Re: [PATCH RFC 3/5] sched/cpufreq: Fix incorrect RCU API usage

From: Paul E. McKenney
Date: Thu Feb 21 2019 - 10:52:36 EST


On Thu, Feb 21, 2019 at 04:31:17PM +0100, Peter Zijlstra wrote:
> On Thu, Feb 21, 2019 at 10:21:39AM -0500, Joel Fernandes wrote:
> > On Thu, Feb 21, 2019 at 10:18:05AM +0100, Peter Zijlstra wrote:
> > > On Thu, Feb 21, 2019 at 12:49:40AM -0500, Joel Fernandes (Google) wrote:
> > > > @@ -34,8 +34,12 @@ void cpufreq_add_update_util_hook(int cpu, struct update_util_data *data,
> > > > if (WARN_ON(!data || !func))
> > > > return;
> > > >
> > > > - if (WARN_ON(per_cpu(cpufreq_update_util_data, cpu)))
> > > > + rcu_read_lock();
> > > > + if (WARN_ON(rcu_dereference(per_cpu(cpufreq_update_util_data, cpu)))) {
> > > > + rcu_read_unlock();
> > > > return;
> > > > + }
> > > > + rcu_read_unlock();
> > > >
> > > > data->func = func;
> > > > rcu_assign_pointer(per_cpu(cpufreq_update_util_data, cpu), data);
> > >
> > > This doesn't make any kind of sense to me.
> > >
> >
> > As per the rcu_assign_pointer() line, I inferred that
> > cpufreq_update_util_data is expected to be RCU protected. Reading the pointer
> > value of RCU pointers generally needs to be done from RCU read section, and
> > using rcu_dereference() (or using rcu_access()).
> >
> > In this patch, I changed cpufreq_update_util_data to be __rcu annotated to
> > avoid the sparse error thrown by rcu_assign_pointer().
> >
> > Instead of doing that, If your intention here is RELEASE barrier, should I
> > just replace in this function:
> > rcu_assign_pointer(per_cpu(cpufreq_update_util_data, cpu), data);
> > with:
> > smp_store_release(per_cpu(cpufreq_update_util_data, cpu), data))
> > ?
> >
> > It would be nice IMO to be explicit about the intention of release/publish
> > semantics by using smp_store_release().
>
> No, it is RCU managed, it should be RCU. The problem is that the hunk
> above is utter crap.
>
> All that does is read the pointer, it never actually dereferences it.

For whatever it is worth, in that case it could use rcu_access_pointer().
And this primitive does not do the lockdep check for being within an RCU
read-side critical section. As Peter says, if there is no dereferencing,
there can be no use-after-free bug, so the RCU read-side critical is
not needed.

Good eyes, Peter! ;-)

Thanx, Paul