From: Joel Fernandes <joelagnelf@nvidia.com>
To: paulmck@kernel.org
Cc: Boqun Feng <boqun.feng@gmail.com>, rcu@vger.kernel.org
Subject: Re: Testing of shared RCU branching
Date: Tue, 25 Feb 2025 17:04:37 -0500 [thread overview]
Message-ID: <5c7f08b3-a007-4bd4-b063-eb034373a385@nvidia.com> (raw)
In-Reply-To: <e4853773-f834-4224-bf17-f7ed895ffef3@paulmck-laptop>
On 2/25/2025 4:53 PM, Paul E. McKenney wrote:
> On Tue, Feb 25, 2025 at 04:20:07PM -0500, Joel Fernandes wrote:
>> On Tue, Feb 25, 2025 at 09:54:29AM -0800, Paul E. McKenney wrote:
>>> On Tue, Feb 25, 2025 at 08:11:11AM -0800, Boqun Feng wrote:
>> [...]
>>>>>> These passed other than a KCSAN complaint involving
>>>>>> rcu_preempt_deferred_qs_handler() and rcu_read_unlock_special().
>>>>>> This looks like the plain C-language writes to ->defer_qs_iw_pending.
>>>>>>
>>>>>> My guess is that this is low probability, despite having happened twice,
>>>>>> and that it happens when rcu_read_unlock_special() is interrupted,
>>>>>> resulting in rcu_preempt_deferred_qs_handler() being invoked as an
>>>>>> IRQ-work handler. Keeping in mind that RCU runs KCSAN so as to locate
>>>>>> data races between task and handler on the same CPU.
>>>>>>
>>>>>> Thoughts?
>>>>>>
>>>>>
>>>>> Do you have a KCSAN of this? Also this is not a regression, right?
>>>>> Meaning you probably have seen this before? Anyway, it should be an easy
>>>>> fix (just using READ_ONCE() and WRITE_ONCE()). I can send the fix out
>>>>> and put it in.
>>>
>>> Here you go! And you are right, if it is a regression, it is from a
>>> long time ago, though something more recent might have made it more
>>> probable.
>>
>> In my opinion I probably wouldn't even call it a regression because the
>> data-race is happening on a boolean element. If I am not mistaken, this is
>> thus a false-positive and KCSAN has no way of silencing it?
>
> You can still get in trouble with booleans. The usual example
> is as follows:
>
> bool x;
>
> ...
>
>
> while (!x)
> do_something();
>
> In many cases, the compiler is free to transform that "while" loop
> into this:
>
> if (!x)
> for (;;)
> do_something();
>
> Putting a READ_ONCE() in the original "while" condition prevents this
> transformation.
True, thanks for clarifying. I will be a bit more annoying and say that in
rcu_read_unlock_special(), there is no such looping transformation possible
though AFAICS. The test is an if() block. But this is beyond KCSAN's ability to
analyze I guess.
Thanks!
- Joel
next prev parent reply other threads:[~2025-02-25 22:04 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-02-25 15:58 Testing of shared RCU branching Paul E. McKenney
2025-02-25 16:08 ` Boqun Feng
2025-02-25 16:11 ` Boqun Feng
2025-02-25 17:54 ` Paul E. McKenney
2025-02-25 21:20 ` Joel Fernandes
2025-02-25 21:53 ` Paul E. McKenney
2025-02-25 22:04 ` Joel Fernandes [this message]
2025-02-25 23:45 ` Paul E. McKenney
2025-02-26 0:12 ` Joel Fernandes
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5c7f08b3-a007-4bd4-b063-eb034373a385@nvidia.com \
--to=joelagnelf@nvidia.com \
--cc=boqun.feng@gmail.com \
--cc=paulmck@kernel.org \
--cc=rcu@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox