From: Al Viro <viro@ZenIV.linux.org.uk>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Ingo Molnar <mingo@kernel.org>,
Benjamin Herrenschmidt <benh@kernel.crashing.org>,
Waiman Long <Waiman.Long@hp.com>,
Jeff Layton <jlayton@redhat.com>,
Miklos Szeredi <mszeredi@suse.cz>, Ingo Molnar <mingo@redhat.com>,
Thomas Gleixner <tglx@linutronix.de>,
linux-fsdevel <linux-fsdevel@vger.kernel.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
Peter Zijlstra <peterz@infradead.org>,
Steven Rostedt <rostedt@goodmis.org>,
Andi Kleen <andi@firstfloor.org>,
"Chandramouleeswaran, Aswin" <aswin@hp.com>,
"Norton, Scott J" <scott.norton@hp.com>
Subject: Re: [PATCH v7 1/4] spinlock: A new lockref structure for lockless update of refcount
Date: Mon, 9 Sep 2013 01:03:00 +0100 [thread overview]
Message-ID: <20130909000300.GH13318@ZenIV.linux.org.uk> (raw)
In-Reply-To: <CA+55aFxEjDYhY3i6B2okMWZXFiiq7hibTdeOD+OHAhNA7=XV1A@mail.gmail.com>
On Sun, Sep 08, 2013 at 02:45:32PM -0700, Linus Torvalds wrote:
> But that test never triggered any of my thinking, and it's racy
> anyway, and the condition we care about is another race, which means
> that it not only didn't trigger my thinking, it doesn't trigger in any
> normal testing either. The fact is, dput() can always sleep,
> regardless of count, because of the race (ok, the exception being that
> you actually have multiple references to the same dentry _yourself_,
> but who does that? Nobody).
There's one exception - basically, we decide to put duplicates of
reference(s) we hold into (a bunch of) structures being created. If
we decide that we'd failed and need to roll back, the structures
need to be taken out of whatever lists, etc. they'd been already
put on and references held in them - dropped. That removal gets done
under a spinlock. Sure, we can string those structures on some kind
of temp list, drop the spinlock and do dput() on everything in there,
but it's much more convenient to just free them as we are evicting
them, doing dput() as we go. Which is safe, since we are still have
the references used to create these buggers pinned down.
> Anyway, the reason the new d_rcu_to_refcount() is buggy isn't because
> it does bad things to dentries - the dentry reference counts and
> lifetimes are perfectly fine. No, the reason it does bad things is
> that it does an otherwise perfectly fine dput() in a context where it
> definitely is _not_ fine to sleep. We are in RCU lookup, so we are in
> a RCU-locked region, we hold the percpu vfsmount_lock spinlock, and in
> fact in unlazy_walk() we also potentially hold the "fs->lock"
> spinlock.
>
> Ugh, ugh, ugh.
>
> I really like the much simplified d_rcu_to_refcount() conceptually,
> though. So my current plan is to keep it, but to just delay the
> "dput()" it does until after we've done the "unlock_rcu_walk()".
> "complete_walk()" is actually quite simple to fix, because it does the
> unlock_rcu_walk() itself - so it's fairly trivial to just move the
> dput() to be after it. In preparation for this, I already ended up
> committing my "dead lockref" dentry code, because that simplifies
> d_rcu_to_refcount() to the degree that splitting the code up into the
> callers and then moving the dput() looks like the right thing to do.
>
> The problem I see right now is unlazy_walk(). It does *not* do the
> unlock_rcu_walk() itself for the error case (and it's the error case
> that needs this), but instead just returns -ECHILD and expects the
> caller to do it. Even then it happens fairly obscurely in
> "terminate_walk()".
>
> So Al, any ideas? I currently have two:
>
> - always do that unlock_rcu_walk() in unlazy_walk(), and exit RCU
> mode even for the error case (similar to how complete_walk() does it).
>
> That makes solving this for unlazy_walk() as straightforward as it
> is for complete_walk(), and this is, I think, the right thing to do.
>
> - add a couple of "to be freed" dentry pointers to the 'nd' and let
> terminate_walk() do the dput(). This leaves the unlazy_walk()
> semantics alone.
>
> The second one is hacky, but it doesn't change the semantics of
> unlzay_walk(). I think the current semantics (drop out of RCU mode on
> success, but not on failure) are nasty, but I wonder if there is some
> really subtle reason for it. So the hacky second solution has got that
> whole "no change to odd/subtle semantics" thing going for it..
Well... unlazy_walk() is always followed by terminate_walk() very shortly,
but there's a minor problem - terminate_walk() uses "are we in RCU
mode?" for two things:
a) do we need to do path_put() here?
b) do we need to unlock?
If you introduce the third case ("no need to do unlock and no need to
do path_put()"), we'd better decide how to check for that case...
I suspect that minimal variant would be along the lines of
* have unlazy_walk() slap NULL into ->path.mnt on error, clear
LOOKUP_RCU and unlock
* have terminate_walk() check ->path.mnt before doing path_put()
in !RCU case
* in do_last() replace bool got_write with struct vfsmount *got_write,
storing the reference to vfsmount we'd fed to mnt_want_write().
And use its value when we call mnt_put_write() in there...
I'll put together a commit like that on top of what I was going to push
into public queues tonight; give me about half an hour, OK?
next prev parent reply other threads:[~2013-09-09 0:03 UTC|newest]
Thread overview: 151+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-08-06 3:12 [PATCH v7 0/4] Lockless update of reference count protected by spinlock Waiman Long
2013-08-06 3:12 ` [PATCH v7 1/4] spinlock: A new lockref structure for lockless update of refcount Waiman Long
2013-08-29 1:40 ` Linus Torvalds
2013-08-29 4:44 ` Benjamin Herrenschmidt
2013-08-29 7:00 ` Ingo Molnar
2013-08-29 16:43 ` Linus Torvalds
2013-08-29 19:25 ` Linus Torvalds
2013-08-29 23:42 ` Linus Torvalds
2013-08-30 0:26 ` Benjamin Herrenschmidt
2013-08-30 0:49 ` Linus Torvalds
2013-08-30 2:06 ` Michael Neuling
2013-08-30 2:30 ` Benjamin Herrenschmidt
2013-08-30 2:35 ` Linus Torvalds
2013-08-30 2:45 ` Benjamin Herrenschmidt
2013-08-30 2:31 ` Linus Torvalds
2013-08-30 2:43 ` Benjamin Herrenschmidt
2013-08-30 7:16 ` Ingo Molnar
2013-08-30 15:28 ` Linus Torvalds
2013-08-30 3:12 ` Waiman Long
2013-08-30 3:54 ` Linus Torvalds
2013-08-30 7:55 ` Sedat Dilek
2013-08-30 8:10 ` Sedat Dilek
2013-08-30 9:27 ` Sedat Dilek
2013-08-30 9:48 ` Ingo Molnar
2013-08-30 9:56 ` Sedat Dilek
2013-08-30 9:58 ` Sedat Dilek
2013-08-30 10:29 ` Sedat Dilek
2013-08-30 10:36 ` Peter Zijlstra
2013-08-30 10:44 ` Sedat Dilek
2013-08-30 10:46 ` Sedat Dilek
2013-08-30 10:52 ` Peter Zijlstra
2013-08-30 10:57 ` Sedat Dilek
2013-08-30 14:05 ` Sedat Dilek
2013-08-30 11:19 ` Sedat Dilek
2013-08-30 10:38 ` Sedat Dilek
2013-08-30 15:34 ` Linus Torvalds
2013-08-30 15:38 ` Sedat Dilek
2013-08-30 16:12 ` Steven Rostedt
2013-08-30 16:16 ` Sedat Dilek
2013-08-30 18:42 ` Linus Torvalds
2013-08-30 16:32 ` Linus Torvalds
2013-08-30 16:37 ` Sedat Dilek
2013-08-30 16:52 ` Linus Torvalds
2013-08-30 17:11 ` Sedat Dilek
2013-08-30 17:26 ` Linus Torvalds
2013-09-01 10:01 ` Sedat Dilek
2013-09-01 10:33 ` Sedat Dilek
2013-09-01 15:32 ` Linus Torvalds
2013-09-01 15:45 ` Sedat Dilek
2013-09-01 15:55 ` Linus Torvalds
2013-09-02 10:30 ` Sedat Dilek
2013-09-02 16:09 ` David Ahern
2013-09-01 20:59 ` Linus Torvalds
2013-09-01 21:23 ` Al Viro
2013-09-01 22:16 ` Linus Torvalds
2013-09-01 22:35 ` Al Viro
2013-09-01 22:44 ` Al Viro
2013-09-01 22:58 ` Linus Torvalds
2013-09-01 22:48 ` Linus Torvalds
2013-09-01 23:30 ` Al Viro
2013-09-02 0:12 ` Linus Torvalds
2013-09-02 0:50 ` Linus Torvalds
2013-09-02 7:05 ` Ingo Molnar
2013-09-02 16:44 ` Linus Torvalds
2013-09-03 10:15 ` Ingo Molnar
2013-09-03 15:41 ` Linus Torvalds
2013-09-03 18:34 ` Linus Torvalds
2013-09-03 19:19 ` Ingo Molnar
2013-09-03 21:05 ` Linus Torvalds
2013-09-03 21:13 ` Linus Torvalds
2013-09-03 21:34 ` Linus Torvalds
2013-09-03 21:39 ` Linus Torvalds
2013-09-03 14:08 ` Pavel Machek
2013-09-03 22:37 ` Sedat Dilek
2013-09-03 22:55 ` Dave Jones
2013-09-03 23:05 ` Sedat Dilek
2013-09-03 23:15 ` Dave Jones
2013-09-03 23:20 ` Sedat Dilek
2013-09-03 23:45 ` Sedat Dilek
2013-08-30 18:33 ` Waiman Long
2013-08-30 18:53 ` Linus Torvalds
2013-08-30 19:20 ` Waiman Long
2013-08-30 19:33 ` Linus Torvalds
2013-08-30 20:15 ` Waiman Long
2013-08-30 20:43 ` Linus Torvalds
2013-08-30 20:54 ` Al Viro
2013-08-30 21:03 ` Linus Torvalds
2013-08-30 21:44 ` Al Viro
2013-08-30 22:30 ` Linus Torvalds
2013-08-31 21:23 ` Al Viro
2013-08-31 22:49 ` Linus Torvalds
2013-08-31 23:27 ` Al Viro
2013-09-01 0:13 ` Al Viro
2013-09-01 17:48 ` Al Viro
2013-09-09 8:30 ` Peter Zijlstra
2013-08-30 21:10 ` Waiman Long
2013-08-30 21:22 ` Linus Torvalds
2013-08-30 21:30 ` Al Viro
2013-08-30 21:42 ` Waiman Long
2013-08-30 19:40 ` Al Viro
2013-08-30 19:52 ` Waiman Long
2013-08-30 20:26 ` Al Viro
2013-08-30 20:35 ` Waiman Long
2013-08-30 20:48 ` Al Viro
2013-08-31 2:02 ` Waiman Long
2013-08-31 2:35 ` Al Viro
2013-08-31 2:42 ` Al Viro
2013-09-02 19:25 ` Waiman Long
2013-09-03 6:01 ` Ingo Molnar
2013-09-03 7:24 ` Sedat Dilek
2013-09-03 15:38 ` Linus Torvalds
2013-09-03 15:14 ` Waiman Long
2013-09-03 15:34 ` Linus Torvalds
2013-09-03 19:09 ` Linus Torvalds
2013-09-03 21:01 ` Waiman Long
2013-09-04 14:52 ` Waiman Long
2013-09-04 15:14 ` Linus Torvalds
2013-09-04 19:25 ` Waiman Long
2013-09-04 21:34 ` Linus Torvalds
2013-09-05 2:35 ` Waiman Long
2013-09-05 13:31 ` Ingo Molnar
2013-09-05 17:33 ` Waiman Long
2013-09-05 17:40 ` Ingo Molnar
2013-09-03 22:41 ` Sedat Dilek
2013-09-03 23:11 ` Sedat Dilek
2013-09-08 21:45 ` Linus Torvalds
2013-09-09 0:03 ` Al Viro [this message]
2013-09-09 0:25 ` Linus Torvalds
2013-09-09 0:35 ` Al Viro
2013-09-09 0:38 ` Linus Torvalds
2013-09-09 0:57 ` Al Viro
2013-09-09 2:09 ` Ramkumar Ramachandra
2013-09-09 0:30 ` Al Viro
2013-09-09 3:32 ` Linus Torvalds
2013-09-09 4:06 ` Ramkumar Ramachandra
2013-09-09 5:44 ` Al Viro
2013-08-30 17:17 ` Peter Zijlstra
2013-08-30 17:28 ` Linus Torvalds
2013-08-30 17:33 ` Linus Torvalds
2013-08-29 15:20 ` Waiman Long
2013-08-06 3:12 ` [PATCH v7 2/4] spinlock: Enable x86 architecture to do lockless refcount update Waiman Long
2013-08-06 3:12 ` [PATCH v7 3/4] dcache: replace d_lock/d_count by d_lockcnt Waiman Long
2013-08-06 3:12 ` [PATCH v7 4/4] dcache: Enable lockless update of dentry's refcount Waiman Long
2013-08-13 18:03 ` [PATCH v7 0/4] Lockless update of reference count protected by spinlock Waiman Long
-- strict thread matches above, loose matches on Subject: below --
2013-08-31 3:06 [PATCH v7 1/4] spinlock: A new lockref structure for lockless update of refcount George Spelvin
2013-08-31 17:16 ` Linus Torvalds
2013-09-01 8:50 ` George Spelvin
2013-09-01 11:10 ` Theodore Ts'o
2013-09-01 15:49 ` Linus Torvalds
2013-09-01 18:11 ` Steven Rostedt
2013-09-01 20:03 ` Linus Torvalds
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130909000300.GH13318@ZenIV.linux.org.uk \
--to=viro@zeniv.linux.org.uk \
--cc=Waiman.Long@hp.com \
--cc=andi@firstfloor.org \
--cc=aswin@hp.com \
--cc=benh@kernel.crashing.org \
--cc=jlayton@redhat.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@kernel.org \
--cc=mingo@redhat.com \
--cc=mszeredi@suse.cz \
--cc=peterz@infradead.org \
--cc=rostedt@goodmis.org \
--cc=scott.norton@hp.com \
--cc=tglx@linutronix.de \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox