[tip: core/rcu] rcu: Fix exp_funnel_lock()/rcu_exp_wait_wake() datarace
From: tip-bot2 for Paul E. McKenney
Date: Tue Mar 24 2020 - 05:17:31 EST
The following commit has been merged into the core/rcu branch of tip:
Commit-ID: 24bb9eccf7ff335c16c2970ac7cd5c32a92821a6
Gitweb: https://git.kernel.org/tip/24bb9eccf7ff335c16c2970ac7cd5c32a92821a6
Author: Paul E. McKenney <paulmck@xxxxxxxxxx>
AuthorDate: Sun, 22 Dec 2019 19:55:50 -08:00
Committer: Paul E. McKenney <paulmck@xxxxxxxxxx>
CommitterDate: Thu, 20 Feb 2020 15:58:21 -08:00
rcu: Fix exp_funnel_lock()/rcu_exp_wait_wake() datarace
The rcu_node structure's ->exp_seq_rq field is accessed locklessly, so
updates must use WRITE_ONCE(). This commit therefore adds the needed
WRITE_ONCE() invocation where it was missed.
This data race was reported by KCSAN. Not appropriate for backporting
due to failure being unlikely.
Signed-off-by: Paul E. McKenney <paulmck@xxxxxxxxxx>
---
kernel/rcu/tree_exp.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/rcu/tree_exp.h b/kernel/rcu/tree_exp.h
index dcbd757..d7e0484 100644
--- a/kernel/rcu/tree_exp.h
+++ b/kernel/rcu/tree_exp.h
@@ -589,7 +589,7 @@ static void rcu_exp_wait_wake(unsigned long s)
spin_lock(&rnp->exp_lock);
/* Recheck, avoid hang in case someone just arrived. */
if (ULONG_CMP_LT(rnp->exp_seq_rq, s))
- rnp->exp_seq_rq = s;
+ WRITE_ONCE(rnp->exp_seq_rq, s);
spin_unlock(&rnp->exp_lock);
}
smp_mb(); /* All above changes before wakeup. */