Received: by 2002:a05:6358:a55:b0:ec:fcf4:3ecf with SMTP id 21csp1637245rwb; Thu, 19 Jan 2023 13:22:49 -0800 (PST) X-Google-Smtp-Source: AMrXdXt8VhVaE5XcmZqybOgB+NRQMiu1L6JwzplZYRNcJUzwD492VAgmzLyQLtGFp7oX7468pnct X-Received: by 2002:a17:902:b091:b0:194:8261:8018 with SMTP id p17-20020a170902b09100b0019482618018mr11906187plr.64.1674163368832; Thu, 19 Jan 2023 13:22:48 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1674163368; cv=none; d=google.com; s=arc-20160816; b=lz6A3EqHbSC1EaWo2jWTKQAuwtRPDnps8eeryDqSrKjOVFFsZG0IFNfKx8Qs/yCt17 Kpiu5i066JPYJ4cK2ZLhtzYTmI1tEI8AFivoRYsblO+w9k0N9q2kfT1kRCfJ0RLjeP5x I2dIFi5MIihZ1QtcZFY/xmJJSLnOR44Sg2d2po/ckZATe3DhXo7fG2cvo/ARt9Hy4q0d ATr8uL0aDDsbY/SmHWNPw59Xx9Y6sREJjrecTJSvqSmprmXSnJYWIBValw8EHszRFEtJ 1psI7L4fD9ks5n+v2OAO1wlekGzWYbu+fCX/Wl3dliwAidkP0W+myJsPzILfHCTu2UTs ZgJw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:message-id:date:references :in-reply-to:subject:cc:to:dkim-signature:dkim-signature:from; bh=EWtBqF1zcJDZerK6PL/ZNIRR4wUuEq1ydE1wWa2rzqw=; b=gXJ+nKaaJHM7Fc8wmHAPg4aesW+jtr4/f+gWeXjIFFg3Z5z/7Z0HmI9jWE8d5dodhl OTlXzjLzfevXT1cHvgt4w1Iy1+7vz9fyBpUeREp3g7jwMWA03HcDncd1lfjrxAqDaL+9 Ow+1T6mMzJMBNwx3jmk+iUW6NMbKvWLQweMasljjRohy3ICVJrxTS1Eg35xj8xhwzIl6 WDZZZ3G4jLKyTlwxYUNOn3tbOOjIJSuhtcT8W3KcpfjzaCwnjyCt/z2G1gsIxbWXaX8P s3/vODFgjH7HLuRXiHjyGm2QeLUJFzBqiMg2En/SLUYyRd5WnDlAJDgjINga8bh7VKH/ BW1A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linutronix.de header.s=2020 header.b=R84T16LI; dkim=neutral (no key) header.i=@linutronix.de; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id y4-20020a170902700400b00191191fe7absi21205637plk.448.2023.01.19.13.22.43; Thu, 19 Jan 2023 13:22:48 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linutronix.de header.s=2020 header.b=R84T16LI; dkim=neutral (no key) header.i=@linutronix.de; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230323AbjASU5B (ORCPT + 46 others); Thu, 19 Jan 2023 15:57:01 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49614 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229942AbjASUzk (ORCPT ); Thu, 19 Jan 2023 15:55:40 -0500 Received: from galois.linutronix.de (unknown [193.142.43.55]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5121523C79 for ; Thu, 19 Jan 2023 12:54:03 -0800 (PST) From: Thomas Gleixner DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1674161627; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=EWtBqF1zcJDZerK6PL/ZNIRR4wUuEq1ydE1wWa2rzqw=; b=R84T16LI4E3eWl8eJTaVPXD9BxuZLU7mz2J46TTHXM6IfkQnqBqKKHfqAC4gh+4XVmif4z VDUNi3r1/CVqfGPBUYV7n9uBp3i+MDX4JtwSQDqR82Ofa2uXz8fnQ5IRxrmbV2fYYjXvq1 /m55Bzx/HcjpLPtVOnakIP3e/CxF1Y53V0H6v+qjGbULluBMhYAG4UK5us5chrACggCFVU qiUsVqYgyjAKoUX4Y5x4BDfrGapSgw5xK58cyAKXX88LHx6zf219Ix9gDejLR5HUx25Lmr GUerpKWHOqQG8hQwY3b7HKmf8n9qVavoKIHRsSi4GtzOANDbTKceWLPXSAjPfw== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1674161627; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=EWtBqF1zcJDZerK6PL/ZNIRR4wUuEq1ydE1wWa2rzqw=; b=3ux97f/C300cfX5uKoHhzWVumpkNZiZ1j/8TrqHEFgeJDaB3kmX4sEXKcn98wWEtFd93Dy HuIMRQWP273V2UAA== To: Wander Lairson Costa Cc: Peter Zijlstra , Ingo Molnar , Will Deacon , Waiman Long , Boqun Feng , "open list:LOCKING PRIMITIVES" , Sebastian Andrzej Siewior Subject: Re: [PATCH] rtmutex: ensure we wake up the top waiter In-Reply-To: References: <20230117172649.52465-1-wander@redhat.com> <875yd4k8qd.ffs@tglx> Date: Thu, 19 Jan 2023 21:53:46 +0100 Message-ID: <87fsc6i6ud.ffs@tglx> MIME-Version: 1.0 Content-Type: text/plain X-Spam-Status: No, score=-3.6 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,RDNS_NONE, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Wander! On Wed, Jan 18 2023 at 15:49, Wander Lairson Costa wrote: > On Tue, Jan 17, 2023 at 9:05 PM Thomas Gleixner wrote: >> On Tue, Jan 17 2023 at 14:26, Wander Lairson Costa wrote: >> > rt_mutex_adjust_prio_chain() acquires the wait_lock. In the requeue >> > phase, waiter may be initially in the top of the queue, but after >> > dequeued and requeued it may no longer be true. >> >> That's related to your above argumentation in which way? >> > > I think I made the mistake of not explicitly saying at least three > tasks are involved: > > - A Task T1 that currently holds the mutex > - A Task T2 that is the top waiter > - A Task T3 that changes the top waiter > > T3 tries to acquire the mutex, but as T1 holds it, it calls > task_blocked_on_lock() and saves the owner. It eventually calls > rt_mutex_adjust_prio_chain(), but it releases the wait lock before > doing so. This opens a window for T1 to release the mutex and wake up > T2. Before T2 runs, T3 acquires the wait lock again inside > rt_mutex_adjust_prio_chain(). If the "dequeue/requeue" piece of code > changes the top waiter, then 1) When T2 runs, it will verify that it > is no longer the top waiter and comes back to sleep 2) As you observed > below, the waiter doesn't point to the top waiter and, therefore, it > will wake up the wrong task. This is still confusing as hell because the wait locks you are talking about belong to different rtmutexes. So there is no drops wait lock and reacquires wait lock window. There must be (multiple) lock chains involved, but I couldn't figure out yet what the actaul scenario is in the case of a pure rt_spinlock clock chain: > Another piece of information I forgot: I spotted the bug in the > spinlock_rt, which uses a rtmutex under the hood. It has a different > code path in the lock scenario, and there is no call to > remove_waiter() (or I am missing something). Correct. But this still might be a lock chain issue where a non rt_spinlock which allows early removal. > Anyway, you summed it up pretty well here: "@waiter is no longer the > top waiter due to the requeue operation". I tried (and failed) to > explain the call chain that ends up in the buggy scenario, but now I > think I should just describe the fundamental problem (the waiter > doesn't point to the top waiter). You really want to provide the information WHY this case can happen at all. If it's not the removal case and related to some other obscure lock chain problem, then we really need to understand the scenario because that lets us analyze whether there are other holes we did not think about yet. If you have traces which show the sequence of lock events leading to this problem, then you should be able to decode the scenario. If you fail to extract the information, then please provide the traces so we can stare at them. Thanks, tglx