| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 21 Jan 2021 14:35:10 +0100
From: Uladzislau Rezki <urezki@...il.com>
To: "Paul E. McKenney" <paulmck@...nel.org>
Cc: Sebastian Andrzej Siewior <bigeasy@...utronix.de>,
"Uladzislau Rezki (Sony)" <urezki@...il.com>,
LKML <linux-kernel@...r.kernel.org>, RCU <rcu@...r.kernel.org>,
Michael Ellerman <mpe@...erman.id.au>,
Andrew Morton <akpm@...ux-foundation.org>,
Daniel Axtens <dja@...ens.net>,
Frederic Weisbecker <frederic@...nel.org>,
Neeraj Upadhyay <neeraju@...eaurora.org>,
Joel Fernandes <joel@...lfernandes.org>,
Peter Zijlstra <peterz@...radead.org>,
Michal Hocko <mhocko@...e.com>,
Thomas Gleixner <tglx@...utronix.de>,
"Theodore Y . Ts'o" <tytso@....edu>,
Oleksiy Avramchenko <oleksiy.avramchenko@...ymobile.com>
Subject: Re: [PATCH 1/3] kvfree_rcu: Allocate a page for a single argument
On Wed, Jan 20, 2021 at 01:54:03PM -0800, Paul E. McKenney wrote:
> On Wed, Jan 20, 2021 at 08:57:57PM +0100, Sebastian Andrzej Siewior wrote:
> > On 2021-01-20 17:21:46 [+0100], Uladzislau Rezki (Sony) wrote:
> > > For a single argument we can directly request a page from a caller
> > > context when a "carry page block" is run out of free spots. Instead
> > > of hitting a slow path we can request an extra page by demand and
> > > proceed with a fast path.
> > >
> > > A single-argument kvfree_rcu() must be invoked in sleepable contexts,
> > > and that its fallback is the relatively high latency synchronize_rcu().
> > > Single-argument kvfree_rcu() therefore uses GFP_KERNEL|__GFP_RETRY_MAYFAIL
> > > to allow limited sleeping within the memory allocator.
> > >
> > > [ paulmck: Add add_ptr_to_bulk_krc_lock header comment per Michal Hocko. ]
> > > Signed-off-by: Uladzislau Rezki (Sony) <urezki@...il.com>
> > > Signed-off-by: Paul E. McKenney <paulmck@...nel.org>
> > > ---
> > > kernel/rcu/tree.c | 42 ++++++++++++++++++++++++++----------------
> > > 1 file changed, 26 insertions(+), 16 deletions(-)
> > >
> > > diff --git a/kernel/rcu/tree.c b/kernel/rcu/tree.c
> > > index e04e336bee42..2014fb22644d 100644
> > > --- a/kernel/rcu/tree.c
> > > +++ b/kernel/rcu/tree.c
> > > @@ -3465,37 +3465,50 @@ run_page_cache_worker(struct kfree_rcu_cpu *krcp)
> > > }
> > > }
> > >
> > > +// Record ptr in a page managed by krcp, with the pre-krc_this_cpu_lock()
> > > +// state specified by flags. If can_alloc is true, the caller must
> > > +// be schedulable and not be holding any locks or mutexes that might be
> > > +// acquired by the memory allocator or anything that it might invoke.
> > > +// Returns true if ptr was successfully recorded, else the caller must
> > > +// use a fallback.
> >
> > The whole RCU department is getting swamped by the // comments. Can't we
> > have proper kernel doc and /* */ style comments like the remaining part
> > of the kernel?
>
> Because // comments are easier to type and take up less horizontal space.
> Also, this kvfree_call_rcu_add_ptr_to_bulk() function is local to
> kvfree_rcu(), and we don't normally docbook-ify such functions.
>
> > > static inline bool
> > > -kvfree_call_rcu_add_ptr_to_bulk(struct kfree_rcu_cpu *krcp, void *ptr)
> > > +add_ptr_to_bulk_krc_lock(struct kfree_rcu_cpu **krcp,
> > > + unsigned long *flags, void *ptr, bool can_alloc)
> > > {
> > > struct kvfree_rcu_bulk_data *bnode;
> > > int idx;
> > >
> > > - if (unlikely(!krcp->initialized))
> > > + *krcp = krc_this_cpu_lock(flags);
> > > + if (unlikely(!(*krcp)->initialized))
> > > return false;
> > >
> > > - lockdep_assert_held(&krcp->lock);
> > > idx = !!is_vmalloc_addr(ptr);
> > >
> > > /* Check if a new block is required. */
> > > - if (!krcp->bkvhead[idx] ||
> > > - krcp->bkvhead[idx]->nr_records == KVFREE_BULK_MAX_ENTR) {
> > > - bnode = get_cached_bnode(krcp);
> > > - /* Switch to emergency path. */
> > > + if (!(*krcp)->bkvhead[idx] ||
> > > + (*krcp)->bkvhead[idx]->nr_records == KVFREE_BULK_MAX_ENTR) {
> > > + bnode = get_cached_bnode(*krcp);
> > > + if (!bnode && can_alloc) {
> > > + krc_this_cpu_unlock(*krcp, *flags);
> > > + bnode = (struct kvfree_rcu_bulk_data *)
> >
> > There is no need for this cast.
>
> Without it, gcc version 7.5.0 says:
>
> warning: assignment makes pointer from integer without a cast
>
> > > + __get_free_page(GFP_KERNEL | __GFP_RETRY_MAYFAIL | __GFP_NOWARN);
> > > + *krcp = krc_this_cpu_lock(flags);
> >
> > so if bnode is NULL you could retry get_cached_bnode() since it might
> > have been filled (given preemption or CPU migration changed something).
> > Judging from patch #3 you think that a CPU migration is a bad thing. But
> > why?
>
> So that the later "(*krcp)->bkvhead[idx] = bnode" assignment associates
> it with the correct CPU.
>
> Though now that you mention it, couldn't the following happen?
>
> o Task A on CPU 0 notices that allocation is needed, so it
> drops the lock disables migration, and sleeps while
> allocating.
>
> o Task B on CPU 0 does the same.
>
> o The two tasks wake up in some order, and the second one
> causes trouble at the "(*krcp)->bkvhead[idx] = bnode"
> assignment.
>
> Uladzislau, do we need to recheck "!(*krcp)->bkvhead[idx]" just after
> the migrate_enable()? Along with the KVFREE_BULK_MAX_ENTR check?
>
Probably i should have mentioned your sequence you described, that two tasks
can get a page on same CPU, i was thinking about it :) Yep, it can happen
since we drop the lock and a context is fully preemptible, so another one
can trigger kvfree_rcu() ending up at the same place - entering a page
allocator.
I spent some time simulating it, but with no any luck, therefore i did not
reflect this case in the commit message, thus did no pay much attention to
such scenario.
>
> Uladzislau, do we need to recheck "!(*krcp)->bkvhead[idx]" just after
> the migrate_enable()? Along with the KVFREE_BULK_MAX_ENTR check?
>
Two woken tasks will be serialized, i.e. an assignment is protected by
the our local lock. We do krc_this_cpu_lock(flags); as a first step
right after that we do restore a migration. A migration in that case
can occur only when krc_this_cpu_unlock(*krcp, *flags); is invoked.
The scenario you described can happen, in that case a previous bnode
in the drain list can be either empty or partly utilized. But, again
i was non able to trigger such scenario.
If we should fix it, i think we can go with below "alloc_in_progress"
protection:
<snip>
urezki@...38:~/data/raid0/coding/linux-rcu.git$ git diff
diff --git a/kernel/rcu/tree.c b/kernel/rcu/tree.c
index cad36074366d..95485ec7267e 100644
--- a/kernel/rcu/tree.c
+++ b/kernel/rcu/tree.c
@@ -3488,12 +3488,19 @@ add_ptr_to_bulk_krc_lock(struct kfree_rcu_cpu **krcp,
if (!(*krcp)->bkvhead[idx] ||
(*krcp)->bkvhead[idx]->nr_records == KVFREE_BULK_MAX_ENTR) {
bnode = get_cached_bnode(*krcp);
- if (!bnode && can_alloc) {
+ if (!bnode && can_alloc && !(*krcp)->alloc_in_progress) {
migrate_disable();
+
+ /* Set it before dropping the lock. */
+ (*krcp)->alloc_in_progress = true;
krc_this_cpu_unlock(*krcp, *flags);
+
bnode = (struct kvfree_rcu_bulk_data *)
__get_free_page(GFP_KERNEL | __GFP_RETRY_MAYFAIL | __GFP_NOMEMALLOC | __GFP_NOWARN);
*krcp = krc_this_cpu_lock(flags);
+
+ /* Clear it, the lock was taken back. */
+ (*krcp)->alloc_in_progress = false;
migrate_enable();
}
urezki@...38:~/data/raid0/coding/linux-rcu.git$
<snip>
in that case a second task will follow a fallback path bypassing a page
request. I can send it as a separate patch if there are no any objections.
--
Vlad Rezki
Powered by blists - more mailing lists