Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp142987ybl; Mon, 2 Dec 2019 08:42:42 -0800 (PST) X-Google-Smtp-Source: APXvYqw8C1srSNIKMp4cxgvf9vMfkwxbZ6680/dzu0Dtg7pxke/9kuN/Mnq6a6TA4JEDpYGr4e8v X-Received: by 2002:a05:6402:1659:: with SMTP id s25mr28710616edx.219.1575304962850; Mon, 02 Dec 2019 08:42:42 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1575304962; cv=none; d=google.com; s=arc-20160816; b=cbOZEDPpv2lpYVjj2IKz4WeH6ABr/O5DykmOaQVDDDpXzwOshIuw6WPIgcq2harp4u FWOG6zTnfOp7jAfposYgbvlQBAs6wMnbmGgFli2IrRY/p/oo8XqBv/hVus/E0cvycetQ omr5GWjBiSkzHFMiKPBTGicZADZWTygM939xiR3PJzkx1D9ZSPPfRnh96nauT8dN3djF m6SKniKJdk8FG9QcF2Yf4Rdgy20lohEjAh04F0Ew9iTPFI0mQCJ+z+3VWL4ZIu6pGzZQ Vf2bvEsnv/LBuNv55tTfwYxGNTQlHNvBXrSJqpH88L2qb9yWbC+eE8hZQftWCAzSQv7A pf1Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:message-id :in-reply-to:date:references:subject:cc:to:from; bh=earFoJiRTX9iVyFYuqpduaILIdsAbeEox8qoYo1XaC4=; b=AoaO2yz60uM69Nwys87ONJyxN4xsD2gU23r814rrnPBCQH+xEjMTiMZacLzDDXjN3D zfRgo0B9ZKrQLT6IT/V6KinLp9ZS5U9Apt63xNntdiuvliyPCoR8eqpuNY9cQ0vrdyq8 EoB/PRbYgNdmn5CBIofn98d+e5AqFJI518YR3GAV0cdM24OcxchjQdjiPVr47pfLvELr 6mtakymzIsxaVAyziwhM4Df0qASe74Ux3jgXDjofJHHpjIQIpYQrxdVY16CMHiFs6M3K p+pjSFnP+AmtpExF7m9UgmQpe6juhYGlPHSaBiuJ21IEcxcZUSpp5+PPzCPMh8Rfd+az TIpA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id e11si7659098edn.402.2019.12.02.08.42.17; Mon, 02 Dec 2019 08:42:42 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727529AbfLBQho (ORCPT + 99 others); Mon, 2 Dec 2019 11:37:44 -0500 Received: from Galois.linutronix.de ([193.142.43.55]:52856 "EHLO Galois.linutronix.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727418AbfLBQho (ORCPT ); Mon, 2 Dec 2019 11:37:44 -0500 Received: from localhost ([127.0.0.1] helo=vostro.local) by Galois.linutronix.de with esmtp (Exim 4.80) (envelope-from ) id 1ibohU-00030f-Dp; Mon, 02 Dec 2019 17:37:28 +0100 From: John Ogness To: Petr Mladek Cc: linux-kernel@vger.kernel.org, Peter Zijlstra , Sergey Senozhatsky , Steven Rostedt , Linus Torvalds , Greg Kroah-Hartman , Andrea Parri , Thomas Gleixner , Sergey Senozhatsky , Brendan Higgins , kexec@lists.infradead.org Subject: Re: [RFC PATCH v5 1/3] printk-rb: new printk ringbuffer implementation (writer) References: <20191128015235.12940-1-john.ogness@linutronix.de> <20191128015235.12940-2-john.ogness@linutronix.de> <20191202154841.qikvuvqt4btudxzg@pathway.suse.cz> <20191202155955.meawljmduiciw5t2@pathway.suse.cz> Date: Mon, 02 Dec 2019 17:37:26 +0100 In-Reply-To: <20191202155955.meawljmduiciw5t2@pathway.suse.cz> (Petr Mladek's message of "Mon, 2 Dec 2019 16:59:55 +0100") Message-ID: <87sgm2fzuh.fsf@linutronix.de> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.4 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 2019-12-02, Petr Mladek wrote: >> > +/* Reserve a new descriptor, invalidating the oldest if necessary. */ >> > +static bool desc_reserve(struct printk_ringbuffer *rb, u32 *id_out) >> > +{ >> > + struct prb_desc_ring *desc_ring = &rb->desc_ring; >> > + struct prb_desc *desc; >> > + u32 id_prev_wrap; >> > + u32 head_id; >> > + u32 id; >> > + >> > + head_id = atomic_read(&desc_ring->head_id); >> > + >> > + do { >> > + desc = to_desc(desc_ring, head_id); >> > + >> > + id = DESC_ID(head_id + 1); >> > + id_prev_wrap = DESC_ID_PREV_WRAP(desc_ring, id); >> > + >> > + if (id_prev_wrap == atomic_read(&desc_ring->tail_id)) { >> > + if (!desc_push_tail(rb, id_prev_wrap)) >> > + return false; >> > + } >> > + } while (!atomic_try_cmpxchg(&desc_ring->head_id, &head_id, id)); >> >> Hmm, in theory, ABA problem might cause that we successfully >> move desc_ring->head_id when tail has not been pushed yet. >> >> As a result we would never call desc_push_tail() until >> it overflows again. >> >> I am not sure if we need to take care of it. The code is called with >> interrupts disabled. IMHO, only NMI could cause ABA problem >> in reality. But the game (debugging) is lost anyway when NMI ovewrites >> the buffer several times. > > BTW: If I am counting correctly. The ABA problem would happen when > exactly 2^30 (1G) messages is written in the mean time. All the ringbuffer code assumes that the use of index numbers handles the ABA problem (i.e. there must not be 1 billion printk's within an NMI). If we want to support 1 billion+ printk's within an NMI, then perhaps the index number should be increased. For 64-bit systems it would be no problem to go to 62 bits. For 32-bit systems, I don't know how well the 64-bit atomic operations are supported. >> Also it should not be a complete failure. We still could bail out when >> the previous state was not reusable. We are on the safe side >> when it was reusable. >> >> Also we could probably detect when desc_ring->tail_id is not >> updated any longer and do something about it. >> >> > + >> > + desc = to_desc(desc_ring, id); >> > + >> > + /* Set the descriptor's ID and also set its state to reserved. */ >> > + atomic_set(&desc->state_var, id | 0); >> >> We should check here that the original state id from the previous >> wrap in reusable state (or 0 for bootstrap). On error, we know that >> there was the ABA problem and would need to do something about it. > > I believe that it should be enough to add this check and > bail out in case of error. I need to go through the code again in detail and see how many locations are affected by ABA. All the code was written with the assumption that this type of ABA will not happen. As you've stated, we could add minimal handling so that the ringbuffer at least does not break or get stuck. BTW: The same assumption is made for logical positions. There are 4 times as many of these (on 32-bit systems) but logical positions advance much faster. I will review these as well. John Ogness