| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 13 Dec 2018 11:13:58 +0100
From: Roman Penyaev <rpenyaev@...e.de>
To: Andrea Parri <andrea.parri@...rulasolutions.com>
Cc: Davidlohr Bueso <dbueso@...e.de>, Jason Baron <jbaron@...mai.com>,
Al Viro <viro@...iv.linux.org.uk>,
"Paul E. McKenney" <paulmck@...ux.vnet.ibm.com>,
Linus Torvalds <torvalds@...ux-foundation.org>,
Andrew Morton <akpm@...ux-foundation.org>,
linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 3/3] epoll: use rwlock in order to reduce
ep_poll_callback() contention
On 2018-12-12 18:13, Andrea Parri wrote:
> On Wed, Dec 12, 2018 at 12:03:57PM +0100, Roman Penyaev wrote:
[...]
>> +static inline void list_add_tail_lockless(struct list_head *new,
>> + struct list_head *head)
>> +{
>> + struct list_head *prev;
>> +
>> + new->next = head;
>> +
>> + /*
>> + * Initially ->next of a new element must be updated with the head
>> + * (we are inserting to the tail) and only then pointers are
>> atomically
>> + * exchanged. XCHG guarantees memory ordering, thus ->next should
>> be
>> + * updated before pointers are actually swapped.
>> + */
>> +
>> + prev = xchg(&head->prev, new);
>> +
>> + /*
>> + * It is safe to modify prev->next and new->prev, because a new
>> element
>> + * is added only to the tail and new->next is updated before XCHG.
>> + */
>
> IIUC, you're also relying on "some" ordering between the atomic load
> of &head->prev above and the store to prev->next below: consider the
> following snippet for two concurrent list_add_tail_lockless()'s:
>
> {Initially: List := H -> A -> B}
>
> CPU0 CPU1
>
> list_add_tail_lockless(C, H): list_add_tail_lockless(D, H):
>
> C->next = H D->next = H
> prev = xchg(&H->prev, C) // =B prev = xchg(&H->prev, D) // =C
> B->next = C C->next = D
> C->prev = B D->prev = C
>
> Here, as annotated, CPU0's xchg() "wins" over CPU1's xchg() (i.e., the
> latter reads the value of &H->prev that the former stored to that same
> location).
>
> As you noted above, the xchg() guarantees that CPU0's store to C->next
> is "ordered before" CPU0's store to &H->prev.
>
> But we also want CPU1's load from &H->prev to be ordered before CPU1's
> store to C->next, which is also guaranteed by the xchg() (or, FWIW, by
> the address dependency between these two memory accesses).
>
> I do not see what could guarantee "C->next == D" in the end, otherwise.
>
> What am I missing?
Hi Andrea,
xchg always acts as a full memory barrier, i.e. mfence in x86 terms. So
the
following statement should be always true, otherwise nothing should work
as
the same code pattern is used in many generic places:
CPU0 CPU1
C->next = H
xchg(&ptr, C)
C = xchg(&ptr, D)
C->next = D
This is the only guarantee we need, i.e. make it simplier:
C->next = H
mfence mfence
C->next = D
the gurantee that two stores won't reorder. Pattern is always the same:
we
prepare chunk of memory on CPU0 and do pointers xchg, CPU1 sees chunks
of
memory with all stores committed by CPU0 (regardless of CPU1 does loads
or stores to this chunk).
I am repeating the same thing which you also noted, but I just want to
be
sure that I do not say nonsense. So basically repeating to myself.
Ok, let's commit that. Returning to your question: "I do not see what
could guarantee "C->next == D" in the end"
At the end of what? Lockless insert procedure (insert to tail) relies
only
on "head->prev". This is the single "place" where we atomically
exchange
list elements and "somehow" chain them. So insert needs only actual
"head->prev", and xchg provides this guarantees to us.
But there is also a user of the list, who needs to iterate over the list
or to delete elements, etc, i.e. this user of the list needs list fully
committed to the memory. This user takes write_lock(). So answering
your
question (if I understood it correctly): at the end write_lock()
guarantees
that list won't be seen as corrupted and updates to the last element,
i.e.
"->next" or "->prev" pointers of the last element are committed and seen
correctly.
--
Roman
Powered by blists - more mailing lists