[bionic][PATCH 2/2] srcu: Lock srcu_data structure in srcu_gp_start()
Stefan Bader
stefan.bader at canonical.com
Wed Feb 27 09:38:23 UTC 2019
On 21.02.19 00:28, Marcelo Henrique Cerri wrote:
> From: Dennis Krein <Dennis.Krein at netapp.com>
>
> BugLink: http://bugs.launchpad.net/bugs/1802021
>
> The srcu_gp_start() function is called with the srcu_struct structure's
> ->lock held, but not with the srcu_data structure's ->lock. This is
> problematic because this function accesses and updates the srcu_data
> structure's ->srcu_cblist, which is protected by that lock. Failing to
> hold this lock can result in corruption of the SRCU callback lists,
> which in turn can result in arbitrarily bad results.
>
> This commit therefore makes srcu_gp_start() acquire the srcu_data
> structure's ->lock across the calls to rcu_segcblist_advance() and
> rcu_segcblist_accelerate(), thus preventing this corruption.
>
> Reported-by: Bart Van Assche <bvanassche at acm.org>
> Reported-by: Christoph Hellwig <hch at infradead.org>
> Reported-by: Sebastian Kuzminsky <seb.kuzminsky at gmail.com>
> Signed-off-by: Dennis Krein <Dennis.Krein at netapp.com>
> Signed-off-by: Paul E. McKenney <paulmck at linux.ibm.com>
> Tested-by: Dennis Krein <Dennis.Krein at netapp.com>
> Cc: <stable at vger.kernel.org> # 4.16.x
> (cherry picked from commit eb4c2382272ae7ae5d81fdfa5b7a6c86146eaaa4)
> Acked-by: Stefan Bader <stefan.bader at canonical.com>
> Acked-by: Kleber Sacilotto de Souza <kleber.souza at canonical.com>
> Signed-off-by: Marcelo Henrique Cerri <marcelo.cerri at canonical.com>
> ---
Cannot remember having acked this yet...
> kernel/rcu/srcutree.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/kernel/rcu/srcutree.c b/kernel/rcu/srcutree.c
> index d5cea81378cc..b3e5e9873582 100644
> --- a/kernel/rcu/srcutree.c
> +++ b/kernel/rcu/srcutree.c
> @@ -441,10 +441,12 @@ static void srcu_gp_start(struct srcu_struct *sp)
>
> lockdep_assert_held(&sp->lock);
> WARN_ON_ONCE(ULONG_CMP_GE(sp->srcu_gp_seq, sp->srcu_gp_seq_needed));
> + spin_lock_rcu_node(sdp); /* Interrupts already disabled. */
> rcu_segcblist_advance(&sdp->srcu_cblist,
> rcu_seq_current(&sp->srcu_gp_seq));
> (void)rcu_segcblist_accelerate(&sdp->srcu_cblist,
> rcu_seq_snap(&sp->srcu_gp_seq));
> + spin_unlock_rcu_node(sdp); /* Interrupts remain disabled. */
> smp_mb(); /* Order prior store to ->srcu_gp_seq_needed vs. GP start. */
> rcu_seq_start(&sp->srcu_gp_seq);
> state = rcu_seq_state(READ_ONCE(sp->srcu_gp_seq));
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20190227/9ef8e94e/attachment.sig>
More information about the kernel-team
mailing list