Calling rb_wakeups with the reader lock but interrupts enabled can lead
to a deadlock: the irq_work might run on the same CPU, but will
block when acquiring that very same reader spinlock.
First, rb_wakeups doesn't even need to be called under the reader lock.
Move the function outside of the reader lock scope.
Second, the reader lock must be called with IRQs disabled anyway. Use
the irqsave variant of the spinlock.
Fixes: 2e67fabd8b77 ("ring-buffer: Introduce ring-buffer remotes")
Reported-by: Sashiko <[email protected]>
Signed-off-by: Vincent Donnefort <[email protected]>
diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c
index 7b07d2004cc6..183326633037 100644
--- a/kernel/trace/ring_buffer.c
+++ b/kernel/trace/ring_buffer.c
@@ -6628,13 +6628,17 @@ int ring_buffer_poll_remote(struct trace_buffer
*buffer, int cpu)
struct ring_buffer_per_cpu *cpu_buffer;
if (cpu != RING_BUFFER_ALL_CPUS) {
+ bool wakeup;
+
if (!cpumask_test_cpu(cpu, buffer->cpumask))
return -EINVAL;
cpu_buffer = buffer->buffers[cpu];
- guard(raw_spinlock)(&cpu_buffer->reader_lock);
- if (rb_read_remote_meta_page(cpu_buffer))
+ scoped_guard(raw_spinlock_irqsave, &cpu_buffer->reader_lock)
+ wakeup = rb_read_remote_meta_page(cpu_buffer);
+
+ if (wakeup)
rb_wakeups(buffer, cpu_buffer);
return 0;
@@ -6649,7 +6653,7 @@ int ring_buffer_poll_remote(struct trace_buffer *buffer,
int cpu)
for_each_buffer_cpu(buffer, cpu) {
cpu_buffer = buffer->buffers[cpu];
- guard(raw_spinlock)(&cpu_buffer->reader_lock);
+ guard(raw_spinlock_irqsave)(&cpu_buffer->reader_lock);
rb_read_remote_meta_page(cpu_buffer);
}
--
2.54.0.1032.g2f8565e1d1-goog
