From: Jan Kiszka <jan.kiszka@domain.hid>
To: Gilles Chanteperdrix <gilles.chanteperdrix@xenomai.org>
Cc: xenomai-core <xenomai@xenomai.org>
Subject: Re: [Xenomai-core] x86: Endless minor faults
Date: Wed, 01 Jul 2009 18:01:21 +0200 [thread overview]
Message-ID: <4A4B8851.9070005@domain.hid> (raw)
In-Reply-To: <4A4B8617.5000704@domain.hid>
Gilles Chanteperdrix wrote:
> Jan Kiszka wrote:
>> Jan Kiszka wrote:
>>> Gilles Chanteperdrix wrote:
>>>> Jan Kiszka wrote:
>>>>> Jan Kiszka wrote:
>>>>>> It's still unclear what goes on precisely, we are still digging, but the
>>>>>> test system that can produce this is highly contended.
>>>>> Short update: Further instrumentation revealed that cr3 differs from
>>>>> active_mm->pgd while we are looping over that fault, ie. the kernel
>>>>> tries to fixup the wrong mm. And that means we have some open race
>>>>> window between updating cr3 and active_mm somewhere (isn't switch_mm run
>>>>> in a preemptible manner now?).
>>>> Maybe the rsp is wrong and leads you to the wrong active_mm ?
>>>>
>>>>> As a first shot I disabled CONFIG_IPIPE_DELAYED_ATOMICSW, and we are now
>>>>> checking if it makes a difference. Digging deeper into the code in the
>>>>> meanwhile...
>>>> As you have found out in the mean time, we do not use unlocked context
>>>> switches on x86.
>>>>
>>> Yes.
>>>
>>> The last question I asked myself (but couldn't answer yet due to other
>>> activity) was: Where are the local_irq_disable/enable_hw around
>>> switch_mm for its Linux callers?
>> Ha, that's the point: only activate_mm is protected, but we have more
>> spots in 2.6.29 and maybe other kernels, too!
>
> Ok, I do not see where switch_mm is called with IRQs off. What I found,
We have two direct callers of switch_mm in sched.c and one in fs/aio.c.
Both need protection (I pushed IRQ disabling into switch_mm), but that
is not enough according to current tests. It seems to reduce to
probability of corruption, though.
> however, is that leave_mm sets the cr3 and just clears
> active_mm->cpu_vm_mask. So, at this point, we have a discrepancy between
> cr3 and active_mm. I do not know what could happen if Xenomai could
> interrupt leave_mm between the cpu_clear and the write_cr3. From what I
> understand, switch_mm called by Xenomai upon return to root would re-set
> the bit, and re-set cr3, which would be set to the kernel cr3 right
> after that, but this would result in the active_mm.cpu_vm_mask bit being
> set instead of cleared as expected. So, maybe an irqs off section is
> missing in leave_mm.
leave_mm is already protected by its caller smp_invalidate_interrupt -
but now I'm parsing context_switch /wrt to lazy tlb.
Jan
--
Siemens AG, Corporate Technology, CT SE 2
Corporate Competence Center Embedded Linux
next prev parent reply other threads:[~2009-07-01 16:01 UTC|newest]
Thread overview: 45+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-06-29 17:35 [Xenomai-core] x86: Endless minor faults Jan Kiszka
2009-06-29 18:09 ` Philippe Gerum
2009-06-29 18:20 ` Jan Kiszka
2009-06-30 8:32 ` Jan Kiszka
2009-06-30 8:36 ` Gilles Chanteperdrix
2009-06-30 8:44 ` Jan Kiszka
2009-06-30 8:42 ` Gilles Chanteperdrix
2009-06-30 8:56 ` Jan Kiszka
2009-06-30 9:20 ` Philippe Gerum
2009-06-30 9:21 ` Gilles Chanteperdrix
2009-06-30 9:25 ` Philippe Gerum
2009-06-30 9:26 ` Gilles Chanteperdrix
2009-06-30 9:27 ` Philippe Gerum
2009-06-30 9:34 ` Gilles Chanteperdrix
2009-06-30 16:11 ` Jan Kiszka
2009-07-01 11:56 ` Jan Kiszka
2009-07-01 12:05 ` Jan Kiszka
2009-07-01 12:24 ` Gilles Chanteperdrix
2009-07-01 12:39 ` Jan Kiszka
2009-07-01 12:41 ` Gilles Chanteperdrix
2009-07-01 12:41 ` Jan Kiszka
2009-07-01 15:51 ` Gilles Chanteperdrix
2009-07-01 16:01 ` Jan Kiszka [this message]
2009-07-01 16:04 ` Jan Kiszka
2009-07-01 17:56 ` Jan Kiszka
2009-07-01 18:15 ` Philippe Gerum
2009-07-01 18:27 ` Philippe Gerum
2009-07-01 18:58 ` Jan Kiszka
2009-07-01 19:14 ` Jan Kiszka
2009-07-02 2:05 ` Gilles Chanteperdrix
2009-07-02 6:24 ` Jan Kiszka
2009-07-02 6:59 ` Gilles Chanteperdrix
2009-07-02 7:16 ` Jan Kiszka
2009-07-02 7:44 ` Gilles Chanteperdrix
2009-07-01 18:56 ` Jan Kiszka
2009-07-02 7:11 ` Philippe Gerum
2009-07-02 17:14 ` Jan Kiszka
2009-07-03 14:54 ` Gilles Chanteperdrix
2009-07-03 15:06 ` Jan Kiszka
2009-07-04 16:39 ` Gilles Chanteperdrix
2009-07-05 12:01 ` Jan Kiszka
2009-07-05 14:56 ` Gilles Chanteperdrix
2009-07-05 17:12 ` Jan Kiszka
2009-07-06 7:54 ` Gilles Chanteperdrix
2009-07-07 18:45 ` Jan Kiszka
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4A4B8851.9070005@domain.hid \
--to=jan.kiszka@domain.hid \
--cc=gilles.chanteperdrix@xenomai.org \
--cc=xenomai@xenomai.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.