From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Prateek Sood <prsood@codeaurora.org>,
"Peter Zijlstra (Intel)" <peterz@infradead.org>,
Linus Torvalds <torvalds@linux-foundation.org>,
Thomas Gleixner <tglx@linutronix.de>,
dave@stgolabs.net, longman@redhat.com, parri.andrea@gmail.com,
sramana@codeaurora.org, Ingo Molnar <mingo@kernel.org>,
Amit Pundir <amit.pundir@linaro.org>
Subject: [PATCH 4.4 10/56] locking/rwsem-xadd: Fix missed wakeup due to reordering of load
Date: Tue, 18 Sep 2018 00:41:43 +0200 [thread overview]
Message-ID: <20180917213828.393496095@linuxfoundation.org> (raw)
In-Reply-To: <20180917213827.913122591@linuxfoundation.org>
4.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Prateek Sood <prsood@codeaurora.org>
commit 9c29c31830a4eca724e137a9339137204bbb31be upstream.
If a spinner is present, there is a chance that the load of
rwsem_has_spinner() in rwsem_wake() can be reordered with
respect to decrement of rwsem count in __up_write() leading
to wakeup being missed:
spinning writer up_write caller
--------------- -----------------------
[S] osq_unlock() [L] osq
spin_lock(wait_lock)
sem->count=0xFFFFFFFF00000001
+0xFFFFFFFF00000000
count=sem->count
MB
sem->count=0xFFFFFFFE00000001
-0xFFFFFFFF00000001
spin_trylock(wait_lock)
return
rwsem_try_write_lock(count)
spin_unlock(wait_lock)
schedule()
Reordering of atomic_long_sub_return_release() in __up_write()
and rwsem_has_spinner() in rwsem_wake() can cause missing of
wakeup in up_write() context. In spinning writer, sem->count
and local variable count is 0XFFFFFFFE00000001. It would result
in rwsem_try_write_lock() failing to acquire rwsem and spinning
writer going to sleep in rwsem_down_write_failed().
The smp_rmb() will make sure that the spinner state is
consulted after sem->count is updated in up_write context.
Signed-off-by: Prateek Sood <prsood@codeaurora.org>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: dave@stgolabs.net
Cc: longman@redhat.com
Cc: parri.andrea@gmail.com
Cc: sramana@codeaurora.org
Link: http://lkml.kernel.org/r/1504794658-15397-1-git-send-email-prsood@codeaurora.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/locking/rwsem-xadd.c | 27 +++++++++++++++++++++++++++
1 file changed, 27 insertions(+)
--- a/kernel/locking/rwsem-xadd.c
+++ b/kernel/locking/rwsem-xadd.c
@@ -511,6 +511,33 @@ struct rw_semaphore *rwsem_wake(struct r
unsigned long flags;
/*
+ * __rwsem_down_write_failed_common(sem)
+ * rwsem_optimistic_spin(sem)
+ * osq_unlock(sem->osq)
+ * ...
+ * atomic_long_add_return(&sem->count)
+ *
+ * - VS -
+ *
+ * __up_write()
+ * if (atomic_long_sub_return_release(&sem->count) < 0)
+ * rwsem_wake(sem)
+ * osq_is_locked(&sem->osq)
+ *
+ * And __up_write() must observe !osq_is_locked() when it observes the
+ * atomic_long_add_return() in order to not miss a wakeup.
+ *
+ * This boils down to:
+ *
+ * [S.rel] X = 1 [RmW] r0 = (Y += 0)
+ * MB RMB
+ * [RmW] Y += 1 [L] r1 = X
+ *
+ * exists (r0=1 /\ r1=0)
+ */
+ smp_rmb();
+
+ /*
* If a spinner is present, it is not necessary to do the wakeup.
* Try to do wakeup only if the trylock succeeds to minimize
* spinlock contention which may introduce too much delay in the
next prev parent reply other threads:[~2018-09-17 22:50 UTC|newest]
Thread overview: 60+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-09-17 22:41 [PATCH 4.4 00/56] 4.4.157-stable review Greg Kroah-Hartman
2018-09-17 22:41 ` [PATCH 4.4 01/56] i2c: xiic: Make the start and the byte count write atomic Greg Kroah-Hartman
2018-09-17 22:41 ` [PATCH 4.4 02/56] i2c: i801: fix DNVs SMBCTRL register offset Greg Kroah-Hartman
2018-09-17 22:41 ` [PATCH 4.4 03/56] ALSA: hda - Fix cancel_work_sync() stall from jackpoll work Greg Kroah-Hartman
2018-09-17 22:41 ` [PATCH 4.4 04/56] cfq: Give a chance for arming slice idle timer in case of group_idle Greg Kroah-Hartman
2018-09-17 22:41 ` [PATCH 4.4 05/56] kthread: Fix use-after-free if kthread fork fails Greg Kroah-Hartman
2018-09-17 22:41 ` [PATCH 4.4 06/56] kthread: fix boot hang (regression) on MIPS/OpenRISC Greg Kroah-Hartman
2018-09-17 22:41 ` [PATCH 4.4 07/56] staging: rt5208: Fix a sleep-in-atomic bug in xd_copy_page Greg Kroah-Hartman
2018-09-17 22:41 ` [PATCH 4.4 08/56] staging/rts5208: Fix read overflow in memcpy Greg Kroah-Hartman
2018-09-17 22:41 ` [PATCH 4.4 09/56] block,blkcg: use __GFP_NOWARN for best-effort allocations in blkcg Greg Kroah-Hartman
2018-09-17 22:41 ` Greg Kroah-Hartman [this message]
2018-09-17 22:41 ` [PATCH 4.4 11/56] selinux: use GFP_NOWAIT in the AVC kmem_caches Greg Kroah-Hartman
2018-09-17 22:41 ` [PATCH 4.4 12/56] locking/osq_lock: Fix osq_lock queue corruption Greg Kroah-Hartman
2018-09-17 22:41 ` [PATCH 4.4 13/56] ARC: [plat-axs*]: Enable SWAP Greg Kroah-Hartman
2018-09-17 22:41 ` [PATCH 4.4 14/56] misc: mic: SCIF Fix scif_get_new_port() error handling Greg Kroah-Hartman
2018-09-17 22:41 ` [PATCH 4.4 15/56] ethtool: Remove trailing semicolon for static inline Greg Kroah-Hartman
2018-09-17 22:41 ` [PATCH 4.4 16/56] Bluetooth: h5: Fix missing dependency on BT_HCIUART_SERDEV Greg Kroah-Hartman
2018-09-17 22:41 ` [PATCH 4.4 17/56] gpio: tegra: Move driver registration to subsys_init level Greg Kroah-Hartman
2018-09-17 22:41 ` [PATCH 4.4 18/56] scsi: target: fix __transport_register_session locking Greg Kroah-Hartman
2018-09-17 22:41 ` [PATCH 4.4 19/56] md/raid5: fix data corruption of replacements after originals dropped Greg Kroah-Hartman
2018-09-17 22:41 ` [PATCH 4.4 20/56] misc: ti-st: Fix memory leak in the error path of probe() Greg Kroah-Hartman
2018-09-17 22:41 ` [PATCH 4.4 21/56] uio: potential double frees if __uio_register_device() fails Greg Kroah-Hartman
2018-09-17 22:41 ` [PATCH 4.4 22/56] tty: rocket: Fix possible buffer overwrite on register_PCI Greg Kroah-Hartman
2018-09-17 22:41 ` [PATCH 4.4 23/56] f2fs: do not set free of current section Greg Kroah-Hartman
2018-09-17 22:41 ` [PATCH 4.4 24/56] perf tools: Allow overriding MAX_NR_CPUS at compile time Greg Kroah-Hartman
2018-09-17 22:41 ` [PATCH 4.4 25/56] NFSv4.0 fix client reference leak in callback Greg Kroah-Hartman
2018-09-17 22:41 ` [PATCH 4.4 26/56] macintosh/via-pmu: Add missing mmio accessors Greg Kroah-Hartman
2018-09-17 22:42 ` [PATCH 4.4 27/56] ath10k: prevent active scans on potential unusable channels Greg Kroah-Hartman
2018-09-17 22:42 ` [PATCH 4.4 28/56] MIPS: Fix ISA virt/bus conversion for non-zero PHYS_OFFSET Greg Kroah-Hartman
2018-09-17 22:42 ` [PATCH 4.4 29/56] ata: libahci: Correct setting of DEVSLP register Greg Kroah-Hartman
2018-09-17 22:42 ` [PATCH 4.4 30/56] scsi: 3ware: fix return 0 on the error path of probe Greg Kroah-Hartman
2018-09-17 22:42 ` [PATCH 4.4 31/56] ath10k: disable bundle mgmt tx completion event support Greg Kroah-Hartman
2018-09-17 22:42 ` [PATCH 4.4 32/56] Bluetooth: hidp: Fix handling of strncpy for hid->name information Greg Kroah-Hartman
2018-09-17 22:42 ` [PATCH 4.4 33/56] x86/mm: Remove in_nmi() warning from vmalloc_fault() Greg Kroah-Hartman
2018-09-17 22:42 ` [PATCH 4.4 34/56] gpio: ml-ioh: Fix buffer underwrite on probe error path Greg Kroah-Hartman
2018-09-17 22:42 ` [PATCH 4.4 35/56] net: mvneta: fix mtu change on port without link Greg Kroah-Hartman
2018-09-17 22:42 ` [PATCH 4.4 36/56] MIPS: Octeon: add missing of_node_put() Greg Kroah-Hartman
2018-09-17 22:42 ` [PATCH 4.4 37/56] net: dcb: For wild-card lookups, use priority -1, not 0 Greg Kroah-Hartman
2018-09-17 22:42 ` [PATCH 4.4 38/56] Input: atmel_mxt_ts - only use first T9 instance Greg Kroah-Hartman
2018-09-17 22:42 ` [PATCH 4.4 39/56] partitions/aix: append null character to print data from disk Greg Kroah-Hartman
2018-09-17 22:42 ` [PATCH 4.4 40/56] partitions/aix: fix usage of uninitialized lv_info and lvname structures Greg Kroah-Hartman
2018-09-17 22:42 ` [PATCH 4.4 41/56] iommu/ipmmu-vmsa: Fix allocation in atomic context Greg Kroah-Hartman
2018-09-17 22:42 ` [PATCH 4.4 42/56] mfd: ti_am335x_tscadc: Fix struct clk memory leak Greg Kroah-Hartman
2018-09-17 22:42 ` [PATCH 4.4 43/56] f2fs: fix to do sanity check with {sit,nat}_ver_bitmap_bytesize Greg Kroah-Hartman
2018-09-17 22:42 ` [PATCH 4.4 44/56] MIPS: WARN_ON invalid DMA cache maintenance, not BUG_ON Greg Kroah-Hartman
2018-09-17 22:42 ` [PATCH 4.4 45/56] RDMA/cma: Do not ignore net namespace for unbound cm_id Greg Kroah-Hartman
2018-09-17 22:42 ` [PATCH 4.4 46/56] xhci: Fix use-after-free in xhci_free_virt_device Greg Kroah-Hartman
2018-09-17 22:42 ` [PATCH 4.4 47/56] vmw_balloon: include asm/io.h Greg Kroah-Hartman
2018-09-17 22:42 ` [PATCH 4.4 48/56] netfilter: x_tables: avoid stack-out-of-bounds read in xt_copy_counters_from_user Greg Kroah-Hartman
2018-09-17 22:42 ` [PATCH 4.4 49/56] drivers: net: cpsw: fix parsing of phy-handle DT property in dual_emac config Greg Kroah-Hartman
2018-09-17 22:42 ` [PATCH 4.4 50/56] net: ethernet: ti: cpsw: fix mdio device reference leak Greg Kroah-Hartman
2018-09-17 22:42 ` [PATCH 4.4 51/56] ethernet: ti: davinci_emac: add missing of_node_put after calling of_parse_phandle Greg Kroah-Hartman
2018-09-17 22:42 ` [PATCH 4.4 52/56] crypto: vmx - Fix sleep-in-atomic bugs Greg Kroah-Hartman
2018-09-17 22:42 ` [PATCH 4.4 53/56] mtd: ubi: wl: Fix error return code in ubi_wl_init() Greg Kroah-Hartman
2018-09-17 22:42 ` [PATCH 4.4 54/56] autofs: fix autofs_sbi() does not check super block type Greg Kroah-Hartman
2018-09-17 22:42 ` [PATCH 4.4 55/56] x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ Greg Kroah-Hartman
2018-09-17 22:42 ` [PATCH 4.4 56/56] mm: get rid of vmacache_flush_all() entirely Greg Kroah-Hartman
2018-09-17 23:58 ` [PATCH 4.4 00/56] 4.4.157-stable review Nathan Chancellor
2018-09-18 16:19 ` Guenter Roeck
2018-09-18 16:56 ` Naresh Kamboju
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180917213828.393496095@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=amit.pundir@linaro.org \
--cc=dave@stgolabs.net \
--cc=linux-kernel@vger.kernel.org \
--cc=longman@redhat.com \
--cc=mingo@kernel.org \
--cc=parri.andrea@gmail.com \
--cc=peterz@infradead.org \
--cc=prsood@codeaurora.org \
--cc=sramana@codeaurora.org \
--cc=stable@vger.kernel.org \
--cc=tglx@linutronix.de \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).