Re: [Patch] rwsem: fix rwsem_is_locked() bug

From: Amerigo Wang
Date: Sun Oct 04 2009 - 23:26:22 EST

Next message: KOSAKI Motohiro: "Re: [PATCH] Added PR_SET_PROCTITLE_AREA option for prctl()"
Previous message: Bryan Donlan: "Re: [PATCH] Added PR_SET_PROCTITLE_AREA option for prctl()"
In reply to: David Howells: "Re: [Patch] rwsem: fix rwsem_is_locked() bug"
Next in thread: Amerigo Wang: "Re: [Patch] rwsem: fix rwsem_is_locked() bug"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

David Howells wrote:

Amerigo Wang <amwang@xxxxxxxxxx> wrote:

rwsem_is_locked() tests ->activity without locks, so we should always
keep ->activity consistent. However, the code in __rwsem_do_wake()
breaks this rule, it updates ->activity after _all_ readers waken up,
this may give some reader a wrong ->activity value, thus cause
rwsem_is_locked() behaves wrong.

NAK.

This does not fix the case where the active readers run out, but there's a
writer on the queue (see __up_read()), nor the case where the active writer
ends, but there's a waiter on the queue (see __up_write()). In both cases,
the lock is still held, though sem->activity is 0.

Hmm, so the algorithm used in rwsem_is_locked() is not right.:-/

I'm leary of endorsing the presence of rwsem_is_locked() since, unless the
function calling it knows that the process it is running in has the rwsem
locked, the value is obsolete the moment the test has been performed.

The other problem with this change is that it has the potential to cause more
cacheline ping-pong under contention. That said, contention on an rwsem is
much less likely, I think, than on, say, a spinlock, so this change shouldn't
cause a significant slowdown.

Your patch would probably be better as:

- woken = 0;
+ woken = ++sem->activity;
while (waiter->flags & RWSEM_WAITING_FOR_READ) {
struct list_head *next = waiter->list.next;

list_del(&waiter->list);
tsk = waiter->task;
smp_mb();
waiter->task = NULL;
wake_up_process(tsk);
put_task_struct(tsk);
woken++;
if (list_empty(&sem->wait_list))
break;
waiter = list_entry(next, struct rwsem_waiter, list);
}

- sem->activity += woken;
+ sem->activity = woken;

However, as I said above, that is not sufficient. You really do need to put
spinlocks in rwsem_is_locked():

static inline int rwsem_is_locked(struct rw_semaphore *sem)
{
unsigned long flags;
__s32 activity;

spin_lock_irqsave(&sem->wait_lock, flags);
activity = sem->activity;
spin_unlock_irqrestore(&sem->wait_lock, flags);
return activity != 0;
}

Sure, adding spinlocks can solve this, but that would be expensive,
wouldn't it?

You also need to check over lib/rwsem.c. rwsem_is_locked() is unreliable for
that algorithm.

Yeah, I agree, I will try another fix.

Thank you!
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: KOSAKI Motohiro: "Re: [PATCH] Added PR_SET_PROCTITLE_AREA option for prctl()"
Previous message: Bryan Donlan: "Re: [PATCH] Added PR_SET_PROCTITLE_AREA option for prctl()"
In reply to: David Howells: "Re: [Patch] rwsem: fix rwsem_is_locked() bug"
Next in thread: Amerigo Wang: "Re: [Patch] rwsem: fix rwsem_is_locked() bug"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]