• Will Deacon's avatar
    locking/qspinlock: Ensure node is initialised before updating prev->next · 95bcade3
    Will Deacon authored
    When a locker ends up queuing on the qspinlock locking slowpath, we
    initialise the relevant mcs node and publish it indirectly by updating
    the tail portion of the lock word using xchg_tail. If we find that there
    was a pre-existing locker in the queue, we subsequently update their
    ->next field to point at our node so that we are notified when it's our
    turn to take the lock.
    This can be roughly illustrated as follows:
      /* Initialise the fields in node and encode a pointer to node in tail */
      tail = initialise_node(node);
       * Exchange tail into the lockword using an atomic read-modify-write
       * operation with release semantics
      old = xchg_tail(lock, tail);
      /* If there was a pre-existing waiter ... */
      if (old & _Q_TAIL_MASK) {
    	prev = decode_tail(old);
    	/* ... then update their ->next field to point to node.
    	WRITE_ONCE(prev->next, node);
    The conditional update of prev->next therefore relies on the address
    dependency from the result of xchg_tail ensuring order against the
    prior initialisation of node. However, since the release semantics of
    the xchg_tail operation apply only to the write portion of the RmW,
    then this ordering is not guaranteed and it is possible for the CPU
    to return old before the writes to node have been published, consequently
    allowing us to point prev->next to an uninitialised node.
    This patch fixes the problem by making the update of prev->next a RELEASE
    operation, which also removes the reliance on dependency ordering.
    Signed-off-by: default avatarWill Deacon <will.deacon@arm.com>
    Acked-by: default avatarPeter Zijlstra (Intel) <peterz@infradead.org>
    Cc: Linus Torvalds <torvalds@linux-foundation.org>
    Cc: Thomas Gleixner <tglx@linutronix.de>
    Link: http://lkml.kernel.org/r/1518528177-19169-2-git-send-email-will.deacon@arm.com
    Signed-off-by: default avatarIngo Molnar <mingo@kernel.org>
qspinlock.c 14.2 KB