From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: stable@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
patches@lists.linux.dev, Wander Lairson Costa <wander@redhat.com>,
Thomas Gleixner <tglx@linutronix.de>
Subject: [PATCH 5.15 59/67] rtmutex: Ensure that the top waiter is always woken up
Date: Mon, 13 Feb 2023 15:49:40 +0100 [thread overview]
Message-ID: <20230213144735.179046086@linuxfoundation.org> (raw)
In-Reply-To: <20230213144732.336342050@linuxfoundation.org>
From: Wander Lairson Costa <wander@redhat.com>
commit db370a8b9f67ae5f17e3d5482493294467784504 upstream.
Let L1 and L2 be two spinlocks.
Let T1 be a task holding L1 and blocked on L2. T1, currently, is the top
waiter of L2.
Let T2 be the task holding L2.
Let T3 be a task trying to acquire L1.
The following events will lead to a state in which the wait queue of L2
isn't empty, but no task actually holds the lock.
T1 T2 T3
== == ==
spin_lock(L1)
| raw_spin_lock(L1->wait_lock)
| rtlock_slowlock_locked(L1)
| | task_blocks_on_rt_mutex(L1, T3)
| | | orig_waiter->lock = L1
| | | orig_waiter->task = T3
| | | raw_spin_unlock(L1->wait_lock)
| | | rt_mutex_adjust_prio_chain(T1, L1, L2, orig_waiter, T3)
spin_unlock(L2) | | | |
| rt_mutex_slowunlock(L2) | | | |
| | raw_spin_lock(L2->wait_lock) | | | |
| | wakeup(T1) | | | |
| | raw_spin_unlock(L2->wait_lock) | | | |
| | | | waiter = T1->pi_blocked_on
| | | | waiter == rt_mutex_top_waiter(L2)
| | | | waiter->task == T1
| | | | raw_spin_lock(L2->wait_lock)
| | | | dequeue(L2, waiter)
| | | | update_prio(waiter, T1)
| | | | enqueue(L2, waiter)
| | | | waiter != rt_mutex_top_waiter(L2)
| | | | L2->owner == NULL
| | | | wakeup(T1)
| | | | raw_spin_unlock(L2->wait_lock)
T1 wakes up
T1 != top_waiter(L2)
schedule_rtlock()
If the deadline of T1 is updated before the call to update_prio(), and the
new deadline is greater than the deadline of the second top waiter, then
after the requeue, T1 is no longer the top waiter, and the wrong task is
woken up which will then go back to sleep because it is not the top waiter.
This can be reproduced in PREEMPT_RT with stress-ng:
while true; do
stress-ng --sched deadline --sched-period 1000000000 \
--sched-runtime 800000000 --sched-deadline \
1000000000 --mmapfork 23 -t 20
done
A similar issue was pointed out by Thomas versus the cases where the top
waiter drops out early due to a signal or timeout, which is a general issue
for all regular rtmutex use cases, e.g. futex.
The problematic code is in rt_mutex_adjust_prio_chain():
// Save the top waiter before dequeue/enqueue
prerequeue_top_waiter = rt_mutex_top_waiter(lock);
rt_mutex_dequeue(lock, waiter);
waiter_update_prio(waiter, task);
rt_mutex_enqueue(lock, waiter);
// Lock has no owner?
if (!rt_mutex_owner(lock)) {
// Top waiter changed
----> if (prerequeue_top_waiter != rt_mutex_top_waiter(lock))
----> wake_up_state(waiter->task, waiter->wake_state);
This only takes the case into account where @waiter is the new top waiter
due to the requeue operation.
But it fails to handle the case where @waiter is not longer the top
waiter due to the requeue operation.
Ensure that the new top waiter is woken up so in all cases so it can take
over the ownerless lock.
[ tglx: Amend changelog, add Fixes tag ]
Fixes: c014ef69b3ac ("locking/rtmutex: Add wake_state to rt_mutex_waiter")
Signed-off-by: Wander Lairson Costa <wander@redhat.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20230117172649.52465-1-wander@redhat.com
Link: https://lore.kernel.org/r/20230202123020.14844-1-wander@redhat.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/locking/rtmutex.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
--- a/kernel/locking/rtmutex.c
+++ b/kernel/locking/rtmutex.c
@@ -855,8 +855,9 @@ static int __sched rt_mutex_adjust_prio_
* then we need to wake the new top waiter up to try
* to get the lock.
*/
- if (prerequeue_top_waiter != rt_mutex_top_waiter(lock))
- wake_up_state(waiter->task, waiter->wake_state);
+ top_waiter = rt_mutex_top_waiter(lock);
+ if (prerequeue_top_waiter != top_waiter)
+ wake_up_state(top_waiter->task, top_waiter->wake_state);
raw_spin_unlock_irq(&lock->wait_lock);
return 0;
}
next prev parent reply other threads:[~2023-02-13 15:00 UTC|newest]
Thread overview: 76+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-02-13 14:48 [PATCH 5.15 00/67] 5.15.94-rc1 review Greg Kroah-Hartman
2023-02-13 14:48 ` [PATCH 5.15 01/67] nvmem: core: add error handling for dev_set_name Greg Kroah-Hartman
2023-02-13 14:48 ` [PATCH 5.15 02/67] nvmem: core: fix cleanup after dev_set_name() Greg Kroah-Hartman
2023-02-14 12:56 ` Russell King (Oracle)
2023-02-13 14:48 ` [PATCH 5.15 03/67] nvmem: core: fix registration vs use race Greg Kroah-Hartman
2023-02-13 14:48 ` [PATCH 5.15 04/67] mm/migration: return errno when isolate_huge_page failed Greg Kroah-Hartman
2023-02-13 14:48 ` [PATCH 5.15 05/67] migrate: hugetlb: check for hugetlb shared PMD in node migration Greg Kroah-Hartman
2023-02-13 14:48 ` [PATCH 5.15 06/67] btrfs: limit device extents to the device size Greg Kroah-Hartman
2023-02-13 14:48 ` [PATCH 5.15 07/67] btrfs: zlib: zero-initialize zlib workspace Greg Kroah-Hartman
2023-02-13 14:48 ` [PATCH 5.15 08/67] ALSA: hda/realtek: Add Positivo N14KP6-TG Greg Kroah-Hartman
2023-02-13 14:48 ` [PATCH 5.15 09/67] ALSA: emux: Avoid potential array out-of-bound in snd_emux_xg_control() Greg Kroah-Hartman
2023-02-13 14:48 ` [PATCH 5.15 10/67] ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book2 Pro 360 Greg Kroah-Hartman
2023-02-13 14:48 ` [PATCH 5.15 11/67] ALSA: hda/realtek: Enable mute/micmute LEDs on HP Elitebook, 645 G9 Greg Kroah-Hartman
2023-02-13 14:48 ` [PATCH 5.15 12/67] tracing: Fix poll() and select() do not work on per_cpu trace_pipe and trace_pipe_raw Greg Kroah-Hartman
2023-02-13 14:48 ` [PATCH 5.15 13/67] of/address: Return an error when no valid dma-ranges are found Greg Kroah-Hartman
2023-02-13 14:48 ` [PATCH 5.15 14/67] can: j1939: do not wait 250 ms if the same addr was already claimed Greg Kroah-Hartman
2023-02-13 14:48 ` [PATCH 5.15 15/67] xfrm: compat: change expression for switch in xfrm_xlate64 Greg Kroah-Hartman
2023-02-13 14:48 ` [PATCH 5.15 16/67] IB/hfi1: Restore allocated resources on failed copyout Greg Kroah-Hartman
2023-02-13 14:48 ` [PATCH 5.15 17/67] xfrm/compat: prevent potential spectre v1 gadget in xfrm_xlate32_attr() Greg Kroah-Hartman
2023-02-13 14:48 ` [PATCH 5.15 18/67] IB/IPoIB: Fix legacy IPoIB due to wrong number of queues Greg Kroah-Hartman
2023-02-13 14:49 ` [PATCH 5.15 19/67] RDMA/irdma: Fix potential NULL-ptr-dereference Greg Kroah-Hartman
2023-02-13 14:49 ` [PATCH 5.15 20/67] RDMA/usnic: use iommu_map_atomic() under spin_lock() Greg Kroah-Hartman
2023-02-13 14:49 ` [PATCH 5.15 21/67] xfrm: fix bug with DSCP copy to v6 from v4 tunnel Greg Kroah-Hartman
2023-02-13 14:49 ` [PATCH 5.15 22/67] net: phylink: move phy_device_free() to correctly release phy device Greg Kroah-Hartman
2023-02-13 14:49 ` [PATCH 5.15 23/67] bonding: fix error checking in bond_debug_reregister() Greg Kroah-Hartman
2023-02-13 14:49 ` [PATCH 5.15 24/67] net: phy: meson-gxl: use MMD access dummy stubs for GXL, internal PHY Greg Kroah-Hartman
2023-02-13 14:49 ` [PATCH 5.15 25/67] ionic: clean interrupt before enabling queue to avoid credit race Greg Kroah-Hartman
2023-02-13 14:49 ` [PATCH 5.15 26/67] uapi: add missing ip/ipv6 header dependencies for linux/stddef.h Greg Kroah-Hartman
2023-02-13 14:49 ` [PATCH 5.15 27/67] ice: Do not use WQ_MEM_RECLAIM flag for workqueue Greg Kroah-Hartman
2023-02-13 14:49 ` [PATCH 5.15 28/67] net: dsa: mt7530: dont change PVC_EG_TAG when CPU port becomes VLAN-aware Greg Kroah-Hartman
2023-02-13 14:49 ` [PATCH 5.15 29/67] net: mscc: ocelot: fix VCAP filters not matching on MAC with "protocol 802.1Q" Greg Kroah-Hartman
2023-02-13 14:49 ` [PATCH 5.15 30/67] net/mlx5e: Move repeating clear_bit in mlx5e_rx_reporter_err_rq_cqe_recover Greg Kroah-Hartman
2023-02-13 14:49 ` [PATCH 5.15 31/67] net/mlx5e: Introduce the mlx5e_flush_rq function Greg Kroah-Hartman
2023-02-13 14:49 ` [PATCH 5.15 32/67] net/mlx5e: Update rx ring hw mtu upon each rx-fcs flag change Greg Kroah-Hartman
2023-02-13 14:49 ` [PATCH 5.15 33/67] net/mlx5: Bridge, fix ageing of peer FDB entries Greg Kroah-Hartman
2023-02-13 14:49 ` [PATCH 5.15 34/67] net/mlx5e: IPoIB, Show unknown speed instead of error Greg Kroah-Hartman
2023-02-13 14:49 ` [PATCH 5.15 35/67] net/mlx5: fw_tracer, Clear load bit when freeing string DBs buffers Greg Kroah-Hartman
2023-02-13 14:49 ` [PATCH 5.15 36/67] net/mlx5: fw_tracer, Zero consumer index when reloading the tracer Greg Kroah-Hartman
2023-02-13 14:49 ` [PATCH 5.15 37/67] net/mlx5: Serialize module cleanup with reload and remove Greg Kroah-Hartman
2023-02-13 14:49 ` [PATCH 5.15 38/67] igc: Add ndo_tx_timeout support Greg Kroah-Hartman
2023-02-13 14:49 ` [PATCH 5.15 39/67] rds: rds_rm_zerocopy_callback() use list_first_entry() Greg Kroah-Hartman
2023-02-13 14:49 ` [PATCH 5.15 40/67] selftests: forwarding: lib: quote the sysctl values Greg Kroah-Hartman
2023-02-13 14:49 ` [PATCH 5.15 41/67] ALSA: pci: lx6464es: fix a debug loop Greg Kroah-Hartman
2023-02-13 14:49 ` [PATCH 5.15 42/67] riscv: stacktrace: Fix missing the first frame Greg Kroah-Hartman
2023-02-13 14:49 ` [PATCH 5.15 43/67] ASoC: topology: Return -ENOMEM on memory allocation failure Greg Kroah-Hartman
2023-02-13 14:49 ` [PATCH 5.15 44/67] pinctrl: mediatek: Fix the drive register definition of some Pins Greg Kroah-Hartman
2023-02-13 14:49 ` [PATCH 5.15 45/67] pinctrl: aspeed: Fix confusing types in return value Greg Kroah-Hartman
2023-02-13 14:49 ` [PATCH 5.15 46/67] pinctrl: single: fix potential NULL dereference Greg Kroah-Hartman
2023-02-13 14:49 ` [PATCH 5.15 47/67] spi: dw: Fix wrong FIFO level setting for long xfers Greg Kroah-Hartman
2023-02-13 14:49 ` [PATCH 5.15 48/67] pinctrl: intel: Restore the pins that used to be in Direct IRQ mode Greg Kroah-Hartman
2023-02-13 14:49 ` [PATCH 5.15 49/67] cifs: Fix use-after-free in rdata->read_into_pages() Greg Kroah-Hartman
2023-02-13 14:49 ` [PATCH 5.15 50/67] net: USB: Fix wrong-direction WARNING in plusb.c Greg Kroah-Hartman
2023-02-13 14:49 ` [PATCH 5.15 51/67] mptcp: be careful on subflow status propagation on errors Greg Kroah-Hartman
2023-02-13 14:49 ` [PATCH 5.15 52/67] btrfs: free device in btrfs_close_devices for a single device filesystem Greg Kroah-Hartman
2023-02-13 14:49 ` [PATCH 5.15 53/67] usb: core: add quirk for Alcor Link AK9563 smartcard reader Greg Kroah-Hartman
2023-02-13 14:49 ` [PATCH 5.15 54/67] usb: typec: altmodes/displayport: Fix probe pin assign check Greg Kroah-Hartman
2023-02-13 14:49 ` [PATCH 5.15 55/67] clk: ingenic: jz4760: Update M/N/OD calculation algorithm Greg Kroah-Hartman
2023-02-13 14:49 ` [PATCH 5.15 56/67] ceph: flush cap releases when the session is flushed Greg Kroah-Hartman
2023-02-13 14:49 ` [PATCH 5.15 57/67] riscv: Fixup race condition on PG_dcache_clean in flush_icache_pte Greg Kroah-Hartman
2023-02-13 14:49 ` [PATCH 5.15 58/67] powerpc/64s/interrupt: Fix interrupt exit race with security mitigation switch Greg Kroah-Hartman
2023-02-13 14:49 ` Greg Kroah-Hartman [this message]
2023-02-13 14:49 ` [PATCH 5.15 60/67] arm64: dts: meson-gx: Make mmc host controller interrupts level-sensitive Greg Kroah-Hartman
2023-02-13 14:49 ` [PATCH 5.15 61/67] arm64: dts: meson-g12-common: " Greg Kroah-Hartman
2023-02-13 14:49 ` [PATCH 5.15 62/67] arm64: dts: meson-axg: " Greg Kroah-Hartman
2023-02-13 14:49 ` [PATCH 5.15 63/67] Fix page corruption caused by racy check in __free_pages Greg Kroah-Hartman
2023-02-13 14:49 ` [PATCH 5.15 64/67] drm/amdgpu/fence: Fix oops due to non-matching drm_sched init/fini Greg Kroah-Hartman
2023-02-13 14:49 ` [PATCH 5.15 65/67] drm/i915: Initialize the obj flags for shmem objects Greg Kroah-Hartman
2023-02-13 14:49 ` [PATCH 5.15 66/67] drm/i915: Fix VBT DSI DVO port handling Greg Kroah-Hartman
2023-02-13 14:49 ` [PATCH 5.15 67/67] nvmem: core: fix return value Greg Kroah-Hartman
2023-02-13 20:07 ` [PATCH 5.15 00/67] 5.15.94-rc1 review Florian Fainelli
2023-02-13 22:08 ` Allen Pais
2023-02-13 23:31 ` Shuah Khan
2023-02-14 3:04 ` Bagas Sanjaya
2023-02-14 8:26 ` Naresh Kamboju
2023-02-14 10:54 ` Sudip Mukherjee (Codethink)
2023-02-14 12:46 ` Ron Economos
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230213144735.179046086@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=patches@lists.linux.dev \
--cc=stable@vger.kernel.org \
--cc=tglx@linutronix.de \
--cc=wander@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).