forked from mirrors/linux
f5ad399149
The cleanup_srcu_struct_quiesced() function was added because NVME used WQ_MEM_RECLAIM workqueues and SRCU did not, which meant that NVME workqueues waiting on SRCU workqueues could result in deadlocks during low-memory conditions. However, SRCU now also has WQ_MEM_RECLAIM workqueues, so there is no longer a potential for deadlock. Furthermore, it turns out to be extremely hard to use cleanup_srcu_struct_quiesced() correctly due to the fact that SRCU callback invocation accesses the srcu_struct structure's per-CPU data area just after callbacks are invoked. Therefore, the usual practice of using srcu_barrier() to wait for callbacks to be invoked before invoking cleanup_srcu_struct_quiesced() fails because SRCU's callback-invocation workqueue handler might be delayed, which can result in cleanup_srcu_struct_quiesced() being invoked (and thus freeing the per-CPU data) before the SRCU's callback-invocation workqueue handler is finished using that per-CPU data. Nor is this a theoretical problem: KASAN emitted use-after-free warnings because of this problem on actual runs. In short, NVME can now safely invoke cleanup_srcu_struct(), which avoids the use-after-free scenario. And cleanup_srcu_struct_quiesced() is quite difficult to use safely. This commit therefore removes cleanup_srcu_struct_quiesced(), switching its sole user back to cleanup_srcu_struct(). This effectively reverts the following pair of commits:f7194ac32c("srcu: Add cleanup_srcu_struct_quiesced()")4317228ad9("nvme: Avoid flush dependency in delete controller flow") Reported-by: Bart Van Assche <bvanassche@acm.org> Signed-off-by: Paul E. McKenney <paulmck@linux.ibm.com> Reviewed-by: Bart Van Assche <bvanassche@acm.org> Tested-by: Bart Van Assche <bvanassche@acm.org>
205 lines
6.6 KiB
C
205 lines
6.6 KiB
C
/* SPDX-License-Identifier: GPL-2.0+ */
|
|
/*
|
|
* Sleepable Read-Copy Update mechanism for mutual exclusion
|
|
*
|
|
* Copyright (C) IBM Corporation, 2006
|
|
* Copyright (C) Fujitsu, 2012
|
|
*
|
|
* Author: Paul McKenney <paulmck@linux.ibm.com>
|
|
* Lai Jiangshan <laijs@cn.fujitsu.com>
|
|
*
|
|
* For detailed explanation of Read-Copy Update mechanism see -
|
|
* Documentation/RCU/ *.txt
|
|
*
|
|
*/
|
|
|
|
#ifndef _LINUX_SRCU_H
|
|
#define _LINUX_SRCU_H
|
|
|
|
#include <linux/mutex.h>
|
|
#include <linux/rcupdate.h>
|
|
#include <linux/workqueue.h>
|
|
#include <linux/rcu_segcblist.h>
|
|
|
|
struct srcu_struct;
|
|
|
|
#ifdef CONFIG_DEBUG_LOCK_ALLOC
|
|
|
|
int __init_srcu_struct(struct srcu_struct *ssp, const char *name,
|
|
struct lock_class_key *key);
|
|
|
|
#define init_srcu_struct(ssp) \
|
|
({ \
|
|
static struct lock_class_key __srcu_key; \
|
|
\
|
|
__init_srcu_struct((ssp), #ssp, &__srcu_key); \
|
|
})
|
|
|
|
#define __SRCU_DEP_MAP_INIT(srcu_name) .dep_map = { .name = #srcu_name },
|
|
#else /* #ifdef CONFIG_DEBUG_LOCK_ALLOC */
|
|
|
|
int init_srcu_struct(struct srcu_struct *ssp);
|
|
|
|
#define __SRCU_DEP_MAP_INIT(srcu_name)
|
|
#endif /* #else #ifdef CONFIG_DEBUG_LOCK_ALLOC */
|
|
|
|
#ifdef CONFIG_TINY_SRCU
|
|
#include <linux/srcutiny.h>
|
|
#elif defined(CONFIG_TREE_SRCU)
|
|
#include <linux/srcutree.h>
|
|
#elif defined(CONFIG_SRCU)
|
|
#error "Unknown SRCU implementation specified to kernel configuration"
|
|
#else
|
|
/* Dummy definition for things like notifiers. Actual use gets link error. */
|
|
struct srcu_struct { };
|
|
#endif
|
|
|
|
void call_srcu(struct srcu_struct *ssp, struct rcu_head *head,
|
|
void (*func)(struct rcu_head *head));
|
|
void cleanup_srcu_struct(struct srcu_struct *ssp);
|
|
int __srcu_read_lock(struct srcu_struct *ssp) __acquires(ssp);
|
|
void __srcu_read_unlock(struct srcu_struct *ssp, int idx) __releases(ssp);
|
|
void synchronize_srcu(struct srcu_struct *ssp);
|
|
|
|
#ifdef CONFIG_DEBUG_LOCK_ALLOC
|
|
|
|
/**
|
|
* srcu_read_lock_held - might we be in SRCU read-side critical section?
|
|
* @ssp: The srcu_struct structure to check
|
|
*
|
|
* If CONFIG_DEBUG_LOCK_ALLOC is selected, returns nonzero iff in an SRCU
|
|
* read-side critical section. In absence of CONFIG_DEBUG_LOCK_ALLOC,
|
|
* this assumes we are in an SRCU read-side critical section unless it can
|
|
* prove otherwise.
|
|
*
|
|
* Checks debug_lockdep_rcu_enabled() to prevent false positives during boot
|
|
* and while lockdep is disabled.
|
|
*
|
|
* Note that SRCU is based on its own statemachine and it doesn't
|
|
* relies on normal RCU, it can be called from the CPU which
|
|
* is in the idle loop from an RCU point of view or offline.
|
|
*/
|
|
static inline int srcu_read_lock_held(const struct srcu_struct *ssp)
|
|
{
|
|
if (!debug_lockdep_rcu_enabled())
|
|
return 1;
|
|
return lock_is_held(&ssp->dep_map);
|
|
}
|
|
|
|
#else /* #ifdef CONFIG_DEBUG_LOCK_ALLOC */
|
|
|
|
static inline int srcu_read_lock_held(const struct srcu_struct *ssp)
|
|
{
|
|
return 1;
|
|
}
|
|
|
|
#endif /* #else #ifdef CONFIG_DEBUG_LOCK_ALLOC */
|
|
|
|
/**
|
|
* srcu_dereference_check - fetch SRCU-protected pointer for later dereferencing
|
|
* @p: the pointer to fetch and protect for later dereferencing
|
|
* @ssp: pointer to the srcu_struct, which is used to check that we
|
|
* really are in an SRCU read-side critical section.
|
|
* @c: condition to check for update-side use
|
|
*
|
|
* If PROVE_RCU is enabled, invoking this outside of an RCU read-side
|
|
* critical section will result in an RCU-lockdep splat, unless @c evaluates
|
|
* to 1. The @c argument will normally be a logical expression containing
|
|
* lockdep_is_held() calls.
|
|
*/
|
|
#define srcu_dereference_check(p, ssp, c) \
|
|
__rcu_dereference_check((p), (c) || srcu_read_lock_held(ssp), __rcu)
|
|
|
|
/**
|
|
* srcu_dereference - fetch SRCU-protected pointer for later dereferencing
|
|
* @p: the pointer to fetch and protect for later dereferencing
|
|
* @ssp: pointer to the srcu_struct, which is used to check that we
|
|
* really are in an SRCU read-side critical section.
|
|
*
|
|
* Makes rcu_dereference_check() do the dirty work. If PROVE_RCU
|
|
* is enabled, invoking this outside of an RCU read-side critical
|
|
* section will result in an RCU-lockdep splat.
|
|
*/
|
|
#define srcu_dereference(p, ssp) srcu_dereference_check((p), (ssp), 0)
|
|
|
|
/**
|
|
* srcu_dereference_notrace - no tracing and no lockdep calls from here
|
|
* @p: the pointer to fetch and protect for later dereferencing
|
|
* @ssp: pointer to the srcu_struct, which is used to check that we
|
|
* really are in an SRCU read-side critical section.
|
|
*/
|
|
#define srcu_dereference_notrace(p, ssp) srcu_dereference_check((p), (ssp), 1)
|
|
|
|
/**
|
|
* srcu_read_lock - register a new reader for an SRCU-protected structure.
|
|
* @ssp: srcu_struct in which to register the new reader.
|
|
*
|
|
* Enter an SRCU read-side critical section. Note that SRCU read-side
|
|
* critical sections may be nested. However, it is illegal to
|
|
* call anything that waits on an SRCU grace period for the same
|
|
* srcu_struct, whether directly or indirectly. Please note that
|
|
* one way to indirectly wait on an SRCU grace period is to acquire
|
|
* a mutex that is held elsewhere while calling synchronize_srcu() or
|
|
* synchronize_srcu_expedited().
|
|
*
|
|
* Note that srcu_read_lock() and the matching srcu_read_unlock() must
|
|
* occur in the same context, for example, it is illegal to invoke
|
|
* srcu_read_unlock() in an irq handler if the matching srcu_read_lock()
|
|
* was invoked in process context.
|
|
*/
|
|
static inline int srcu_read_lock(struct srcu_struct *ssp) __acquires(ssp)
|
|
{
|
|
int retval;
|
|
|
|
retval = __srcu_read_lock(ssp);
|
|
rcu_lock_acquire(&(ssp)->dep_map);
|
|
return retval;
|
|
}
|
|
|
|
/* Used by tracing, cannot be traced and cannot invoke lockdep. */
|
|
static inline notrace int
|
|
srcu_read_lock_notrace(struct srcu_struct *ssp) __acquires(ssp)
|
|
{
|
|
int retval;
|
|
|
|
retval = __srcu_read_lock(ssp);
|
|
return retval;
|
|
}
|
|
|
|
/**
|
|
* srcu_read_unlock - unregister a old reader from an SRCU-protected structure.
|
|
* @ssp: srcu_struct in which to unregister the old reader.
|
|
* @idx: return value from corresponding srcu_read_lock().
|
|
*
|
|
* Exit an SRCU read-side critical section.
|
|
*/
|
|
static inline void srcu_read_unlock(struct srcu_struct *ssp, int idx)
|
|
__releases(ssp)
|
|
{
|
|
WARN_ON_ONCE(idx & ~0x1);
|
|
rcu_lock_release(&(ssp)->dep_map);
|
|
__srcu_read_unlock(ssp, idx);
|
|
}
|
|
|
|
/* Used by tracing, cannot be traced and cannot call lockdep. */
|
|
static inline notrace void
|
|
srcu_read_unlock_notrace(struct srcu_struct *ssp, int idx) __releases(ssp)
|
|
{
|
|
__srcu_read_unlock(ssp, idx);
|
|
}
|
|
|
|
/**
|
|
* smp_mb__after_srcu_read_unlock - ensure full ordering after srcu_read_unlock
|
|
*
|
|
* Converts the preceding srcu_read_unlock into a two-way memory barrier.
|
|
*
|
|
* Call this after srcu_read_unlock, to guarantee that all memory operations
|
|
* that occur after smp_mb__after_srcu_read_unlock will appear to happen after
|
|
* the preceding srcu_read_unlock.
|
|
*/
|
|
static inline void smp_mb__after_srcu_read_unlock(void)
|
|
{
|
|
/* __srcu_read_unlock has smp_mb() internally so nothing to do here. */
|
|
}
|
|
|
|
#endif
|