futex: Decrease the waiter count before the unlock operation

To support runtime resizing of the process private hash, it's required
to not use the obtained hash bucket once the reference count has been
dropped. The reference will be dropped after the unlock of the hash
bucket.
The amount of waiters is decremented after the unlock operation. There
is no requirement that this needs to happen after the unlock. The
increment happens before acquiring the lock to signal early that there
will be a waiter. The waiter can avoid blocking on the lock if it is
known that there will be no waiter.
There is no difference in terms of ordering if the decrement happens
before or after the unlock.

Decrease the waiter count before the unlock operation.

Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Link: https://lore.kernel.org/r/20250416162921.513656-10-bigeasy@linutronix.de

diff --git a/kernel/futex/core.c b/kernel/futex/core.c
index 6a1d6b14277f416c1f3808bd30725419f83186fe..5e70cb8eb25077e10022ee7998da9f1a5eff9465 100644 (file)
--- a/kernel/futex/core.c
+++ b/kernel/futex/core.c
@@ -537,8 +537,8 @@ void futex_q_lock(struct futex_q *q, struct futex_hash_bucket *hb)
 void futex_q_unlock(struct futex_hash_bucket *hb)
        __releases(&hb->lock)
 {
-       spin_unlock(&hb->lock);
        futex_hb_waiters_dec(hb);
+       spin_unlock(&hb->lock);
 }
 
 void __futex_queue(struct futex_q *q, struct futex_hash_bucket *hb,

diff --git a/kernel/futex/requeue.c b/kernel/futex/requeue.c
index 992e3ce005c6f012eeac077457fcd5c05d17b8ac..023c028d2fce3164dcf00fe0c4d314503814203d 100644 (file)
--- a/kernel/futex/requeue.c
+++ b/kernel/futex/requeue.c
@@ -456,8 +456,8 @@ retry_private:
                        ret = futex_get_value_locked(&curval, uaddr1);
 
                        if (unlikely(ret)) {
-                               double_unlock_hb(hb1, hb2);
                                futex_hb_waiters_dec(hb2);
+                               double_unlock_hb(hb1, hb2);
 
                                ret = get_user(curval, uaddr1);
                                if (ret)
@@ -542,8 +542,8 @@ retry_private:
                                 * waiter::requeue_state is correct.
                                 */
                        case -EFAULT:
-                               double_unlock_hb(hb1, hb2);
                                futex_hb_waiters_dec(hb2);
+                               double_unlock_hb(hb1, hb2);
                                ret = fault_in_user_writeable(uaddr2);
                                if (!ret)
                                        goto retry;
@@ -556,8 +556,8 @@ retry_private:
                                 *   exit to complete.
                                 * - EAGAIN: The user space value changed.
                                 */
-                               double_unlock_hb(hb1, hb2);
                                futex_hb_waiters_dec(hb2);
+                               double_unlock_hb(hb1, hb2);
                                /*
                                 * Handle the case where the owner is in the middle of
                                 * exiting. Wait for the exit to complete otherwise
@@ -674,8 +674,8 @@ retry_private:
                put_pi_state(pi_state);
 
 out_unlock:
-               double_unlock_hb(hb1, hb2);
                futex_hb_waiters_dec(hb2);
+               double_unlock_hb(hb1, hb2);
        }
        wake_up_q(&wake_q);
        return ret ? ret : task_count;