[v3,1/4] rcutorture: Don't disable softirqs with preemption disabled when PREEMPT_RT

Running RCU torture with CONFIG_PREEMPT_RT under v5.14-rc4-rt6 triggers:

[    8.755472] DEBUG_LOCKS_WARN_ON(this_cpu_read(softirq_ctrl.cnt))
[    8.755482] WARNING: CPU: 1 PID: 137 at kernel/softirq.c:172 __local_bh_disable_ip (kernel/softirq.c:172 (discriminator 31))
[    8.755500] Modules linked in:
[    8.755506] CPU: 1 PID: 137 Comm: rcu_torture_rea Not tainted 5.14.0-rc4-rt6 #171
[    8.755514] Hardware name: ARM Juno development board (r0) (DT)
[    8.755518] pstate: 60000005 (nZCv daif -PAN -UAO -TCO BTYPE=--)
[    8.755622] Call trace:
[    8.755624] __local_bh_disable_ip (kernel/softirq.c:172 (discriminator 31))
[    8.755633] rcutorture_one_extend (kernel/rcu/rcutorture.c:1453)
[    8.755640] rcu_torture_one_read (kernel/rcu/rcutorture.c:1601 kernel/rcu/rcutorture.c:1645)
[    8.755645] rcu_torture_reader (kernel/rcu/rcutorture.c:1737)
[    8.755650] kthread (kernel/kthread.c:327)
[    8.755656] ret_from_fork (arch/arm64/kernel/entry.S:783)
[    8.755663] irq event stamp: 11959
[    8.755666] hardirqs last enabled at (11959): __rcu_read_unlock (kernel/rcu/tree_plugin.h:695 kernel/rcu/tree_plugin.h:451)
[    8.755675] hardirqs last disabled at (11958): __rcu_read_unlock (kernel/rcu/tree_plugin.h:661 kernel/rcu/tree_plugin.h:451)
[    8.755683] softirqs last enabled at (11950): __local_bh_enable_ip (./arch/arm64/include/asm/irqflags.h:85 kernel/softirq.c:261)
[    8.755692] softirqs last disabled at (11942): rcutorture_one_extend (./include/linux/bottom_half.h:19 kernel/rcu/rcutorture.c:1441)

Per this warning, softirqs cannot be disabled in a non-preemptible region
under CONFIG_PREEMPT_RT. Adjust RCU torture accordingly.

Signed-off-by: Valentin Schneider <valentin.schneider@arm.com>
---
 kernel/rcu/rcutorture.c | 2 ++
 1 file changed, 2 insertions(+)

On Wed, Aug 11, 2021 at 09:13:51PM +0100, Valentin Schneider wrote:
> Running RCU torture with CONFIG_PREEMPT_RT under v5.14-rc4-rt6 triggers:

> 

> [    8.755472] DEBUG_LOCKS_WARN_ON(this_cpu_read(softirq_ctrl.cnt))

> [    8.755482] WARNING: CPU: 1 PID: 137 at kernel/softirq.c:172 __local_bh_disable_ip (kernel/softirq.c:172 (discriminator 31))

> [    8.755500] Modules linked in:

> [    8.755506] CPU: 1 PID: 137 Comm: rcu_torture_rea Not tainted 5.14.0-rc4-rt6 #171

> [    8.755514] Hardware name: ARM Juno development board (r0) (DT)

> [    8.755518] pstate: 60000005 (nZCv daif -PAN -UAO -TCO BTYPE=--)

> [    8.755622] Call trace:

> [    8.755624] __local_bh_disable_ip (kernel/softirq.c:172 (discriminator 31))

> [    8.755633] rcutorture_one_extend (kernel/rcu/rcutorture.c:1453)

> [    8.755640] rcu_torture_one_read (kernel/rcu/rcutorture.c:1601 kernel/rcu/rcutorture.c:1645)

> [    8.755645] rcu_torture_reader (kernel/rcu/rcutorture.c:1737)

> [    8.755650] kthread (kernel/kthread.c:327)

> [    8.755656] ret_from_fork (arch/arm64/kernel/entry.S:783)

> [    8.755663] irq event stamp: 11959

> [    8.755666] hardirqs last enabled at (11959): __rcu_read_unlock (kernel/rcu/tree_plugin.h:695 kernel/rcu/tree_plugin.h:451)

> [    8.755675] hardirqs last disabled at (11958): __rcu_read_unlock (kernel/rcu/tree_plugin.h:661 kernel/rcu/tree_plugin.h:451)

> [    8.755683] softirqs last enabled at (11950): __local_bh_enable_ip (./arch/arm64/include/asm/irqflags.h:85 kernel/softirq.c:261)

> [    8.755692] softirqs last disabled at (11942): rcutorture_one_extend (./include/linux/bottom_half.h:19 kernel/rcu/rcutorture.c:1441)

> 

> Per this warning, softirqs cannot be disabled in a non-preemptible region

> under CONFIG_PREEMPT_RT. Adjust RCU torture accordingly.

> 

> Signed-off-by: Valentin Schneider <valentin.schneider@arm.com>


Looks sensible for -rt, but of course does not apply on mainline or -rcu.

Acked-by: Paul E. McKenney <paulmck@kernel.org>


> ---

>  kernel/rcu/rcutorture.c | 2 ++

>  1 file changed, 2 insertions(+)

> 

> diff --git a/kernel/rcu/rcutorture.c b/kernel/rcu/rcutorture.c

> index eecd1caef71d..4f3db1d3170d 100644

> --- a/kernel/rcu/rcutorture.c

> +++ b/kernel/rcu/rcutorture.c

> @@ -1548,6 +1548,8 @@ rcutorture_extend_mask(int oldmask, struct torture_random_state *trsp)

>  	 * them on non-RT.

>  	 */

>  	if (IS_ENABLED(CONFIG_PREEMPT_RT)) {

> +		/* Can't disable bh in atomic context under PREEMPT_RT */

> +		mask &= ~(RCUTORTURE_RDR_ATOM_BH | RCUTORTURE_RDR_ATOM_RBH);

>  		/*

>  		 * Can't release the outermost rcu lock in an irq disabled

>  		 * section without preemption also being disabled, if irqs

> -- 

> 2.25.1

>

On 2021-08-11 21:13:51 [+0100], Valentin Schneider wrote:
> Running RCU torture with CONFIG_PREEMPT_RT under v5.14-rc4-rt6 triggers:

> 

> [    8.755472] DEBUG_LOCKS_WARN_ON(this_cpu_read(softirq_ctrl.cnt))

> [    8.755482] WARNING: CPU: 1 PID: 137 at kernel/softirq.c:172 __local_bh_disable_ip (kernel/softirq.c:172 (discriminator 31))

> [    8.755500] Modules linked in:

> [    8.755506] CPU: 1 PID: 137 Comm: rcu_torture_rea Not tainted 5.14.0-rc4-rt6 #171

> [    8.755514] Hardware name: ARM Juno development board (r0) (DT)

> [    8.755518] pstate: 60000005 (nZCv daif -PAN -UAO -TCO BTYPE=--)

> [    8.755622] Call trace:

> [    8.755624] __local_bh_disable_ip (kernel/softirq.c:172 (discriminator 31))

> [    8.755633] rcutorture_one_extend (kernel/rcu/rcutorture.c:1453)

> [    8.755640] rcu_torture_one_read (kernel/rcu/rcutorture.c:1601 kernel/rcu/rcutorture.c:1645)

> [    8.755645] rcu_torture_reader (kernel/rcu/rcutorture.c:1737)

> [    8.755650] kthread (kernel/kthread.c:327)

> [    8.755656] ret_from_fork (arch/arm64/kernel/entry.S:783)

> [    8.755663] irq event stamp: 11959

> [    8.755666] hardirqs last enabled at (11959): __rcu_read_unlock (kernel/rcu/tree_plugin.h:695 kernel/rcu/tree_plugin.h:451)

> [    8.755675] hardirqs last disabled at (11958): __rcu_read_unlock (kernel/rcu/tree_plugin.h:661 kernel/rcu/tree_plugin.h:451)

> [    8.755683] softirqs last enabled at (11950): __local_bh_enable_ip (./arch/arm64/include/asm/irqflags.h:85 kernel/softirq.c:261)

> [    8.755692] softirqs last disabled at (11942): rcutorture_one_extend (./include/linux/bottom_half.h:19 kernel/rcu/rcutorture.c:1441)

> 

> Per this warning, softirqs cannot be disabled in a non-preemptible region

> under CONFIG_PREEMPT_RT. Adjust RCU torture accordingly.

> 

> Signed-off-by: Valentin Schneider <valentin.schneider@arm.com>

> ---

>  kernel/rcu/rcutorture.c | 2 ++

>  1 file changed, 2 insertions(+)

> 

> diff --git a/kernel/rcu/rcutorture.c b/kernel/rcu/rcutorture.c

> index eecd1caef71d..4f3db1d3170d 100644

> --- a/kernel/rcu/rcutorture.c

> +++ b/kernel/rcu/rcutorture.c

> @@ -1548,6 +1548,8 @@ rcutorture_extend_mask(int oldmask, struct torture_random_state *trsp)

>  	 * them on non-RT.

>  	 */

>  	if (IS_ENABLED(CONFIG_PREEMPT_RT)) {

> +		/* Can't disable bh in atomic context under PREEMPT_RT */

> +		mask &= ~(RCUTORTURE_RDR_ATOM_BH | RCUTORTURE_RDR_ATOM_RBH);


Let me stare at this…

>  		/*

>  		 * Can't release the outermost rcu lock in an irq disabled

>  		 * section without preemption also being disabled, if irqs

> -- 

> 2.25.1


Sebastian

On 2021-08-17 14:13:47 [+0200], To Valentin Schneider wrote:
> > index eecd1caef71d..4f3db1d3170d 100644

> > --- a/kernel/rcu/rcutorture.c

> > +++ b/kernel/rcu/rcutorture.c

> > @@ -1548,6 +1548,8 @@ rcutorture_extend_mask(int oldmask, struct torture_random_state *trsp)

> >  	 * them on non-RT.

> >  	 */

> >  	if (IS_ENABLED(CONFIG_PREEMPT_RT)) {

> > +		/* Can't disable bh in atomic context under PREEMPT_RT */

> > +		mask &= ~(RCUTORTURE_RDR_ATOM_BH | RCUTORTURE_RDR_ATOM_RBH);

> 

> Let me stare at this…


I would fold this

--- a/kernel/rcu/rcutorture.c
+++ b/kernel/rcu/rcutorture.c
@@ -1549,6 +1549,13 @@ rcutorture_extend_mask(int oldmask, stru
 	 */
 	if (IS_ENABLED(CONFIG_PREEMPT_RT)) {
 		/*
+		 * Can't disable bh in atomic context if bh was already
+		 * disabled by another task on the same CPU. Instead of
+		 * attempting to track this, just avoid disabling bh in atomic
+		 * context.
+		 */
+		mask &= ~atomic_bhs;
+		/*
 		 * Can't release the outermost rcu lock in an irq disabled
 		 * section without preemption also being disabled, if irqs
 		 * had ever been enabled during this RCU critical section
@@ -1559,16 +1566,6 @@ rcutorture_extend_mask(int oldmask, stru
 		    !(mask & preempts))
 			mask |= RCUTORTURE_RDR_RCU;
 
-		/* Can't modify atomic bh in non-atomic context */
-		if ((oldmask & atomic_bhs) && (mask & atomic_bhs) &&
-		    !(mask & preempts_irq)) {
-			mask |= oldmask & preempts_irq;
-			if (mask & RCUTORTURE_RDR_IRQ)
-				mask |= oldmask & tmp;
-		}
-		if ((mask & atomic_bhs) && !(mask & preempts_irq))
-			mask |= RCUTORTURE_RDR_PREEMPT;
-
 		/* Can't modify non-atomic bh in atomic context */
 		tmp = nonatomic_bhs;
 		if (oldmask & preempts_irq)

into the original patch and forward it upstream…

Sebastian

On Tue, Aug 17, 2021 at 04:40:18PM +0200, Sebastian Andrzej Siewior wrote:
> From: Scott Wood <swood@redhat.com>

> 

> rcutorture was generating some nesting scenarios that are not

> reasonable.  Constrain the state selection to avoid them.

> 

> Example:

> 

> 1. rcu_read_lock()

> 2. local_irq_disable()

> 3. rcu_read_unlock()

> 4. local_irq_enable()

> 

> If the thread is preempted between steps 1 and 2,

> rcu_read_unlock_special.b.blocked will be set, but it won't be

> acted on in step 3 because IRQs are disabled.  Thus, reporting of the

> quiescent state will be delayed beyond the local_irq_enable().

> 

> For now, these scenarios will continue to be tested on non-PREEMPT_RT

> kernels, until debug checks are added to ensure that they are not

> happening elsewhere.

> 

> Signed-off-by: Scott Wood <swood@redhat.com>

> [valentin.schneider@arm.com: Don't disable BH in atomic context]

> [bigeasy: remove 'preempt_disable(); local_bh_disable(); preempt_enable();

>  local_bh_enable();' from the examples because this works on RT now. ]

> Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>


This looks close to being ready for mainline, actually.

One comment below.

							Thanx, Paul

> ---

> I folded Valentin's bits.

> I removed the unbalanced preempt_disable()/migrate_disable() part from

> the description because it is supported now by the migrate disable

> implementation. I didn't find it explicit in code/ patch except as part

> of local_bh_disable().

> 

> 

>  kernel/rcu/rcutorture.c |   94 ++++++++++++++++++++++++++++++++++++++++--------

>  1 file changed, 80 insertions(+), 14 deletions(-)

> ---

> --- a/kernel/rcu/rcutorture.c

> +++ b/kernel/rcu/rcutorture.c

> @@ -61,10 +61,13 @@ MODULE_AUTHOR("Paul E. McKenney <paulmck

>  #define RCUTORTURE_RDR_RBH	 0x08	/*  ... rcu_read_lock_bh(). */

>  #define RCUTORTURE_RDR_SCHED	 0x10	/*  ... rcu_read_lock_sched(). */

>  #define RCUTORTURE_RDR_RCU	 0x20	/*  ... entering another RCU reader. */

> -#define RCUTORTURE_RDR_NBITS	 6	/* Number of bits defined above. */

> +#define RCUTORTURE_RDR_ATOM_BH	 0x40	/*  ... disabling bh while atomic */

> +#define RCUTORTURE_RDR_ATOM_RBH	 0x80	/*  ... RBH while atomic */

> +#define RCUTORTURE_RDR_NBITS	 8	/* Number of bits defined above. */

>  #define RCUTORTURE_MAX_EXTEND	 \

>  	(RCUTORTURE_RDR_BH | RCUTORTURE_RDR_IRQ | RCUTORTURE_RDR_PREEMPT | \

> -	 RCUTORTURE_RDR_RBH | RCUTORTURE_RDR_SCHED)

> +	 RCUTORTURE_RDR_RBH | RCUTORTURE_RDR_SCHED | \

> +	 RCUTORTURE_RDR_ATOM_BH | RCUTORTURE_RDR_ATOM_RBH)

>  #define RCUTORTURE_RDR_MAX_LOOPS 0x7	/* Maximum reader extensions. */

>  					/* Must be power of two minus one. */

>  #define RCUTORTURE_RDR_MAX_SEGS (RCUTORTURE_RDR_MAX_LOOPS + 3)

> @@ -1429,31 +1432,53 @@ static void rcutorture_one_extend(int *r

>  	WARN_ON_ONCE((idxold >> RCUTORTURE_RDR_SHIFT) > 1);

>  	rtrsp->rt_readstate = newstate;

>  

> -	/* First, put new protection in place to avoid critical-section gap. */

> +	/*

> +	 * First, put new protection in place to avoid critical-section gap.

> +	 * Disable preemption around the ATOM disables to ensure that

> +	 * in_atomic() is true.

> +	 */

>  	if (statesnew & RCUTORTURE_RDR_BH)

>  		local_bh_disable();

> +	if (statesnew & RCUTORTURE_RDR_RBH)

> +		rcu_read_lock_bh();

>  	if (statesnew & RCUTORTURE_RDR_IRQ)

>  		local_irq_disable();

>  	if (statesnew & RCUTORTURE_RDR_PREEMPT)

>  		preempt_disable();

> -	if (statesnew & RCUTORTURE_RDR_RBH)

> -		rcu_read_lock_bh();

>  	if (statesnew & RCUTORTURE_RDR_SCHED)

>  		rcu_read_lock_sched();

> +	preempt_disable();

> +	if (statesnew & RCUTORTURE_RDR_ATOM_BH)

> +		local_bh_disable();

> +	if (statesnew & RCUTORTURE_RDR_ATOM_RBH)

> +		rcu_read_lock_bh();

> +	preempt_enable();

>  	if (statesnew & RCUTORTURE_RDR_RCU)

>  		idxnew = cur_ops->readlock() << RCUTORTURE_RDR_SHIFT;

>  

> -	/* Next, remove old protection, irq first due to bh conflict. */

> +	/*

> +	 * Next, remove old protection, in decreasing order of strength

> +	 * to avoid unlock paths that aren't safe in the stronger

> +	 * context.  Disable preemption around the ATOM enables in

> +	 * case the context was only atomic due to IRQ disabling.

> +	 */

> +	preempt_disable();

>  	if (statesold & RCUTORTURE_RDR_IRQ)

>  		local_irq_enable();

> -	if (statesold & RCUTORTURE_RDR_BH)

> +	if (statesold & RCUTORTURE_RDR_ATOM_BH)

>  		local_bh_enable();

> +	if (statesold & RCUTORTURE_RDR_ATOM_RBH)

> +		rcu_read_unlock_bh();

> +	preempt_enable();


The addition of preempt_enable() here prevents rcutorture from covering
an important part of the mainline RCU state space, namely when an RCU
read-side section ends with just local_irq_enable().  This situation
is a challenge for RCU because it must indirectly detect the end of the
critical section.

Would it work for RT if the preempt_enable() and preempt_disable()
were executed only if either RT on the one hand or statesold has the
RCUTORTURE_RDR_ATOM_BH or RCUTORTURE_RDR_ATOM_RBH bit set on the other?

>  	if (statesold & RCUTORTURE_RDR_PREEMPT)

>  		preempt_enable();

> -	if (statesold & RCUTORTURE_RDR_RBH)

> -		rcu_read_unlock_bh();

>  	if (statesold & RCUTORTURE_RDR_SCHED)

>  		rcu_read_unlock_sched();

> +	if (statesold & RCUTORTURE_RDR_BH)

> +		local_bh_enable();

> +	if (statesold & RCUTORTURE_RDR_RBH)

> +		rcu_read_unlock_bh();

> +

>  	if (statesold & RCUTORTURE_RDR_RCU) {

>  		bool lockit = !statesnew && !(torture_random(trsp) & 0xffff);

>  

> @@ -1496,6 +1521,12 @@ rcutorture_extend_mask(int oldmask, stru

>  	int mask = rcutorture_extend_mask_max();

>  	unsigned long randmask1 = torture_random(trsp) >> 8;

>  	unsigned long randmask2 = randmask1 >> 3;

> +	unsigned long preempts = RCUTORTURE_RDR_PREEMPT | RCUTORTURE_RDR_SCHED;

> +	unsigned long preempts_irq = preempts | RCUTORTURE_RDR_IRQ;

> +	unsigned long nonatomic_bhs = RCUTORTURE_RDR_BH | RCUTORTURE_RDR_RBH;

> +	unsigned long atomic_bhs = RCUTORTURE_RDR_ATOM_BH |

> +				   RCUTORTURE_RDR_ATOM_RBH;

> +	unsigned long tmp;

>  

>  	WARN_ON_ONCE(mask >> RCUTORTURE_RDR_SHIFT);

>  	/* Mostly only one bit (need preemption!), sometimes lots of bits. */

> @@ -1503,11 +1534,46 @@ rcutorture_extend_mask(int oldmask, stru

>  		mask = mask & randmask2;

>  	else

>  		mask = mask & (1 << (randmask2 % RCUTORTURE_RDR_NBITS));

> -	/* Can't enable bh w/irq disabled. */

> -	if ((mask & RCUTORTURE_RDR_IRQ) &&

> -	    ((!(mask & RCUTORTURE_RDR_BH) && (oldmask & RCUTORTURE_RDR_BH)) ||

> -	     (!(mask & RCUTORTURE_RDR_RBH) && (oldmask & RCUTORTURE_RDR_RBH))))

> -		mask |= RCUTORTURE_RDR_BH | RCUTORTURE_RDR_RBH;

> +

> +	/*

> +	 * Can't enable bh w/irq disabled.

> +	 */

> +	tmp = atomic_bhs | nonatomic_bhs;

> +	if (mask & RCUTORTURE_RDR_IRQ)

> +		mask |= oldmask & tmp;


This is more straightforward than my original, good!

> +

> +	/*

> +	 * Ideally these sequences would be detected in debug builds

> +	 * (regardless of RT), but until then don't stop testing

> +	 * them on non-RT.

> +	 */

> +	if (IS_ENABLED(CONFIG_PREEMPT_RT)) {

> +		/*

> +		 * Can't disable bh in atomic context if bh was already

> +		 * disabled by another task on the same CPU. Instead of

> +		 * attempting to track this, just avoid disabling bh in atomic

> +		 * context.

> +		 */

> +		mask &= ~atomic_bhs;


At some point, we will need to test disabling bh in atomic context,
correct?  Or am I missing something here?

> +		/*

> +		 * Can't release the outermost rcu lock in an irq disabled

> +		 * section without preemption also being disabled, if irqs

> +		 * had ever been enabled during this RCU critical section

> +		 * (could leak a special flag and delay reporting the qs).

> +		 */

> +		if ((oldmask & RCUTORTURE_RDR_RCU) &&

> +		    (mask & RCUTORTURE_RDR_IRQ) &&

> +		    !(mask & preempts))

> +			mask |= RCUTORTURE_RDR_RCU;

> +

> +		/* Can't modify non-atomic bh in atomic context */

> +		tmp = nonatomic_bhs;

> +		if (oldmask & preempts_irq)

> +			mask &= ~tmp;

> +		if ((oldmask | mask) & preempts_irq)

> +			mask |= oldmask & tmp;

> +	}

> +

>  	return mask ?: RCUTORTURE_RDR_RCU;

>  }

>

On 2021-08-18 15:46:51 [-0700], Paul E. McKenney wrote:
…
> > +	/*

> > +	 * Ideally these sequences would be detected in debug builds

> > +	 * (regardless of RT), but until then don't stop testing

> > +	 * them on non-RT.

> > +	 */

> > +	if (IS_ENABLED(CONFIG_PREEMPT_RT)) {

> > +		/*

> > +		 * Can't disable bh in atomic context if bh was already

> > +		 * disabled by another task on the same CPU. Instead of

> > +		 * attempting to track this, just avoid disabling bh in atomic

> > +		 * context.

> > +		 */

> > +		mask &= ~atomic_bhs;

> 

> At some point, we will need to test disabling bh in atomic context,

> correct?  Or am I missing something here?


Ideally there is no disabling bh in atomic context (on RT). Having it
breaks some fundamental rules how softirq handling and the bh related
synchronisation is implemented. Given that the softirq handler is
invoked in thread context and preemption is not disabled as part of
spin_lock(), rcu_read_lock(), and interrupts are in general not disabled
in the interrupt handler or spin_lock_irq() there is close to zero
chance of disabling bh in atomic context on RT.

In reality there is (of course) something that needs to disable bh in
atomic context and it happens only during boot up (or from idle unless
I'm mistaken).
It is required that bh disable and its enable part (later) happens in
the same context that is if bh has been disabled in preemptible context
it must not be enabled in atomic context (and vice versa).

The bottom line is that there must not be a local_bh_disable() in atomic
context if another (preempted) task already did a local_bh_disable() on
the same CPU, like in the following scenario on one CPU:

TASK A                      TASK B
 local_bh_disable();
 … preempted
                           preempt_disable();
			   local_bh_disable();

Then this breaks the synchronisation that is otherwise provided by
local_bh_disable(). Without that preempt_disable() TASK B would block
(and wait) until TASK A completes its BH section. In atomic context it
is not possible and therefore not allowed.

Sebastian

On 2021-08-18 15:46:51 [-0700], Paul E. McKenney wrote:
> > ---

> > --- a/kernel/rcu/rcutorture.c

> > +++ b/kernel/rcu/rcutorture.c

> > @@ -61,10 +61,13 @@ MODULE_AUTHOR("Paul E. McKenney <paulmck

…
> > -	/* Next, remove old protection, irq first due to bh conflict. */

> > +	/*

> > +	 * Next, remove old protection, in decreasing order of strength

> > +	 * to avoid unlock paths that aren't safe in the stronger

> > +	 * context.  Disable preemption around the ATOM enables in

> > +	 * case the context was only atomic due to IRQ disabling.

> > +	 */

> > +	preempt_disable();

> >  	if (statesold & RCUTORTURE_RDR_IRQ)

> >  		local_irq_enable();

> > -	if (statesold & RCUTORTURE_RDR_BH)

> > +	if (statesold & RCUTORTURE_RDR_ATOM_BH)

> >  		local_bh_enable();

> > +	if (statesold & RCUTORTURE_RDR_ATOM_RBH)

> > +		rcu_read_unlock_bh();

> > +	preempt_enable();

> 

> The addition of preempt_enable() here prevents rcutorture from covering

> an important part of the mainline RCU state space, namely when an RCU

> read-side section ends with just local_irq_enable().  This situation

> is a challenge for RCU because it must indirectly detect the end of the

> critical section.

> 

> Would it work for RT if the preempt_enable() and preempt_disable()

> were executed only if either RT on the one hand or statesold has the

> RCUTORTURE_RDR_ATOM_BH or RCUTORTURE_RDR_ATOM_RBH bit set on the other?


Now that I stared at it some more (and it stared briefly back at me) I
couldn't explain why we need this and that piece of the patch so I came
up with following which I can explain:

diff --git a/kernel/rcu/rcutorture.c b/kernel/rcu/rcutorture.c
index 40ef5417d9545..5c8b31b7eff03 100644
--- a/kernel/rcu/rcutorture.c
+++ b/kernel/rcu/rcutorture.c
@@ -1432,28 +1432,34 @@ static void rcutorture_one_extend(int *readstate, int newstate,
 	/* First, put new protection in place to avoid critical-section gap. */
 	if (statesnew & RCUTORTURE_RDR_BH)
 		local_bh_disable();
+	if (statesnew & RCUTORTURE_RDR_RBH)
+		rcu_read_lock_bh();
 	if (statesnew & RCUTORTURE_RDR_IRQ)
 		local_irq_disable();
 	if (statesnew & RCUTORTURE_RDR_PREEMPT)
 		preempt_disable();
-	if (statesnew & RCUTORTURE_RDR_RBH)
-		rcu_read_lock_bh();
 	if (statesnew & RCUTORTURE_RDR_SCHED)
 		rcu_read_lock_sched();
 	if (statesnew & RCUTORTURE_RDR_RCU)
 		idxnew = cur_ops->readlock() << RCUTORTURE_RDR_SHIFT;
 
-	/* Next, remove old protection, irq first due to bh conflict. */
+	/*
+	 * Next, remove old protection, in decreasing order of strength
+	 * to avoid unlock paths that aren't safe in the stronger
+	 * context. Namely: BH can not be enabled with disabled interrupts.
+	 * Additionally PREEMPT_RT requires that BH is enabled in preemptible
+	 * context.
+	 */
 	if (statesold & RCUTORTURE_RDR_IRQ)
 		local_irq_enable();
-	if (statesold & RCUTORTURE_RDR_BH)
-		local_bh_enable();
 	if (statesold & RCUTORTURE_RDR_PREEMPT)
 		preempt_enable();
-	if (statesold & RCUTORTURE_RDR_RBH)
-		rcu_read_unlock_bh();
 	if (statesold & RCUTORTURE_RDR_SCHED)
 		rcu_read_unlock_sched();
+	if (statesold & RCUTORTURE_RDR_BH)
+		local_bh_enable();
+	if (statesold & RCUTORTURE_RDR_RBH)
+		rcu_read_unlock_bh();
 	if (statesold & RCUTORTURE_RDR_RCU) {
 		bool lockit = !statesnew && !(torture_random(trsp) & 0xffff);
 
@@ -1496,6 +1502,9 @@ rcutorture_extend_mask(int oldmask, struct torture_random_state *trsp)
 	int mask = rcutorture_extend_mask_max();
 	unsigned long randmask1 = torture_random(trsp) >> 8;
 	unsigned long randmask2 = randmask1 >> 3;
+	unsigned long preempts = RCUTORTURE_RDR_PREEMPT | RCUTORTURE_RDR_SCHED;
+	unsigned long preempts_irq = preempts | RCUTORTURE_RDR_IRQ;
+	unsigned long bhs = RCUTORTURE_RDR_BH | RCUTORTURE_RDR_RBH;
 
 	WARN_ON_ONCE(mask >> RCUTORTURE_RDR_SHIFT);
 	/* Mostly only one bit (need preemption!), sometimes lots of bits. */
@@ -1503,11 +1512,37 @@ rcutorture_extend_mask(int oldmask, struct torture_random_state *trsp)
 		mask = mask & randmask2;
 	else
 		mask = mask & (1 << (randmask2 % RCUTORTURE_RDR_NBITS));
-	/* Can't enable bh w/irq disabled. */
-	if ((mask & RCUTORTURE_RDR_IRQ) &&
-	    ((!(mask & RCUTORTURE_RDR_BH) && (oldmask & RCUTORTURE_RDR_BH)) ||
-	     (!(mask & RCUTORTURE_RDR_RBH) && (oldmask & RCUTORTURE_RDR_RBH))))
-		mask |= RCUTORTURE_RDR_BH | RCUTORTURE_RDR_RBH;
+
+	/*
+	 * Can't enable bh w/irq disabled.
+	 */
+	if (mask & RCUTORTURE_RDR_IRQ)
+		mask |= oldmask & bhs;
+
+	/*
+	 * Ideally these sequences would be detected in debug builds
+	 * (regardless of RT), but until then don't stop testing
+	 * them on non-RT.
+	 */
+	if (IS_ENABLED(CONFIG_PREEMPT_RT)) {
+		/*
+		 * Can't release the outermost rcu lock in an irq disabled
+		 * section without preemption also being disabled, if irqs
+		 * had ever been enabled during this RCU critical section
+		 * (could leak a special flag and delay reporting the qs).
+		 */
+		if ((oldmask & RCUTORTURE_RDR_RCU) &&
+		    (mask & RCUTORTURE_RDR_IRQ) &&
+		    !(mask & preempts))
+			mask |= RCUTORTURE_RDR_RCU;
+
+		/* Can't modify bh in atomic context */
+		if (oldmask & preempts_irq)
+			mask &= ~bhs;
+		if ((oldmask | mask) & preempts_irq)
+			mask |= oldmask & bhs;
+	}
+
 	return mask ?: RCUTORTURE_RDR_RCU;
 }

On 2021-08-19 17:39:29 [+0200], To Paul E. McKenney wrote:
> up with following which I can explain:

> 

> diff --git a/kernel/rcu/rcutorture.c b/kernel/rcu/rcutorture.c

> index 40ef5417d9545..5c8b31b7eff03 100644

> --- a/kernel/rcu/rcutorture.c

> +++ b/kernel/rcu/rcutorture.c

> @@ -1432,28 +1432,34 @@ static void rcutorture_one_extend(int *readstate, int newstate,

>  	/* First, put new protection in place to avoid critical-section gap. */

>  	if (statesnew & RCUTORTURE_RDR_BH)

>  		local_bh_disable();

> +	if (statesnew & RCUTORTURE_RDR_RBH)

> +		rcu_read_lock_bh();

>  	if (statesnew & RCUTORTURE_RDR_IRQ)

>  		local_irq_disable();

>  	if (statesnew & RCUTORTURE_RDR_PREEMPT)

>  		preempt_disable();

> -	if (statesnew & RCUTORTURE_RDR_RBH)

> -		rcu_read_lock_bh();

>  	if (statesnew & RCUTORTURE_RDR_SCHED)

>  		rcu_read_lock_sched();

>  	if (statesnew & RCUTORTURE_RDR_RCU)

>  		idxnew = cur_ops->readlock() << RCUTORTURE_RDR_SHIFT;


So the ordering in the enable and disable part regarding BH is
important. First BH, then preemption or IRQ.

> -	/* Next, remove old protection, irq first due to bh conflict. */

> +	/*

> +	 * Next, remove old protection, in decreasing order of strength

> +	 * to avoid unlock paths that aren't safe in the stronger

> +	 * context. Namely: BH can not be enabled with disabled interrupts.

> +	 * Additionally PREEMPT_RT requires that BH is enabled in preemptible

> +	 * context.

> +	 */

>  	if (statesold & RCUTORTURE_RDR_IRQ)

>  		local_irq_enable();

> -	if (statesold & RCUTORTURE_RDR_BH)

> -		local_bh_enable();

>  	if (statesold & RCUTORTURE_RDR_PREEMPT)

>  		preempt_enable();

> -	if (statesold & RCUTORTURE_RDR_RBH)

> -		rcu_read_unlock_bh();

>  	if (statesold & RCUTORTURE_RDR_SCHED)

>  		rcu_read_unlock_sched();

> +	if (statesold & RCUTORTURE_RDR_BH)

> +		local_bh_enable();

> +	if (statesold & RCUTORTURE_RDR_RBH)

> +		rcu_read_unlock_bh();

>  	if (statesold & RCUTORTURE_RDR_RCU) {

>  		bool lockit = !statesnew && !(torture_random(trsp) & 0xffff);


The same in the unlock part so that BH is unlocked in preemptible
context.
Now if you need bh lock/unlock in atomic context (either with disabled
IRQs or preemption) then I would dig out the atomic-bh part again and
make !RT only without the preempt_disable() section around about which
one you did complain.

> @@ -1496,6 +1502,9 @@ rcutorture_extend_mask(int oldmask, struct torture_random_state *trsp)

>  	int mask = rcutorture_extend_mask_max();

>  	unsigned long randmask1 = torture_random(trsp) >> 8;

>  	unsigned long randmask2 = randmask1 >> 3;

> +	unsigned long preempts = RCUTORTURE_RDR_PREEMPT | RCUTORTURE_RDR_SCHED;

> +	unsigned long preempts_irq = preempts | RCUTORTURE_RDR_IRQ;

> +	unsigned long bhs = RCUTORTURE_RDR_BH | RCUTORTURE_RDR_RBH;

>  

>  	WARN_ON_ONCE(mask >> RCUTORTURE_RDR_SHIFT);

>  	/* Mostly only one bit (need preemption!), sometimes lots of bits. */

> @@ -1503,11 +1512,37 @@ rcutorture_extend_mask(int oldmask, struct torture_random_state *trsp)

>  		mask = mask & randmask2;

>  	else

>  		mask = mask & (1 << (randmask2 % RCUTORTURE_RDR_NBITS));

> -	/* Can't enable bh w/irq disabled. */

> -	if ((mask & RCUTORTURE_RDR_IRQ) &&

> -	    ((!(mask & RCUTORTURE_RDR_BH) && (oldmask & RCUTORTURE_RDR_BH)) ||

> -	     (!(mask & RCUTORTURE_RDR_RBH) && (oldmask & RCUTORTURE_RDR_RBH))))

> -		mask |= RCUTORTURE_RDR_BH | RCUTORTURE_RDR_RBH;

> +

> +	/*

> +	 * Can't enable bh w/irq disabled.

> +	 */

> +	if (mask & RCUTORTURE_RDR_IRQ)

> +		mask |= oldmask & bhs;

> +

> +	/*

> +	 * Ideally these sequences would be detected in debug builds

> +	 * (regardless of RT), but until then don't stop testing

> +	 * them on non-RT.

> +	 */

> +	if (IS_ENABLED(CONFIG_PREEMPT_RT)) {

> +		/*

> +		 * Can't release the outermost rcu lock in an irq disabled

> +		 * section without preemption also being disabled, if irqs

> +		 * had ever been enabled during this RCU critical section

> +		 * (could leak a special flag and delay reporting the qs).

> +		 */

> +		if ((oldmask & RCUTORTURE_RDR_RCU) &&

> +		    (mask & RCUTORTURE_RDR_IRQ) &&

> +		    !(mask & preempts))

> +			mask |= RCUTORTURE_RDR_RCU;


This piece above, I don't understand. I had it running for a while and
it didn't explode. Let me try TREE01 for 30min without that piece.

> +		/* Can't modify bh in atomic context */

> +		if (oldmask & preempts_irq)

> +			mask &= ~bhs;

> +		if ((oldmask | mask) & preempts_irq)

> +			mask |= oldmask & bhs;


And this is needed because we can't lock/unlock bh while atomic.

> +	}

> +

>  	return mask ?: RCUTORTURE_RDR_RCU;

>  }

>  


Sebastian

On Thu, Aug 19, 2021 at 05:47:08PM +0200, Sebastian Andrzej Siewior wrote:
> On 2021-08-19 17:39:29 [+0200], To Paul E. McKenney wrote:

> > up with following which I can explain:

> > 

> > diff --git a/kernel/rcu/rcutorture.c b/kernel/rcu/rcutorture.c

> > index 40ef5417d9545..5c8b31b7eff03 100644

> > --- a/kernel/rcu/rcutorture.c

> > +++ b/kernel/rcu/rcutorture.c

> > @@ -1432,28 +1432,34 @@ static void rcutorture_one_extend(int *readstate, int newstate,

> >  	/* First, put new protection in place to avoid critical-section gap. */

> >  	if (statesnew & RCUTORTURE_RDR_BH)

> >  		local_bh_disable();

> > +	if (statesnew & RCUTORTURE_RDR_RBH)

> > +		rcu_read_lock_bh();

> >  	if (statesnew & RCUTORTURE_RDR_IRQ)

> >  		local_irq_disable();

> >  	if (statesnew & RCUTORTURE_RDR_PREEMPT)

> >  		preempt_disable();

> > -	if (statesnew & RCUTORTURE_RDR_RBH)

> > -		rcu_read_lock_bh();

> >  	if (statesnew & RCUTORTURE_RDR_SCHED)

> >  		rcu_read_lock_sched();

> >  	if (statesnew & RCUTORTURE_RDR_RCU)

> >  		idxnew = cur_ops->readlock() << RCUTORTURE_RDR_SHIFT;

> 

> So the ordering in the enable and disable part regarding BH is

> important. First BH, then preemption or IRQ.

> 

> > -	/* Next, remove old protection, irq first due to bh conflict. */

> > +	/*

> > +	 * Next, remove old protection, in decreasing order of strength

> > +	 * to avoid unlock paths that aren't safe in the stronger

> > +	 * context. Namely: BH can not be enabled with disabled interrupts.

> > +	 * Additionally PREEMPT_RT requires that BH is enabled in preemptible

> > +	 * context.

> > +	 */

> >  	if (statesold & RCUTORTURE_RDR_IRQ)

> >  		local_irq_enable();

> > -	if (statesold & RCUTORTURE_RDR_BH)

> > -		local_bh_enable();

> >  	if (statesold & RCUTORTURE_RDR_PREEMPT)

> >  		preempt_enable();

> > -	if (statesold & RCUTORTURE_RDR_RBH)

> > -		rcu_read_unlock_bh();

> >  	if (statesold & RCUTORTURE_RDR_SCHED)

> >  		rcu_read_unlock_sched();

> > +	if (statesold & RCUTORTURE_RDR_BH)

> > +		local_bh_enable();

> > +	if (statesold & RCUTORTURE_RDR_RBH)

> > +		rcu_read_unlock_bh();

> >  	if (statesold & RCUTORTURE_RDR_RCU) {

> >  		bool lockit = !statesnew && !(torture_random(trsp) & 0xffff);

> 

> The same in the unlock part so that BH is unlocked in preemptible

> context.

> Now if you need bh lock/unlock in atomic context (either with disabled

> IRQs or preemption) then I would dig out the atomic-bh part again and

> make !RT only without the preempt_disable() section around about which

> one you did complain.

> 

> > @@ -1496,6 +1502,9 @@ rcutorture_extend_mask(int oldmask, struct torture_random_state *trsp)

> >  	int mask = rcutorture_extend_mask_max();

> >  	unsigned long randmask1 = torture_random(trsp) >> 8;

> >  	unsigned long randmask2 = randmask1 >> 3;

> > +	unsigned long preempts = RCUTORTURE_RDR_PREEMPT | RCUTORTURE_RDR_SCHED;

> > +	unsigned long preempts_irq = preempts | RCUTORTURE_RDR_IRQ;

> > +	unsigned long bhs = RCUTORTURE_RDR_BH | RCUTORTURE_RDR_RBH;

> >  

> >  	WARN_ON_ONCE(mask >> RCUTORTURE_RDR_SHIFT);

> >  	/* Mostly only one bit (need preemption!), sometimes lots of bits. */

> > @@ -1503,11 +1512,37 @@ rcutorture_extend_mask(int oldmask, struct torture_random_state *trsp)

> >  		mask = mask & randmask2;

> >  	else

> >  		mask = mask & (1 << (randmask2 % RCUTORTURE_RDR_NBITS));

> > -	/* Can't enable bh w/irq disabled. */

> > -	if ((mask & RCUTORTURE_RDR_IRQ) &&

> > -	    ((!(mask & RCUTORTURE_RDR_BH) && (oldmask & RCUTORTURE_RDR_BH)) ||

> > -	     (!(mask & RCUTORTURE_RDR_RBH) && (oldmask & RCUTORTURE_RDR_RBH))))

> > -		mask |= RCUTORTURE_RDR_BH | RCUTORTURE_RDR_RBH;

> > +

> > +	/*

> > +	 * Can't enable bh w/irq disabled.

> > +	 */

> > +	if (mask & RCUTORTURE_RDR_IRQ)

> > +		mask |= oldmask & bhs;

> > +

> > +	/*

> > +	 * Ideally these sequences would be detected in debug builds

> > +	 * (regardless of RT), but until then don't stop testing

> > +	 * them on non-RT.

> > +	 */

> > +	if (IS_ENABLED(CONFIG_PREEMPT_RT)) {

> > +		/*

> > +		 * Can't release the outermost rcu lock in an irq disabled

> > +		 * section without preemption also being disabled, if irqs

> > +		 * had ever been enabled during this RCU critical section

> > +		 * (could leak a special flag and delay reporting the qs).

> > +		 */

> > +		if ((oldmask & RCUTORTURE_RDR_RCU) &&

> > +		    (mask & RCUTORTURE_RDR_IRQ) &&

> > +		    !(mask & preempts))

> > +			mask |= RCUTORTURE_RDR_RCU;

> 

> This piece above, I don't understand. I had it running for a while and

> it didn't explode. Let me try TREE01 for 30min without that piece.


This might be historical.  There was a time when interrupts being
disabled across rcu_read_unlock() meant that preemption had to have
been disabled across the entire RCU read-side critical section.

I am not seeing a purpose for it now, but I could easily be missing
something, especially given my tenuous grasp of RT.

Either way, looking forward to the next version!

							Thanx, Paul

> > +		/* Can't modify bh in atomic context */

> > +		if (oldmask & preempts_irq)

> > +			mask &= ~bhs;

> > +		if ((oldmask | mask) & preempts_irq)

> > +			mask |= oldmask & bhs;

> 

> And this is needed because we can't lock/unlock bh while atomic.

> 

> > +	}

> > +

> >  	return mask ?: RCUTORTURE_RDR_RCU;

> >  }

> >  

> 

> Sebastian

On 2021-08-19 11:20:35 [-0700], Paul E. McKenney wrote:
> > This piece above, I don't understand. I had it running for a while and

> > it didn't explode. Let me try TREE01 for 30min without that piece.

> 

> This might be historical.  There was a time when interrupts being

> disabled across rcu_read_unlock() meant that preemption had to have

> been disabled across the entire RCU read-side critical section.

> 

> I am not seeing a purpose for it now, but I could easily be missing

> something, especially given my tenuous grasp of RT.


Okay. So the 30min test didn't trigger any warnings…

> Either way, looking forward to the next version!


Good. So if you liked what you have seen then I'm going to resubmit the
above as a proper patch then.
Thanks!

> 							Thanx, Paul


Sebastian

On Tue, 2021-08-17 at 16:40 +0200, Sebastian Andrzej Siewior wrote:
> [bigeasy: remove 'preempt_disable(); local_bh_disable(); preempt_enable();

>  local_bh_enable();' from the examples because this works on RT now. ]


Does it actually work?  If preemption is disabled during local_bh_disable,
softirq_ctrl.lock won't be taken.  If you then get preempted between the
preempt_enable() and the local_bh_enable(), and another task tries to do
local_bh_disable(), won't it successfully get softirq_ctrl.lock, add to
softirq_ctrl.cnt, and proceed right into the critical section?

Or am I missing something?

-Scott

On Thu, 2021-08-19 at 11:20 -0700, Paul E. McKenney wrote:
> On Thu, Aug 19, 2021 at 05:47:08PM +0200, Sebastian Andrzej Siewior wrote:

> > On 2021-08-19 17:39:29 [+0200], To Paul E. McKenney wrote:

> > > +	/*

> > > +	 * Ideally these sequences would be detected in debug builds

> > > +	 * (regardless of RT), but until then don't stop testing

> > > +	 * them on non-RT.

> > > +	 */

> > > +	if (IS_ENABLED(CONFIG_PREEMPT_RT)) {

> > > +		/*

> > > +		 * Can't release the outermost rcu lock in an irq disabled

> > > +		 * section without preemption also being disabled, if irqs

> > > +		 * had ever been enabled during this RCU critical section

> > > +		 * (could leak a special flag and delay reporting the qs).

> > > +		 */

> > > +		if ((oldmask & RCUTORTURE_RDR_RCU) &&

> > > +		    (mask & RCUTORTURE_RDR_IRQ) &&

> > > +		    !(mask & preempts))

> > > +			mask |= RCUTORTURE_RDR_RCU;

> > 

> > This piece above, I don't understand. I had it running for a while and

> > it didn't explode. Let me try TREE01 for 30min without that piece.

> 

> This might be historical.  There was a time when interrupts being

> disabled across rcu_read_unlock() meant that preemption had to have

> been disabled across the entire RCU read-side critical section.

> 

> I am not seeing a purpose for it now, but I could easily be missing

> something, especially given my tenuous grasp of RT.


Yeah, I think this was to deal with not having the irq work stuff in RT
at the time.

-Scott

On 2021-08-19 22:23:37 [-0500], Scott Wood wrote:
> On Tue, 2021-08-17 at 16:40 +0200, Sebastian Andrzej Siewior wrote:

> > [bigeasy: remove 'preempt_disable(); local_bh_disable(); preempt_enable();

> >  local_bh_enable();' from the examples because this works on RT now. ]

> 

> Does it actually work?  If preemption is disabled during local_bh_disable,

> softirq_ctrl.lock won't be taken.  If you then get preempted between the

> preempt_enable() and the local_bh_enable(), and another task tries to do

> local_bh_disable(), won't it successfully get softirq_ctrl.lock, add to

> softirq_ctrl.cnt, and proceed right into the critical section?

> 

> Or am I missing something?


No, I mixed it up with migrate_disable/enable. I corrected it while
redoing it yesterday.

> -Scott


Sebastian

On 2021-08-19 23:11:12 [-0500], Scott Wood wrote:
> On Thu, 2021-08-19 at 11:20 -0700, Paul E. McKenney wrote:

> > On Thu, Aug 19, 2021 at 05:47:08PM +0200, Sebastian Andrzej Siewior wrote:

> > > On 2021-08-19 17:39:29 [+0200], To Paul E. McKenney wrote:

> > > > +	/*

> > > > +	 * Ideally these sequences would be detected in debug builds

> > > > +	 * (regardless of RT), but until then don't stop testing

> > > > +	 * them on non-RT.

> > > > +	 */

> > > > +	if (IS_ENABLED(CONFIG_PREEMPT_RT)) {

> > > > +		/*

> > > > +		 * Can't release the outermost rcu lock in an irq disabled

> > > > +		 * section without preemption also being disabled, if irqs

> > > > +		 * had ever been enabled during this RCU critical section

> > > > +		 * (could leak a special flag and delay reporting the qs).

> > > > +		 */

> > > > +		if ((oldmask & RCUTORTURE_RDR_RCU) &&

> > > > +		    (mask & RCUTORTURE_RDR_IRQ) &&

> > > > +		    !(mask & preempts))

> > > > +			mask |= RCUTORTURE_RDR_RCU;

> > > 

> > > This piece above, I don't understand. I had it running for a while and

> > > it didn't explode. Let me try TREE01 for 30min without that piece.

> > 

> > This might be historical.  There was a time when interrupts being

> > disabled across rcu_read_unlock() meant that preemption had to have

> > been disabled across the entire RCU read-side critical section.

> > 

> > I am not seeing a purpose for it now, but I could easily be missing

> > something, especially given my tenuous grasp of RT.

> 

> Yeah, I think this was to deal with not having the irq work stuff in RT

> at the time.


Good. Thank you for the confirmation. 
I run (without the hunk above) 2x 6h of TREE01 and 4x 6h of TREE06 and
it looked good.

> -Scott


Sebastian

On Fri, Aug 20, 2021 at 09:42:36AM +0200, Sebastian Andrzej Siewior wrote:
> From: "From: Scott Wood" <swood@redhat.com>

> 

> rcutorture is generating some nesting scenarios that are not compatible on PREEMPT_RT.

> For example:

> 	preempt_disable();

> 	rcu_read_lock_bh();

> 	preempt_enable();

> 	rcu_read_unlock_bh();

> 

> The problem here is that on PREEMPT_RT the bottom halves have to be

> disabled and enabled in preemptible context.

> 

> Reorder locking: start with BH locking and continue with then with

> disabling preemption or interrupts. In the unlocking do it reverse by

> first enabling interrupts and preemption and BH at the very end.

> Ensure that on PREEMPT_RT BH locking remains unchanged if in

> non-preemptible context.

> 

> Link: https://lkml.kernel.org/r/20190911165729.11178-6-swood@redhat.com

> Link: https://lkml.kernel.org/r/20210819182035.GF4126399@paulmck-ThinkPad-P17-Gen-1

> Signed-off-by: Scott Wood <swood@redhat.com>

> [bigeasy: Drop ATOM_BH, make it only about changing BH in atomic

> context. Allow enabling RCU in IRQ-off section. Reword commit message.]

> Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>


Looks plausible.  ;-)

I have queued this for testing and further review.  If all goes well,
perhaps the v5.16 merge window.

							Thanx, Paul

> ---

> v1…v2:

>   - Drop the ATOM_BH* bits. There don't seem to be needed, Paul did not

>     ant the preempt-disable around enabling/disabling BH as it might fix

>     things that RCU should take care.

> 

>   - Allow enabling RCU with disabled interrupts on RT. Scott confirmed

>     that it was needed but might no longer be needed. Paul said that it

>     might have been required at some point. It survived multiple 6h long

>     TREE01 and TREE06 testing.

> 

>  kernel/rcu/rcutorture.c | 48 ++++++++++++++++++++++++++++++-----------

>  1 file changed, 36 insertions(+), 12 deletions(-)

> 

> diff --git a/kernel/rcu/rcutorture.c b/kernel/rcu/rcutorture.c

> index 40ef5417d9545..d2ef535530b10 100644

> --- a/kernel/rcu/rcutorture.c

> +++ b/kernel/rcu/rcutorture.c

> @@ -1432,28 +1432,34 @@ static void rcutorture_one_extend(int *readstate, int newstate,

>  	/* First, put new protection in place to avoid critical-section gap. */

>  	if (statesnew & RCUTORTURE_RDR_BH)

>  		local_bh_disable();

> +	if (statesnew & RCUTORTURE_RDR_RBH)

> +		rcu_read_lock_bh();

>  	if (statesnew & RCUTORTURE_RDR_IRQ)

>  		local_irq_disable();

>  	if (statesnew & RCUTORTURE_RDR_PREEMPT)

>  		preempt_disable();

> -	if (statesnew & RCUTORTURE_RDR_RBH)

> -		rcu_read_lock_bh();

>  	if (statesnew & RCUTORTURE_RDR_SCHED)

>  		rcu_read_lock_sched();

>  	if (statesnew & RCUTORTURE_RDR_RCU)

>  		idxnew = cur_ops->readlock() << RCUTORTURE_RDR_SHIFT;

>  

> -	/* Next, remove old protection, irq first due to bh conflict. */

> +	/*

> +	 * Next, remove old protection, in decreasing order of strength

> +	 * to avoid unlock paths that aren't safe in the stronger

> +	 * context. Namely: BH can not be enabled with disabled interrupts.

> +	 * Additionally PREEMPT_RT requires that BH is enabled in preemptible

> +	 * context.

> +	 */

>  	if (statesold & RCUTORTURE_RDR_IRQ)

>  		local_irq_enable();

> -	if (statesold & RCUTORTURE_RDR_BH)

> -		local_bh_enable();

>  	if (statesold & RCUTORTURE_RDR_PREEMPT)

>  		preempt_enable();

> -	if (statesold & RCUTORTURE_RDR_RBH)

> -		rcu_read_unlock_bh();

>  	if (statesold & RCUTORTURE_RDR_SCHED)

>  		rcu_read_unlock_sched();

> +	if (statesold & RCUTORTURE_RDR_BH)

> +		local_bh_enable();

> +	if (statesold & RCUTORTURE_RDR_RBH)

> +		rcu_read_unlock_bh();

>  	if (statesold & RCUTORTURE_RDR_RCU) {

>  		bool lockit = !statesnew && !(torture_random(trsp) & 0xffff);

>  

> @@ -1496,6 +1502,9 @@ rcutorture_extend_mask(int oldmask, struct torture_random_state *trsp)

>  	int mask = rcutorture_extend_mask_max();

>  	unsigned long randmask1 = torture_random(trsp) >> 8;

>  	unsigned long randmask2 = randmask1 >> 3;

> +	unsigned long preempts = RCUTORTURE_RDR_PREEMPT | RCUTORTURE_RDR_SCHED;

> +	unsigned long preempts_irq = preempts | RCUTORTURE_RDR_IRQ;

> +	unsigned long bhs = RCUTORTURE_RDR_BH | RCUTORTURE_RDR_RBH;

>  

>  	WARN_ON_ONCE(mask >> RCUTORTURE_RDR_SHIFT);

>  	/* Mostly only one bit (need preemption!), sometimes lots of bits. */

> @@ -1503,11 +1512,26 @@ rcutorture_extend_mask(int oldmask, struct torture_random_state *trsp)

>  		mask = mask & randmask2;

>  	else

>  		mask = mask & (1 << (randmask2 % RCUTORTURE_RDR_NBITS));

> -	/* Can't enable bh w/irq disabled. */

> -	if ((mask & RCUTORTURE_RDR_IRQ) &&

> -	    ((!(mask & RCUTORTURE_RDR_BH) && (oldmask & RCUTORTURE_RDR_BH)) ||

> -	     (!(mask & RCUTORTURE_RDR_RBH) && (oldmask & RCUTORTURE_RDR_RBH))))

> -		mask |= RCUTORTURE_RDR_BH | RCUTORTURE_RDR_RBH;

> +

> +	/*

> +	 * Can't enable bh w/irq disabled.

> +	 */

> +	if (mask & RCUTORTURE_RDR_IRQ)

> +		mask |= oldmask & bhs;

> +

> +	/*

> +	 * Ideally these sequences would be detected in debug builds

> +	 * (regardless of RT), but until then don't stop testing

> +	 * them on non-RT.

> +	 */

> +	if (IS_ENABLED(CONFIG_PREEMPT_RT)) {

> +		/* Can't modify BH in atomic context */

> +		if (oldmask & preempts_irq)

> +			mask &= ~bhs;

> +		if ((oldmask | mask) & preempts_irq)

> +			mask |= oldmask & bhs;

> +	}

> +

>  	return mask ?: RCUTORTURE_RDR_RCU;

>  }

>  

> -- 

> 2.33.0

>