€•¯<Œsphinx.addnodes”Œdocument”“”)”}”(Œ rawsource”Œ”Œchildren”]”(Œ translations”Œ LanguagesNode”“”)”}”(hhh]”(hŒ pending_xref”“”)”}”(hhh]”Œdocutils.nodes”ŒText”“”ŒChinese (Simplified)”…””}”Œparent”hsbaŒ attributes”}”(Œids”]”Œclasses”]”Œnames”]”Œdupnames”]”Œbackrefs”]”Œ refdomain”Œstd”Œreftype”Œdoc”Œ reftarget”Œ%/translations/zh_CN/RCU/lockdep-splat”Œmodname”NŒ classname”NŒ refexplicit”ˆuŒtagname”hhh ubh)”}”(hhh]”hŒChinese (Traditional)”…””}”hh2sbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ%/translations/zh_TW/RCU/lockdep-splat”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubh)”}”(hhh]”hŒItalian”…””}”hhFsbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ%/translations/it_IT/RCU/lockdep-splat”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubh)”}”(hhh]”hŒJapanese”…””}”hhZsbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ%/translations/ja_JP/RCU/lockdep-splat”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubh)”}”(hhh]”hŒKorean”…””}”hhnsbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ%/translations/ko_KR/RCU/lockdep-splat”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubh)”}”(hhh]”hŒSpanish”…””}”hh‚sbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ%/translations/sp_SP/RCU/lockdep-splat”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubeh}”(h]”h ]”h"]”h$]”h&]”Œcurrent_language”ŒEnglish”uh1h hhŒ _document”hŒsource”NŒline”NubhŒcomment”“”)”}”(hŒ SPDX-License-Identifier: GPL-2.0”h]”hŒ SPDX-License-Identifier: GPL-2.0”…””}”hh£sbah}”(h]”h ]”h"]”h$]”h&]”Œ xml:space”Œpreserve”uh1h¡hhhžhhŸŒ?/var/lib/git/docbuild/linux/Documentation/RCU/lockdep-splat.rst”h KubhŒsection”“”)”}”(hhh]”(hŒtitle”“”)”}”(hŒLockdep-RCU Splat”h]”hŒLockdep-RCU Splat”…””}”(hh»hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¹hh¶hžhhŸh³h KubhŒ paragraph”“”)”}”(hXPLockdep-RCU was added to the Linux kernel in early 2010 (http://lwn.net/Articles/371986/). This facility checks for some common misuses of the RCU API, most notably using one of the rcu_dereference() family to access an RCU-protected pointer without the proper protection. When such misuse is detected, an lockdep-RCU splat is emitted.”h]”(hŒ9Lockdep-RCU was added to the Linux kernel in early 2010 (”…””}”(hhËhžhhŸNh NubhŒ reference”“”)”}”(hŒhttp://lwn.net/Articles/371986/”h]”hŒhttp://lwn.net/Articles/371986/”…””}”(hhÕhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”Œrefuri”h×uh1hÓhhËubhŒø). This facility checks for some common misuses of the RCU API, most notably using one of the rcu_dereference() family to access an RCU-protected pointer without the proper protection. When such misuse is detected, an lockdep-RCU splat is emitted.”…””}”(hhËhžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h Khh¶hžhubhÊ)”}”(hX‚The usual cause of a lockdep-RCU splat is someone accessing an RCU-protected data structure without either (1) being in the right kind of RCU read-side critical section or (2) holding the right update-side lock. This problem can therefore be serious: it might result in random memory overwriting or worse. There can of course be false positives, this being the real world and all that.”h]”hX‚The usual cause of a lockdep-RCU splat is someone accessing an RCU-protected data structure without either (1) being in the right kind of RCU read-side critical section or (2) holding the right update-side lock. This problem can therefore be serious: it might result in random memory overwriting or worse. There can of course be false positives, this being the real world and all that.”…””}”(hhîhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h K hh¶hžhubhÊ)”}”(hŒ`So let's look at an example RCU lockdep splat from 3.0-rc5, one that has long since been fixed::”h]”hŒaSo let’s look at an example RCU lockdep splat from 3.0-rc5, one that has long since been fixed:”…””}”(hhühžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h Khh¶hžhubhŒ literal_block”“”)”}”(hŒ ============================= WARNING: suspicious RCU usage ----------------------------- block/cfq-iosched.c:2776 suspicious rcu_dereference_protected() usage!”h]”hŒ ============================= WARNING: suspicious RCU usage ----------------------------- block/cfq-iosched.c:2776 suspicious rcu_dereference_protected() usage!”…””}”hj sbah}”(h]”h ]”h"]”h$]”h&]”h±h²uh1j hŸh³h Khh¶hžhubhÊ)”}”(hŒ*other info that might help us debug this::”h]”hŒ)other info that might help us debug this:”…””}”(hjhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h Khh¶hžhubj )”}”(hX‘rcu_scheduler_active = 1, debug_locks = 0 3 locks held by scsi_scan_6/1552: #0: (&shost->scan_mutex){+.+.}, at: [] scsi_scan_host_selected+0x5a/0x150 #1: (&eq->sysfs_lock){+.+.}, at: [] elevator_exit+0x22/0x60 #2: (&(&q->__queue_lock)->rlock){-.-.}, at: [] cfq_exit_queue+0x43/0x190 stack backtrace: Pid: 1552, comm: scsi_scan_6 Not tainted 3.0.0-rc5 #17 Call Trace: [] lockdep_rcu_dereference+0xbb/0xc0 [] __cfq_exit_single_io_context+0xe9/0x120 [] cfq_exit_queue+0x7c/0x190 [] elevator_exit+0x36/0x60 [] blk_cleanup_queue+0x4a/0x60 [] scsi_free_queue+0x9/0x10 [] __scsi_remove_device+0x84/0xd0 [] scsi_probe_and_add_lun+0x353/0xb10 [] ? error_exit+0x29/0xb0 [] ? _raw_spin_unlock_irqrestore+0x3d/0x80 [] __scsi_scan_target+0x112/0x680 [] ? trace_hardirqs_off_thunk+0x3a/0x3c [] ? error_exit+0x29/0xb0 [] ? kobject_del+0x40/0x40 [] scsi_scan_channel+0x86/0xb0 [] scsi_scan_host_selected+0x140/0x150 [] do_scsi_scan_host+0x89/0x90 [] do_scan_async+0x20/0x160 [] ? do_scsi_scan_host+0x90/0x90 [] kthread+0xa6/0xb0 [] kernel_thread_helper+0x4/0x10 [] ? finish_task_switch+0x80/0x110 [] ? retint_restore_args+0xe/0xe [] ? __kthread_init_worker+0x70/0x70 [] ? gs_change+0xb/0xb”h]”hX‘rcu_scheduler_active = 1, debug_locks = 0 3 locks held by scsi_scan_6/1552: #0: (&shost->scan_mutex){+.+.}, at: [] scsi_scan_host_selected+0x5a/0x150 #1: (&eq->sysfs_lock){+.+.}, at: [] elevator_exit+0x22/0x60 #2: (&(&q->__queue_lock)->rlock){-.-.}, at: [] cfq_exit_queue+0x43/0x190 stack backtrace: Pid: 1552, comm: scsi_scan_6 Not tainted 3.0.0-rc5 #17 Call Trace: [] lockdep_rcu_dereference+0xbb/0xc0 [] __cfq_exit_single_io_context+0xe9/0x120 [] cfq_exit_queue+0x7c/0x190 [] elevator_exit+0x36/0x60 [] blk_cleanup_queue+0x4a/0x60 [] scsi_free_queue+0x9/0x10 [] __scsi_remove_device+0x84/0xd0 [] scsi_probe_and_add_lun+0x353/0xb10 [] ? error_exit+0x29/0xb0 [] ? _raw_spin_unlock_irqrestore+0x3d/0x80 [] __scsi_scan_target+0x112/0x680 [] ? trace_hardirqs_off_thunk+0x3a/0x3c [] ? error_exit+0x29/0xb0 [] ? kobject_del+0x40/0x40 [] scsi_scan_channel+0x86/0xb0 [] scsi_scan_host_selected+0x140/0x150 [] do_scsi_scan_host+0x89/0x90 [] do_scan_async+0x20/0x160 [] ? do_scsi_scan_host+0x90/0x90 [] kthread+0xa6/0xb0 [] kernel_thread_helper+0x4/0x10 [] ? finish_task_switch+0x80/0x110 [] ? retint_restore_args+0xe/0xe [] ? __kthread_init_worker+0x70/0x70 [] ? gs_change+0xb/0xb”…””}”hj(sbah}”(h]”h ]”h"]”h$]”h&]”h±h²uh1j hŸh³h Khh¶hžhubhÊ)”}”(hŒioc_data) == cic) {”h]”hŒ,if (rcu_dereference(ioc->ioc_data) == cic) {”…””}”hjDsbah}”(h]”h ]”h"]”h$]”h&]”h±h²uh1j hŸh³h KFhh¶hžhubhÊ)”}”(hXóThis form says that it must be in a plain vanilla RCU read-side critical section, but the "other info" list above shows that this is not the case. Instead, we hold three locks, one of which might be RCU related. And maybe that lock really does protect this reference. If so, the fix is to inform RCU, perhaps by changing __cfq_exit_single_io_context() to take the struct request_queue "q" from cfq_exit_queue() as an argument, which would permit us to invoke rcu_dereference_protected as follows::”h]”hXúThis form says that it must be in a plain vanilla RCU read-side critical section, but the “other info†list above shows that this is not the case. Instead, we hold three locks, one of which might be RCU related. And maybe that lock really does protect this reference. If so, the fix is to inform RCU, perhaps by changing __cfq_exit_single_io_context() to take the struct request_queue “q†from cfq_exit_queue() as an argument, which would permit us to invoke rcu_dereference_protected as follows:”…””}”(hjRhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h KHhh¶hžhubj )”}”(hŒuif (rcu_dereference_protected(ioc->ioc_data, lockdep_is_held(&q->queue_lock)) == cic) {”h]”hŒuif (rcu_dereference_protected(ioc->ioc_data, lockdep_is_held(&q->queue_lock)) == cic) {”…””}”hj`sbah}”(h]”h ]”h"]”h$]”h&]”h±h²uh1j hŸh³h KPhh¶hžhubhÊ)”}”(hX*With this change, there would be no lockdep-RCU splat emitted if this code was invoked either from within an RCU read-side critical section or with the ->queue_lock held. In particular, this would have suppressed the above lockdep-RCU splat because ->queue_lock is held (see #2 in the list above).”h]”hX*With this change, there would be no lockdep-RCU splat emitted if this code was invoked either from within an RCU read-side critical section or with the ->queue_lock held. In particular, this would have suppressed the above lockdep-RCU splat because ->queue_lock is held (see #2 in the list above).”…””}”(hjnhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h KShh¶hžhubhÊ)”}”(hXPOn the other hand, perhaps we really do need an RCU read-side critical section. In this case, the critical section must span the use of the return value from rcu_dereference(), or at least until there is some reference count incremented or some such. One way to handle this is to add rcu_read_lock() and rcu_read_unlock() as follows::”h]”hXOOn the other hand, perhaps we really do need an RCU read-side critical section. In this case, the critical section must span the use of the return value from rcu_dereference(), or at least until there is some reference count incremented or some such. One way to handle this is to add rcu_read_lock() and rcu_read_unlock() as follows:”…””}”(hj|hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h KYhh¶hžhubj )”}”(hŒÃrcu_read_lock(); if (rcu_dereference(ioc->ioc_data) == cic) { spin_lock(&ioc->lock); rcu_assign_pointer(ioc->ioc_data, NULL); spin_unlock(&ioc->lock); } rcu_read_unlock();”h]”hŒÃrcu_read_lock(); if (rcu_dereference(ioc->ioc_data) == cic) { spin_lock(&ioc->lock); rcu_assign_pointer(ioc->ioc_data, NULL); spin_unlock(&ioc->lock); } rcu_read_unlock();”…””}”hjŠsbah}”(h]”h ]”h"]”h$]”h&]”h±h²uh1j hŸh³h K_hh¶hžhubhÊ)”}”(hŒšWith this change, the rcu_dereference() is always within an RCU read-side critical section, which again would have suppressed the above lockdep-RCU splat.”h]”hŒšWith this change, the rcu_dereference() is always within an RCU read-side critical section, which again would have suppressed the above lockdep-RCU splat.”…””}”(hj˜hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h Kghh¶hžhubhÊ)”}”(hŒÿBut in this particular case, we don't actually dereference the pointer returned from rcu_dereference(). Instead, that pointer is just compared to the cic pointer, which means that the rcu_dereference() can be replaced by rcu_access_pointer() as follows::”h]”hXBut in this particular case, we don’t actually dereference the pointer returned from rcu_dereference(). Instead, that pointer is just compared to the cic pointer, which means that the rcu_dereference() can be replaced by rcu_access_pointer() as follows:”…””}”(hj¦hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h Kkhh¶hžhubj )”}”(hŒ/if (rcu_access_pointer(ioc->ioc_data) == cic) {”h]”hŒ/if (rcu_access_pointer(ioc->ioc_data) == cic) {”…””}”hj´sbah}”(h]”h ]”h"]”h$]”h&]”h±h²uh1j hŸh³h Kphh¶hžhubhÊ)”}”(hŒƒBecause it is legal to invoke rcu_access_pointer() without protection, this change would also suppress the above lockdep-RCU splat.”h]”hŒƒBecause it is legal to invoke rcu_access_pointer() without protection, this change would also suppress the above lockdep-RCU splat.”…””}”(hjÂhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h Krhh¶hžhubeh}”(h]”Œlockdep-rcu-splat”ah ]”h"]”Œlockdep-rcu splat”ah$]”h&]”uh1h´hhhžhhŸh³h Kubeh}”(h]”h ]”h"]”h$]”h&]”Œsource”h³uh1hŒcurrent_source”NŒ current_line”NŒsettings”Œdocutils.frontend”ŒValues”“”)”}”(h¹NŒ generator”NŒ datestamp”NŒ source_link”NŒ source_url”NŒ toc_backlinks”Œentry”Œfootnote_backlinks”KŒ sectnum_xform”KŒstrip_comments”NŒstrip_elements_with_classes”NŒ strip_classes”NŒ report_level”KŒ halt_level”KŒexit_status_level”KŒdebug”NŒwarning_stream”NŒ traceback”ˆŒinput_encoding”Œ utf-8-sig”Œinput_encoding_error_handler”Œstrict”Œoutput_encoding”Œutf-8”Œoutput_encoding_error_handler”jûŒerror_encoding”Œutf-8”Œerror_encoding_error_handler”Œbackslashreplace”Œ language_code”Œen”Œrecord_dependencies”NŒconfig”NŒ id_prefix”hŒauto_id_prefix”Œid”Œ dump_settings”NŒdump_internals”NŒdump_transforms”NŒdump_pseudo_xml”NŒexpose_internals”NŒstrict_visitor”NŒ_disable_config”NŒ_source”h³Œ _destination”NŒ _config_files”]”Œ7/var/lib/git/docbuild/linux/Documentation/docutils.conf”aŒfile_insertion_enabled”ˆŒ raw_enabled”KŒline_length_limit”M'Œpep_references”NŒ pep_base_url”Œhttps://peps.python.org/”Œpep_file_url_template”Œpep-%04d”Œrfc_references”NŒ rfc_base_url”Œ&https://datatracker.ietf.org/doc/html/”Œ tab_width”KŒtrim_footnote_reference_space”‰Œsyntax_highlight”Œlong”Œ smart_quotes”ˆŒsmartquotes_locales”]”Œcharacter_level_inline_markup”‰Œdoctitle_xform”‰Œ docinfo_xform”KŒsectsubtitle_xform”‰Œ image_loading”Œlink”Œembed_stylesheet”‰Œcloak_email_addresses”ˆŒsection_self_link”‰Œenv”NubŒreporter”NŒindirect_targets”]”Œsubstitution_defs”}”Œsubstitution_names”}”Œrefnames”}”Œrefids”}”Œnameids”}”jÕjÒsŒ nametypes”}”jÕ‰sh}”jÒh¶sŒ footnote_refs”}”Œ citation_refs”}”Œ autofootnotes”]”Œautofootnote_refs”]”Œsymbol_footnotes”]”Œsymbol_footnote_refs”]”Œ footnotes”]”Œ citations”]”Œautofootnote_start”KŒsymbol_footnote_start”KŒ id_counter”Œ collections”ŒCounter”“”}”…”R”Œparse_messages”]”Œtransform_messages”]”Œ transformer”NŒ include_log”]”Œ decoration”Nhžhub.