Re: [PATCH -next] locking/percpu-rwsem: fix a task_struct refcount
From: Peter Zijlstra
Date: Fri Mar 27 2020 - 05:38:02 EST
On Thu, Mar 26, 2020 at 11:10:57PM -0400, Qian Cai wrote:
> There are some memory leaks due to a missing put_task_struct().
This is an absolutely inadequate changelog. There is no explaning what
the actual race is and why this patch is correct.
> Fixes: 7f26482a872c ("locking/percpu-rwsem: Remove the embedded rwsem")
> Signed-off-by: Qian Cai <cai@xxxxxx>
> ---
> kernel/locking/percpu-rwsem.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/kernel/locking/percpu-rwsem.c b/kernel/locking/percpu-rwsem.c
> index a008a1ba21a7..6f487e5d923f 100644
> --- a/kernel/locking/percpu-rwsem.c
> +++ b/kernel/locking/percpu-rwsem.c
> @@ -123,8 +123,10 @@ static int percpu_rwsem_wake_function(struct wait_queue_entry *wq_entry,
> struct percpu_rw_semaphore *sem = key;
>
> /* concurrent against percpu_down_write(), can get stolen */
> - if (!__percpu_rwsem_trylock(sem, reader))
> + if (!__percpu_rwsem_trylock(sem, reader)) {
> + put_task_struct(p);
> return 1;
> + }
If the trylock fails, someone else got the lock and we remain on the
waitqueue. It seems like a very bad idea to put the task while it
remains on the waitqueue, no?
>
> list_del_init(&wq_entry->entry);
> smp_store_release(&wq_entry->private, NULL);
> --
> 2.21.0 (Apple Git-122.2)
>