Received: by 2002:a05:6a10:6d10:0:0:0:0 with SMTP id gq16csp97606pxb; Thu, 14 Apr 2022 17:03:14 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxI8iCH0rLoDdZ6spamPTpBWqQZz2q84y5c9l5guQiEbJ9YyJbxRpwaq/Bu+/s9GgDJ5M59 X-Received: by 2002:a05:6a00:198d:b0:4fb:3204:fa8 with SMTP id d13-20020a056a00198d00b004fb32040fa8mr6305242pfl.48.1649980994021; Thu, 14 Apr 2022 17:03:14 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1649980994; cv=none; d=google.com; s=arc-20160816; b=ODtsW7GeYAa0oiExI+ViBlunbcVRh2WdrePYjXWG6LVhlbR8nIQZtdoVhP/BPA46TA MGQOJ4n1+8tHxc3Axx9w7e2jOm0WxINmyp7rb5u+30fvCNLrAqu+C3Xo9XUyX7kiHihT ELHlHaOFM+eVVWOm0bnXvOtUrW+Ys7Z1vlkiT+sjMe4ehxOcFAN+t9o5KaFxRXz1qM92 GGLL0/JBGKVhTyXLKZg5KLCiNo2NKQ7lSLooiC3lAqsIbCxBDn0lrZ4CQZ4WJpJhFvgf Lm7PC4lQxJRilB/E9lK5DcwoWnmOelv8hCKxXjHdpgHFxDDcp3Q0GrKLL3N59DPs5MNv lh2A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=/xHnbfO/6RDF2V6Som/YOPdX7GJf70J0XIxAV0SFUKc=; b=JLXl+zxXGPJ391aF8CAyjZFqSFyp6spMps4SkSaQt7GCuEGEjAk2ATppE5ccumY6ZP LjQscKsM6f0YXcU8EB7OftRkBQWN3r1BIZle6TRaTlH7hEIew6jZ7Wz+g4PiJmKDtsE/ JN5fd9QAa5Yv/rKjxpBdcf5X9OiLl+z9Feas3oCliheCJsXuFYTXP8O9QXjCPP7LIAJT n8owhTWAmlOMccB33J2hkrkJgxgHOpc+CUI1dBCfcyl9zF5G9VixtXt/ACcHrPvQJO7+ +A4Gp6ranI9GPtoa47mQ6FuraoGjBd7pybuGZDx8PhTveUNl0CACGUs7iIzmHwqjzxeR wYgw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel-com.20210112.gappssmtp.com header.s=20210112 header.b=Wef1YPrL; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id o17-20020a170902779100b001584547f62esi14558818pll.256.2022.04.14.17.02.03; Thu, 14 Apr 2022 17:03:13 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel-com.20210112.gappssmtp.com header.s=20210112 header.b=Wef1YPrL; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S245730AbiDNRUo (ORCPT + 99 others); Thu, 14 Apr 2022 13:20:44 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60898 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S245714AbiDNRTw (ORCPT ); Thu, 14 Apr 2022 13:19:52 -0400 Received: from mail-pl1-x62c.google.com (mail-pl1-x62c.google.com [IPv6:2607:f8b0:4864:20::62c]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1BF9B630B for ; Thu, 14 Apr 2022 10:17:25 -0700 (PDT) Received: by mail-pl1-x62c.google.com with SMTP id n18so5192420plg.5 for ; Thu, 14 Apr 2022 10:17:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel-com.20210112.gappssmtp.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=/xHnbfO/6RDF2V6Som/YOPdX7GJf70J0XIxAV0SFUKc=; b=Wef1YPrL1c82H3OcohFJZHkyqYM2Pgnp2Sn52/3jc6OyRc8jdnkyLjTL51mZzDG7iS gVutqtKgia4gJQ5EEyjlTYUR3ODJEipRJNWsbiQ0yudFxRHvicckNTd/GfWrm08L85lS aBACkHBXM8GMvdgOOTIMZ3ZvAzVYixwiSc99ZxMC5dC9BUrunqd7d261XZgCoQaBITnn 8u0DxF80r31+6VmgTSdrBgwcr7aR/GHKLIGlE47CIz2l1Fdwu3vmnHEgI2bf6lkgMp7+ Iff3SMIPnA7Yx/57gV9xT7jh9zms1F38kmOOthyEBN5GroPrDmG4ChoCHraavRNiks5o 9vnw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=/xHnbfO/6RDF2V6Som/YOPdX7GJf70J0XIxAV0SFUKc=; b=IdJPhGO+m7hRT5v9eL1zhts0H8SSWlfv3P43dZXy8ZT7Xvco1dNHfOgdS/NGtjJv9x mNcAirC1BrzrsF21Dg/WzyVNbIBxZQmSgi6EW7BAizxES9fvzB3F4pLOehj3FfCH4eP5 cMT/xG8DfMHYEe4DIf8wfpN4uoN4LNH4/g0renJg29Tq1Xn+0hjXG9T7luHrGiZ+L1/7 8UTxpXD8+wo42Iz6ajJka7wROR/oYi48Zk2lXKfnY7E1YDPs28oDINRwWybZ8ghSLX/y /zrl/ayEb4RHCO+9wDIF9w0o1yAawmCbuURfh8XdEEhlfevh8+ilfLTyDpi3TkFABTfD LJnQ== X-Gm-Message-State: AOAM5313ex9NTV7yfEDPcGGn7A0eUNKIytaKK7uxazdz72GHbPpFzqJc I9plClr40q+m2tV4pFrHUep9fSErYZRtpsDylyUtyQ== X-Received: by 2002:a17:90a:430d:b0:1bc:f340:8096 with SMTP id q13-20020a17090a430d00b001bcf3408096mr4655205pjg.93.1649956644554; Thu, 14 Apr 2022 10:17:24 -0700 (PDT) MIME-Version: 1.0 References: <164982968798.684294.15817853329823976469.stgit@dwillia2-desk3.amr.corp.intel.com> <164982969858.684294.17819743973041389492.stgit@dwillia2-desk3.amr.corp.intel.com> <20220413084309.GV2731@worktop.programming.kicks-ass.net> In-Reply-To: From: Dan Williams Date: Thu, 14 Apr 2022 10:17:13 -0700 Message-ID: Subject: Re: [PATCH v2 02/12] device-core: Add dev->lock_class to enable device_lock() lockdep validation To: Peter Zijlstra Cc: linux-cxl@vger.kernel.org, Greg Kroah-Hartman , "Rafael J. Wysocki" , Dave Jiang , Kevin Tian , Vishal L Verma , "Schofield, Alison" , Linux Kernel Mailing List , Linux NVDIMM Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_NONE, T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Apr 14, 2022 at 3:16 AM Peter Zijlstra wrote: > > On Wed, Apr 13, 2022 at 03:01:21PM -0700, Dan Williams wrote: > > > > That's not an obvious conclusion; lockdep has lots of funny annotations, > > > subclasses is just one. > > > > > > I think the big new development in lockdep since that time with Alan > > > Stern is that lockdep now has support for dynamic keys; that is lock > > > keys in heap memory (as opposed to static storage). > > > > Ah, I was not aware of that, that should allow for deep cleanups of > > this proposal. > > > > If you want lockdep validation for one (or more) dev->mutex instances, > > > why not pull them out of the no_validate class and use the normal > > > locking? > > > > Sounds perfect, just didn't know how to do that with my current > > understanding of how to communicate this to lockdep. > > > > > > > > This is all quite insane. > > > > Yes, certainly in comparison to your suggestion on the next patch. > > That looks much more sane, and even better I think it allows for > > optional lockdep validation without even needing to touch > > include/linux/device.h. > > Right, so lockdep has: > > - classes, based off of lock_class_key address; > > * lock_class_key should be static storage; except now we also have: > > lockdep_{,un}register_key() > > which allows dynamic memory (aka. heap) to be used for classes, > important to note that lockdep memory usage is still static storage > because the memory allocators use locks too. So if you register too > many dynamic keys, you'll run out of lockdep memory etc.. so be > careful. > > * things like mutex_init() have a static lock_class_key per site > and hence every lock initialized by the same code ends up in the > same class by default. > > * can be trivially changed at any time, assuming the lock isn't held, > using lockdep_set_class*() family. > > (extensively used all over the kernel, for example by the vfs to > give each filesystem type their own locking order rules) > > * lockdep_set_no_validate_class() is a magical variant of > lockdep_set_class() that sets a magical lock_class_key. Golden, thanks Peter! > > * can be changed while held using lock_set_class() One more sanity check... So in driver subsystems there are cases where a device on busA hosts a topology on busB. When that happens there's a need to set the lock class late in a driver since busA knows nothing about the locking rules of busB. Since the device has a longer lifetime than a driver when the driver exits it must set dev->mutex back to the novalidate class, otherwise it sets up a use after free of the static lock_class_key. I came up with this and it seems to work, just want to make sure I'm properly using the lock_set_class() API and it is ok to transition back and forth from the novalidate case: diff --git a/drivers/cxl/cxl.h b/drivers/cxl/cxl.h index 990b6670222e..32673e1a736d 100644 --- a/drivers/cxl/cxl.h +++ b/drivers/cxl/cxl.h @@ -405,6 +405,29 @@ struct cxl_nvdimm_bridge *cxl_find_nvdimm_bridge(struct cxl_nvdimm *cxl_nvd); #define __mock static #endif +#ifdef CONFIG_PROVE_LOCKING +static inline void cxl_lock_reset_class(void *_dev) +{ + struct device *dev = _dev; + + lock_set_class(&dev->mutex.dep_map, "__lockdep_no_validate__", + &__lockdep_no_validate__, 0, _THIS_IP_); +} + +static inline int cxl_lock_set_class(struct device *dev, const char *name, + struct lock_class_key *key) +{ + lock_set_class(&dev->mutex.dep_map, name, key, 0, _THIS_IP_); + return devm_add_action_or_reset(dev, cxl_lock_reset_class, dev); +} +#else +static inline int cxl_lock_set_class(struct device *dev, const char *name, + struct lock_class_key *key) +{ + return 0; +} +#endif + #ifdef CONFIG_PROVE_CXL_LOCKING enum cxl_lock_class { CXL_ANON_LOCK, > ( from a lockdep pov it unlocks the held stack, > changes the class of your lock, and re-locks the > held stack, now with a different class nesting ). > > Be carefule! It doesn't forget the old nesting order, so you > can trivally generate cycles. > > - subclasses, basically distinct addresses inside above mentioned > lock_class_key object, limited to 8. Normally used with > *lock_nested() family of functions. Typically used to lock multiple > instances of a single lock class where there is defined order between > instances (see for instance: double_rq_lock()). > > - nest_lock; eg. mutex_lock_nest_lock(), which allows expressing things > like: multiple locks of class A can be taken in any order, provided > we hold lock B. > > With many of these, it's possible to get it wrong and annotate real > deadlocks away, so be careful :-) Noted.