From: George Dunlap <george.dunlap@citrix.com>
To: Dario Faggioli <dario.faggioli@citrix.com>,
xen-devel@lists.xenproject.org
Cc: George Dunlap <george.dunlap@eu.citrix.com>,
Tianyang Chen <tiche@seas.upenn.edu>,
Ian Jackson <Ian.Jackson@eu.citrix.com>,
Robert VanVossen <robert.vanvossen@dornerworks.com>,
Josh Whitehead <josh.whitehead@dornerworks.com>,
Meng Xu <mengxu@cis.upenn.edu>, Jan Beulich <JBeulich@suse.com>
Subject: Re: [PATCH v3 04/11] xen: sched: close potential races when switching scheduler to CPUs
Date: Fri, 8 Apr 2016 14:00:05 +0100 [thread overview]
Message-ID: <5707AB55.1070005@citrix.com> (raw)
In-Reply-To: <5707A9A0.7090608@citrix.com>
On 08/04/16 13:52, George Dunlap wrote:
> On 08/04/16 02:23, Dario Faggioli wrote:
>> In short, the point is making sure that the actual switch
>> of scheduler and the remapping of the scheduler's runqueue
>> lock occur in the same critical section, protected by the
>> "old" scheduler's lock (and not, e.g., in the free_pdata
>> hook, as it is now for Credit2 and RTDS).
>>
>> Not doing so, is (at least) racy. In fact, for instance,
>> if we switch cpu X from, Credit2 to Credit, we do:
>>
>> schedule_cpu_switch(x, csched2 --> csched):
>> //scheduler[x] is csched2
>> //schedule_lock[x] is csched2_lock
>> csched_alloc_pdata(x)
>> csched_init_pdata(x)
>> pcpu_schedule_lock(x) ----> takes csched2_lock
>> scheduler[X] = csched
>> pcpu_schedule_unlock(x) --> unlocks csched2_lock
>> [1]
>> csched2_free_pdata(x)
>> pcpu_schedule_lock(x) --> takes csched2_lock
>> schedule_lock[x] = csched_lock
>> spin_unlock(csched2_lock)
>>
>> While, if we switch cpu X from, Credit to Credit2, we do:
>>
>> schedule_cpu_switch(X, csched --> csched2):
>> //scheduler[x] is csched
>> //schedule_lock[x] is csched_lock
>> csched2_alloc_pdata(x)
>> csched2_init_pdata(x)
>> pcpu_schedule_lock(x) --> takes csched_lock
>> schedule_lock[x] = csched2_lock
>> spin_unlock(csched_lock)
>> [2]
>> pcpu_schedule_lock(x) ----> takes csched2_lock
>> scheduler[X] = csched2
>> pcpu_schedule_unlock(x) --> unlocks csched2_lock
>> csched_free_pdata(x)
>>
>> And if we switch cpu X from RTDS to Credit2, we do:
>>
>> schedule_cpu_switch(X, RTDS --> csched2):
>> //scheduler[x] is rtds
>> //schedule_lock[x] is rtds_lock
>> csched2_alloc_pdata(x)
>> csched2_init_pdata(x)
>> pcpu_schedule_lock(x) --> takes rtds_lock
>> schedule_lock[x] = csched2_lock
>> spin_unlock(rtds_lock)
>> pcpu_schedule_lock(x) ----> takes csched2_lock
>> scheduler[x] = csched2
>> pcpu_schedule_unlock(x) --> unlocks csched2_lock
>> rtds_free_pdata(x)
>> spin_lock(rtds_lock)
>> ASSERT(schedule_lock[x] == rtds_lock) [3]
>> schedule_lock[x] = DEFAULT_SCHEDULE_LOCK [4]
>> spin_unlock(rtds_lock)
>>
>> So, the first problem is that, if anything related to
>> scheduling, and involving CPU, happens at [1] or [2], we:
>> - take csched2_lock,
>> - operate on Credit1 functions and data structures,
>> which is no good!
>>
>> The second problem is that the ASSERT at [3] triggers, and
>> the third that at [4], we screw up the lock remapping we've
>> done for ourself in csched2_init_pdata()!
>>
>> The first problem arises because there is a window during
>> which the lock is already the new one, but the scheduler is
>> still the old one. The other two, becase we let schedulers
>> mess with the lock (re)mapping done by others.
>>
>> This patch, therefore, introduces a new hook in the scheduler
>> interface, called switch_sched, meant at being used when
>> switching scheduler on a CPU, and implements it for the
>> various schedulers, so that things are done in the proper
>> order and under the protection of the best suited (set of)
>> lock(s). It is necessary to add the hook (as compared to
>> keep doing things in generic code), because different
>> schedulers may have different locking schemes.
>>
>> Signed-off-by: Dario Faggioli <dario.faggioli@citrix.com>
>
> Thanks!
>
> Reviewed-by: George Dunlap <george.dunlap@citrix.com>
Committers:
Hopefully the arinc653 maintainers will get an opportunity to take a
look at this before the hard freeze today. But if not, given the
timing, and the fact that the patch is really more to do with the
interface to the scheduling system as a whole rather than internal
algorithms of the arinc scheduler, I think it's probably OK to take the
liberty of checking it in even without an Ack (as long as there's no
Nack). We can always revert / amend it later if there are objections.
-George
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
next prev parent reply other threads:[~2016-04-08 13:00 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-04-08 1:23 [PATCH v3 00/11] Fixes and improvement (including hard affinity!) for Credit2 Dario Faggioli
2016-04-08 1:23 ` [PATCH v3 01/11] xen: sched: make implementing .alloc_pdata optional Dario Faggioli
2016-04-08 14:03 ` Robert VanVossen
2016-04-08 1:23 ` [PATCH v3 02/11] xen: sched: implement .init_pdata in Credit, Credit2 and RTDS Dario Faggioli
2016-04-08 1:23 ` [PATCH v3 03/11] xen: sched: move pCPU initialization in an helper Dario Faggioli
2016-04-08 1:23 ` [PATCH v3 04/11] xen: sched: close potential races when switching scheduler to CPUs Dario Faggioli
2016-04-08 12:52 ` George Dunlap
2016-04-08 13:00 ` George Dunlap [this message]
2016-04-08 13:11 ` Dario Faggioli
2016-04-08 14:00 ` Robert VanVossen
2016-04-11 14:43 ` Konrad Rzeszutek Wilk
2016-04-08 1:23 ` [PATCH v3 05/11] xen: sched: improve credit2 bootparams' scope, placement and signedness Dario Faggioli
2016-04-08 1:24 ` [PATCH v3 06/11] xen: sched: on Credit2, don't reprogram the timer if idle Dario Faggioli
2016-04-08 1:24 ` [PATCH v3 07/11] xen: sched: fix per-socket runqueue creation in credit2 Dario Faggioli
2016-04-08 1:24 ` [PATCH v3 08/11] xen: sched: allow for choosing credit2 runqueues configuration at boot Dario Faggioli
2016-04-08 4:18 ` Juergen Gross
2016-04-08 7:35 ` Dario Faggioli
2016-04-08 7:39 ` Juergen Gross
2016-04-08 10:03 ` Dario Faggioli
2016-04-08 13:10 ` George Dunlap
2016-04-08 15:13 ` [PATCH v3 00/11] Fixes and improvement (including hard affinity!) for Credit2 [and 1 more messages] Ian Jackson
2016-04-11 14:43 ` Konrad Rzeszutek Wilk
2016-04-08 1:24 ` [PATCH v3 09/11] xen: sched: per-core runqueues as default in credit2 Dario Faggioli
2016-04-08 1:24 ` [PATCH v3 10/11] xen: sched: privde some scratch space for not putting cpumasks on stack Dario Faggioli
2016-04-08 1:24 ` [PATCH v3 11/11] xen: sched: implement vcpu hard affinity in Credit2 Dario Faggioli
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5707AB55.1070005@citrix.com \
--to=george.dunlap@citrix.com \
--cc=Ian.Jackson@eu.citrix.com \
--cc=JBeulich@suse.com \
--cc=dario.faggioli@citrix.com \
--cc=george.dunlap@eu.citrix.com \
--cc=josh.whitehead@dornerworks.com \
--cc=mengxu@cis.upenn.edu \
--cc=robert.vanvossen@dornerworks.com \
--cc=tiche@seas.upenn.edu \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).