From: Peter Zijlstra <peterz@infradead.org>
To: Yuyang Du <yuyang.du@intel.com>
Cc: Chris Wilson <chris@chris-wilson.co.uk>,
Andrey Ryabinin <aryabinin@virtuozzo.com>,
Linus Torvalds <torvalds@linux-foundation.org>,
Mike Galbraith <efault@gmx.de>,
Thomas Gleixner <tglx@linutronix.de>,
bsegall@google.com, morten.rasmussen@arm.com, pjt@google.com,
steve.muckle@linaro.org, linux-kernel@vger.kernel.org,
kernel@kyup.com
Subject: Re: Divide-by-zero in post_init_entity_util_avg
Date: Thu, 16 Jun 2016 14:25:04 +0200 [thread overview]
Message-ID: <20160616122504.GG30927@twins.programming.kicks-ass.net> (raw)
In-Reply-To: <20160616085040.GF30927@twins.programming.kicks-ass.net>
On Thu, Jun 16, 2016 at 10:50:40AM +0200, Peter Zijlstra wrote:
> diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c
> index f75930bdd326..3fd3d903e6b6 100644
> --- a/kernel/sched/fair.c
> +++ b/kernel/sched/fair.c
> @@ -2878,6 +2878,20 @@ static inline void cfs_rq_util_change(struct cfs_rq *cfs_rq)
> }
> }
>
> +/*
> + * Explicitly do a load-store to ensure the temporary value never hits memory.
> + * This allows lockless observations without ever seeing the negative values.
> + *
> + * Incidentally, this also generates much saner code for x86.
> + */
> +#define sub_positive(type, ptr, val) do { \
> + type tmp = READ_ONCE(*ptr); \
> + tmp -= (val); \
> + if (tmp < 0) \
> + tmp = 0; \
> + WRITE_ONCE(*ptr, tmp); \
> +} while (0)
> +
> /* Group cfs_rq's load_avg is used for task_h_load and update_cfs_share */
> static inline int
> update_cfs_rq_load_avg(u64 now, struct cfs_rq *cfs_rq, bool update_freq)
> @@ -2887,15 +2901,15 @@ update_cfs_rq_load_avg(u64 now, struct cfs_rq *cfs_rq, bool update_freq)
>
> if (atomic_long_read(&cfs_rq->removed_load_avg)) {
> s64 r = atomic_long_xchg(&cfs_rq->removed_load_avg, 0);
> - sa->load_avg = max_t(long, sa->load_avg - r, 0);
> - sa->load_sum = max_t(s64, sa->load_sum - r * LOAD_AVG_MAX, 0);
> + sub_positive(long, &sa->load_avg, r);
> + sub_positive(s64, &sa->load_sum, r * LOAD_AVG_MAX);
Hmm, so either we should change these variables to signed types as
forced here, or this logic (along with the former) is plain wrong.
As it stands any unsigned value with the MSB set will wipe the field
after this subtraction.
I suppose instead we'd want something like:
tmp = READ_ONCE(*ptr);
if (tmp > val)
tmp -= val;
else
tmp = 0;
WRITE_ONCE(*ptr, tmp);
In order to generate:
xchg %rax,0xa0(%r13)
mov 0x78(%r13),%rcx
sub %rax,%rcx
cmovae %r15,%rcx
mov %rcx,0x78(%r13)
however, GCC isn't smart enough and generates:
xchg %rax,0x98(%r13)
mov 0x70(%r13),%rsi
mov %rsi,%rcx
sub %rax,%rcx
cmp %rsi,%rax
cmovae %r15,%rcx
mov %rcx,0x70(%r13)
Doing a CMP with the _same_ values it does the SUB with, resulting in
exactly the same CC values.
(this is with gcc-5.3, I'm still trying to build gcc-6.1 from the debian
package which I suppose I should just give up and do a source build)
Opinions?
next prev parent reply other threads:[~2016-06-16 12:25 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-06-09 9:01 Divide-by-zero in post_init_entity_util_avg Chris Wilson
2016-06-09 1:33 ` Yuyang Du
2016-06-09 13:07 ` Peter Zijlstra
2016-06-12 22:25 ` Yuyang Du
2016-06-14 11:25 ` [tip:sched/core] sched/fair: Fix post_init_entity_util_avg() serialization tip-bot for Peter Zijlstra
2016-06-16 8:50 ` Divide-by-zero in post_init_entity_util_avg Peter Zijlstra
2016-06-16 12:25 ` Peter Zijlstra [this message]
2016-06-16 16:16 ` Peter Zijlstra
2016-06-17 8:16 ` Andrey Ryabinin
2016-06-17 8:23 ` Peter Zijlstra
2016-06-17 9:19 ` [PATCH] sched/fair: Fix cfs_rq avg tracking underflow Peter Zijlstra
2016-06-17 2:01 ` Yuyang Du
2016-06-20 13:24 ` [tip:sched/urgent] " tip-bot for Peter Zijlstra
2016-06-09 10:29 ` Divide-by-zero in post_init_entity_util_avg Peter Zijlstra
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160616122504.GG30927@twins.programming.kicks-ass.net \
--to=peterz@infradead.org \
--cc=aryabinin@virtuozzo.com \
--cc=bsegall@google.com \
--cc=chris@chris-wilson.co.uk \
--cc=efault@gmx.de \
--cc=kernel@kyup.com \
--cc=linux-kernel@vger.kernel.org \
--cc=morten.rasmussen@arm.com \
--cc=pjt@google.com \
--cc=steve.muckle@linaro.org \
--cc=tglx@linutronix.de \
--cc=torvalds@linux-foundation.org \
--cc=yuyang.du@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox