Pavankumar Kondeti e0bf6839e7 ANDROID: mm: always destroy mmu_notifier percpu_rwsem asynchronously ...

Currently mmu_notifier percpu_rwsem is destroyed asynchronously when
__mmdrop() is called in the atomic context. The below calltrace indicates
that __mmdrop() can be called from the CPU hotplug path which already
takes CPU hotplug lock (write side) and we try to take it again (read side)
from percpu_rwsem destruction. This results in lock recursion and the CPU
hotplug operation stuck forever.

-001|context_switch(inline)
-001|__schedule()
-002|__preempt_count_sub(inline)
-002|schedule()
-003|_raw_spin_unlock_irq(inline)
-003|spin_unlock_irq(inline)
-003|percpu_rwsem_wait()
-004|__preempt_count_add(inline)
-004|__percpu_down_read()
-005|percpu_down_read(inline)
-005|cpus_read_lock() // trying to get cpu_hotplug_lock again
-006|rcu_barrier()
-007|rcu_sync_dtor()
-008|mmu_notifier_subscriptions_destroy(inline)
-008|__mmdrop()
-009|mmdrop(inline)
-009|finish_cpu()
-010|cpuhp_invoke_callback()
-011|cpuhp_invoke_callback_range(inline)
-011|cpuhp_down_callbacks()
-012|_cpu_down() // acquired cpu_hotplug_lock (write lock)

Bug: 240377090
Fixes: 1ae855f191 ("FROMLIST: mm: add mmu_notifier_lock")
Change-Id: Idb3ad668b04127c5d930aade103f53eb5ec527c0
Signed-off-by: Pavankumar Kondeti <quic_pkondeti@quicinc.com>

2022-08-08 20:44:56 +00:00

26 KiB

Raw Blame History

View Raw