Received: by 2002:a05:6a10:9848:0:0:0:0 with SMTP id x8csp4676738pxf; Tue, 30 Mar 2021 14:06:21 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwzg9lvl4pH0Q9hh094OtPKpi+Q5kU9fMqKagcXcCl8J/3UPI0rJwn5f0OWx7JzPyk4zphf X-Received: by 2002:a17:906:801:: with SMTP id e1mr14324ejd.465.1617138381411; Tue, 30 Mar 2021 14:06:21 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1617138381; cv=none; d=google.com; s=arc-20160816; b=fdvZg7InYTSOqvG5hqCjDHZpP8W1dFbEXx0n3rmJcIN6u+lyW2cABp5dC/eJ9yqtMV JRq7bcsukjdZC27qLNjvYHd6bmOi3akhEQA9QGD5FUL/3+iZsC9EZINipBOrnHegobkj u2yYDaVguPwHRfVhv0O3i7525PHax72iMvqdvr7+UoGfsqX1/qqVYnZB6v2s0nOn7TXH LpmPJPOFpnPCckehnPWmGDC7JufVV9pAI0jfKpAQIO5JfKQHPcYtKMfra1W10JzwyACB kYSZrPjg2eO2Ou/3KK046mwWNs9ElzsAmTsKsSe8t9rQqkS1Qfkghla8A7dZSL1QoWBl nk3Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=eSzLg2RKbnYeMq4eRahVBhcZV/UV1n8+MtGZY4WiZyk=; b=CrhvM4NqNei5mxQcTOpqPwSUItj4ivuH9oaM5b63ayXwC0FcLqGIDIG/EUGAPKuSkY 9JbE2d2scRfDV1FQhJBz4NEYwgGB+dTt2CUSYd0mkMmnT263DAN9u/+KjCat2f2UG+5L FwnzWDcv7purt8Kk72nj9/aOyMnflnR+HV6nRA3PsitB/gDHRqjtsTwXUF9C2J+KJykP o6dC/VrdTgx7wull7MGHvMoIF9EaEUg3MD6rWuOGL4tmlwb31QlP2Yl8yi7aDr340n5/ 3o2V52p46M0Q5AZmWlcocV60OGFhpLhinFo8apEuo52vBkYwQ0PdWNcOHG+nCpLgOFHu RlRg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel-com.20150623.gappssmtp.com header.s=20150623 header.b=F+UxR0U+; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id z22si122575edb.163.2021.03.30.14.05.49; Tue, 30 Mar 2021 14:06:21 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@intel-com.20150623.gappssmtp.com header.s=20150623 header.b=F+UxR0U+; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232774AbhC3VBP (ORCPT + 99 others); Tue, 30 Mar 2021 17:01:15 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45842 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232611AbhC3VA5 (ORCPT ); Tue, 30 Mar 2021 17:00:57 -0400 Received: from mail-ej1-x62a.google.com (mail-ej1-x62a.google.com [IPv6:2a00:1450:4864:20::62a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B50DAC061574 for ; Tue, 30 Mar 2021 14:00:56 -0700 (PDT) Received: by mail-ej1-x62a.google.com with SMTP id u9so26826319ejj.7 for ; Tue, 30 Mar 2021 14:00:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=eSzLg2RKbnYeMq4eRahVBhcZV/UV1n8+MtGZY4WiZyk=; b=F+UxR0U+QUxOokXex86/w/bqbr6b+HWOOXm/3v/msCAlchrCogarEfIO8EUbul+fX7 vbyifbrl3mzbp0pC/13AJwItk4a/ijyTVChVtAbmcZ45FCPFjuOsGu2s+W2pbmrOqAab CNXDLht/0vG7n068uTB69OQNqDi7OqTv80VlsWIvHQbaJtJEoMusLrgVRr8iFRIwcv66 GCfrM5/6YY2DWd2qFPPceth/CQSeNUziwDjNZ+Ds1LHiP6vR33FsuZ/EYPbsB6LtEaFK AEJEI0fsGjcUhRR9A+KySNF3HXN/JTT++TrOvShmlr9Up6ybzlI57UDlSgieN7qVkjdF M9mQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=eSzLg2RKbnYeMq4eRahVBhcZV/UV1n8+MtGZY4WiZyk=; b=tK3tNQuOOFw+UpUfLEBHfYpdvUMMvWtFBix5IF8OhM6pwghbChNu7A/LfFkYN0J9sd FYPzHRlDrO+s4acaJ+kgI/z2H16X4ptR99mVBB2WdTU57objQkCIO6s70BJjGNgu8RaZ ZEV+/M5apDacn1Av3f6kM+oBN2RPPTVH9yh8K/AP7aq73TU22zSOU0UOtK1bxFOkJORA EcZQVSF7wy1MKt6IWSgWvG/j7zNwEjSYsJjKUtisQJ8sNsnP3baXBLNzXUCBUoELvpaJ SUGljppIrXPrQ5DYw6iv8PuEVeVh1w9AhLc2sHseLLYrAImz9fbGPfBpW0iBQbZgUBsj mjGg== X-Gm-Message-State: AOAM53255+x8xC1zRuMt9yAr0RthxLIRCBfSqOoLvj6x0VJANYqsmnlG TwYzoE8oyDWoBowEYVa47aA+Prbbaef1x7P9WhMHzw== X-Received: by 2002:a17:906:1386:: with SMTP id f6mr20784ejc.45.1617138055494; Tue, 30 Mar 2021 14:00:55 -0700 (PDT) MIME-Version: 1.0 References: <20210330111620.GK2356281@nvidia.com> <20210330154712.GR2356281@nvidia.com> <20210330170253.GU2356281@nvidia.com> <20210330175431.GX2356281@nvidia.com> <20210330192608.GA1430856@nvidia.com> <20210330195143.GB1430856@nvidia.com> In-Reply-To: <20210330195143.GB1430856@nvidia.com> From: Dan Williams Date: Tue, 30 Mar 2021 14:00:43 -0700 Message-ID: Subject: Re: [PATCH v2 2/4] cxl/mem: Fix synchronization mechanism for device removal vs ioctl operations To: Jason Gunthorpe Cc: linux-cxl@vger.kernel.org, Linux Kernel Mailing List , Vishal L Verma , "Weiny, Ira" , "Schofield, Alison" Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Mar 30, 2021 at 12:52 PM Jason Gunthorpe wrote: > > On Tue, Mar 30, 2021 at 12:43:15PM -0700, Dan Williams wrote: > > > Ok, so this is the disagreement. Strict adherence to the model where > > it does not matter in practice. > > The basic problem is that it is hard to know if it does not matter in > practice because you never know what the compiler might decide to do > ... > > It is probably fine, but then again I've seen a surprising case in the > mm where the compiler did generate double loads and it wasn't fine. > > Now with the new data race detector it feels like marking all > concurrent data access with READ_ONCE / WRITE_ONCE (or a stronger > atomic) is the correct thing to do. > > > > > There's no race above. The rule is that any possible observation of > > > > ->state_in_sysfs == 1, or rcu_dereference() != NULL, must be > > > > flushed. > > > > > > It is not about the flushing. > > > > Ok, it's not about the flushing it's about whether the store to > > state_in_sysfs can leak past up_write(). If that store can leak then > > neither arrangement of: > > up_write() and synchronize_srcu() are both store barriers, so the > store must be ordered. > > It is the reader that is the problem. This ordering: > > > down_write(...): > > cdev_device_del(...); > > up_write(...); > > Prevents state_in_sysfs from being unstable during read as the write > lock prevents it from being written while a reader is active. No > READ_ONCE needed. > Ok, so another case where I agree the instability exists but does not matter in practice in this case because the cxl_memdev_ioctl() read side is prepared for the state change to leak into the down_read() section. There's no meaningful publish/unpublish race that READ_ONCE() resolves here. With the read-side prepared for instability it obviates needing to hold a lock over cdev_device_del() which would entangle this locking dependency unnecessarily with all the other operations that cdev_device_del() performs. Again though I appear to be spilling bytes explaining specific mitigating circumstances. I anticipate your response to the assertion that holding a lock over cdev_device_del() is too broad would be to move the synchronization away from device object state and towards the specific dependency that needs to remain stable for the execution of the ioctl. So registration path does: cxlmd->cxlm = cxlm; down_write(&cxl_memdev_rwsem); up_write(&cxl_memdev_rwsem); cdev_device_add(...); ...unregistration path does: down_write(&cxl_memdev_rwsem); cxlmd->cxlm = cxlm; up_write(&cxl_memdev_rwsem); cdev_device_del(...); ...and then no unstable state of the ->cxlm reference leaks into the read-side that does: down_read(&cxl_memdev_rwsem); if (!cxlmd->cxlm) { up_read(&cxl_memdev_rwsem) return -ENXIO; } ... up_read(&cxl_memdev_rwsem); ...and no need to debate locks held over cdev_device_del() to resolve instability.