Received: by 2002:a05:6a10:a0d1:0:0:0:0 with SMTP id j17csp4606909pxa; Mon, 10 Aug 2020 13:21:18 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxMIk/2zJvXpi36ky9oQUedRA4dhguZKHIvnRp4nVREQxBvDTLUWeRbruAf/+5ykXQdnn/u X-Received: by 2002:a05:6402:1a46:: with SMTP id bf6mr22391607edb.284.1597090877831; Mon, 10 Aug 2020 13:21:17 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1597090877; cv=none; d=google.com; s=arc-20160816; b=egtT4iq1Hqlh6OQf/gXl3Ns8Raj86ghuAO5+2iqdqXfp7fsgjCuTRpimlzAodlup0z yr25NqNE+V/oCIT3ByQTbekNqXsRlAmUvyi8P5lcI828ZFLiW73EmuQX4iwj9zw9AkQF RzUQzB2dJ3BoHnfysgo3NtcgS8m9PcaTrPkEpWAEFdVFTNfCoNfLJAGlEzgaylYi4E9n BVHB35aNuvS+chnR0RwqODY7ZCnyehm/L632AdcYqSM8rEgYXO5oruF003OGBYcnG+7O IbS67BcegZvrRmaOo5FHZ9/rvkOqYJabOBYAkAm5bxT466YWTA9d0h1NVZ2xKRMszMlc lByA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:reply-to:message-id :subject:cc:to:from:date:dkim-signature; bh=Vh70IHQ7R4rdS936P8xMq4TFohArDZD14RP6HP3n8do=; b=PdI83AzzgPbm/lgCDZCsHYdBBxFXqgOgpWLjWDftsg5jnJeTwDd7uYEjn7u4wqAOA/ qmvvXIi3BwTWx+JuTuclaUgqQJzNnXyu4BxA4SRKRZwCVvimauRCQ6ESLoKfdPYE6CDd pOxW5IVGALUqO4G0WII99iZD0wntIgOTsPxn25aaLTE5k9cjeQQ8SxOklJvzjWsYnbkZ nNBcf61RKeZKQ4Z7iifvatoB3oDEC67CCbH18RzZK2HYyDaqCihnxygTnJlJ5ByFPEn4 +TW2TO/r08m6u62Z3Vk3ifQ/3ah8+SV6wmWgAeDbxpDbdhwfG/2eyRRF/y6ButQFDQv+ iKWw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=NZP11AXP; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id a16si11486817ejx.411.2020.08.10.13.20.52; Mon, 10 Aug 2020 13:21:17 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=NZP11AXP; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726578AbgHJUUS (ORCPT + 99 others); Mon, 10 Aug 2020 16:20:18 -0400 Received: from mail.kernel.org ([198.145.29.99]:57624 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726143AbgHJUUR (ORCPT ); Mon, 10 Aug 2020 16:20:17 -0400 Received: from paulmck-ThinkPad-P72.home (unknown [50.45.173.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id DF2B220656; Mon, 10 Aug 2020 20:20:15 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1597090815; bh=zStD0Ma2sox2ds2PXG9lXBJ/Wp5K8aGvyuFrZzMWEnQ=; h=Date:From:To:Cc:Subject:Reply-To:References:In-Reply-To:From; b=NZP11AXPrUr/9gAkM2DS8ENG7N6YCK+aIJqT9mQ4UkTQKHnkkeaCNZ2gPO07OOWKS PX9Ur1Ep/LCWu06Ce0yw/VF+gRnjOgjOfL4pQlqQj4yJ7OFvX5kzldTCFY09SkR83M senAaW1lpoSWhJmjaShzPXXxtm+V5k+74YBfH/xU= Received: by paulmck-ThinkPad-P72.home (Postfix, from userid 1000) id 6BE8335228C7; Mon, 10 Aug 2020 13:20:15 -0700 (PDT) Date: Mon, 10 Aug 2020 13:20:15 -0700 From: "Paul E. McKenney" To: Joel Fernandes Cc: linux-kernel@vger.kernel.org, Neeraj Upadhyay , Davidlohr Bueso , Jonathan Corbet , Josh Triplett , Lai Jiangshan , linux-doc@vger.kernel.org, Mathieu Desnoyers , Mauro Carvalho Chehab , peterz@infradead.org, Randy Dunlap , rcu@vger.kernel.org, Steven Rostedt , tglx@linutronix.de, vineethrp@gmail.com Subject: Re: [PATCH v4 1/5] rcu/tree: Add a warning if CPU being onlined did not report QS already Message-ID: <20200810202015.GO4295@paulmck-ThinkPad-P72> Reply-To: paulmck@kernel.org References: <20200807170722.2897328-1-joel@joelfernandes.org> <20200807170722.2897328-2-joel@joelfernandes.org> <20200810154654.GJ4295@paulmck-ThinkPad-P72> <20200810173931.GB2253395@google.com> <20200810175717.GM4295@paulmck-ThinkPad-P72> <20200810192554.GD2865655@google.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20200810192554.GD2865655@google.com> User-Agent: Mutt/1.9.4 (2018-02-28) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Aug 10, 2020 at 03:25:54PM -0400, Joel Fernandes wrote: > On Mon, Aug 10, 2020 at 10:57:17AM -0700, Paul E. McKenney wrote: > > On Mon, Aug 10, 2020 at 01:39:31PM -0400, Joel Fernandes wrote: > > > On Mon, Aug 10, 2020 at 08:46:54AM -0700, Paul E. McKenney wrote: > > > > On Fri, Aug 07, 2020 at 01:07:18PM -0400, Joel Fernandes (Google) wrote: > > > > > Currently, rcu_cpu_starting() checks to see if the RCU core expects a > > > > > quiescent state from the incoming CPU. However, the current interaction > > > > > between RCU quiescent-state reporting and CPU-hotplug operations should > > > > > mean that the incoming CPU never needs to report a quiescent state. > > > > > First, the outgoing CPU reports a quiescent state if needed. Second, > > > > > the race where the CPU is leaving just as RCU is initializing a new > > > > > grace period is handled by an explicit check for this condition. Third, > > > > > the CPU's leaf rcu_node structure's ->lock serializes these checks. > > > > > > > > > > This means that if rcu_cpu_starting() ever feels the need to report > > > > > a quiescent state, then there is a bug somewhere in the CPU hotplug > > > > > code or the RCU grace-period handling code. This commit therefore > > > > > adds a WARN_ON_ONCE() to bring that bug to everyone's attention. > > > > > > > > > > Cc: Paul E. McKenney > > > > > Cc: Neeraj Upadhyay > > > > > Suggested-by: Paul E. McKenney > > > > > Signed-off-by: Joel Fernandes (Google) > > > > > --- > > > > > kernel/rcu/tree.c | 9 ++++++++- > > > > > 1 file changed, 8 insertions(+), 1 deletion(-) > > > > > > > > > > diff --git a/kernel/rcu/tree.c b/kernel/rcu/tree.c > > > > > index 65e1b5e92319..a49fa3b60faa 100644 > > > > > --- a/kernel/rcu/tree.c > > > > > +++ b/kernel/rcu/tree.c > > > > > @@ -3996,7 +3996,14 @@ void rcu_cpu_starting(unsigned int cpu) > > > > > rcu_gpnum_ovf(rnp, rdp); /* Offline-induced counter wrap? */ > > > > > rdp->rcu_onl_gp_seq = READ_ONCE(rcu_state.gp_seq); > > > > > rdp->rcu_onl_gp_flags = READ_ONCE(rcu_state.gp_flags); > > > > > - if (rnp->qsmask & mask) { /* RCU waiting on incoming CPU? */ > > > > > + > > > > > + /* > > > > > + * XXX: The following rcu_report_qs_rnp() is redundant. If the below > > > > > + * warning does not fire, consider replacing it with the "else" block, > > > > > + * by June 2021 or so (while keeping the warning). Refer to RCU's > > > > > + * Requirements documentation for the rationale. > > > > > > > > Let's suppose that this change is made, and further that in a year or > > > > two the "if" statement below is replaced with its "else" block. > > > > > > > > Now let's suppose that (some years after that) a hard-to-trigger bug > > > > makes its way into RCU's CPU-hotplug code that would have resulted in > > > > the WARN_ON_ONCE() triggering, but that this bug turns out to be not so > > > > hard to trigger in certain large production environments. > > > > > > > > Let's suppose further that you have moved on to where you are responsible > > > > for one of these large production environments. How would this > > > > hypothetical RCU/CPU-hotplug bug manifest? > > > > > > It could manifest as an RCU stall (after the warning triggers) since RCU > > > would wait forever. > > > > > > Were you thinking it is not worth doing this? I thought we wanted to remove > > > the reundant rcu_report_qs_rnp here to solidify everyone's understanding of > > > the code and fail early if there's something misunderstood (since such > > > misunderstanding could mean there are other hidden bugs somewhere). The > > > counter-argument to that being, making the code robust is more important for > > > the large production failure scenario where failures are costly. > > > > The benefits of removing code that is in theory redundant was my thought > > at one point, but sleeping on this several times since has made me much > > less favorable to this change. And perhaps my experiences with my new > > employer have affected my views on this as well. You never know! ;-) > > Can we just keep the warning then, and delete the comments to revisit? > > IMHO a comment saying this rcu_report_qs_rnp() is not necessary here but is > done anyway, would be quite useful to a code reader, (with appropriate > comments to point to RCU requirements section and the added warning) :-) Agreed, the warning does make sense. Thanx, Paul > thanks, > > - Joel > > > > > Thanx, Paul > > > > > thanks, > > > > > > - Joel > > > > > > > > > > Thanx, Paul > > > > > > > > > + */ > > > > > + if (WARN_ON_ONCE(rnp->qsmask & mask)) { /* RCU waiting on incoming CPU? */ > > > > > rcu_disable_urgency_upon_qs(rdp); > > > > > /* Report QS -after- changing ->qsmaskinitnext! */ > > > > > rcu_report_qs_rnp(mask, rnp, rnp->gp_seq, flags); > > > > > -- > > > > > 2.28.0.236.gb10cc79966-goog > > > > >