On 30/09/21 00:10, Frederic Weisbecker wrote: > From: Thomas Gleixner <tglx@xxxxxxxxxxxxx> > > While reporting a quiescent state for a given CPU, rcu_core() takes > advantage of the freshly loaded grace period sequence number and the > locked rnp to accelerate the callbacks whose sequence number have been > assigned a stale value. > > This action is only necessary when the rdp isn't offloaded, otherwise > the NOCB kthreads already take care of the callbacks progression. > > However the check for the offloaded state is volatile because it is > performed outside the IRQs disabled section. It's possible for the > offloading process to preempt rcu_core() at that point on PREEMPT_RT. > > This is dangerous because rcu_core() may end up accelerating callbacks > concurrently with NOCB kthreads without appropriate locking. > > Fix this with moving the offloaded check inside the rnp locking section. > > Reported-by: Valentin Schneider <valentin.schneider@xxxxxxx> > Signed-off-by: Thomas Gleixner <tglx@xxxxxxxxxxxxx> > Cc: Valentin Schneider <valentin.schneider@xxxxxxx> > Cc: Peter Zijlstra <peterz@xxxxxxxxxxxxx> > Cc: Sebastian Andrzej Siewior <bigeasy@xxxxxxxxxxxxx> > Cc: Josh Triplett <josh@xxxxxxxxxxxxxxxx> > Cc: Joel Fernandes <joel@xxxxxxxxxxxxxxxxx> > Cc: Boqun Feng <boqun.feng@xxxxxxxxx> > Cc: Neeraj Upadhyay <neeraju@xxxxxxxxxxxxxx> > Cc: Uladzislau Rezki <urezki@xxxxxxxxx> > Cc: Thomas Gleixner <tglx@xxxxxxxxxxxxx> > Signed-off-by: Frederic Weisbecker <frederic@xxxxxxxxxx> Reviewed-by: Valentin Schneider <valentin.schneider@xxxxxxx>
