From: Jason Gunthorpe <jgg@ziepe.ca>
To: Andrew Morton <akpm@linux-foundation.org>
Cc: "Daniel Vetter" <daniel.vetter@ffwll.ch>,
LKML <linux-kernel@vger.kernel.org>,
linux-mm@kvack.org,
"DRI Development" <dri-devel@lists.freedesktop.org>,
"Intel Graphics Development" <intel-gfx@lists.freedesktop.org>,
"Michal Hocko" <mhocko@suse.com>,
"Christian König" <christian.koenig@amd.com>,
"David Rientjes" <rientjes@google.com>,
"Jérôme Glisse" <jglisse@redhat.com>,
"Paolo Bonzini" <pbonzini@redhat.com>,
"Daniel Vetter" <daniel.vetter@intel.com>
Subject: Re: [PATCH 1/5] mm: Check if mmu notifier callbacks are allowed to fail
Date: Wed, 14 Aug 2019 20:22:38 -0300 [thread overview]
Message-ID: <20190814232238.GA11200@ziepe.ca> (raw)
In-Reply-To: <20190814151447.e9ab74f4c7ed4297e39321d1@linux-foundation.org>
On Wed, Aug 14, 2019 at 03:14:47PM -0700, Andrew Morton wrote:
> On Wed, 14 Aug 2019 22:20:23 +0200 Daniel Vetter <daniel.vetter@ffwll.ch> wrote:
>
> > Just a bit of paranoia, since if we start pushing this deep into
> > callchains it's hard to spot all places where an mmu notifier
> > implementation might fail when it's not allowed to.
> >
> > Inspired by some confusion we had discussing i915 mmu notifiers and
> > whether we could use the newly-introduced return value to handle some
> > corner cases. Until we realized that these are only for when a task
> > has been killed by the oom reaper.
> >
> > An alternative approach would be to split the callback into two
> > versions, one with the int return value, and the other with void
> > return value like in older kernels. But that's a lot more churn for
> > fairly little gain I think.
> >
> > Summary from the m-l discussion on why we want something at warning
> > level: This allows automated tooling in CI to catch bugs without
> > humans having to look at everything. If we just upgrade the existing
> > pr_info to a pr_warn, then we'll have false positives. And as-is, no
> > one will ever spot the problem since it's lost in the massive amounts
> > of overall dmesg noise.
> >
> > ...
> >
> > +++ b/mm/mmu_notifier.c
> > @@ -179,6 +179,8 @@ int __mmu_notifier_invalidate_range_start(struct mmu_notifier_range *range)
> > pr_info("%pS callback failed with %d in %sblockable context.\n",
> > mn->ops->invalidate_range_start, _ret,
> > !mmu_notifier_range_blockable(range) ? "non-" : "");
> > + WARN_ON(mmu_notifier_range_blockable(range) ||
> > + ret != -EAGAIN);
> > ret = _ret;
> > }
> > }
>
> A problem with WARN_ON(a || b) is that if it triggers, we don't know
> whether it was because of a or because of b. Or both. So I'd suggest
>
> WARN_ON(a);
> WARN_ON(b);
>
Well, we did just make a pr_info right above with the value of
blockable, that seems enough to tell the cases apart?
But you are generally right, the full logic:
if (_ret) {
if (WARN_ON(mmu_notifier_range_blockable(range)))
continue;
WARN_ON(_ret != -EAGAIN);
ret = -EAGAIN;
break;
}
would force correct API contract up the call chain once we detect a
broken driver..
But at some point it does feel like a bit much debugging logic to have
in a production code path, as this should never happen and is just to
discourage wrong driver behaviors during driver development.
If we like this version then:
Reviewed-by: Jason Gunthorpe <jgg@mellanox.com>
Also - I have a bunch of other patches to mmu notifiers for hmm.git,
so when everyone agrees I can grab this to avoid conflicts.
Thanks,
Jason
next prev parent reply other threads:[~2019-08-14 23:22 UTC|newest]
Thread overview: 69+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-08-14 20:20 [PATCH 0/5] hmm & mmu_notifier debug/lockdep annotations Daniel Vetter
2019-08-14 20:20 ` [PATCH 1/5] mm: Check if mmu notifier callbacks are allowed to fail Daniel Vetter
2019-08-14 22:14 ` Andrew Morton
2019-08-14 23:22 ` Jason Gunthorpe [this message]
2019-08-14 23:34 ` Ralph Campbell
2019-08-16 17:19 ` Jason Gunthorpe
2019-08-14 20:20 ` [PATCH 2/5] kernel.h: Add non_block_start/end() Daniel Vetter
2019-08-14 20:45 ` Andrew Morton
2019-08-15 6:52 ` Daniel Vetter
2019-08-15 8:44 ` Michal Hocko
2019-08-15 13:04 ` Jason Gunthorpe
2019-08-15 13:12 ` Daniel Vetter
2019-08-15 14:37 ` Jason Gunthorpe
2019-08-15 14:43 ` Daniel Vetter
2019-08-15 15:10 ` Jason Gunthorpe
2019-08-15 16:25 ` Daniel Vetter
2019-08-15 17:35 ` Jason Gunthorpe
2019-08-15 17:39 ` Jerome Glisse
2019-08-15 18:01 ` Jason Gunthorpe
2019-08-15 18:27 ` Jerome Glisse
2019-08-15 18:57 ` Jason Gunthorpe
2019-08-15 16:32 ` Jerome Glisse
2019-08-15 17:16 ` Jason Gunthorpe
2019-08-15 17:21 ` Daniel Vetter
2019-08-15 17:35 ` Jerome Glisse
2019-08-15 13:24 ` Michal Hocko
2019-08-15 22:15 ` Andrew Morton
2019-08-16 8:24 ` Michal Hocko
2019-08-14 23:58 ` Jason Gunthorpe
2019-08-15 6:58 ` Daniel Vetter
2019-08-15 12:23 ` Jason Gunthorpe
2019-08-15 13:21 ` Michal Hocko
2019-08-15 14:12 ` Jason Gunthorpe
2019-08-15 16:00 ` Michal Hocko
2019-08-15 16:56 ` Jason Gunthorpe
2019-08-15 17:11 ` Jerome Glisse
2019-08-15 17:17 ` Jason Gunthorpe
2019-08-15 17:42 ` Michal Hocko
2019-08-15 17:57 ` Jerome Glisse
2019-08-15 18:24 ` Jason Gunthorpe
2019-08-15 19:05 ` Michal Hocko
2019-08-15 19:18 ` Jason Gunthorpe
2019-08-15 19:35 ` Michal Hocko
2019-08-15 20:13 ` Jason Gunthorpe
2019-08-16 8:10 ` Michal Hocko
2019-08-16 12:19 ` Jason Gunthorpe
2019-08-16 12:26 ` Michal Hocko
2019-08-15 20:16 ` [Intel-gfx] " Daniel Vetter
2019-08-15 20:27 ` Jason Gunthorpe
2019-08-15 20:49 ` Daniel Vetter
2019-08-16 1:00 ` Jason Gunthorpe
2019-08-16 6:20 ` Daniel Vetter
2019-08-16 12:12 ` Jason Gunthorpe
2019-08-16 14:11 ` Daniel Vetter
2019-08-16 14:38 ` Jason Gunthorpe
2019-08-16 16:36 ` Daniel Vetter
2019-08-16 16:54 ` Jason Gunthorpe
2019-08-16 8:27 ` Michal Hocko
2019-08-14 20:20 ` [PATCH 3/5] mm, notifier: Catch sleeping/blocking for !blockable Daniel Vetter
2019-08-15 0:00 ` Jason Gunthorpe
2019-08-15 7:02 ` Daniel Vetter
[not found] ` <20190815123556.GB21596@ziepe.ca>
2019-08-17 16:09 ` Daniel Vetter
2019-08-14 20:20 ` [PATCH 4/5] mm, notifier: Add a lockdep map for invalidate_range_start Daniel Vetter
2019-08-15 0:09 ` Jason Gunthorpe
2019-08-15 7:10 ` Daniel Vetter
2019-08-15 12:53 ` Jason Gunthorpe
2019-08-14 20:20 ` [PATCH 5/5] mm/hmm: WARN on illegal ->sync_cpu_device_pagetables errors Daniel Vetter
2019-08-15 0:11 ` Jason Gunthorpe
2019-08-15 7:14 ` Daniel Vetter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190814232238.GA11200@ziepe.ca \
--to=jgg@ziepe.ca \
--cc=akpm@linux-foundation.org \
--cc=christian.koenig@amd.com \
--cc=daniel.vetter@ffwll.ch \
--cc=daniel.vetter@intel.com \
--cc=dri-devel@lists.freedesktop.org \
--cc=intel-gfx@lists.freedesktop.org \
--cc=jglisse@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=mhocko@suse.com \
--cc=pbonzini@redhat.com \
--cc=rientjes@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).