* [PATCH v2] locking/rwsem: Fix kernel crash when spinning on RWSEM_OWNER_UNKNOWN
@ 2020-01-15 15:43 Waiman Long
2020-01-17 10:09 ` [tip: locking/urgent] " tip-bot2 for Waiman Long
0 siblings, 1 reply; 2+ messages in thread
From: Waiman Long @ 2020-01-15 15:43 UTC (permalink / raw)
To: Peter Zijlstra, Ingo Molnar, Will Deacon
Cc: linux-kernel, Christoph Hellwig, stable, Waiman Long
The commit 91d2a812dfb9 ("locking/rwsem: Make handoff writer
optimistically spin on owner") will allow a recently woken up waiting
writer to spin on the owner. Unfortunately, if the owner happens to be
RWSEM_OWNER_UNKNOWN, the code will incorrectly spin on it leading to a
kernel crash. This is fixed by passing the proper non-spinnable bits
to rwsem_spin_on_owner() so that RWSEM_OWNER_UNKNOWN will be treated
as a non-spinnable target.
Fixes: 91d2a812dfb9 ("locking/rwsem: Make handoff writer optimistically spin on owner")
Reported-by: Christoph Hellwig <hch@lst.de>
Tested-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Waiman Long <longman@redhat.com>
---
kernel/locking/rwsem.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/kernel/locking/rwsem.c b/kernel/locking/rwsem.c
index 44e68761f432..0d9b6be9ecc8 100644
--- a/kernel/locking/rwsem.c
+++ b/kernel/locking/rwsem.c
@@ -1226,8 +1226,8 @@ rwsem_down_write_slowpath(struct rw_semaphore *sem, int state)
* In this case, we attempt to acquire the lock again
* without sleeping.
*/
- if ((wstate == WRITER_HANDOFF) &&
- (rwsem_spin_on_owner(sem, 0) == OWNER_NULL))
+ if (wstate == WRITER_HANDOFF &&
+ rwsem_spin_on_owner(sem, RWSEM_NONSPINNABLE) == OWNER_NULL)
goto trylock_again;
/* Block until there are no active lockers. */
--
2.18.1
^ permalink raw reply related [flat|nested] 2+ messages in thread
* [tip: locking/urgent] locking/rwsem: Fix kernel crash when spinning on RWSEM_OWNER_UNKNOWN
2020-01-15 15:43 [PATCH v2] locking/rwsem: Fix kernel crash when spinning on RWSEM_OWNER_UNKNOWN Waiman Long
@ 2020-01-17 10:09 ` tip-bot2 for Waiman Long
0 siblings, 0 replies; 2+ messages in thread
From: tip-bot2 for Waiman Long @ 2020-01-17 10:09 UTC (permalink / raw)
To: linux-tip-commits
Cc: Christoph Hellwig, Waiman Long, Peter Zijlstra (Intel),
stable, x86, LKML
The following commit has been merged into the locking/urgent branch of tip:
Commit-ID: 39e7234f00bc93613c086ae42d852d5f4147120a
Gitweb: https://git.kernel.org/tip/39e7234f00bc93613c086ae42d852d5f4147120a
Author: Waiman Long <longman@redhat.com>
AuthorDate: Wed, 15 Jan 2020 10:43:36 -05:00
Committer: Peter Zijlstra <peterz@infradead.org>
CommitterDate: Fri, 17 Jan 2020 10:19:27 +01:00
locking/rwsem: Fix kernel crash when spinning on RWSEM_OWNER_UNKNOWN
The commit 91d2a812dfb9 ("locking/rwsem: Make handoff writer
optimistically spin on owner") will allow a recently woken up waiting
writer to spin on the owner. Unfortunately, if the owner happens to be
RWSEM_OWNER_UNKNOWN, the code will incorrectly spin on it leading to a
kernel crash. This is fixed by passing the proper non-spinnable bits
to rwsem_spin_on_owner() so that RWSEM_OWNER_UNKNOWN will be treated
as a non-spinnable target.
Fixes: 91d2a812dfb9 ("locking/rwsem: Make handoff writer optimistically spin on owner")
Reported-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Waiman Long <longman@redhat.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Tested-by: Christoph Hellwig <hch@lst.de>
Cc: stable@vger.kernel.org
Link: https://lkml.kernel.org/r/20200115154336.8679-1-longman@redhat.com
---
kernel/locking/rwsem.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/kernel/locking/rwsem.c b/kernel/locking/rwsem.c
index 44e6876..0d9b6be 100644
--- a/kernel/locking/rwsem.c
+++ b/kernel/locking/rwsem.c
@@ -1226,8 +1226,8 @@ wait:
* In this case, we attempt to acquire the lock again
* without sleeping.
*/
- if ((wstate == WRITER_HANDOFF) &&
- (rwsem_spin_on_owner(sem, 0) == OWNER_NULL))
+ if (wstate == WRITER_HANDOFF &&
+ rwsem_spin_on_owner(sem, RWSEM_NONSPINNABLE) == OWNER_NULL)
goto trylock_again;
/* Block until there are no active lockers. */
^ permalink raw reply related [flat|nested] 2+ messages in thread
end of thread, other threads:[~2020-01-17 10:09 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-01-15 15:43 [PATCH v2] locking/rwsem: Fix kernel crash when spinning on RWSEM_OWNER_UNKNOWN Waiman Long
2020-01-17 10:09 ` [tip: locking/urgent] " tip-bot2 for Waiman Long
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).