Re: [PATCH] locking/mutex: Mark racy reads of owner->on_cpu

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Peter Zijlstra <peterz@infradead.org>
To: Marco Elver <elver@google.com>
Cc: Ingo Molnar <mingo@redhat.com>, Will Deacon <will@kernel.org>,
	Waiman Long <longman@redhat.com>,
	Boqun Feng <boqun.feng@gmail.com>,
	linux-kernel@vger.kernel.org, kasan-dev@googlegroups.com,
	Thomas Gleixner <tglx@linutronix.de>,
	Mark Rutland <mark.rutland@arm.com>,
	"Paul E. McKenney" <paulmck@kernel.org>,
	Kefeng Wang <wangkefeng.wang@huawei.com>
Subject: Re: [PATCH] locking/mutex: Mark racy reads of owner->on_cpu
Date: Thu, 2 Dec 2021 15:46:22 +0100	[thread overview]
Message-ID: <YajcPt04S3M0Z7oR@hirez.programming.kicks-ass.net> (raw)
In-Reply-To: <CANpmjNMvPepakONMjTO=FzzeEtvq_CLjPN6=zF35j10rVrJ9Fg@mail.gmail.com>

On Thu, Dec 02, 2021 at 12:53:14PM +0100, Marco Elver wrote:
> On Thu, 2 Dec 2021 at 11:13, Marco Elver <elver@google.com> wrote:
> > One of the more frequent data races reported by KCSAN is the racy read
> > in mutex_spin_on_owner(), which is usually reported as "race of unknown
> > origin" without showing the writer. This is due to the racing write
> > occurring in kernel/sched. Locally enabling KCSAN in kernel/sched shows:
> >
> >  | write (marked) to 0xffff97f205079934 of 4 bytes by task 316 on cpu 6:
> >  |  finish_task                kernel/sched/core.c:4632 [inline]
> >  |  finish_task_switch         kernel/sched/core.c:4848
> >  |  context_switch             kernel/sched/core.c:4975 [inline]
> >  |  __schedule                 kernel/sched/core.c:6253
> >  |  schedule                   kernel/sched/core.c:6326
> >  |  schedule_preempt_disabled  kernel/sched/core.c:6385
> >  |  __mutex_lock_common        kernel/locking/mutex.c:680
> >  |  __mutex_lock               kernel/locking/mutex.c:740 [inline]
> >  |  __mutex_lock_slowpath      kernel/locking/mutex.c:1028
> >  |  mutex_lock                 kernel/locking/mutex.c:283
> >  |  tty_open_by_driver         drivers/tty/tty_io.c:2062 [inline]
> >  |  ...
> >  |
> >  | read to 0xffff97f205079934 of 4 bytes by task 322 on cpu 3:
> >  |  mutex_spin_on_owner        kernel/locking/mutex.c:370
> >  |  mutex_optimistic_spin      kernel/locking/mutex.c:480
> >  |  __mutex_lock_common        kernel/locking/mutex.c:610
> >  |  __mutex_lock               kernel/locking/mutex.c:740 [inline]
> >  |  __mutex_lock_slowpath      kernel/locking/mutex.c:1028
> >  |  mutex_lock                 kernel/locking/mutex.c:283
> >  |  tty_open_by_driver         drivers/tty/tty_io.c:2062 [inline]
> >  |  ...
> >  |
> >  | value changed: 0x00000001 -> 0x00000000
> >
> > This race is clearly intentional, and the potential for miscompilation
> > is slim due to surrounding barrier() and cpu_relax(), and the value
> > being used as a boolean.
> >
> > Nevertheless, marking this reader would more clearly denote intent and
> > make it obvious that concurrency is expected. Use READ_ONCE() to avoid
> > having to reason about compiler optimizations now and in future.
> >
> > Similarly, mark the read to owner->on_cpu in mutex_can_spin_on_owner(),
> > which immediately precedes the loop executing mutex_spin_on_owner().
> >
> > Signed-off-by: Marco Elver <elver@google.com>
> [...]
> 
> Kefeng kindly pointed out that there is an alternative, which would
> refactor owner_on_cpu() from rwsem that would address both mutex and
> rwsem:
> https://lore.kernel.org/all/b641f1ea-6def-0fe4-d273-03c35c4aa7d6@huawei.com/

That seems to make sense, except it should probably go under CONFIG_SMP,
since ->on_cpu doesn't otherwise exist.

next prev parent reply	other threads:[~2021-12-02 17:31 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-12-02 10:12 [PATCH] locking/mutex: Mark racy reads of owner->on_cpu Marco Elver
2021-12-02 11:53 ` Marco Elver
2021-12-02 14:46   ` Peter Zijlstra [this message]
2021-12-02 15:46   ` Waiman Long
2021-12-17 21:41     ` Thomas Gleixner

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=YajcPt04S3M0Z7oR@hirez.programming.kicks-ass.net \
    --to=peterz@infradead.org \
    --cc=boqun.feng@gmail.com \
    --cc=elver@google.com \
    --cc=kasan-dev@googlegroups.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=longman@redhat.com \
    --cc=mark.rutland@arm.com \
    --cc=mingo@redhat.com \
    --cc=paulmck@kernel.org \
    --cc=tglx@linutronix.de \
    --cc=wangkefeng.wang@huawei.com \
    --cc=will@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.