From: Ingo Molnar <mingo@elte.hu>
To: Daniel Walker <dwalker@mvista.com>
Cc: Linus Torvalds <torvalds@osdl.org>, Andrew Morton <akpm@osdl.org>,
linux-kernel@vger.kernel.org,
Arjan van de Ven <arjan@infradead.org>,
"Paul E. McKenney" <paulmck@us.ibm.com>
Subject: Re: [patch, lock validator] fix uidhash_lock <-> RCU deadlock
Date: Sun, 29 Jan 2006 14:55:08 +0100 [thread overview]
Message-ID: <20060129135508.GA31156@elte.hu> (raw)
In-Reply-To: <1138208378.3992.7.camel@localhost.localdomain>
* Daniel Walker <dwalker@mvista.com> wrote:
> On Wed, 2006-01-25 at 15:23 +0100, Ingo Molnar wrote:
> > RCU task-struct freeing can call free_uid(), which is taking
> > uidhash_lock - while other users of uidhash_lock are softirq-unsafe.
> >
> > This bug was found by the lock validator i'm working on:
>
> What is it doing exactly ?
the lock validator is building a runtime graph of lock dependencies, as
they occur. The granularity is not per lock instance, but per lock
"type" - making it easier (and more likely) to find deadlocks, without
having those deadlocks to trigger. So it's a proactive thing, not a
reactive thing like the current mutex deadlock detection code.
the type granularity also has the positive effect that locking
dependencies between two locks have only be mapped once per bootup, for
any arbitrary object or task that makes use of that lock.
the directed graph is constantly kept valid: when a new dependency is
added then it's checked for circular dependencies.
the validator is also tracking the usage characteristics of locks:
whether they are used in hardirq context, softirq context, whether they
are held with hardirqs enabled, softirqs enabled.
then when a lock is taken in an irq context, or is taken with interrupts
enabled, or interrupts are enabled with the lock held, the validator
immediately transitions that lock (type) to the new usage state - and
validates all the ripple effects within the graph. [i.e. it validates
all locks dependending on this lock, and validates all locks this lock
is depending on.]
the end-result is that this validator gets very close to being able to
prove the theoretical code-correctness of lock usage within Linux, for
all codepaths that occur at least once per bootup. This it can do even
on a uniprocessor system.
i'll release the code soon. I wrote it as a debugging extension to
mutexes, but now it covers spinlocks and rwlocks too.
Ingo
next prev parent reply other threads:[~2006-01-29 13:54 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-01-25 14:23 [patch, lock validator] fix uidhash_lock <-> RCU deadlock Ingo Molnar
2006-01-25 16:59 ` Daniel Walker
2006-01-29 13:55 ` Ingo Molnar [this message]
2006-01-26 11:13 ` Paul E. McKenney
2006-01-28 0:22 ` Linus Torvalds
2006-01-28 2:40 ` Paul E. McKenney
2006-01-30 4:14 ` Paul E. McKenney
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20060129135508.GA31156@elte.hu \
--to=mingo@elte.hu \
--cc=akpm@osdl.org \
--cc=arjan@infradead.org \
--cc=dwalker@mvista.com \
--cc=linux-kernel@vger.kernel.org \
--cc=paulmck@us.ibm.com \
--cc=torvalds@osdl.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox