Commit 39e7234f authored by Waiman Long's avatar Waiman Long Committed by Peter Zijlstra

locking/rwsem: Fix kernel crash when spinning on RWSEM_OWNER_UNKNOWN

The commit 91d2a812 ("locking/rwsem: Make handoff writer
optimistically spin on owner") will allow a recently woken up waiting
writer to spin on the owner. Unfortunately, if the owner happens to be
RWSEM_OWNER_UNKNOWN, the code will incorrectly spin on it leading to a
kernel crash. This is fixed by passing the proper non-spinnable bits
to rwsem_spin_on_owner() so that RWSEM_OWNER_UNKNOWN will be treated
as a non-spinnable target.

Fixes: 91d2a812 ("locking/rwsem: Make handoff writer optimistically spin on owner")
Reported-by: default avatarChristoph Hellwig <hch@lst.de>
Signed-off-by: default avatarWaiman Long <longman@redhat.com>
Signed-off-by: default avatarPeter Zijlstra (Intel) <peterz@infradead.org>
Tested-by: default avatarChristoph Hellwig <hch@lst.de>
Cc: stable@vger.kernel.org
Link: https://lkml.kernel.org/r/20200115154336.8679-1-longman@redhat.com
parent 51bfb1d1
...@@ -1226,8 +1226,8 @@ rwsem_down_write_slowpath(struct rw_semaphore *sem, int state) ...@@ -1226,8 +1226,8 @@ rwsem_down_write_slowpath(struct rw_semaphore *sem, int state)
* In this case, we attempt to acquire the lock again * In this case, we attempt to acquire the lock again
* without sleeping. * without sleeping.
*/ */
if ((wstate == WRITER_HANDOFF) && if (wstate == WRITER_HANDOFF &&
(rwsem_spin_on_owner(sem, 0) == OWNER_NULL)) rwsem_spin_on_owner(sem, RWSEM_NONSPINNABLE) == OWNER_NULL)
goto trylock_again; goto trylock_again;
/* Block until there are no active lockers. */ /* Block until there are no active lockers. */
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment