From: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
To: Huang Ying <ying.huang@intel.com>
Cc: Michael Cree <mcree@orcon.net.nz>,
Greg KH <gregkh@linuxfoundation.org>,
linux-alpha@vger.kernel.org, Richard Henderson <rth@twiddle.net>,
Ivan Kokshaysky <ink@jurassic.park.msu.ru>,
Matt Turner <mattst88@gmail.com>,
linux-kernel@vger.kernel.org,
Paul McKenney <paulmck@linux.vnet.ibm.com>,
David Howells <dhowells@redhat.com>,
Pranith Kumar <bobby.prani@gmail.com>,
stable@vger.kernel.org
Subject: Re: [PATCH] llist: Fix missing lockless_dereference()
Date: Tue, 10 Feb 2015 03:42:08 +0000 (UTC) [thread overview]
Message-ID: <238033159.95142.1423539728937.JavaMail.zimbra@efficios.com> (raw)
In-Reply-To: <1423533148.5968.84.camel@intel.com>
----- Original Message -----
> From: "Huang Ying" <ying.huang@intel.com>
> To: "Mathieu Desnoyers" <mathieu.desnoyers@efficios.com>
> Cc: "Michael Cree" <mcree@orcon.net.nz>, "Greg KH" <gregkh@linuxfoundation.org>, linux-alpha@vger.kernel.org,
> "Richard Henderson" <rth@twiddle.net>, "Ivan Kokshaysky" <ink@jurassic.park.msu.ru>, "Matt Turner"
> <mattst88@gmail.com>, linux-kernel@vger.kernel.org, "Paul McKenney" <paulmck@linux.vnet.ibm.com>, "David Howells"
> <dhowells@redhat.com>, "Pranith Kumar" <bobby.prani@gmail.com>, stable@vger.kernel.org
> Sent: Monday, February 9, 2015 8:52:28 PM
> Subject: Re: [PATCH] llist: Fix missing lockless_dereference()
>
> Hi, Mathieu,
>
> On Sun, 2015-02-08 at 04:25 +0000, Mathieu Desnoyers wrote:
> > ----- Original Message -----
> > > From: "Michael Cree" <mcree@orcon.net.nz>
> > > To: "Mathieu Desnoyers" <mathieu.desnoyers@efficios.com>
> > > Cc: "Greg KH" <gregkh@linuxfoundation.org>, linux-alpha@vger.kernel.org,
> > > "Richard Henderson" <rth@twiddle.net>, "Ivan
> > > Kokshaysky" <ink@jurassic.park.msu.ru>, "Matt Turner"
> > > <mattst88@gmail.com>, "Huang Ying" <ying.huang@intel.com>,
> > > linux-kernel@vger.kernel.org, "Paul McKenney"
> > > <paulmck@linux.vnet.ibm.com>, "David Howells" <dhowells@redhat.com>,
> > > "Pranith Kumar" <bobby.prani@gmail.com>, stable@vger.kernel.org
> > > Sent: Saturday, February 7, 2015 7:47:29 PM
> > > Subject: Re: [PATCH] llist: Fix missing lockless_dereference()
> > >
> > > On Sat, Feb 07, 2015 at 10:30:44PM +0000, Mathieu Desnoyers wrote:
> > > > > On Fri, Feb 06, 2015 at 09:08:21PM -0500, Mathieu Desnoyers wrote:
> > > > > > A lockless_dereference() appears to be missing in
> > > > > > llist_del_first().
> > > > > > It should only matter for Alpha in practice.
> > >
> > > What could one anticipate to be the symptoms of such a missing
> > > lockless_dereference()?
> >
> > This can trigger corruption of the lockless linked-list, which is
> > used across a few subsystems. AFAIU, the scenario is as follows.
> > Please bear with me, because it's been a while since I've read on
> > the Alpha multi-cache-banks behavior.
> >
> > The list here would be initially non-empty. Initial state of
> > new_last->next is unset (newly allocated); IOW: garbage. CPU A
> > adds a node into the list while CPU B removes a node from the
> > head of the list.
> >
> > CPU A CPU B
> > llist_add_batch()
> > - Stores to new_last->next
> > - implicit full mb before cmpxchg makes the
> > update to CPU A's cache bank containing
> > new_last->next visible to other CPUs
> > before CPU A's cache bank update making
> > head->first visible to other CPUs.
> > - cmpxchg updates head->first = new_first
> > llist_del_first()
> > - entry = load head->first
> > -> here, lack of barrier on
> > Alpha creates a window where
> > CPU B's cache bank can see
> > the updated "head->first",
> > but the cache bank holding
> > the next value did not
> > receive the update yet, since
> > each cache bank have
> > their own channel, which can
> > be independently
> > saturated.
> > - next = load entry->next
> > (dereference entry pointer)
> > - cmpxchg updates head->first =
> > next
> > -> can store unset "next"
> > value into head->first, thus
> > corrupting the linked list.
>
> If my understanding were correct, cmpxchg will imply a full mb before
> and after it, so that there is a mb between load head->first in cmpxchg
> and load entry->next. If so, the memory barrier is only needed before
> the loop.
Yes, indeed, and by using lockless_dereference(), this is
what we end up doing.
FWIW, the reason why I moved smp_read_barrier_depends() into
the loop was to issue it after the check for NULL pointer,
assuming that getting a NULL pointer was a relatively
frequent case compared to a failing cmpxchg. But we're
talking about very minor optimisations compared to the
upside of lockless_dereference() making the code easier
to understand.
Thanks,
Mathieu
>
> Best Regards,
> Huang, Ying
>
> > >
> > > The Alpha kernel is behaving pretty well provided one builds a machine
> > > specific kernel and UP. When running an SMP kernel some packages
> > > (most notably the java runtime, but there are a few others) occasionally
> > > lock up in a pthread call --- could be a problem in libc rather then the
> > > kernel.
> >
> > Are those lockups always occasional, or you have ways to reproduce them
> > frequently with stress-tests ?
> >
> > Thanks,
> >
> > Mathieu
> >
> > >
> > > > > Meta-comment, do we really care about Alpha anymore? Is it still
> > > > > consered an "active" arch we support?
> > >
> > > There are a few of us still running recent kernels on Alpha. I am
> > > maintaining the unofficial Debian alpha port at debian-ports, and the
> > > Debian popcon shows about 10 installations of Debian Alpha.
> > >
> > > Cheers
> > > Michael.
> > >
> >
>
>
>
--
Mathieu Desnoyers
EfficiOS Inc.
http://www.efficios.com
next prev parent reply other threads:[~2015-02-10 3:42 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-02-07 2:08 [PATCH] llist: Fix missing lockless_dereference() Mathieu Desnoyers
2015-02-07 22:16 ` Greg KH
2015-02-07 22:30 ` Mathieu Desnoyers
2015-02-08 0:18 ` Matt Turner
2015-02-08 0:29 ` Greg KH
2015-02-08 0:47 ` Michael Cree
2015-02-08 0:59 ` Greg KH
2015-02-08 1:12 ` Michael Cree
2015-02-08 1:20 ` Greg KH
2015-02-08 4:25 ` Mathieu Desnoyers
2015-02-10 1:52 ` Huang Ying
2015-02-10 3:42 ` Mathieu Desnoyers [this message]
2015-02-10 9:30 ` Michael Cree
2015-02-08 0:09 ` Paul E. McKenney
2015-02-10 14:03 ` Peter Hurley
2015-02-10 16:38 ` Paul E. McKenney
2015-02-10 17:29 ` Peter Hurley
2015-02-10 18:03 ` Paul E. McKenney
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=238033159.95142.1423539728937.JavaMail.zimbra@efficios.com \
--to=mathieu.desnoyers@efficios.com \
--cc=bobby.prani@gmail.com \
--cc=dhowells@redhat.com \
--cc=gregkh@linuxfoundation.org \
--cc=ink@jurassic.park.msu.ru \
--cc=linux-alpha@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mattst88@gmail.com \
--cc=mcree@orcon.net.nz \
--cc=paulmck@linux.vnet.ibm.com \
--cc=rth@twiddle.net \
--cc=stable@vger.kernel.org \
--cc=ying.huang@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).