Re: misc nits Re: [PATCH 1/2] printk: add lockless buffer

From: John Ogness
Date: Tue Mar 03 2020 - 10:42:15 EST

Next message: Sean Christopherson: "Re: [PATCH 1/2] KVM: x86: clear stale x86_emulate_ctxt->intercept value"
Previous message: Masami Hiramatsu: "Re: [OT] Pseudo module name in kallsyms (Re: [PATCH V3 03/13] kprobes: Add symbols for kprobe insn pages)"
In reply to: Petr Mladek: "Re: misc nits Re: [PATCH 1/2] printk: add lockless buffer"
Next in thread: Petr Mladek: "Re: misc nits Re: [PATCH 1/2] printk: add lockless buffer"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 2020-03-03, Petr Mladek <pmladek@xxxxxxxx> wrote:
>>>>>> diff --git a/kernel/printk/printk_ringbuffer.c b/kernel/printk/printk_ringbuffer.c
>>>>>> new file mode 100644
>>>>>> index 000000000000..796257f226ee
>>>>>> --- /dev/null
>>>>>> +++ b/kernel/printk/printk_ringbuffer.c
>>>>>> +/*
>>>>>> + * Read the record @id and verify that it is committed and has the sequence
>>>>>> + * number @seq. On success, 0 is returned.
>>>>>> + *
>>>>>> + * Error return values:
>>>>>> + * -EINVAL: A committed record @seq does not exist.
>>>>>> + * -ENOENT: The record @seq exists, but its data is not available. This is a
>>>>>> + * valid record, so readers should continue with the next seq.
>>>>>> + */
>>>>>> +static int desc_read_committed(struct prb_desc_ring *desc_ring,
>>>>>> + unsigned long id, u64 seq,
>>>>>> + struct prb_desc *desc)
>>>>>> +{
>>>
>>> OK, what about having desc_read_by_seq() instead?
>>
>> Well, it isn't actually "reading by seq". @seq is there for
>> additional verification. Yes, prb_read() is deriving @id from
>> @seq. But it only does this once and uses that value for both calls.
>
> I do not want to nitpick about words. If I get it properly,
> the "id" is not important here. Any "id" is fine as long as
> "seq" matches. Reading "id" once is just an optimization.

Your statement is incorrect. We are not nitpicking about words. I am
trying to clarify what you are misunderstanding.

@id _is_ very important because that is how descriptors are
read. desc_read() takes @id as an argument and it is @id that identifies
the descriptor. @seq is only meta-data within a descriptor. The only
reason @seq is even checked is because of possible ABA issues with @id
on 32-bit systems.

> I do not resist on the change. It was just an idea how to
> avoid confusion. I was confused more than once. But I might
> be the only one. The more strightforward code looked more
> important to me than the optimization.

I am sorry for the confusion. In preparation for v2 I have changed the
function description to:

/*
* Get a copy of a specified descriptor and verify that the record is
* committed and has the sequence number @seq. @seq is checked because
* of possible ABA issues with @id on 32-bit systems. On success, 0 is
* returned.
*
* Error return values:
* -EINVAL: A committed record @seq does not exist.
* -ENOENT: The record @seq exists, but its data is not available. This is a
* valid record, so readers should continue with the next seq.
*/

This is using the same language as the description of desc_read() so
that is it is hopefully clear that desc_read_committed() is an extended
version of desc_read().

>>> Also there is a bug in current desc_read_commited().
>>> desc->info.seq might contain a garbage when d_state is desc_miss
>>> or desc_reserved.
>>
>> It is not a bug. In both of those cases, -EINVAL is the correct return
>> value.
>
> No, it is a bug. If info is not read and contains garbage then the
> following check may pass by chance:
>
> if (desc->info.seq != seq)
> return -EINVAL;
>
> Then the function would return 0 even when desc_read() returned
> desc_miss or desc_reserved.

0 cannot be returned. The state is checked. Please let us stop this
bug/non-bug discussion. It is distracting us from clarifying this
function and refactoring it to simplify understanding.

>>> I would change it to:
>>>
>>> static enum desc_state
>>> desc_read_by_seq(struct prb_desc_ring *desc_ring,
>>> u64 seq, struct prb_desc *desc)
>>> {
>>> struct prb_desc *rdesc = to_desc(desc_ring, seq);
>>> atomic_long_t *state_var = &rdesc->state_var;
>>> id = DESC_ID(atomic_long_read(state_var));
>>
>> I think it is error-prone to re-read @state_var here. It is lockless
>> shared data. desc_read_committed() is called twice in prb_read() and
>> it is expected that both calls are using the same @id.
>
> It is not error prone. If "id" changes then "seq" will not match.

@id is set during prb_reserve(). @seq (being mere meta-data) is set
_afterwards_. Your proposed multiple-deriving of @id from @seq would
work because the _state checks_ would catch it, not because @seq would
necessarily change.

But that logic is backwards. @seq is not what is important here. It is
only meta-data. On 64-bit systems the @seq checks could be safely
removed.

You may want to refer back to your private email [0] from last November
where you asked me to move this code out of prb_read() and into a helper
function. That may clarify what we are talking about (although I hope
the new function description is clear enough).

John Ogness

[0] private: 20191122122724.n6wlummg3ap56mn3@xxxxxxxxxxxxxxx

Next message: Sean Christopherson: "Re: [PATCH 1/2] KVM: x86: clear stale x86_emulate_ctxt->intercept value"
Previous message: Masami Hiramatsu: "Re: [OT] Pseudo module name in kallsyms (Re: [PATCH V3 03/13] kprobes: Add symbols for kprobe insn pages)"
In reply to: Petr Mladek: "Re: misc nits Re: [PATCH 1/2] printk: add lockless buffer"
Next in thread: Petr Mladek: "Re: misc nits Re: [PATCH 1/2] printk: add lockless buffer"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]