ntsync: Introduce NTSYNC_IOC_MUTEX_KILL.

This does not correspond to any NT syscall. Rather, when a thread dies, it
should be called by the NT emulator for each mutex, with the TID of the dying
thread.

NT mutexes are robust (in the pthread sense). When an NT thread dies, any
mutexes it owned are immediately released. Acquisition of those mutexes by other
threads will return a special value indicating that the mutex was abandoned,
like EOWNERDEAD returned from pthread_mutex_lock(), and EOWNERDEAD is indeed
used here for that purpose.

Signed-off-by: Elizabeth Figura <zfigura@codeweavers.com>
Link: https://lore.kernel.org/r/20241213193511.457338-8-zfigura@codeweavers.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/drivers/misc/ntsync.c b/drivers/misc/ntsync.c
index 33e26240d9e7c9ac1bcb8adb2ee7ae0b03c63451..03768ac254256fc5dab3931dd71a6e3cf46fc277 100644 (file)
--- a/drivers/misc/ntsync.c
+++ b/drivers/misc/ntsync.c
@@ -59,6 +59,7 @@ struct ntsync_obj {
                struct {
                        __u32 count;
                        pid_t owner;
+                       bool ownerdead;
                } mutex;
        } u;
 
@@ -107,6 +108,7 @@ struct ntsync_q {
        atomic_t signaled;
 
        bool all;
+       bool ownerdead;
        __u32 count;
        struct ntsync_q_entry entries[];
 };
@@ -275,6 +277,9 @@ static void try_wake_all(struct ntsync_device *dev, struct ntsync_q *q,
                                obj->u.sem.count--;
                                break;
                        case NTSYNC_TYPE_MUTEX:
+                               if (obj->u.mutex.ownerdead)
+                                       q->ownerdead = true;
+                               obj->u.mutex.ownerdead = false;
                                obj->u.mutex.count++;
                                obj->u.mutex.owner = q->owner;
                                break;
@@ -338,6 +343,9 @@ static void try_wake_any_mutex(struct ntsync_obj *mutex)
                        continue;
 
                if (atomic_try_cmpxchg(&q->signaled, &signaled, entry->index)) {
+                       if (mutex->u.mutex.ownerdead)
+                               q->ownerdead = true;
+                       mutex->u.mutex.ownerdead = false;
                        mutex->u.mutex.count++;
                        mutex->u.mutex.owner = q->owner;
                        wake_up_process(q->task);
@@ -447,6 +455,52 @@ static int ntsync_mutex_unlock(struct ntsync_obj *mutex, void __user *argp)
        return ret;
 }
 
+/*
+ * Actually change the mutex state to mark its owner as dead,
+ * returning -EPERM if not the owner.
+ */
+static int kill_mutex_state(struct ntsync_obj *mutex, __u32 owner)
+{
+       ntsync_assert_held(mutex);
+
+       if (mutex->u.mutex.owner != owner)
+               return -EPERM;
+
+       mutex->u.mutex.ownerdead = true;
+       mutex->u.mutex.owner = 0;
+       mutex->u.mutex.count = 0;
+       return 0;
+}
+
+static int ntsync_mutex_kill(struct ntsync_obj *mutex, void __user *argp)
+{
+       struct ntsync_device *dev = mutex->dev;
+       __u32 owner;
+       bool all;
+       int ret;
+
+       if (get_user(owner, (__u32 __user *)argp))
+               return -EFAULT;
+       if (!owner)
+               return -EINVAL;
+
+       if (mutex->type != NTSYNC_TYPE_MUTEX)
+               return -EINVAL;
+
+       all = ntsync_lock_obj(dev, mutex);
+
+       ret = kill_mutex_state(mutex, owner);
+       if (!ret) {
+               if (all)
+                       try_wake_all_obj(dev, mutex);
+               try_wake_any_mutex(mutex);
+       }
+
+       ntsync_unlock_obj(dev, mutex, all);
+
+       return ret;
+}
+
 static int ntsync_obj_release(struct inode *inode, struct file *file)
 {
        struct ntsync_obj *obj = file->private_data;
@@ -468,6 +522,8 @@ static long ntsync_obj_ioctl(struct file *file, unsigned int cmd,
                return ntsync_sem_release(obj, argp);
        case NTSYNC_IOC_MUTEX_UNLOCK:
                return ntsync_mutex_unlock(obj, argp);
+       case NTSYNC_IOC_MUTEX_KILL:
+               return ntsync_mutex_kill(obj, argp);
        default:
                return -ENOIOCTLCMD;
        }
@@ -652,6 +708,7 @@ static int setup_wait(struct ntsync_device *dev,
        q->owner = args->owner;
        atomic_set(&q->signaled, -1);
        q->all = all;
+       q->ownerdead = false;
        q->count = count;
 
        for (i = 0; i < count; i++) {
@@ -760,7 +817,7 @@ static int ntsync_wait_any(struct ntsync_device *dev, void __user *argp)
                struct ntsync_wait_args __user *user_args = argp;
 
                /* even if we caught a signal, we need to communicate success */
-               ret = 0;
+               ret = q->ownerdead ? -EOWNERDEAD : 0;
 
                if (put_user(signaled, &user_args->index))
                        ret = -EFAULT;
@@ -841,7 +898,7 @@ static int ntsync_wait_all(struct ntsync_device *dev, void __user *argp)
                struct ntsync_wait_args __user *user_args = argp;
 
                /* even if we caught a signal, we need to communicate success */
-               ret = 0;
+               ret = q->ownerdead ? -EOWNERDEAD : 0;
 
                if (put_user(signaled, &user_args->index))
                        ret = -EFAULT;

diff --git a/include/uapi/linux/ntsync.h b/include/uapi/linux/ntsync.h
index 9186304b253c640b262e37794d292e06ee80ed18..633958d90be3191d8a6c5e9871248e7109873872 100644 (file)
--- a/include/uapi/linux/ntsync.h
+++ b/include/uapi/linux/ntsync.h
@@ -41,5 +41,6 @@ struct ntsync_wait_args {
 
 #define NTSYNC_IOC_SEM_RELEASE         _IOWR('N', 0x81, __u32)
 #define NTSYNC_IOC_MUTEX_UNLOCK                _IOWR('N', 0x85, struct ntsync_mutex_args)
+#define NTSYNC_IOC_MUTEX_KILL          _IOW ('N', 0x86, __u32)
 
 #endif