ring-buffer: use READ_ONCE() to read cpu_buffer->commit_page in concurrent environment
| Message ID | tencent_5EC64EB49686EE61593AE541DB14CE490A08@qq.com |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel+bounces-79953-ouuuleilei=gmail.com@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a05:7300:a81b:b0:108:e6aa:91d0 with SMTP id
bq27csp1411727dyb;
Sat, 24 Feb 2024 19:05:49 -0800 (PST)
X-Forwarded-Encrypted: i=3;
AJvYcCUbCXjDaRR3gBK5sVaNSQ0eBo+qr/226LQIae8tCZb3v9kGB9Cl2+uSrGLVvGW9Y2Bv7CSOA3wJnV2Cr38Ts/mw5ES5OQ==
X-Google-Smtp-Source:
AGHT+IGW84kBlTK2E6+z1Is8H0DKtQYY6nbZp9beLVSq1D9SMJPf3PjwGD0URC+cm9fp117c2Gtj
X-Received: by 2002:a17:906:8d0:b0:a43:2f96:3bbf with SMTP id
o16-20020a17090608d000b00a432f963bbfmr85662eje.15.1708830349576;
Sat, 24 Feb 2024 19:05:49 -0800 (PST)
ARC-Seal: i=2; a=rsa-sha256; t=1708830349; cv=pass;
d=google.com; s=arc-20160816;
b=E0Q0FN9/VbNtVZbfnuZEYHW7aHOrrxDHxiPOfZYJc5hNMntbAvNpCsbcBt+TdooJ7C
iejyW0N0Us2ViAstX+cPnf5I6bWTVlvvdRPZLaSVw3e/j6QJqGdbmXo9Kt0kAUCnNH3S
NcL5wx5jxL4GSNKaSfSkvHZZUW6DRUtEjfEjVg9gvKNeCWpwSzB2F1ZjD6XjRikoGixc
VDntnXEX89Yc7sdw7Gr+lbjg5hwjnD+gRty1sN4/ivTlUmBc0BtSPMpp6t9mO/2lKR4+
K2X+vP0qmqV2PxaA/zGBdSFassBhHfSTzdo3AuAS8nIKUYGDFkcKMB2CgrI+DxMlxRPa
Uh5g==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=content-transfer-encoding:mime-version:list-unsubscribe
:list-subscribe:list-id:precedence:references:in-reply-to:date
:subject:cc:to:from:message-id:dkim-signature;
bh=HoHJVcHPbLUtsuObsC+KQhu8jDUrXcUZFTBUuEmCeaA=;
fh=1t8sEq702zHIAI6HVa0QJyUr/bmODtbfkNY+CpJxWDs=;
b=gtSDCuP5SxRUag0pPZcAFljY6ozNPSZZA3sVaWSxQIA22hZvSIIqht7i2BAvysOzrb
VCcs9PvgGV/4VC23q4J0nELtNiuA7QQr9xIv4QPgZ61h0A9XyZKDDnS01+Onn82Qwi4F
eEUlo5/AGt5UZIu13wt0Vs5o9vlY+PAlgnHerkfJvSid+M+AxUrdAKNAmkVO6ok7X3HC
2zBVOqzGQQVPrEFrB7ALBUGzu0/JVWFmD26XQBSV2xr4Uh6VqhNEIi155JUnP8mf6DR0
cRkbaiuZBq8AaR9R5Bh7vb3dyiRJbAFsi5c/Zojk+Zf4C9RwZ1kRZvokhu3b7iJlqps7
/pug==;
dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
dkim=pass header.i=@qq.com header.s=s201512 header.b="mk/W/+vb";
arc=pass (i=1 spf=pass spfdomain=qq.com dkim=pass dkdomain=qq.com
dmarc=pass fromdomain=qq.com);
spf=pass (google.com: domain of
linux-kernel+bounces-79953-ouuuleilei=gmail.com@vger.kernel.org designates
147.75.80.249 as permitted sender)
smtp.mailfrom="linux-kernel+bounces-79953-ouuuleilei=gmail.com@vger.kernel.org";
dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=qq.com
Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249])
by mx.google.com with ESMTPS id
s27-20020a170906bc5b00b00a3eabd8fc4csi895580ejv.1028.2024.02.24.19.05.49
for <ouuuleilei@gmail.com>
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Sat, 24 Feb 2024 19:05:49 -0800 (PST)
Received-SPF: pass (google.com: domain of
linux-kernel+bounces-79953-ouuuleilei=gmail.com@vger.kernel.org designates
147.75.80.249 as permitted sender) client-ip=147.75.80.249;
Authentication-Results: mx.google.com;
dkim=pass header.i=@qq.com header.s=s201512 header.b="mk/W/+vb";
arc=pass (i=1 spf=pass spfdomain=qq.com dkim=pass dkdomain=qq.com
dmarc=pass fromdomain=qq.com);
spf=pass (google.com: domain of
linux-kernel+bounces-79953-ouuuleilei=gmail.com@vger.kernel.org designates
147.75.80.249 as permitted sender)
smtp.mailfrom="linux-kernel+bounces-79953-ouuuleilei=gmail.com@vger.kernel.org";
dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=qq.com
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org
[52.25.139.140])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by am.mirrors.kernel.org (Postfix) with ESMTPS id 33E5F1F21529
for <ouuuleilei@gmail.com>; Sun, 25 Feb 2024 03:05:49 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
by smtp.subspace.kernel.org (Postfix) with ESMTP id 65F8579C1;
Sun, 25 Feb 2024 03:05:36 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
dkim=pass (1024-bit key) header.d=qq.com header.i=@qq.com header.b="mk/W/+vb"
Received: from out203-205-221-191.mail.qq.com (out203-205-221-191.mail.qq.com
[203.205.221.191])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0D7AA63A5;
Sun, 25 Feb 2024 03:05:30 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
arc=none smtp.client-ip=203.205.221.191
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
t=1708830333; cv=none;
b=D/ES1/qeGtRZKxREA7TChSTAn1b2jCKOnFV7CFIPuLnJMKgiCtEAC/dwFBjZ0OAQZzvZ08gTIjT50pftTStYMkLQzoNLZ6MXFc5CAr1De1puqroJozbyHU3dD4rSpnQcNiJZ3EmNrDVc2iuVj9FgPkvWe7QD3jJUxvQ8W+aMr2w=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
s=arc-20240116; t=1708830333; c=relaxed/simple;
bh=L20Dun7FleQn4bkO5h+YiLlfoH0K6st2YbTELaAGEqM=;
h=Message-ID:From:To:Cc:Subject:Date:In-Reply-To:References:
MIME-Version;
b=iVm7ZdP0dGWMAWmzMOlGW+ot/FGaXoC3IeLWhOVonQq275X/rbVEpssWPFSxpPpWqE+lSmP8t5f2a6cEy5+kHNQIpx4YvYAqfGmC16+j8jZG9SdxXgmIk0PVH2eG4UJoaes92k7Obrg5po6U/pl5BnWljaF0qkTOYqIizemYUXE=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
dmarc=pass (p=quarantine dis=none) header.from=qq.com;
spf=pass smtp.mailfrom=qq.com;
dkim=pass (1024-bit key) header.d=qq.com header.i=@qq.com header.b=mk/W/+vb;
arc=none smtp.client-ip=203.205.221.191
Authentication-Results: smtp.subspace.kernel.org;
dmarc=pass (p=quarantine dis=none) header.from=qq.com
Authentication-Results: smtp.subspace.kernel.org;
spf=pass smtp.mailfrom=qq.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=qq.com; s=s201512;
t=1708830328; bh=HoHJVcHPbLUtsuObsC+KQhu8jDUrXcUZFTBUuEmCeaA=;
h=From:To:Cc:Subject:Date:In-Reply-To:References;
b=mk/W/+vbGbtOzQQN6i5kEQAxaNlNJZ1/n4jYnPCu4GSW0NjfXAuSBUPS61digJoVd
JqB3dwpgACXtFeNWeV1rPTTO9426b1GktJlN51qSxDF4CzQNm4tHq8yeCM8b682DNl
0qgnTh2XioMUi1+PtEUT4URIeM5btqD6vjoZnNMI=
Received: from localhost.localdomain ([153.3.164.50])
by newxmesmtplogicsvrsza1-0.qq.com (NewEsmtp) with SMTP
id 15A1B477; Sun, 25 Feb 2024 11:05:26 +0800
X-QQ-mid: xmsmtpt1708830326tp7ufxdrg
Message-ID: <tencent_5EC64EB49686EE61593AE541DB14CE490A08@qq.com>
X-QQ-XMAILINFO: MmpliBmRb3iCgVxZIjut2UWdWGFmMiPQDVVN+2H3V+OxYT5Nqc+gbRQEf/z8pD
9TWf4TPSWy5Xmdu/12ppK37qbc9/wJ1LqFOKIixGIOr8Fip2tn09TtwYcp35UARxggvJyveKRhXA
qlHe+73mDD7q1qknJGDShXFcNbUcBWgRepwawvTaGIRcp9dt2jrYrOMUyBvRp7ajx0F1IGCuW4Zb
+h/CweK4mNQXlZ2t6KGOse0OKaCcocegTrjSJS18tAWN/XIHxDnYk+0CgETK+vYmkEBCrWqU9M1C
/e9GNcpAsbaX9T+wZF4jCem/XSbAjugQrH2kp4Q5FMDwkV+XKAJotN1SJkxTYnHaxok7AnkuKvcY
qRUo+xN/lFq1JuC00khm6P4++pEseQo6/Pfy9gyxTqaPKrmQrk+0YmsDqfpjETsT48QX9CQxphmk
/EDI/D03I43Lkv9YnQTEDdq8ldUkJHwq5OFFK7wdie01XzrkXeo5CCiHenXdKnegDZvF4sawuV+2
TxAZRGCr4Kgz3AuX7/HvxZoKEKJsYB7gh8+IGNgXUfHcZhVBWg+B9hf0VBdi0CfNYpIR79thlOl2
sbSJzJ+rgcDFnydIUcpJJu0nrYVg/SyZjcFdMgl7WMeO+R2tQG4yya6F3KsjgeTuW8ehjZgdGGQB
+gqb3/b/HM5AxzZ+HzpVfJo3J6l4VEQhh2x/gUOjop38vg6mAVzpVUFwNkR1/j23C7LJ6oGf87ox
tLyS6SNAEbaaJoXdOSRHo9+O4xpQCG8U+6O70bD9VT1MzxQd+MhFUqiMmxOz6J4Wt058x9FMRJZn
Nv04yR/Bso4LpuXwTwgSj32QWJSV1SPSCiKRmpMgJ8xLmU9jXQMTmsrY7DbGLB48xgZxbMDcbbAL
LZHfJEkfOkbG75gNxS74uVSsqra6nYZj3PdCdnwcHvlJIA05Q7Kgx5VMYzSeXfd/OZlmrM9BHb4k
PWK/NGIW65EUURpT6ecCqYXf/x0FbJsYTZvQZdoiQHxjsjODJW3PX+mCbYkCDh1fejzaa8PBI=
X-QQ-XMRINFO: Mp0Kj//9VHAxr69bL5MkOOs=
From: linke li <lilinke99@qq.com>
To:
Cc: lilinke99@qq.com,
Steven Rostedt <rostedt@goodmis.org>,
Masami Hiramatsu <mhiramat@kernel.org>,
Mathieu Desnoyers <mathieu.desnoyers@efficios.com>,
linux-kernel@vger.kernel.org,
linux-trace-kernel@vger.kernel.org
Subject: [PATCH] ring-buffer: use READ_ONCE() to read cpu_buffer->commit_page
in concurrent environment
Date: Sun, 25 Feb 2024 11:05:06 +0800
X-OQ-MSGID: <20240225030507.97911-1-lilinke99@qq.com>
X-Mailer: git-send-email 2.39.3 (Apple Git-145)
In-Reply-To: <lilinke99@qq.com>
References: <lilinke99@qq.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-getmail-retrieved-from-mailbox: INBOX
X-GMAIL-THRID: 1791838492430203677
X-GMAIL-MSGID: 1791838492430203677
|
| Series |
ring-buffer: use READ_ONCE() to read cpu_buffer->commit_page in concurrent environment
|
|
Commit Message
linke li
Feb. 25, 2024, 3:05 a.m. UTC
In function ring_buffer_iter_empty(), cpu_buffer->commit_page and
curr_commit_page->page->time_stamp is read using READ_ONCE() in
line 4354, 4355
4354 curr_commit_page = READ_ONCE(cpu_buffer->commit_page);
4355 curr_commit_ts = READ_ONCE(curr_commit_page->page->time_stamp);
while they are read directly in line 4340, 4341
4340 commit_page = cpu_buffer->commit_page;
4341 commit_ts = commit_page->page->time_stamp;
There is patch similar to this. commit c1c0ce31b242 ("r8169: fix the KCSAN reported data-race in rtl_tx() while reading tp->cur_tx")
This patch find two read of same variable while one is protected, another
is not. And READ_ONCE() is added to protect.
Signed-off-by: linke li <lilinke99@qq.com>
---
kernel/trace/ring_buffer.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
Comments
On Sun, 25 Feb 2024 11:05:06 +0800 linke li <lilinke99@qq.com> wrote: > In function ring_buffer_iter_empty(), cpu_buffer->commit_page and > curr_commit_page->page->time_stamp is read using READ_ONCE() in > line 4354, 4355 > > 4354 curr_commit_page = READ_ONCE(cpu_buffer->commit_page); > 4355 curr_commit_ts = READ_ONCE(curr_commit_page->page->time_stamp); > > while they are read directly in line 4340, 4341 > > 4340 commit_page = cpu_buffer->commit_page; > 4341 commit_ts = commit_page->page->time_stamp; Just because it's used in one place does not mean it's required in another. > > There is patch similar to this. commit c1c0ce31b242 ("r8169: fix the KCSAN reported data-race in rtl_tx() while reading tp->cur_tx") > This patch find two read of same variable while one is protected, another > is not. And READ_ONCE() is added to protect. > Here's the entire code: cpu_buffer = iter->cpu_buffer; reader = cpu_buffer->reader_page; head_page = cpu_buffer->head_page; commit_page = cpu_buffer->commit_page; commit_ts = commit_page->page->time_stamp; /* * When the writer goes across pages, it issues a cmpxchg which * is a mb(), which will synchronize with the rmb here. * (see rb_tail_page_update()) */ smp_rmb(); The above smp_rmb() is a full read barrier. The commit_page and timestamp are not going to be read again after this. commit = rb_page_commit(commit_page); /* We want to make sure that the commit page doesn't change */ smp_rmb(); /* Make sure commit page didn't change */ curr_commit_page = READ_ONCE(cpu_buffer->commit_page); curr_commit_ts = READ_ONCE(curr_commit_page->page->time_stamp); Now the reason for the above READ_ONCE() is because the variables *are* going to be used again. We do *not* want the compiler to play any games with that. Thus, the first read of commit_page and time_stamp are read properly as the compiler will not do anything that can hurt us beyond that smp_rmb(). The second time we read those variables, we are using them in the below code. /* If the commit page changed, then there's more data */ if (curr_commit_page != commit_page || curr_commit_ts != commit_ts) return 0; /* Still racy, as it may return a false positive, but that's OK */ return ((iter->head_page == commit_page && iter->head >= commit) || (iter->head_page == reader && commit_page == head_page && head_page->read == commit && iter->head == rb_page_commit(cpu_buffer->reader_page))); } *But* looking at this deeper, the commit_page may need a READ_ONCE() but not for the reason you suggested. commit_page = cpu_buffer->commit_page; commit_ts = commit_page->page->time_stamp; The commit_page above *is* used again, and we want commit_ts to be part of the commit_page that was originally read and not a second reading. So, I think for the commit_page we do need a READ_ONCE() but that's because it is referenced again just below it and we don't want the compiler to read the memory location again for the second reference. -- Steve
On Sun, 25 Feb 2024 15:03:02 -0500 Steven Rostedt <rostedt@goodmis.org> wrote: > *But* looking at this deeper, the commit_page may need a READ_ONCE() > but not for the reason you suggested. > > commit_page = cpu_buffer->commit_page; > commit_ts = commit_page->page->time_stamp; > > The commit_page above *is* used again, and we want commit_ts to be part > of the commit_page that was originally read and not a second reading. > > So, I think for the commit_page we do need a READ_ONCE() but that's > because it is referenced again just below it and we don't want the > compiler to read the memory location again for the second reference. Care to send a v2 patch that just adds READ_ONCE() for the commit_page, and change the change log stating that it is to fix the possibility that the time_stamp may come from a different page. -- Steve
diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c index 0699027b4f4c..eb3fa629b837 100644 --- a/kernel/trace/ring_buffer.c +++ b/kernel/trace/ring_buffer.c @@ -4337,8 +4337,8 @@ int ring_buffer_iter_empty(struct ring_buffer_iter *iter) cpu_buffer = iter->cpu_buffer; reader = cpu_buffer->reader_page; head_page = cpu_buffer->head_page; - commit_page = cpu_buffer->commit_page; - commit_ts = commit_page->page->time_stamp; + commit_page = READ_ONCE(cpu_buffer->commit_page); + commit_ts = READ_ONCE(commit_page->page->time_stamp); /* * When the writer goes across pages, it issues a cmpxchg which