I think the patch is fine, but this reminds me...
On 03/07, tip-bot for Jason Low wrote:
>
> bool rwsem_spin_on_owner(struct rw_semaphore *sem, struct task_struct *owner)
> {
> long count;
>
> rcu_read_lock();
> - while (owner_running(sem, owner)) {
> - /* abort spinning when need_resched */
> - if (need_resched()) {
> + while (sem->owner == owner) {
> + /*
> + * Ensure we emit the owner->on_cpu, dereference _after_
> + * checking sem->owner still matches owner, if that fails,
> + * owner might point to free()d memory, if it still matches,
> + * the rcu_read_lock() ensures the memory stays valid.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Yes, this is another case when we wrongly assume this.
Peter, should I resend
[PATCH 3/3] introduce task_rcu_dereference()
http://marc.info/?l=linux-kernel&m=141443631413914
? or should we add another call_rcu() in finish_task_switch() (like -rt does)
to make this true?
Oleg.
--
To unsubscribe from this list: send the line "unsubscribe linux-tip-commits" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
|