| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 18 Aug 2019 19:29:27 -0700
From: "Paul E. McKenney" <paulmck@...ux.ibm.com>
To: Joel Fernandes <joel@...lfernandes.org>
Cc: linux-kernel@...r.kernel.org,
Josh Triplett <josh@...htriplett.org>,
Lai Jiangshan <jiangshanlai@...il.com>,
Mathieu Desnoyers <mathieu.desnoyers@...icios.com>,
rcu@...r.kernel.org, Steven Rostedt <rostedt@...dmis.org>
Subject: Re: [RFC v2] rcu/tree: Try to invoke_rcu_core() if in_irq() during
unlock
On Sun, Aug 18, 2019 at 09:46:23PM -0400, Joel Fernandes wrote:
> On Sun, Aug 18, 2019 at 09:41:43PM -0400, Joel Fernandes wrote:
> > On Sun, Aug 18, 2019 at 06:21:53PM -0700, Paul E. McKenney wrote:
> [snip]
> > > > > Also, your commit log's point #2 is "in_irq() implies in_interrupt()
> > > > > which implies raising softirq will not do any wake ups." This mention
> > > > > of softirq seems a bit odd, given that we are going to wake up a rcuc
> > > > > kthread. Of course, this did nothing to quell my suspicions. ;-)
> > > >
> > > > Yes, I should delete this #2 from the changelog since it is not very relevant
> > > > (I feel now). My point with #2 was that even if were to raise a softirq
> > > > (which we are not), a scheduler wakeup of ksoftirqd is impossible in this
> > > > path anyway since in_irq() implies in_interrupt().
> > >
> > > Please! Could you also add a first-principles explanation of why
> > > the added condition is immune from scheduler deadlocks?
> >
> > Sure I can add an example in the change log, however I was thinking of this
> > example which you mentioned:
> > https://lore.kernel.org/lkml/20190627173831.GW26519@linux.ibm.com/
> >
> > previous_reader()
> > {
> > rcu_read_lock();
> > do_something(); /* Preemption happened here. */
> > local_irq_disable(); /* Cannot be the scheduler! */
> > do_something_else();
> > rcu_read_unlock(); /* Must defer QS, task still queued. */
> > do_some_other_thing();
> > local_irq_enable();
> > }
> >
> > current_reader() /* QS from previous_reader() is still deferred. */
> > {
> > local_irq_disable(); /* Might be the scheduler. */
> > do_whatever();
> > rcu_read_lock();
> > do_whatever_else();
> > rcu_read_unlock(); /* Must still defer reporting QS. */
> > do_whatever_comes_to_mind();
> > local_irq_enable();
> > }
> >
> > One modification of the example could be, previous_reader() could also do:
> > previous_reader()
> > {
> > rcu_read_lock();
> > do_something_that_takes_really_long(); /* causes need_qs in
> > the unlock_special_union to be set */
> > local_irq_disable(); /* Cannot be the scheduler! */
> > do_something_else();
> > rcu_read_unlock(); /* Must defer QS, task still queued. */
> > do_some_other_thing();
> > local_irq_enable();
> > }
>
> The point you were making in that thread being, current_reader() ->
> rcu_read_unlock() -> rcu_read_unlock_special() would not do any wakeups
> because previous_reader() sets the deferred_qs bit.
>
> Anyway, I will add all of this into the changelog.
Examples are good, but what makes it so that there are no examples of
its being unsafe?
And a few questions along the way, some quick quiz, some more serious.
Would it be safe if it checked in_interrupt() instead of in_irq()?
If not, should the in_interrupt() in the "if" condition preceding the
added "else if" be changed to in_irq()? Would it make sense to add an
"|| !irqs_were_disabled" do your new "else if" condition? Would the
body of the "else if" actually be executed in current mainline?
In an attempt to be at least a little constructive, I am doing some
testing of this patch overnight, along with a WARN_ON_ONCE() to see if
that invoke_rcu_core() is ever reached.
Thanx, Paul
Powered by blists - more mailing lists