From patchwork Thu Nov  3 18:29:31 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Waiman Long <longman@redhat.com>
X-Patchwork-Id: 15099
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a5d:6687:0:0:0:0:0 with SMTP id l7csp699235wru;
        Thu, 3 Nov 2022 11:33:40 -0700 (PDT)
X-Google-Smtp-Source: 
 AMsMyM6ZLIT5zJW1vJDrM5tx88gESnqQqInumD8OalsxQ8PLZLwzpmrkKmmBQpf8SEtoxiy54wU3
X-Received: by 2002:a50:fd12:0:b0:463:cb99:5b1 with SMTP id
 i18-20020a50fd12000000b00463cb9905b1mr13681540eds.256.1667500420351;
        Thu, 03 Nov 2022 11:33:40 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1667500420; cv=none;
        d=google.com; s=arc-20160816;
        b=waM4Q4+JHu9qYmZCJr/aKkHBnJlCX0RgdgxUMpBE9+G0wAm5PqmIdrz8FkyO7DNpXw
         aDXHpmpzP0TuM5dCEokVMjpG4tmDKSvLm5ZOVML37ui0AL5EzrP+azVOJe2hN7yDV8ne
         rXBi7hni6F/ohVCX/Pd9abBSkzMK1hHLn8cdBgCCl8PaRE476Pztzrvy7t+d4mRiW29i
         pizCMohD1Y8yesPlnXKUyTn2jZcdEPMA/td2FoevPN9UVBux+GuCinnFEQv5kDjastcw
         Q6hxD10oalSph3gZ37FUHHNqhmCI5Ad9AYEhCxJv0SYETMYplimPSTX9QisYsQNd6Saf
         nLpw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:date:subject:cc:to:from
         :dkim-signature;
        bh=jqegOKwKp0b5k01538L+8elHQKTxwvJermmvNJSeQ8I=;
        b=XYIhL87nJ903iJrk5ZdgJulrT1REdG03DVhEK20XUzx9F8aMm9GnCpKzXm+PG+DhTW
         IC3EWdK2YqbLDEKp5uCCL3xpFyBE9oR6XuNaI31j+EWoQz+rtMZDy8Gz0koQYhU4dmUa
         BuSdKYtEj+yLCxRt6doyhLMDHE42v8RuB6eqk0NlN6DTqrdPk9Gq+L5F4nU/mZ1Fp7d8
         d0Z5kxdAyMihbT27fZj9APPMb5F7W5m5N4C8JBNacPNiy5OdAad+yfcGGvWDjy8OOKO3
         R9ceKyQiyp1tIw3K++XUJkYOB3ly8U6ptZjqnDxh7Fc3IYUYQ6f3LMr+kfF/gvIMVSdq
         coMw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@redhat.com header.s=mimecast20190719
 header.b="MKKO/bAW";
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id
 e14-20020a056402190e00b004635dccd3casi2633126edz.57.2022.11.03.11.33.14;
        Thu, 03 Nov 2022 11:33:40 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@redhat.com header.s=mimecast20190719
 header.b="MKKO/bAW";
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S230220AbiKCSbM (ORCPT <rfc822;yves.mi.zy@gmail.com> + 99 others);
        Thu, 3 Nov 2022 14:31:12 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58592 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S231244AbiKCSap (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 3 Nov 2022 14:30:45 -0400
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6C81064D8
        for <linux-kernel@vger.kernel.org>;
 Thu,  3 Nov 2022 11:29:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
        s=mimecast20190719; t=1667500188;
        h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
         to:to:cc:cc:mime-version:mime-version:
         content-transfer-encoding:content-transfer-encoding:
         in-reply-to:in-reply-to:references:references;
        bh=jqegOKwKp0b5k01538L+8elHQKTxwvJermmvNJSeQ8I=;
        b=MKKO/bAWnt4NVYrY28x9XZsHJ2nXeAG0lMJp6VXhghcvqw9FW5yV+TmUArxceGr9LdeSW3
        ZNi58BNDr1Tg8QTxqowW6Um51/mdV6Tz5TBjIYxhxKyH0SujmcNKlqKlmyr1O1NTpiE43+
        NJR8CavrHxNJvuvF0F9NiDGryKqXHoc=
Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com
 [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-642-Jdu_Ns1KO_W26tMJ7EVP5g-1; Thu, 03 Nov 2022 14:29:44 -0400
X-MC-Unique: Jdu_Ns1KO_W26tMJ7EVP5g-1
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com
 [10.11.54.3])
        (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
        (No client certificate requested)
        by mimecast-mx02.redhat.com (Postfix) with ESMTPS id DCECE85A5B6;
        Thu,  3 Nov 2022 18:29:43 +0000 (UTC)
Received: from llong.com (unknown [10.22.33.38])
        by smtp.corp.redhat.com (Postfix) with ESMTP id 71F821121325;
        Thu,  3 Nov 2022 18:29:43 +0000 (UTC)
From: Waiman Long <longman@redhat.com>
To: Peter Zijlstra <peterz@infradead.org>,
        Ingo Molnar <mingo@redhat.com>, Will Deacon <will@kernel.org>,
        Boqun Feng <boqun.feng@gmail.com>
Cc: linux-kernel@vger.kernel.org, john.p.donnelly@oracle.com,
 Hillf Danton <hdanton@sina.com>, Mukesh Ojha <quic_mojha@quicinc.com>,
	=?utf-8?b?VGluZzExIFdhbmcg546L5am3?= <wangting11@xiaomi.com>,
 Waiman Long <longman@redhat.com>, stable@vger.kernel.org
Subject: [PATCH v5 1/6] locking/rwsem: Prevent non-first waiter from spinning
 in down_write() slowpath
Date: Thu,  3 Nov 2022 14:29:31 -0400
Message-Id: <20221103182936.217120-2-longman@redhat.com>
In-Reply-To: <20221103182936.217120-1-longman@redhat.com>
References: <20221103182936.217120-1-longman@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 3.1 on 10.11.54.3
X-Spam-Status: No, score=-3.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE,
        RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE autolearn=ham
        autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1748500920906474847?=
X-GMAIL-MSGID: =?utf-8?q?1748500920906474847?=

A non-first waiter can potentially spin in the for loop of
rwsem_down_write_slowpath() without sleeping but fail to acquire the
lock even if the rwsem is free if the following sequence happens:

  Non-first RT waiter    First waiter      Lock holder
  -------------------    ------------      -----------
  Acquire wait_lock
  rwsem_try_write_lock():
    Set handoff bit if RT or
      wait too long
    Set waiter->handoff_set
  Release wait_lock
                         Acquire wait_lock
                         Inherit waiter->handoff_set
                         Release wait_lock
					   Clear owner
                                           Release lock
  if (waiter.handoff_set) {
    rwsem_spin_on_owner(();
    if (OWNER_NULL)
      goto trylock_again;
  }
  trylock_again:
  Acquire wait_lock
  rwsem_try_write_lock():
     if (first->handoff_set && (waiter != first))
     	return false;
  Release wait_lock

A non-first waiter cannot really acquire the rwsem even if it mistakenly
believes that it can spin on OWNER_NULL value. If that waiter happens
to be an RT task running on the same CPU as the first waiter, it can
block the first waiter from acquiring the rwsem leading to live lock.
Fix this problem by making sure that a non-first waiter cannot spin in
the slowpath loop without sleeping.

Fixes: d257cc8cb8d5 ("locking/rwsem: Make handoff bit handling more consistent")
Reviewed-and-tested-by: Mukesh Ojha <quic_mojha@quicinc.com>
Signed-off-by: Waiman Long <longman@redhat.com>
Cc: stable@vger.kernel.org
---
 kernel/locking/rwsem.c | 19 +++++++++----------
 1 file changed, 9 insertions(+), 10 deletions(-)

diff --git a/kernel/locking/rwsem.c b/kernel/locking/rwsem.c
index 44873594de03..be2df9ea7c30 100644
--- a/kernel/locking/rwsem.c
+++ b/kernel/locking/rwsem.c
@@ -624,18 +624,16 @@ static inline bool rwsem_try_write_lock(struct rw_semaphore *sem,
 			 */
 			if (first->handoff_set && (waiter != first))
 				return false;
-
-			/*
-			 * First waiter can inherit a previously set handoff
-			 * bit and spin on rwsem if lock acquisition fails.
-			 */
-			if (waiter == first)
-				waiter->handoff_set = true;
 		}
 
 		new = count;
 
 		if (count & RWSEM_LOCK_MASK) {
+			/*
+			 * A waiter (first or not) can set the handoff bit
+			 * if it is an RT task or wait in the wait queue
+			 * for too long.
+			 */
 			if (has_handoff || (!rt_task(waiter->task) &&
 					    !time_after(jiffies, waiter->timeout)))
 				return false;
@@ -651,11 +649,12 @@ static inline bool rwsem_try_write_lock(struct rw_semaphore *sem,
 	} while (!atomic_long_try_cmpxchg_acquire(&sem->count, &count, new));
 
 	/*
-	 * We have either acquired the lock with handoff bit cleared or
-	 * set the handoff bit.
+	 * We have either acquired the lock with handoff bit cleared or set
+	 * the handoff bit. Only the first waiter can have its handoff_set
+	 * set here to enable optimistic spinning in slowpath loop.
 	 */
 	if (new & RWSEM_FLAG_HANDOFF) {
-		waiter->handoff_set = true;
+		first->handoff_set = true;
 		lockevent_inc(rwsem_wlock_handoff);
 		return false;
 	}