# git rev-parse -q --verify 472e5b056f000a778abb41f1e443de58eb259783^{commit} 472e5b056f000a778abb41f1e443de58eb259783 already have revision, skipping fetch # git checkout -q -f -B kisskb 472e5b056f000a778abb41f1e443de58eb259783 # git clean -qxdf # < git log -1 # commit 472e5b056f000a778abb41f1e443de58eb259783 # Author: Linus Torvalds # Date: Thu Oct 1 19:14:36 2020 -0700 # # pipe: remove pipe_wait() and fix wakeup race with splice # # The pipe splice code still used the old model of waiting for pipe IO by # using a non-specific "pipe_wait()" that waited for any pipe event to # happen, which depended on all pipe IO being entirely serialized by the # pipe lock. So by checking the state you were waiting for, and then # adding yourself to the wait queue before dropping the lock, you were # guaranteed to see all the wakeups. # # Strictly speaking, the actual wakeups were not done under the lock, but # the pipe_wait() model still worked, because since the waiter held the # lock when checking whether it should sleep, it would always see the # current state, and the wakeup was always done after updating the state. # # However, commit 0ddad21d3e99 ("pipe: use exclusive waits when reading or # writing") split the single wait-queue into two, and in the process also # made the "wait for event" code wait for _two_ wait queues, and that then # showed a race with the wakers that were not serialized by the pipe lock. # # It's only splice that used that "pipe_wait()" model, so the problem # wasn't obvious, but Josef Bacik reports: # # "I hit a hang with fstest btrfs/187, which does a btrfs send into # /dev/null. This works by creating a pipe, the write side is given to # the kernel to write into, and the read side is handed to a thread that # splices into a file, in this case /dev/null. # # The box that was hung had the write side stuck here [pipe_write] and # the read side stuck here [splice_from_pipe_next -> pipe_wait]. # # [ more details about pipe_wait() scenario ] # # The problem is we're doing the prepare_to_wait, which sets our state # each time, however we can be woken up either with reads or writes. In # the case above we race with the WRITER waking us up, and re-set our # state to INTERRUPTIBLE, and thus never break out of schedule" # # Josef had a patch that avoided the issue in pipe_wait() by just making # it set the state only once, but the deeper problem is that pipe_wait() # depends on a level of synchonization by the pipe mutex that it really # shouldn't. And the whole "wait for any pipe state change" model really # isn't very good to begin with. # # So rather than trying to work around things in pipe_wait(), remove that # legacy model of "wait for arbitrary pipe event" entirely, and actually # create functions that wait for the pipe actually being readable or # writable, and can do so without depending on the pipe lock serializing # everything. # # Fixes: 0ddad21d3e99 ("pipe: use exclusive waits when reading or writing") # Link: https://lore.kernel.org/linux-fsdevel/bfa88b5ad6f069b2b679316b9e495a970130416c.1601567868.git.josef@toxicpanda.com/ # Reported-by: Josef Bacik # Reviewed-and-tested-by: Josef Bacik # Signed-off-by: Linus Torvalds # < /opt/cross/kisskb/korg/gcc-10.1.0-nolibc/sh4-linux/bin/sh4-linux-gcc --version # < /opt/cross/kisskb/korg/gcc-10.1.0-nolibc/sh4-linux/bin/sh4-linux-ld --version # < git log --format=%s --max-count=1 472e5b056f000a778abb41f1e443de58eb259783 # < make -s -j 10 ARCH=sh O=/kisskb/build/linus_se7619_defconfig_sh4-gcc10 CROSS_COMPILE=/opt/cross/kisskb/korg/gcc-10.1.0-nolibc/sh4-linux/bin/sh4-linux- se7619_defconfig # make -s -j 10 ARCH=sh O=/kisskb/build/linus_se7619_defconfig_sh4-gcc10 CROSS_COMPILE=/opt/cross/kisskb/korg/gcc-10.1.0-nolibc/sh4-linux/bin/sh4-linux- Generating include/generated/machtypes.h :1511:2: warning: #warning syscall clone3 not implemented [-Wcpp] In file included from /kisskb/src/arch/sh/include/asm/hw_irq.h:6, from /kisskb/src/include/linux/irq.h:576, from /kisskb/src/arch/sh/include/asm/hardirq.h:6, from /kisskb/src/include/linux/hardirq.h:10, from /kisskb/src/include/linux/interrupt.h:11, from /kisskb/src/include/linux/serial_core.h:13, from /kisskb/src/include/linux/serial_sci.h:6, from /kisskb/src/arch/sh/kernel/cpu/sh2/setup-sh7619.c:11: /kisskb/src/include/linux/sh_intc.h:100:63: warning: division 'sizeof (void *) / sizeof (void)' does not compute the number of array elements [-Wsizeof-pointer-div] 100 | #define _INTC_ARRAY(a) a, __same_type(a, NULL) ? 0 : sizeof(a)/sizeof(*a) | ^ /kisskb/src/include/linux/sh_intc.h:105:24: note: in expansion of macro '_INTC_ARRAY' 105 | _INTC_ARRAY(vectors), _INTC_ARRAY(groups), \ | ^~~~~~~~~~~ /kisskb/src/include/linux/sh_intc.h:124:8: note: in expansion of macro 'INTC_HW_DESC' 124 | .hw = INTC_HW_DESC(vectors, groups, mask_regs, \ | ^~~~~~~~~~~~ /kisskb/src/arch/sh/kernel/cpu/sh2/setup-sh7619.c:58:8: note: in expansion of macro 'DECLARE_INTC_DESC' 58 | static DECLARE_INTC_DESC(intc_desc, "sh7619", vectors, NULL, | ^~~~~~~~~~~~~~~~~ /kisskb/src/include/linux/sh_intc.h:100:63: warning: division 'sizeof (void *) / sizeof (void)' does not compute the number of array elements [-Wsizeof-pointer-div] 100 | #define _INTC_ARRAY(a) a, __same_type(a, NULL) ? 0 : sizeof(a)/sizeof(*a) | ^ /kisskb/src/include/linux/sh_intc.h:106:2: note: in expansion of macro '_INTC_ARRAY' 106 | _INTC_ARRAY(mask_regs), _INTC_ARRAY(prio_regs), \ | ^~~~~~~~~~~ /kisskb/src/include/linux/sh_intc.h:124:8: note: in expansion of macro 'INTC_HW_DESC' 124 | .hw = INTC_HW_DESC(vectors, groups, mask_regs, \ | ^~~~~~~~~~~~ /kisskb/src/arch/sh/kernel/cpu/sh2/setup-sh7619.c:58:8: note: in expansion of macro 'DECLARE_INTC_DESC' 58 | static DECLARE_INTC_DESC(intc_desc, "sh7619", vectors, NULL, | ^~~~~~~~~~~~~~~~~ /kisskb/src/include/linux/sh_intc.h:100:63: warning: division 'sizeof (void *) / sizeof (void)' does not compute the number of array elements [-Wsizeof-pointer-div] 100 | #define _INTC_ARRAY(a) a, __same_type(a, NULL) ? 0 : sizeof(a)/sizeof(*a) | ^ /kisskb/src/include/linux/sh_intc.h:107:2: note: in expansion of macro '_INTC_ARRAY' 107 | _INTC_ARRAY(sense_regs), _INTC_ARRAY(ack_regs), \ | ^~~~~~~~~~~ /kisskb/src/include/linux/sh_intc.h:124:8: note: in expansion of macro 'INTC_HW_DESC' 124 | .hw = INTC_HW_DESC(vectors, groups, mask_regs, \ | ^~~~~~~~~~~~ /kisskb/src/arch/sh/kernel/cpu/sh2/setup-sh7619.c:58:8: note: in expansion of macro 'DECLARE_INTC_DESC' 58 | static DECLARE_INTC_DESC(intc_desc, "sh7619", vectors, NULL, | ^~~~~~~~~~~~~~~~~ /kisskb/src/include/linux/sh_intc.h:100:63: warning: division 'sizeof (void *) / sizeof (void)' does not compute the number of array elements [-Wsizeof-pointer-div] 100 | #define _INTC_ARRAY(a) a, __same_type(a, NULL) ? 0 : sizeof(a)/sizeof(*a) | ^ /kisskb/src/include/linux/sh_intc.h:107:27: note: in expansion of macro '_INTC_ARRAY' 107 | _INTC_ARRAY(sense_regs), _INTC_ARRAY(ack_regs), \ | ^~~~~~~~~~~ /kisskb/src/include/linux/sh_intc.h:124:8: note: in expansion of macro 'INTC_HW_DESC' 124 | .hw = INTC_HW_DESC(vectors, groups, mask_regs, \ | ^~~~~~~~~~~~ /kisskb/src/arch/sh/kernel/cpu/sh2/setup-sh7619.c:58:8: note: in expansion of macro 'DECLARE_INTC_DESC' 58 | static DECLARE_INTC_DESC(intc_desc, "sh7619", vectors, NULL, | ^~~~~~~~~~~~~~~~~ /kisskb/src/drivers/tty/serial/sh-sci.c: In function 'sci_remap_port': /kisskb/src/drivers/tty/serial/sh-sci.c:2677:19: warning: unused variable 'sport' [-Wunused-variable] 2677 | struct sci_port *sport = to_sci_port(port); | ^~~~~ Completed OK # rm -rf /kisskb/build/linus_se7619_defconfig_sh4-gcc10 # Build took: 0:00:32.480626