On 11/21, Ivo Sieben wrote:

Hi

2012/11/19 Oleg Nesterov [off-list ref]:

quoted

Because on a second thought I suspect this change is wrong.

Just for example, please look at kauditd_thread(). It does

        set_current_state(TASK_INTERRUPTIBLE);

        add_wait_queue(&kauditd_wait, &wait);

        if (!CONDITION)         // <-- LOAD
                schedule();

And the last LOAD can leak into the critical section protected by
wait_queue_head_t->lock, and it can be reordered with list_add()
inside this critical section. In this case we can race with wake_up()
unless it takes the same lock.

Oleg.

I agree that I should solve my problem using the waitqueue_active()
function locally. I'll abandon this patch and fix it in the
tty_ldisc.c.

But we try to understand your fault scenario: How can the LOAD leak
into the critical section? As far as we understand the spin_unlock()
function also contains a memory barrier

                           ^^^^^^^^^^^^^^

Not really, in general unlock is a one-way barrier.

to prevent such a reordering
from happening.

Please look at the comment above prepare_to_wait(), for example. Or
look at wmb() in try_to_wake_up().

I guess this is not possible on x86, but in general

	X;
	LOCK();
	UNLOCK();
	Y;

can be reordered as

	LOCK();
	Y;
	X;
	UNLOCK();

UNLOCK + LOCK is the full memory barrier.

Oleg.