Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp451873ybl; Thu, 23 Jan 2020 01:37:29 -0800 (PST) X-Google-Smtp-Source: APXvYqyzpbBUbRJbfAutxwVQ7LdJFPj0R9xKLm348pweQ7YwNYC4XWrYnbZJ2zsSnQt5LShbUADg X-Received: by 2002:a9d:73ca:: with SMTP id m10mr10953211otk.312.1579772249700; Thu, 23 Jan 2020 01:37:29 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1579772249; cv=none; d=google.com; s=arc-20160816; b=EKwHkBV9JY8Tx8/Wt96cbH4O1dn2oUPMqZRTL3+jblPXQtpq3RLiNKmZmo5n7CGT9l vZ1kLiE2z7O0nL3EVd5cLXpZ8rQYDcEREHyiFxgRflDmVEkCznXMMGYXPW2p4xJpabaw pnlkYQAcK1GuCdhegMtH2itcBTdGH0qbeg9/OdCLYJC+D2PElqbqL40kVUX63Oete+hr IgUzmOYmFkCWcCTZH6uQOzyoCKj7WL26uGansQspjgXjMkq9wc3SQvrE94KfYeMMJTBV dUpLAT28E34tGq8rdIxHPPKz9LnIyfh3gLhmGlC7lHwdQU3D2iHHN4LuIEIVwbPYeedk w5YQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-transfer-encoding:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=YixZocxPtvbPBg+61NfVP/W8TQN9iRjk5ZtElvThCac=; b=d/NhNACt5Fe2SoT/d0u3y1A0PhRl93qkLyiuzaSGpljPYqgjHoAdEmqDB4IDoL9HKH I9z4bOXAxh3Zz2SNbk4S4akFImDyD1G9tA8fkj9qF8paojQF6De6Lbscke2RdKpg91F0 ClZW81uTg387K5/U1cC0U/6yzaTnGZLG9JDQ/5CbCTRXEzkwPXaU2eObxTaBdWRmVsXs fWpWM0aRb/1jNL7sgeCfccBXxki+kwJSneCMibZcjv7L98uvgVQjfyfU9dYjBIxRIT7t d6eZ0laAIF9pAIi9Qx+MHxQtlJ9j7S9YLSOx18b8SZxOCO24pTTS0sGMsNPgJOl5pMYs IFaQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@infradead.org header.s=merlin.20170209 header.b="wsgMKH/3"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id y8si823262otg.309.2020.01.23.01.37.17; Thu, 23 Jan 2020 01:37:29 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@infradead.org header.s=merlin.20170209 header.b="wsgMKH/3"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726204AbgAWJgS (ORCPT + 99 others); Thu, 23 Jan 2020 04:36:18 -0500 Received: from merlin.infradead.org ([205.233.59.134]:60542 "EHLO merlin.infradead.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726026AbgAWJgS (ORCPT ); Thu, 23 Jan 2020 04:36:18 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=merlin.20170209; h=In-Reply-To:Content-Transfer-Encoding: Content-Type:MIME-Version:References:Message-ID:Subject:Cc:To:From:Date: Sender:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help: List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=YixZocxPtvbPBg+61NfVP/W8TQN9iRjk5ZtElvThCac=; b=wsgMKH/3+zhqxyAE0Yn4q+6ZNM 1i3hdKBlyLh13TkJcOydPEUGqTACaIsumP7f4saKJMOf9CotWZyy7cQol+DrVydLgWlquRUj1R/+A QTtk/hlHgTdnyuzwgO2xpEAHHeAYZS/v0+nGoUaorAkteno8SiiQJEF+jczEOeVLgq/5M1hZqeRPW jGyaWRn4+jQkfd5mAilEiDw+XSoDA/hWa4jyJ9JUsnINqttpc0E/2L3E2QG8fiJKqlzIBjal2EsVG hN9qn5NhMhngueMvfbdw01OKeC/8f3T90IhuigH3lrLYVJhggjeqz952q50KeVMJP5T0ZaK7+5m3Q 93HnfLGg==; Received: from j217100.upc-j.chello.nl ([24.132.217.100] helo=noisy.programming.kicks-ass.net) by merlin.infradead.org with esmtpsa (Exim 4.92.3 #3 (Red Hat Linux)) id 1iuYuE-0002qM-Jg; Thu, 23 Jan 2020 09:36:06 +0000 Received: from hirez.programming.kicks-ass.net (hirez.programming.kicks-ass.net [192.168.1.225]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by noisy.programming.kicks-ass.net (Postfix) with ESMTPS id E8574300B8D; Thu, 23 Jan 2020 10:34:24 +0100 (CET) Received: by hirez.programming.kicks-ass.net (Postfix, from userid 1000) id DE3D42B70D34E; Thu, 23 Jan 2020 10:36:04 +0100 (CET) Date: Thu, 23 Jan 2020 10:36:04 +0100 From: Peter Zijlstra To: Marco Elver Cc: Qian Cai , Will Deacon , mingo@redhat.com, linux-kernel@vger.kernel.org Subject: Re: [PATCH] locking/osq_lock: fix a data race in osq_wait_next Message-ID: <20200123093604.GT14914@hirez.programming.kicks-ass.net> References: <20200122165938.GA16974@willie-the-truck> <20200122223851.GA45602@google.com> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <20200122223851.GA45602@google.com> User-Agent: Mutt/1.10.1 (2018-07-13) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Jan 22, 2020 at 11:38:51PM +0100, Marco Elver wrote: > If possible, decode and get the line numbers. I have observed a data > race in osq_lock before, however, this is the only one I have recently > seen in osq_lock: > > read to 0xffff88812c12d3d4 of 4 bytes by task 23304 on cpu 0: > ?osq_lock+0x170/0x2f0 kernel/locking/osq_lock.c:143 > > while (!READ_ONCE(node->locked)) { > /* > * If we need to reschedule bail... so we can block. > * Use vcpu_is_preempted() to avoid waiting for a preempted > * lock holder: > */ > --> if (need_resched() || vcpu_is_preempted(node_cpu(node->prev))) > goto unqueue; > > cpu_relax(); > } > > where > > static inline int node_cpu(struct optimistic_spin_node *node) > { > --> return node->cpu - 1; > } > > > write to 0xffff88812c12d3d4 of 4 bytes by task 23334 on cpu 1: > osq_lock+0x89/0x2f0 kernel/locking/osq_lock.c:99 > > bool osq_lock(struct optimistic_spin_queue *lock) > { > struct optimistic_spin_node *node = this_cpu_ptr(&osq_node); > struct optimistic_spin_node *prev, *next; > int curr = encode_cpu(smp_processor_id()); > int old; > > node->locked = 0; > node->next = NULL; > --> node->cpu = curr; > Yeah, that's impossible. This store happens before the node is published, so no matter how the load in node_cpu() is shattered, it must observe the right value.