RE: [PATCH -next] mm/percpu: fix data-race with pcpu_nr_empty_pop_pages

From: songyuanzheng
Date: Wed Oct 27 2021 - 03:12:26 EST


Hello,

Thanks for the advice, Dennis Zhou and Christoph Lameter.
I really appreciate it.
I edited this patch by changing the pcpu_nr_empty_pop_pages to atomic_t variable.

Here is the v2 patch: https://patchwork.kernel.org/project/linux-mm/patch/20211026084312.2138852-1-songyuanzheng@xxxxxxxxxx/.
Would you mind reviewing it again?

Thanks,
Yuanzheng Song

-----Original Message-----
From: Dennis Zhou [mailto:dennis@xxxxxxxxxx]
Sent: Tuesday, October 26, 2021 10:42 AM
To: Christoph Lameter <cl@xxxxxxxxx>
Cc: songyuanzheng <songyuanzheng@xxxxxxxxxx>; dennis@xxxxxxxxxx; tj@xxxxxxxxxx; akpm@xxxxxxxxxxxxxxxxxxxx; linux-mm@xxxxxxxxx; linux-kernel@xxxxxxxxxxxxxxx
Subject: Re: [PATCH -next] mm/percpu: fix data-race with pcpu_nr_empty_pop_pages

Hello,

On Mon, Oct 25, 2021 at 09:50:48AM +0200, Christoph Lameter wrote:
> On Mon, 25 Oct 2021, Yuanzheng Song wrote:
>
> > When reading the pcpu_nr_empty_pop_pages in pcpu_alloc() and writing
> > the pcpu_nr_empty_pop_pages in
> > pcpu_update_empty_pages() at the same time, the data-race occurs.
>
> Looks like a use case for the atomic RMV instructions.
>

Yeah. I see 2 options. Switch the variable over to an atomic or we can move the read behind pcpu_lock. All the writes are already behind it othewise that would actually be problematic. In this particular case, reading a wrong # of empty pages isn't a big deal as eventually the background work will get scheduled.

Thanks,
Dennis

> > To fix this issue, use READ_ONCE() and WRITE_ONCE() to read and
> > write the pcpu_nr_empty_pop_pages.
>
> Never thought that READ_ONCE and WRITE_ONCE can fix races like this.
> Really?
>
> > diff --git a/mm/percpu.c b/mm/percpu.c index
> > 293009cc03ef..e8ef92e698ab 100644
> > --- a/mm/percpu.c
> > +++ b/mm/percpu.c
> > @@ -574,7 +574,9 @@ static void pcpu_isolate_chunk(struct pcpu_chunk
> > *chunk)
> >
> > if (!chunk->isolated) {
> > chunk->isolated = true;
> > - pcpu_nr_empty_pop_pages -= chunk->nr_empty_pop_pages;
> > + WRITE_ONCE(pcpu_nr_empty_pop_pages,
> > + READ_ONCE(pcpu_nr_empty_pop_pages) -
> > + chunk->nr_empty_pop_pages);
>
> atomic_sub()?
>
> > }
> > list_move(&chunk->list,
> > &pcpu_chunk_lists[pcpu_to_depopulate_slot]);
> > }
> > @@ -585,7 +587,9 @@ static void pcpu_reintegrate_chunk(struct
> > pcpu_chunk *chunk)
> >
> > if (chunk->isolated) {
> > chunk->isolated = false;
> > - pcpu_nr_empty_pop_pages += chunk->nr_empty_pop_pages;
> > + WRITE_ONCE(pcpu_nr_empty_pop_pages,
> > + READ_ONCE(pcpu_nr_empty_pop_pages) +
> > + chunk->nr_empty_pop_pages);
>
> atomic_add()?
>