From: "Paul E. McKenney" <paulmck@linux.vnet.ibm.com>
To: Lai Jiangshan <laijs@cn.fujitsu.com>
Cc: Steven Rostedt <rostedt@goodmis.org>,
Peter Zijlstra <peterz@infradead.org>,
linux-kernel@vger.kernel.org, C.Emde@osadl.org
Subject: Re: [PATCH 0/8] rcu: Ensure rcu read site is deadlock-immunity
Date: Wed, 7 Aug 2013 21:18:25 -0700 [thread overview]
Message-ID: <20130808041825.GH4306@linux.vnet.ibm.com> (raw)
In-Reply-To: <52030C37.3000106@cn.fujitsu.com>
On Thu, Aug 08, 2013 at 11:10:47AM +0800, Lai Jiangshan wrote:
> On 08/08/2013 10:33 AM, Paul E. McKenney wrote:
> > On Thu, Aug 08, 2013 at 10:33:15AM +0800, Lai Jiangshan wrote:
> >> On 08/08/2013 10:12 AM, Steven Rostedt wrote:
> >>> On Thu, 2013-08-08 at 09:47 +0800, Lai Jiangshan wrote:
> >>>
> >>>>> [ 393.641012] CPU0
> >>>>> [ 393.641012] ----
> >>>>> [ 393.641012] lock(&lock->wait_lock);
> >>>>> [ 393.641012] <Interrupt>
> >>>>> [ 393.641012] lock(&lock->wait_lock);
> >>>>
> >>>> Patch2 causes it!
> >>>> When I found all lock which can (chained) nested in rcu_read_unlock_special(),
> >>>> I didn't notice rtmutex's lock->wait_lock is not nested in irq-disabled.
> >>>>
> >>>> Two ways to fix it:
> >>>> 1) change rtmutex's lock->wait_lock, make it alwasys irq-disabled.
> >>>> 2) revert my patch2
> >>>
> >>> Your patch 2 states:
> >>>
> >>> "After patch 10f39bb1, "special & RCU_READ_UNLOCK_BLOCKED" can't be true
> >>> in irq nor softirq.(due to RCU_READ_UNLOCK_BLOCKED can only be set
> >>> when preemption)"
> >>
> >> Patch5 adds "special & RCU_READ_UNLOCK_BLOCKED" back in irq nor softirq.
> >> This new thing is handle in patch5 if I did not do wrong things in patch5.
> >> (I don't notice rtmutex's lock->wait_lock is not irqs-disabled in patch5)
> >>
> >>>
> >>> But then below we have:
> >>>
> >>>
> >>>>
> >>>>> [ 393.641012]
> >>>>> [ 393.641012] *** DEADLOCK ***
> >>>>> [ 393.641012]
> >>>>> [ 393.641012] no locks held by rcu_torture_rea/697.
> >>>>> [ 393.641012]
> >>>>> [ 393.641012] stack backtrace:
> >>>>> [ 393.641012] CPU: 3 PID: 697 Comm: rcu_torture_rea Not tainted 3.11.0-rc1+ #1
> >>>>> [ 393.641012] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2007
> >>>>> [ 393.641012] ffffffff8586fea0 ffff88001fcc3a78 ffffffff8187b4cb ffffffff8104a261
> >>>>> [ 393.641012] ffff88001e1a20c0 ffff88001fcc3ad8 ffffffff818773e4 0000000000000000
> >>>>> [ 393.641012] ffff880000000000 ffff880000000001 ffffffff81010a0a 0000000000000001
> >>>>> [ 393.641012] Call Trace:
> >>>>> [ 393.641012] <IRQ> [<ffffffff8187b4cb>] dump_stack+0x4f/0x84
> >>>>> [ 393.641012] [<ffffffff8104a261>] ? console_unlock+0x291/0x410
> >>>>> [ 393.641012] [<ffffffff818773e4>] print_usage_bug+0x1f5/0x206
> >>>>> [ 393.641012] [<ffffffff81010a0a>] ? save_stack_trace+0x2a/0x50
> >>>>> [ 393.641012] [<ffffffff810ae603>] mark_lock+0x283/0x2e0
> >>>>> [ 393.641012] [<ffffffff810ada10>] ? print_irq_inversion_bug.part.40+0x1f0/0x1f0
> >>>>> [ 393.641012] [<ffffffff810aef66>] __lock_acquire+0x906/0x1d40
> >>>>> [ 393.641012] [<ffffffff810ae94b>] ? __lock_acquire+0x2eb/0x1d40
> >>>>> [ 393.641012] [<ffffffff810ae94b>] ? __lock_acquire+0x2eb/0x1d40
> >>>>> [ 393.641012] [<ffffffff810b0a65>] lock_acquire+0x95/0x210
> >>>>> [ 393.641012] [<ffffffff818860f3>] ? rt_mutex_unlock+0x53/0x100
> >>>>> [ 393.641012] [<ffffffff81886d26>] _raw_spin_lock+0x36/0x50
> >>>>> [ 393.641012] [<ffffffff818860f3>] ? rt_mutex_unlock+0x53/0x100
> >>>>> [ 393.641012] [<ffffffff818860f3>] rt_mutex_unlock+0x53/0x100
The really strange thing here is that I thought that your passing false
in as the new second parameter to rcu_read_unlock_special() was supposed
to prevent rt_mutex_unlock() from being called.
But then why is the call from rcu_preempt_note_context_switch() also
passing false? I would have expected that one to pass true. Probably
I don't understand your intent with the "unlock" argument.
> >>>>> [ 393.641012] [<ffffffff810ee3ca>] rcu_read_unlock_special+0x17a/0x2a0
> >>>>> [ 393.641012] [<ffffffff810ee803>] rcu_check_callbacks+0x313/0x950
> >>>>> [ 393.641012] [<ffffffff8107a6bd>] ? hrtimer_run_queues+0x1d/0x180
> >>>>> [ 393.641012] [<ffffffff810abb9d>] ? trace_hardirqs_off+0xd/0x10
> >>>>> [ 393.641012] [<ffffffff8105bae3>] update_process_times+0x43/0x80
> >>>>> [ 393.641012] [<ffffffff810a9801>] tick_sched_handle.isra.10+0x31/0x40
> >>>>> [ 393.641012] [<ffffffff810a98f7>] tick_sched_timer+0x47/0x70
> >>>>> [ 393.641012] [<ffffffff8107941c>] __run_hrtimer+0x7c/0x490
> >>>>> [ 393.641012] [<ffffffff810a260d>] ? ktime_get_update_offsets+0x4d/0xe0
> >>>>> [ 393.641012] [<ffffffff810a98b0>] ? tick_nohz_handler+0xa0/0xa0
> >>>>> [ 393.641012] [<ffffffff8107a017>] hrtimer_interrupt+0x107/0x260
> >>>
> >>> The hrtimer_interrupt is calling a rt_mutex_unlock? How did that happen?
> >>> Did it first call a rt_mutex_lock?
> >>>
> >>> If patch two was the culprit, I'm thinking the idea behind patch two is
> >>> wrong. The only option is to remove patch number two!
> >>
> >> removing patch number two can solve the problem found be Paul, but it is not the best.
> >> because I can't declare that rcu is deadlock-immunity
> >> (it will be deadlock if rcu read site overlaps with rtmutex's lock->wait_lock
> >> if I only remove patch2)
> >> I must do more things, but I think it is still better than changing rtmutex's lock->wait_lock.
> >
> > NP, I will remove your current patches and wait for an updated set.
>
> Hi, Paul
>
> Could you agree that moving the rt_mutex_unlock() to rcu_preempt_note_context_switch()?
My guess is that changing rcu_preempt_note_context_switch()'s call to
rcu_read_unlock_special(t, true) would accomplish this in a nicer way.
Except that I would first need to understand why rcu_check_callbacks()'s
call to rcu_read_unlock_special() resulted in rt_mutex_unlock() being
called.
Oh!
In rcu_read_unlock_special, shouldn't the:
if (unlikely(unlock && irqs_disabled_flags(flags))) {
Instead be:
if (unlikely(!unlock || irqs_disabled_flags(flags))) {
Here I am guessing that the "unlock" parameter means "It is OK for
rcu_read_unlock_special() to invoke rt_mutex_unlock()", so it would be
passed in as false from rcu_check_callbacks() and true everywhere else.
If it means something else, please let me know what that might be.
Though at this point, it is not clear to me how it helps to call
rcu_read_unlock_special() from rcu_check_callbacks(). After all,
rcu_check_callbacks() has interrupts disabled always, and so it is never
safe for anything that it calls to invoke rt_mutex_unlock().
In any case, the opinion that really matters is not mine, but rather
that of the hundreds of millions of computer systems that might soon be
executing this code. As RCU maintainer, I just try my best to predict
what their opinions will be. ;-)
Thanx, Paul
> thanks,
> Lai
>
> >
> > Thanx, Paul
> >
> >
>
next prev parent reply other threads:[~2013-08-08 4:18 UTC|newest]
Thread overview: 50+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-08-07 10:24 [PATCH 0/8] rcu: Ensure rcu read site is deadlock-immunity Lai Jiangshan
2013-08-07 10:24 ` [PATCH 1/8] rcu: add a warn to rcu_preempt_note_context_switch() Lai Jiangshan
2013-10-30 11:02 ` Paul E. McKenney
2013-08-07 10:24 ` [PATCH 2/8] rcu: remove irq/softirq context check in rcu_read_unlock_special() Lai Jiangshan
2013-10-30 11:18 ` Paul E. McKenney
2013-08-07 10:24 ` [PATCH 3/8] rcu: keep irqs disabled " Lai Jiangshan
2013-08-07 10:25 ` [PATCH 4/8] rcu: delay task rcu state cleanup in exit_rcu() Lai Jiangshan
2013-08-07 10:25 ` [PATCH 5/8] rcu: eliminate deadlock for rcu read site Lai Jiangshan
2013-08-08 20:40 ` Paul E. McKenney
2013-08-09 9:31 ` Lai Jiangshan
2013-08-09 17:58 ` Paul E. McKenney
2013-08-12 13:55 ` Peter Zijlstra
2013-08-12 15:16 ` Paul E. McKenney
2013-08-12 16:21 ` Peter Zijlstra
2013-08-12 16:44 ` Paul E. McKenney
2013-08-10 3:43 ` Lai Jiangshan
2013-08-10 15:07 ` Paul E. McKenney
2013-08-10 15:08 ` Paul E. McKenney
2013-08-21 3:17 ` Paul E. McKenney
2013-08-21 3:25 ` Lai Jiangshan
2013-08-21 13:42 ` Paul E. McKenney
2013-08-12 13:53 ` Peter Zijlstra
2013-08-12 14:10 ` Steven Rostedt
2013-08-12 14:14 ` Peter Zijlstra
[not found] ` <CACvQF51-oAGkdxwku+orKSQ=SZd1A4saXzkrgcRGi+KnZUZYxQ@mail.gmail.com>
2013-08-22 14:34 ` Steven Rostedt
2013-08-22 14:41 ` Steven Rostedt
2013-08-23 6:26 ` Lai Jiangshan
[not found] ` <CACvQF51kcLrJsa=zBKhLkJfFBh109TW+Zrepm+tRxmEp0gALbQ@mail.gmail.com>
2013-08-25 17:43 ` Paul E. McKenney
2013-08-26 2:39 ` Lai Jiangshan
2013-08-30 2:05 ` Paul E. McKenney
2013-09-05 15:22 ` Steven Rostedt
2013-08-07 10:25 ` [PATCH 6/8] rcu: call rcu_read_unlock_special() in rcu_preempt_check_callbacks() Lai Jiangshan
2013-08-07 10:25 ` [PATCH 7/8] rcu: add # of deferred _special() statistics Lai Jiangshan
2013-08-07 16:42 ` Paul E. McKenney
2013-08-07 10:25 ` [PATCH 8/8] rcu: remove irq work for rsp_wakeup() Lai Jiangshan
2013-08-07 12:38 ` [PATCH 0/8] rcu: Ensure rcu read site is deadlock-immunity Paul E. McKenney
2013-08-07 19:29 ` Carsten Emde
2013-08-07 19:52 ` Paul E. McKenney
2013-08-08 1:17 ` Lai Jiangshan
2013-08-08 0:36 ` Paul E. McKenney
2013-08-08 1:47 ` Lai Jiangshan
2013-08-08 2:12 ` Steven Rostedt
2013-08-08 2:33 ` Lai Jiangshan
2013-08-08 2:33 ` Paul E. McKenney
2013-08-08 3:10 ` Lai Jiangshan
2013-08-08 4:18 ` Paul E. McKenney [this message]
2013-08-08 5:27 ` Lai Jiangshan
2013-08-08 7:05 ` Paul E. McKenney
2013-08-08 2:45 ` Lai Jiangshan
[not found] <CE792442-F438-4486-BAB7-12B0E1C57273@gmail.com>
2013-08-12 14:12 ` Peter Zijlstra
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130808041825.GH4306@linux.vnet.ibm.com \
--to=paulmck@linux.vnet.ibm.com \
--cc=C.Emde@osadl.org \
--cc=laijs@cn.fujitsu.com \
--cc=linux-kernel@vger.kernel.org \
--cc=peterz@infradead.org \
--cc=rostedt@goodmis.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).