From: "Paul E. McKenney" <paulmck@linux.vnet.ibm.com>
To: Mike Galbraith <efault@gmx.de>
Cc: Paul Menage <menage@google.com>, Li Zefan <lizf@cn.fujitsu.com>,
LKML <linux-kernel@vger.kernel.org>,
Colin Cross <ccross@android.com>,
Peter Zijlstra <a.p.zijlstra@chello.nl>,
Ingo Molnar <mingo@elte.hu>
Subject: Re: query: [PATCH 2/2] cgroup: Remove call to synchronize_rcu in cgroup_attach_task
Date: Mon, 2 May 2011 16:03:14 -0700 [thread overview]
Message-ID: <20110502230314.GR2294@linux.vnet.ibm.com> (raw)
In-Reply-To: <1304348640.6281.33.camel@marge.simson.net>
On Mon, May 02, 2011 at 05:04:00PM +0200, Mike Galbraith wrote:
> On Mon, 2011-05-02 at 16:29 +0200, Mike Galbraith wrote:
> > On Mon, 2011-05-02 at 06:46 -0700, Paul E. McKenney wrote:
> > > On Fri, Apr 29, 2011 at 02:34:47PM +0200, Mike Galbraith wrote:
> >
> > > > Makes one wonder what these things do for a living.
> > >
> > > If you are adding something to an RCU-protected data structure, then you do
> > > not need synchronize_rcu(). But if you are removing something from
> > > an RCU-protected data structure, then you really do need them. If you
> > > leave them out, you can see the following type of failure:
> > >
> > > 1. CPU 0, running in an RCU read-side critical section, obtains
> > > a pointer to data item A.
> > >
> > > 2. CPU 1 removes data item A from the structure.
> > >
> > > 3. CPU 1 does not do a synchronize_rcu(). If CPU 1 had done a
> > > synchronize_rcu(), then it would have waited until CPU 0 had
> > > left its RCU read-side critical section, and thus until
> > > CPU 0 stopped using its pointer to data item A. But there was
> > > no synchronize_rcu(), so CPU 0 is still looking at data item A.
> > >
> > > 4. CPU 1 frees data item A.
> > >
> > > This is very bad. CPU 0 has a pointer into the freelist. Worse yet,
> > > some other CPU might allocate memory and get a pointer to data item A.
> > > That CPU and CPU 0 would then have an interesting but short lived
> > > disagreement about that memory's type. Crash goes the kernel.
> > >
> > > So please do not remove synchronize_rcu() calls unless you can prove
> > > that it is safe to do so!
> >
> > In these instances are a little different.
> >
> > We have..
> > start teardown
> > synchronize_rcu()
> > finish teardown
> > call_rcu(kfree_it)
> > ..so removal wouldn't trigger the standard "let's rummage around in
> > freed memory" kind of excitement.
> >
> > But yeah, removing them without proof is out.
> >
> > My box was telling me that they _are_ safe to remove, by not exploding
> > with list/slub debug enabled while I beat the snot out of it.. which is
> > evidence, but not proof :)
>
> P.S. the explosions I was looking into were caused by that finish
> teardown being in flight via schedule_work() when android removed
> synchronize_rcu() _and synchronization on in-flight teardown_. I became
> curious wrt the need for synchronize_rcu() at all when I fixed these
> explosions by ensuring that teardown was _not_ in flight before
> shredding the cgroup via rmdir, by doing synchronous teardown if
> possible, and only synchronizing if it wasn't possible. Only removing
> synchronize_rcu() does essentially the same, since teardown is then done
> synchronously under the big mutex. Freeing is still done via rcu.
>
> So it wasn't "these things make userspace sleepy, let's remove them".
OK, but you did have me going for a bit there! ;-)
Thanx, Paul
next prev parent reply other threads:[~2011-05-02 23:36 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-04-07 9:55 query: [PATCH 2/2] cgroup: Remove call to synchronize_rcu in cgroup_attach_task Mike Galbraith
2011-04-13 2:02 ` Li Zefan
2011-04-13 3:11 ` Mike Galbraith
2011-04-13 13:16 ` Paul Menage
2011-04-13 16:56 ` Mike Galbraith
2011-04-14 7:26 ` Mike Galbraith
2011-04-14 8:34 ` Mike Galbraith
2011-04-14 8:44 ` Mike Galbraith
2011-04-18 14:21 ` Mike Galbraith
2011-04-28 9:38 ` Mike Galbraith
2011-04-29 12:34 ` Mike Galbraith
2011-05-02 13:46 ` Paul E. McKenney
2011-05-02 14:29 ` Mike Galbraith
2011-05-02 15:04 ` Mike Galbraith
2011-05-02 23:03 ` Paul E. McKenney [this message]
2011-04-13 13:10 ` Paul Menage
2011-04-13 16:52 ` Mike Galbraith
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20110502230314.GR2294@linux.vnet.ibm.com \
--to=paulmck@linux.vnet.ibm.com \
--cc=a.p.zijlstra@chello.nl \
--cc=ccross@android.com \
--cc=efault@gmx.de \
--cc=linux-kernel@vger.kernel.org \
--cc=lizf@cn.fujitsu.com \
--cc=menage@google.com \
--cc=mingo@elte.hu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.