Re: [PATCH v4 14/16] locking/rwsem: Guard against making count negative

[Peter Zijlstra]

On Thu, Apr 18, 2019 at 10:08:28AM -0400, Waiman Long wrote:
> On 04/18/2019 09:51 AM, Peter Zijlstra wrote:
> > On Sat, Apr 13, 2019 at 01:22:57PM -0400, Waiman Long wrote:
> >>  inline void __down_read(struct rw_semaphore *sem)
> >>  {
> >> +	long count = atomic_long_fetch_add_acquire(RWSEM_READER_BIAS,
> >> +						   &sem->count);
> >> +
> >> +	if (unlikely(count & RWSEM_READ_FAILED_MASK)) {
> >> +		rwsem_down_read_failed(sem, count);
> >>  		DEBUG_RWSEMS_WARN_ON(!is_rwsem_reader_owned(sem), sem);
> >>  	} else {
> >>  		rwsem_set_reader_owned(sem);
> > *groan*, that is not provably correct. It is entirely possible to get
> > enough fetch_add()s piled on top of one another to overflow regardless.
> >
> > Unlikely, yes, impossible, no.
> >
> > This makes me nervious as heck, I really don't want to ever have to
> > debug something like that :-(
> 
> The number of fetch_add() that can pile up is limited by the number of
> CPUs available in the system.

Uhhn, no. There is no preempt_disable() anywhere here. So even UP can
overflow if it has enough tasks.