Re: [PATCH v2] rcu: fix a race in hlist_nulls_for_each_entry_rcumacro

From: Eric Dumazet
Date: Mon May 27 2013 - 20:12:32 EST

Next message: Eric Dumazet: "Re: [PATCH v5 net-next 2/5] net: implement support for low latencysocket polling"
Previous message: Stephen Rothwell: "Re: NVIDIA Tegra DRM tree"
In reply to: Roman Gushchin: "Re: [PATCH v2] rcu: fix a race in hlist_nulls_for_each_entry_rcumacro"
Next in thread: Roman Gushchin: "Re: [PATCH v2] rcu: fix a race in hlist_nulls_for_each_entry_rcumacro"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 2013-05-27 at 21:55 +0400, Roman Gushchin wrote:
> Hi, Paul!
>
> > On 25.05.2013 15:37, Paul E. McKenney wrote:
> >> Again, I believe that your retry logic needs to extend back into the
> >> calling function for your some_func() example above.
>
> And what do you think about the following approach (diff below)?
>
> It seems to me, it's enough clear (especially with good accompanying comments)
> and produces a good binary code (without significant overhead).
> Also, we will remove a hidden reef in using rcu-protected (h)list traverses with restarts.
>

> diff --git a/include/linux/rculist_nulls.h b/include/linux/rculist_nulls.h
> index 2ae1371..4af5ee5 100644
> --- a/include/linux/rculist_nulls.h
> +++ b/include/linux/rculist_nulls.h
> @@ -107,7 +107,8 @@ static inline void hlist_nulls_add_head_rcu(struct hlist_nulls_node *n,
> *
> */
> #define hlist_nulls_for_each_entry_rcu(tpos, pos, head, member) \
> - for (pos = rcu_dereference_raw(hlist_nulls_first_rcu(head)); \
> + for (ACCESS_ONCE(*(head)), \
> + pos = rcu_dereference_raw(hlist_nulls_first_rcu(head)); \
> (!is_a_nulls(pos)) && \
> ({ tpos = hlist_nulls_entry(pos, typeof(*tpos), member); 1; }); \
> pos = rcu_dereference_raw(hlist_nulls_next_rcu(pos)))

It looks like this still relies on gcc being friendly here.

I repeat again : @head here is a constant.

Macro already uses ACCESS_ONCE(), we only have to instruct gcc that
caching the value is forbidden if we restart the loop
(aka "goto begin;" see Documentation/RCU/rculist_nulls.txt line 146)

Adding a barrier() is probably what we want.

I cooked followed patch and it fixes the problem.

diff --git a/include/linux/rculist_nulls.h b/include/linux/rculist_nulls.h
index 2ae1371..4dc51b2 100644
--- a/include/linux/rculist_nulls.h
+++ b/include/linux/rculist_nulls.h
@@ -105,8 +105,12 @@ static inline void hlist_nulls_add_head_rcu(struct hlist_nulls_node *n,
* @head: the head for your list.
* @member: the name of the hlist_nulls_node within the struct.
*
+ * The barrier() is needed to make sure compiler doesn't cache first element,
+ * as this loop can be restarted.
+ * (cf Documentation/RCU/rculist_nulls.txt around line 146)
*/
#define hlist_nulls_for_each_entry_rcu(tpos, pos, head, member) \
+ barrier(); \
for (pos = rcu_dereference_raw(hlist_nulls_first_rcu(head)); \
(!is_a_nulls(pos)) && \
({ tpos = hlist_nulls_entry(pos, typeof(*tpos), member); 1; }); \

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Eric Dumazet: "Re: [PATCH v5 net-next 2/5] net: implement support for low latencysocket polling"
Previous message: Stephen Rothwell: "Re: NVIDIA Tegra DRM tree"
In reply to: Roman Gushchin: "Re: [PATCH v2] rcu: fix a race in hlist_nulls_for_each_entry_rcumacro"
Next in thread: Roman Gushchin: "Re: [PATCH v2] rcu: fix a race in hlist_nulls_for_each_entry_rcumacro"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]