[<prev] [next>] [day] [month] [year] [list]
Message-ID: <CAHk-=wiHJAb6NJU7rqy6NZsh0SoJfFdpQG_Gc0iFcuLcFAZ++g@mail.gmail.com>
Date: Wed, 6 Dec 2023 20:40:10 +0900
From: Linus Torvalds <torvalds@...ux-foundation.org>
To: Hillf Danton <hdanton@...a.com>
Cc: Petr Mladek <pmladek@...e.com>,
Tetsuo Handa <penguin-kernel@...ove.sakura.ne.jp>,
syzbot <syzbot+186b55175d8360728234@...kaller.appspotmail.com>,
linux-kernel@...r.kernel.org, Matthew Wilcox <willy@...radead.org>,
John Ogness <john.ogness@...utronix.de>,
Waiman Long <longman@...hat.com>,
syzkaller-bugs@...glegroups.com
Subject: Re: [syzbot] [kernel?] possible deadlock in stack_depot_put
On Wed, 6 Dec 2023 at 20:22, Hillf Danton <hdanton@...a.com> wrote:
>
> Given the same pattern in both up() and __mutex_unlock_slowpath() where
> acquire raw spinlock to wake waiter up, it is safe to unlock mutex in
> irq context.
What? No. That spinlock is exactly why it is NOT OK to unlock a mutex
in irq context.
If somebody else is trying to get or release the mutex at the same
time an interrupt happens, you now have an immediate deadlock.
No spinlocks - raw or not - are irq safe.
The only way you make them irq-safe is by disabling interrupts
entirely across the locked region, which the mutex code very much does
not do, and does not want to do.
So no. Mutexes are not usable from interrupts.
So repeat after me: MUTEXES CANNOT BE USED IN ANY FORM IN INTERRUPT
CONTEXT. End of story.
Other locks do work. completions are designed to be done from
interrupts. And our legacy semaphores were irq-safe (for wakeups) from
day one, which is then why the spinlock in the legacy semaphore is
done with interrupts disabled, and why you can do "down_trylock()" and
"up[()" in interrupt context.
But mutexes wanted to consciously avoid that, partly *exactly* because
they didn't want to have the more expensive irq-safe spinlocks
(particularly with the debugging versions)
Linus
Powered by blists - more mailing lists