From: Manfred Spraul <manfred@colorfullife.com>
To: Vineet Gupta <Vineet.Gupta1@synopsys.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>,
Davidlohr Bueso <dave.bueso@gmail.com>,
Sedat Dilek <sedat.dilek@gmail.com>,
Davidlohr Bueso <davidlohr.bueso@hp.com>,
linux-next <linux-next@vger.kernel.org>,
LKML <linux-kernel@vger.kernel.org>,
Stephen Rothwell <sfr@canb.auug.org.au>,
Andrew Morton <akpm@linux-foundation.org>,
linux-mm <linux-mm@kvack.org>, Andi Kleen <andi@firstfloor.org>,
Rik van Riel <riel@redhat.com>,
Jonathan Gonzalez <jgonzalez@linets.cl>
Subject: Re: ipc-msg broken again on 3.11-rc7?
Date: Mon, 02 Sep 2013 18:29:42 +0200 [thread overview]
Message-ID: <5224BCF6.2080401@colorfullife.com> (raw)
In-Reply-To: <C2D7FE5348E1B147BCA15975FBA230751413F4@IN01WEMBXA.internal.synopsys.com>
Hi,
[forgot to cc everyone, thus I'll summarize some mails...]
On 09/02/2013 06:58 AM, Vineet Gupta wrote:
> On 08/31/2013 11:20 PM, Linus Torvalds wrote:
>> Vineet, actual patch for what Davidlohr suggests attached. Can you try it?
>>
>> Linus
> Apologies for late in getting back to this - I was away from my computer for a bit.
>
> Unfortunately, with a quick test, this patch doesn't help.
> FWIW, this is latest mainline (.config attached).
>
> Let me know what diagnostics I can add to help with this.
msgctl08 is a bulk message send/receive test. I had to look at it once
before, then it was a broken hardware:
https://lkml.org/lkml/2008/6/12/365
This can be ruled out, because it works with 3.10.
msgctl08 uses pairs of threads: one thread does msgsnd(), the other one
msgrcv().
There is no synchronization, i.e. the msgsnd() can race ahead until the
kernel buffer is full and then a block with msgrcv() follows or it could
be pairs of alternating msgsnd()/msgrcv() operations.
No special features are used: each pair of threads has it's own message
queues, all messages have type=1.
Vineet ran strace - and just before the signal from killing msgctl08,
there are only msgsnd()/msgrcv() calls.
Vineet:
a) could you run strace tomorrow again, with '-ttt' as an additional
option? I don't see where exactly it hangs.
b) Could you check that it is not just a performance regression?
Does ./msgctl08 1000 16 hang, too?
In ipc/msg.c, I haven't seen any obvious reason why it should hang.
The only race I spotted so far is this one:
> for (;;) {
> struct msg_sender s;
>
> err = -EACCES;
> if (ipcperms(ns, &msq->q_perm, S_IWUGO))
> goto out_unlock1;
>
> err = security_msg_queue_msgsnd(msq, msg, msgflg);
> if (err)
> goto out_unlock1;
>
> if (msgsz + msq->q_cbytes <= msq->q_qbytes &&
> 1 + msq->q_qnum <= msq->q_qbytes) {
> break;
> }
>
[snip]
> if (!pipelined_send(msq, msg)) {
> /* no one is waiting for this message, enqueue it */
> list_add_tail(&msg->m_list, &msq->q_messages);
> msq->q_cbytes += msgsz;
> msq->q_qnum++;
> atomic_add(msgsz, &ns->msg_bytes);
The access to msq->q_cbytes is not protected. Thus two parallel msgsnd()
calls could succeed, even if both together brings the queue length above
the limit.
But it can't explain why 3.11-rc7 hangs: As explained above, msgctl08
uses one queue for each thread pair.
--
Manfred
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
WARNING: multiple messages have this Message-ID (diff)
From: Manfred Spraul <manfred@colorfullife.com>
To: Vineet Gupta <Vineet.Gupta1@synopsys.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>,
Davidlohr Bueso <dave.bueso@gmail.com>,
Sedat Dilek <sedat.dilek@gmail.com>,
Davidlohr Bueso <davidlohr.bueso@hp.com>,
linux-next <linux-next@vger.kernel.org>,
LKML <linux-kernel@vger.kernel.org>,
Stephen Rothwell <sfr@canb.auug.org.au>,
Andrew Morton <akpm@linux-foundation.org>,
linux-mm <linux-mm@kvack.org>, Andi Kleen <andi@firstfloor.org>,
Rik van Riel <riel@redhat.com>,
Jonathan Gonzalez <jgonzalez@linets.cl>
Subject: Re: ipc-msg broken again on 3.11-rc7?
Date: Mon, 02 Sep 2013 18:29:42 +0200 [thread overview]
Message-ID: <5224BCF6.2080401@colorfullife.com> (raw)
In-Reply-To: <C2D7FE5348E1B147BCA15975FBA230751413F4@IN01WEMBXA.internal.synopsys.com>
Hi,
[forgot to cc everyone, thus I'll summarize some mails...]
On 09/02/2013 06:58 AM, Vineet Gupta wrote:
> On 08/31/2013 11:20 PM, Linus Torvalds wrote:
>> Vineet, actual patch for what Davidlohr suggests attached. Can you try it?
>>
>> Linus
> Apologies for late in getting back to this - I was away from my computer for a bit.
>
> Unfortunately, with a quick test, this patch doesn't help.
> FWIW, this is latest mainline (.config attached).
>
> Let me know what diagnostics I can add to help with this.
msgctl08 is a bulk message send/receive test. I had to look at it once
before, then it was a broken hardware:
https://lkml.org/lkml/2008/6/12/365
This can be ruled out, because it works with 3.10.
msgctl08 uses pairs of threads: one thread does msgsnd(), the other one
msgrcv().
There is no synchronization, i.e. the msgsnd() can race ahead until the
kernel buffer is full and then a block with msgrcv() follows or it could
be pairs of alternating msgsnd()/msgrcv() operations.
No special features are used: each pair of threads has it's own message
queues, all messages have type=1.
Vineet ran strace - and just before the signal from killing msgctl08,
there are only msgsnd()/msgrcv() calls.
Vineet:
a) could you run strace tomorrow again, with '-ttt' as an additional
option? I don't see where exactly it hangs.
b) Could you check that it is not just a performance regression?
Does ./msgctl08 1000 16 hang, too?
In ipc/msg.c, I haven't seen any obvious reason why it should hang.
The only race I spotted so far is this one:
> for (;;) {
> struct msg_sender s;
>
> err = -EACCES;
> if (ipcperms(ns, &msq->q_perm, S_IWUGO))
> goto out_unlock1;
>
> err = security_msg_queue_msgsnd(msq, msg, msgflg);
> if (err)
> goto out_unlock1;
>
> if (msgsz + msq->q_cbytes <= msq->q_qbytes &&
> 1 + msq->q_qnum <= msq->q_qbytes) {
> break;
> }
>
[snip]
> if (!pipelined_send(msq, msg)) {
> /* no one is waiting for this message, enqueue it */
> list_add_tail(&msg->m_list, &msq->q_messages);
> msq->q_cbytes += msgsz;
> msq->q_qnum++;
> atomic_add(msgsz, &ns->msg_bytes);
The access to msq->q_cbytes is not protected. Thus two parallel msgsnd()
calls could succeed, even if both together brings the queue length above
the limit.
But it can't explain why 3.11-rc7 hangs: As explained above, msgctl08
uses one queue for each thread pair.
--
Manfred
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
WARNING: multiple messages have this Message-ID (diff)
From: Manfred Spraul <manfred@colorfullife.com>
To: Vineet Gupta <Vineet.Gupta1@synopsys.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>,
Davidlohr Bueso <dave.bueso@gmail.com>,
Sedat Dilek <sedat.dilek@gmail.com>,
Davidlohr Bueso <davidlohr.bueso@hp.com>,
linux-next <linux-next@vger.kernel.org>,
LKML <linux-kernel@vger.kernel.org>,
Stephen Rothwell <sfr@canb.auug.org.au>,
Andrew Morton <akpm@linux-foundation.org>,
linux-mm <linux-mm@kvack.org>, Andi Kleen <andi@firstfloor.org>,
Rik van Riel <riel@redhat.com>,
Jonathan Gonzalez <jgonzalez@linets.cl>
Subject: Re: ipc-msg broken again on 3.11-rc7?
Date: Mon, 02 Sep 2013 18:29:42 +0200 [thread overview]
Message-ID: <5224BCF6.2080401@colorfullife.com> (raw)
In-Reply-To: <C2D7FE5348E1B147BCA15975FBA230751413F4@IN01WEMBXA.internal.synopsys.com>
Hi,
[forgot to cc everyone, thus I'll summarize some mails...]
On 09/02/2013 06:58 AM, Vineet Gupta wrote:
> On 08/31/2013 11:20 PM, Linus Torvalds wrote:
>> Vineet, actual patch for what Davidlohr suggests attached. Can you try it?
>>
>> Linus
> Apologies for late in getting back to this - I was away from my computer for a bit.
>
> Unfortunately, with a quick test, this patch doesn't help.
> FWIW, this is latest mainline (.config attached).
>
> Let me know what diagnostics I can add to help with this.
msgctl08 is a bulk message send/receive test. I had to look at it once
before, then it was a broken hardware:
https://lkml.org/lkml/2008/6/12/365
This can be ruled out, because it works with 3.10.
msgctl08 uses pairs of threads: one thread does msgsnd(), the other one
msgrcv().
There is no synchronization, i.e. the msgsnd() can race ahead until the
kernel buffer is full and then a block with msgrcv() follows or it could
be pairs of alternating msgsnd()/msgrcv() operations.
No special features are used: each pair of threads has it's own message
queues, all messages have type=1.
Vineet ran strace - and just before the signal from killing msgctl08,
there are only msgsnd()/msgrcv() calls.
Vineet:
a) could you run strace tomorrow again, with '-ttt' as an additional
option? I don't see where exactly it hangs.
b) Could you check that it is not just a performance regression?
Does ./msgctl08 1000 16 hang, too?
In ipc/msg.c, I haven't seen any obvious reason why it should hang.
The only race I spotted so far is this one:
> for (;;) {
> struct msg_sender s;
>
> err = -EACCES;
> if (ipcperms(ns, &msq->q_perm, S_IWUGO))
> goto out_unlock1;
>
> err = security_msg_queue_msgsnd(msq, msg, msgflg);
> if (err)
> goto out_unlock1;
>
> if (msgsz + msq->q_cbytes <= msq->q_qbytes &&
> 1 + msq->q_qnum <= msq->q_qbytes) {
> break;
> }
>
[snip]
> if (!pipelined_send(msq, msg)) {
> /* no one is waiting for this message, enqueue it */
> list_add_tail(&msg->m_list, &msq->q_messages);
> msq->q_cbytes += msgsz;
> msq->q_qnum++;
> atomic_add(msgsz, &ns->msg_bytes);
The access to msq->q_cbytes is not protected. Thus two parallel msgsnd()
calls could succeed, even if both together brings the queue length above
the limit.
But it can't explain why 3.11-rc7 hangs: As explained above, msgctl08
uses one queue for each thread pair.
--
Manfred
next prev parent reply other threads:[~2013-09-02 16:29 UTC|newest]
Thread overview: 62+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-06-21 19:34 linux-next: Tree for Jun 21 [ BROKEN ipc/ipc-msg ] Sedat Dilek
2013-06-21 22:07 ` Davidlohr Bueso
2013-06-21 22:07 ` Davidlohr Bueso
2013-06-21 22:54 ` Sedat Dilek
2013-06-21 22:54 ` Sedat Dilek
2013-06-21 23:11 ` Davidlohr Bueso
2013-06-21 23:11 ` Davidlohr Bueso
2013-06-21 23:14 ` Sedat Dilek
2013-06-21 23:14 ` Sedat Dilek
2013-06-21 23:15 ` Sedat Dilek
2013-06-21 23:15 ` Sedat Dilek
2013-06-25 16:10 ` Sedat Dilek
2013-06-25 20:33 ` Davidlohr Bueso
2013-06-25 20:33 ` Davidlohr Bueso
2013-06-25 21:41 ` Sedat Dilek
2013-06-25 23:29 ` Davidlohr Bueso
2013-06-25 23:29 ` Davidlohr Bueso
2013-08-28 11:58 ` ipc-msg broken again on 3.11-rc7? (was Re: linux-next: Tree for Jun 21 [ BROKEN ipc/ipc-msg ]) Vineet Gupta
2013-08-28 11:58 ` Vineet Gupta
2013-08-29 3:04 ` Sedat Dilek
2013-08-29 3:04 ` Sedat Dilek
2013-08-29 7:21 ` Vineet Gupta
2013-08-29 7:21 ` Vineet Gupta
2013-08-29 7:52 ` Sedat Dilek
2013-08-29 7:52 ` Sedat Dilek
2013-08-30 8:19 ` Vineet Gupta
2013-08-30 8:19 ` Vineet Gupta
2013-08-30 8:27 ` Sedat Dilek
2013-08-30 8:46 ` ipc-msg broken again on 3.11-rc7? Vineet Gupta
2013-08-30 8:46 ` Vineet Gupta
[not found] ` <CALE5RAvaa4bb-9xAnBe07Yp2n+Nn4uGEgqpLrKMuOE8hhZv00Q@mail.gmail.com>
2013-08-30 16:31 ` Davidlohr Bueso
2013-08-30 16:31 ` Davidlohr Bueso
2013-08-31 17:50 ` Linus Torvalds
2013-09-02 4:58 ` Vineet Gupta
2013-09-02 16:29 ` Manfred Spraul [this message]
2013-09-02 16:29 ` Manfred Spraul
2013-09-02 16:29 ` Manfred Spraul
2013-09-03 7:16 ` Sedat Dilek
2013-09-03 7:16 ` Sedat Dilek
2013-09-03 7:34 ` Vineet Gupta
2013-09-03 7:34 ` Vineet Gupta
2013-09-03 7:49 ` Manfred Spraul
2013-09-03 7:49 ` Manfred Spraul
2013-09-03 8:43 ` Sedat Dilek
2013-09-03 8:43 ` Sedat Dilek
2013-09-03 8:44 ` Vineet Gupta
2013-09-03 8:44 ` Vineet Gupta
2013-09-03 8:57 ` Manfred Spraul
2013-09-03 8:57 ` Manfred Spraul
2013-09-03 8:57 ` Manfred Spraul
2013-09-03 9:16 ` Vineet Gupta
2013-09-03 9:16 ` Vineet Gupta
2013-09-03 9:23 ` Manfred Spraul
2013-09-03 9:23 ` Manfred Spraul
2013-09-03 9:23 ` Manfred Spraul
2013-09-03 9:51 ` Vineet Gupta
2013-09-03 10:16 ` Manfred Spraul
2013-09-03 10:16 ` Manfred Spraul
2013-09-03 10:32 ` ipc msg now works (was Re: ipc-msg broken again on 3.11-rc7?) Vineet Gupta
2013-09-03 10:32 ` Vineet Gupta
2013-09-03 22:46 ` Sedat Dilek
2013-09-03 22:46 ` Sedat Dilek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5224BCF6.2080401@colorfullife.com \
--to=manfred@colorfullife.com \
--cc=Vineet.Gupta1@synopsys.com \
--cc=akpm@linux-foundation.org \
--cc=andi@firstfloor.org \
--cc=dave.bueso@gmail.com \
--cc=davidlohr.bueso@hp.com \
--cc=jgonzalez@linets.cl \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux-next@vger.kernel.org \
--cc=riel@redhat.com \
--cc=sedat.dilek@gmail.com \
--cc=sfr@canb.auug.org.au \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.