lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <1DFE21D3-2306-4A80-8999-2C0E85E4478C@amazon.com>
Date:   Mon, 13 Jul 2020 21:26:35 +0000
From:   "Bshara, Nafea" <nafea@...zon.com>
To:     "Agroskin, Shay" <shayagr@...zon.com>,
        Eric Dumazet <eric.dumazet@...il.com>
CC:     "Kiyanovski, Arthur" <akiyano@...zon.com>,
        "davem@...emloft.net" <davem@...emloft.net>,
        "netdev@...r.kernel.org" <netdev@...r.kernel.org>,
        "Woodhouse, David" <dwmw@...zon.co.uk>,
        "Machulsky, Zorik" <zorik@...zon.com>,
        "Matushevsky, Alexander" <matua@...zon.com>,
        "Bshara, Saeed" <saeedb@...zon.com>,
        "Wilson, Matt" <msw@...zon.com>,
        "Liguori, Anthony" <aliguori@...zon.com>,
        "Tzalik, Guy" <gtzalik@...zon.com>,
        "Belgazal, Netanel" <netanel@...zon.com>,
        "Saidi, Ali" <alisaidi@...zon.com>,
        "Herrenschmidt, Benjamin" <benh@...zon.com>,
        "Dagan, Noam" <ndagan@...zon.com>,
        "Jubran, Samih" <sameehj@...zon.com>
Subject: Re: [PATCH V2 net-next 1/7] net: ena: avoid unnecessary rearming of
 interrupt vector when busy-polling


    >>
    >> As explained, a busy-poll session exists for a specified timeout
    >> value, after which it exits the busy-poll mode and re-enters it later.
    >> This leads to many invocations of the napi handler where
    >> napi_complete_done() false indicates that interrupts should be
    >> re-enabled.
    >> This creates a bug in which the interrupts are re-enabled
    >> unnecessarily.
    >> To reproduce this bug:
    >>     1) echo 50 | sudo tee /proc/sys/net/core/busy_poll
    >>     2) echo 50 | sudo tee /proc/sys/net/core/busy_read
    >>     3) Add counters that check whether
    >>     'ena_unmask_interrupt(tx_ring, rx_ring);'
    >>     is called without disabling the interrupts in the first
    >>     place (i.e. with calling the interrupt routine
    >>     ena_intr_msix_io())
    >>
    >> Steps 1+2 enable busy-poll as the default mode for new connections.
    >>
    >> The busy poll routine rearms the interrupts after every session by
    >> design, and so we need to add an extra check that the interrupts were
    >> masked in the first place.
    >>
    >> Signed-off-by: Shay Agroskin <shayagr@...zon.com>
    >> Signed-off-by: Arthur Kiyanovski <akiyano@...zon.com>
    >> ---
    >>  drivers/net/ethernet/amazon/ena/ena_netdev.c | 7 ++++++-
    >>  drivers/net/ethernet/amazon/ena/ena_netdev.h | 1 +
    >>  2 files changed, 7 insertions(+), 1 deletion(-)
    >>
    >> diff --git a/drivers/net/ethernet/amazon/ena/ena_netdev.c b/drivers/net/ethernet/amazon/ena/ena_netdev.c
    >> index 91be3ffa1c5c..90c0fe15cd23 100644
    >> --- a/drivers/net/ethernet/amazon/ena/ena_netdev.c
    >> +++ b/drivers/net/ethernet/amazon/ena/ena_netdev.c
    >> @@ -1913,7 +1913,9 @@ static int ena_io_poll(struct napi_struct *napi, int budget)
    >>               /* Update numa and unmask the interrupt only when schedule
    >>                * from the interrupt context (vs from sk_busy_loop)
    >>                */
    >> -             if (napi_complete_done(napi, rx_work_done)) {
    >> +             if (napi_complete_done(napi, rx_work_done) &&
    >> +                 READ_ONCE(ena_napi->interrupts_masked)) {
    >> +                     WRITE_ONCE(ena_napi->interrupts_masked, false);
    >>                       /* We apply adaptive moderation on Rx path only.
    >>                        * Tx uses static interrupt moderation.
    >>                        */
    >> @@ -1961,6 +1963,9 @@ static irqreturn_t ena_intr_msix_io(int irq, void *data)
    >>
    >>       ena_napi->first_interrupt = true;
    >>
    >> +     WRITE_ONCE(ena_napi->interrupts_masked, true);
    >> +     smp_wmb(); /* write interrupts_masked before calling napi */
    >
    > It is not clear where is the paired smp_wmb()
    >
    Can you please explain what you mean ? The idea of adding the store barrier here is to ensure that the WRITE_ONCE(…) invocation is executed before

[NB] There are two aspects .  if we doing smp_wmb() when WRITE_ONCE(...true),  then u need to so smp_wmb() in the place u do WRITE_ONCE(...false)

[NB] Eric also highlighted need for smp_rmb().  That's not needed here in my opinion
[NB] as the main objective is to make the write observable across all the cores in CPUs that have weaker consistency model and don’t guarantee write observability across all cores (like arm and ppc)

    invoking the napi soft irq. From what I gathered using this command would result in compiler barrier (which would prevent it from executing the bool store after napi scheduling) on x86
    and a memory barrier on ARM64 machines which have a weaker consistency model.
    >> +
    >>       napi_schedule_irqoff(&ena_napi->napi);
    >>
    >>       return IRQ_HANDLED;
    >> diff --git a/drivers/net/ethernet/amazon/ena/ena_netdev.h b/drivers/net/ethernet/amazon/ena/ena_netdev.h
    >> index ba030d260940..89304b403995 100644
    >> --- a/drivers/net/ethernet/amazon/ena/ena_netdev.h
    >> +++ b/drivers/net/ethernet/amazon/ena/ena_netdev.h
    >> @@ -167,6 +167,7 @@ struct ena_napi {
    >>       struct ena_ring *rx_ring;
    >>       struct ena_ring *xdp_ring;
    >>       bool first_interrupt;
    >> +     bool interrupts_masked;
    >>       u32 qid;
    >>       struct dim dim;
    >>  };
    >>
    >
    > Note that writing/reading over bool fields from hard irq context without proper sync is not generally allowed.
    >
    > Compiler could perform RMW over plain 32bit words.

    Doesn't the READ/WRITE_ONCE macros prevent the compiler from reordering these instructions ? Also from what I researched (please correct me if I'm wrong here)
    both x86 and ARM don't allow reordering LOAD and STORE when they access
    the same variable (register or memory address).

[NB] that is true within the same core.  But if store is in interrupt routine, and load is in napi, they could be running on different cores hence you use smp_wmb to make it observable
[NB] the key in this design that u set the bit, send smp_wmb(), before waking up napi, or ordering and observability is guaranteed

    >
    > Sometimes we accept the races, but in this context this might be bad.

    As long a the writing of the flag is atomic in the sense that the value in memory isn't some hybrid value of two parallel stores, the existing race cannot result in a dead lock or
    leaving the interrupt vector masked. Am I missing something ?

[NB] the race would exist if napi was running in same time interrupt routine is running
[NB] but in ENA design, that wont happen, and it is guarantee that only one of them is running at same time, as the interrupt is unmasked only at the end of napi() job
[NB] as Eric mention, this should be documented

    Thank you for taking the time to look at this patch.

    Shay

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ