From: Michael Buesch <mbuesch@freenet.de>
To: paulmck@us.ibm.com
Cc: dipankar@in.ibm.com, rusty@au1.ibm.com, ak@suse.de,
gareth@valinux.com, davidm@hpl.hp.com,
linux-kernel@vger.kernel.org
Subject: Re: [RFC] Strange code in cpu_idle()
Date: Mon, 6 Dec 2004 01:32:35 +0100 [thread overview]
Message-ID: <200412060132.40912.mbuesch@freenet.de> (raw)
In-Reply-To: <20041204231149.GA1591@us.ibm.com>
[-- Attachment #1: Type: text/plain, Size: 8352 bytes --]
Hi Paul,
Well, your mail is _very_ interresting for me.
I get this oops for weeks with several kernel versions now:
Unable to handle kernel paging request at virtual address 00099108
printing eip:
b01010c0
*pde = 00000000
Oops: 0000 [#1]
SMP
Modules linked in: nfs lockd sunrpc nvidia ipv6 ohci_hcd tuner tvaudio msp3400 bttv video_buf firmware_class btcx_risc ehci_hcd uhci_hcd usbcore intel_agp agpgart evdev
CPU: 0
EIP: 0060:[<b01010c0>] Tainted: P VLI
EFLAGS: 00010286 (2.6.10-rc2-ck2-nozeroram-findvmastat)
EIP is at cpu_idle+0x31/0x3f
eax: 00000001 ebx: 00099100 ecx: 00000000 edx: 0000001d
esi: 00000000 edi: b03dff9c ebp: b03dffe4 esp: b03dffe0
ds: 007b es: 007b ss: 0068
Process swapper (pid: 0, threadinfo=b03de000 task=b034db40)
Stack: 00020800 b03dfff8 b03e0898 000000bd b03e0340 b040cb80 0044f007 b0100211
Call Trace:
[<b0103c00>] show_stack+0x7a/0x90
[<b0103d81>] show_registers+0x152/0x1ca
[<b0103f86>] die+0xf4/0x178
[<b0114556>] do_page_fault+0x42a/0x645
[<b01038a7>] error_code+0x2b/0x30
[<b03e0898>] start_kernel+0x13a/0x151
[<b0100211>] 0xb0100211
Code: e0 ff ff 21 e3 eb 24 8b 0d 84 c6 40 b0 b8 26 10 10 b0 8b 15 c0 eb 34 b0 85 c9 0f 44 c8 8b 43 10 c1 e0 07 89 90 84 52 41 b0 ff d1 <8b> 43 08 a8 08 74 d5 e8 d8 7f 1f 00 eb f2 55 89 e5 56 53 fb ba
<0>Kernel panic - not syncing: Attempted to kill the idle task!
I changed cpu_idle to look like this:
void cpu_idle (void)
{
while (1) {
while (!need_resched()) {
irq_stat[smp_processor_id()].idle_timestamp = jiffies;
default_idle();
}
schedule();
}
}
I did not have an oops with the changed cpu_idle() until today.
But maybe that is just luck. The oops is not reproducible.
There were days when I got 3 oopses, but there were also weeks
when the machine was rock-stable.
The above oops shows a crash when we try to access the
thread_info->flags field. This is done by need_resched()
to check the TIF_NEED_RESCHED flag.
I don't know how to interpret the oops correctly to find
the source of the crash.
b010108f <cpu_idle>:
b010108f: 55 push %ebp
b0101090: 89 e5 mov %esp,%ebp
b0101092: 53 push %ebx
b0101093: bb 00 e0 ff ff mov $0xffffe000,%ebx
b0101098: 21 e3 and %esp,%ebx
b010109a: eb 24 jmp b01010c0 <cpu_idle+0x31>
b010109c: 8b 0d 84 c6 40 b0 mov 0xb040c684,%ecx
b01010a2: b8 26 10 10 b0 mov $0xb0101026,%eax
b01010a7: 8b 15 c0 eb 34 b0 mov 0xb034ebc0,%edx
b01010ad: 85 c9 test %ecx,%ecx
b01010af: 0f 44 c8 cmove %eax,%ecx
b01010b2: 8b 43 10 mov 0x10(%ebx),%eax
b01010b5: c1 e0 07 shl $0x7,%eax
b01010b8: 89 90 84 52 41 b0 mov %edx,0xb0415284(%eax)
b01010be: ff d1 call *%ecx
b01010c0: 8b 43 08 mov 0x8(%ebx),%eax
^^^^^^^^^^^^^^^^^^^^^ OOPS here. This is clearly the need_resched() check.
b01010c3: a8 08 test $0x8,%al
b01010c5: 74 d5 je b010109c <cpu_idle+0xd>
b01010c7: e8 d8 7f 1f 00 call b02f90a4 <schedule>
b01010cc: eb f2 jmp b01010c0 <cpu_idle+0x31>
Quoting "Paul E. McKenney" <paulmck@us.ibm.com>:
> Hello!
>
> Strange code in i386, ia64, and x86-64 cpu_idle():
>
> void cpu_idle (void)
> {
> /* endless idle loop with no priority at all */
> while (1) {
> while (!need_resched()) {
> void (*idle)(void);
> /*
> * Mark this as an RCU critical section so that
> * synchronize_kernel() in the unload path waits
> * for our completion.
> */
> rcu_read_lock();
> idle = pm_idle;
> if (!idle)
> idle = default_idle;
> idle();
> rcu_read_unlock();
> }
> schedule();
> }
> }
>
> Unless idle_cpu() is busted, it seems like the above is, given the code in
> rcu_check_callbacks():
>
> void rcu_check_callbacks(int cpu, int user)
> {
> if (user ||
> (idle_cpu(cpu) && !in_softirq() &&
> hardirq_count() <= (1 << HARDIRQ_SHIFT))) {
> rcu_qsctr_inc(cpu);
> rcu_bh_qsctr_inc(cpu);
> } else if (!in_softirq())
> rcu_bh_qsctr_inc(cpu);
> tasklet_schedule(&per_cpu(rcu_tasklet, cpu));
> }
>
> And idle_cpu() is pretty straightforward:
>
> int idle_cpu(int cpu)
> {
> return cpu_curr(cpu) == cpu_rq(cpu)->idle;
> }
>
> So I would say that the rcu_read_lock() in cpu_idle() is having no
> effect, because any timer interrupt from cpu_idle() will mark a
> quiescent state notwithstanding. What am I missing here?
>
> If I am not missing anything, then the attached patch would be in
> order here, though there might be some additional work required.
> (Though I thought that the try_stop_module() stuff took care of
> all of this these days...)
>
> Note that we really, really do want the idle loop to be an extended
> quiescent state, otherwise one gets indefinite grace periods and
> runs out of memory...
>
> Thanx, Paul
>
> diff -urpN -X ../dontdiff linux-2.5/arch/i386/kernel/process.c linux-2.5-idle_rcu/arch/i386/kernel/process.c
> --- linux-2.5/arch/i386/kernel/process.c Mon Nov 29 10:47:14 2004
> +++ linux-2.5-idle_rcu/arch/i386/kernel/process.c Sat Dec 4 14:53:37 2004
> @@ -144,14 +144,12 @@ void cpu_idle (void)
> {
> /* endless idle loop with no priority at all */
> while (1) {
> + /*
> + * Note that it is illegal to use RCU read-side
> + * critical sections within the idle loop.
> + */
> while (!need_resched()) {
> void (*idle)(void);
> - /*
> - * Mark this as an RCU critical section so that
> - * synchronize_kernel() in the unload path waits
> - * for our completion.
> - */
> - rcu_read_lock();
> idle = pm_idle;
>
> if (!idle)
> @@ -159,7 +157,6 @@ void cpu_idle (void)
>
> irq_stat[smp_processor_id()].idle_timestamp = jiffies;
> idle();
> - rcu_read_unlock();
> }
> schedule();
> }
> diff -urpN -X ../dontdiff linux-2.5/arch/ia64/kernel/process.c linux-2.5-idle_rcu/arch/ia64/kernel/process.c
> --- linux-2.5/arch/ia64/kernel/process.c Mon Nov 29 10:47:18 2004
> +++ linux-2.5-idle_rcu/arch/ia64/kernel/process.c Sat Dec 4 14:54:30 2004
> @@ -230,6 +230,10 @@ cpu_idle (void *unused)
>
> /* endless idle loop with no priority at all */
> while (1) {
> + /*
> + * Note that it is illegal to use RCU read-side
> + * critical sections within the idle loop.
> + */
> #ifdef CONFIG_SMP
> if (!need_resched())
> min_xtp();
> @@ -239,17 +243,10 @@ cpu_idle (void *unused)
>
> if (mark_idle)
> (*mark_idle)(1);
> - /*
> - * Mark this as an RCU critical section so that
> - * synchronize_kernel() in the unload path waits
> - * for our completion.
> - */
> - rcu_read_lock();
> idle = pm_idle;
> if (!idle)
> idle = default_idle;
> (*idle)();
> - rcu_read_unlock();
> }
>
> if (mark_idle)
> diff -urpN -X ../dontdiff linux-2.5/arch/x86_64/kernel/process.c linux-2.5-idle_rcu/arch/x86_64/kernel/process.c
> --- linux-2.5/arch/x86_64/kernel/process.c Mon Nov 29 10:48:05 2004
> +++ linux-2.5-idle_rcu/arch/x86_64/kernel/process.c Sat Dec 4 14:55:13 2004
> @@ -133,19 +133,16 @@ void cpu_idle (void)
> {
> /* endless idle loop with no priority at all */
> while (1) {
> + /*
> + * Note that it is illegal to use RCU read-side
> + * critical sections within the idle loop.
> + */
> while (!need_resched()) {
> void (*idle)(void);
> - /*
> - * Mark this as an RCU critical section so that
> - * synchronize_kernel() in the unload path waits
> - * for our completion.
> - */
> - rcu_read_lock();
> idle = pm_idle;
> if (!idle)
> idle = default_idle;
> idle();
> - rcu_read_unlock();
> }
> schedule();
> }
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/
>
>
--
Regards Michael Buesch [ http://www.tuxsoft.de.vu ]
[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]
next prev parent reply other threads:[~2004-12-06 0:34 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-12-04 23:11 [RFC] Strange code in cpu_idle() Paul E. McKenney
2004-12-06 0:32 ` Michael Buesch [this message]
2004-12-06 9:54 ` Zwane Mwaikambo
2004-12-06 10:01 ` Michael Buesch
2004-12-06 9:47 ` Zwane Mwaikambo
2004-12-06 11:02 ` Dipankar Sarma
2004-12-06 14:33 ` Zwane Mwaikambo
-- strict thread matches above, loose matches on Subject: below --
2004-12-06 9:13 Li, Shaohua
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200412060132.40912.mbuesch@freenet.de \
--to=mbuesch@freenet.de \
--cc=ak@suse.de \
--cc=davidm@hpl.hp.com \
--cc=dipankar@in.ibm.com \
--cc=gareth@valinux.com \
--cc=linux-kernel@vger.kernel.org \
--cc=paulmck@us.ibm.com \
--cc=rusty@au1.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.