Re: [PATCH V4] x86 spinlock: Fix memory corruption on completing completions

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Oleg Nesterov <oleg@redhat.com>
To: Raghavendra K T <raghavendra.kt@linux.vnet.ibm.com>
Cc: jeremy@goop.org, kvm@vger.kernel.org, peterz@infradead.org,
	virtualization@lists.linux-foundation.org,
	paul.gortmaker@windriver.com, hpa@zytor.com, ak@linux.intel.com,
	a.ryabinin@samsung.com, x86@kernel.org, borntraeger@de.ibm.com,
	mingo@redhat.com, xen-devel@lists.xenproject.org,
	paulmck@linux.vnet.ibm.com, riel@redhat.com,
	konrad.wilk@oracle.com, dave@stgolabs.net,
	sasha.levin@oracle.com, davej@redhat.com, tglx@linutronix.de,
	waiman.long@hp.com, linux-kernel@vger.kernel.org,
	pbonzini@redhat.com, akpm@linux-foundation.org,
	torvalds@linux-foundation.org
Subject: Re: [PATCH V4] x86 spinlock: Fix memory corruption on completing completions
Date: Fri, 13 Feb 2015 16:32:28 +0100	[thread overview]
Message-ID: <20150213153228.GA9535@redhat.com> (raw)
In-Reply-To: <1423809941-11125-1-git-send-email-raghavendra.kt@linux.vnet.ibm.com>

On 02/13, Raghavendra K T wrote:
>
> @@ -164,7 +161,7 @@ static inline int arch_spin_is_locked(arch_spinlock_t *lock)
>  {
>  	struct __raw_tickets tmp = READ_ONCE(lock->tickets);
>
> -	return tmp.tail != tmp.head;
> +	return tmp.tail != (tmp.head & ~TICKET_SLOWPATH_FLAG);
>  }

Well, this can probably use __tickets_equal() too. But this is cosmetic.

It seems that arch_spin_is_contended() should be fixed with this change,

	(__ticket_t)(tmp.tail - tmp.head) > TICKET_LOCK_INC

can be true because of TICKET_SLOWPATH_FLAG in .head, even if it is actually
unlocked. And the "(__ticket_t)" typecast looks unnecessary, it only adds more
confusuin, but this is cosmetic too.



> @@ -772,7 +773,8 @@ __visible void kvm_lock_spinning(struct arch_spinlock *lock, __ticket_t want)
>  	 * check again make sure it didn't become free while
>  	 * we weren't looking.
>  	 */
> -	if (ACCESS_ONCE(lock->tickets.head) == want) {
> +	head = READ_ONCE(lock->tickets.head);
> +	if (__tickets_equal(head, want)) {
>  		add_stats(TAKEN_SLOW_PICKUP, 1);
>  		goto out;

This is off-topic, but with or without this change perhaps it makes sense
to add smp_mb__after_atomic(). It is nop on x86, just to make this code
more understandable for those (for me ;) who can never remember even the
x86 rules.

Oleg.

WARNING: multiple messages have this Message-ID (diff)

From: Oleg Nesterov <oleg@redhat.com>
To: Raghavendra K T <raghavendra.kt@linux.vnet.ibm.com>
Cc: tglx@linutronix.de, mingo@redhat.com, hpa@zytor.com,
	peterz@infradead.org, torvalds@linux-foundation.org,
	konrad.wilk@oracle.com, pbonzini@redhat.com,
	paulmck@linux.vnet.ibm.com, waiman.long@hp.com, davej@redhat.com,
	x86@kernel.org, jeremy@goop.org, paul.gortmaker@windriver.com,
	ak@linux.intel.com, jasowang@redhat.com,
	linux-kernel@vger.kernel.org, kvm@vger.kernel.org,
	virtualization@lists.linux-foundation.org,
	xen-devel@lists.xenproject.org, riel@redhat.com,
	borntraeger@de.ibm.com, akpm@linux-foundation.org,
	a.ryabinin@samsung.com, sasha.levin@oracle.com,
	dave@stgolabs.net
Subject: Re: [PATCH V4] x86 spinlock: Fix memory corruption on completing completions
Date: Fri, 13 Feb 2015 16:32:28 +0100	[thread overview]
Message-ID: <20150213153228.GA9535@redhat.com> (raw)
In-Reply-To: <1423809941-11125-1-git-send-email-raghavendra.kt@linux.vnet.ibm.com>

On 02/13, Raghavendra K T wrote:
>
> @@ -164,7 +161,7 @@ static inline int arch_spin_is_locked(arch_spinlock_t *lock)
>  {
>  	struct __raw_tickets tmp = READ_ONCE(lock->tickets);
>
> -	return tmp.tail != tmp.head;
> +	return tmp.tail != (tmp.head & ~TICKET_SLOWPATH_FLAG);
>  }

Well, this can probably use __tickets_equal() too. But this is cosmetic.

It seems that arch_spin_is_contended() should be fixed with this change,

	(__ticket_t)(tmp.tail - tmp.head) > TICKET_LOCK_INC

can be true because of TICKET_SLOWPATH_FLAG in .head, even if it is actually
unlocked. And the "(__ticket_t)" typecast looks unnecessary, it only adds more
confusuin, but this is cosmetic too.



> @@ -772,7 +773,8 @@ __visible void kvm_lock_spinning(struct arch_spinlock *lock, __ticket_t want)
>  	 * check again make sure it didn't become free while
>  	 * we weren't looking.
>  	 */
> -	if (ACCESS_ONCE(lock->tickets.head) == want) {
> +	head = READ_ONCE(lock->tickets.head);
> +	if (__tickets_equal(head, want)) {
>  		add_stats(TAKEN_SLOW_PICKUP, 1);
>  		goto out;

This is off-topic, but with or without this change perhaps it makes sense
to add smp_mb__after_atomic(). It is nop on x86, just to make this code
more understandable for those (for me ;) who can never remember even the
x86 rules.

Oleg.

next prev parent reply	other threads:[~2015-02-13 15:32 UTC|newest]

Thread overview: 16+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-02-13  6:45 [PATCH V4] x86 spinlock: Fix memory corruption on completing completions Raghavendra K T
2015-02-13  6:45 ` Raghavendra K T
2015-02-13  6:45 ` Raghavendra K T
2015-02-13 15:32 ` Oleg Nesterov [this message]
2015-02-13 15:32   ` Oleg Nesterov
2015-02-13 15:40   ` Oleg Nesterov
2015-02-13 15:40   ` Oleg Nesterov
2015-02-13 15:40     ` Oleg Nesterov
2015-02-15  5:47   ` Raghavendra K T
2015-02-15  5:47   ` Raghavendra K T
2015-02-15  5:47     ` Raghavendra K T
2015-02-15 16:07     ` Oleg Nesterov
2015-02-15 16:07       ` Oleg Nesterov
2015-02-15 16:07     ` Oleg Nesterov
2015-02-13 15:32 ` Oleg Nesterov
  -- strict thread matches above, loose matches on Subject: below --
2015-02-13  6:45 Raghavendra K T

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20150213153228.GA9535@redhat.com \
    --to=oleg@redhat.com \
    --cc=a.ryabinin@samsung.com \
    --cc=ak@linux.intel.com \
    --cc=akpm@linux-foundation.org \
    --cc=borntraeger@de.ibm.com \
    --cc=dave@stgolabs.net \
    --cc=davej@redhat.com \
    --cc=hpa@zytor.com \
    --cc=jeremy@goop.org \
    --cc=konrad.wilk@oracle.com \
    --cc=kvm@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mingo@redhat.com \
    --cc=paul.gortmaker@windriver.com \
    --cc=paulmck@linux.vnet.ibm.com \
    --cc=pbonzini@redhat.com \
    --cc=peterz@infradead.org \
    --cc=raghavendra.kt@linux.vnet.ibm.com \
    --cc=riel@redhat.com \
    --cc=sasha.levin@oracle.com \
    --cc=tglx@linutronix.de \
    --cc=torvalds@linux-foundation.org \
    --cc=virtualization@lists.linux-foundation.org \
    --cc=waiman.long@hp.com \
    --cc=x86@kernel.org \
    --cc=xen-devel@lists.xenproject.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.