| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20200123112251.GC18991@willie-the-truck>
Date: Thu, 23 Jan 2020 11:22:51 +0000
From: Will Deacon <will@...nel.org>
To: Peter Zijlstra <peterz@...radead.org>
Cc: Alex Kogan <alex.kogan@...cle.com>, linux-arch@...r.kernel.org,
guohanjun@...wei.com, arnd@...db.de, dave.dice@...cle.com,
jglauber@...vell.com, x86@...nel.org, will.deacon@....com,
linux@...linux.org.uk, steven.sistare@...cle.com,
linux-kernel@...r.kernel.org, mingo@...hat.com, bp@...en8.de,
hpa@...or.com, longman@...hat.com, tglx@...utronix.de,
daniel.m.jordan@...cle.com, linux-arm-kernel@...ts.infradead.org
Subject: Re: [PATCH v9 3/5] locking/qspinlock: Introduce CNA into the slow
path of qspinlock
On Thu, Jan 23, 2020 at 11:16:49AM +0100, Peter Zijlstra wrote:
> On Thu, Jan 23, 2020 at 11:06:35AM +0100, Peter Zijlstra wrote:
> > On Thu, Jan 23, 2020 at 10:26:58AM +0100, Peter Zijlstra wrote:
> > > On Tue, Jan 14, 2020 at 10:59:18PM -0500, Alex Kogan wrote:
> > > > +/* this function is called only when the primary queue is empty */
> > > > +static inline bool cna_try_change_tail(struct qspinlock *lock, u32 val,
> > > > + struct mcs_spinlock *node)
> > > > +{
> > > > + struct mcs_spinlock *head_2nd, *tail_2nd;
> > > > + u32 new;
> > > > +
> > > > + /* If the secondary queue is empty, do what MCS does. */
> > > > + if (node->locked <= 1)
> > > > + return __try_clear_tail(lock, val, node);
> > > > +
> > > > + /*
> > > > + * Try to update the tail value to the last node in the secondary queue.
> > > > + * If successful, pass the lock to the first thread in the secondary
> > > > + * queue. Doing those two actions effectively moves all nodes from the
> > > > + * secondary queue into the main one.
> > > > + */
> > > > + tail_2nd = decode_tail(node->locked);
> > > > + head_2nd = tail_2nd->next;
> > > > + new = ((struct cna_node *)tail_2nd)->encoded_tail + _Q_LOCKED_VAL;
> > > > +
> > > > + if (atomic_try_cmpxchg_relaxed(&lock->val, &val, new)) {
> > > > + /*
> > > > + * Try to reset @next in tail_2nd to NULL, but no need to check
> > > > + * the result - if failed, a new successor has updated it.
> > > > + */
> > >
> > > I think you actually have an ordering bug here; the load of head_2nd
> > > *must* happen before the atomic_try_cmpxchg(), otherwise it might
> > > observe the new next and clear a valid next pointer.
> > >
> > > What would be the best fix for that; I'm thinking:
> > >
> > > head_2nd = smp_load_acquire(&tail_2nd->next);
> > >
> > > Will?
> >
> > Hmm, given we've not passed the lock around yet; why wouldn't something
> > like this work:
> >
> > smp_store_release(&tail_2nd->next, NULL);
>
> Argh, make that:
>
> tail_2nd->next = NULL;
>
> smp_wmb();
>
> > if (!atomic_try_cmpxchg_relaxed(&lock, &val, new)) {
... or could you drop the smp_wmb() and make this
atomic_try_cmpxchg_release()?
To be honest, I've failed to understand the code prior to your changes
in this area: it appears to reply on a control-dependency from the two
cmpxchg_relaxed() calls (which isn't sufficient to order the store parts
afaict) and I also don't get how we deal with a transiently circular primary
queue.
Will
Powered by blists - more mailing lists