[PATCH] 8xx: get_mmu_context() for (very) FEW_CONTEXTS and KERNEL_PREEMPT race/starvation issue

[Marcelo Tosatti]

On Thu, Jun 30, 2005 at 09:26:07AM +1000, Benjamin Herrenschmidt wrote:
> 
> > Execution is resumed exactly where it has been interrupted.
> > 
> > > The idea behind my patch was to get rid of that nr_free_contexts counter 
> > > that is (I thing) redundant with the context_map.
> > 
> > Apparently its there to avoid the spinlock exactly on !FEW_CONTEXTS machines.
> > 
> > I suppose that what happens is that get_mmu_context() gets preempted after stealing
> > a context (so nr_free_contexts = 0), but before setting next_mmu_context to the 
> > next entry
> > 
> > next_mmu_context = (ctx + 1) & LAST_CONTEXT;
> 
> Ugh ? Can switch_mm() be preempted at all ? Did I miss yet another
> "let's open 10 gazillion races for gun" Ingo patch ?

Doh nope it can't - my bad.

> > So if the now running higher prio tasks calls switch_mm() (which is likely to happen)
> > it loops forever on atomic_dec_if_positive(&nr_free_contexts), while steal_context()
> > sees "mm->context == CONTEXT".
> 
> I think the race is only when destroy_context() is preempted, but maybe
> I missed something.

Nope, I think you are right. My "theory" is obviously flawed now. 

There seem to be several contexts where destroy_context() could be called
with preempt enabled - I should have been shutup in the first place :)

Lets wait for Guillaume to test...