From: Jan Kara <jack@suse.cz>
To: "kautuk.c @samsung.com" <consul.kautuk@gmail.com>
Cc: Jan Kara <jack@suse.cz>,
Andrew Morton <akpm@linux-foundation.org>,
Jens Axboe <jaxboe@fusionio.com>,
Wu Fengguang <fengguang.wu@intel.com>,
Dave Chinner <dchinner@redhat.com>,
linux-mm@kvack.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH 1/1] mm/backing-dev.c: Call del_timer_sync instead of del_timer
Date: Fri, 2 Sep 2011 17:14:50 +0200 [thread overview]
Message-ID: <20110902151450.GF12182@quack.suse.cz> (raw)
In-Reply-To: <CAFPAmTTJQddd-vHjCpvyfsHhursRXBwNzF4zoVHL3=ggztE8Qg@mail.gmail.com>
On Fri 02-09-11 17:32:35, kautuk.c @samsung.com wrote:
> Hi Jan,
>
> I looked at that other patch you just sent.
>
> I think that the task state problem can still happen in that case as the setting
> of the task state is not protected by any lock and the timer callback can be
> executing on another CPU at that time.
>
> Am I right about this ?
Yes, the cleanup is not meant to change the scenario you describe - as I
said, there's no point in protecting against it as it's harmless...
Honza
> On Fri, Sep 2, 2011 at 5:14 PM, kautuk.c @samsung.com
> <consul.kautuk@gmail.com> wrote:
> > Hi,
> >
> > On Fri, Sep 2, 2011 at 4:51 PM, Jan Kara <jack@suse.cz> wrote:
> >> Hello,
> >>
> >> On Fri 02-09-11 10:47:03, kautuk.c @samsung.com wrote:
> >>> On Fri, Sep 2, 2011 at 3:03 AM, Andrew Morton <akpm@linux-foundation.org> wrote:
> >>> > On Thu, 1 Sep 2011 21:27:02 +0530
> >>> > Kautuk Consul <consul.kautuk@gmail.com> wrote:
> >>> >
> >>> >> This is important for SMP scenario, to check whether the timer
> >>> >> callback is executing on another CPU when we are deleting the
> >>> >> timer.
> >>> >>
> >>> >
> >>> > I don't see why?
> >>> >
> >>> >> index d6edf8d..754b35a 100644
> >>> >> --- a/mm/backing-dev.c
> >>> >> +++ b/mm/backing-dev.c
> >>> >> @@ -385,7 +385,7 @@ static int bdi_forker_thread(void *ptr)
> >>> >> * dirty data on the default backing_dev_info
> >>> >> */
> >>> >> if (wb_has_dirty_io(me) || !list_empty(&me->bdi->work_list)) {
> >>> >> - del_timer(&me->wakeup_timer);
> >>> >> + del_timer_sync(&me->wakeup_timer);
> >>> >> wb_do_writeback(me, 0);
> >>> >> }
> >>> >
> >>> > It isn't a use-after-free fix: bdi_unregister() safely shoots down any
> >>> > running timer.
> >>> >
> >>>
> >>> In the situation that we do a del_timer at the same time that the
> >>> wakeup_timer_fn is
> >>> executing on another CPU, there is one tiny possible problem:
> >>> 1) The wakeup_timer_fn will call wake_up_process on the bdi-default thread.
> >>> This will set the bdi-default thread's state to TASK_RUNNING.
> >>> 2) However, the code in bdi_writeback_thread() sets the state of the
> >>> bdi-default process
> >>> to TASK_INTERRUPTIBLE as it intends to sleep later.
> >>>
> >>> If 2) happens before 1), then the bdi_forker_thread will not sleep
> >>> inside schedule as is the intention of the bdi_forker_thread() code.
> >> OK, I agree the code in bdi_forker_thread() might use some straightening
> >> up wrt. task state handling but is what you decribe really an issue? Sure
> >> the task won't go to sleep but the whole effect is that it will just loop
> >> once more to find out there's nothing to do and then go to sleep - not a
> >> bug deal... Or am I missing something?
> >
> > Yes, you are right.
> > I was studying the code and I found this inconsistency.
> > Anyways, if there is NO_ACTION it will just loop and go to sleep again.
> > I just posted this because I felt that the code was not achieving the logic
> > that was intended in terms of sleeps and wakeups.
> >
> > I am currently trying to study the other patches you have just sent.
> >
> >>
> >>> This protection is not achieved even by acquiring spinlocks before
> >>> setting the task->state
> >>> as the spinlock used in wakeup_timer_fn is &bdi->wb_lock whereas the code in
> >>> bdi_forker_thread acquires &bdi_lock which is a different spin_lock.
> >>>
> >>> Am I correct in concluding this ?
> >>
> >> Honza
> >> --
> >> Jan Kara <jack@suse.cz>
> >> SUSE Labs, CR
> >>
> >
--
Jan Kara <jack@suse.cz>
SUSE Labs, CR
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Fight unfair telecom internet charges in Canada: sign http://stopthemeter.ca/
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
next prev parent reply other threads:[~2011-09-02 15:15 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-09-01 15:57 Kautuk Consul
2011-09-01 21:33 ` Andrew Morton
2011-09-02 5:17 ` kautuk.c @samsung.com
2011-09-02 11:21 ` Jan Kara
2011-09-02 11:44 ` kautuk.c @samsung.com
2011-09-02 12:02 ` kautuk.c @samsung.com
2011-09-02 15:14 ` Jan Kara [this message]
2011-09-05 5:49 ` kautuk.c @samsung.com
2011-09-05 10:39 ` Jan Kara
2011-09-05 14:36 ` kautuk.c @samsung.com
2011-09-05 16:05 ` Jan Kara
2011-09-06 4:11 ` kautuk.c @samsung.com
2011-09-06 9:14 ` Jan Kara
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20110902151450.GF12182@quack.suse.cz \
--to=jack@suse.cz \
--cc=akpm@linux-foundation.org \
--cc=consul.kautuk@gmail.com \
--cc=dchinner@redhat.com \
--cc=fengguang.wu@intel.com \
--cc=jaxboe@fusionio.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox