From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-10.3 required=3.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI, NICE_REPLY_A,SPF_HELO_NONE,SPF_PASS,USER_AGENT_SANE_1 autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 28723C4338F for ; Fri, 23 Jul 2021 08:00:05 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id B425360F3A for ; Fri, 23 Jul 2021 08:00:04 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org B425360F3A Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=redhat.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kvack.org Received: by kanga.kvack.org (Postfix) id 165956B005D; Fri, 23 Jul 2021 04:00:04 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 114776B006C; Fri, 23 Jul 2021 04:00:04 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id EF6CA6B0070; Fri, 23 Jul 2021 04:00:03 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0175.hostedemail.com [216.40.44.175]) by kanga.kvack.org (Postfix) with ESMTP id D1BB46B005D for ; Fri, 23 Jul 2021 04:00:03 -0400 (EDT) Received: from smtpin04.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay02.hostedemail.com (Postfix) with ESMTP id 7039318F61 for ; Fri, 23 Jul 2021 08:00:03 +0000 (UTC) X-FDA: 78393104286.04.56783DC Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by imf21.hostedemail.com (Postfix) with ESMTP id A6A7ED039118 for ; Fri, 23 Jul 2021 08:00:02 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1627027202; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=6uvraZMVqX8aF1W4N70FaqsuTWyA0iUE4yIvTyzmQmo=; b=IrTOZNnnSYuYThXu/H74pSsuBjhA+ZExPXM47iJZ+R8kddxozRxmzTjLpKE/M9VpzErHc/ Ncl4foG7IOkkRyJQ9JeO+Ymso3qtgB08Z01MvA+gmed23JzUVKXaz+UVZfgEyF5nIXmdfT Sj+IK8TfQTthWN/RDSI5s0KkAbDjcMQ= Received: from mail-ej1-f70.google.com (mail-ej1-f70.google.com [209.85.218.70]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-56-_biPWRM6NWOI1A1Ch8LAnw-1; Fri, 23 Jul 2021 03:59:58 -0400 X-MC-Unique: _biPWRM6NWOI1A1Ch8LAnw-1 Received: by mail-ej1-f70.google.com with SMTP id g7-20020a1709068687b029041c273a883dso384588ejx.3 for ; Fri, 23 Jul 2021 00:59:58 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:to:cc:references:from:subject:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=6uvraZMVqX8aF1W4N70FaqsuTWyA0iUE4yIvTyzmQmo=; b=jqvxCBgIi/+uy1GYTcNeV2yh4VFwkEwavOXqsJtfQN2JNZ478QOnvrokFlKFUwmxk2 0MbbeXR+Huc+tS2L8loXTFmO25CQpQLb/RcQBAdyLpSYGlN1/TZXjP0+mpX2spt4atrG 4eC/dI1UCoKZbVOSQJuxSEfGx8wwld6CKxkGVA4CI4pcY7ZVc3OMPlQfuf/DmDGeuSOg jAm2LNIm78CLvNjuRZuFJoHg2RS7k6jOOU6BHGV0pHTE2qzz151U/yI24EofV66N02P3 NlNT7QmLKXXc86X7WNb7WCR1MveL/h/SNwYvvSeoNXlImKXCDRTK4ne4vHzM8wWhs1gX hU+Q== X-Gm-Message-State: AOAM531ti8DppiN+Yl3PhZKUAcFvCSoAMpiXXiMGrg7m+RBjzYceQRGF O4SP+tvgZd4Y9cqcbb8A3xQk9QyJwg2OG6XQ5+qkEN+CPJcYPU41CpxU5GFdvqrQc7MkFVev/kz 6fMDQy76qCzc= X-Received: by 2002:aa7:db93:: with SMTP id u19mr4072437edt.227.1627027197308; Fri, 23 Jul 2021 00:59:57 -0700 (PDT) X-Google-Smtp-Source: ABdhPJw1IuqfFkKXnxgQVCoSZjXToQiISMmjADv23qluIObHgUSZYrjAIJuL+QNjsAMkwyHtXPu3Kw== X-Received: by 2002:aa7:db93:: with SMTP id u19mr4072421edt.227.1627027197069; Fri, 23 Jul 2021 00:59:57 -0700 (PDT) Received: from ?IPv6:2001:b07:add:ec09:c399:bc87:7b6c:fb2a? ([2001:b07:add:ec09:c399:bc87:7b6c:fb2a]) by smtp.gmail.com with ESMTPSA id u26sm10252677ejj.4.2021.07.23.00.59.55 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Fri, 23 Jul 2021 00:59:56 -0700 (PDT) To: Hillf Danton Cc: Thomas Gleixner , Sebastian Andrzej Siewior , "Michael S. Tsirkin" , linux-mm@kvack.org, LKML , Al Viro References: <8dfc0ee9-b97a-8ca8-d057-31c8cad3f5b6@redhat.com> <475f84e2-78ee-1a24-ef57-b16c1f2651ed@redhat.com> <20210715102249.2205-1-hdanton@sina.com> <20210716020611.2288-1-hdanton@sina.com> <20210716075539.2376-1-hdanton@sina.com> <20210716093725.2438-1-hdanton@sina.com> <20210718124219.1521-1-hdanton@sina.com> <20210721070452.1008-1-hdanton@sina.com> <20210721101119.1103-1-hdanton@sina.com> <20210723022356.1301-1-hdanton@sina.com> From: Paolo Bonzini Subject: Re: 5.13-rt1 + KVM = WARNING: at fs/eventfd.c:74 eventfd_signal() Message-ID: Date: Fri, 23 Jul 2021 09:59:55 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.11.0 MIME-Version: 1.0 In-Reply-To: <20210723022356.1301-1-hdanton@sina.com> X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US X-Rspamd-Server: rspam04 X-Rspamd-Queue-Id: A6A7ED039118 Authentication-Results: imf21.hostedemail.com; dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b=IrTOZNnn; dmarc=pass (policy=none) header.from=redhat.com; spf=none (imf21.hostedemail.com: domain of pbonzini@redhat.com has no SPF policy when checking 170.10.133.124) smtp.mailfrom=pbonzini@redhat.com X-Stat-Signature: db1ot9tp6ws8bfe7ndmm9wgsgah8hh93 X-HE-Tag: 1627027202-2358 Content-Transfer-Encoding: quoted-printable X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On 23/07/21 04:23, Hillf Danton wrote: > Detect concurrent reader and writer by reading event counter before and > after poll_wait(), and determine feedback with the case of unstable > counter taken into account. >=20 > Cut the big comment as the added barriers speak for themselves. First and foremost, I'm not sure what you are trying to fix. Second, the patch is wrong even without taking into account the lockless accesses, because the condition for returning EPOLLOUT is certainly wrong= . Third, barriers very rarely speak for themselves. In particular what do they pair with? It seems to me that you are basically reintroducing the same mistake that commit a484c3dd9426 ("eventfd: document lockless access in eventfd_poll", 2016-03-22) fixed, at the time where the big comment was introduced: Things aren't as simple as the read barrier in eventfd_poll would suggest. In fact, the read barrier, besides lacking a comment, is not paired in any obvious manner with another read barrier, and it is pointless because it is sitting between a write (deep in poll_wait) and the read of ctx->count. Paolo > +++ x/fs/eventfd.c > @@ -131,49 +131,20 @@ static __poll_t eventfd_poll(struct file > { > struct eventfd_ctx *ctx =3D file->private_data; > __poll_t events =3D 0; > - u64 count; > + u64 c0, count; > + > + c0 =3D ctx->count; > + smp_rmb(); > =20 > poll_wait(file, &ctx->wqh, wait); > =20 > - /* > - * All writes to ctx->count occur within ctx->wqh.lock. This read > - * can be done outside ctx->wqh.lock because we know that poll_wait > - * takes that lock (through add_wait_queue) if our caller will sleep. > - * > - * The read _can_ therefore seep into add_wait_queue's critical > - * section, but cannot move above it! add_wait_queue's spin_lock act= s > - * as an acquire barrier and ensures that the read be ordered properl= y > - * against the writes. The following CAN happen and is safe: > - * > - * poll write > - * ----------------- ------------ > - * lock ctx->wqh.lock (in poll_wait) > - * count =3D ctx->count > - * __add_wait_queue > - * unlock ctx->wqh.lock > - * lock ctx->qwh.lock > - * ctx->count +=3D n > - * if (waitqueue_active) > - * wake_up_locked_poll > - * unlock ctx->qwh.lock > - * eventfd_poll returns 0 > - * > - * but the following, which would miss a wakeup, cannot happen: > - * > - * poll write > - * ----------------- ------------ > - * count =3D ctx->count (INVALID!) > - * lock ctx->qwh.lock > - * ctx->count +=3D n > - * **waitqueue_active is false= ** > - * **no wake_up_locked_poll!** > - * unlock ctx->qwh.lock > - * lock ctx->wqh.lock (in poll_wait) > - * __add_wait_queue > - * unlock ctx->wqh.lock > - * eventfd_poll returns 0 > - */ > - count =3D READ_ONCE(ctx->count); > + smp_rmb(); > + count =3D ctx->count; > + > + if (c0 < count) > + return EPOLLIN; > + if (c0 > count) > + return EPOLLOUT; > =20 > if (count > 0) > events |=3D EPOLLIN; >=20