On Thu, Jan 28, 2021 at 10:48:34AM -0800, Paul E. McKenney wrote:

On Thu, Jan 28, 2021 at 06:12:07PM +0100, Frederic Weisbecker wrote:

...

The "nocb_bypass_timer" ends up calling wake_nocb_gp() which deletes the pending "nocb_timer" (note they are not the same timers) for the given rdp without resetting the matching state stored in nocb_defer wakeup.

As a result, a future call_rcu() on that rdp may be fooled and think the timer is armed when it's not, missing a deferred nocb_gp wakeup.

Fix this with resetting rdp->nocb_defer_wakeup when we disarm the timer.

Fixes: d1b222c6be1f (rcu/nocb: Add bypass callback queueing) Cc: Stable stable@vger.kernel.org Cc: Josh Triplett josh@joshtriplett.org Cc: Lai Jiangshan jiangshanlai@gmail.com Cc: Joel Fernandes joel@joelfernandes.org Cc: Neeraj Upadhyay neeraju@codeaurora.org Cc: Boqun Feng boqun.feng@gmail.com Signed-off-by: Frederic Weisbecker frederic@kernel.org

---

kernel/rcu/tree_plugin.h | 2 ++ 1 file changed, 2 insertions(+)

diff --git a/kernel/rcu/tree_plugin.h b/kernel/rcu/tree_plugin.h index 7e33dae0e6ee..a44f80d7661b 100644 --- a/kernel/rcu/tree_plugin.h +++ b/kernel/rcu/tree_plugin.h @@ -1705,6 +1705,8 @@ static bool wake_nocb_gp(struct rcu_data *rdp, bool force, rcu_nocb_unlock_irqrestore(rdp, flags); return false; }

• rdp->nocb_defer_wakeup = RCU_NOCB_WAKE_NOT;

Given this change, does it make sense to remove the setting of ->nocb_defer_wakeup to RCU_NOCB_WAKE_NOT from the do_nocb_deferred_wakeup_common() function?

I do it later in "[PATCH 09/16] rcu/nocb: Merge nocb_timer to the rdp leader"

Does the above assignment need to be WRITE_ONCE(), in other words, are all reads of ->nocb_defer_wakeup done with either ->nocb_lock or ->nocb_gp_lock held? (I do not believe that this is the case.)

Ah indeed it should probably be done with WRITE_ONCE() because it's read locklessly on many places.

Thanks.

					Thanx, Paul

...

del_timer(&rdp->nocb_timer); rcu_nocb_unlock_irqrestore(rdp, flags); raw_spin_lock_irqsave(&rdp_gp->nocb_gp_lock, flags); -- 2.25.1