Re: smp/up alternatives crash when CONFIG_HOTPLUG_CPU

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: Ingo Molnar <mingo@elte.hu>
To: Gerd Hoffmann <kraxel@suse.de>
Cc: Andrew Morton <akpm@osdl.org>,
	linux-kernel@vger.kernel.org,
	Chuck Ebbert <76306.1226@compuserve.com>,
	Linus Torvalds <torvalds@osdl.org>
Subject: Re: smp/up alternatives crash when CONFIG_HOTPLUG_CPU
Date: Thu, 20 Apr 2006 07:29:54 +0200	[thread overview]
Message-ID: <20060420052954.GA5524@elte.hu> (raw)
In-Reply-To: <20060419094630.GA14800@elte.hu>

* Ingo Molnar <mingo@elte.hu> wrote:

> i'm getting weird mutex crashes on 2.6.17-rc2 if CONFIG_HOTPLUG_CPU is 
> enabled. The workaround below solves it - but the question is, what is 
> the real bug? See the attached crashlog.

the crash itself seems to be related to spinlock code sections that were 
modified by the smp-alternatives feature. HOTPLUG_CPU triggers the 
following code:

 SMP alternatives: switching to UP code
 CPU0: AMD Athlon(tm) 64 X2 Dual Core Processor 3800+ stepping 02
 Mapping cpu 0 to node 0
 SMP alternatives: switching to SMP code
 Booting processor 1/1 eip 3000
 Initializing CPU#1

as under HOTPLUG_CPU, the system first boots up as a single-CPU box, 
then the second CPU gets added dynamically - so we first switch from the 
default SMP instructions to UP instructions - and then we switch back to 
SMP instructions again. It seems something went wrong in that sequence, 
as shortly afterwards we crash on a spinlock op:

 BUG: warning at kernel/mutex-debug.c:405/debug_mutex_add_waiter()
  [<c100643d>] show_trace+0xd/0x10
  [<c1006457>] dump_stack+0x17/0x20
  [<c1042fab>] debug_mutex_add_waiter+0x7b/0x80
  [<c177f5c4>] __mutex_lock_slowpath+0x84/0x340
  [<c177f89f>] mutex_lock+0x1f/0x30
  [<c10739ea>] cpuup_callback+0x6a/0x400
  [<c1782698>] notifier_call_chain+0x28/0x50
  [<c10387ed>] blocking_notifier_call_chain+0x3d/0x70
  [<c1047826>] cpu_up+0x66/0xf0

another detail: this is an Athon64 X2 dual-core box, so there might be 
state (cache) sharing artifacts not visible on other CPUs. Even if there 
are no such artifacts, cacheline invalidation latencies between the 
cores are very low, so it might tickle some race in the SMP-alternatives 
code.

but ... a more fundamental question is, where does the SMP-alternatives 
code flush the icache? I dont think it's generally guaranteed on x86 
CPUs that MESI updates to code get propagated into the icache of other 
CPUs/cores.

At a minimum we should do an smp_function_call() within 
alternatives_smp_switch(), which makes sure that the modification 
sequence has been executed on every CPU. But the most robust method 
would be to first 'gather' _all_ CPUs, which would all disable 
interrupts, and then do the modification on all CPUs, and then 'release' 
all CPUs. This also ensures that we dont switch instructions _under_ a 
running CPU.

this is a v2.6.17 showstopper i think.

	Ingo

next prev parent reply	other threads:[~2006-04-20  6:33 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-04-19  9:46 smp/up alternatives crash when CONFIG_HOTPLUG_CPU Ingo Molnar
2006-04-20  5:29 ` Ingo Molnar [this message]
2006-04-20  7:45   ` Andi Kleen
2006-04-20 15:14   ` Linus Torvalds
2006-04-20 15:26     ` Ingo Molnar
2006-04-21  7:48       ` Ingo Molnar
2006-05-05  8:40         ` as bug (was: Re: smp/up alternatives crash when CONFIG_HOTPLUG_CPU) Denis Vlasenko
2006-05-05  8:45           ` Denis Vlasenko
2006-05-05 12:20             ` Alan Modra
2006-05-05 13:13               ` Denis Vlasenko
2006-05-06  3:11                 ` Alan Modra
  -- strict thread matches above, loose matches on Subject: below --
2006-04-21 23:31 smp/up alternatives crash when CONFIG_HOTPLUG_CPU Chuck Ebbert

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20060420052954.GA5524@elte.hu \
    --to=mingo@elte.hu \
    --cc=76306.1226@compuserve.com \
    --cc=akpm@osdl.org \
    --cc=kraxel@suse.de \
    --cc=linux-kernel@vger.kernel.org \
    --cc=torvalds@osdl.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox