BPF List
 help / color / mirror / Atom feed
From: sashiko-bot@kernel.org
To: "Ankur Arora" <ankur.a.arora@oracle.com>
Cc: bpf@vger.kernel.org
Subject: Re: [PATCH v13 04/15] arm64: support WFET in smp_cond_load_relaxed_timeout()
Date: Thu, 02 Jul 2026 01:52:27 +0000	[thread overview]
Message-ID: <20260702015227.83DE91F000E9@smtp.kernel.org> (raw)
In-Reply-To: <20260702013334.140905-5-ankur.a.arora@oracle.com>

Thank you for your contribution! Sashiko AI review found 3 potential issue(s) to consider:
- [High] Double timeout duration due to late deadline initialization in smp_cond_load_relaxed_timeout().
- [Medium] Linker errors for loadable kernel modules using generic barrier timeout APIs.
- [Medium] Integer overflow in NSECS_TO_CYCLES() degrades WFET to a busy-wait loop for large timeouts.
--

commit e5b7a3dd71128bb8e09cbcac08762647dcc92dd1
Author: Ankur Arora <ankur.a.arora@oracle.com>

arm64: support WFET in smp_cond_load_relaxed_timeout()
    
To handle WFET use __cmpwait_timeout() similarly to __cmpwait(). These
call out to the respective __cmpwait_case_timeout_##sz(),
__cmpwait_case_##sz() functions.

> diff --git a/arch/arm64/include/asm/barrier.h b/arch/arm64/include/asm/barrier.h
> index 6190e178db51f..fbd71cd4ef4e5 100644
> --- a/arch/arm64/include/asm/barrier.h
> +++ b/arch/arm64/include/asm/barrier.h

[ ... ]

> @@ -234,7 +234,9 @@ extern bool arch_timer_evtstrm_available(void);
>  #define SMP_TIMEOUT_POLL_COUNT	1
>  
>  #define cpu_poll_relax(ptr, val, timeout_ns) do {			\
> -	if (arch_timer_evtstrm_available())				\
> +	if (alternative_has_cap_unlikely(ARM64_HAS_WFXT))		\
> +		__cmpwait_relaxed_timeout(ptr, val, timeout_ns);	\

[Severity: High]
Does this sequence double the intended timeout duration?

Looking at how the generic smp_cond_load_relaxed_timeout() is implemented
in include/asm-generic/barrier.h, it calculates the absolute deadline
(__time_end = __time_now + __timeout) only after the first iteration of the
loop. 

Because SMP_TIMEOUT_POLL_COUNT is 1, the very first iteration immediately
invokes cpu_poll_relax(), which will block natively via WFET for the full
timeout_ns. When it wakes up, __time_end is calculated as now + timeout_ns,
effectively adding the timeout again and allowing the wait to last up to
twice the requested duration.

> +	else if (arch_timer_evtstrm_available())			\
>  		__cmpwait_relaxed(ptr, val);				\
>  	else								\
>  		cpu_relax();						\
> diff --git a/arch/arm64/include/asm/cmpxchg.h b/arch/arm64/include/asm/cmpxchg.h
> index 6cf3cd6873f5f..9e4cdc9e41d1b 100644
> --- a/arch/arm64/include/asm/cmpxchg.h
> +++ b/arch/arm64/include/asm/cmpxchg.h

[ ... ]

> @@ -235,20 +237,52 @@ __CMPWAIT_CASE( ,  , 64);
>  
>  #undef __CMPWAIT_CASE
>  
> +#define __CMPWAIT_TIMEOUT_CASE(w, sfx, sz)				\
> +static inline void __cmpwait_case_timeout_##sz(volatile void *ptr,	\
> +					       unsigned long val,	\
> +					       u64 timeout_ns)		\
> +{									\
> +	unsigned long tmp;						\
> +	u64 ecycles = __delay_cycles() +				\

[Severity: Medium]
Will loadable kernel modules using the generic barrier timeout APIs fail to
link here?

The inline function __cmpwait_case_timeout_##sz() unconditionally calls
__delay_cycles(). If __delay_cycles() is not exported to normal modules
(e.g., if it is only exported via EXPORT_SYMBOL_IF_KUNIT), any module using
smp_cond_load_relaxed_timeout() will hit undefined symbol linker errors.

> +			NSECS_TO_CYCLES(timeout_ns);			\

[Severity: Medium]
Could a large timeout_ns value overflow here, causing WFET to degrade to a
busy-wait loop?

If NSECS_TO_CYCLES() is called with a large timeout_ns (for example, greater
than 153 seconds on a standard 24MHz generic timer), the 64-bit unsigned
calculation could wrap around. This would pass a very small cycle increment
to WFET, causing it to wake immediately and consume excess power by spinning.

> +	asm volatile(							\
> +	"	sevl\n"							\
> +	"	wfe\n"							\
> +	"	ldxr" #sfx "\t%" #w "[tmp], %[v]\n"			\
> +	"	eor	%" #w "[tmp], %" #w "[tmp], %" #w "[val]\n"	\
> +	"	cbnz	%" #w "[tmp], 2f\n"				\
> +	"	msr s0_3_c1_c0_0, %[ecycles]\n"				\
> +	"2:"								\
> +	: [tmp] "=&r" (tmp), [v] "+Q" (*(u##sz *)ptr)			\
> +	: [val] "r" (val), [ecycles] "r" (ecycles));			\
> +}

-- 
Sashiko AI review · https://sashiko.dev/#/patchset/20260702013334.140905-1-ankur.a.arora@oracle.com?part=4

  reply	other threads:[~2026-07-02  1:52 UTC|newest]

Thread overview: 25+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-07-02  1:33 [PATCH v13 00/15] barrier: Add smp_cond_load_{relaxed,acquire}_timeout() Ankur Arora
2026-07-02  1:33 ` [PATCH v13 01/15] asm-generic: barrier: Add smp_cond_load_relaxed_timeout() Ankur Arora
2026-07-02  1:46   ` sashiko-bot
2026-07-02  2:11   ` bot+bpf-ci
2026-07-02  1:33 ` [PATCH v13 02/15] arm64: barrier: Support smp_cond_load_relaxed_timeout() Ankur Arora
2026-07-02  1:50   ` sashiko-bot
2026-07-02  1:33 ` [PATCH v13 03/15] arm64/delay: move some constants out to a separate header Ankur Arora
2026-07-02  1:47   ` sashiko-bot
2026-07-02  1:33 ` [PATCH v13 04/15] arm64: support WFET in smp_cond_load_relaxed_timeout() Ankur Arora
2026-07-02  1:52   ` sashiko-bot [this message]
2026-07-02  1:33 ` [PATCH v13 05/15] arm64: rqspinlock: Remove private copy of smp_cond_load_acquire_timewait() Ankur Arora
2026-07-02  1:33 ` [PATCH v13 06/15] asm-generic: barrier: Add smp_cond_load_acquire_timeout() Ankur Arora
2026-07-02  1:53   ` sashiko-bot
2026-07-02  1:33 ` [PATCH v13 07/15] atomic: Add atomic_cond_read_*_timeout() Ankur Arora
2026-07-02  1:48   ` sashiko-bot
2026-07-02  1:33 ` [PATCH v13 08/15] locking/atomic: scripts: build atomic_long_cond_read_*_timeout() Ankur Arora
2026-07-02  1:33 ` [PATCH v13 09/15] bpf/rqspinlock: switch check_timeout() to a clock interface Ankur Arora
2026-07-02  1:33 ` [PATCH v13 10/15] bpf/rqspinlock: Use smp_cond_load_acquire_timeout() Ankur Arora
2026-07-02  1:33 ` [PATCH v13 11/15] sched: add need-resched timed wait interface Ankur Arora
2026-07-02  1:33 ` [PATCH v13 12/15] cpuidle/poll_state: Wait for need-resched via tif_need_resched_relaxed_wait() Ankur Arora
2026-07-02  1:33 ` [PATCH v13 13/15] arm64/delay: enable testing smp_cond_load_relaxed_timeout() Ankur Arora
2026-07-02  1:57   ` sashiko-bot
2026-07-02  1:33 ` [PATCH v13 14/15] barrier: add tests for smp_cond_load_*_timeout() Ankur Arora
2026-07-02  1:33 ` [PATCH v13 15/15] barrier: add clock tests for smp_cond_load_relaxed_timeout() Ankur Arora
2026-07-02  2:11   ` bot+bpf-ci

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20260702015227.83DE91F000E9@smtp.kernel.org \
    --to=sashiko-bot@kernel.org \
    --cc=ankur.a.arora@oracle.com \
    --cc=bpf@vger.kernel.org \
    --cc=sashiko-reviews@lists.linux.dev \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox