Re: [Patch v2] rwsem: fix rwsem_is_locked() bugs

[Amerigo Wang]

David Howells wrote:
> Amerigo Wang <amwang@xxxxxxxxxx> wrote:
>
> > -	return (sem->activity != 0);
> > +	return !(sem->activity == 0 && list_empty(&sem->wait_list));
>
> This needs to be done in the opposite order with an smp_rmb() between[*], I
> think, because the someone releasing the lock will first reduce activity to
> zero, and then attempt to empty the list, so with your altered code as it
> stands, you can get:
>
> 	CPU 1				CPU 2
> 	===============================	===============================
> 	[sem is read locked, 1 queued writer]
> 	-->up_read()
> 	sem->activity--			-->rwsem_is_locked()
> 	[sem->activity now 0]		sem->activity == 0 [true]
> 					<interrupt>
> 	-->__rwsem_do_wake()
> 	sem->activity = -1
> 	[sem->activity now !=0]
> 	list_del()
> 	[sem->wait_list now empty]	</interrupt>
> 					list_empty(&sem->wait_list) [true]
> 	wake_up_process()
> 	<--__rwsem_do_wake()
> 	<--up_read()
> 	[sem is write locked]		return false [ie. sem is not locked]
>
> In fact, I don't think even swapping things around addresses the problem.  You
> do not prevent the state inside the sem changing under you whilst you try to
> interpret it.

Hmm, right. I think we have to disable irq and preempt here, so
probably spin_trylock_irq() is a good choice.

Since if we have locks, we don't need memory barriers any more, right?

I just sent out the updated patch.

Thanks!
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/