Re: rt_spin_unlock order of operations [was: Re: [syzbot] [fs?] KASAN: slab-use-after-free Read in shrink_dcache_tree]

Next message: Thomas Huth: "[PATCH v2] static_call / jump_label: Replace __ASSEMBLY__ with __ASSEMBLER__ in headers"
Previous message: Thomas Gleixner: "Re: [PATCH v2 00/13] Dynamic Kernel Stacks"
In reply to: Sebastian Andrzej Siewior: "Re: rt_spin_unlock order of operations [was: Re: [syzbot] [fs?] KASAN: slab-use-after-free Read in shrink_dcache_tree]"
Next in thread: Thomas Gleixner: "[PATCH V2] locking/rt: Fix the incorrect RCU protection in rt_spin_unlock()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Thomas Gleixner

Date: Fri Jun 19 2026 - 08:47:08 EST

On Fri, Jun 19 2026 at 10:39, Sebastian Andrzej Siewior wrote:
> On 2026-06-19 00:24:58 [+0200], Thomas Gleixner wrote:
>
> would you mind folding the following? I don't see why the rwlocks should
> be treated any different.

Duh. I wanted to look at it but my brain only works partially in this
heat ...

> diff --git a/kernel/locking/spinlock_rt.c b/kernel/locking/spinlock_rt.c
> index db1e11b45de67..4fb77daafd758 100644
> --- a/kernel/locking/spinlock_rt.c
> +++ b/kernel/locking/spinlock_rt.c
> @@ -262,17 +262,21 @@ void __sched rt_read_unlock(rwlock_t *rwlock) __releases(RCU)
> {
> rwlock_release(&rwlock->dep_map, _RET_IP_);
> migrate_enable();
> - rcu_read_unlock();
> rwbase_read_unlock(&rwlock->rwbase, TASK_RTLOCK_WAIT);
> +
> + /* This must be last to prevent, see rt_spin_unlock() */
> + rcu_read_unlock();
> }
> EXPORT_SYMBOL(rt_read_unlock);
>
> void __sched rt_write_unlock(rwlock_t *rwlock) __releases(RCU)
> {
> rwlock_release(&rwlock->dep_map, _RET_IP_);
> - rcu_read_unlock();
> migrate_enable();
> rwbase_write_unlock(&rwlock->rwbase);
> +
> + /* This must be last to prevent, see rt_spin_unlock() */
> + rcu_read_unlock();
> }
> EXPORT_SYMBOL(rt_write_unlock);
>