From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751384AbcGPBvS (ORCPT ); Fri, 15 Jul 2016 21:51:18 -0400 Received: from mail-pa0-f65.google.com ([209.85.220.65]:33874 "EHLO mail-pa0-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751172AbcGPBvQ (ORCPT ); Fri, 15 Jul 2016 21:51:16 -0400 From: Wanpeng Li X-Google-Original-From: Wanpeng Li To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org Cc: Wanpeng Li , "Peter Zijlstra (Intel)" , Ingo Molnar , Waiman Long , Davidlohr Bueso Subject: [PATCH v4] locking/pvqspinlock: Fix double hash race Date: Sat, 16 Jul 2016 09:51:09 +0800 Message-Id: <1468633869-4066-1-git-send-email-wanpeng.li@hotmail.com> X-Mailer: git-send-email 1.9.1 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Wanpeng Li When the lock holder vCPU is racing with the queue head vCPU: lock holder vCPU queue head vCPU ===================== ================== node->locked = 1; READ_ONCE(node->locked) ... pv_wait_head_or_lock(): SPIN_THRESHOLD loop; pv_hash(); lock->locked = _Q_SLOW_VAL; node->state = vcpu_hashed; pv_kick_node(): cmpxchg(node->state, vcpu_halted, vcpu_hashed); lock->locked = _Q_SLOW_VAL; pv_hash(); With preemption at the right moment, it is possible that both the lock holder and queue head vCPUs can be racing to set node->state which can result in hash entry race. Making sure the state is never set to vcpu_halted will prevent this racing from happening. This patch fix it by setting vcpu_hashed after we did all hash thing. Reviewed-by: Pan Xinhui Cc: Peter Zijlstra (Intel) Cc: Ingo Molnar Cc: Waiman Long Cc: Davidlohr Bueso Signed-off-by: Wanpeng Li --- v3 -> v4: * update patch subject * add code comments v2 -> v3: * fix typo in patch description v1 -> v2: * adjust patch description kernel/locking/qspinlock_paravirt.h | 23 ++++++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) diff --git a/kernel/locking/qspinlock_paravirt.h b/kernel/locking/qspinlock_paravirt.h index 21ede57..ca96db4 100644 --- a/kernel/locking/qspinlock_paravirt.h +++ b/kernel/locking/qspinlock_paravirt.h @@ -450,7 +450,28 @@ pv_wait_head_or_lock(struct qspinlock *lock, struct mcs_spinlock *node) goto gotlock; } } - WRITE_ONCE(pn->state, vcpu_halted); + /* + * lock holder vCPU queue head vCPU + * ---------------- --------------- + * node->locked = 1; + * READ_ONCE(node->locked) + * ... pv_wait_head_or_lock(): + * SPIN_THRESHOLD loop; + * pv_hash(); + * lock->locked = _Q_SLOW_VAL; + * node->state = vcpu_hashed; + * pv_kick_node(): + * cmpxchg(node->state, + * vcpu_halted, vcpu_hashed); + * lock->locked = _Q_SLOW_VAL; + * pv_hash(); + * + * With preemption at the right moment, it is possible that both the + * lock holder and queue head vCPUs can be racing to set node->state. + * Making sure the state is never set to vcpu_halted will prevent this + * racing from happening. + */ + WRITE_ONCE(pn->state, vcpu_hashed); qstat_inc(qstat_pv_wait_head, true); qstat_inc(qstat_pv_wait_again, waitcnt); pv_wait(&l->locked, _Q_SLOW_VAL); -- 2.1.0