Re: [PATCH v4 14/16] locking/rwsem: Guard against making count negative

From: Peter Zijlstra
Date: Thu Apr 18 2019 - 10:31:11 EST


On Thu, Apr 18, 2019 at 10:08:28AM -0400, Waiman Long wrote:
> On 04/18/2019 09:51 AM, Peter Zijlstra wrote:
> > On Sat, Apr 13, 2019 at 01:22:57PM -0400, Waiman Long wrote:
> >> inline void __down_read(struct rw_semaphore *sem)
> >> {
> >> + long count = atomic_long_fetch_add_acquire(RWSEM_READER_BIAS,
> >> + &sem->count);
> >> +
> >> + if (unlikely(count & RWSEM_READ_FAILED_MASK)) {
> >> + rwsem_down_read_failed(sem, count);
> >> DEBUG_RWSEMS_WARN_ON(!is_rwsem_reader_owned(sem), sem);
> >> } else {
> >> rwsem_set_reader_owned(sem);
> > *groan*, that is not provably correct. It is entirely possible to get
> > enough fetch_add()s piled on top of one another to overflow regardless.
> >
> > Unlikely, yes, impossible, no.
> >
> > This makes me nervious as heck, I really don't want to ever have to
> > debug something like that :-(
>
> The number of fetch_add() that can pile up is limited by the number of
> CPUs available in the system.

Uhhn, no. There is no preempt_disable() anywhere here. So even UP can
overflow if it has enough tasks.