tree/tiny rcu: Add debug RCU head objects

Helps finding racy users of call_rcu(), which results in hangs because list
entries are overwritten and/or skipped.

Changelog since v4:
- Bissectability is now OK
- Now generate a WARN_ON_ONCE() for non-initialized rcu_head passed to
  call_rcu(). Statically initialized objects are detected with
  object_is_static().
- Rename rcu_head_init_on_stack to init_rcu_head_on_stack.
- Remove init_rcu_head() completely.

Changelog since v3:
- Include comments from Lai Jiangshan

This new patch version is based on the debugobjects with the newly introduced
"active state" tracker.

Non-initialized entries are all considered as "statically initialized". An
activation fixup (triggered by call_rcu()) takes care of performing the debug
object initialization without issuing any warning. Since we cannot increase the
size of struct rcu_head, I don't see much room to put an identifier for
statically initialized rcu_head structures. So for now, we have to live without
"activation without explicit init" detection. But the main purpose of this debug
option is to detect double-activations (double call_rcu() use of a rcu_head
before the callback is executed), which is correctly addressed here.

This also detects potential internal RCU callback corruption, which would cause
the callbacks to be executed twice.

Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
CC: David S. Miller <davem@davemloft.net>
CC: "Paul E. McKenney" <paulmck@linux.vnet.ibm.com>
CC: akpm@linux-foundation.org
CC: mingo@elte.hu
CC: laijs@cn.fujitsu.com
CC: dipankar@in.ibm.com
CC: josh@joshtriplett.org
CC: dvhltc@us.ibm.com
CC: niv@us.ibm.com
CC: tglx@linutronix.de
CC: peterz@infradead.org
CC: rostedt@goodmis.org
CC: Valdis.Kletnieks@vt.edu
CC: dhowells@redhat.com
CC: eric.dumazet@gmail.com
CC: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Reviewed-by: Lai Jiangshan <laijs@cn.fujitsu.com>

1 files changed, 160 insertions, 0 deletions

diff --git a/kernel/rcupdate.c b/kernel/rcupdate.c
index 72a8dc9567f5..4d169835fb36 100644
--- a/kernel/rcupdate.c
+++ b/kernel/rcupdate.c
@@ -114,3 +114,163 @@ int rcu_my_thread_group_empty(void)
 }
 EXPORT_SYMBOL_GPL(rcu_my_thread_group_empty);
 #endif /* #ifdef CONFIG_PROVE_RCU */
+
+#ifdef CONFIG_DEBUG_OBJECTS_RCU_HEAD
+static inline void debug_init_rcu_head(struct rcu_head *head)
+{
+        debug_object_init(head, &rcuhead_debug_descr);
+}
+
+static inline void debug_rcu_head_free(struct rcu_head *head)
+{
+        debug_object_free(head, &rcuhead_debug_descr);
+}
+
+/*
+ * fixup_init is called when:
+ * - an active object is initialized
+ */
+static int rcuhead_fixup_init(void *addr, enum debug_obj_state state)
+{
+        struct rcu_head *head = addr;
+
+        switch (state) {
+        case ODEBUG_STATE_ACTIVE:
+                /*
+                 * Ensure that queued callbacks are all executed.
+                 * If we detect that we are nested in a RCU read-side critical
+                 * section, we should simply fail, otherwise we would deadlock.
+                 */
+                if (rcu_preempt_depth() != 0 || preempt_count() != 0 ||
+                    irqs_disabled()) {
+                        WARN_ON(1);
+                        return 0;
+                }
+                rcu_barrier();
+                rcu_barrier_sched();
+                rcu_barrier_bh();
+                debug_object_init(head, &rcuhead_debug_descr);
+                return 1;
+        default:
+                return 0;
+        }
+}
+
+/*
+ * fixup_activate is called when:
+ * - an active object is activated
+ * - an unknown object is activated (might be a statically initialized object)
+ * Activation is performed internally by call_rcu().
+ */
+static int rcuhead_fixup_activate(void *addr, enum debug_obj_state state)
+{
+        struct rcu_head *head = addr;
+
+        switch (state) {
+
+        case ODEBUG_STATE_NOTAVAILABLE:
+                /*
+                 * This is not really a fixup. We just make sure that it is
+                 * tracked in the object tracker.
+                 */
+                debug_object_init(head, &rcuhead_debug_descr);
+                debug_object_activate(head, &rcuhead_debug_descr);
+                return 0;
+
+        case ODEBUG_STATE_ACTIVE:
+                /*
+                 * Ensure that queued callbacks are all executed.
+                 * If we detect that we are nested in a RCU read-side critical
+                 * section, we should simply fail, otherwise we would deadlock.
+                 */
+                if (rcu_preempt_depth() != 0 || preempt_count() != 0 ||
+                    irqs_disabled()) {
+                        WARN_ON(1);
+                        return 0;
+                }
+                rcu_barrier();
+                rcu_barrier_sched();
+                rcu_barrier_bh();
+                debug_object_activate(head, &rcuhead_debug_descr);
+                return 1;
+        default:
+                return 0;
+        }
+}
+
+/*
+ * fixup_free is called when:
+ * - an active object is freed
+ */
+static int rcuhead_fixup_free(void *addr, enum debug_obj_state state)
+{
+        struct rcu_head *head = addr;
+
+        switch (state) {
+        case ODEBUG_STATE_ACTIVE:
+                /*
+                 * Ensure that queued callbacks are all executed.
+                 * If we detect that we are nested in a RCU read-side critical
+                 * section, we should simply fail, otherwise we would deadlock.
+                 */
+#ifndef CONFIG_PREEMPT
+                WARN_ON(1);
+                return 0;
+#else
+                if (rcu_preempt_depth() != 0 || preempt_count() != 0 ||
+                    irqs_disabled()) {
+                        WARN_ON(1);
+                        return 0;
+                }
+                rcu_barrier();
+                rcu_barrier_sched();
+                rcu_barrier_bh();
+                debug_object_free(head, &rcuhead_debug_descr);
+                return 1;
+#endif
+        default:
+                return 0;
+        }
+}
+
+/**
+ * init_rcu_head_on_stack() - initialize on-stack rcu_head for debugobjects
+ * @head: pointer to rcu_head structure to be initialized
+ *
+ * This function informs debugobjects of a new rcu_head structure that
+ * has been allocated as an auto variable on the stack.  This function
+ * is not required for rcu_head structures that are statically defined or
+ * that are dynamically allocated on the heap.  This function has no
+ * effect for !CONFIG_DEBUG_OBJECTS_RCU_HEAD kernel builds.
+ */
+void init_rcu_head_on_stack(struct rcu_head *head)
+{
+        debug_object_init_on_stack(head, &rcuhead_debug_descr);
+}
+EXPORT_SYMBOL_GPL(init_rcu_head_on_stack);
+
+/**
+ * destroy_rcu_head_on_stack() - destroy on-stack rcu_head for debugobjects
+ * @head: pointer to rcu_head structure to be initialized
+ *
+ * This function informs debugobjects that an on-stack rcu_head structure
+ * is about to go out of scope.  As with init_rcu_head_on_stack(), this
+ * function is not required for rcu_head structures that are statically
+ * defined or that are dynamically allocated on the heap.  Also as with
+ * init_rcu_head_on_stack(), this function has no effect for
+ * !CONFIG_DEBUG_OBJECTS_RCU_HEAD kernel builds.
+ */
+void destroy_rcu_head_on_stack(struct rcu_head *head)
+{
+        debug_object_free(head, &rcuhead_debug_descr);
+}
+EXPORT_SYMBOL_GPL(destroy_rcu_head_on_stack);
+
+struct debug_obj_descr rcuhead_debug_descr = {
+        .name = "rcu_head",
+        .fixup_init = rcuhead_fixup_init,
+        .fixup_activate = rcuhead_fixup_activate,
+        .fixup_free = rcuhead_fixup_free,
+};
+EXPORT_SYMBOL_GPL(rcuhead_debug_descr);
+#endif /* #ifdef CONFIG_DEBUG_OBJECTS_RCU_HEAD */