diff options
| author | Xie Yongji <xieyongji@baidu.com> | 2018-11-29 07:50:30 -0500 |
|---|---|---|
| committer | Ingo Molnar <mingo@kernel.org> | 2019-01-21 05:15:39 -0500 |
| commit | e158488be27b157802753a59b336142dc0eb0380 (patch) | |
| tree | db577b6083e0b46684933933690abd3f9c034bc2 | |
| parent | b061c38bef43406df8e73c5be06cbfacad5ee6ad (diff) | |
locking/rwsem: Fix (possible) missed wakeup
Because wake_q_add() can imply an immediate wakeup (cmpxchg failure
case), we must not rely on the wakeup being delayed. However, commit:
e38513905eea ("locking/rwsem: Rework zeroing reader waiter->task")
relies on exactly that behaviour in that the wakeup must not happen
until after we clear waiter->task.
[ peterz: Added changelog. ]
Signed-off-by: Xie Yongji <xieyongji@baidu.com>
Signed-off-by: Zhang Yu <zhangyu31@baidu.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Fixes: e38513905eea ("locking/rwsem: Rework zeroing reader waiter->task")
Link: https://lkml.kernel.org/r/1543495830-2644-1-git-send-email-xieyongji@baidu.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
| -rw-r--r-- | kernel/locking/rwsem-xadd.c | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/kernel/locking/rwsem-xadd.c b/kernel/locking/rwsem-xadd.c index 09b180063ee1..50d9af615dc4 100644 --- a/kernel/locking/rwsem-xadd.c +++ b/kernel/locking/rwsem-xadd.c | |||
| @@ -198,15 +198,22 @@ static void __rwsem_mark_wake(struct rw_semaphore *sem, | |||
| 198 | woken++; | 198 | woken++; |
| 199 | tsk = waiter->task; | 199 | tsk = waiter->task; |
| 200 | 200 | ||
| 201 | wake_q_add(wake_q, tsk); | 201 | get_task_struct(tsk); |
| 202 | list_del(&waiter->list); | 202 | list_del(&waiter->list); |
| 203 | /* | 203 | /* |
| 204 | * Ensure that the last operation is setting the reader | 204 | * Ensure calling get_task_struct() before setting the reader |
| 205 | * waiter to nil such that rwsem_down_read_failed() cannot | 205 | * waiter to nil such that rwsem_down_read_failed() cannot |
| 206 | * race with do_exit() by always holding a reference count | 206 | * race with do_exit() by always holding a reference count |
| 207 | * to the task to wakeup. | 207 | * to the task to wakeup. |
| 208 | */ | 208 | */ |
| 209 | smp_store_release(&waiter->task, NULL); | 209 | smp_store_release(&waiter->task, NULL); |
| 210 | /* | ||
| 211 | * Ensure issuing the wakeup (either by us or someone else) | ||
| 212 | * after setting the reader waiter to nil. | ||
| 213 | */ | ||
| 214 | wake_q_add(wake_q, tsk); | ||
| 215 | /* wake_q_add() already take the task ref */ | ||
| 216 | put_task_struct(tsk); | ||
| 210 | } | 217 | } |
| 211 | 218 | ||
| 212 | adjustment = woken * RWSEM_ACTIVE_READ_BIAS - adjustment; | 219 | adjustment = woken * RWSEM_ACTIVE_READ_BIAS - adjustment; |