Re: [PATCH] bcachefs: six locks: Fix missing barrier on wait->lock_acquired

From: Kent Overstreet
Date: Sat Aug 12 2023 - 17:09:13 EST

Next message: Nam Cao: "Re: [PATCH 00/16] Staging: rtl8192e: Rename struct rx_ts_record references"
Previous message: Steven Rostedt: "Re: [PATCH] tracing: Fix race when concurrently splice_read trace_pipe"
In reply to: Boqun Feng: "Re: [PATCH] bcachefs: six locks: Fix missing barrier on wait->lock_acquired"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, Aug 12, 2023 at 01:58:58PM -0700, Boqun Feng wrote:
> Given the whole percpu counters for readers thing is similar to
> percpu_rw_semaphore, I took a look at percpu_rwsem and wonder there is
> a path to combine that with SIX lock. And that makes me realize another
> fix may be needed here, considering the following case:
>
> Task A Task B
> ====== ======
> __six_lock_wakeup():
> task = w->task;
> ...
> smp_store_release(&w->locked_acquire, true);
> six_lock_slowpath():
> while (1) {
> if (smp_load_acquire(->lock_acquired))
> break;
> }
>
> six_unlock();
> do_exit(); // Task B ends its life :(
>
> wake_up_process(task); // @task is a dangling task pointer!!!
>
> Looks like get_task_struct() and put_task_struct() are needed here:
> similar to percpu_rwsem_wake_function().

yeah, looks like you're right. Shame about adding more atomics here,
maybe we can convert task->ref to a percpu refcount at some point.

Next message: Nam Cao: "Re: [PATCH 00/16] Staging: rtl8192e: Rename struct rx_ts_record references"
Previous message: Steven Rostedt: "Re: [PATCH] tracing: Fix race when concurrently splice_read trace_pipe"
In reply to: Boqun Feng: "Re: [PATCH] bcachefs: six locks: Fix missing barrier on wait->lock_acquired"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]