Received: by 10.192.165.148 with SMTP id m20csp423620imm; Wed, 25 Apr 2018 01:35:04 -0700 (PDT) X-Google-Smtp-Source: AIpwx48DfPWkYrstb+VeyWDzfBGnEZ0xRhNLB//x24Fh5lOF9C4ocF4k7vb0LEw47FE05EF+c/42 X-Received: by 2002:a17:902:f24:: with SMTP id 33-v6mr28983163ply.242.1524645304333; Wed, 25 Apr 2018 01:35:04 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1524645304; cv=none; d=google.com; s=arc-20160816; b=TlpFEwHDFppnWXkHuDel/Q7STKVTJwUY1Q93Te68MFajzT+FGwge/N49RoADKJIcXC /8qGxX0xqJW0lWQQYM9YNa5DkhxtG540jFcc+SexOlTl2Fpd4392smwlUGNMhAA/GUMI 4vmUW5roaM+IYIhLJR/ZR8gIMplaCmFAM68+e5bXMRNID+j1OZWiwAIffn2Io+p7dIb7 H503f7w/QT8oCpPtEQycRrdBJbZNrah6E/plzmo1+NpalVDF4x1peHFwTDq8wOd2PaBF RX79hYCMbNoEd4WmREs5dTJZN9hpv2g1uLc9hb3ezY2LSB0TwxGobQmZX5n2P/yUKBI6 QgPQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:cc:to:from :arc-authentication-results; bh=n/U8/jMEGa/fqS7NyhX9G8gCMW/xGCIjHQ1dhvjiA0A=; b=GTuUFVupS86YorB+dpWtkeWLD0yCfoI1a3/LyzgPQBwYbT3dYyvYTcE42iUc00y/cG 9wwtIVubTAb5ss52ZjePYxOYm8m1uXpRTQeWj2+nLJ2v3tjtJblFDTs6zMgpFzpDMaYD NhzwKOQPIa31JT7gIQeHG8jDwH/Nt5ZCT8jP2xoZAEOKspMHA6XUx98xanVtJzTpgq0s sVLCjyXATynMHh8Q8VXtE8aV1888W1sQkc8FxrCbfzul7EE2ma2UabI2B2rQIjL8H5aD raZwIL4/o5quQfIyp7c+suBT46lWHSVqmIOoX6BIWJciy9bhBeKigR9b8pjMRGmcWQph w8dg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id l27si10068795pgu.353.2018.04.25.01.34.48; Wed, 25 Apr 2018 01:35:04 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751244AbeDYIdj (ORCPT + 99 others); Wed, 25 Apr 2018 04:33:39 -0400 Received: from alexa-out-tai-01.qualcomm.com ([103.229.16.226]:37206 "EHLO alexa-out-tai-01.qualcomm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750882AbeDYIdg (ORCPT ); Wed, 25 Apr 2018 04:33:36 -0400 X-IronPort-AV: E=Sophos;i="5.49,325,1520870400"; d="scan'208";a="387776" Received: from ironmsg01-tai.qualcomm.com ([10.249.140.6]) by alexa-out-tai-01.qualcomm.com with ESMTP; 25 Apr 2018 16:33:34 +0800 X-IronPort-AV: E=McAfee;i="5900,7806,8873"; a="6704111" Received: from gkohli-linux.qualcomm.com ([10.204.78.26]) by ironmsg01-tai.qualcomm.com with ESMTP; 25 Apr 2018 01:33:22 -0700 Received: by gkohli-linux.qualcomm.com (Postfix, from userid 427023) id 240902C59; Wed, 25 Apr 2018 14:03:21 +0530 (IST) From: Gaurav Kohli To: peterz@infradead.org, tglx@linutronix.de, mpe@ellerman.id.au, mingo@kernel.org, bigeasy@linutronix.de Cc: linux-kernel@vger.kernel.org, linux-arm-msm@vger.kernel.org, Gaurav Kohli , Neeraj Upadhyay Subject: [PATCH v1] kthread/smpboot: Serialize kthread parking against wakeup Date: Wed, 25 Apr 2018 14:03:19 +0530 Message-Id: <1524645199-5596-1-git-send-email-gkohli@codeaurora.org> X-Mailer: git-send-email 1.9.1 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org The control cpu thread which initiates hotplug calls kthread_park() for hotplug thread and sets KTHREAD_SHOULD_PARK. After this control thread wakes up the hotplug thread. There is a chance that wakeup code sees the hotplug thread (running on AP core) in INTERRUPTIBLE state, but sets its state to RUNNING after hotplug thread has entered kthread_parkme() and changed its state to TASK_PARKED. This can result in panic later on in kthread_unpark(), as it sees KTHREAD_IS_PARKED flag set but fails to rebind the kthread, due to it being not in TASK_PARKED state. Fix this, by serializing wakeup state change, against state change before parking the kthread. Below is the possible race: Control thread Hotplug Thread kthread_park() set KTHREAD_SHOULD_PARK smpboot_thread_fn set_current_state(TASK_INTERRUPTIBLE); kthread_parkme wake_up_process() raw_spin_lock_irqsave(&p->pi_lock, flags); if (!(p->state & state)) -> this will fail goto out; __kthread_parkme __set_current_state(TASK_PARKED); if (p->on_rq && ttwu_remote(p, wake_flags)) ttwu_remote() p->state = TASK_RUNNING; schedule(); So to avoid this race, take pi_lock to serial state changes. Suggested-by: Pavankumar Kondeti Co-developed-by: Neeraj Upadhyay Signed-off-by: Neeraj Upadhyay Signed-off-by: Gaurav Kohli --- Changes since V1: - Add comment to explain need of pi_lock. diff --git a/kernel/smpboot.c b/kernel/smpboot.c index 5043e74..c5c5184 100644 --- a/kernel/smpboot.c +++ b/kernel/smpboot.c @@ -122,7 +122,45 @@ static int smpboot_thread_fn(void *data) } if (kthread_should_park()) { + /* + * Serialize against wakeup. If we take the lock first, + * wakeup is skipped. If we run later, we observe, + * TASK_RUNNING update from wakeup path, before moving + * forward. This helps avoid the race, where wakeup + * observes TASK_INTERRUPTIBLE, and also observes + * the TASK_PARKED in kthread_parkme() before updating + * task state to TASK_RUNNING. In this case, kthread + * gets parked in TASK_RUNNING state. This results + * in panic later on in kthread_unpark(), as it sees + * KTHREAD_IS_PARKED flag set but fails to rebind the + * kthread, due to it being not in TASK_PARKED state. + * + * Control thread Hotplug Thread + * + * kthread_park() + * set KTHREAD_SHOULD_PARK + * smpboot_thread_fn() + * set_current_state( + * TASK_INTERRUPTIBLE); + * kthread_parkme() + * + * wake_up_process() + * + * raw_spin_lock_irqsave(&p->pi_lock, flags); + * if (!(p->state & state)) __set_current_state( + * goto out; TASK_RUNNING); + * + * __set_current_state( + * TASK_PARKED); + * + * if (p->on_rq && ttwu_remote(p, wake_flags)) + * ttwu_remote() + * p->state = TASK_RUNNING; + * schedule(); + */ + raw_spin_lock(¤t->pi_lock); __set_current_state(TASK_RUNNING); + raw_spin_unlock(¤t->pi_lock); preempt_enable(); if (ht->park && td->status == HP_THREAD_ACTIVE) { BUG_ON(td->cpu != smp_processor_id()); -- Qualcomm India Private Limited, on behalf of Qualcomm Innovation Center, Inc. is a member of the Code Aurora Forum, a Linux Foundation Collaborative Project.