From: Christian Borntraeger <borntraeger@de.ibm.com>
To: "Michael S. Tsirkin" <mst@redhat.com>
Cc: David Hildenbrand <dahi@linux.vnet.ibm.com>,
linuxppc-dev@lists.ozlabs.org, linux-arch@vger.kernel.org,
linux-kernel@vger.kernel.org, benh@kernel.crashing.org,
paulus@samba.org, akpm@linux-foundation.org,
heiko.carstens@de.ibm.com, schwidefsky@de.ibm.com,
mingo@kernel.org
Subject: Re: [RFC 0/2] Reenable might_sleep() checks for might_fault() when atomic
Date: Wed, 26 Nov 2014 17:51:08 +0100 [thread overview]
Message-ID: <547604FC.4030300@de.ibm.com> (raw)
In-Reply-To: <20141126163216.GB10850@redhat.com>
Am 26.11.2014 um 17:32 schrieb Michael S. Tsirkin:
[...]
>>>> This is what happened on our side (very recent kernel):
>>>>
>>>> spin_lock(&lock)
>>>> copy_to_user(...)
>>>> spin_unlock(&lock)
>>>
>>> That's a deadlock even without copy_to_user - it's
>>> enough for the thread to be preempted and another one
>>> to try taking the lock.
>>
>> Huh? With CONFIG_PREEMPT spin_lock will disable preemption. (we had preempt = server anyway).
>
> Are you sure? Can you point me where it does this please?
spin_lock --> raw_spin_lock --> _raw_spin_lock --> __raw_spin_lock
static inline void __raw_spin_lock(raw_spinlock_t *lock)
{
----> preempt_disable(); <-----
spin_acquire(&lock->dep_map, 0, 0, _RET_IP_);
LOCK_CONTENDED(lock, do_raw_spin_trylock, do_raw_spin_lock);
}
Michael, please be serious. The whole kernel would be broken if spin_lock would not disable preemption.
>
>> But please: One step back. The problem is not the good path. The problem is that we lost a debugging aid for a known to be broken case. In other words: Our code had a bug. Older kernels detected that kind of bug. With your change we no longer saw the sleeping while atomic. Thats it. See my other mail.
>>
>> Christian
>
> You want to add more debugging tools, fine.
We dont want to add, we want to fix something that used to work
> But this one was > giving users in field false positives.
So lets try to fix those, ok? If we cant, then tough luck. But coming up with wrong statements is not helpful.
>
> The point is that *_user is safe with preempt off.
> It returns an error gracefully.
> It does not sleep.
> It does not trigger the scheduler in that context.
There are special cases where your statement is true. But its not in general.
copy_to_user might fault and that fault might sleep and reschedule. For example handle_mm_fault might go down to pud_alloc, pmd_alloc etc and all these functions could do an GFP_KERNEL allocation. Which might sleep. Which will schedule.
>
>
> David's patch makes it say it does, so it's wrong.
>
>
>
WARNING: multiple messages have this Message-ID (diff)
From: Christian Borntraeger <borntraeger@de.ibm.com>
To: "Michael S. Tsirkin" <mst@redhat.com>
Cc: linux-arch@vger.kernel.org, heiko.carstens@de.ibm.com,
linux-kernel@vger.kernel.org,
David Hildenbrand <dahi@linux.vnet.ibm.com>,
paulus@samba.org, schwidefsky@de.ibm.com,
akpm@linux-foundation.org, linuxppc-dev@lists.ozlabs.org,
mingo@kernel.org
Subject: Re: [RFC 0/2] Reenable might_sleep() checks for might_fault() when atomic
Date: Wed, 26 Nov 2014 17:51:08 +0100 [thread overview]
Message-ID: <547604FC.4030300@de.ibm.com> (raw)
In-Reply-To: <20141126163216.GB10850@redhat.com>
Am 26.11.2014 um 17:32 schrieb Michael S. Tsirkin:
[...]
>>>> This is what happened on our side (very recent kernel):
>>>>
>>>> spin_lock(&lock)
>>>> copy_to_user(...)
>>>> spin_unlock(&lock)
>>>
>>> That's a deadlock even without copy_to_user - it's
>>> enough for the thread to be preempted and another one
>>> to try taking the lock.
>>
>> Huh? With CONFIG_PREEMPT spin_lock will disable preemption. (we had preempt = server anyway).
>
> Are you sure? Can you point me where it does this please?
spin_lock --> raw_spin_lock --> _raw_spin_lock --> __raw_spin_lock
static inline void __raw_spin_lock(raw_spinlock_t *lock)
{
----> preempt_disable(); <-----
spin_acquire(&lock->dep_map, 0, 0, _RET_IP_);
LOCK_CONTENDED(lock, do_raw_spin_trylock, do_raw_spin_lock);
}
Michael, please be serious. The whole kernel would be broken if spin_lock would not disable preemption.
>
>> But please: One step back. The problem is not the good path. The problem is that we lost a debugging aid for a known to be broken case. In other words: Our code had a bug. Older kernels detected that kind of bug. With your change we no longer saw the sleeping while atomic. Thats it. See my other mail.
>>
>> Christian
>
> You want to add more debugging tools, fine.
We dont want to add, we want to fix something that used to work
> But this one was > giving users in field false positives.
So lets try to fix those, ok? If we cant, then tough luck. But coming up with wrong statements is not helpful.
>
> The point is that *_user is safe with preempt off.
> It returns an error gracefully.
> It does not sleep.
> It does not trigger the scheduler in that context.
There are special cases where your statement is true. But its not in general.
copy_to_user might fault and that fault might sleep and reschedule. For example handle_mm_fault might go down to pud_alloc, pmd_alloc etc and all these functions could do an GFP_KERNEL allocation. Which might sleep. Which will schedule.
>
>
> David's patch makes it say it does, so it's wrong.
>
>
>
next prev parent reply other threads:[~2014-11-26 16:51 UTC|newest]
Thread overview: 89+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-11-25 11:43 [RFC 0/2] Reenable might_sleep() checks for might_fault() when atomic David Hildenbrand
2014-11-25 11:43 ` David Hildenbrand
2014-11-25 11:43 ` [RFC 1/2] powerpc/fsl-pci: atomic get_user when pagefault_disabled David Hildenbrand
2014-11-25 11:43 ` David Hildenbrand
2015-01-30 5:15 ` [RFC,1/2] " Scott Wood
2015-01-30 7:58 ` David Hildenbrand
2014-11-25 11:43 ` [RFC 2/2] mm, sched: trigger might_sleep() in might_fault() when atomic David Hildenbrand
2014-11-25 11:43 ` David Hildenbrand
2014-11-26 7:02 ` [RFC 0/2] Reenable might_sleep() checks for " Michael S. Tsirkin
2014-11-26 7:02 ` Michael S. Tsirkin
2014-11-26 10:05 ` David Hildenbrand
2014-11-26 10:05 ` David Hildenbrand
2014-11-26 15:17 ` Michael S. Tsirkin
2014-11-26 15:17 ` Michael S. Tsirkin
2014-11-26 15:23 ` Michael S. Tsirkin
2014-11-26 15:23 ` Michael S. Tsirkin
2014-11-26 15:23 ` Michael S. Tsirkin
2014-11-26 15:32 ` David Hildenbrand
2014-11-26 15:32 ` David Hildenbrand
2014-11-26 15:47 ` Michael S. Tsirkin
2014-11-26 15:47 ` Michael S. Tsirkin
2014-11-26 16:02 ` David Hildenbrand
2014-11-26 16:02 ` David Hildenbrand
2014-11-26 16:19 ` Michael S. Tsirkin
2014-11-26 16:19 ` Michael S. Tsirkin
2014-11-26 16:30 ` Christian Borntraeger
2014-11-26 16:30 ` Christian Borntraeger
2014-11-26 16:50 ` Michael S. Tsirkin
2014-11-26 16:50 ` Michael S. Tsirkin
2014-11-26 16:07 ` Christian Borntraeger
2014-11-26 16:07 ` Christian Borntraeger
2014-11-26 16:32 ` Michael S. Tsirkin
2014-11-26 16:32 ` Michael S. Tsirkin
2014-11-26 16:51 ` Christian Borntraeger [this message]
2014-11-26 16:51 ` Christian Borntraeger
2014-11-26 17:04 ` Michael S. Tsirkin
2014-11-26 17:04 ` Michael S. Tsirkin
2014-11-26 17:21 ` Michael S. Tsirkin
2014-11-26 17:21 ` Michael S. Tsirkin
2014-11-27 7:09 ` Heiko Carstens
2014-11-27 7:09 ` Heiko Carstens
2014-11-27 7:40 ` Michael S. Tsirkin
2014-11-27 7:40 ` Michael S. Tsirkin
2014-11-27 8:03 ` David Hildenbrand
2014-11-27 8:03 ` David Hildenbrand
2014-11-27 12:04 ` Heiko Carstens
2014-11-27 12:04 ` Heiko Carstens
2014-11-27 12:08 ` David Hildenbrand
2014-11-27 12:08 ` David Hildenbrand
2014-11-27 15:07 ` Thomas Gleixner
2014-11-27 15:07 ` Thomas Gleixner
2014-11-27 15:19 ` David Hildenbrand
2014-11-27 15:19 ` David Hildenbrand
2014-11-27 15:37 ` David Laight
2014-11-27 15:37 ` David Laight
2014-11-27 15:37 ` David Laight
2014-11-27 15:45 ` David Hildenbrand
2014-11-27 15:45 ` David Hildenbrand
2014-11-27 16:27 ` David Laight
2014-11-27 16:27 ` David Laight
2014-11-27 16:49 ` David Hildenbrand
2014-11-27 16:49 ` David Hildenbrand
2014-11-27 16:49 ` David Hildenbrand
2014-11-27 21:52 ` Thomas Gleixner
2014-11-27 21:52 ` Thomas Gleixner
2014-11-28 7:34 ` David Hildenbrand
2014-11-28 7:34 ` David Hildenbrand
2014-11-26 15:30 ` Christian Borntraeger
2014-11-26 15:30 ` Christian Borntraeger
2014-11-26 15:37 ` Michael S. Tsirkin
2014-11-26 15:37 ` Michael S. Tsirkin
2014-11-26 16:02 ` Christian Borntraeger
2014-11-26 16:02 ` Christian Borntraeger
2014-11-26 15:22 ` Michael S. Tsirkin
2014-11-26 15:22 ` Michael S. Tsirkin
2014-11-27 17:10 ` [PATCH RFC " David Hildenbrand
2014-11-27 17:10 ` David Hildenbrand
2014-11-27 17:10 ` [PATCH RFC 1/2] preempt: track pagefault_disable() calls in the preempt counter David Hildenbrand
2014-11-27 17:10 ` David Hildenbrand
2014-11-27 17:10 ` [PATCH RFC 2/2] mm, sched: trigger might_sleep() in might_fault() when pagefaults are disabled David Hildenbrand
2014-11-27 17:10 ` David Hildenbrand
2014-11-27 17:24 ` Michael S. Tsirkin
2014-11-27 17:24 ` Michael S. Tsirkin
2014-11-27 17:32 ` Michael S. Tsirkin
2014-11-27 17:32 ` Michael S. Tsirkin
2014-11-27 18:08 ` David Hildenbrand
2014-11-27 18:08 ` David Hildenbrand
2014-11-27 18:27 ` Michael S. Tsirkin
2014-11-27 18:27 ` Michael S. Tsirkin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=547604FC.4030300@de.ibm.com \
--to=borntraeger@de.ibm.com \
--cc=akpm@linux-foundation.org \
--cc=benh@kernel.crashing.org \
--cc=dahi@linux.vnet.ibm.com \
--cc=heiko.carstens@de.ibm.com \
--cc=linux-arch@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=mingo@kernel.org \
--cc=mst@redhat.com \
--cc=paulus@samba.org \
--cc=schwidefsky@de.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.