Re: [PATCH v4] pipe: use __pipe_{lock,unlock} instead of spinlock

[Julia Lawall]

On Mon, 6 Feb 2023, Luis Chamberlain wrote:

> On Sat, Jan 28, 2023 at 11:33:08PM -0800, Linus Torvalds wrote:
> > On Sat, Jan 28, 2023 at 10:05 PM Hongchen Zhang
> > <zhanghongchen@xxxxxxxxxxx> wrote:
> > >
> > > Use spinlock in pipe_{read,write} cost too much time,IMO
> > > pipe->{head,tail} can be protected by __pipe_{lock,unlock}.
> > > On the other hand, we can use __pipe_{lock,unlock} to protect
> > > the pipe->{head,tail} in pipe_resize_ring and
> > > post_one_notification.
> >
> > No, we really can't.
> >
> > post_one_notification() is called under the RCU lock held, *and* with
> > a spinlock held.
> >
> > It simply cannot do a sleeping lock like __pipe_lock().
> >
> > So that patch is simply fundamentally buggy, I'm afraid.
>
> This patch lingered for a while until *way* later *Al Viro* and then
> Linus chimed in on this. Ie, the issue for rejecting the patch wasn't so
> obvious it seems.
>
> As for Linus' point about us needing to avoid sleep under RCU +
> spinlock, curious if we can capture *existing* bad users of that with
> Coccinelle SmPL.

An analysis with Coccinelle may be highly prone to false positives if the
issue is very interprocedural.  Maybe smatch would be better suited for
this?

julia