From: Minchan Kim <minchan@kernel.org>
To: Sergey Senozhatsky <sergey.senozhatsky.work@gmail.com>
Cc: Junil Lee <junil0814.lee@lge.com>,
ngupta@vflare.org, akpm@linux-foundation.org, linux-mm@kvack.org,
linux-kernel@vger.kernel.org, vbabka@suse.cz
Subject: Re: [PATCH v3] zsmalloc: fix migrate_zspage-zs_free race condition
Date: Mon, 18 Jan 2016 16:11:57 +0900 [thread overview]
Message-ID: <20160118071157.GD7453@bbox> (raw)
In-Reply-To: <20160118065434.GB459@swordfish>
On Mon, Jan 18, 2016 at 03:54:34PM +0900, Sergey Senozhatsky wrote:
> On (01/18/16 15:36), Minchan Kim wrote:
> [..]
> > > --- a/mm/zsmalloc.c
> > > +++ b/mm/zsmalloc.c
> > > @@ -1635,8 +1635,8 @@ static int migrate_zspage(struct zs_pool *pool, struct size_class *class,
> > > free_obj = obj_malloc(d_page, class, handle);
> > > zs_object_copy(free_obj, used_obj, class);
> > > index++;
> > > + /* This also effectively unpins the handle */
> >
> > As reply of Vlastimil, I relied that I guess it doesn't work.
> > We shouldn't omit unpin_tag and we should add WRITE_ONCE in
> > record_obj.
> >
> > As well, it's worth to dobule check with locking guys.
> > I will send updated version.
>
> but would WRITE_ONCE() tell the compiler that there is a dependency?
> __write_once_size() does not even issue a barrier for sizes <= 8 (our
> case).
>
> include/linux/compiler.h
>
> static __always_inline void __write_once_size(volatile void *p, void *res, int size)
> {
> switch (size) {
> case 1: *(volatile __u8 *)p = *(__u8 *)res; break;
> case 2: *(volatile __u16 *)p = *(__u16 *)res; break;
> case 4: *(volatile __u32 *)p = *(__u32 *)res; break;
> case 8: *(volatile __u64 *)p = *(__u64 *)res; break;
> default:
> barrier();
> __builtin_memcpy((void *)p, (const void *)res, size);
> barrier();
> }
> }
>
> #define WRITE_ONCE(x, val) \
> ({ \
> union { typeof(x) __val; char __c[1]; } __u = \
> { .__val = (__force typeof(x)) (val) }; \
> __write_once_size(&(x), __u.__c, sizeof(x)); \
> __u.__val; \
> })
>
>
> so, even if clear_bit_unlock/test_and_set_bit_lock do smp_mb or
> barrier(), there is no corresponding barrier from record_obj()->WRITE_ONCE().
> so I don't think WRITE_ONCE() will help the compiler, or am I missing
> something?
We need two things
1. compiler barrier
2. memory barrier.
As compiler barrier, WRITE_ONCE works to prevent store tearing here
by compiler.
However, if we omit unpin_tag here, we lose memory barrier(e,g, smp_mb)
so another CPU could see stale data caused CPU memory reordering.
>
> .... add a barrier() to record_obj()?
>
> -ss
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
next prev parent reply other threads:[~2016-01-18 7:09 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-01-18 5:39 [PATCH v3] zsmalloc: fix migrate_zspage-zs_free race condition Junil Lee
2016-01-18 6:13 ` Sergey Senozhatsky
2016-01-18 6:36 ` Minchan Kim
2016-01-18 6:54 ` Sergey Senozhatsky
2016-01-18 7:11 ` Minchan Kim [this message]
2016-01-18 7:39 ` Sergey Senozhatsky
2016-01-18 7:54 ` Vlastimil Babka
2016-01-18 8:20 ` Minchan Kim
2016-01-18 11:08 ` Sergey Senozhatsky
2016-01-18 12:18 ` Vlastimil Babka
2016-01-18 14:09 ` Minchan Kim
2016-01-18 14:10 ` Vlastimil Babka
-- strict thread matches above, loose matches on Subject: below --
2016-01-18 1:15 Junil Lee
2016-01-18 4:14 ` Sergey Senozhatsky
2016-01-18 4:17 ` Sergey Senozhatsky
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160118071157.GD7453@bbox \
--to=minchan@kernel.org \
--cc=akpm@linux-foundation.org \
--cc=junil0814.lee@lge.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=ngupta@vflare.org \
--cc=sergey.senozhatsky.work@gmail.com \
--cc=vbabka@suse.cz \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).