From: Oleg Nesterov <oleg@redhat.com>
To: Denys Vlasenko <vda.linux@googlemail.com>
Cc: Jeremy Fitzhardinge <jeremy@goop.org>,
the arch/x86 maintainers <x86@kernel.org>,
KVM list <kvm@vger.kernel.org>,
Peter Zijlstra <peterz@infradead.org>,
virtualization <virtualization@lists.linux-foundation.org>,
Paul Gortmaker <paul.gortmaker@windriver.com>,
Peter Anvin <hpa@zytor.com>, Davidlohr Bueso <dave@stgolabs.net>,
Andrey Ryabinin <a.ryabinin@samsung.com>,
Raghavendra K T <raghavendra.kt@linux.vnet.ibm.com>,
Christian Borntraeger <borntraeger@de.ibm.com>,
Ingo Molnar <mingo@redhat.com>,
Sasha Levin <sasha.levin@oracle.com>,
Paul McKenney <paulmck@linux.vnet.ibm.com>,
Rik van Riel <riel@redhat.com>,
Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>,
Andi Kleen <ak@linux.intel.com>,
xen-devel@lists.xenproject.org, Dave Jones <davej@redhat.com>,
Thomas Gleixner <tglx@linutronix.de>,
Waiman Long <waiman.long@hp.com>,
Linux Kernel Mailing List <linux-kernel@vger.kerne>
Subject: Re: [PATCH] x86 spinlock: Fix memory corruption on completing completions
Date: Tue, 10 Feb 2015 15:24:17 +0100 [thread overview]
Message-ID: <20150210142417.GA1449@redhat.com> (raw)
In-Reply-To: <CAK1hOcNZ+hfjt=CmtZumPoFQRdQbf9SSEF0cOWv9-9ku0K7bcg@mail.gmail.com>
On 02/10, Denys Vlasenko wrote:
>
> # define HEAD_MASK (TICKET_SLOWPATH_FLAG-1)
>
> ...
> unlock_again:
>
> val = xadd((&lock->ticket.head_tail, TICKET_LOCK_INC);
> if (unlikely(!(val & HEAD_MASK))) {
> /* overflow. we inadvertently incremented the tail word.
> * tail's lsb is TICKET_SLOWPATH_FLAG.
> * Increment inverted this bit, fix it up.
> * (inc _may_ have messed up tail counter too,
> * will deal with it after kick.)
> */
> val ^= TICKET_SLOWPATH_FLAG;
> }
>
> if (unlikely(val & TICKET_SLOWPATH_FLAG)) {
> ...kick the waiting task...
>
> val -= TICKET_SLOWPATH_FLAG;
> if (unlikely(!(val & HEAD_MASK))) {
> /* overflow. we inadvertently incremented tail word, *and*
> * TICKET_SLOWPATH_FLAG was set, increment overflowed
> * that bit too and incremented tail counter.
> * This means we (inadvertently) taking the lock again!
> * Oh well. Take it, and unlock it again...
> */
> while (1) {
> if (READ_ONCE(lock->tickets.head) != TICKET_TAIL(val))
> cpu_relax();
> }
> goto unlock_again;
> }
>
>
> Granted, this looks ugly.
complicated ;)
But "Take it, and unlock it again" simply can't work, this can deadlock.
Note that unlock() can be called after successful try_lock(). And other
problems with lock-ordering, like
lock(X);
lock(Y);
unlock(X);
Oleg.
WARNING: multiple messages have this Message-ID (diff)
From: Oleg Nesterov <oleg@redhat.com>
To: Denys Vlasenko <vda.linux@googlemail.com>
Cc: Jeremy Fitzhardinge <jeremy@goop.org>,
the arch/x86 maintainers <x86@kernel.org>,
KVM list <kvm@vger.kernel.org>,
Peter Zijlstra <peterz@infradead.org>,
virtualization <virtualization@lists.linux-foundation.org>,
Paul Gortmaker <paul.gortmaker@windriver.com>,
Peter Anvin <hpa@zytor.com>, Davidlohr Bueso <dave@stgolabs.net>,
Andrey Ryabinin <a.ryabinin@samsung.com>,
Raghavendra K T <raghavendra.kt@linux.vnet.ibm.com>,
Christian Borntraeger <borntraeger@de.ibm.com>,
Ingo Molnar <mingo@redhat.com>,
Sasha Levin <sasha.levin@oracle.com>,
Paul McKenney <paulmck@linux.vnet.ibm.com>,
Rik van Riel <riel@redhat.com>,
Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>,
Andi Kleen <ak@linux.intel.com>,
xen-devel@lists.xenproject.org, Dave Jones <davej@redhat.com>,
Thomas Gleixner <tglx@linutronix.de>,
Waiman Long <waiman.long@hp.com>,
Linux Kernel Mailing List <linux-kernel@vger.kerne
Subject: Re: [PATCH] x86 spinlock: Fix memory corruption on completing completions
Date: Tue, 10 Feb 2015 15:24:17 +0100 [thread overview]
Message-ID: <20150210142417.GA1449@redhat.com> (raw)
In-Reply-To: <CAK1hOcNZ+hfjt=CmtZumPoFQRdQbf9SSEF0cOWv9-9ku0K7bcg@mail.gmail.com>
On 02/10, Denys Vlasenko wrote:
>
> # define HEAD_MASK (TICKET_SLOWPATH_FLAG-1)
>
> ...
> unlock_again:
>
> val = xadd((&lock->ticket.head_tail, TICKET_LOCK_INC);
> if (unlikely(!(val & HEAD_MASK))) {
> /* overflow. we inadvertently incremented the tail word.
> * tail's lsb is TICKET_SLOWPATH_FLAG.
> * Increment inverted this bit, fix it up.
> * (inc _may_ have messed up tail counter too,
> * will deal with it after kick.)
> */
> val ^= TICKET_SLOWPATH_FLAG;
> }
>
> if (unlikely(val & TICKET_SLOWPATH_FLAG)) {
> ...kick the waiting task...
>
> val -= TICKET_SLOWPATH_FLAG;
> if (unlikely(!(val & HEAD_MASK))) {
> /* overflow. we inadvertently incremented tail word, *and*
> * TICKET_SLOWPATH_FLAG was set, increment overflowed
> * that bit too and incremented tail counter.
> * This means we (inadvertently) taking the lock again!
> * Oh well. Take it, and unlock it again...
> */
> while (1) {
> if (READ_ONCE(lock->tickets.head) != TICKET_TAIL(val))
> cpu_relax();
> }
> goto unlock_again;
> }
>
>
> Granted, this looks ugly.
complicated ;)
But "Take it, and unlock it again" simply can't work, this can deadlock.
Note that unlock() can be called after successful try_lock(). And other
problems with lock-ordering, like
lock(X);
lock(Y);
unlock(X);
Oleg.
WARNING: multiple messages have this Message-ID (diff)
From: Oleg Nesterov <oleg@redhat.com>
To: Denys Vlasenko <vda.linux@googlemail.com>
Cc: Raghavendra K T <raghavendra.kt@linux.vnet.ibm.com>,
Linus Torvalds <torvalds@linux-foundation.org>,
Jeremy Fitzhardinge <jeremy@goop.org>,
Sasha Levin <sasha.levin@oracle.com>,
Davidlohr Bueso <dave@stgolabs.net>,
Peter Zijlstra <peterz@infradead.org>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, Peter Anvin <hpa@zytor.com>,
Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>,
Paolo Bonzini <pbonzini@redhat.com>,
Paul McKenney <paulmck@linux.vnet.ibm.com>,
Waiman Long <waiman.long@hp.com>, Dave Jones <davej@redhat.com>,
the arch/x86 maintainers <x86@kernel.org>,
Paul Gortmaker <paul.gortmaker@windriver.com>,
Andi Kleen <ak@linux.intel.com>, Jason Wang <jasowang@redhat.com>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
KVM list <kvm@vger.kernel.org>,
virtualization <virtualization@lists.linux-foundation.org>,
xen-devel@lists.xenproject.org, Rik van Riel <riel@redhat.com>,
Christian Borntraeger <borntraeger@de.ibm.com>,
Andrew Morton <akpm@linux-foundation.org>,
Andrey Ryabinin <a.ryabinin@samsung.com>
Subject: Re: [PATCH] x86 spinlock: Fix memory corruption on completing completions
Date: Tue, 10 Feb 2015 15:24:17 +0100 [thread overview]
Message-ID: <20150210142417.GA1449@redhat.com> (raw)
In-Reply-To: <CAK1hOcNZ+hfjt=CmtZumPoFQRdQbf9SSEF0cOWv9-9ku0K7bcg@mail.gmail.com>
On 02/10, Denys Vlasenko wrote:
>
> # define HEAD_MASK (TICKET_SLOWPATH_FLAG-1)
>
> ...
> unlock_again:
>
> val = xadd((&lock->ticket.head_tail, TICKET_LOCK_INC);
> if (unlikely(!(val & HEAD_MASK))) {
> /* overflow. we inadvertently incremented the tail word.
> * tail's lsb is TICKET_SLOWPATH_FLAG.
> * Increment inverted this bit, fix it up.
> * (inc _may_ have messed up tail counter too,
> * will deal with it after kick.)
> */
> val ^= TICKET_SLOWPATH_FLAG;
> }
>
> if (unlikely(val & TICKET_SLOWPATH_FLAG)) {
> ...kick the waiting task...
>
> val -= TICKET_SLOWPATH_FLAG;
> if (unlikely(!(val & HEAD_MASK))) {
> /* overflow. we inadvertently incremented tail word, *and*
> * TICKET_SLOWPATH_FLAG was set, increment overflowed
> * that bit too and incremented tail counter.
> * This means we (inadvertently) taking the lock again!
> * Oh well. Take it, and unlock it again...
> */
> while (1) {
> if (READ_ONCE(lock->tickets.head) != TICKET_TAIL(val))
> cpu_relax();
> }
> goto unlock_again;
> }
>
>
> Granted, this looks ugly.
complicated ;)
But "Take it, and unlock it again" simply can't work, this can deadlock.
Note that unlock() can be called after successful try_lock(). And other
problems with lock-ordering, like
lock(X);
lock(Y);
unlock(X);
Oleg.
next prev parent reply other threads:[~2015-02-10 14:24 UTC|newest]
Thread overview: 111+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-02-06 14:49 [PATCH] x86 spinlock: Fix memory corruption on completing completions Raghavendra K T
2015-02-06 15:20 ` Sasha Levin
2015-02-06 15:20 ` Sasha Levin
2015-02-06 16:15 ` Linus Torvalds
2015-02-06 16:15 ` Linus Torvalds
2015-02-06 16:15 ` Linus Torvalds
2015-02-06 17:03 ` Andrey Ryabinin
2015-02-06 17:03 ` Andrey Ryabinin
2015-02-06 17:03 ` Andrey Ryabinin
2015-02-06 17:03 ` Andrey Ryabinin
2015-02-06 16:15 ` Linus Torvalds
2015-02-08 17:14 ` Oleg Nesterov
2015-02-08 17:14 ` Oleg Nesterov
2015-02-08 17:14 ` Oleg Nesterov
2015-02-06 15:20 ` Sasha Levin
2015-02-06 16:25 ` Linus Torvalds
2015-02-06 16:25 ` Linus Torvalds
2015-02-06 16:25 ` Linus Torvalds
2015-02-06 16:25 ` Linus Torvalds
2015-02-06 19:42 ` Davidlohr Bueso
2015-02-06 19:42 ` Davidlohr Bueso
2015-02-06 19:42 ` Davidlohr Bueso
2015-02-06 19:42 ` Davidlohr Bueso
2015-02-06 21:15 ` Sasha Levin
2015-02-06 21:15 ` Sasha Levin
2015-02-06 21:15 ` Sasha Levin
2015-02-06 21:15 ` Sasha Levin
2015-02-06 23:24 ` Davidlohr Bueso
2015-02-06 23:24 ` Davidlohr Bueso
2015-02-06 23:24 ` Davidlohr Bueso
2015-02-06 23:24 ` Davidlohr Bueso
2015-02-08 17:49 ` Raghavendra K T
2015-02-08 17:49 ` Raghavendra K T
2015-02-08 17:49 ` Raghavendra K T
2015-02-08 17:49 ` Raghavendra K T
2015-02-06 18:57 ` Sasha Levin
2015-02-06 18:57 ` Sasha Levin
2015-02-08 17:57 ` Raghavendra K T
2015-02-08 17:57 ` Raghavendra K T
2015-02-08 17:57 ` Raghavendra K T
2015-02-06 18:57 ` Sasha Levin
2015-02-08 21:14 ` Jeremy Fitzhardinge
2015-02-08 21:14 ` Jeremy Fitzhardinge
2015-02-09 9:34 ` Raghavendra K T
2015-02-09 9:34 ` Raghavendra K T
2015-02-09 12:02 ` Peter Zijlstra
2015-02-09 12:02 ` Peter Zijlstra
2015-02-09 12:52 ` Raghavendra K T
2015-02-09 12:52 ` Raghavendra K T
2015-02-09 12:52 ` Raghavendra K T
2015-02-10 0:53 ` Linus Torvalds
2015-02-10 0:53 ` Linus Torvalds
2015-02-10 0:53 ` Linus Torvalds
2015-02-10 9:30 ` Raghavendra K T
2015-02-10 9:30 ` Raghavendra K T
2015-02-10 9:30 ` Raghavendra K T
2015-02-10 13:18 ` Denys Vlasenko
2015-02-10 13:18 ` Denys Vlasenko
2015-02-10 13:18 ` Denys Vlasenko
2015-02-10 13:18 ` Denys Vlasenko
2015-02-10 13:20 ` Denys Vlasenko
2015-02-10 13:20 ` Denys Vlasenko
2015-02-10 13:20 ` Denys Vlasenko
2015-02-10 13:20 ` Denys Vlasenko
2015-02-10 14:24 ` Oleg Nesterov
2015-02-10 14:24 ` Oleg Nesterov [this message]
2015-02-10 14:24 ` Oleg Nesterov
2015-02-10 14:24 ` Oleg Nesterov
2015-02-10 13:23 ` Sasha Levin
2015-02-10 13:23 ` Sasha Levin
2015-02-10 13:23 ` Sasha Levin
2015-02-10 13:26 ` Oleg Nesterov
2015-02-10 13:26 ` Oleg Nesterov
2015-02-10 13:26 ` Oleg Nesterov
2015-02-11 1:18 ` Jeremy Fitzhardinge
2015-02-11 1:18 ` Jeremy Fitzhardinge
2015-02-11 1:18 ` Jeremy Fitzhardinge
2015-02-11 17:24 ` Oleg Nesterov
2015-02-11 17:24 ` Oleg Nesterov
2015-02-11 17:24 ` Oleg Nesterov
2015-02-11 17:24 ` Oleg Nesterov
2015-02-11 23:15 ` Jeremy Fitzhardinge
2015-02-11 23:15 ` Jeremy Fitzhardinge
2015-02-11 23:15 ` Jeremy Fitzhardinge
2015-02-11 23:15 ` Jeremy Fitzhardinge
2015-02-11 23:28 ` Linus Torvalds
2015-02-12 7:08 ` Jeremy Fitzhardinge
2015-02-12 7:08 ` Jeremy Fitzhardinge
2015-02-11 23:28 ` Linus Torvalds
2015-02-12 14:18 ` Oleg Nesterov
2015-02-12 14:18 ` Oleg Nesterov
2015-02-12 14:18 ` Oleg Nesterov
2015-02-12 14:18 ` Oleg Nesterov
2015-02-11 1:18 ` Jeremy Fitzhardinge
2015-02-11 11:08 ` Raghavendra K T
2015-02-11 11:08 ` Raghavendra K T
2015-02-11 11:08 ` Raghavendra K T
2015-02-11 17:38 ` Oleg Nesterov
2015-02-11 17:38 ` Oleg Nesterov
2015-02-11 17:38 ` Oleg Nesterov
2015-02-11 18:38 ` Raghavendra K T
2015-02-11 18:38 ` Raghavendra K T
2015-02-11 18:38 ` Raghavendra K T
2015-02-11 18:38 ` Raghavendra K T
2015-02-11 11:08 ` Raghavendra K T
2015-02-10 0:53 ` Linus Torvalds
2015-02-09 12:02 ` Peter Zijlstra
2015-02-09 9:34 ` Raghavendra K T
2015-02-08 21:14 ` Jeremy Fitzhardinge
-- strict thread matches above, loose matches on Subject: below --
2015-02-06 14:49 Raghavendra K T
2015-02-06 14:49 Raghavendra K T
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150210142417.GA1449@redhat.com \
--to=oleg@redhat.com \
--cc=a.ryabinin@samsung.com \
--cc=ak@linux.intel.com \
--cc=borntraeger@de.ibm.com \
--cc=dave@stgolabs.net \
--cc=davej@redhat.com \
--cc=hpa@zytor.com \
--cc=jeremy@goop.org \
--cc=konrad.wilk@oracle.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kerne \
--cc=mingo@redhat.com \
--cc=paul.gortmaker@windriver.com \
--cc=paulmck@linux.vnet.ibm.com \
--cc=peterz@infradead.org \
--cc=raghavendra.kt@linux.vnet.ibm.com \
--cc=riel@redhat.com \
--cc=sasha.levin@oracle.com \
--cc=tglx@linutronix.de \
--cc=vda.linux@googlemail.com \
--cc=virtualization@lists.linux-foundation.org \
--cc=waiman.long@hp.com \
--cc=x86@kernel.org \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.