From: Joel Fernandes <joelagnelf@nvidia.com>
To: "Uladzislau Rezki (Sony)" <urezki@gmail.com>
Cc: "Paul E . McKenney" <paulmck@kernel.org>,
Boqun Feng <boqun.feng@gmail.com>, RCU <rcu@vger.kernel.org>,
LKML <linux-kernel@vger.kernel.org>,
Frederic Weisbecker <frederic@kernel.org>,
Cheung Wall <zzqq0103.hey@gmail.com>,
Neeraj upadhyay <Neeraj.Upadhyay@amd.com>,
Joel Fernandes <joel@joelfernandes.org>,
Oleksiy Avramchenko <oleksiy.avramchenko@sony.com>
Subject: Re: [PATCH v4 3/3] rcu: Use _full() API to debug synchronize_rcu()
Date: Sun, 9 Mar 2025 21:55:07 -0400 [thread overview]
Message-ID: <20250310015507.GA3993297@joelnvbox> (raw)
In-Reply-To: <20250227131613.52683-3-urezki@gmail.com>
Hi Uladzislau,
On Thu, Feb 27, 2025 at 02:16:13PM +0100, Uladzislau Rezki (Sony) wrote:
> Switch for using of get_state_synchronize_rcu_full() and
> poll_state_synchronize_rcu_full() pair to debug a normal
> synchronize_rcu() call.
>
> Just using "not" full APIs to identify if a grace period is
> passed or not might lead to a false-positive kernel splat.
>
> It can happen, because get_state_synchronize_rcu() compresses
> both normal and expedited states into one single unsigned long
> value, so a poll_state_synchronize_rcu() can miss GP-completion
> when synchronize_rcu()/synchronize_rcu_expedited() concurrently
> run.
Agreed, I provided a scenario below but let me know if I missed anything.
> To address this, switch to poll_state_synchronize_rcu_full() and
> get_state_synchronize_rcu_full() APIs, which use separate variables
> for expedited and normal states.
Reviewed-by: Joel Fernandes <joelagnelf@nvidia.com>
For completeness and just to clarify how this may happen, firstly as noted:
rcu_poll_gp_seq_start/end() is called for both begin/end of normal and exp
GPs thus compressing the use of the rcu_state.gp_seq_polled counter for
both normal and exp GPs.
Then if we intersperse synchronize_rcu() with synchronize_rcu_expedited(),
something like the following may happen.
CPU 0 CPU 1
synchronize_rcu_expedited()
// -> rcu_poll_gp_seq_start()
// This does rcu_seq_start on the
// gp_seq_polled and
// notes the started gp_seq_polled
// (say its 5)
synchronize_rcu()
-> synchronize_rcu_normal()
-> rs.head.func =
get_state_synchronize_rcu();
// saves the value 12
-> rcu_gp_init()
-> rcu_poll_gp_seq_start()
// rcu_seq_start does nothing
// but notes the pre-started
// gp_seq_polled (value 5)
-> rcu_gp_cleanup()
// -> rcu_poll_gp_seq_end()
// ends the gp_seq_polled since it
// matches prior saved gp_seq_polled (5)
// new gp_seq_polled is 8.
/* NORMAL GP COMPLETES */
rcu_gp_cleanup()
-> rcu_sr_normal_gp_cleanup()
-> rcu_sr_normal_complete()
-> poll_state_synchronize_rcu()
-> returns FALSE because gp_seq_polled is still 8.
-> Warning (false positive)
thanks,
- Joel
next prev parent reply other threads:[~2025-03-10 1:55 UTC|newest]
Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-02-27 13:16 [PATCH v4 1/3] rcutorture: Allow a negative value for nfakewriters Uladzislau Rezki (Sony)
2025-02-27 13:16 ` [PATCH v4 2/3] rcu: Update TREE05.boot to test normal synchronize_rcu() Uladzislau Rezki (Sony)
2025-02-27 13:16 ` [PATCH v4 3/3] rcu: Use _full() API to debug synchronize_rcu() Uladzislau Rezki (Sony)
2025-02-27 17:12 ` Boqun Feng
2025-02-27 17:26 ` Paul E. McKenney
2025-02-27 17:30 ` Boqun Feng
2025-02-27 17:44 ` Uladzislau Rezki
2025-02-28 15:41 ` Paul E. McKenney
2025-02-28 16:36 ` Uladzislau Rezki
2025-02-28 17:08 ` Uladzislau Rezki
2025-02-28 18:25 ` Paul E. McKenney
2025-02-28 18:30 ` Uladzislau Rezki
2025-02-28 18:21 ` Paul E. McKenney
2025-02-28 18:24 ` Uladzislau Rezki
2025-02-28 18:38 ` Paul E. McKenney
2025-02-28 19:12 ` Uladzislau Rezki
2025-02-28 19:59 ` Paul E. McKenney
2025-03-01 1:08 ` Paul E. McKenney
2025-03-02 10:19 ` Uladzislau Rezki
2025-03-02 17:39 ` Paul E. McKenney
2025-03-02 18:46 ` Boqun Feng
2025-03-02 20:36 ` Paul E. McKenney
2025-03-03 16:03 ` Uladzislau Rezki
2025-03-03 0:15 ` Joel Fernandes
2025-03-03 0:17 ` Joel Fernandes
2025-03-03 17:00 ` Joel Fernandes
2025-03-03 17:07 ` Boqun Feng
2025-03-03 17:30 ` Joel Fernandes
2025-03-03 17:59 ` Joel Fernandes
2025-03-03 18:55 ` Paul E. McKenney
2025-03-03 20:02 ` Joel Fernandes
2025-03-04 3:23 ` Boqun Feng
2025-03-04 10:52 ` Uladzislau Rezki
2025-03-04 10:56 ` Uladzislau Rezki
2025-03-05 2:54 ` Boqun Feng
2025-03-05 15:37 ` Joel Fernandes
2025-03-05 15:24 ` Joel Fernandes
2025-02-27 17:43 ` Uladzislau Rezki
2025-03-10 1:55 ` Joel Fernandes [this message]
2025-03-11 12:38 ` Uladzislau Rezki
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250310015507.GA3993297@joelnvbox \
--to=joelagnelf@nvidia.com \
--cc=Neeraj.Upadhyay@amd.com \
--cc=boqun.feng@gmail.com \
--cc=frederic@kernel.org \
--cc=joel@joelfernandes.org \
--cc=linux-kernel@vger.kernel.org \
--cc=oleksiy.avramchenko@sony.com \
--cc=paulmck@kernel.org \
--cc=rcu@vger.kernel.org \
--cc=urezki@gmail.com \
--cc=zzqq0103.hey@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox