Strictly speaking list_op_pending points to the 'lock entry', not the
'lock word' (which is actually at 'offset' from 'lock entry'). We can
infer this based on reading the code in kernel/futex.c:
struct robust_list __user *entry, *next_entry, *pending;
...
if (fetch_robust_entry(&pending, &head->list_op_pending, &pip))
return;
...
if (pending)
handle_futex_death((void __user *)pending + futex_offset,
curr, pip);
Which is also consistent with the rest of the docs on robust futex lists.
Signed-off-by: Matt Helsley <matthltc@us.ibm.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Thomas Gleixner <tglx@linuxtronix.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
protocol on 'lock entry' insertion and removal:
On insertion:
- 1) set the 'list_op_pending' word to the address of the 'lock word'
+ 1) set the 'list_op_pending' word to the address of the 'lock entry'
to be inserted,
2) acquire the futex lock,
3) add the lock entry, with its thread id (TID) in the bottom 29 bits
4) clear the 'list_op_pending' word.
On removal:
- 1) set the 'list_op_pending' word to the address of the 'lock word'
+ 1) set the 'list_op_pending' word to the address of the 'lock entry'
to be removed,
2) remove the lock entry for this lock from the 'head' list,
2) release the futex lock, and