[PATCH] jump_label_inc may return before the code is patched

[PATCH] jump_label_inc may return before the code is patched

[Gleb Natapov]

If cpu A calls jump_label_inc() just after atomic_add_return() is
called by cpu B, atomic_inc_not_zero() will return value greater then
zero and jump_label_inc() will return to a caller before jump_label_update()
finishes its job on cpu B.

Signed-off-by: Gleb Natapov <gleb@redhat.com>
diff --git a/kernel/jump_label.c b/kernel/jump_label.c
index a8ce450..e6f1f24 100644
--- a/kernel/jump_label.c
+++ b/kernel/jump_label.c
@@ -66,8 +66,9 @@ void jump_label_inc(struct jump_label_key *key)
 		return;
 
 	jump_label_lock();
-	if (atomic_add_return(1, &key->enabled) == 1)
+	if (atomic_read(&key->enabled) == 0)
 		jump_label_update(key, JUMP_LABEL_ENABLE);
+	atomic_inc(&key->enabled);
 	jump_label_unlock();
 }
 
--
			Gleb.

Re: [PATCH] jump_label_inc may return before the code is patched

[Jason Baron]

On Tue, Oct 18, 2011 at 07:55:51PM +0200, Gleb Natapov wrote:
> If cpu A calls jump_label_inc() just after atomic_add_return() is
> called by cpu B, atomic_inc_not_zero() will return value greater then
> zero and jump_label_inc() will return to a caller before jump_label_update()
> finishes its job on cpu B.
> 
> Signed-off-by: Gleb Natapov <gleb@redhat.com>
> diff --git a/kernel/jump_label.c b/kernel/jump_label.c
> index a8ce450..e6f1f24 100644
> --- a/kernel/jump_label.c
> +++ b/kernel/jump_label.c
> @@ -66,8 +66,9 @@ void jump_label_inc(struct jump_label_key *key)
>  		return;
>  
>  	jump_label_lock();
> -	if (atomic_add_return(1, &key->enabled) == 1)
> +	if (atomic_read(&key->enabled) == 0)
>  		jump_label_update(key, JUMP_LABEL_ENABLE);
> +	atomic_inc(&key->enabled);
>  	jump_label_unlock();
>  }
>  

agreed, we shouldn't return before the update happens...did this cause any
actual problem in practice? Or just observed from code inspection?

Acked-by: Jason Baron <jbaron@redhat.com>

Thanks,

-Jason

Re: [PATCH] jump_label_inc may return before the code is patched

[Steven Rostedt]

On Tue, 2011-10-18 at 19:55 +0200, Gleb Natapov wrote:
> If cpu A calls jump_label_inc() just after atomic_add_return() is
> called by cpu B, atomic_inc_not_zero() will return value greater then
> zero and jump_label_inc() will return to a caller before jump_label_update()
> finishes its job on cpu B.

OK, I see what you are saying. There's a race here that jump_label_inc
may return before jump labels are actually activated. I have no issue
with this change. This guarantees that jump labels will be active on
return of jump_label_inc().

I'm assuming that jump_label_update() does memory barries, as it does
modify code, and would be itself a synchronization point.

Acked-by: Steven Rostedt <rostedt@goodmis.org>

-- Steve

> 
> Signed-off-by: Gleb Natapov <gleb@redhat.com>
> diff --git a/kernel/jump_label.c b/kernel/jump_label.c
> index a8ce450..e6f1f24 100644
> --- a/kernel/jump_label.c
> +++ b/kernel/jump_label.c
> @@ -66,8 +66,9 @@ void jump_label_inc(struct jump_label_key *key)
>  		return;
>  
>  	jump_label_lock();
> -	if (atomic_add_return(1, &key->enabled) == 1)
> +	if (atomic_read(&key->enabled) == 0)
>  		jump_label_update(key, JUMP_LABEL_ENABLE);
> +	atomic_inc(&key->enabled);
>  	jump_label_unlock();
>  }
>  
> --
> 			Gleb.

Re: [PATCH] jump_label_inc may return before the code is patched

[Gleb Natapov]

On Tue, Oct 18, 2011 at 04:54:41PM -0400, Jason Baron wrote:
> On Tue, Oct 18, 2011 at 07:55:51PM +0200, Gleb Natapov wrote:
> > If cpu A calls jump_label_inc() just after atomic_add_return() is
> > called by cpu B, atomic_inc_not_zero() will return value greater then
> > zero and jump_label_inc() will return to a caller before jump_label_update()
> > finishes its job on cpu B.
> > 
> > Signed-off-by: Gleb Natapov <gleb@redhat.com>
> > diff --git a/kernel/jump_label.c b/kernel/jump_label.c
> > index a8ce450..e6f1f24 100644
> > --- a/kernel/jump_label.c
> > +++ b/kernel/jump_label.c
> > @@ -66,8 +66,9 @@ void jump_label_inc(struct jump_label_key *key)
> >  		return;
> >  
> >  	jump_label_lock();
> > -	if (atomic_add_return(1, &key->enabled) == 1)
> > +	if (atomic_read(&key->enabled) == 0)
> >  		jump_label_update(key, JUMP_LABEL_ENABLE);
> > +	atomic_inc(&key->enabled);
> >  	jump_label_unlock();
> >  }
> >  
> 
> agreed, we shouldn't return before the update happens...did this cause any
> actual problem in practice? Or just observed from code inspection?
> 
It did. I am debugging strange oopses in perf code that happen when I
create and destroy hw events on multiple cpus in parallel. At some point
I started to suspect that jump labels are not working properly and
printks confirmed that sometimes static_branch() is not taken when
->enabled is not zero. I compiled kernel without jump label support and,
as far as my testing goes, oopses disappeared. Then I found the bug by
looking at the code. Strangely enough this patch alone didn't fix oopses
yet, so some other problems are probably lurking somewhere. I am going
on vocation till next week. Will debug furtherer upon return.

> Acked-by: Jason Baron <jbaron@redhat.com>
> 
> Thanks,
> 
> -Jason

--
			Gleb.

Re: [PATCH] jump_label_inc may return before the code is patched

[Gleb Natapov]

On Tue, Oct 18, 2011 at 05:06:25PM -0400, Steven Rostedt wrote:
> On Tue, 2011-10-18 at 19:55 +0200, Gleb Natapov wrote:
> > If cpu A calls jump_label_inc() just after atomic_add_return() is
> > called by cpu B, atomic_inc_not_zero() will return value greater then
> > zero and jump_label_inc() will return to a caller before jump_label_update()
> > finishes its job on cpu B.
> 
> OK, I see what you are saying. There's a race here that jump_label_inc
> may return before jump labels are actually activated. I have no issue
> with this change. This guarantees that jump labels will be active on
> return of jump_label_inc().
> 
> I'm assuming that jump_label_update() does memory barries, as it does
> modify code, and would be itself a synchronization point.
> 
> Acked-by: Steven Rostedt <rostedt@goodmis.org>
> 
So through what tree this should go to Linus' git?

> -- Steve
> 
> > 
> > Signed-off-by: Gleb Natapov <gleb@redhat.com>
> > diff --git a/kernel/jump_label.c b/kernel/jump_label.c
> > index a8ce450..e6f1f24 100644
> > --- a/kernel/jump_label.c
> > +++ b/kernel/jump_label.c
> > @@ -66,8 +66,9 @@ void jump_label_inc(struct jump_label_key *key)
> >  		return;
> >  
> >  	jump_label_lock();
> > -	if (atomic_add_return(1, &key->enabled) == 1)
> > +	if (atomic_read(&key->enabled) == 0)
> >  		jump_label_update(key, JUMP_LABEL_ENABLE);
> > +	atomic_inc(&key->enabled);
> >  	jump_label_unlock();
> >  }
> >  
> > --
> > 			Gleb.
> 

--
			Gleb.

Re: [PATCH] jump_label_inc may return before the code is patched

[Steven Rostedt]

On Wed, 2011-11-02 at 17:21 +0200, Gleb Natapov wrote:
> On Tue, Oct 18, 2011 at 05:06:25PM -0400, Steven Rostedt wrote:
> > On Tue, 2011-10-18 at 19:55 +0200, Gleb Natapov wrote:
> > > If cpu A calls jump_label_inc() just after atomic_add_return() is
> > > called by cpu B, atomic_inc_not_zero() will return value greater then
> > > zero and jump_label_inc() will return to a caller before jump_label_update()
> > > finishes its job on cpu B.
> > 
> > OK, I see what you are saying. There's a race here that jump_label_inc
> > may return before jump labels are actually activated. I have no issue
> > with this change. This guarantees that jump labels will be active on
> > return of jump_label_inc().
> > 
> > I'm assuming that jump_label_update() does memory barries, as it does
> > modify code, and would be itself a synchronization point.
> > 
> > Acked-by: Steven Rostedt <rostedt@goodmis.org>
> > 
> So through what tree this should go to Linus' git?

I'll pull it in. I'm currently scrambling around getting back up to
speed after a 11 day conference spree.



-- Steve

[tip:perf/core] jump_label: jump_label_inc may return before the code is patched

[tip-bot for Gleb Natapov]

Commit-ID:  c8452afb7426f7e21388492f40227582e3e83879
Gitweb:     http://git.kernel.org/tip/c8452afb7426f7e21388492f40227582e3e83879
Author:     Gleb Natapov <gleb@redhat.com>
AuthorDate: Tue, 18 Oct 2011 19:55:51 +0200
Committer:  Steven Rostedt <rostedt@goodmis.org>
CommitDate: Mon, 7 Nov 2011 11:02:34 -0500

jump_label: jump_label_inc may return before the code is patched

If cpu A calls jump_label_inc() just after atomic_add_return() is
called by cpu B, atomic_inc_not_zero() will return value greater then
zero and jump_label_inc() will return to a caller before jump_label_update()
finishes its job on cpu B.

Link: http://lkml.kernel.org/r/20111018175551.GH17571@redhat.com

Cc: stable@vger.kernel.org
Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
Acked-by: Jason Baron <jbaron@redhat.com>
Signed-off-by: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
---
 kernel/jump_label.c |    3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/kernel/jump_label.c b/kernel/jump_label.c
index a8ce450..e6f1f24 100644
--- a/kernel/jump_label.c
+++ b/kernel/jump_label.c
@@ -66,8 +66,9 @@ void jump_label_inc(struct jump_label_key *key)
 		return;
 
 	jump_label_lock();
-	if (atomic_add_return(1, &key->enabled) == 1)
+	if (atomic_read(&key->enabled) == 0)
 		jump_label_update(key, JUMP_LABEL_ENABLE);
+	atomic_inc(&key->enabled);
 	jump_label_unlock();
 }
 

[tip:perf/core] jump_label: jump_label_inc may return before the code is patched

[tip-bot for Gleb Natapov]

Commit-ID:  bbbf7af4bf8fc69bc751818cf30521080fa47dcb
Gitweb:     http://git.kernel.org/tip/bbbf7af4bf8fc69bc751818cf30521080fa47dcb
Author:     Gleb Natapov <gleb@redhat.com>
AuthorDate: Tue, 18 Oct 2011 19:55:51 +0200
Committer:  Steven Rostedt <rostedt@goodmis.org>
CommitDate: Mon, 5 Dec 2011 13:28:46 -0500

jump_label: jump_label_inc may return before the code is patched

If cpu A calls jump_label_inc() just after atomic_add_return() is
called by cpu B, atomic_inc_not_zero() will return value greater then
zero and jump_label_inc() will return to a caller before jump_label_update()
finishes its job on cpu B.

Link: http://lkml.kernel.org/r/20111018175551.GH17571@redhat.com

Cc: stable@vger.kernel.org
Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
Acked-by: Jason Baron <jbaron@redhat.com>
Signed-off-by: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
---
 kernel/jump_label.c |    3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/kernel/jump_label.c b/kernel/jump_label.c
index bbdfe2a..66ff710 100644
--- a/kernel/jump_label.c
+++ b/kernel/jump_label.c
@@ -66,8 +66,9 @@ void jump_label_inc(struct jump_label_key *key)
 		return;
 
 	jump_label_lock();
-	if (atomic_add_return(1, &key->enabled) == 1)
+	if (atomic_read(&key->enabled) == 0)
 		jump_label_update(key, JUMP_LABEL_ENABLE);
+	atomic_inc(&key->enabled);
 	jump_label_unlock();
 }