From: Nadav Amit <nadav.amit@gmail.com>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>,
Jann Horn <jannh@google.com>, John Hubbard <jhubbard@nvidia.com>,
X86 ML <x86@kernel.org>, Matthew Wilcox <willy@infradead.org>,
Andrew Morton <akpm@linux-foundation.org>,
kernel list <linux-kernel@vger.kernel.org>,
Linux-MM <linux-mm@kvack.org>,
Andrea Arcangeli <aarcange@redhat.com>,
"Kirill A . Shutemov" <kirill.shutemov@linux.intel.com>,
jroedel@suse.de, ubizjak@gmail.com,
Alistair Popple <apopple@nvidia.com>
Subject: Re: [PATCH 01/13] mm: Update ptep_get_lockless()s comment
Date: Sat, 29 Oct 2022 17:18:11 -0700 [thread overview]
Message-ID: <3416A651-E648-4A2E-A710-21163F9537EE@gmail.com> (raw)
In-Reply-To: <CAHk-=wgiDa9Xy5rLMR_gvC-WVvdkxABgXXADbKhwswYof7ptdg@mail.gmail.com>
On Oct 29, 2022, at 12:14 PM, Linus Torvalds <torvalds@linux-foundation.org> wrote:
> It didn't fail for me before, it doesn't fail for me with those patches.
For the record, I tried to run the PoC on another machine, and it indeed did
not fail.
Turns out I had a small bug in one of the mechanisms that were intended to
make the failure more likely (I should have mapped again or madvised
HPAGE_SIZE to increase the time zap_pte_range spends to increase the
probability of the race).
I am still trying to figure out how to address this issue, and whether the
fact that some rmap_walk(), which do not use PVMW_SYNC are of an issue.
---
#define _GNU_SOURCE
#include <signal.h>
#include <stdio.h>
#include <stdlib.h>
#include <pthread.h>
#include <sys/mman.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <stdbool.h>
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <time.h>
#define handle_error(msg) \
do { perror(msg); exit(EXIT_FAILURE); } while (0)
void *p;
volatile bool stop = false;
pid_t flusher_pid;
int fd;
#define PAGE_SIZE (4096ul)
#define PAGES_PER_PMD (512)
#define HPAGE_SIZE (PAGE_SIZE * PAGES_PER_PMD)
// Comment MUNMAP_TEST for MADV_DONTNEED test
#define MUNMAP_TEST
void *dirtying_thread(void *arg)
{
int i;
while (!stop) {
for (i = 1; i < PAGES_PER_PMD; i++) {
*(volatile char *)(p + (i * PAGE_SIZE) + 64) = 5;
}
}
return NULL;
}
void *checking_thread(void *arg)
{
volatile unsigned long *ul_p = (volatile unsigned long*)p;
unsigned long cnt = 0;
while (!stop) {
*ul_p = cnt;
if (*ul_p != cnt) {
printf("FAILED: expected %ld, got %ld\n", cnt, *ul_p);
kill(flusher_pid, SIGTERM);
exit(0);
}
cnt++;
}
return NULL;
}
void *remap_thread(void *arg)
{
void *ptr;
struct timespec t = {
.tv_nsec = 10000,
};
while (!stop) {
#ifdef MUNMAP_TEST
ptr = mmap(p, HPAGE_SIZE, PROT_READ|PROT_WRITE,
MAP_SHARED|MAP_FIXED|MAP_POPULATE, fd, 0);
if (ptr == MAP_FAILED)
handle_error("remap_thread");
#else
if (madvise(p, HPAGE_SIZE, MADV_DONTNEED) < 0)
handle_error("MADV_DONTNEED");
nanosleep(&t, NULL);
#endif
}
return NULL;
}
void flushing_process(void)
{
// Remove the pages to speed up rmap_walk and allow to drop caches.
if (madvise(p, HPAGE_SIZE, MADV_DONTNEED) < 0)
handle_error("MADV_DONTNEED");
while (true) {
if (msync(p, PAGE_SIZE, MS_SYNC))
handle_error("msync");
if (posix_fadvise(fd, 0, PAGE_SIZE, POSIX_FADV_DONTNEED))
handle_error("posix_fadvise");
}
}
int main(int argc, char *argv[])
{
void *(*thread_funcs[])(void*) = {
&dirtying_thread,
&checking_thread,
&remap_thread,
};
int r, i;
int rc1, rc2;
unsigned long addr;
void *ptr;
char *page = malloc(PAGE_SIZE);
int n_threads = sizeof(thread_funcs) / sizeof(*thread_funcs);
pthread_t *threads = malloc(sizeof(pthread_t) * n_threads);
pid_t pid;
if (argc < 2) {
fprintf(stderr, "usages: %s [filename]\n", argv[0]);
exit(EXIT_FAILURE);
}
fd = open(argv[1], O_RDWR|O_CREAT, 0666);
if (fd == -1)
handle_error("open fd");
for (i = 0; i < PAGES_PER_PMD; i++) {
if (write(fd, page, PAGE_SIZE) != PAGE_SIZE)
handle_error("write");
}
free(page);
ptr = mmap(NULL, HPAGE_SIZE * 2, PROT_NONE, MAP_PRIVATE|MAP_ANON,
-1, 0);
if (ptr == MAP_FAILED)
handle_error("mmap anon");
addr = (unsigned long)(ptr + HPAGE_SIZE - 1) & ~(HPAGE_SIZE - 1);
printf("starting...\n");
ptr = mmap((void *)addr, HPAGE_SIZE, PROT_READ|PROT_WRITE,
MAP_SHARED|MAP_FIXED|MAP_POPULATE, fd, 0);
if (ptr == MAP_FAILED)
handle_error("mmap file - start");
p = ptr;
for (i = 0; i < n_threads; i++) {
r = pthread_create(&threads[i], NULL, thread_funcs[i], NULL);
if (r)
handle_error("pthread_create");
}
// Run the flushing process in a different process, so msync() would
// not require mmap_lock.
pid = fork();
if (pid == 0)
flushing_process();
flusher_pid = pid;
sleep(60);
stop = true;
for (i = 0; i < n_threads; i++)
pthread_join(threads[i], NULL);
kill(flusher_pid, SIGTERM);
printf("Finished without an error\n");
exit(0);
}
next prev parent reply other threads:[~2022-10-30 0:18 UTC|newest]
Thread overview: 143+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-10-22 11:14 [PATCH 00/13] Clean up pmd_get_atomic() and i386-PAE Peter Zijlstra
2022-10-22 11:14 ` [PATCH 01/13] mm: Update ptep_get_lockless()s comment Peter Zijlstra
2022-10-24 5:42 ` John Hubbard
2022-10-24 8:00 ` Peter Zijlstra
2022-10-24 19:58 ` Jann Horn
2022-10-24 20:19 ` Linus Torvalds
2022-10-24 20:23 ` Jann Horn
2022-10-24 20:36 ` Linus Torvalds
2022-10-25 3:21 ` Matthew Wilcox
2022-10-25 7:54 ` Alistair Popple
2022-10-25 13:33 ` Peter Zijlstra
2022-10-25 13:44 ` Jann Horn
2022-10-26 0:45 ` Alistair Popple
2022-10-25 14:02 ` Peter Zijlstra
2022-10-25 14:18 ` Jann Horn
2022-10-25 15:06 ` Peter Zijlstra
2022-10-26 16:45 ` Jann Horn
2022-10-27 7:08 ` Peter Zijlstra
2022-10-27 18:13 ` Linus Torvalds
2022-10-27 19:35 ` Peter Zijlstra
2022-10-27 19:43 ` Linus Torvalds
2022-10-27 20:15 ` Nadav Amit
2022-10-27 20:31 ` Linus Torvalds
2022-10-27 21:44 ` Nadav Amit
2022-10-28 23:57 ` Nadav Amit
2022-10-29 0:42 ` Linus Torvalds
2022-10-29 18:05 ` Nadav Amit
2022-10-29 18:36 ` Linus Torvalds
2022-10-29 18:58 ` Linus Torvalds
2022-10-29 19:14 ` Linus Torvalds
2022-10-29 19:28 ` Nadav Amit
2022-10-30 0:18 ` Nadav Amit [this message]
2022-10-30 2:17 ` Nadav Amit
2022-10-30 18:19 ` Linus Torvalds
2022-10-30 18:51 ` Linus Torvalds
2022-10-30 22:47 ` Linus Torvalds
2022-10-31 1:47 ` Linus Torvalds
2022-10-31 4:09 ` Nadav Amit
2022-10-31 4:55 ` Nadav Amit
2022-10-31 5:00 ` Linus Torvalds
2022-10-31 15:43 ` Nadav Amit
2022-10-31 17:32 ` Linus Torvalds
2022-10-31 9:36 ` Peter Zijlstra
2022-10-31 17:28 ` Linus Torvalds
2022-10-31 18:43 ` mm: delay rmap removal until after TLB flush Linus Torvalds
2022-11-02 9:14 ` Christian Borntraeger
2022-11-02 9:23 ` Christian Borntraeger
2022-11-02 17:55 ` Linus Torvalds
2022-11-02 18:28 ` Linus Torvalds
2022-11-02 22:29 ` Gerald Schaefer
2022-11-02 12:45 ` Peter Zijlstra
2022-11-02 22:31 ` Gerald Schaefer
2022-11-02 23:13 ` Linus Torvalds
2022-11-03 9:52 ` David Hildenbrand
2022-11-03 16:54 ` Linus Torvalds
2022-11-03 17:09 ` Linus Torvalds
2022-11-03 17:36 ` David Hildenbrand
2022-11-04 6:33 ` Alexander Gordeev
2022-11-04 17:35 ` Linus Torvalds
2022-11-06 21:06 ` Hugh Dickins
2022-11-06 22:34 ` Linus Torvalds
2022-11-06 23:14 ` Andrew Morton
2022-11-07 0:06 ` Stephen Rothwell
2022-11-07 16:19 ` Linus Torvalds
2022-11-07 23:02 ` Andrew Morton
2022-11-07 23:44 ` Stephen Rothwell
2022-11-07 9:12 ` Peter Zijlstra
2022-11-07 20:07 ` Johannes Weiner
2022-11-07 20:29 ` Linus Torvalds
2022-11-07 23:47 ` Linus Torvalds
2022-11-08 4:28 ` Linus Torvalds
2022-11-08 19:56 ` Linus Torvalds
2022-11-08 20:03 ` Konstantin Ryabitsev
2022-11-08 20:18 ` Linus Torvalds
2022-11-08 19:41 ` [PATCH 1/4] mm: introduce 'encoded' page pointers with embedded extra bits Linus Torvalds
2022-11-08 20:37 ` Nadav Amit
2022-11-08 20:46 ` Linus Torvalds
2022-11-09 6:36 ` Alexander Gordeev
2022-11-09 18:00 ` Linus Torvalds
2022-11-09 20:02 ` Linus Torvalds
2022-11-08 19:41 ` [PATCH 2/4] mm: teach release_pages() to take an array of encoded page pointers too Linus Torvalds
2022-11-08 19:41 ` [PATCH 3/4] mm: mmu_gather: prepare to gather encoded page pointers with flags Linus Torvalds
2022-11-08 19:41 ` [PATCH 4/4] mm: delay page_remove_rmap() until after the TLB has been flushed Linus Torvalds
2022-11-08 21:05 ` Nadav Amit
2022-11-09 15:53 ` Johannes Weiner
2022-11-09 19:31 ` Hugh Dickins
2022-10-31 9:39 ` [PATCH 01/13] mm: Update ptep_get_lockless()s comment Peter Zijlstra
2022-10-31 17:22 ` Linus Torvalds
2022-10-31 9:46 ` Peter Zijlstra
2022-10-31 9:28 ` Peter Zijlstra
2022-10-31 17:19 ` Linus Torvalds
2022-10-30 19:34 ` Nadav Amit
2022-10-29 19:39 ` John Hubbard
2022-10-29 20:15 ` Linus Torvalds
2022-10-29 20:30 ` Linus Torvalds
2022-10-29 20:42 ` John Hubbard
2022-10-29 20:56 ` Nadav Amit
2022-10-29 21:03 ` Nadav Amit
2022-10-29 21:12 ` Linus Torvalds
2022-10-29 20:59 ` Theodore Ts'o
2022-10-26 19:43 ` Nadav Amit
2022-10-27 7:27 ` Peter Zijlstra
2022-10-27 17:30 ` Nadav Amit
2022-10-22 11:14 ` [PATCH 02/13] x86/mm/pae: Make pmd_t similar to pte_t Peter Zijlstra
2022-10-22 11:14 ` [PATCH 03/13] sh/mm: " Peter Zijlstra
2022-12-21 13:54 ` Guenter Roeck
2022-10-22 11:14 ` [PATCH 04/13] mm: Fix pmd_read_atomic() Peter Zijlstra
2022-10-22 17:30 ` Linus Torvalds
2022-10-24 8:09 ` Peter Zijlstra
2022-11-01 12:41 ` Peter Zijlstra
2022-11-01 17:42 ` Linus Torvalds
2022-10-22 11:14 ` [PATCH 05/13] mm: Rename GUP_GET_PTE_LOW_HIGH Peter Zijlstra
2022-10-22 11:14 ` [PATCH 06/13] mm: Rename pmd_read_atomic() Peter Zijlstra
2022-10-22 11:14 ` [PATCH 07/13] mm/gup: Fix the lockless PMD access Peter Zijlstra
2022-10-23 0:42 ` Hugh Dickins
2022-10-24 7:42 ` Peter Zijlstra
2022-10-25 3:58 ` Hugh Dickins
2022-10-22 11:14 ` [PATCH 08/13] x86/mm/pae: Dont (ab)use atomic64 Peter Zijlstra
2022-10-22 11:14 ` [PATCH 09/13] x86/mm/pae: Use WRITE_ONCE() Peter Zijlstra
2022-10-22 17:42 ` Linus Torvalds
2022-10-24 10:21 ` Peter Zijlstra
2022-10-22 11:14 ` [PATCH 10/13] x86/mm/pae: Be consistent with pXXp_get_and_clear() Peter Zijlstra
2022-10-22 17:53 ` Linus Torvalds
2022-10-24 11:13 ` Peter Zijlstra
2022-10-22 11:14 ` [PATCH 11/13] x86_64: Remove pointless set_64bit() usage Peter Zijlstra
2022-10-22 17:55 ` Linus Torvalds
2022-11-03 19:09 ` Nathan Chancellor
2022-11-03 19:23 ` Uros Bizjak
2022-11-03 19:35 ` Nathan Chancellor
2022-11-03 20:39 ` Linus Torvalds
2022-11-03 21:06 ` Peter Zijlstra
2022-11-04 16:01 ` Peter Zijlstra
2022-11-04 17:15 ` Linus Torvalds
2022-11-05 13:29 ` Jason A. Donenfeld
2022-11-05 15:14 ` Peter Zijlstra
2022-11-05 20:54 ` Jason A. Donenfeld
2022-11-07 9:14 ` David Laight
2022-12-19 15:44 ` Peter Zijlstra
2022-10-22 11:14 ` [PATCH 12/13] x86/mm/pae: Get rid of set_64bit() Peter Zijlstra
2022-10-22 11:14 ` [PATCH 13/13] mm: Remove pointless barrier() after pmdp_get_lockless() Peter Zijlstra
2022-10-22 19:59 ` Yu Zhao
2022-10-22 17:57 ` [PATCH 00/13] Clean up pmd_get_atomic() and i386-PAE Linus Torvalds
2022-10-29 12:21 ` Peter Zijlstra
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3416A651-E648-4A2E-A710-21163F9537EE@gmail.com \
--to=nadav.amit@gmail.com \
--cc=aarcange@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=apopple@nvidia.com \
--cc=jannh@google.com \
--cc=jhubbard@nvidia.com \
--cc=jroedel@suse.de \
--cc=kirill.shutemov@linux.intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=peterz@infradead.org \
--cc=torvalds@linux-foundation.org \
--cc=ubizjak@gmail.com \
--cc=willy@infradead.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox