Re: [PATCH tip/core/rcu 02/19] rcu: Defer reporting RCU-preempt quiescent states when disabled

["Paul E. McKenney" <paulmck@linux.ibm.com>]

On Wed, Oct 31, 2018 at 11:22:59AM -0700, Paul E. McKenney wrote:
> On Tue, Oct 30, 2018 at 03:21:23PM -0700, Joel Fernandes wrote:
> > On Tue, Oct 30, 2018 at 05:58:00AM -0700, Paul E. McKenney wrote:
> > > On Mon, Oct 29, 2018 at 08:44:52PM -0700, Joel Fernandes wrote:
> > > > On Mon, Oct 29, 2018 at 07:27:35AM -0700, Paul E. McKenney wrote:

[ . . . ]

> > > > The INT_MAX naming could be very confusing for nesting levels, could we not
> > > > instead just define something like:
> > > > #define RCU_NESTING_MIN (INT_MIN - 1)
> > > > #define RCU_NESTING_MAX (INT_MAX)
> > > > 
> > > > and just use that? also one more comment below:
> > > 
> > > Hmmm...  There is currently no use for RCU_NESTING_MAX, but if the check
> > > at the end of __rcu_read_unlock() were to be extended to check for
> > > too-deep positive nesting, it would need to check for something like
> > > INT_MAX/2.  You could of course argue that the current check against
> > > INT_MIN/2 should instead be against -INT_MAX/2, but there really isn't
> > > much difference between the two.
> > > 
> > > Another approach would be to convert to unsigned in order to avoid the
> > > overflow problem completely.
> > > 
> > > For the moment, anyway, I am inclined to leave it as is.
> > 
> > Both the unsigned and INT_MIN/2 options sound good to me, but if you want
> > leave it as is, that would be fine as well. thanks,
> 
> One approach would be something like this:
> 
> #define RCU_READ_LOCK_BIAS (INT_MAX)
> #define RCU_READ_LOCK_NMAX (-INT_MAX)
> #define RCU_READ_LOCK_PMAX INT_MAX
> 
> Then _rcu_read_unlock() would set ->rcu_read_lock_nesting to
> -RCU_READ_LOCK_BIAS, and compare against RCU_READ_LOCK_NMAX.
> The comparison against RCU_READ_LOCK_PMAX would preferably take
> place just after the increment in __rcu_read_lock(), again only under
> CONFIG_PROVE_RCU.
> 
> rcu_preempt_deferred_qs() would then subtract then add RCU_READ_LOCK_BIAS.
> 
> Thoughts?

Hearing no objections, here is the updated patch.

								Thanx, Paul

------------------------------------------------------------------------

commit 970cab5d3d206029ed27274a98ea1c3d7e780e53
Author: Paul E. McKenney <paulmck@linux.ibm.com>
Date:   Mon Oct 29 07:36:50 2018 -0700

    rcu: Avoid signed integer overflow in rcu_preempt_deferred_qs()
    
    Subtracting INT_MIN can be interpreted as unconditional signed integer
    overflow, which according to the C standard is undefined behavior.
    Therefore, kernel build arguments notwithstanding, it would be good to
    future-proof the code.  This commit therefore substitutes INT_MAX for
    INT_MIN in order to avoid undefined behavior.
    
    While in the neighborhood, this commit also creates some meaningful names
    for INT_MAX and friends in order to improve readability, as suggested
    by Joel Fernandes.
    
    Reported-by: Ran Rozenstein <ranro@mellanox.com>
    Signed-off-by: Paul E. McKenney <paulmck@linux.ibm.com>
    
    squash! rcu: Avoid signed integer overflow in rcu_preempt_deferred_qs()
    
    While in the neighborhood, use macros to give meaningful names.
    
    Signed-off-by: Paul E. McKenney <paulmck@linux.ibm.com>

diff --git a/kernel/rcu/tree_plugin.h b/kernel/rcu/tree_plugin.h
index bd8186d0f4a7..e60f820ffb83 100644
--- a/kernel/rcu/tree_plugin.h
+++ b/kernel/rcu/tree_plugin.h
@@ -397,6 +397,11 @@ static int rcu_preempt_blocked_readers_cgp(struct rcu_node *rnp)
 	return rnp->gp_tasks != NULL;
 }
 
+/* Bias and limit values for ->rcu_read_lock_nesting. */
+#define RCU_NEST_BIAS INT_MAX
+#define RCU_NEST_NMAX (-INT_MAX / 2)
+#define RCU_NEST_PMAX (INT_MAX / 2)
+
 /*
  * Preemptible RCU implementation for rcu_read_lock().
  * Just increment ->rcu_read_lock_nesting, shared state will be updated
@@ -405,6 +410,8 @@ static int rcu_preempt_blocked_readers_cgp(struct rcu_node *rnp)
 void __rcu_read_lock(void)
 {
 	current->rcu_read_lock_nesting++;
+	if (IS_ENABLED(CONFIG_PROVE_LOCKING))
+		WARN_ON_ONCE(current->rcu_read_lock_nesting > RCU_NEST_PMAX);
 	barrier();  /* critical section after entry code. */
 }
 EXPORT_SYMBOL_GPL(__rcu_read_lock);
@@ -424,20 +431,18 @@ void __rcu_read_unlock(void)
 		--t->rcu_read_lock_nesting;
 	} else {
 		barrier();  /* critical section before exit code. */
-		t->rcu_read_lock_nesting = INT_MIN;
+		t->rcu_read_lock_nesting = -RCU_NEST_BIAS;
 		barrier();  /* assign before ->rcu_read_unlock_special load */
 		if (unlikely(READ_ONCE(t->rcu_read_unlock_special.s)))
 			rcu_read_unlock_special(t);
 		barrier();  /* ->rcu_read_unlock_special load before assign */
 		t->rcu_read_lock_nesting = 0;
 	}
-#ifdef CONFIG_PROVE_LOCKING
-	{
-		int rrln = READ_ONCE(t->rcu_read_lock_nesting);
+	if (IS_ENABLED(CONFIG_PROVE_LOCKING)) {
+		int rrln = t->rcu_read_lock_nesting;
 
-		WARN_ON_ONCE(rrln < 0 && rrln > INT_MIN / 2);
+		WARN_ON_ONCE(rrln < 0 && rrln > RCU_NEST_NMAX);
 	}
-#endif /* #ifdef CONFIG_PROVE_LOCKING */
 }
 EXPORT_SYMBOL_GPL(__rcu_read_unlock);
 
@@ -617,11 +622,11 @@ static void rcu_preempt_deferred_qs(struct task_struct *t)
 	if (!rcu_preempt_need_deferred_qs(t))
 		return;
 	if (couldrecurse)
-		t->rcu_read_lock_nesting -= INT_MIN;
+		t->rcu_read_lock_nesting -= RCU_NEST_BIAS;
 	local_irq_save(flags);
 	rcu_preempt_deferred_qs_irqrestore(t, flags);
 	if (couldrecurse)
-		t->rcu_read_lock_nesting += INT_MIN;
+		t->rcu_read_lock_nesting += RCU_NEST_BIAS;
 }
 
 /*