[PATCH rcu 2/8] rcu: Synchronize ->qsmaskinitnext in rcu_boost_kthread_setaffinity()

From: Paul E. McKenney
Date: Wed Oct 19 2022 - 18:47:26 EST

Next message: Paul E. McKenney: "[PATCH rcu 5/8] slab: Explain why SLAB_DESTROY_BY_RCU reference before locking"
Previous message: Paul E. McKenney: "[PATCH rcu 3/8] rcu: Remove unused 'cpu' in rcu_virt_note_context_switch()"
In reply to: Paul E. McKenney: "[PATCH rcu 3/8] rcu: Remove unused 'cpu' in rcu_virt_note_context_switch()"
Next in thread: Paul E. McKenney: "[PATCH rcu 5/8] slab: Explain why SLAB_DESTROY_BY_RCU reference before locking"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Pingfan Liu <kernelfans@xxxxxxxxx>

Once either rcutree_online_cpu() or rcutree_dead_cpu() is invoked
concurrently, the following rcu_boost_kthread_setaffinity() race can
occur:

CPU 1 CPU2
mask = rcu_rnp_online_cpus(rnp);
...

mask = rcu_rnp_online_cpus(rnp);
...
set_cpus_allowed_ptr(t, cm);

set_cpus_allowed_ptr(t, cm);

This results in CPU2's update being overwritten by that of CPU1, and
thus the possibility of ->boost_kthread_task continuing to run on a
to-be-offlined CPU.

This commit therefore eliminates this race by relying on the pre-existing
acquisition of ->boost_kthread_mutex to serialize the full process of
changing the affinity of ->boost_kthread_task.

Signed-off-by: Pingfan Liu <kernelfans@xxxxxxxxx>
Cc: David Woodhouse <dwmw@xxxxxxxxxxxx>
Cc: Frederic Weisbecker <frederic@xxxxxxxxxx>
Cc: Neeraj Upadhyay <quic_neeraju@xxxxxxxxxxx>
Cc: Josh Triplett <josh@xxxxxxxxxxxxxxxx>
Cc: Steven Rostedt <rostedt@xxxxxxxxxxx>
Cc: Mathieu Desnoyers <mathieu.desnoyers@xxxxxxxxxxxx>
Cc: Lai Jiangshan <jiangshanlai@xxxxxxxxx>
Cc: Joel Fernandes <joel@xxxxxxxxxxxxxxxxx>
Cc: "Jason A. Donenfeld" <Jason@xxxxxxxxx>
Signed-off-by: Paul E. McKenney <paulmck@xxxxxxxxxx>
---
kernel/rcu/tree_plugin.h | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/kernel/rcu/tree_plugin.h b/kernel/rcu/tree_plugin.h
index e3142ee35fc6a..7b0fe741a0886 100644
--- a/kernel/rcu/tree_plugin.h
+++ b/kernel/rcu/tree_plugin.h
@@ -1221,11 +1221,13 @@ static void rcu_spawn_one_boost_kthread(struct rcu_node *rnp)
* We don't include outgoingcpu in the affinity set, use -1 if there is
* no outgoing CPU. If there are no CPUs left in the affinity set,
* this function allows the kthread to execute on any CPU.
+ *
+ * Any future concurrent calls are serialized via ->boost_kthread_mutex.
*/
static void rcu_boost_kthread_setaffinity(struct rcu_node *rnp, int outgoingcpu)
{
struct task_struct *t = rnp->boost_kthread_task;
- unsigned long mask = rcu_rnp_online_cpus(rnp);
+ unsigned long mask;
cpumask_var_t cm;
int cpu;

@@ -1234,6 +1236,7 @@ static void rcu_boost_kthread_setaffinity(struct rcu_node *rnp, int outgoingcpu)
if (!zalloc_cpumask_var(&cm, GFP_KERNEL))
return;
mutex_lock(&rnp->boost_kthread_mutex);
+ mask = rcu_rnp_online_cpus(rnp);
for_each_leaf_node_possible_cpu(rnp, cpu)
if ((mask & leaf_node_cpu_bit(rnp, cpu)) &&
cpu != outgoingcpu)
--
2.31.1.189.g2e36527f23

Next message: Paul E. McKenney: "[PATCH rcu 5/8] slab: Explain why SLAB_DESTROY_BY_RCU reference before locking"
Previous message: Paul E. McKenney: "[PATCH rcu 3/8] rcu: Remove unused 'cpu' in rcu_virt_note_context_switch()"
In reply to: Paul E. McKenney: "[PATCH rcu 3/8] rcu: Remove unused 'cpu' in rcu_virt_note_context_switch()"
Next in thread: Paul E. McKenney: "[PATCH rcu 5/8] slab: Explain why SLAB_DESTROY_BY_RCU reference before locking"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]