From: bdegraaf@codeaurora.org (bdegraaf at codeaurora.org)
To: linux-arm-kernel@lists.infradead.org
Subject: [RFC] arm64: Enforce observed order for spinlock and data
Date: Wed, 05 Oct 2016 11:30:08 -0400 [thread overview]
Message-ID: <a0aa2dba916aafb188f8b1b11aca1599@codeaurora.org> (raw)
In-Reply-To: <20161005151057.GJ3142@twins.programming.kicks-ass.net>
On 2016-10-05 11:10, Peter Zijlstra wrote:
> On Wed, Oct 05, 2016 at 10:55:57AM -0400, bdegraaf at codeaurora.org
> wrote:
>> On 2016-10-04 15:12, Mark Rutland wrote:
>> >Hi Brent,
>> >
>> >Could you *please* clarify if you are trying to solve:
>> >
>> >(a) a correctness issue (e.g. data corruption) seen in practice.
>> >(b) a correctness issue (e.g. data corruption) found by inspection.
>> >(c) A performance issue, seen in practice.
>> >(d) A performance issue, found by inspection.
>> >
>> >Any one of these is fine; we just need to know in order to be able to
>> >help effectively, and so far it hasn't been clear.
>
> Brent, you forgot to state which: 'a-d' is the case here.
>
>> I found the problem.
>>
>> Back in September of 2013, arm64 atomics were broken due to missing
>> barriers
>> in certain situations, but the problem at that time was undiscovered.
>>
>> Will Deacon's commit d2212b4dce596fee83e5c523400bf084f4cc816c went in
>> at
>> that
>> time and changed the correct cmpxchg64 in lockref.c to
>> cmpxchg64_relaxed.
>>
>> d2212b4 appeared to be OK at that time because the additional barrier
>> requirements of this specific code sequence were not yet discovered,
>> and
>> this change was consistent with the arm64 atomic code of that time.
>>
>> Around February of 2014, some discovery led Will to correct the
>> problem with
>> the atomic code via commit 8e86f0b409a44193f1587e87b69c5dcf8f65be67,
>> which
>> has an excellent explanation of potential ordering problems with the
>> same
>> code sequence used by lockref.c.
>>
>> With this updated understanding, the earlier commit
>> (d2212b4dce596fee83e5c523400bf084f4cc816c) should be reverted.
>>
>> Because acquire/release semantics are insufficient for the full
>> ordering,
>> the single barrier after the store exclusive is the best approach,
>> similar
>> to Will's atomic barrier fix.
>
> This again does not in fact describe the problem.
>
> What is the problem with lockref, and how (refer the earlier a-d
> multiple choice answer) was this found.
>
> Now, I have been looking, and we have some idea what you _might_ be
> alluding to, but please explain which accesses get reordered how and
> cause problems.
Sorry for the confusion, this was a "b" item (correctness fix based on
code
inspection. I had sent an answer to this yesterday, but didn't realize
that
it was in a separate, private email thread.
I'll work out the before/after problem scenarios and send them along
once
I've hashed them out (it may take a while for me to paint a clear
picture).
In the meantime, however, consider that even without the spinlock code
in
the picture, lockref needs to treat the cmpxchg as a full system-level
atomic,
because multiple agents could access the value in a variety of timings.
Since
atomics similar to this are barriered on arm64 since 8e86f0b, the access
to
lockref should be similar.
Brent
WARNING: multiple messages have this Message-ID (diff)
From: bdegraaf@codeaurora.org
To: Peter Zijlstra <peterz@infradead.org>
Cc: Mark Rutland <mark.rutland@arm.com>,
Ingo Molnar <mingo@redhat.com>,
Catalin Marinas <catalin.marinas@arm.com>,
Will Deacon <will.deacon@arm.com>,
Timur Tabi <timur@codeaurora.org>,
Nathan Lynch <nathan_lynch@mentor.com>,
linux-kernel@vger.kernel.org,
Christopher Covington <cov@codeaurora.org>,
linux-arm-kernel@lists.infradead.org
Subject: Re: [RFC] arm64: Enforce observed order for spinlock and data
Date: Wed, 05 Oct 2016 11:30:08 -0400 [thread overview]
Message-ID: <a0aa2dba916aafb188f8b1b11aca1599@codeaurora.org> (raw)
In-Reply-To: <20161005151057.GJ3142@twins.programming.kicks-ass.net>
On 2016-10-05 11:10, Peter Zijlstra wrote:
> On Wed, Oct 05, 2016 at 10:55:57AM -0400, bdegraaf@codeaurora.org
> wrote:
>> On 2016-10-04 15:12, Mark Rutland wrote:
>> >Hi Brent,
>> >
>> >Could you *please* clarify if you are trying to solve:
>> >
>> >(a) a correctness issue (e.g. data corruption) seen in practice.
>> >(b) a correctness issue (e.g. data corruption) found by inspection.
>> >(c) A performance issue, seen in practice.
>> >(d) A performance issue, found by inspection.
>> >
>> >Any one of these is fine; we just need to know in order to be able to
>> >help effectively, and so far it hasn't been clear.
>
> Brent, you forgot to state which: 'a-d' is the case here.
>
>> I found the problem.
>>
>> Back in September of 2013, arm64 atomics were broken due to missing
>> barriers
>> in certain situations, but the problem at that time was undiscovered.
>>
>> Will Deacon's commit d2212b4dce596fee83e5c523400bf084f4cc816c went in
>> at
>> that
>> time and changed the correct cmpxchg64 in lockref.c to
>> cmpxchg64_relaxed.
>>
>> d2212b4 appeared to be OK at that time because the additional barrier
>> requirements of this specific code sequence were not yet discovered,
>> and
>> this change was consistent with the arm64 atomic code of that time.
>>
>> Around February of 2014, some discovery led Will to correct the
>> problem with
>> the atomic code via commit 8e86f0b409a44193f1587e87b69c5dcf8f65be67,
>> which
>> has an excellent explanation of potential ordering problems with the
>> same
>> code sequence used by lockref.c.
>>
>> With this updated understanding, the earlier commit
>> (d2212b4dce596fee83e5c523400bf084f4cc816c) should be reverted.
>>
>> Because acquire/release semantics are insufficient for the full
>> ordering,
>> the single barrier after the store exclusive is the best approach,
>> similar
>> to Will's atomic barrier fix.
>
> This again does not in fact describe the problem.
>
> What is the problem with lockref, and how (refer the earlier a-d
> multiple choice answer) was this found.
>
> Now, I have been looking, and we have some idea what you _might_ be
> alluding to, but please explain which accesses get reordered how and
> cause problems.
Sorry for the confusion, this was a "b" item (correctness fix based on
code
inspection. I had sent an answer to this yesterday, but didn't realize
that
it was in a separate, private email thread.
I'll work out the before/after problem scenarios and send them along
once
I've hashed them out (it may take a while for me to paint a clear
picture).
In the meantime, however, consider that even without the spinlock code
in
the picture, lockref needs to treat the cmpxchg as a full system-level
atomic,
because multiple agents could access the value in a variety of timings.
Since
atomics similar to this are barriered on arm64 since 8e86f0b, the access
to
lockref should be similar.
Brent
next prev parent reply other threads:[~2016-10-05 15:30 UTC|newest]
Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-09-30 17:40 [RFC] arm64: Enforce observed order for spinlock and data Brent DeGraaf
2016-09-30 17:40 ` Brent DeGraaf
2016-09-30 18:43 ` Robin Murphy
2016-09-30 18:43 ` Robin Murphy
2016-10-01 15:45 ` bdegraaf at codeaurora.org
2016-10-01 15:45 ` bdegraaf
2016-09-30 18:52 ` Peter Zijlstra
2016-09-30 18:52 ` Peter Zijlstra
2016-09-30 19:05 ` Peter Zijlstra
2016-09-30 19:05 ` Peter Zijlstra
2016-10-01 15:59 ` bdegraaf at codeaurora.org
2016-10-01 15:59 ` bdegraaf
2016-09-30 19:32 ` Mark Rutland
2016-09-30 19:32 ` Mark Rutland
2016-10-01 16:11 ` bdegraaf at codeaurora.org
2016-10-01 16:11 ` bdegraaf
2016-10-01 18:11 ` Mark Rutland
2016-10-01 18:11 ` Mark Rutland
2016-10-03 19:20 ` bdegraaf at codeaurora.org
2016-10-03 19:20 ` bdegraaf
2016-10-04 6:50 ` Peter Zijlstra
2016-10-04 6:50 ` Peter Zijlstra
2016-10-04 10:12 ` Mark Rutland
2016-10-04 10:12 ` Mark Rutland
2016-10-04 17:53 ` bdegraaf at codeaurora.org
2016-10-04 17:53 ` bdegraaf
2016-10-04 18:28 ` bdegraaf at codeaurora.org
2016-10-04 18:28 ` bdegraaf
2016-10-04 19:12 ` Mark Rutland
2016-10-04 19:12 ` Mark Rutland
2016-10-05 14:55 ` bdegraaf at codeaurora.org
2016-10-05 14:55 ` bdegraaf
2016-10-05 15:10 ` Peter Zijlstra
2016-10-05 15:10 ` Peter Zijlstra
2016-10-05 15:30 ` bdegraaf at codeaurora.org [this message]
2016-10-05 15:30 ` bdegraaf
2016-10-12 20:01 ` bdegraaf at codeaurora.org
2016-10-12 20:01 ` bdegraaf
2016-10-13 11:02 ` Will Deacon
2016-10-13 11:02 ` Will Deacon
2016-10-13 20:00 ` bdegraaf at codeaurora.org
2016-10-13 20:00 ` bdegraaf
2016-10-14 0:24 ` Mark Rutland
2016-10-14 0:24 ` Mark Rutland
2016-10-05 15:11 ` bdegraaf at codeaurora.org
2016-10-05 15:11 ` bdegraaf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=a0aa2dba916aafb188f8b1b11aca1599@codeaurora.org \
--to=bdegraaf@codeaurora.org \
--cc=linux-arm-kernel@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.