From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755128AbbCFWHM (ORCPT ); Fri, 6 Mar 2015 17:07:12 -0500 Received: from mail.efficios.com ([78.47.125.74]:34004 "EHLO mail.efficios.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754918AbbCFWHJ (ORCPT ); Fri, 6 Mar 2015 17:07:09 -0500 Date: Fri, 6 Mar 2015 22:07:03 +0000 (UTC) From: Mathieu Desnoyers To: Steven Rostedt Cc: Linus Torvalds , "Paul E. McKenney" , Huang Ying , Lai Jiangshan , Lai Jiangshan , Peter Zijlstra , LKML , Ingo Molnar Message-ID: <933936114.242980.1425679623451.JavaMail.zimbra@efficios.com> In-Reply-To: <20150306153925.224d4383@gandalf.local.home> References: <995381344.227770.1425597484864.JavaMail.zimbra@efficios.com> <950470583.228004.1425599331454.JavaMail.zimbra@efficios.com> <402283060.238174.1425652523685.JavaMail.zimbra@efficios.com> <20150306140347.64cfcad1@gandalf.local.home> <148790040.241085.1425670784201.JavaMail.zimbra@efficios.com> <20150306153821.0ece2e37@gandalf.local.home> <20150306153925.224d4383@gandalf.local.home> Subject: Re: Possible lock-less list race in scheduler_ipi() MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Originating-IP: [173.246.22.116] X-Mailer: Zimbra 8.0.7_GA_6021 (ZimbraWebClient - FF36 (Linux)/8.0.7_GA_6021) Thread-Topic: Possible lock-less list race in scheduler_ipi() Thread-Index: ZXMXJLes13ssD9tafmlNh22gaZ1SMw== Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org ----- Original Message ----- > From: "Steven Rostedt" > To: "Mathieu Desnoyers" > Cc: "Linus Torvalds" , "Paul E. McKenney" , "Huang Ying" > , "Lai Jiangshan" , "Lai Jiangshan" , "Peter > Zijlstra" , "LKML" , "Ingo Molnar" > Sent: Friday, March 6, 2015 3:39:25 PM > Subject: Re: Possible lock-less list race in scheduler_ipi() > > On Fri, 6 Mar 2015 15:38:21 -0500 > Steven Rostedt wrote: > > > On Fri, 6 Mar 2015 19:39:44 +0000 (UTC) > > Mathieu Desnoyers wrote: > > > > ask concurrently with the llist iteration within sched_ttwu_pending(). > > > > > > AFAIU, ttwu_queue_remote() is called from ttwu_queue() without holding > > > the rq lock. So I'm wondering what prevents corruption of the wake_list > > > in this situation. > > > > I guess if it is on the wake_list, then the task's state is already > > RUNNING. Any other task can switch a task's state to RUNNING but only > > the task itself can switch it back to something else. If the task is on > > the wake_list, it's state is already RUNNING, but it has not run yet. > > That means any other wakeup will jump to the "goto out" and skip over > > the ttwu_queue() call. > > If my assumption is indeed the case, then these types of subtleties > really need comments in the code. My understanding is that try_to_wake_up, by calling ttwu_queue(), is responsible for enqueuing the task into the wake_list. Inspection of try_to_wake_up() seems to show that the state of the task is set to TASK_WAKING by try_to_wake_up. Then when dequeuing the task from the llist, ttwu_do_wakeup sets the task state to TASK_RUNNING. Both TASK_WAKING and TASK_RUNNING mean that the try_to_wake_up check for if (!(p->state & state)), which is typically done against TASK_NORMAL, will skip the following ttwu_queue() for that task until it is set to TASK_INTERRUPTIBLE or TASK_UNINTERRUPTIBLE again. So there should not be any double-enqueue AFAIU. Thanks, Mathieu -- Mathieu Desnoyers EfficiOS Inc. http://www.efficios.com