diff options
| author | David Hildenbrand <dahi@linux.vnet.ibm.com> | 2014-12-12 04:11:44 -0500 |
|---|---|---|
| committer | Paul E. McKenney <paulmck@linux.vnet.ibm.com> | 2015-01-06 14:01:14 -0500 |
| commit | 87af9e7ff9d909e70a006ca0974466e2a1d8db0a (patch) | |
| tree | ee9cfd1195075c26b39fc5c044d636a996fb4b54 /kernel/cpu.c | |
| parent | f520c98e3e5212d8c282a86d9b7697dd70326192 (diff) | |
hotplugcpu: Avoid deadlocks by waking active_writer
Commit b2c4623dcd07 ("rcu: More on deadlock between CPU hotplug and expedited
grace periods") introduced another problem that can easily be reproduced by
starting/stopping cpus in a loop.
E.g.:
for i in `seq 5000`; do
echo 1 > /sys/devices/system/cpu/cpu1/online
echo 0 > /sys/devices/system/cpu/cpu1/online
done
Will result in:
INFO: task /cpu_start_stop:1 blocked for more than 120 seconds.
Call Trace:
([<00000000006a028e>] __schedule+0x406/0x91c)
[<0000000000130f60>] cpu_hotplug_begin+0xd0/0xd4
[<0000000000130ff6>] _cpu_up+0x3e/0x1c4
[<0000000000131232>] cpu_up+0xb6/0xd4
[<00000000004a5720>] device_online+0x80/0xc0
[<00000000004a57f0>] online_store+0x90/0xb0
...
And a deadlock.
Problem is that if the last ref in put_online_cpus() can't get the
cpu_hotplug.lock the puts_pending count is incremented, but a sleeping
active_writer might never be woken up, therefore never exiting the loop in
cpu_hotplug_begin().
This fix removes puts_pending and turns refcount into an atomic variable. We
also introduce a wait queue for the active_writer, to avoid possible races and
use-after-free. There is no need to take the lock in put_online_cpus() anymore.
Can't reproduce it with this fix.
Signed-off-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Signed-off-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Diffstat (limited to 'kernel/cpu.c')
| -rw-r--r-- | kernel/cpu.c | 56 |
1 files changed, 23 insertions, 33 deletions
diff --git a/kernel/cpu.c b/kernel/cpu.c index 5d220234b3ca..1972b161c61e 100644 --- a/kernel/cpu.c +++ b/kernel/cpu.c | |||
| @@ -58,22 +58,23 @@ static int cpu_hotplug_disabled; | |||
| 58 | 58 | ||
| 59 | static struct { | 59 | static struct { |
| 60 | struct task_struct *active_writer; | 60 | struct task_struct *active_writer; |
| 61 | struct mutex lock; /* Synchronizes accesses to refcount, */ | 61 | /* wait queue to wake up the active_writer */ |
| 62 | wait_queue_head_t wq; | ||
| 63 | /* verifies that no writer will get active while readers are active */ | ||
| 64 | struct mutex lock; | ||
| 62 | /* | 65 | /* |
| 63 | * Also blocks the new readers during | 66 | * Also blocks the new readers during |
| 64 | * an ongoing cpu hotplug operation. | 67 | * an ongoing cpu hotplug operation. |
| 65 | */ | 68 | */ |
| 66 | int refcount; | 69 | atomic_t refcount; |
| 67 | /* And allows lockless put_online_cpus(). */ | ||
| 68 | atomic_t puts_pending; | ||
| 69 | 70 | ||
| 70 | #ifdef CONFIG_DEBUG_LOCK_ALLOC | 71 | #ifdef CONFIG_DEBUG_LOCK_ALLOC |
| 71 | struct lockdep_map dep_map; | 72 | struct lockdep_map dep_map; |
| 72 | #endif | 73 | #endif |
| 73 | } cpu_hotplug = { | 74 | } cpu_hotplug = { |
| 74 | .active_writer = NULL, | 75 | .active_writer = NULL, |
| 76 | .wq = __WAIT_QUEUE_HEAD_INITIALIZER(cpu_hotplug.wq), | ||
| 75 | .lock = __MUTEX_INITIALIZER(cpu_hotplug.lock), | 77 | .lock = __MUTEX_INITIALIZER(cpu_hotplug.lock), |
| 76 | .refcount = 0, | ||
| 77 | #ifdef CONFIG_DEBUG_LOCK_ALLOC | 78 | #ifdef CONFIG_DEBUG_LOCK_ALLOC |
| 78 | .dep_map = {.name = "cpu_hotplug.lock" }, | 79 | .dep_map = {.name = "cpu_hotplug.lock" }, |
| 79 | #endif | 80 | #endif |
| @@ -86,15 +87,6 @@ static struct { | |||
| 86 | #define cpuhp_lock_acquire() lock_map_acquire(&cpu_hotplug.dep_map) | 87 | #define cpuhp_lock_acquire() lock_map_acquire(&cpu_hotplug.dep_map) |
| 87 | #define cpuhp_lock_release() lock_map_release(&cpu_hotplug.dep_map) | 88 | #define cpuhp_lock_release() lock_map_release(&cpu_hotplug.dep_map) |
| 88 | 89 | ||
| 89 | static void apply_puts_pending(int max) | ||
| 90 | { | ||
| 91 | int delta; | ||
| 92 | |||
| 93 | if (atomic_read(&cpu_hotplug.puts_pending) >= max) { | ||
| 94 | delta = atomic_xchg(&cpu_hotplug.puts_pending, 0); | ||
| 95 | cpu_hotplug.refcount -= delta; | ||
| 96 | } | ||
| 97 | } | ||
| 98 | 90 | ||
| 99 | void get_online_cpus(void) | 91 | void get_online_cpus(void) |
| 100 | { | 92 | { |
| @@ -103,8 +95,7 @@ void get_online_cpus(void) | |||
| 103 | return; | 95 | return; |
| 104 | cpuhp_lock_acquire_read(); | 96 | cpuhp_lock_acquire_read(); |
| 105 | mutex_lock(&cpu_hotplug.lock); | 97 | mutex_lock(&cpu_hotplug.lock); |
| 106 | apply_puts_pending(65536); | 98 | atomic_inc(&cpu_hotplug.refcount); |
| 107 | cpu_hotplug.refcount++; | ||
| 108 | mutex_unlock(&cpu_hotplug.lock); | 99 | mutex_unlock(&cpu_hotplug.lock); |
| 109 | } | 100 | } |
| 110 | EXPORT_SYMBOL_GPL(get_online_cpus); | 101 | EXPORT_SYMBOL_GPL(get_online_cpus); |
| @@ -116,8 +107,7 @@ bool try_get_online_cpus(void) | |||
| 116 | if (!mutex_trylock(&cpu_hotplug.lock)) | 107 | if (!mutex_trylock(&cpu_hotplug.lock)) |
| 117 | return false; | 108 | return false; |
| 118 | cpuhp_lock_acquire_tryread(); | 109 | cpuhp_lock_acquire_tryread(); |
| 119 | apply_puts_pending(65536); | 110 | atomic_inc(&cpu_hotplug.refcount); |
| 120 | cpu_hotplug.refcount++; | ||
| 121 | mutex_unlock(&cpu_hotplug.lock); | 111 | mutex_unlock(&cpu_hotplug.lock); |
| 122 | return true; | 112 | return true; |
| 123 | } | 113 | } |
| @@ -125,20 +115,18 @@ EXPORT_SYMBOL_GPL(try_get_online_cpus); | |||
| 125 | 115 | ||
| 126 | void put_online_cpus(void) | 116 | void put_online_cpus(void) |
| 127 | { | 117 | { |
| 118 | int refcount; | ||
| 119 | |||
| 128 | if (cpu_hotplug.active_writer == current) | 120 | if (cpu_hotplug.active_writer == current) |
| 129 | return; | 121 | return; |
| 130 | if (!mutex_trylock(&cpu_hotplug.lock)) { | ||
| 131 | atomic_inc(&cpu_hotplug.puts_pending); | ||
| 132 | cpuhp_lock_release(); | ||
| 133 | return; | ||
| 134 | } | ||
| 135 | 122 | ||
| 136 | if (WARN_ON(!cpu_hotplug.refcount)) | 123 | refcount = atomic_dec_return(&cpu_hotplug.refcount); |
| 137 | cpu_hotplug.refcount++; /* try to fix things up */ | 124 | if (WARN_ON(refcount < 0)) /* try to fix things up */ |
| 125 | atomic_inc(&cpu_hotplug.refcount); | ||
| 126 | |||
| 127 | if (refcount <= 0 && waitqueue_active(&cpu_hotplug.wq)) | ||
| 128 | wake_up(&cpu_hotplug.wq); | ||
| 138 | 129 | ||
| 139 | if (!--cpu_hotplug.refcount && unlikely(cpu_hotplug.active_writer)) | ||
| 140 | wake_up_process(cpu_hotplug.active_writer); | ||
| 141 | mutex_unlock(&cpu_hotplug.lock); | ||
| 142 | cpuhp_lock_release(); | 130 | cpuhp_lock_release(); |
| 143 | 131 | ||
| 144 | } | 132 | } |
| @@ -168,18 +156,20 @@ EXPORT_SYMBOL_GPL(put_online_cpus); | |||
| 168 | */ | 156 | */ |
| 169 | void cpu_hotplug_begin(void) | 157 | void cpu_hotplug_begin(void) |
| 170 | { | 158 | { |
| 171 | cpu_hotplug.active_writer = current; | 159 | DEFINE_WAIT(wait); |
| 172 | 160 | ||
| 161 | cpu_hotplug.active_writer = current; | ||
| 173 | cpuhp_lock_acquire(); | 162 | cpuhp_lock_acquire(); |
| 163 | |||
| 174 | for (;;) { | 164 | for (;;) { |
| 175 | mutex_lock(&cpu_hotplug.lock); | 165 | mutex_lock(&cpu_hotplug.lock); |
| 176 | apply_puts_pending(1); | 166 | prepare_to_wait(&cpu_hotplug.wq, &wait, TASK_UNINTERRUPTIBLE); |
| 177 | if (likely(!cpu_hotplug.refcount)) | 167 | if (likely(!atomic_read(&cpu_hotplug.refcount))) |
| 178 | break; | 168 | break; |
| 179 | __set_current_state(TASK_UNINTERRUPTIBLE); | ||
| 180 | mutex_unlock(&cpu_hotplug.lock); | 169 | mutex_unlock(&cpu_hotplug.lock); |
| 181 | schedule(); | 170 | schedule(); |
| 182 | } | 171 | } |
| 172 | finish_wait(&cpu_hotplug.wq, &wait); | ||
| 183 | } | 173 | } |
| 184 | 174 | ||
| 185 | void cpu_hotplug_done(void) | 175 | void cpu_hotplug_done(void) |