On 09/15, Peter Zijlstra wrote:
>
> On Tue, Sep 15, 2020 at 10:07:50PM +0800, Hou Tao wrote:
> > Under aarch64, __this_cpu_inc() is neither IRQ-safe nor atomic, so
> > when percpu_up_read() is invoked under IRQ-context (e.g. aio completion),
> > and it interrupts the process on the same CPU which is invoking
> > percpu_down_read(), the decreasement on read_count may lost and
> > the final value of read_count on the CPU will be unexpected
> > as shown below:
>
> > Fixing it by using the IRQ-safe helper this_cpu_inc|dec() for
> > operations on read_count.
> >
> > Another plausible fix is to state that percpu-rwsem can NOT be
> > used under IRQ context and convert all users which may
> > use it under IRQ context.
>
> *groan*...
>
> So yeah, fs/super totally abuses percpu_rwsem, and yes, using it from
> IRQ context is totally out of spec. That said, we've (grudgingly)
> accomodated them before.
Yes, I didn't expect percpu_up_ can be called from IRQ :/
> This seems to be a fairly long standing issue, and certainly not unique
> to ARM64 either (Power, and anyone else using asm-gemeric/percpu.h,
> should be similarly affected I think). The issue seems to stem from
> Oleg's original rewrite:
>
> a1fd3e24d8a4 ("percpu_rw_semaphore: reimplement to not block the readers unnecessarily")
Not really... I think it was 70fe2f48152e ("aio: fix freeze protection of aio writes").
And iiuc io_uring does the same.
> and is certainly an understandable mistake.
>
> I'm torn on what to do, using this_cpu over __this_cpu is going to
> adversely affect code-gen (and possibly performance) for all the
> percpu-rwsem users that are not quite so 'creative'.
Yes, but what else can we do?
Oleg.
