
2111 if (pi->pi_owner != NULL)
2113 KASSERT(TAILQ_EMPTY(&pi->pi_blocked),
2114 ("blocked queue not empty"));
2115 mtx_unlock(&umtx_lock);
2116 TAILQ_REMOVE(&uc->uc_pi_list, pi, pi_hashlink);
2122 * Find a PI mutex in hash table.
2124 static struct umtx_pi *
2125 umtx_pi_lookup(struct umtx_key *key)
2127 struct umtxq_chain *uc;
2130 uc = umtxq_getchain(key);
2131 UMTXQ_LOCKED_ASSERT(uc);
2133 TAILQ_FOREACH(pi, &uc->uc_pi_list, pi_hashlink) {
2134 if (umtx_key_match(&pi->pi_key, key)) {
2142 * Insert a PI mutex into hash table.
2145 umtx_pi_insert(struct umtx_pi *pi)
2147 struct umtxq_chain *uc;
2149 uc = umtxq_getchain(&pi->pi_key);
2150 UMTXQ_LOCKED_ASSERT(uc);
2151 TAILQ_INSERT_TAIL(&uc->uc_pi_list, pi, pi_hashlink);
2158 do_lock_pi(struct thread *td, struct umutex *m, uint32_t flags,
2159 struct _umtx_time *timeout, int try)
2161 struct abs_timeout timo;
2163 struct umtx_pi *pi, *new_pi;
2164 uint32_t id, old_owner, owner, old;
2170 if ((error = umtx_key_get(m, (flags & UMUTEX_ROBUST) != 0 ?
2171 TYPE_PI_ROBUST_UMUTEX : TYPE_PI_UMUTEX, GET_SHARE(flags),
2175 if (timeout != NULL)
2176 abs_timeout_init2(&timo, timeout);
2178 umtxq_lock(&uq->uq_key);
2179 pi = umtx_pi_lookup(&uq->uq_key);
2181 new_pi = umtx_pi_alloc(M_NOWAIT);
2182 if (new_pi == NULL) {
2183 umtxq_unlock(&uq->uq_key);
2184 new_pi = umtx_pi_alloc(M_WAITOK);
2185 umtxq_lock(&uq->uq_key);
2186 pi = umtx_pi_lookup(&uq->uq_key);
2188 umtx_pi_free(new_pi);
2192 if (new_pi != NULL) {
2193 new_pi->pi_key = uq->uq_key;
2194 umtx_pi_insert(new_pi);
2199 umtxq_unlock(&uq->uq_key);
2202 * Care must be exercised when dealing with umtx structure. It
2203 * can fault on any access.
2207 * Try the uncontested case. This should be done in userland.
2209 rv = casueword32(&m->m_owner, UMUTEX_UNOWNED, &owner, id);
2210 /* The address was invalid. */
2215 /* The acquire succeeded. */
2217 MPASS(owner == UMUTEX_UNOWNED);
2222 if (owner == UMUTEX_RB_NOTRECOV) {
2223 error = ENOTRECOVERABLE;
2228 * Nobody owns it, but the acquire failed. This can happen
2229 * with ll/sc atomics.
2231 if (owner == UMUTEX_UNOWNED) {
2232 error = thread_check_susp(td, true);
2239 * Avoid overwriting a possible error from sleep due
2240 * to the pending signal with suspension check result.
2243 error = thread_check_susp(td, true);
2248 /* If no one owns it but it is contested try to acquire it. */
2249 if (owner == UMUTEX_CONTESTED || owner == UMUTEX_RB_OWNERDEAD) {
2251 rv = casueword32(&m->m_owner, owner, &owner,
2252 id | UMUTEX_CONTESTED);
2253 /* The address was invalid. */
2260 error = thread_check_susp(td, true);
2266 * If this failed the lock could
2273 MPASS(owner == old_owner);
2274 umtxq_lock(&uq->uq_key);
2275 umtxq_busy(&uq->uq_key);
2276 error = umtx_pi_claim(pi, td);
2277 umtxq_unbusy(&uq->uq_key);
2278 umtxq_unlock(&uq->uq_key);
2281 * Since we're going to return an
2282 * error, restore the m_owner to its
2283 * previous, unowned state to avoid
2284 * compounding the problem.
2286 (void)casuword32(&m->m_owner,
2287 id | UMUTEX_CONTESTED, old_owner);
2289 if (error == 0 && old_owner == UMUTEX_RB_OWNERDEAD)
2294 if ((owner & ~UMUTEX_CONTESTED) == id) {
2305 * If we caught a signal, we have retried and now
2311 umtxq_lock(&uq->uq_key);
2312 umtxq_busy(&uq->uq_key);
2313 umtxq_unlock(&uq->uq_key);
2316 * Set the contested bit so that a release in user space
2317 * knows to use the system call for unlock. If this fails
2318 * either some one else has acquired the lock or it has been
2321 rv = casueword32(&m->m_owner, owner, &old, owner |
2324 /* The address was invalid. */
2326 umtxq_unbusy_unlocked(&uq->uq_key);
2331 umtxq_unbusy_unlocked(&uq->uq_key);
2332 error = thread_check_susp(td, true);
2337 * The lock changed and we need to retry or we
2338 * lost a race to the thread unlocking the
2339 * umtx. Note that the UMUTEX_RB_OWNERDEAD
2340 * value for owner is impossible there.
2345 umtxq_lock(&uq->uq_key);
2347 /* We set the contested bit, sleep. */
2348 MPASS(old == owner);
2349 error = umtxq_sleep_pi(uq, pi, owner & ~UMUTEX_CONTESTED,
2350 "umtxpi", timeout == NULL ? NULL : &timo,
2351 (flags & USYNC_PROCESS_SHARED) != 0);
2355 error = thread_check_susp(td, false);
2360 umtxq_lock(&uq->uq_key);
2362 umtxq_unlock(&uq->uq_key);
2364 umtx_key_release(&uq->uq_key);
2369 * Unlock a PI mutex.
2372 do_unlock_pi(struct thread *td, struct umutex *m, uint32_t flags, bool rb)
2374 struct umtx_key key;
2375 struct umtx_q *uq_first, *uq_first2, *uq_me;
2376 struct umtx_pi *pi, *pi2;
2377 uint32_t id, new_owner, old, owner;
2378 int count, error, pri;
2384 * Make sure we own this mtx.
2386 error = fueword32(&m->m_owner, &owner);
2390 if ((owner & ~UMUTEX_CONTESTED) != id)
2393 new_owner = umtx_unlock_val(flags, rb);
2395 /* This should be done in userland */
2396 if ((owner & UMUTEX_CONTESTED) == 0) {
2397 error = casueword32(&m->m_owner, owner, &old, new_owner);
2401 error = thread_check_susp(td, true);
2411 /* We should only ever be in here for contested locks */
2412 if ((error = umtx_key_get(m, (flags & UMUTEX_ROBUST) != 0 ?
2413 TYPE_PI_ROBUST_UMUTEX : TYPE_PI_UMUTEX, GET_SHARE(flags),
2419 count = umtxq_count_pi(&key, &uq_first);
2420 if (uq_first != NULL) {
2421 mtx_lock(&umtx_lock);
2422 pi = uq_first->uq_pi_blocked;
2423 KASSERT(pi != NULL, ("pi == NULL?"));
2424 if (pi->pi_owner != td && !(rb && pi->pi_owner == NULL)) {
2425 mtx_unlock(&umtx_lock);
2428 umtx_key_release(&key);
2429 /* userland messed the mutex */
2432 uq_me = td->td_umtxq;
2433 if (pi->pi_owner == td)
2435 /* get highest priority thread which is still sleeping. */
2436 uq_first = TAILQ_FIRST(&pi->pi_blocked);
2437 while (uq_first != NULL &&
2438 (uq_first->uq_flags & UQF_UMTXQ) == 0) {
2439 uq_first = TAILQ_NEXT(uq_first, uq_lockq);
2442 TAILQ_FOREACH(pi2, &uq_me->uq_pi_contested, pi_link) {
2443 uq_first2 = TAILQ_FIRST(&pi2->pi_blocked);
2444 if (uq_first2 != NULL) {
2445 if (pri > UPRI(uq_first2->uq_thread))
2446 pri = UPRI(uq_first2->uq_thread);
2450 sched_lend_user_prio(td, pri);
2452 mtx_unlock(&umtx_lock);
2454 umtxq_signal_thread(uq_first);
2456 pi = umtx_pi_lookup(&key);
2458 * A umtx_pi can exist if a signal or timeout removed the
2459 * last waiter from the umtxq, but there is still
2460 * a thread in do_lock_pi() holding the umtx_pi.
2464 * The umtx_pi can be unowned, such as when a thread
2465 * has just entered do_lock_pi(), allocated the
2466 * umtx_pi, and unlocked the umtxq.
2467 * If the current thread owns it, it must disown it.
2469 mtx_lock(&umtx_lock);
2470 if (pi->pi_owner == td)
2472 mtx_unlock(&umtx_lock);
2478 * When unlocking the umtx, it must be marked as unowned if
2479 * there is zero or one thread only waiting for it.
2480 * Otherwise, it must be marked as contested.
2484 new_owner |= UMUTEX_CONTESTED;
2486 error = casueword32(&m->m_owner, owner, &old, new_owner);
2488 error = thread_check_susp(td, false);
2492 umtxq_unbusy_unlocked(&key);
2493 umtx_key_release(&key);
2496 if (error == 0 && old != owner)
2505 do_lock_pp(struct thread *td, struct umutex *m, uint32_t flags,
2506 struct _umtx_time *timeout, int try)
2508 struct abs_timeout timo;
2509 struct umtx_q *uq, *uq2;
2513 int error, pri, old_inherited_pri, su, rv;
2517 if ((error = umtx_key_get(m, (flags & UMUTEX_ROBUST) != 0 ?
2518 TYPE_PP_ROBUST_UMUTEX : TYPE_PP_UMUTEX, GET_SHARE(flags),
2522 if (timeout != NULL)
2523 abs_timeout_init2(&timo, timeout);
2525 su = (priv_check(td, PRIV_SCHED_RTPRIO) == 0);
2527 old_inherited_pri = uq->uq_inherited_pri;
2528 umtxq_lock(&uq->uq_key);
2529 umtxq_busy(&uq->uq_key);
2530 umtxq_unlock(&uq->uq_key);
2532 rv = fueword32(&m->m_ceilings[0], &ceiling);
2537 ceiling = RTP_PRIO_MAX - ceiling;
2538 if (ceiling > RTP_PRIO_MAX) {
2543 mtx_lock(&umtx_lock);
2544 if (UPRI(td) < PRI_MIN_REALTIME + ceiling) {
2545 mtx_unlock(&umtx_lock);
2549 if (su && PRI_MIN_REALTIME + ceiling < uq->uq_inherited_pri) {
2550 uq->uq_inherited_pri = PRI_MIN_REALTIME + ceiling;
2552 if (uq->uq_inherited_pri < UPRI(td))
2553 sched_lend_user_prio(td, uq->uq_inherited_pri);
2556 mtx_unlock(&umtx_lock);
2558 rv = casueword32(&m->m_owner, UMUTEX_CONTESTED, &owner,
2559 id | UMUTEX_CONTESTED);
2560 /* The address was invalid. */
2566 MPASS(owner == UMUTEX_CONTESTED);
2571 if (owner == UMUTEX_RB_OWNERDEAD) {
2572 rv = casueword32(&m->m_owner, UMUTEX_RB_OWNERDEAD,
2573 &owner, id | UMUTEX_CONTESTED);
2579 MPASS(owner == UMUTEX_RB_OWNERDEAD);
2580 error = EOWNERDEAD; /* success */
2585 * rv == 1, only check for suspension if we
2586 * did not already catched a signal. If we
2587 * get an error from the check, the same
2588 * condition is checked by the umtxq_sleep()
2589 * call below, so we should obliterate the
2590 * error to not skip the last loop iteration.
2593 error = thread_check_susp(td, false);
2602 } else if (owner == UMUTEX_RB_NOTRECOV) {
2603 error = ENOTRECOVERABLE;
2610 * If we caught a signal, we have retried and now
2616 umtxq_lock(&uq->uq_key);
2618 umtxq_unbusy(&uq->uq_key);
2619 error = umtxq_sleep(uq, "umtxpp", timeout == NULL ?
2622 umtxq_unlock(&uq->uq_key);
2624 mtx_lock(&umtx_lock);
2625 uq->uq_inherited_pri = old_inherited_pri;
2627 TAILQ_FOREACH(pi, &uq->uq_pi_contested, pi_link) {
2628 uq2 = TAILQ_FIRST(&pi->pi_blocked);
2630 if (pri > UPRI(uq2->uq_thread))
2631 pri = UPRI(uq2->uq_thread);
2634 if (pri > uq->uq_inherited_pri)
2635 pri = uq->uq_inherited_pri;
2637 sched_lend_user_prio(td, pri);
2639 mtx_unlock(&umtx_lock);
2642 if (error != 0 && error != EOWNERDEAD) {
2643 mtx_lock(&umtx_lock);
2644 uq->uq_inherited_pri = old_inherited_pri;
2646 TAILQ_FOREACH(pi, &uq->uq_pi_contested, pi_link) {
2647 uq2 = TAILQ_FIRST(&pi->pi_blocked);
2649 if (pri > UPRI(uq2->uq_thread))
2650 pri = UPRI(uq2->uq_thread);
2653 if (pri > uq->uq_inherited_pri)
2654 pri = uq->uq_inherited_pri;
2656 sched_lend_user_prio(td, pri);
2658 mtx_unlock(&umtx_lock);
2662 umtxq_unbusy_unlocked(&uq->uq_key);
2663 umtx_key_release(&uq->uq_key);
2668 * Unlock a PP mutex.
2671 do_unlock_pp(struct thread *td, struct umutex *m, uint32_t flags, bool rb)
2673 struct umtx_key key;
2674 struct umtx_q *uq, *uq2;
2676 uint32_t id, owner, rceiling;
2677 int error, pri, new_inherited_pri, su;
2681 su = (priv_check(td, PRIV_SCHED_RTPRIO) == 0);
2684 * Make sure we own this mtx.
2686 error = fueword32(&m->m_owner, &owner);
2690 if ((owner & ~UMUTEX_CONTESTED) != id)
2693 error = copyin(&m->m_ceilings[1], &rceiling, sizeof(uint32_t));
2698 new_inherited_pri = PRI_MAX;
2700 rceiling = RTP_PRIO_MAX - rceiling;
2701 if (rceiling > RTP_PRIO_MAX)
2703 new_inherited_pri = PRI_MIN_REALTIME + rceiling;
2706 if ((error = umtx_key_get(m, (flags & UMUTEX_ROBUST) != 0 ?
2707 TYPE_PP_ROBUST_UMUTEX : TYPE_PP_UMUTEX, GET_SHARE(flags),
2714 * For priority protected mutex, always set unlocked state
2715 * to UMUTEX_CONTESTED, so that userland always enters kernel
2716 * to lock the mutex, it is necessary because thread priority
2717 * has to be adjusted for such mutex.
2719 error = suword32(&m->m_owner, umtx_unlock_val(flags, rb) |
2724 umtxq_signal(&key, 1);
2731 mtx_lock(&umtx_lock);
2733 uq->uq_inherited_pri = new_inherited_pri;
2735 TAILQ_FOREACH(pi, &uq->uq_pi_contested, pi_link) {
2736 uq2 = TAILQ_FIRST(&pi->pi_blocked);
2738 if (pri > UPRI(uq2->uq_thread))
2739 pri = UPRI(uq2->uq_thread);
2742 if (pri > uq->uq_inherited_pri)
2743 pri = uq->uq_inherited_pri;
2745 sched_lend_user_prio(td, pri);
2747 mtx_unlock(&umtx_lock);
2749 umtx_key_release(&key);
2754 do_set_ceiling(struct thread *td, struct umutex *m, uint32_t ceiling,
2755 uint32_t *old_ceiling)
2758 uint32_t flags, id, owner, save_ceiling;
2761 error = fueword32(&m->m_flags, &flags);
2764 if ((flags & UMUTEX_PRIO_PROTECT) == 0)
2766 if (ceiling > RTP_PRIO_MAX)
2770 if ((error = umtx_key_get(m, (flags & UMUTEX_ROBUST) != 0 ?
2771 TYPE_PP_ROBUST_UMUTEX : TYPE_PP_UMUTEX, GET_SHARE(flags),
2775 umtxq_lock(&uq->uq_key);
2776 umtxq_busy(&uq->uq_key);
2777 umtxq_unlock(&uq->uq_key);
2779 rv = fueword32(&m->m_ceilings[0], &save_ceiling);
2785 rv = casueword32(&m->m_owner, UMUTEX_CONTESTED, &owner,
2786 id | UMUTEX_CONTESTED);
2793 MPASS(owner == UMUTEX_CONTESTED);
2794 rv = suword32(&m->m_ceilings[0], ceiling);
2795 rv1 = suword32(&m->m_owner, UMUTEX_CONTESTED);
2796 error = (rv == 0 && rv1 == 0) ? 0: EFAULT;
2800 if ((owner & ~UMUTEX_CONTESTED) == id) {
2801 rv = suword32(&m->m_ceilings[0], ceiling);
2802 error = rv == 0 ? 0 : EFAULT;
2806 if (owner == UMUTEX_RB_OWNERDEAD) {
2809 } else if (owner == UMUTEX_RB_NOTRECOV) {
2810 error = ENOTRECOVERABLE;
2815 * If we caught a signal, we have retried and now
2822 * We set the contested bit, sleep. Otherwise the lock changed
2823 * and we need to retry or we lost a race to the thread
2824 * unlocking the umtx.
2826 umtxq_lock(&uq->uq_key);
2828 umtxq_unbusy(&uq->uq_key);
2829 error = umtxq_sleep(uq, "umtxpp", NULL);
2831 umtxq_unlock(&uq->uq_key);
2833 umtxq_lock(&uq->uq_key);
2835 umtxq_signal(&uq->uq_key, INT_MAX);
2836 umtxq_unbusy(&uq->uq_key);
2837 umtxq_unlock(&uq->uq_key);
2838 umtx_key_release(&uq->uq_key);
2839 if (error == 0 && old_ceiling != NULL) {
2840 rv = suword32(old_ceiling, save_ceiling);
2841 error = rv == 0 ? 0 : EFAULT;
2847 * Lock a userland POSIX mutex.
2850 do_lock_umutex(struct thread *td, struct umutex *m,
2851 struct _umtx_time *timeout, int mode)
2856 error = fueword32(&m->m_flags, &flags);
2860 switch (flags & (UMUTEX_PRIO_INHERIT | UMUTEX_PRIO_PROTECT)) {
2862 error = do_lock_normal(td, m, flags, timeout, mode);
2864 case UMUTEX_PRIO_INHERIT:
2865 error = do_lock_pi(td, m, flags, timeout, mode);
2867 case UMUTEX_PRIO_PROTECT:
2868 error = do_lock_pp(td, m, flags, timeout, mode);
2873 if (timeout == NULL) {
2874 if (error == EINTR && mode != _UMUTEX_WAIT)
2877 /* Timed-locking is not restarted. */
2878 if (error == ERESTART)
2885 * Unlock a userland POSIX mutex.
2888 do_unlock_umutex(struct thread *td, struct umutex *m, bool rb)
2893 error = fueword32(&m->m_flags, &flags);
2897 switch (flags & (UMUTEX_PRIO_INHERIT | UMUTEX_PRIO_PROTECT)) {
2899 return (do_unlock_normal(td, m, flags, rb));
2900 case UMUTEX_PRIO_INHERIT:
2901 return (do_unlock_pi(td, m, flags, rb));
2902 case UMUTEX_PRIO_PROTECT:
2903 return (do_unlock_pp(td, m, flags, rb));
2910 do_cv_wait(struct thread *td, struct ucond *cv, struct umutex *m,
2911 struct timespec *timeout, u_long wflags)
2913 struct abs_timeout timo;
2915 uint32_t flags, clockid, hasw;
2919 error = fueword32(&cv->c_flags, &flags);
2922 error = umtx_key_get(cv, TYPE_CV, GET_SHARE(flags), &uq->uq_key);
2926 if ((wflags & CVWAIT_CLOCKID) != 0) {
2927 error = fueword32(&cv->c_clockid, &clockid);
2929 umtx_key_release(&uq->uq_key);
2932 if (clockid < CLOCK_REALTIME ||
2933 clockid >= CLOCK_THREAD_CPUTIME_ID) {
2934 /* hmm, only HW clock id will work. */
2935 umtx_key_release(&uq->uq_key);
2939 clockid = CLOCK_REALTIME;
2942 umtxq_lock(&uq->uq_key);
2943 umtxq_busy(&uq->uq_key);
2945 umtxq_unlock(&uq->uq_key);
2948 * Set c_has_waiters to 1 before releasing user mutex, also
2949 * don't modify cache line when unnecessary.
2951 error = fueword32(&cv->c_has_waiters, &hasw);
2952 if (error == 0 && hasw == 0)
2953 suword32(&cv->c_has_waiters, 1);
2955 umtxq_unbusy_unlocked(&uq->uq_key);
2957 error = do_unlock_umutex(td, m, false);
2959 if (timeout != NULL)
2960 abs_timeout_init(&timo, clockid, (wflags & CVWAIT_ABSTIME) != 0,
2963 umtxq_lock(&uq->uq_key);
2965 error = umtxq_sleep(uq, "ucond", timeout == NULL ?
2969 if ((uq->uq_flags & UQF_UMTXQ) == 0)
2973 * This must be timeout,interrupted by signal or
2974 * surprious wakeup, clear c_has_waiter flag when
2977 umtxq_busy(&uq->uq_key);
2978 if ((uq->uq_flags & UQF_UMTXQ) != 0) {
2979 int oldlen = uq->uq_cur_queue->length;
2982 umtxq_unlock(&uq->uq_key);
2983 suword32(&cv->c_has_waiters, 0);
2984 umtxq_lock(&uq->uq_key);
2987 umtxq_unbusy(&uq->uq_key);
2988 if (error == ERESTART)
2992 umtxq_unlock(&uq->uq_key);
2993 umtx_key_release(&uq->uq_key);
2998 * Signal a userland condition variable.
3001 do_cv_signal(struct thread *td, struct ucond *cv)
3003 struct umtx_key key;
3004 int error, cnt, nwake;
3007 error = fueword32(&cv->c_flags, &flags);
3010 if ((error = umtx_key_get(cv, TYPE_CV, GET_SHARE(flags), &key)) != 0)
3014 cnt = umtxq_count(&key);
3015 nwake = umtxq_signal(&key, 1);
3018 error = suword32(&cv->c_has_waiters, 0);
3025 umtx_key_release(&key);
3030 do_cv_broadcast(struct thread *td, struct ucond *cv)
3032 struct umtx_key key;
3036 error = fueword32(&cv->c_flags, &flags);
3039 if ((error = umtx_key_get(cv, TYPE_CV, GET_SHARE(flags), &key)) != 0)
3044 umtxq_signal(&key, INT_MAX);
3047 error = suword32(&cv->c_has_waiters, 0);
3051 umtxq_unbusy_unlocked(&key);
3053 umtx_key_release(&key);
3058 do_rw_rdlock(struct thread *td, struct urwlock *rwlock, long fflag,
3059 struct _umtx_time *timeout)
3061 struct abs_timeout timo;
3063 uint32_t flags, wrflags;
3064 int32_t state, oldstate;
3065 int32_t blocked_readers;
3066 int error, error1, rv;
3069 error = fueword32(&rwlock->rw_flags, &flags);
3072 error = umtx_key_get(rwlock, TYPE_RWLOCK, GET_SHARE(flags), &uq->uq_key);
3076 if (timeout != NULL)
3077 abs_timeout_init2(&timo, timeout);
3079 wrflags = URWLOCK_WRITE_OWNER;
3080 if (!(fflag & URWLOCK_PREFER_READER) && !(flags & URWLOCK_PREFER_READER))
3081 wrflags |= URWLOCK_WRITE_WAITERS;
3084 rv = fueword32(&rwlock->rw_state, &state);
3086 umtx_key_release(&uq->uq_key);
3090 /* try to lock it */
3091 while (!(state & wrflags)) {
3092 if (__predict_false(URWLOCK_READER_COUNT(state) ==
3093 URWLOCK_MAX_READERS)) {
3094 umtx_key_release(&uq->uq_key);
3097 rv = casueword32(&rwlock->rw_state, state,
3098 &oldstate, state + 1);
3100 umtx_key_release(&uq->uq_key);
3104 MPASS(oldstate == state);
3105 umtx_key_release(&uq->uq_key);
3108 error = thread_check_susp(td, true);
3117 /* grab monitor lock */
3118 umtxq_lock(&uq->uq_key);
3119 umtxq_busy(&uq->uq_key);
3120 umtxq_unlock(&uq->uq_key);
3123 * re-read the state, in case it changed between the try-lock above
3124 * and the check below
3126 rv = fueword32(&rwlock->rw_state, &state);
3130 /* set read contention bit */
3131 while (error == 0 && (state & wrflags) &&
3132 !(state & URWLOCK_READ_WAITERS)) {
3133 rv = casueword32(&rwlock->rw_state, state,
3134 &oldstate, state | URWLOCK_READ_WAITERS);
3140 MPASS(oldstate == state);
3144 error = thread_check_susp(td, false);
3149 umtxq_unbusy_unlocked(&uq->uq_key);
3153 /* state is changed while setting flags, restart */
3154 if (!(state & wrflags)) {
3155 umtxq_unbusy_unlocked(&uq->uq_key);
3156 error = thread_check_susp(td, true);
3164 * Contention bit is set, before sleeping, increase
3165 * read waiter count.
3167 rv = fueword32(&rwlock->rw_blocked_readers,
3170 umtxq_unbusy_unlocked(&uq->uq_key);
3174 suword32(&rwlock->rw_blocked_readers, blocked_readers+1);
3176 while (state & wrflags) {
3177 umtxq_lock(&uq->uq_key);
3179 umtxq_unbusy(&uq->uq_key);
3181 error = umtxq_sleep(uq, "urdlck", timeout == NULL ?
3184 umtxq_busy(&uq->uq_key);
3186 umtxq_unlock(&uq->uq_key);
3189 rv = fueword32(&rwlock->rw_state, &state);
3196 /* decrease read waiter count, and may clear read contention bit */
3197 rv = fueword32(&rwlock->rw_blocked_readers,
3200 umtxq_unbusy_unlocked(&uq->uq_key);
3204 suword32(&rwlock->rw_blocked_readers, blocked_readers-1);
3205 if (blocked_readers == 1) {
3206 rv = fueword32(&rwlock->rw_state, &state);
3208 umtxq_unbusy_unlocked(&uq->uq_key);
3213 rv = casueword32(&rwlock->rw_state, state,
3214 &oldstate, state & ~URWLOCK_READ_WAITERS);
3220 MPASS(oldstate == state);
3224 error1 = thread_check_susp(td, false);
3233 umtxq_unbusy_unlocked(&uq->uq_key);
3237 umtx_key_release(&uq->uq_key);
3238 if (error == ERESTART)
3244 do_rw_wrlock(struct thread *td, struct urwlock *rwlock, struct _umtx_time *timeout)
3246 struct abs_timeout timo;
3249 int32_t state, oldstate;
3250 int32_t blocked_writers;
3251 int32_t blocked_readers;
3252 int error, error1, rv;
3255 error = fueword32(&rwlock->rw_flags, &flags);
3258 error = umtx_key_get(rwlock, TYPE_RWLOCK, GET_SHARE(flags), &uq->uq_key);
3262 if (timeout != NULL)
3263 abs_timeout_init2(&timo, timeout);
3265 blocked_readers = 0;
3267 rv = fueword32(&rwlock->rw_state, &state);
3269 umtx_key_release(&uq->uq_key);
3272 while ((state & URWLOCK_WRITE_OWNER) == 0 &&
3273 URWLOCK_READER_COUNT(state) == 0) {
3274 rv = casueword32(&rwlock->rw_state, state,
3275 &oldstate, state | URWLOCK_WRITE_OWNER);
3277 umtx_key_release(&uq->uq_key);
3281 MPASS(oldstate == state);
3282 umtx_key_release(&uq->uq_key);
3286 error = thread_check_susp(td, true);
3292 if ((state & (URWLOCK_WRITE_OWNER |
3293 URWLOCK_WRITE_WAITERS)) == 0 &&
3294 blocked_readers != 0) {
3295 umtxq_lock(&uq->uq_key);
3296 umtxq_busy(&uq->uq_key);
3297 umtxq_signal_queue(&uq->uq_key, INT_MAX,
3299 umtxq_unbusy(&uq->uq_key);
3300 umtxq_unlock(&uq->uq_key);
3306 /* grab monitor lock */
3307 umtxq_lock(&uq->uq_key);
3308 umtxq_busy(&uq->uq_key);
3309 umtxq_unlock(&uq->uq_key);
3312 * Re-read the state, in case it changed between the
3313 * try-lock above and the check below.
3315 rv = fueword32(&rwlock->rw_state, &state);
3319 while (error == 0 && ((state & URWLOCK_WRITE_OWNER) ||
3320 URWLOCK_READER_COUNT(state) != 0) &&
3321 (state & URWLOCK_WRITE_WAITERS) == 0) {
3322 rv = casueword32(&rwlock->rw_state, state,
3323 &oldstate, state | URWLOCK_WRITE_WAITERS);
3329 MPASS(oldstate == state);
3333 error = thread_check_susp(td, false);
3338 umtxq_unbusy_unlocked(&uq->uq_key);
3342 if ((state & URWLOCK_WRITE_OWNER) == 0 &&
3343 URWLOCK_READER_COUNT(state) == 0) {
3344 umtxq_unbusy_unlocked(&uq->uq_key);
3345 error = thread_check_susp(td, false);
3351 rv = fueword32(&rwlock->rw_blocked_writers,
3354 umtxq_unbusy_unlocked(&uq->uq_key);
3358 suword32(&rwlock->rw_blocked_writers, blocked_writers + 1);
3360 while ((state & URWLOCK_WRITE_OWNER) ||
3361 URWLOCK_READER_COUNT(state) != 0) {
3362 umtxq_lock(&uq->uq_key);
3363 umtxq_insert_queue(uq, UMTX_EXCLUSIVE_QUEUE);
3364 umtxq_unbusy(&uq->uq_key);
3366 error = umtxq_sleep(uq, "uwrlck", timeout == NULL ?
3369 umtxq_busy(&uq->uq_key);
3370 umtxq_remove_queue(uq, UMTX_EXCLUSIVE_QUEUE);
3371 umtxq_unlock(&uq->uq_key);
3374 rv = fueword32(&rwlock->rw_state, &state);
3381 rv = fueword32(&rwlock->rw_blocked_writers,
3384 umtxq_unbusy_unlocked(&uq->uq_key);
3388 suword32(&rwlock->rw_blocked_writers, blocked_writers-1);
3389 if (blocked_writers == 1) {
3390 rv = fueword32(&rwlock->rw_state, &state);
3392 umtxq_unbusy_unlocked(&uq->uq_key);
3397 rv = casueword32(&rwlock->rw_state, state,
3398 &oldstate, state & ~URWLOCK_WRITE_WAITERS);
3404 MPASS(oldstate == state);
3408 error1 = thread_check_susp(td, false);
3410 * We are leaving the URWLOCK_WRITE_WAITERS
3411 * behind, but this should not harm the
3420 rv = fueword32(&rwlock->rw_blocked_readers,
3423 umtxq_unbusy_unlocked(&uq->uq_key);
3428 blocked_readers = 0;
3430 umtxq_unbusy_unlocked(&uq->uq_key);
3433 umtx_key_release(&uq->uq_key);
3434 if (error == ERESTART)
3440 do_rw_unlock(struct thread *td, struct urwlock *rwlock)
3444 int32_t state, oldstate;
3445 int error, rv, q, count;
3448 error = fueword32(&rwlock->rw_flags, &flags);
3451 error = umtx_key_get(rwlock, TYPE_RWLOCK, GET_SHARE(flags), &uq->uq_key);
3455 error = fueword32(&rwlock->rw_state, &state);
3460 if (state & URWLOCK_WRITE_OWNER) {
3462 rv = casueword32(&rwlock->rw_state, state,
3463 &oldstate, state & ~URWLOCK_WRITE_OWNER);
3470 if (!(oldstate & URWLOCK_WRITE_OWNER)) {
3474 error = thread_check_susp(td, true);
3480 } else if (URWLOCK_READER_COUNT(state) != 0) {
3482 rv = casueword32(&rwlock->rw_state, state,
3483 &oldstate, state - 1);
3490 if (URWLOCK_READER_COUNT(oldstate) == 0) {
3494 error = thread_check_susp(td, true);
3507 if (!(flags & URWLOCK_PREFER_READER)) {
3508 if (state & URWLOCK_WRITE_WAITERS) {
3510 q = UMTX_EXCLUSIVE_QUEUE;
3511 } else if (state & URWLOCK_READ_WAITERS) {
3513 q = UMTX_SHARED_QUEUE;
3516 if (state & URWLOCK_READ_WAITERS) {
3518 q = UMTX_SHARED_QUEUE;
3519 } else if (state & URWLOCK_WRITE_WAITERS) {
3521 q = UMTX_EXCLUSIVE_QUEUE;
3526 umtxq_lock(&uq->uq_key);
3527 umtxq_busy(&uq->uq_key);
3528 umtxq_signal_queue(&uq->uq_key, count, q);
3529 umtxq_unbusy(&uq->uq_key);
3530 umtxq_unlock(&uq->uq_key);
3533 umtx_key_release(&uq->uq_key);
3537 #if defined(COMPAT_FREEBSD9) || defined(COMPAT_FREEBSD10)
3539 do_sem_wait(struct thread *td, struct _usem *sem, struct _umtx_time *timeout)
3541 struct abs_timeout timo;
3543 uint32_t flags, count, count1;
3547 error = fueword32(&sem->_flags, &flags);
3550 error = umtx_key_get(sem, TYPE_SEM, GET_SHARE(flags), &uq->uq_key);
3554 if (timeout != NULL)
3555 abs_timeout_init2(&timo, timeout);
3558 umtxq_lock(&uq->uq_key);
3559 umtxq_busy(&uq->uq_key);
3561 umtxq_unlock(&uq->uq_key);
3562 rv = casueword32(&sem->_has_waiters, 0, &count1, 1);
3564 rv1 = fueword32(&sem->_count, &count);
3565 if (rv == -1 || (rv == 0 && (rv1 == -1 || count != 0)) ||
3566 (rv == 1 && count1 == 0)) {
3567 umtxq_lock(&uq->uq_key);
3568 umtxq_unbusy(&uq->uq_key);
3570 umtxq_unlock(&uq->uq_key);
3572 rv = thread_check_susp(td, true);
3580 error = rv == -1 ? EFAULT : 0;
3583 umtxq_lock(&uq->uq_key);
3584 umtxq_unbusy(&uq->uq_key);
3586 error = umtxq_sleep(uq, "usem", timeout == NULL ? NULL : &timo);
3588 if ((uq->uq_flags & UQF_UMTXQ) == 0)
3592 /* A relative timeout cannot be restarted. */
3593 if (error == ERESTART && timeout != NULL &&
3594 (timeout->_flags & UMTX_ABSTIME) == 0)
3597 umtxq_unlock(&uq->uq_key);
3599 umtx_key_release(&uq->uq_key);
3604 * Signal a userland semaphore.
3607 do_sem_wake(struct thread *td, struct _usem *sem)
3609 struct umtx_key key;
3613 error = fueword32(&sem->_flags, &flags);
3616 if ((error = umtx_key_get(sem, TYPE_SEM, GET_SHARE(flags), &key)) != 0)
3620 cnt = umtxq_count(&key);
3623 * Check if count is greater than 0, this means the memory is
3624 * still being referenced by user code, so we can safely
3625 * update _has_waiters flag.
3629 error = suword32(&sem->_has_waiters, 0);
3634 umtxq_signal(&key, 1);
3638 umtx_key_release(&key);
3644 do_sem2_wait(struct thread *td, struct _usem2 *sem, struct _umtx_time *timeout)
3646 struct abs_timeout timo;
3648 uint32_t count, flags;
3652 flags = fuword32(&sem->_flags);
3653 if (timeout != NULL)
3654 abs_timeout_init2(&timo, timeout);
3657 error = umtx_key_get(sem, TYPE_SEM, GET_SHARE(flags), &uq->uq_key);
3660 umtxq_lock(&uq->uq_key);
3661 umtxq_busy(&uq->uq_key);
3663 umtxq_unlock(&uq->uq_key);
3664 rv = fueword32(&sem->_count, &count);
3666 umtxq_lock(&uq->uq_key);
3667 umtxq_unbusy(&uq->uq_key);
3669 umtxq_unlock(&uq->uq_key);
3670 umtx_key_release(&uq->uq_key);
3674 if (USEM_COUNT(count) != 0) {
3675 umtxq_lock(&uq->uq_key);
3676 umtxq_unbusy(&uq->uq_key);
3678 umtxq_unlock(&uq->uq_key);
3679 umtx_key_release(&uq->uq_key);
3682 if (count == USEM_HAS_WAITERS)
3684 rv = casueword32(&sem->_count, 0, &count, USEM_HAS_WAITERS);
3687 umtxq_lock(&uq->uq_key);
3688 umtxq_unbusy(&uq->uq_key);
3690 umtxq_unlock(&uq->uq_key);
3691 umtx_key_release(&uq->uq_key);
3694 rv = thread_check_susp(td, true);
3699 umtxq_lock(&uq->uq_key);
3700 umtxq_unbusy(&uq->uq_key);
3702 error = umtxq_sleep(uq, "usem", timeout == NULL ? NULL : &timo);
3704 if ((uq->uq_flags & UQF_UMTXQ) == 0)
3708 if (timeout != NULL && (timeout->_flags & UMTX_ABSTIME) == 0) {
3709 /* A relative timeout cannot be restarted. */
3710 if (error == ERESTART)
3712 if (error == EINTR) {
3713 abs_timeout_update(&timo);
3714 timespecsub(&timo.end, &timo.cur,
3715 &timeout->_timeout);
3719 umtxq_unlock(&uq->uq_key);
3720 umtx_key_release(&uq->uq_key);
3725 * Signal a userland semaphore.
3728 do_sem2_wake(struct thread *td, struct _usem2 *sem)
3730 struct umtx_key key;
3732 uint32_t count, flags;
3734 rv = fueword32(&sem->_flags, &flags);
3737 if ((error = umtx_key_get(sem, TYPE_SEM, GET_SHARE(flags), &key)) != 0)
3741 cnt = umtxq_count(&key);
3744 * If this was the last sleeping thread, clear the waiters
3749 rv = fueword32(&sem->_count, &count);
3750 while (rv != -1 && count & USEM_HAS_WAITERS) {
3751 rv = casueword32(&sem->_count, count, &count,
3752 count & ~USEM_HAS_WAITERS);
3754 rv = thread_check_susp(td, true);
3767 umtxq_signal(&key, 1);
3771 umtx_key_release(&key);
3775 #ifdef COMPAT_FREEBSD10
3777 freebsd10__umtx_lock(struct thread *td, struct freebsd10__umtx_lock_args *uap)
3779 return (do_lock_umtx(td, uap->umtx, td->td_tid, 0));
3783 freebsd10__umtx_unlock(struct thread *td,
3784 struct freebsd10__umtx_unlock_args *uap)
3786 return (do_unlock_umtx(td, uap->umtx, td->td_tid));
3791 umtx_copyin_timeout(const void *uaddr, struct timespec *tsp)
3795 error = copyin(uaddr, tsp, sizeof(*tsp));
3797 if (tsp->tv_sec < 0 ||
3798 tsp->tv_nsec >= 1000000000 ||
3806 umtx_copyin_umtx_time(const void *uaddr, size_t size, struct _umtx_time *tp)
3810 if (size <= sizeof(tp->_timeout)) {
3811 tp->_clockid = CLOCK_REALTIME;
3813 error = copyin(uaddr, &tp->_timeout, sizeof(tp->_timeout));
3815 error = copyin(uaddr, tp, sizeof(*tp));
3818 if (tp->_timeout.tv_sec < 0 ||
3819 tp->_timeout.tv_nsec >= 1000000000 || tp->_timeout.tv_nsec < 0)
3825 umtx_copyin_robust_lists(const void *uaddr, size_t size,
3826 struct umtx_robust_lists_params *rb)
3829 if (size > sizeof(*rb))
3831 return (copyin(uaddr, rb, size));
3835 umtx_copyout_timeout(void *uaddr, size_t sz, struct timespec *tsp)
3839 * Should be guaranteed by the caller, sz == uaddr1 - sizeof(_umtx_time)
3840 * and we're only called if sz >= sizeof(timespec) as supplied in the
3843 KASSERT(sz >= sizeof(*tsp),
3844 ("umtx_copyops specifies incorrect sizes"));
3846 return (copyout(tsp, uaddr, sizeof(*tsp)));
3849 #ifdef COMPAT_FREEBSD10
3851 __umtx_op_lock_umtx(struct thread *td, struct _umtx_op_args *uap,
3852 const struct umtx_copyops *ops)
3854 struct timespec *ts, timeout;
3857 /* Allow a null timespec (wait forever). */
3858 if (uap->uaddr2 == NULL)
3861 error = ops->copyin_timeout(uap->uaddr2, &timeout);
3866 #ifdef COMPAT_FREEBSD32
3868 return (do_lock_umtx32(td, uap->obj, uap->val, ts));
3870 return (do_lock_umtx(td, uap->obj, uap->val, ts));
3874 __umtx_op_unlock_umtx(struct thread *td, struct _umtx_op_args *uap,
3875 const struct umtx_copyops *ops)
3877 #ifdef COMPAT_FREEBSD32
3879 return (do_unlock_umtx32(td, uap->obj, uap->val));
3881 return (do_unlock_umtx(td, uap->obj, uap->val));
3883 #endif /* COMPAT_FREEBSD10 */
3885 #if !defined(COMPAT_FREEBSD10)
3887 __umtx_op_unimpl(struct thread *td __unused, struct _umtx_op_args *uap __unused,
3888 const struct umtx_copyops *ops __unused)
3890 return (EOPNOTSUPP);
3892 #endif /* COMPAT_FREEBSD10 */
3895 __umtx_op_wait(struct thread *td, struct _umtx_op_args *uap,
3896 const struct umtx_copyops *ops)
3898 struct _umtx_time timeout, *tm_p;
3901 if (uap->uaddr2 == NULL)
3904 error = ops->copyin_umtx_time(
3905 uap->uaddr2, (size_t)uap->uaddr1, &timeout);
3910 return (do_wait(td, uap->obj, uap->val, tm_p, ops->compat32, 0));
3914 __umtx_op_wait_uint(struct thread *td, struct _umtx_op_args *uap,
3915 const struct umtx_copyops *ops)
3917 struct _umtx_time timeout, *tm_p;
3920 if (uap->uaddr2 == NULL)
3923 error = ops->copyin_umtx_time(
3924 uap->uaddr2, (size_t)uap->uaddr1, &timeout);
3929 return (do_wait(td, uap->obj, uap->val, tm_p, 1, 0));
3933 __umtx_op_wait_uint_private(struct thread *td, struct _umtx_op_args *uap,
3934 const struct umtx_copyops *ops)
3936 struct _umtx_time *tm_p, timeout;
3939 if (uap->uaddr2 == NULL)
3942 error = ops->copyin_umtx_time(
3943 uap->uaddr2, (size_t)uap->uaddr1, &timeout);
3948 return (do_wait(td, uap->obj, uap->val, tm_p, 1, 1));
3952 __umtx_op_wake(struct thread *td, struct _umtx_op_args *uap,
3953 const struct umtx_copyops *ops __unused)
3956 return (kern_umtx_wake(td, uap->obj, uap->val, 0));
3959 #define BATCH_SIZE 128
3961 __umtx_op_nwake_private_native(struct thread *td, struct _umtx_op_args *uap)
3963 char *uaddrs[BATCH_SIZE], **upp;
3964 int count, error, i, pos, tocopy;
3966 upp = (char **)uap->obj;
3968 for (count = uap->val, pos = 0; count > 0; count -= tocopy,
3970 tocopy = MIN(count, BATCH_SIZE);
3971 error = copyin(upp + pos, uaddrs, tocopy * sizeof(char *));
3974 for (i = 0; i < tocopy; ++i) {
3975 kern_umtx_wake(td, uaddrs[i], INT_MAX, 1);
3983 __umtx_op_nwake_private_compat32(struct thread *td, struct _umtx_op_args *uap)
3985 uint32_t uaddrs[BATCH_SIZE], *upp;
3986 int count, error, i, pos, tocopy;
3988 upp = (uint32_t *)uap->obj;
3990 for (count = uap->val, pos = 0; count > 0; count -= tocopy,
3992 tocopy = MIN(count, BATCH_SIZE);
3993 error = copyin(upp + pos, uaddrs, tocopy * sizeof(uint32_t));
3996 for (i = 0; i < tocopy; ++i) {
3997 kern_umtx_wake(td, (void *)(uintptr_t)uaddrs[i],
4006 __umtx_op_nwake_private(struct thread *td, struct _umtx_op_args *uap,
4007 const struct umtx_copyops *ops)
4011 return (__umtx_op_nwake_private_compat32(td, uap));
4012 return (__umtx_op_nwake_private_native(td, uap));
4016 __umtx_op_wake_private(struct thread *td, struct _umtx_op_args *uap,
4017 const struct umtx_copyops *ops __unused)
4020 return (kern_umtx_wake(td, uap->obj, uap->val, 1));
4024 __umtx_op_lock_umutex(struct thread *td, struct _umtx_op_args *uap,
4025 const struct umtx_copyops *ops)
4027 struct _umtx_time *tm_p, timeout;
4030 /* Allow a null timespec (wait forever). */
4031 if (uap->uaddr2 == NULL)
4034 error = ops->copyin_umtx_time(
4035 uap->uaddr2, (size_t)uap->uaddr1, &timeout);
4040 return (do_lock_umutex(td, uap->obj, tm_p, 0));
4044 __umtx_op_trylock_umutex(struct thread *td, struct _umtx_op_args *uap,
4045 const struct umtx_copyops *ops __unused)
4048 return (do_lock_umutex(td, uap->obj, NULL, _UMUTEX_TRY));
4052 __umtx_op_wait_umutex(struct thread *td, struct _umtx_op_args *uap,
4053 const struct umtx_copyops *ops)
4055 struct _umtx_time *tm_p, timeout;
4058 /* Allow a null timespec (wait forever). */
4059 if (uap->uaddr2 == NULL)
4062 error = ops->copyin_umtx_time(
4063 uap->uaddr2, (size_t)uap->uaddr1, &timeout);
4068 return (do_lock_umutex(td, uap->obj, tm_p, _UMUTEX_WAIT));
4072 __umtx_op_wake_umutex(struct thread *td, struct _umtx_op_args *uap,
4073 const struct umtx_copyops *ops __unused)
4076 return (do_wake_umutex(td, uap->obj));
4080 __umtx_op_unlock_umutex(struct thread *td, struct _umtx_op_args *uap,
4081 const struct umtx_copyops *ops __unused)
4084 return (do_unlock_umutex(td, uap->obj, false));
4088 __umtx_op_set_ceiling(struct thread *td, struct _umtx_op_args *uap,
4089 const struct umtx_copyops *ops __unused)
4092 return (do_set_ceiling(td, uap->obj, uap->val, uap->uaddr1));
4096 __umtx_op_cv_wait(struct thread *td, struct _umtx_op_args *uap,
4097 const struct umtx_copyops *ops)
4099 struct timespec *ts, timeout;
4102 /* Allow a null timespec (wait forever). */
4103 if (uap->uaddr2 == NULL)
4106 error = ops->copyin_timeout(uap->uaddr2, &timeout);
4111 return (do_cv_wait(td, uap->obj, uap->uaddr1, ts, uap->val));
4115 __umtx_op_cv_signal(struct thread *td, struct _umtx_op_args *uap,
4116 const struct umtx_copyops *ops __unused)
4119 return (do_cv_signal(td, uap->obj));
4123 __umtx_op_cv_broadcast(struct thread *td, struct _umtx_op_args *uap,
4124 const struct umtx_copyops *ops __unused)
4127 return (do_cv_broadcast(td, uap->obj));
4131 __umtx_op_rw_rdlock(struct thread *td, struct _umtx_op_args *uap,
4132 const struct umtx_copyops *ops)
4134 struct _umtx_time timeout;
4137 /* Allow a null timespec (wait forever). */
4138 if (uap->uaddr2 == NULL) {
4139 error = do_rw_rdlock(td, uap->obj, uap->val, 0);
4141 error = ops->copyin_umtx_time(uap->uaddr2,
4142 (size_t)uap->uaddr1, &timeout);
4145 error = do_rw_rdlock(td, uap->obj, uap->val, &timeout);
4151 __umtx_op_rw_wrlock(struct thread *td, struct _umtx_op_args *uap,
4152 const struct umtx_copyops *ops)
4154 struct _umtx_time timeout;
4157 /* Allow a null timespec (wait forever). */
4158 if (uap->uaddr2 == NULL) {
4159 error = do_rw_wrlock(td, uap->obj, 0);
4161 error = ops->copyin_umtx_time(uap->uaddr2,
4162 (size_t)uap->uaddr1, &timeout);
4166 error = do_rw_wrlock(td, uap->obj, &timeout);
4172 __umtx_op_rw_unlock(struct thread *td, struct _umtx_op_args *uap,
4173 const struct umtx_copyops *ops __unused)
4176 return (do_rw_unlock(td, uap->obj));
4179 #if defined(COMPAT_FREEBSD9) || defined(COMPAT_FREEBSD10)
4181 __umtx_op_sem_wait(struct thread *td, struct _umtx_op_args *uap,
4182 const struct umtx_copyops *ops)
4184 struct _umtx_time *tm_p, timeout;
4187 /* Allow a null timespec (wait forever). */
4188 if (uap->uaddr2 == NULL)
4191 error = ops->copyin_umtx_time(
4192 uap->uaddr2, (size_t)uap->uaddr1, &timeout);
4197 return (do_sem_wait(td, uap->obj, tm_p));
4201 __umtx_op_sem_wake(struct thread *td, struct _umtx_op_args *uap,
4202 const struct umtx_copyops *ops __unused)
4205 return (do_sem_wake(td, uap->obj));
4210 __umtx_op_wake2_umutex(struct thread *td, struct _umtx_op_args *uap,
4211 const struct umtx_copyops *ops __unused)
4214 return (do_wake2_umutex(td, uap->obj, uap->val));
4218 __umtx_op_sem2_wait(struct thread *td, struct _umtx_op_args *uap,
4219 const struct umtx_copyops *ops)
4221 struct _umtx_time *tm_p, timeout;
4225 /* Allow a null timespec (wait forever). */
4226 if (uap->uaddr2 == NULL) {
4230 uasize = (size_t)uap->uaddr1;
4231 error = ops->copyin_umtx_time(uap->uaddr2, uasize, &timeout);
4236 error = do_sem2_wait(td, uap->obj, tm_p);
4237 if (error == EINTR && uap->uaddr2 != NULL &&
4238 (timeout._flags & UMTX_ABSTIME) == 0 &&
4239 uasize >= ops->umtx_time_sz + ops->timespec_sz) {
4240 error = ops->copyout_timeout(
4241 (void *)((uintptr_t)uap->uaddr2 + ops->umtx_time_sz),
4242 uasize - ops->umtx_time_sz, &timeout._timeout);
4252 __umtx_op_sem2_wake(struct thread *td, struct _umtx_op_args *uap,
4253 const struct umtx_copyops *ops __unused)
4256 return (do_sem2_wake(td, uap->obj));
4259 #define USHM_OBJ_UMTX(o) \
4260 ((struct umtx_shm_obj_list *)(&(o)->umtx_data))
4262 #define USHMF_REG_LINKED 0x0001
4263 #define USHMF_OBJ_LINKED 0x0002
4264 struct umtx_shm_reg {
4265 TAILQ_ENTRY(umtx_shm_reg) ushm_reg_link;
4266 LIST_ENTRY(umtx_shm_reg) ushm_obj_link;
4267 struct umtx_key ushm_key;
4268 struct ucred *ushm_cred;
4269 struct shmfd *ushm_obj;
4274 LIST_HEAD(umtx_shm_obj_list, umtx_shm_reg);
4275 TAILQ_HEAD(umtx_shm_reg_head, umtx_shm_reg);
4277 static uma_zone_t umtx_shm_reg_zone;
4278 static struct umtx_shm_reg_head umtx_shm_registry[UMTX_CHAINS];
4279 static struct mtx umtx_shm_lock;
4280 static struct umtx_shm_reg_head umtx_shm_reg_delfree =
4281 TAILQ_HEAD_INITIALIZER(umtx_shm_reg_delfree);
4283 static void umtx_shm_free_reg(struct umtx_shm_reg *reg);
4286 umtx_shm_reg_delfree_tq(void *context __unused, int pending __unused)
4288 struct umtx_shm_reg_head d;
4289 struct umtx_shm_reg *reg, *reg1;
4292 mtx_lock(&umtx_shm_lock);
4293 TAILQ_CONCAT(&d, &umtx_shm_reg_delfree, ushm_reg_link);
4294 mtx_unlock(&umtx_shm_lock);
4295 TAILQ_FOREACH_SAFE(reg, &d, ushm_reg_link, reg1) {
4296 TAILQ_REMOVE(&d, reg, ushm_reg_link);
4297 umtx_shm_free_reg(reg);
4301 static struct task umtx_shm_reg_delfree_task =
4302 TASK_INITIALIZER(0, umtx_shm_reg_delfree_tq, NULL);
4304 static struct umtx_shm_reg *
4305 umtx_shm_find_reg_locked(const struct umtx_key *key)
4307 struct umtx_shm_reg *reg;
4308 struct umtx_shm_reg_head *reg_head;
4310 KASSERT(key->shared, ("umtx_p_find_rg: private key"));
4311 mtx_assert(&umtx_shm_lock, MA_OWNED);
4312 reg_head = &umtx_shm_registry[key->hash];
4313 TAILQ_FOREACH(reg, reg_head, ushm_reg_link) {
4314 KASSERT(reg->ushm_key.shared,
4315 ("non-shared key on reg %p %d", reg, reg->ushm_key.shared));
4316 if (reg->ushm_key.info.shared.object ==
4317 key->info.shared.object &&
4318 reg->ushm_key.info.shared.offset ==
4319 key->info.shared.offset) {
4320 KASSERT(reg->ushm_key.type == TYPE_SHM, ("TYPE_USHM"));
4321 KASSERT(reg->ushm_refcnt > 0,
4322 ("reg %p refcnt 0 onlist", reg));
4323 KASSERT((reg->ushm_flags & USHMF_REG_LINKED) != 0,
4324 ("reg %p not linked", reg));
4332 static struct umtx_shm_reg *
4333 umtx_shm_find_reg(const struct umtx_key *key)
4335 struct umtx_shm_reg *reg;
4337 mtx_lock(&umtx_shm_lock);
4338 reg = umtx_shm_find_reg_locked(key);
4339 mtx_unlock(&umtx_shm_lock);
4344 umtx_shm_free_reg(struct umtx_shm_reg *reg)
4347 chgumtxcnt(reg->ushm_cred->cr_ruidinfo, -1, 0);
4348 crfree(reg->ushm_cred);
4349 shm_drop(reg->ushm_obj);
4350 uma_zfree(umtx_shm_reg_zone, reg);
4354 umtx_shm_unref_reg_locked(struct umtx_shm_reg *reg, bool force)
4358 mtx_assert(&umtx_shm_lock, MA_OWNED);
4359 KASSERT(reg->ushm_refcnt > 0, ("ushm_reg %p refcnt 0", reg));
4361 res = reg->ushm_refcnt == 0;
4363 if ((reg->ushm_flags & USHMF_REG_LINKED) != 0) {
4364 TAILQ_REMOVE(&umtx_shm_registry[reg->ushm_key.hash],
4365 reg, ushm_reg_link);
4366 reg->ushm_flags &= ~USHMF_REG_LINKED;
4368 if ((reg->ushm_flags & USHMF_OBJ_LINKED) != 0) {
4369 LIST_REMOVE(reg, ushm_obj_link);
4370 reg->ushm_flags &= ~USHMF_OBJ_LINKED;
4377 umtx_shm_unref_reg(struct umtx_shm_reg *reg, bool force)
4383 object = reg->ushm_obj->shm_object;
4384 VM_OBJECT_WLOCK(object);
4385 object->flags |= OBJ_UMTXDEAD;
4386 VM_OBJECT_WUNLOCK(object);
4388 mtx_lock(&umtx_shm_lock);
4389 dofree = umtx_shm_unref_reg_locked(reg, force);
4390 mtx_unlock(&umtx_shm_lock);
4392 umtx_shm_free_reg(reg);
4396 umtx_shm_object_init(vm_object_t object)
4399 LIST_INIT(USHM_OBJ_UMTX(object));
4403 umtx_shm_object_terminated(vm_object_t object)
4405 struct umtx_shm_reg *reg, *reg1;
4408 if (LIST_EMPTY(USHM_OBJ_UMTX(object)))
4412 mtx_lock(&umtx_shm_lock);
4413 LIST_FOREACH_SAFE(reg, USHM_OBJ_UMTX(object), ushm_obj_link, reg1) {
4414 if (umtx_shm_unref_reg_locked(reg, true)) {
4415 TAILQ_INSERT_TAIL(&umtx_shm_reg_delfree, reg,
4420 mtx_unlock(&umtx_shm_lock);
4422 taskqueue_enqueue(taskqueue_thread, &umtx_shm_reg_delfree_task);
4426 umtx_shm_create_reg(struct thread *td, const struct umtx_key *key,
4427 struct umtx_shm_reg **res)
4429 struct umtx_shm_reg *reg, *reg1;
4433 reg = umtx_shm_find_reg(key);
4438 cred = td->td_ucred;
4439 if (!chgumtxcnt(cred->cr_ruidinfo, 1, lim_cur(td, RLIMIT_UMTXP)))
4441 reg = uma_zalloc(umtx_shm_reg_zone, M_WAITOK | M_ZERO);
4442 reg->ushm_refcnt = 1;
4443 bcopy(key, ®->ushm_key, sizeof(*key));
4444 reg->ushm_obj = shm_alloc(td->td_ucred, O_RDWR, false);
4445 reg->ushm_cred = crhold(cred);
4446 error = shm_dotruncate(reg->ushm_obj, PAGE_SIZE);
4448 umtx_shm_free_reg(reg);
4451 mtx_lock(&umtx_shm_lock);
4452 reg1 = umtx_shm_find_reg_locked(key);
4454 mtx_unlock(&umtx_shm_lock);
4455 umtx_shm_free_reg(reg);
4460 TAILQ_INSERT_TAIL(&umtx_shm_registry[key->hash], reg, ushm_reg_link);
4461 LIST_INSERT_HEAD(USHM_OBJ_UMTX(key->info.shared.object), reg,
4463 reg->ushm_flags = USHMF_REG_LINKED | USHMF_OBJ_LINKED;
4464 mtx_unlock(&umtx_shm_lock);
4470 umtx_shm_alive(struct thread *td, void *addr)
4473 vm_map_entry_t entry;
4480 map = &td->td_proc->p_vmspace->vm_map;
4481 res = vm_map_lookup(&map, (uintptr_t)addr, VM_PROT_READ, &entry,
4482 &object, &pindex, &prot, &wired);
4483 if (res != KERN_SUCCESS)
4488 ret = (object->flags & OBJ_UMTXDEAD) != 0 ? ENOTTY : 0;
4489 vm_map_lookup_done(map, entry);
4498 umtx_shm_reg_zone = uma_zcreate("umtx_shm", sizeof(struct umtx_shm_reg),
4499 NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, 0);
4500 mtx_init(&umtx_shm_lock, "umtxshm", NULL, MTX_DEF);
4501 for (i = 0; i < nitems(umtx_shm_registry); i++)
4502 TAILQ_INIT(&umtx_shm_registry[i]);
4506 umtx_shm(struct thread *td, void *addr, u_int flags)
4508 struct umtx_key key;
4509 struct umtx_shm_reg *reg;
4513 if (__bitcount(flags & (UMTX_SHM_CREAT | UMTX_SHM_LOOKUP |
4514 UMTX_SHM_DESTROY| UMTX_SHM_ALIVE)) != 1)
4516 if ((flags & UMTX_SHM_ALIVE) != 0)
4517 return (umtx_shm_alive(td, addr));
4518 error = umtx_key_get(addr, TYPE_SHM, PROCESS_SHARE, &key);
4521 KASSERT(key.shared == 1, ("non-shared key"));
4522 if ((flags & UMTX_SHM_CREAT) != 0) {
4523 error = umtx_shm_create_reg(td, &key, ®);
4525 reg = umtx_shm_find_reg(&key);
4529 umtx_key_release(&key);
4532 KASSERT(reg != NULL, ("no reg"));
4533 if ((flags & UMTX_SHM_DESTROY) != 0) {
4534 umtx_shm_unref_reg(reg, true);
4538 error = mac_posixshm_check_open(td->td_ucred,
4539 reg->ushm_obj, FFLAGS(O_RDWR));
4542 error = shm_access(reg->ushm_obj, td->td_ucred,
4546 error = falloc_caps(td, &fp, &fd, O_CLOEXEC, NULL);
4548 shm_hold(reg->ushm_obj);
4549 finit(fp, FFLAGS(O_RDWR), DTYPE_SHM, reg->ushm_obj,
4551 td->td_retval[0] = fd;
4555 umtx_shm_unref_reg(reg, false);
4560 __umtx_op_shm(struct thread *td, struct _umtx_op_args *uap,
4561 const struct umtx_copyops *ops __unused)
4564 return (umtx_shm(td, uap->uaddr1, uap->val));
4568 __umtx_op_robust_lists(struct thread *td, struct _umtx_op_args *uap,
4569 const struct umtx_copyops *ops)
4571 struct umtx_robust_lists_params rb;
4574 if (ops->compat32) {
4575 if ((td->td_pflags2 & TDP2_COMPAT32RB) == 0 &&
4576 (td->td_rb_list != 0 || td->td_rbp_list != 0 ||
4577 td->td_rb_inact != 0))
4579 } else if ((td->td_pflags2 & TDP2_COMPAT32RB) != 0) {
4583 bzero(&rb, sizeof(rb));
4584 error = ops->copyin_robust_lists(uap->uaddr1, uap->val, &rb);
4589 td->td_pflags2 |= TDP2_COMPAT32RB;
4591 td->td_rb_list = rb.robust_list_offset;
4592 td->td_rbp_list = rb.robust_priv_list_offset;
4593 td->td_rb_inact = rb.robust_inact_offset;
4597 #if defined(__i386__) || defined(__amd64__)
4599 * Provide the standard 32-bit definitions for x86, since native/compat32 use a
4600 * 32-bit time_t there. Other architectures just need the i386 definitions
4601 * along with their standard compat32.
4603 struct timespecx32 {
4608 struct umtx_timex32 {
4609 struct timespecx32 _timeout;
4615 #define timespeci386 timespec32
4616 #define umtx_timei386 umtx_time32
4618 #else /* !__i386__ && !__amd64__ */
4619 /* 32-bit architectures can emulate i386, so define these almost everywhere. */
4620 struct timespeci386 {
4625 struct umtx_timei386 {
4626 struct timespeci386 _timeout;
4631 #if defined(__LP64__)
4632 #define timespecx32 timespec32
4633 #define umtx_timex32 umtx_time32
4638 umtx_copyin_robust_lists32(const void *uaddr, size_t size,
4639 struct umtx_robust_lists_params *rbp)
4641 struct umtx_robust_lists_params_compat32 rb32;
4644 if (size > sizeof(rb32))
4646 bzero(&rb32, sizeof(rb32));
4647 error = copyin(uaddr, &rb32, size);
4650 CP(rb32, *rbp, robust_list_offset);
4651 CP(rb32, *rbp, robust_priv_list_offset);
4652 CP(rb32, *rbp, robust_inact_offset);
4658 umtx_copyin_timeouti386(const void *uaddr, struct timespec *tsp)
4660 struct timespeci386 ts32;
4663 error = copyin(uaddr, &ts32, sizeof(ts32));
4665 if (ts32.tv_sec < 0 ||
4666 ts32.tv_nsec >= 1000000000 ||
4670 CP(ts32, *tsp, tv_sec);
4671 CP(ts32, *tsp, tv_nsec);
4678 umtx_copyin_umtx_timei386(const void *uaddr, size_t size, struct _umtx_time *tp)
4680 struct umtx_timei386 t32;
4683 t32._clockid = CLOCK_REALTIME;
4685 if (size <= sizeof(t32._timeout))
4686 error = copyin(uaddr, &t32._timeout, sizeof(t32._timeout));
4688 error = copyin(uaddr, &t32, sizeof(t32));
4691 if (t32._timeout.tv_sec < 0 ||
4692 t32._timeout.tv_nsec >= 1000000000 || t32._timeout.tv_nsec < 0)
4694 TS_CP(t32, *tp, _timeout);
4695 CP(t32, *tp, _flags);
4696 CP(t32, *tp, _clockid);
4701 umtx_copyout_timeouti386(void *uaddr, size_t sz, struct timespec *tsp)
4703 struct timespeci386 remain32 = {
4704 .tv_sec = tsp->tv_sec,
4705 .tv_nsec = tsp->tv_nsec,
4709 * Should be guaranteed by the caller, sz == uaddr1 - sizeof(_umtx_time)
4710 * and we're only called if sz >= sizeof(timespec) as supplied in the
4713 KASSERT(sz >= sizeof(remain32),
4714 ("umtx_copyops specifies incorrect sizes"));
4716 return (copyout(&remain32, uaddr, sizeof(remain32)));
4718 #endif /* !__i386__ */
4720 #if defined(__i386__) || defined(__LP64__)
4722 umtx_copyin_timeoutx32(const void *uaddr, struct timespec *tsp)
4724 struct timespecx32 ts32;
4727 error = copyin(uaddr, &ts32, sizeof(ts32));
4729 if (ts32.tv_sec < 0 ||
4730 ts32.tv_nsec >= 1000000000 ||
4734 CP(ts32, *tsp, tv_sec);
4735 CP(ts32, *tsp, tv_nsec);
4742 umtx_copyin_umtx_timex32(const void *uaddr, size_t size, struct _umtx_time *tp)
4744 struct umtx_timex32 t32;
4747 t32._clockid = CLOCK_REALTIME;
4749 if (size <= sizeof(t32._timeout))
4750 error = copyin(uaddr, &t32._timeout, sizeof(t32._timeout));
4752 error = copyin(uaddr, &t32, sizeof(t32));
4755 if (t32._timeout.tv_sec < 0 ||
4756 t32._timeout.tv_nsec >= 1000000000 || t32._timeout.tv_nsec < 0)
4758 TS_CP(t32, *tp, _timeout);
4759 CP(t32, *tp, _flags);
4760 CP(t32, *tp, _clockid);
4765 umtx_copyout_timeoutx32(void *uaddr, size_t sz, struct timespec *tsp)
4767 struct timespecx32 remain32 = {
4768 .tv_sec = tsp->tv_sec,
4769 .tv_nsec = tsp->tv_nsec,
4773 * Should be guaranteed by the caller, sz == uaddr1 - sizeof(_umtx_time)
4774 * and we're only called if sz >= sizeof(timespec) as supplied in the
4777 KASSERT(sz >= sizeof(remain32),
4778 ("umtx_copyops specifies incorrect sizes"));
4780 return (copyout(&remain32, uaddr, sizeof(remain32)));
4782 #endif /* __i386__ || __LP64__ */
4784 typedef int (*_umtx_op_func)(struct thread *td, struct _umtx_op_args *uap,
4785 const struct umtx_copyops *umtx_ops);
4787 static const _umtx_op_func op_table[] = {
4788 #ifdef COMPAT_FREEBSD10
4789 [UMTX_OP_LOCK] = __umtx_op_lock_umtx,
4790 [UMTX_OP_UNLOCK] = __umtx_op_unlock_umtx,
4792 [UMTX_OP_LOCK] = __umtx_op_unimpl,
4793 [UMTX_OP_UNLOCK] = __umtx_op_unimpl,
4795 [UMTX_OP_WAIT] = __umtx_op_wait,
4796 [UMTX_OP_WAKE] = __umtx_op_wake,
4797 [UMTX_OP_MUTEX_TRYLOCK] = __umtx_op_trylock_umutex,
4798 [UMTX_OP_MUTEX_LOCK] = __umtx_op_lock_umutex,
4799 [UMTX_OP_MUTEX_UNLOCK] = __umtx_op_unlock_umutex,
4800 [UMTX_OP_SET_CEILING] = __umtx_op_set_ceiling,
4801 [UMTX_OP_CV_WAIT] = __umtx_op_cv_wait,
4802 [UMTX_OP_CV_SIGNAL] = __umtx_op_cv_signal,
4803 [UMTX_OP_CV_BROADCAST] = __umtx_op_cv_broadcast,
4804 [UMTX_OP_WAIT_UINT] = __umtx_op_wait_uint,
4805 [UMTX_OP_RW_RDLOCK] = __umtx_op_rw_rdlock,
4806 [UMTX_OP_RW_WRLOCK] = __umtx_op_rw_wrlock,
4807 [UMTX_OP_RW_UNLOCK] = __umtx_op_rw_unlock,
4808 [UMTX_OP_WAIT_UINT_PRIVATE] = __umtx_op_wait_uint_private,
4809 [UMTX_OP_WAKE_PRIVATE] = __umtx_op_wake_private,
4810 [UMTX_OP_MUTEX_WAIT] = __umtx_op_wait_umutex,
4811 [UMTX_OP_MUTEX_WAKE] = __umtx_op_wake_umutex,
4812 #if defined(COMPAT_FREEBSD9) || defined(COMPAT_FREEBSD10)
4813 [UMTX_OP_SEM_WAIT] = __umtx_op_sem_wait,
4814 [UMTX_OP_SEM_WAKE] = __umtx_op_sem_wake,
4816 [UMTX_OP_SEM_WAIT] = __umtx_op_unimpl,
4817 [UMTX_OP_SEM_WAKE] = __umtx_op_unimpl,
4819 [UMTX_OP_NWAKE_PRIVATE] = __umtx_op_nwake_private,
4820 [UMTX_OP_MUTEX_WAKE2] = __umtx_op_wake2_umutex,
4821 [UMTX_OP_SEM2_WAIT] = __umtx_op_sem2_wait,
4822 [UMTX_OP_SEM2_WAKE] = __umtx_op_sem2_wake,
4823 [UMTX_OP_SHM] = __umtx_op_shm,
4824 [UMTX_OP_ROBUST_LISTS] = __umtx_op_robust_lists,
4827 static const struct umtx_copyops umtx_native_ops = {
4828 .copyin_timeout = umtx_copyin_timeout,
4829 .copyin_umtx_time = umtx_copyin_umtx_time,
4830 .copyin_robust_lists = umtx_copyin_robust_lists,
4831 .copyout_timeout = umtx_copyout_timeout,
4832 .timespec_sz = sizeof(struct timespec),
4833 .umtx_time_sz = sizeof(struct _umtx_time),
4837 static const struct umtx_copyops umtx_native_opsi386 = {
4838 .copyin_timeout = umtx_copyin_timeouti386,
4839 .copyin_umtx_time = umtx_copyin_umtx_timei386,
4840 .copyin_robust_lists = umtx_copyin_robust_lists32,
4841 .copyout_timeout = umtx_copyout_timeouti386,
4842 .timespec_sz = sizeof(struct timespeci386),
4843 .umtx_time_sz = sizeof(struct umtx_timei386),
4848 #if defined(__i386__) || defined(__LP64__)
4849 /* i386 can emulate other 32-bit archs, too! */
4850 static const struct umtx_copyops umtx_native_opsx32 = {
4851 .copyin_timeout = umtx_copyin_timeoutx32,
4852 .copyin_umtx_time = umtx_copyin_umtx_timex32,
4853 .copyin_robust_lists = umtx_copyin_robust_lists32,
4854 .copyout_timeout = umtx_copyout_timeoutx32,
4855 .timespec_sz = sizeof(struct timespecx32),
4856 .umtx_time_sz = sizeof(struct umtx_timex32),
4860 #ifdef COMPAT_FREEBSD32
4862 #define umtx_native_ops32 umtx_native_opsi386
4864 #define umtx_native_ops32 umtx_native_opsx32
4866 #endif /* COMPAT_FREEBSD32 */
4867 #endif /* __i386__ || __LP64__ */
4869 #define UMTX_OP__FLAGS (UMTX_OP__32BIT | UMTX_OP__I386)
4872 kern__umtx_op(struct thread *td, void *obj, int op, unsigned long val,
4873 void *uaddr1, void *uaddr2, const struct umtx_copyops *ops)
4875 struct _umtx_op_args uap = {
4877 .op = op & ~UMTX_OP__FLAGS,
4883 if ((uap.op >= nitems(op_table)))
4885 return ((*op_table[uap.op])(td, &uap, ops));
4889 sys__umtx_op(struct thread *td, struct _umtx_op_args *uap)
4891 static const struct umtx_copyops *umtx_ops;
4893 umtx_ops = &umtx_native_ops;
4895 if ((uap->op & (UMTX_OP__32BIT | UMTX_OP__I386)) != 0) {
4896 if ((uap->op & UMTX_OP__I386) != 0)
4897 umtx_ops = &umtx_native_opsi386;
4899 umtx_ops = &umtx_native_opsx32;
4901 #elif !defined(__i386__)
4902 /* We consider UMTX_OP__32BIT a nop on !i386 ILP32. */
4903 if ((uap->op & UMTX_OP__I386) != 0)
4904 umtx_ops = &umtx_native_opsi386;
4906 /* Likewise, UMTX_OP__I386 is a nop on i386. */
4907 if ((uap->op & UMTX_OP__32BIT) != 0)
4908 umtx_ops = &umtx_native_opsx32;
4910 return (kern__umtx_op(td, uap->obj, uap->op, uap->val, uap->uaddr1,
4911 uap->uaddr2, umtx_ops));
4914 #ifdef COMPAT_FREEBSD32
4915 #ifdef COMPAT_FREEBSD10
4917 freebsd10_freebsd32_umtx_lock(struct thread *td,
4918 struct freebsd10_freebsd32_umtx_lock_args *uap)
4920 return (do_lock_umtx32(td, (uint32_t *)uap->umtx, td->td_tid, NULL));
4924 freebsd10_freebsd32_umtx_unlock(struct thread *td,
4925 struct freebsd10_freebsd32_umtx_unlock_args *uap)
4927 return (do_unlock_umtx32(td, (uint32_t *)uap->umtx, td->td_tid));
4929 #endif /* COMPAT_FREEBSD10 */
4932 freebsd32__umtx_op(struct thread *td, struct freebsd32__umtx_op_args *uap)
4935 return (kern__umtx_op(td, uap->obj, uap->op, uap->val, uap->uaddr,
4936 uap->uaddr2, &umtx_native_ops32));
4938 #endif /* COMPAT_FREEBSD32 */
4941 umtx_thread_init(struct thread *td)
4944 td->td_umtxq = umtxq_alloc();
4945 td->td_umtxq->uq_thread = td;
4949 umtx_thread_fini(struct thread *td)
4952 umtxq_free(td->td_umtxq);
4956 * It will be called when new thread is created, e.g fork().
4959 umtx_thread_alloc(struct thread *td)
4964 uq->uq_inherited_pri = PRI_MAX;
4966 KASSERT(uq->uq_flags == 0, ("uq_flags != 0"));
4967 KASSERT(uq->uq_thread == td, ("uq_thread != td"));
4968 KASSERT(uq->uq_pi_blocked == NULL, ("uq_pi_blocked != NULL"));
4969 KASSERT(TAILQ_EMPTY(&uq->uq_pi_contested), ("uq_pi_contested is not empty"));
4975 * Clear robust lists for all process' threads, not delaying the
4976 * cleanup to thread exit, since the relevant address space is
4977 * destroyed right now.
4980 umtx_exec(struct proc *p)
4984 KASSERT(p == curproc, ("need curproc"));
4985 KASSERT((p->p_flag & P_HADTHREADS) == 0 ||
4986 (p->p_flag & P_STOPPED_SINGLE) != 0,
4987 ("curproc must be single-threaded"));
4989 * There is no need to lock the list as only this thread can be
4992 FOREACH_THREAD_IN_PROC(p, td) {
4993 KASSERT(td == curthread ||
4994 ((td->td_flags & TDF_BOUNDARY) != 0 && TD_IS_SUSPENDED(td)),
4995 ("running thread %p %p", p, td));
4996 umtx_thread_cleanup(td);
4997 td->td_rb_list = td->td_rbp_list = td->td_rb_inact = 0;
5005 umtx_thread_exit(struct thread *td)
5008 umtx_thread_cleanup(td);
5012 umtx_read_uptr(struct thread *td, uintptr_t ptr, uintptr_t *res, bool compat32)
5019 error = fueword32((void *)ptr, &res32);
5023 error = fueword((void *)ptr, &res1);
5033 umtx_read_rb_list(struct thread *td, struct umutex *m, uintptr_t *rb_list,
5036 struct umutex32 m32;
5039 memcpy(&m32, m, sizeof(m32));
5040 *rb_list = m32.m_rb_lnk;
5042 *rb_list = m->m_rb_lnk;
5047 umtx_handle_rb(struct thread *td, uintptr_t rbp, uintptr_t *rb_list, bool inact,
5053 KASSERT(td->td_proc == curproc, ("need current vmspace"));
5054 error = copyin((void *)rbp, &m, sizeof(m));
5057 if (rb_list != NULL)
5058 umtx_read_rb_list(td, &m, rb_list, compat32);
5059 if ((m.m_flags & UMUTEX_ROBUST) == 0)
5061 if ((m.m_owner & ~UMUTEX_CONTESTED) != td->td_tid)
5062 /* inact is cleared after unlock, allow the inconsistency */
5063 return (inact ? 0 : EINVAL);
5064 return (do_unlock_umutex(td, (struct umutex *)rbp, true));
5068 umtx_cleanup_rb_list(struct thread *td, uintptr_t rb_list, uintptr_t *rb_inact,
5069 const char *name, bool compat32)
5077 error = umtx_read_uptr(td, rb_list, &rbp, compat32);
5078 for (i = 0; error == 0 && rbp != 0 && i < umtx_max_rb; i++) {
5079 if (rbp == *rb_inact) {
5084 error = umtx_handle_rb(td, rbp, &rbp, inact, compat32);
5086 if (i == umtx_max_rb && umtx_verbose_rb) {
5087 uprintf("comm %s pid %d: reached umtx %smax rb %d\n",
5088 td->td_proc->p_comm, td->td_proc->p_pid, name, umtx_max_rb);
5090 if (error != 0 && umtx_verbose_rb) {
5091 uprintf("comm %s pid %d: handling %srb error %d\n",
5092 td->td_proc->p_comm, td->td_proc->p_pid, name, error);
5097 * Clean up umtx data.
5100 umtx_thread_cleanup(struct thread *td)
5108 * Disown pi mutexes.
5112 if (uq->uq_inherited_pri != PRI_MAX ||
5113 !TAILQ_EMPTY(&uq->uq_pi_contested)) {
5114 mtx_lock(&umtx_lock);
5115 uq->uq_inherited_pri = PRI_MAX;
5116 while ((pi = TAILQ_FIRST(&uq->uq_pi_contested)) != NULL) {
5117 pi->pi_owner = NULL;
5118 TAILQ_REMOVE(&uq->uq_pi_contested, pi, pi_link);
5120 mtx_unlock(&umtx_lock);
5122 sched_lend_user_prio_cond(td, PRI_MAX);
5125 compat32 = (td->td_pflags2 & TDP2_COMPAT32RB) != 0;
5126 td->td_pflags2 &= ~TDP2_COMPAT32RB;
5128 if (td->td_rb_inact == 0 && td->td_rb_list == 0 && td->td_rbp_list == 0)
5132 * Handle terminated robust mutexes. Must be done after
5133 * robust pi disown, otherwise unlock could see unowned
5136 rb_inact = td->td_rb_inact;
5138 (void)umtx_read_uptr(td, rb_inact, &rb_inact, compat32);
5139 umtx_cleanup_rb_list(td, td->td_rb_list, &rb_inact, "", compat32);
5140 umtx_cleanup_rb_list(td, td->td_rbp_list, &rb_inact, "priv ", compat32);
5142 (void)umtx_handle_rb(td, rb_inact, NULL, true, compat32);
projects / FreeBSD / FreeBSD.git / blob