From patchwork Thu Nov 3 18:29:31 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Waiman Long X-Patchwork-Id: 15099 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:6687:0:0:0:0:0 with SMTP id l7csp699235wru; Thu, 3 Nov 2022 11:33:40 -0700 (PDT) X-Google-Smtp-Source: AMsMyM6ZLIT5zJW1vJDrM5tx88gESnqQqInumD8OalsxQ8PLZLwzpmrkKmmBQpf8SEtoxiy54wU3 X-Received: by 2002:a50:fd12:0:b0:463:cb99:5b1 with SMTP id i18-20020a50fd12000000b00463cb9905b1mr13681540eds.256.1667500420351; Thu, 03 Nov 2022 11:33:40 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1667500420; cv=none; d=google.com; s=arc-20160816; b=waM4Q4+JHu9qYmZCJr/aKkHBnJlCX0RgdgxUMpBE9+G0wAm5PqmIdrz8FkyO7DNpXw aDXHpmpzP0TuM5dCEokVMjpG4tmDKSvLm5ZOVML37ui0AL5EzrP+azVOJe2hN7yDV8ne rXBi7hni6F/ohVCX/Pd9abBSkzMK1hHLn8cdBgCCl8PaRE476Pztzrvy7t+d4mRiW29i pizCMohD1Y8yesPlnXKUyTn2jZcdEPMA/td2FoevPN9UVBux+GuCinnFEQv5kDjastcw Q6hxD10oalSph3gZ37FUHHNqhmCI5Ad9AYEhCxJv0SYETMYplimPSTX9QisYsQNd6Saf nLpw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=jqegOKwKp0b5k01538L+8elHQKTxwvJermmvNJSeQ8I=; b=XYIhL87nJ903iJrk5ZdgJulrT1REdG03DVhEK20XUzx9F8aMm9GnCpKzXm+PG+DhTW IC3EWdK2YqbLDEKp5uCCL3xpFyBE9oR6XuNaI31j+EWoQz+rtMZDy8Gz0koQYhU4dmUa BuSdKYtEj+yLCxRt6doyhLMDHE42v8RuB6eqk0NlN6DTqrdPk9Gq+L5F4nU/mZ1Fp7d8 d0Z5kxdAyMihbT27fZj9APPMb5F7W5m5N4C8JBNacPNiy5OdAad+yfcGGvWDjy8OOKO3 R9ceKyQiyp1tIw3K++XUJkYOB3ly8U6ptZjqnDxh7Fc3IYUYQ6f3LMr+kfF/gvIMVSdq coMw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b="MKKO/bAW"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id e14-20020a056402190e00b004635dccd3casi2633126edz.57.2022.11.03.11.33.14; Thu, 03 Nov 2022 11:33:40 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b="MKKO/bAW"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230220AbiKCSbM (ORCPT + 99 others); Thu, 3 Nov 2022 14:31:12 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58592 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231244AbiKCSap (ORCPT ); Thu, 3 Nov 2022 14:30:45 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6C81064D8 for ; Thu, 3 Nov 2022 11:29:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1667500188; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=jqegOKwKp0b5k01538L+8elHQKTxwvJermmvNJSeQ8I=; b=MKKO/bAWnt4NVYrY28x9XZsHJ2nXeAG0lMJp6VXhghcvqw9FW5yV+TmUArxceGr9LdeSW3 ZNi58BNDr1Tg8QTxqowW6Um51/mdV6Tz5TBjIYxhxKyH0SujmcNKlqKlmyr1O1NTpiE43+ NJR8CavrHxNJvuvF0F9NiDGryKqXHoc= Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-642-Jdu_Ns1KO_W26tMJ7EVP5g-1; Thu, 03 Nov 2022 14:29:44 -0400 X-MC-Unique: Jdu_Ns1KO_W26tMJ7EVP5g-1 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id DCECE85A5B6; Thu, 3 Nov 2022 18:29:43 +0000 (UTC) Received: from llong.com (unknown [10.22.33.38]) by smtp.corp.redhat.com (Postfix) with ESMTP id 71F821121325; Thu, 3 Nov 2022 18:29:43 +0000 (UTC) From: Waiman Long To: Peter Zijlstra , Ingo Molnar , Will Deacon , Boqun Feng Cc: linux-kernel@vger.kernel.org, john.p.donnelly@oracle.com, Hillf Danton , Mukesh Ojha , =?utf-8?b?VGluZzExIFdhbmcg546L5am3?= , Waiman Long , stable@vger.kernel.org Subject: [PATCH v5 1/6] locking/rwsem: Prevent non-first waiter from spinning in down_write() slowpath Date: Thu, 3 Nov 2022 14:29:31 -0400 Message-Id: <20221103182936.217120-2-longman@redhat.com> In-Reply-To: <20221103182936.217120-1-longman@redhat.com> References: <20221103182936.217120-1-longman@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.1 on 10.11.54.3 X-Spam-Status: No, score=-3.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1748500920906474847?= X-GMAIL-MSGID: =?utf-8?q?1748500920906474847?= A non-first waiter can potentially spin in the for loop of rwsem_down_write_slowpath() without sleeping but fail to acquire the lock even if the rwsem is free if the following sequence happens: Non-first RT waiter First waiter Lock holder ------------------- ------------ ----------- Acquire wait_lock rwsem_try_write_lock(): Set handoff bit if RT or wait too long Set waiter->handoff_set Release wait_lock Acquire wait_lock Inherit waiter->handoff_set Release wait_lock Clear owner Release lock if (waiter.handoff_set) { rwsem_spin_on_owner((); if (OWNER_NULL) goto trylock_again; } trylock_again: Acquire wait_lock rwsem_try_write_lock(): if (first->handoff_set && (waiter != first)) return false; Release wait_lock A non-first waiter cannot really acquire the rwsem even if it mistakenly believes that it can spin on OWNER_NULL value. If that waiter happens to be an RT task running on the same CPU as the first waiter, it can block the first waiter from acquiring the rwsem leading to live lock. Fix this problem by making sure that a non-first waiter cannot spin in the slowpath loop without sleeping. Fixes: d257cc8cb8d5 ("locking/rwsem: Make handoff bit handling more consistent") Reviewed-and-tested-by: Mukesh Ojha Signed-off-by: Waiman Long Cc: stable@vger.kernel.org --- kernel/locking/rwsem.c | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/kernel/locking/rwsem.c b/kernel/locking/rwsem.c index 44873594de03..be2df9ea7c30 100644 --- a/kernel/locking/rwsem.c +++ b/kernel/locking/rwsem.c @@ -624,18 +624,16 @@ static inline bool rwsem_try_write_lock(struct rw_semaphore *sem, */ if (first->handoff_set && (waiter != first)) return false; - - /* - * First waiter can inherit a previously set handoff - * bit and spin on rwsem if lock acquisition fails. - */ - if (waiter == first) - waiter->handoff_set = true; } new = count; if (count & RWSEM_LOCK_MASK) { + /* + * A waiter (first or not) can set the handoff bit + * if it is an RT task or wait in the wait queue + * for too long. + */ if (has_handoff || (!rt_task(waiter->task) && !time_after(jiffies, waiter->timeout))) return false; @@ -651,11 +649,12 @@ static inline bool rwsem_try_write_lock(struct rw_semaphore *sem, } while (!atomic_long_try_cmpxchg_acquire(&sem->count, &count, new)); /* - * We have either acquired the lock with handoff bit cleared or - * set the handoff bit. + * We have either acquired the lock with handoff bit cleared or set + * the handoff bit. Only the first waiter can have its handoff_set + * set here to enable optimistic spinning in slowpath loop. */ if (new & RWSEM_FLAG_HANDOFF) { - waiter->handoff_set = true; + first->handoff_set = true; lockevent_inc(rwsem_wlock_handoff); return false; }