On Sat, Mar 07, 2015 at 06:13:47PM +0100, Oleg Nesterov wrote:
> I think the patch is fine, but this reminds me...
>
> On 03/07, tip-bot for Jason Low wrote:
> >
> > bool rwsem_spin_on_owner(struct rw_semaphore *sem, struct task_struct
> > *owner)
> > {
> > long count;
> >
> > rcu_read_lock();
> > - while (owner_running(sem, owner)) {
> > - /* abort spinning when need_resched */
> > - if (need_resched()) {
> > + while (sem->owner == owner) {
> > + /*
> > + * Ensure we emit the owner->on_cpu, dereference _after_
> > + * checking sem->owner still matches owner, if that fails,
> > + * owner might point to free()d memory, if it still matches,
> > + * the rcu_read_lock() ensures the memory stays valid.
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> Yes, this is another case when we wrongly assume this.
>
> Peter, should I resend
>
> [PATCH 3/3] introduce task_rcu_dereference()
> http://marc.info/?l=linux-kernel&m=141443631413914
>
> ? or should we add another call_rcu() in finish_task_switch() (like -rt does)
> to make this true?
Yeah, I think the extra call_rcu() makes most sense.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
