From: sashiko-bot@kernel.org
To: "Ankur Arora" <ankur.a.arora@oracle.com>
Cc: bpf@vger.kernel.org
Subject: Re: [PATCH v13 04/15] arm64: support WFET in smp_cond_load_relaxed_timeout()
Date: Thu, 02 Jul 2026 01:52:27 +0000 [thread overview]
Message-ID: <20260702015227.83DE91F000E9@smtp.kernel.org> (raw)
In-Reply-To: <20260702013334.140905-5-ankur.a.arora@oracle.com>
Thank you for your contribution! Sashiko AI review found 3 potential issue(s) to consider:
- [High] Double timeout duration due to late deadline initialization in smp_cond_load_relaxed_timeout().
- [Medium] Linker errors for loadable kernel modules using generic barrier timeout APIs.
- [Medium] Integer overflow in NSECS_TO_CYCLES() degrades WFET to a busy-wait loop for large timeouts.
--
commit e5b7a3dd71128bb8e09cbcac08762647dcc92dd1
Author: Ankur Arora <ankur.a.arora@oracle.com>
arm64: support WFET in smp_cond_load_relaxed_timeout()
To handle WFET use __cmpwait_timeout() similarly to __cmpwait(). These
call out to the respective __cmpwait_case_timeout_##sz(),
__cmpwait_case_##sz() functions.
> diff --git a/arch/arm64/include/asm/barrier.h b/arch/arm64/include/asm/barrier.h
> index 6190e178db51f..fbd71cd4ef4e5 100644
> --- a/arch/arm64/include/asm/barrier.h
> +++ b/arch/arm64/include/asm/barrier.h
[ ... ]
> @@ -234,7 +234,9 @@ extern bool arch_timer_evtstrm_available(void);
> #define SMP_TIMEOUT_POLL_COUNT 1
>
> #define cpu_poll_relax(ptr, val, timeout_ns) do { \
> - if (arch_timer_evtstrm_available()) \
> + if (alternative_has_cap_unlikely(ARM64_HAS_WFXT)) \
> + __cmpwait_relaxed_timeout(ptr, val, timeout_ns); \
[Severity: High]
Does this sequence double the intended timeout duration?
Looking at how the generic smp_cond_load_relaxed_timeout() is implemented
in include/asm-generic/barrier.h, it calculates the absolute deadline
(__time_end = __time_now + __timeout) only after the first iteration of the
loop.
Because SMP_TIMEOUT_POLL_COUNT is 1, the very first iteration immediately
invokes cpu_poll_relax(), which will block natively via WFET for the full
timeout_ns. When it wakes up, __time_end is calculated as now + timeout_ns,
effectively adding the timeout again and allowing the wait to last up to
twice the requested duration.
> + else if (arch_timer_evtstrm_available()) \
> __cmpwait_relaxed(ptr, val); \
> else \
> cpu_relax(); \
> diff --git a/arch/arm64/include/asm/cmpxchg.h b/arch/arm64/include/asm/cmpxchg.h
> index 6cf3cd6873f5f..9e4cdc9e41d1b 100644
> --- a/arch/arm64/include/asm/cmpxchg.h
> +++ b/arch/arm64/include/asm/cmpxchg.h
[ ... ]
> @@ -235,20 +237,52 @@ __CMPWAIT_CASE( , , 64);
>
> #undef __CMPWAIT_CASE
>
> +#define __CMPWAIT_TIMEOUT_CASE(w, sfx, sz) \
> +static inline void __cmpwait_case_timeout_##sz(volatile void *ptr, \
> + unsigned long val, \
> + u64 timeout_ns) \
> +{ \
> + unsigned long tmp; \
> + u64 ecycles = __delay_cycles() + \
[Severity: Medium]
Will loadable kernel modules using the generic barrier timeout APIs fail to
link here?
The inline function __cmpwait_case_timeout_##sz() unconditionally calls
__delay_cycles(). If __delay_cycles() is not exported to normal modules
(e.g., if it is only exported via EXPORT_SYMBOL_IF_KUNIT), any module using
smp_cond_load_relaxed_timeout() will hit undefined symbol linker errors.
> + NSECS_TO_CYCLES(timeout_ns); \
[Severity: Medium]
Could a large timeout_ns value overflow here, causing WFET to degrade to a
busy-wait loop?
If NSECS_TO_CYCLES() is called with a large timeout_ns (for example, greater
than 153 seconds on a standard 24MHz generic timer), the 64-bit unsigned
calculation could wrap around. This would pass a very small cycle increment
to WFET, causing it to wake immediately and consume excess power by spinning.
> + asm volatile( \
> + " sevl\n" \
> + " wfe\n" \
> + " ldxr" #sfx "\t%" #w "[tmp], %[v]\n" \
> + " eor %" #w "[tmp], %" #w "[tmp], %" #w "[val]\n" \
> + " cbnz %" #w "[tmp], 2f\n" \
> + " msr s0_3_c1_c0_0, %[ecycles]\n" \
> + "2:" \
> + : [tmp] "=&r" (tmp), [v] "+Q" (*(u##sz *)ptr) \
> + : [val] "r" (val), [ecycles] "r" (ecycles)); \
> +}
--
Sashiko AI review · https://sashiko.dev/#/patchset/20260702013334.140905-1-ankur.a.arora@oracle.com?part=4
next prev parent reply other threads:[~2026-07-02 1:52 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-07-02 1:33 [PATCH v13 00/15] barrier: Add smp_cond_load_{relaxed,acquire}_timeout() Ankur Arora
2026-07-02 1:33 ` [PATCH v13 01/15] asm-generic: barrier: Add smp_cond_load_relaxed_timeout() Ankur Arora
2026-07-02 1:46 ` sashiko-bot
2026-07-02 2:11 ` bot+bpf-ci
2026-07-02 1:33 ` [PATCH v13 02/15] arm64: barrier: Support smp_cond_load_relaxed_timeout() Ankur Arora
2026-07-02 1:50 ` sashiko-bot
2026-07-02 1:33 ` [PATCH v13 03/15] arm64/delay: move some constants out to a separate header Ankur Arora
2026-07-02 1:47 ` sashiko-bot
2026-07-02 1:33 ` [PATCH v13 04/15] arm64: support WFET in smp_cond_load_relaxed_timeout() Ankur Arora
2026-07-02 1:52 ` sashiko-bot [this message]
2026-07-02 1:33 ` [PATCH v13 05/15] arm64: rqspinlock: Remove private copy of smp_cond_load_acquire_timewait() Ankur Arora
2026-07-02 1:33 ` [PATCH v13 06/15] asm-generic: barrier: Add smp_cond_load_acquire_timeout() Ankur Arora
2026-07-02 1:53 ` sashiko-bot
2026-07-02 1:33 ` [PATCH v13 07/15] atomic: Add atomic_cond_read_*_timeout() Ankur Arora
2026-07-02 1:48 ` sashiko-bot
2026-07-02 1:33 ` [PATCH v13 08/15] locking/atomic: scripts: build atomic_long_cond_read_*_timeout() Ankur Arora
2026-07-02 1:33 ` [PATCH v13 09/15] bpf/rqspinlock: switch check_timeout() to a clock interface Ankur Arora
2026-07-02 1:33 ` [PATCH v13 10/15] bpf/rqspinlock: Use smp_cond_load_acquire_timeout() Ankur Arora
2026-07-02 1:33 ` [PATCH v13 11/15] sched: add need-resched timed wait interface Ankur Arora
2026-07-02 1:33 ` [PATCH v13 12/15] cpuidle/poll_state: Wait for need-resched via tif_need_resched_relaxed_wait() Ankur Arora
2026-07-02 1:33 ` [PATCH v13 13/15] arm64/delay: enable testing smp_cond_load_relaxed_timeout() Ankur Arora
2026-07-02 1:57 ` sashiko-bot
2026-07-02 1:33 ` [PATCH v13 14/15] barrier: add tests for smp_cond_load_*_timeout() Ankur Arora
2026-07-02 1:33 ` [PATCH v13 15/15] barrier: add clock tests for smp_cond_load_relaxed_timeout() Ankur Arora
2026-07-02 2:11 ` bot+bpf-ci
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260702015227.83DE91F000E9@smtp.kernel.org \
--to=sashiko-bot@kernel.org \
--cc=ankur.a.arora@oracle.com \
--cc=bpf@vger.kernel.org \
--cc=sashiko-reviews@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox