ring-buffer: use READ_ONCE() to read cpu_buffer->commit_page in concurrent environment
Message ID | tencent_5EC64EB49686EE61593AE541DB14CE490A08@qq.com |
---|---|
State | New |
Headers |
Return-Path: <linux-kernel+bounces-79953-ouuuleilei=gmail.com@vger.kernel.org> Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7300:a81b:b0:108:e6aa:91d0 with SMTP id bq27csp1411727dyb; Sat, 24 Feb 2024 19:05:49 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCUbCXjDaRR3gBK5sVaNSQ0eBo+qr/226LQIae8tCZb3v9kGB9Cl2+uSrGLVvGW9Y2Bv7CSOA3wJnV2Cr38Ts/mw5ES5OQ== X-Google-Smtp-Source: AGHT+IGW84kBlTK2E6+z1Is8H0DKtQYY6nbZp9beLVSq1D9SMJPf3PjwGD0URC+cm9fp117c2Gtj X-Received: by 2002:a17:906:8d0:b0:a43:2f96:3bbf with SMTP id o16-20020a17090608d000b00a432f963bbfmr85662eje.15.1708830349576; Sat, 24 Feb 2024 19:05:49 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1708830349; cv=pass; d=google.com; s=arc-20160816; b=E0Q0FN9/VbNtVZbfnuZEYHW7aHOrrxDHxiPOfZYJc5hNMntbAvNpCsbcBt+TdooJ7C iejyW0N0Us2ViAstX+cPnf5I6bWTVlvvdRPZLaSVw3e/j6QJqGdbmXo9Kt0kAUCnNH3S NcL5wx5jxL4GSNKaSfSkvHZZUW6DRUtEjfEjVg9gvKNeCWpwSzB2F1ZjD6XjRikoGixc VDntnXEX89Yc7sdw7Gr+lbjg5hwjnD+gRty1sN4/ivTlUmBc0BtSPMpp6t9mO/2lKR4+ K2X+vP0qmqV2PxaA/zGBdSFassBhHfSTzdo3AuAS8nIKUYGDFkcKMB2CgrI+DxMlxRPa Uh5g== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:date :subject:cc:to:from:message-id:dkim-signature; bh=HoHJVcHPbLUtsuObsC+KQhu8jDUrXcUZFTBUuEmCeaA=; fh=1t8sEq702zHIAI6HVa0QJyUr/bmODtbfkNY+CpJxWDs=; b=gtSDCuP5SxRUag0pPZcAFljY6ozNPSZZA3sVaWSxQIA22hZvSIIqht7i2BAvysOzrb VCcs9PvgGV/4VC23q4J0nELtNiuA7QQr9xIv4QPgZ61h0A9XyZKDDnS01+Onn82Qwi4F eEUlo5/AGt5UZIu13wt0Vs5o9vlY+PAlgnHerkfJvSid+M+AxUrdAKNAmkVO6ok7X3HC 2zBVOqzGQQVPrEFrB7ALBUGzu0/JVWFmD26XQBSV2xr4Uh6VqhNEIi155JUnP8mf6DR0 cRkbaiuZBq8AaR9R5Bh7vb3dyiRJbAFsi5c/Zojk+Zf4C9RwZ1kRZvokhu3b7iJlqps7 /pug==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@qq.com header.s=s201512 header.b="mk/W/+vb"; arc=pass (i=1 spf=pass spfdomain=qq.com dkim=pass dkdomain=qq.com dmarc=pass fromdomain=qq.com); spf=pass (google.com: domain of linux-kernel+bounces-79953-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-79953-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=qq.com Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249]) by mx.google.com with ESMTPS id s27-20020a170906bc5b00b00a3eabd8fc4csi895580ejv.1028.2024.02.24.19.05.49 for <ouuuleilei@gmail.com> (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 24 Feb 2024 19:05:49 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-79953-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249; Authentication-Results: mx.google.com; dkim=pass header.i=@qq.com header.s=s201512 header.b="mk/W/+vb"; arc=pass (i=1 spf=pass spfdomain=qq.com dkim=pass dkdomain=qq.com dmarc=pass fromdomain=qq.com); spf=pass (google.com: domain of linux-kernel+bounces-79953-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-79953-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=qq.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 33E5F1F21529 for <ouuuleilei@gmail.com>; Sun, 25 Feb 2024 03:05:49 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 65F8579C1; Sun, 25 Feb 2024 03:05:36 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=qq.com header.i=@qq.com header.b="mk/W/+vb" Received: from out203-205-221-191.mail.qq.com (out203-205-221-191.mail.qq.com [203.205.221.191]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0D7AA63A5; Sun, 25 Feb 2024 03:05:30 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=203.205.221.191 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708830333; cv=none; b=D/ES1/qeGtRZKxREA7TChSTAn1b2jCKOnFV7CFIPuLnJMKgiCtEAC/dwFBjZ0OAQZzvZ08gTIjT50pftTStYMkLQzoNLZ6MXFc5CAr1De1puqroJozbyHU3dD4rSpnQcNiJZ3EmNrDVc2iuVj9FgPkvWe7QD3jJUxvQ8W+aMr2w= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708830333; c=relaxed/simple; bh=L20Dun7FleQn4bkO5h+YiLlfoH0K6st2YbTELaAGEqM=; h=Message-ID:From:To:Cc:Subject:Date:In-Reply-To:References: MIME-Version; b=iVm7ZdP0dGWMAWmzMOlGW+ot/FGaXoC3IeLWhOVonQq275X/rbVEpssWPFSxpPpWqE+lSmP8t5f2a6cEy5+kHNQIpx4YvYAqfGmC16+j8jZG9SdxXgmIk0PVH2eG4UJoaes92k7Obrg5po6U/pl5BnWljaF0qkTOYqIizemYUXE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=qq.com; spf=pass smtp.mailfrom=qq.com; dkim=pass (1024-bit key) header.d=qq.com header.i=@qq.com header.b=mk/W/+vb; arc=none smtp.client-ip=203.205.221.191 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=qq.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=qq.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=qq.com; s=s201512; t=1708830328; bh=HoHJVcHPbLUtsuObsC+KQhu8jDUrXcUZFTBUuEmCeaA=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=mk/W/+vbGbtOzQQN6i5kEQAxaNlNJZ1/n4jYnPCu4GSW0NjfXAuSBUPS61digJoVd JqB3dwpgACXtFeNWeV1rPTTO9426b1GktJlN51qSxDF4CzQNm4tHq8yeCM8b682DNl 0qgnTh2XioMUi1+PtEUT4URIeM5btqD6vjoZnNMI= Received: from localhost.localdomain ([153.3.164.50]) by newxmesmtplogicsvrsza1-0.qq.com (NewEsmtp) with SMTP id 15A1B477; Sun, 25 Feb 2024 11:05:26 +0800 X-QQ-mid: xmsmtpt1708830326tp7ufxdrg Message-ID: <tencent_5EC64EB49686EE61593AE541DB14CE490A08@qq.com> X-QQ-XMAILINFO: MmpliBmRb3iCgVxZIjut2UWdWGFmMiPQDVVN+2H3V+OxYT5Nqc+gbRQEf/z8pD 9TWf4TPSWy5Xmdu/12ppK37qbc9/wJ1LqFOKIixGIOr8Fip2tn09TtwYcp35UARxggvJyveKRhXA qlHe+73mDD7q1qknJGDShXFcNbUcBWgRepwawvTaGIRcp9dt2jrYrOMUyBvRp7ajx0F1IGCuW4Zb +h/CweK4mNQXlZ2t6KGOse0OKaCcocegTrjSJS18tAWN/XIHxDnYk+0CgETK+vYmkEBCrWqU9M1C /e9GNcpAsbaX9T+wZF4jCem/XSbAjugQrH2kp4Q5FMDwkV+XKAJotN1SJkxTYnHaxok7AnkuKvcY qRUo+xN/lFq1JuC00khm6P4++pEseQo6/Pfy9gyxTqaPKrmQrk+0YmsDqfpjETsT48QX9CQxphmk /EDI/D03I43Lkv9YnQTEDdq8ldUkJHwq5OFFK7wdie01XzrkXeo5CCiHenXdKnegDZvF4sawuV+2 TxAZRGCr4Kgz3AuX7/HvxZoKEKJsYB7gh8+IGNgXUfHcZhVBWg+B9hf0VBdi0CfNYpIR79thlOl2 sbSJzJ+rgcDFnydIUcpJJu0nrYVg/SyZjcFdMgl7WMeO+R2tQG4yya6F3KsjgeTuW8ehjZgdGGQB +gqb3/b/HM5AxzZ+HzpVfJo3J6l4VEQhh2x/gUOjop38vg6mAVzpVUFwNkR1/j23C7LJ6oGf87ox tLyS6SNAEbaaJoXdOSRHo9+O4xpQCG8U+6O70bD9VT1MzxQd+MhFUqiMmxOz6J4Wt058x9FMRJZn Nv04yR/Bso4LpuXwTwgSj32QWJSV1SPSCiKRmpMgJ8xLmU9jXQMTmsrY7DbGLB48xgZxbMDcbbAL LZHfJEkfOkbG75gNxS74uVSsqra6nYZj3PdCdnwcHvlJIA05Q7Kgx5VMYzSeXfd/OZlmrM9BHb4k PWK/NGIW65EUURpT6ecCqYXf/x0FbJsYTZvQZdoiQHxjsjODJW3PX+mCbYkCDh1fejzaa8PBI= X-QQ-XMRINFO: Mp0Kj//9VHAxr69bL5MkOOs= From: linke li <lilinke99@qq.com> To: Cc: lilinke99@qq.com, Steven Rostedt <rostedt@goodmis.org>, Masami Hiramatsu <mhiramat@kernel.org>, Mathieu Desnoyers <mathieu.desnoyers@efficios.com>, linux-kernel@vger.kernel.org, linux-trace-kernel@vger.kernel.org Subject: [PATCH] ring-buffer: use READ_ONCE() to read cpu_buffer->commit_page in concurrent environment Date: Sun, 25 Feb 2024 11:05:06 +0800 X-OQ-MSGID: <20240225030507.97911-1-lilinke99@qq.com> X-Mailer: git-send-email 2.39.3 (Apple Git-145) In-Reply-To: <lilinke99@qq.com> References: <lilinke99@qq.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: <linux-kernel.vger.kernel.org> List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org> List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1791838492430203677 X-GMAIL-MSGID: 1791838492430203677 |
Series |
ring-buffer: use READ_ONCE() to read cpu_buffer->commit_page in concurrent environment
|
|
Commit Message
linke li
Feb. 25, 2024, 3:05 a.m. UTC
In function ring_buffer_iter_empty(), cpu_buffer->commit_page and
curr_commit_page->page->time_stamp is read using READ_ONCE() in
line 4354, 4355
4354 curr_commit_page = READ_ONCE(cpu_buffer->commit_page);
4355 curr_commit_ts = READ_ONCE(curr_commit_page->page->time_stamp);
while they are read directly in line 4340, 4341
4340 commit_page = cpu_buffer->commit_page;
4341 commit_ts = commit_page->page->time_stamp;
There is patch similar to this. commit c1c0ce31b242 ("r8169: fix the KCSAN reported data-race in rtl_tx() while reading tp->cur_tx")
This patch find two read of same variable while one is protected, another
is not. And READ_ONCE() is added to protect.
Signed-off-by: linke li <lilinke99@qq.com>
---
kernel/trace/ring_buffer.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
Comments
On Sun, 25 Feb 2024 11:05:06 +0800 linke li <lilinke99@qq.com> wrote: > In function ring_buffer_iter_empty(), cpu_buffer->commit_page and > curr_commit_page->page->time_stamp is read using READ_ONCE() in > line 4354, 4355 > > 4354 curr_commit_page = READ_ONCE(cpu_buffer->commit_page); > 4355 curr_commit_ts = READ_ONCE(curr_commit_page->page->time_stamp); > > while they are read directly in line 4340, 4341 > > 4340 commit_page = cpu_buffer->commit_page; > 4341 commit_ts = commit_page->page->time_stamp; Just because it's used in one place does not mean it's required in another. > > There is patch similar to this. commit c1c0ce31b242 ("r8169: fix the KCSAN reported data-race in rtl_tx() while reading tp->cur_tx") > This patch find two read of same variable while one is protected, another > is not. And READ_ONCE() is added to protect. > Here's the entire code: cpu_buffer = iter->cpu_buffer; reader = cpu_buffer->reader_page; head_page = cpu_buffer->head_page; commit_page = cpu_buffer->commit_page; commit_ts = commit_page->page->time_stamp; /* * When the writer goes across pages, it issues a cmpxchg which * is a mb(), which will synchronize with the rmb here. * (see rb_tail_page_update()) */ smp_rmb(); The above smp_rmb() is a full read barrier. The commit_page and timestamp are not going to be read again after this. commit = rb_page_commit(commit_page); /* We want to make sure that the commit page doesn't change */ smp_rmb(); /* Make sure commit page didn't change */ curr_commit_page = READ_ONCE(cpu_buffer->commit_page); curr_commit_ts = READ_ONCE(curr_commit_page->page->time_stamp); Now the reason for the above READ_ONCE() is because the variables *are* going to be used again. We do *not* want the compiler to play any games with that. Thus, the first read of commit_page and time_stamp are read properly as the compiler will not do anything that can hurt us beyond that smp_rmb(). The second time we read those variables, we are using them in the below code. /* If the commit page changed, then there's more data */ if (curr_commit_page != commit_page || curr_commit_ts != commit_ts) return 0; /* Still racy, as it may return a false positive, but that's OK */ return ((iter->head_page == commit_page && iter->head >= commit) || (iter->head_page == reader && commit_page == head_page && head_page->read == commit && iter->head == rb_page_commit(cpu_buffer->reader_page))); } *But* looking at this deeper, the commit_page may need a READ_ONCE() but not for the reason you suggested. commit_page = cpu_buffer->commit_page; commit_ts = commit_page->page->time_stamp; The commit_page above *is* used again, and we want commit_ts to be part of the commit_page that was originally read and not a second reading. So, I think for the commit_page we do need a READ_ONCE() but that's because it is referenced again just below it and we don't want the compiler to read the memory location again for the second reference. -- Steve
On Sun, 25 Feb 2024 15:03:02 -0500 Steven Rostedt <rostedt@goodmis.org> wrote: > *But* looking at this deeper, the commit_page may need a READ_ONCE() > but not for the reason you suggested. > > commit_page = cpu_buffer->commit_page; > commit_ts = commit_page->page->time_stamp; > > The commit_page above *is* used again, and we want commit_ts to be part > of the commit_page that was originally read and not a second reading. > > So, I think for the commit_page we do need a READ_ONCE() but that's > because it is referenced again just below it and we don't want the > compiler to read the memory location again for the second reference. Care to send a v2 patch that just adds READ_ONCE() for the commit_page, and change the change log stating that it is to fix the possibility that the time_stamp may come from a different page. -- Steve
diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c index 0699027b4f4c..eb3fa629b837 100644 --- a/kernel/trace/ring_buffer.c +++ b/kernel/trace/ring_buffer.c @@ -4337,8 +4337,8 @@ int ring_buffer_iter_empty(struct ring_buffer_iter *iter) cpu_buffer = iter->cpu_buffer; reader = cpu_buffer->reader_page; head_page = cpu_buffer->head_page; - commit_page = cpu_buffer->commit_page; - commit_ts = commit_page->page->time_stamp; + commit_page = READ_ONCE(cpu_buffer->commit_page); + commit_ts = READ_ONCE(commit_page->page->time_stamp); /* * When the writer goes across pages, it issues a cmpxchg which