From nobody Sun Sep 14 06:37:29 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id D7C53C54EAA for ; Thu, 26 Jan 2023 11:38:54 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237322AbjAZLix (ORCPT ); Thu, 26 Jan 2023 06:38:53 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48068 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237305AbjAZLis (ORCPT ); Thu, 26 Jan 2023 06:38:48 -0500 Received: from galois.linutronix.de (Galois.linutronix.de [IPv6:2a0a:51c0:0:12e:550::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 04A663BDBF; Thu, 26 Jan 2023 03:38:47 -0800 (PST) Date: Thu, 26 Jan 2023 11:38:44 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1674733125; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=cbK7nIGD/08H7Aeb4a9bD6tyPHJg6ETnqXE4EFES7nQ=; b=cJCqHT8VIYqRVRApNHeskZGd/veQQgUxMsKbgESkHFe/pILBhY3E+flaOGF4PEcl4dURke oiY0ob3zcFCMX5lIq6f1jMHbupePQ1FoJbGLaASxDu0yhDwBT8anY3+Jd829ewj3SmufuM Gb/AZU0wPGPriMUCGx+K05Dkco1NSue2pon5G4yH0zJxAdrsYFsDy9hqpBkejzvqqfH7BS 9HnD6g/jalQxXyoawP6Wa8SmlOYb4tQ1IlLwd49K3j03lH8AZEg5baIDaKettyDby+OWBX jDO2OMhXB/kp1gEx+znZMZDHmTX/YyBd5ZKoH8YitarhnzpA5F9HxyzVwblHAw== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1674733125; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=cbK7nIGD/08H7Aeb4a9bD6tyPHJg6ETnqXE4EFES7nQ=; b=bXSr65vZ1IyuWmbQfE7Hh+b/4nQwLbCHC6Ik9QJINIFj5eLm7FA4j//ryUu06X+F9VIGa5 Ouf5q25G12UxfgBQ== From: "tip-bot2 for Waiman Long" Sender: tip-bot2@linutronix.de Reply-to: linux-kernel@vger.kernel.org To: linux-tip-commits@vger.kernel.org Subject: [tip: locking/core] locking/rwsem: Disable preemption in all down_read*() and up_read() code paths Cc: Mukesh Ojha , Peter Zijlstra , Waiman Long , Ingo Molnar , x86@kernel.org, linux-kernel@vger.kernel.org In-Reply-To: <20230126003628.365092-3-longman@redhat.com> References: <20230126003628.365092-3-longman@redhat.com> MIME-Version: 1.0 Message-ID: <167473312497.4906.10689090616417879897.tip-bot2@tip-bot2> Robot-ID: Robot-Unsubscribe: Contact to get blacklisted from these emails Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org The following commit has been merged into the locking/core branch of tip: Commit-ID: 3f5245538a1964ae186ab7e1636020a41aa63143 Gitweb: https://git.kernel.org/tip/3f5245538a1964ae186ab7e1636020a41= aa63143 Author: Waiman Long AuthorDate: Wed, 25 Jan 2023 19:36:26 -05:00 Committer: Ingo Molnar CommitterDate: Thu, 26 Jan 2023 11:46:46 +01:00 locking/rwsem: Disable preemption in all down_read*() and up_read() code pa= ths Commit: 91d2a812dfb9 ("locking/rwsem: Make handoff writer optimistically spin on = owner") ... assumes that when the owner field is changed to NULL, the lock will become free soon. But commit: 48dfb5d2560d ("locking/rwsem: Disable preemption while trying for rwsem l= ock") ... disabled preemption when acquiring rwsem for write. However, preemption has not yet been disabled when acquiring a read lock on a rwsem. So a reader can add a RWSEM_READER_BIAS to count without setting owner to signal a reader, got preempted out by a RT task which then spins in the writer slowpath as owner remains NULL leading to live loc= k. One easy way to fix this problem is to disable preemption at all the down_read*() and up_read() code paths as implemented in this patch. Fixes: 91d2a812dfb9 ("locking/rwsem: Make handoff writer optimistically spi= n on owner") Reported-by: Mukesh Ojha Suggested-by: Peter Zijlstra Signed-off-by: Waiman Long Signed-off-by: Ingo Molnar Link: https://lore.kernel.org/r/20230126003628.365092-3-longman@redhat.com --- kernel/locking/rwsem.c | 30 ++++++++++++++++++++++++------ 1 file changed, 24 insertions(+), 6 deletions(-) diff --git a/kernel/locking/rwsem.c b/kernel/locking/rwsem.c index be2df9e..84d5b64 100644 --- a/kernel/locking/rwsem.c +++ b/kernel/locking/rwsem.c @@ -1091,7 +1091,7 @@ queue: /* Ordered by sem->wait_lock against rwsem_mark_wake(). */ break; } - schedule(); + schedule_preempt_disabled(); lockevent_inc(rwsem_sleep_reader); } =20 @@ -1253,14 +1253,20 @@ static struct rw_semaphore *rwsem_downgrade_wake(st= ruct rw_semaphore *sem) */ static inline int __down_read_common(struct rw_semaphore *sem, int state) { + int ret =3D 0; long count; =20 + preempt_disable(); if (!rwsem_read_trylock(sem, &count)) { - if (IS_ERR(rwsem_down_read_slowpath(sem, count, state))) - return -EINTR; + if (IS_ERR(rwsem_down_read_slowpath(sem, count, state))) { + ret =3D -EINTR; + goto out; + } DEBUG_RWSEMS_WARN_ON(!is_rwsem_reader_owned(sem), sem); } - return 0; +out: + preempt_enable(); + return ret; } =20 static inline void __down_read(struct rw_semaphore *sem) @@ -1280,19 +1286,23 @@ static inline int __down_read_killable(struct rw_se= maphore *sem) =20 static inline int __down_read_trylock(struct rw_semaphore *sem) { + int ret =3D 0; long tmp; =20 DEBUG_RWSEMS_WARN_ON(sem->magic !=3D sem, sem); =20 + preempt_disable(); tmp =3D atomic_long_read(&sem->count); while (!(tmp & RWSEM_READ_FAILED_MASK)) { if (atomic_long_try_cmpxchg_acquire(&sem->count, &tmp, tmp + RWSEM_READER_BIAS)) { rwsem_set_reader_owned(sem); - return 1; + ret =3D 1; + break; } } - return 0; + preempt_enable(); + return ret; } =20 /* @@ -1334,6 +1344,7 @@ static inline void __up_read(struct rw_semaphore *sem) DEBUG_RWSEMS_WARN_ON(sem->magic !=3D sem, sem); DEBUG_RWSEMS_WARN_ON(!is_rwsem_reader_owned(sem), sem); =20 + preempt_disable(); rwsem_clear_reader_owned(sem); tmp =3D atomic_long_add_return_release(-RWSEM_READER_BIAS, &sem->count); DEBUG_RWSEMS_WARN_ON(tmp < 0, sem); @@ -1342,6 +1353,7 @@ static inline void __up_read(struct rw_semaphore *sem) clear_nonspinnable(sem); rwsem_wake(sem); } + preempt_enable(); } =20 /* @@ -1661,6 +1673,12 @@ void down_read_non_owner(struct rw_semaphore *sem) { might_sleep(); __down_read(sem); + /* + * The owner value for a reader-owned lock is mostly for debugging + * purpose only and is not critical to the correct functioning of + * rwsem. So it is perfectly fine to set it in a preempt-enabled + * context here. + */ __rwsem_set_reader_owned(sem, NULL); } EXPORT_SYMBOL(down_read_non_owner);