Re: 5.13-rt1 + KVM = WARNING: at fs/eventfd.c:74 eventfd_signal()

[Paolo Bonzini]

On 21/07/21 12:11, Hillf Danton wrote:
> On Wed, 21 Jul 2021 09:25:32 +0200 Thomas Gleixner wrote:
> > On Wed, Jul 21 2021 at 15:04, Hillf Danton wrote:
> > > But the preempting waker can not make sense without the waiter who is bloody
> > > special. Why is it so in the first place? Or it is not at all but the race
> > > existing from Monday to Friday.
> >
> > See the large comment in eventfd_poll().
>
> Is it likely for a reader to make eventfd_poll() return 0?
>
> read	 *     poll                               write
> ----	 *     -----------------                  ------------
> 	 *     count = ctx->count (INVALID!)
> 	 *                                        lock ctx->qwh.lock
> 	 *                                        ctx->count += n
> 	 *                                        **waitqueue_active is false**
> 	 *                                        **no wake_up_locked_poll!**
> 	 *                                        unlock ctx->qwh.lock
>
> lock ctx->qwh.lock
> *cnt = (ctx->flags & EFD_SEMAPHORE) ? 1 : ctx->count;
> ctx->count -= *cnt;
> **waitqueue_active is false**
> unlock ctx->qwh.lock
>
> 	 *     lock ctx->wqh.lock (in poll_wait)
> 	 *     __add_wait_queue
> 	 *     unlock ctx->wqh.lock
> 	 *     eventfd_poll returns 0
> 	 */
> 	count = READ_ONCE(ctx->count);

No, it's simply impossible.  The same comment explains why: "count = 
ctx->count" cannot move above poll_wait's locking of ctx->wqh.lock.

Paolo