Re: [PATCH -next] mm/percpu: fix data-race with pcpu_nr_empty_pop_pages
From: Dennis Zhou
Date: Mon Oct 25 2021 - 22:41:57 EST
Hello,
On Mon, Oct 25, 2021 at 09:50:48AM +0200, Christoph Lameter wrote:
> On Mon, 25 Oct 2021, Yuanzheng Song wrote:
>
> > When reading the pcpu_nr_empty_pop_pages in pcpu_alloc()
> > and writing the pcpu_nr_empty_pop_pages in
> > pcpu_update_empty_pages() at the same time,
> > the data-race occurs.
>
> Looks like a use case for the atomic RMV instructions.
>
Yeah. I see 2 options. Switch the variable over to an atomic or we can
move the read behind pcpu_lock. All the writes are already behind it
othewise that would actually be problematic. In this particular case,
reading a wrong # of empty pages isn't a big deal as eventually the
background work will get scheduled.
Thanks,
Dennis
> > To fix this issue, use READ_ONCE() and WRITE_ONCE() to
> > read and write the pcpu_nr_empty_pop_pages.
>
> Never thought that READ_ONCE and WRITE_ONCE can fix races like
> this. Really?
>
> > diff --git a/mm/percpu.c b/mm/percpu.c
> > index 293009cc03ef..e8ef92e698ab 100644
> > --- a/mm/percpu.c
> > +++ b/mm/percpu.c
> > @@ -574,7 +574,9 @@ static void pcpu_isolate_chunk(struct pcpu_chunk *chunk)
> >
> > if (!chunk->isolated) {
> > chunk->isolated = true;
> > - pcpu_nr_empty_pop_pages -= chunk->nr_empty_pop_pages;
> > + WRITE_ONCE(pcpu_nr_empty_pop_pages,
> > + READ_ONCE(pcpu_nr_empty_pop_pages) -
> > + chunk->nr_empty_pop_pages);
>
> atomic_sub()?
>
> > }
> > list_move(&chunk->list, &pcpu_chunk_lists[pcpu_to_depopulate_slot]);
> > }
> > @@ -585,7 +587,9 @@ static void pcpu_reintegrate_chunk(struct pcpu_chunk *chunk)
> >
> > if (chunk->isolated) {
> > chunk->isolated = false;
> > - pcpu_nr_empty_pop_pages += chunk->nr_empty_pop_pages;
> > + WRITE_ONCE(pcpu_nr_empty_pop_pages,
> > + READ_ONCE(pcpu_nr_empty_pop_pages) +
> > + chunk->nr_empty_pop_pages);
>
> atomic_add()?
>