From: "Michael S. Tsirkin" <mst@redhat.com>
To: Jason Wang <jasowang@redhat.com>
Cc: syzbot <syzbot+e58112d71f77113ddb7b@syzkaller.appspotmail.com>,
aarcange@redhat.com, akpm@linux-foundation.org,
christian@brauner.io, davem@davemloft.net, ebiederm@xmission.com,
elena.reshetova@intel.com, guro@fb.com, hch@infradead.org,
james.bottomley@hansenpartnership.com, jglisse@redhat.com,
keescook@chromium.org, ldv@altlinux.org,
linux-arm-kernel@lists.infradead.org,
linux-kernel@vger.kernel.org, linux-mm@kvack.org,
linux-parisc@vger.kernel.org, luto@amacapital.net,
mhocko@suse.com, mingo@kernel.org, namit@vmware.com,
peterz@infradead.org, syzkaller-bugs@googlegroups.com,
viro@zeniv.linux.org.uk, wad@chromium.org
Subject: Re: WARNING in __mmdrop
Date: Thu, 25 Jul 2019 04:28:39 -0400 [thread overview]
Message-ID: <20190725042651-mutt-send-email-mst@kernel.org> (raw)
In-Reply-To: <55e8930c-2695-365f-a07b-3ad169654d28@redhat.com>
On Thu, Jul 25, 2019 at 03:43:41PM +0800, Jason Wang wrote:
>
> On 2019/7/25 下午1:52, Michael S. Tsirkin wrote:
> > On Tue, Jul 23, 2019 at 09:31:35PM +0800, Jason Wang wrote:
> > > On 2019/7/23 下午5:26, Michael S. Tsirkin wrote:
> > > > On Tue, Jul 23, 2019 at 04:49:01PM +0800, Jason Wang wrote:
> > > > > On 2019/7/23 下午4:10, Michael S. Tsirkin wrote:
> > > > > > On Tue, Jul 23, 2019 at 03:53:06PM +0800, Jason Wang wrote:
> > > > > > > On 2019/7/23 下午3:23, Michael S. Tsirkin wrote:
> > > > > > > > > > Really let's just use kfree_rcu. It's way cleaner: fire and forget.
> > > > > > > > > Looks not, you need rate limit the fire as you've figured out?
> > > > > > > > See the discussion that followed. Basically no, it's good enough
> > > > > > > > already and is only going to be better.
> > > > > > > >
> > > > > > > > > And in fact,
> > > > > > > > > the synchronization is not even needed, does it help if I leave a comment to
> > > > > > > > > explain?
> > > > > > > > Let's try to figure it out in the mail first. I'm pretty sure the
> > > > > > > > current logic is wrong.
> > > > > > > Here is what the code what to achieve:
> > > > > > >
> > > > > > > - The map was protected by RCU
> > > > > > >
> > > > > > > - Writers are: MMU notifier invalidation callbacks, file operations (ioctls
> > > > > > > etc), meta_prefetch (datapath)
> > > > > > >
> > > > > > > - Readers are: memory accessor
> > > > > > >
> > > > > > > Writer are synchronized through mmu_lock. RCU is used to synchronized
> > > > > > > between writers and readers.
> > > > > > >
> > > > > > > The synchronize_rcu() in vhost_reset_vq_maps() was used to synchronized it
> > > > > > > with readers (memory accessors) in the path of file operations. But in this
> > > > > > > case, vq->mutex was already held, this means it has been serialized with
> > > > > > > memory accessor. That's why I think it could be removed safely.
> > > > > > >
> > > > > > > Anything I miss here?
> > > > > > >
> > > > > > So invalidate callbacks need to reset the map, and they do
> > > > > > not have vq mutex. How can they do this and free
> > > > > > the map safely? They need synchronize_rcu or kfree_rcu right?
> > > > > Invalidation callbacks need but file operations (e.g ioctl) not.
> > > > >
> > > > >
> > > > > > And I worry somewhat that synchronize_rcu in an MMU notifier
> > > > > > is a problem, MMU notifiers are supposed to be quick:
> > > > > Looks not, since it can allow to be blocked and lots of driver depends on
> > > > > this. (E.g mmu_notifier_range_blockable()).
> > > > Right, they can block. So why don't we take a VQ mutex and be
> > > > done with it then? No RCU tricks.
> > >
> > > This is how I want to go with RFC and V1. But I end up with deadlock between
> > > vq locks and some MM internal locks. So I decide to use RCU which is 100%
> > > under the control of vhost.
> > >
> > > Thanks
> > And I guess the deadlock is because GUP is taking mmu locks which are
> > taken on mmu notifier path, right?
>
>
> Yes, but it's not the only lock. I don't remember the details, but I can
> confirm I meet issues with one or two other locks.
>
>
> > How about we add a seqlock and take
> > that in invalidate callbacks? We can then drop the VQ lock before GUP,
> > and take it again immediately after.
> >
> > something like
> > if (!vq_meta_mapped(vq)) {
> > vq_meta_setup(&uaddrs);
> > mutex_unlock(vq->mutex)
> > vq_meta_map(&uaddrs);
>
>
> The problem is the vq address could be changed at this time.
>
>
> > mutex_lock(vq->mutex)
> >
> > /* recheck both sock->private_data and seqlock count. */
> > if changed - bail out
> > }
> >
> > And also requires that VQ uaddrs is defined like this:
> > - writers must have both vq mutex and dev mutex
> > - readers must have either vq mutex or dev mutex
> >
> >
> > That's a big change though. For now, how about switching to a per-vq SRCU?
> > That is only a little bit more expensive than RCU, and we
> > can use synchronize_srcu_expedited.
> >
>
> Consider we switch to use kfree_rcu(), what's the advantage of per-vq SRCU?
>
> Thanks
I thought we established that notifiers must wait for
all readers to finish before they mark page dirty, to
prevent page from becoming dirty after address
has been invalidated.
Right?
next prev parent reply other threads:[~2019-07-25 8:28 UTC|newest]
Thread overview: 88+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-07-19 3:35 WARNING in __mmdrop syzbot
2019-07-20 10:08 ` syzbot
2019-07-21 10:02 ` Michael S. Tsirkin
2019-07-21 12:18 ` Michael S. Tsirkin
2019-07-22 5:24 ` Jason Wang
2019-07-22 8:08 ` Michael S. Tsirkin
2019-07-23 4:01 ` Jason Wang
2019-07-23 5:01 ` Michael S. Tsirkin
2019-07-23 5:47 ` Jason Wang
2019-07-23 7:23 ` Michael S. Tsirkin
2019-07-23 7:53 ` Jason Wang
2019-07-23 8:10 ` Michael S. Tsirkin
2019-07-23 8:49 ` Jason Wang
2019-07-23 9:26 ` Michael S. Tsirkin
2019-07-23 13:31 ` Jason Wang
2019-07-25 5:52 ` Michael S. Tsirkin
2019-07-25 7:43 ` Jason Wang
2019-07-25 8:28 ` Michael S. Tsirkin [this message]
2019-07-25 13:21 ` Jason Wang
2019-07-25 13:26 ` Michael S. Tsirkin
2019-07-25 14:25 ` Jason Wang
2019-07-26 11:49 ` Michael S. Tsirkin
2019-07-26 12:00 ` Jason Wang
2019-07-26 12:38 ` Michael S. Tsirkin
2019-07-26 12:53 ` Jason Wang
2019-07-26 13:36 ` Jason Wang
2019-07-26 13:49 ` Michael S. Tsirkin
2019-07-29 5:54 ` Jason Wang
2019-07-29 8:59 ` Michael S. Tsirkin
2019-07-29 14:24 ` Jason Wang
2019-07-29 14:44 ` Michael S. Tsirkin
2019-07-30 7:44 ` Jason Wang
2019-07-30 8:03 ` Jason Wang
2019-07-30 15:08 ` Michael S. Tsirkin
2019-07-31 8:49 ` Jason Wang
2019-07-31 23:00 ` Jason Gunthorpe
2019-07-26 13:47 ` Michael S. Tsirkin
2019-07-26 14:00 ` Jason Wang
2019-07-26 14:10 ` Michael S. Tsirkin
2019-07-26 15:03 ` Jason Gunthorpe
2019-07-29 5:56 ` Jason Wang
2019-07-21 12:28 ` RFC: call_rcu_outstanding (was Re: WARNING in __mmdrop) Michael S. Tsirkin
2019-07-21 13:17 ` Paul E. McKenney
2019-07-21 17:53 ` Michael S. Tsirkin
2019-07-21 19:28 ` Paul E. McKenney
2019-07-22 7:56 ` Michael S. Tsirkin
2019-07-22 11:57 ` Paul E. McKenney
2019-07-21 21:08 ` Matthew Wilcox
2019-07-21 23:31 ` Paul E. McKenney
2019-07-22 7:52 ` Michael S. Tsirkin
2019-07-22 11:51 ` Paul E. McKenney
2019-07-22 13:41 ` Jason Gunthorpe
2019-07-22 15:52 ` Paul E. McKenney
2019-07-22 16:04 ` Jason Gunthorpe
2019-07-22 16:15 ` Michael S. Tsirkin
2019-07-22 16:15 ` Paul E. McKenney
2019-07-22 15:14 ` Joel Fernandes
2019-07-22 15:47 ` Michael S. Tsirkin
2019-07-22 15:55 ` Paul E. McKenney
2019-07-22 16:13 ` Michael S. Tsirkin
2019-07-22 16:25 ` Paul E. McKenney
2019-07-22 16:32 ` Michael S. Tsirkin
2019-07-22 18:58 ` Paul E. McKenney
2019-07-22 5:21 ` WARNING in __mmdrop Jason Wang
2019-07-22 8:02 ` Michael S. Tsirkin
2019-07-23 3:55 ` Jason Wang
2019-07-23 5:02 ` Michael S. Tsirkin
2019-07-23 5:48 ` Jason Wang
2019-07-23 7:25 ` Michael S. Tsirkin
2019-07-23 7:55 ` Jason Wang
2019-07-23 7:56 ` Michael S. Tsirkin
2019-07-23 8:42 ` Jason Wang
2019-07-23 10:27 ` Michael S. Tsirkin
2019-07-23 13:34 ` Jason Wang
2019-07-23 15:02 ` Michael S. Tsirkin
2019-07-24 2:17 ` Jason Wang
2019-07-24 8:05 ` Michael S. Tsirkin
2019-07-24 10:08 ` Jason Wang
2019-07-24 18:25 ` Michael S. Tsirkin
2019-07-25 3:44 ` Jason Wang
2019-07-25 5:09 ` Michael S. Tsirkin
2019-07-24 16:53 ` Jason Gunthorpe
2019-07-24 18:25 ` Michael S. Tsirkin
2019-07-23 10:42 ` Michael S. Tsirkin
2019-07-23 13:37 ` Jason Wang
2019-07-22 14:11 ` Jason Gunthorpe
2019-07-25 6:02 ` Michael S. Tsirkin
2019-07-25 7:44 ` Jason Wang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190725042651-mutt-send-email-mst@kernel.org \
--to=mst@redhat.com \
--cc=aarcange@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=christian@brauner.io \
--cc=davem@davemloft.net \
--cc=ebiederm@xmission.com \
--cc=elena.reshetova@intel.com \
--cc=guro@fb.com \
--cc=hch@infradead.org \
--cc=james.bottomley@hansenpartnership.com \
--cc=jasowang@redhat.com \
--cc=jglisse@redhat.com \
--cc=keescook@chromium.org \
--cc=ldv@altlinux.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux-parisc@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=mhocko@suse.com \
--cc=mingo@kernel.org \
--cc=namit@vmware.com \
--cc=peterz@infradead.org \
--cc=syzbot+e58112d71f77113ddb7b@syzkaller.appspotmail.com \
--cc=syzkaller-bugs@googlegroups.com \
--cc=viro@zeniv.linux.org.uk \
--cc=wad@chromium.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).