Re: [QUESTION] srcu: Remove the SCAN2 state

Wed, 21 Feb 2018 18:12:07 -0800 

On Thu, Feb 22, 2018 at 08:57:27AM +0900, Byungchul Park wrote:
> Hello,
> 
> I'm sorry for bothering you, and I seem to be obviously missing
> something, but I'm really wondering why we check try_check_zero()
> again in the state, SCAN1, for the previous srcu_idx.
> 
> I mean, since we've already checked try_check_zero() in the previous
> grace period and gotten 'true' as a return value, all readers who see
> the flipped idx via srcu_flip() won't update the src_{lock,unlock}_count
> for the previous idx until it gets flipped back again.
> 
> Is there any reasons we check try_check_zero() again in the state, SCAN1?
> Is there any problems if the following patch's applied?

Indeed there are!  Removing the second scan exposes us to a nasty race
condition where a reader is preempted (or interrupted or whatever) just
after fetching its counter.  A detailed explanation for an essentially
equivalent race in userspace RCU may be found on the second column of
page 7 of this PDF:

http://www.computer.org/cms/Computer.org/dl/trans/td/2012/02/extras/ttd2012020375s.pdf

But please let me know if I am missing the point of your patch below.

                                                        Thanx, Paul

> Thanks in advance,
> Byungchul
> 
> ---
>  kernel/rcu/srcutree.c | 16 +---------------
>  1 file changed, 1 insertion(+), 15 deletions(-)
> 
> diff --git a/kernel/rcu/srcutree.c b/kernel/rcu/srcutree.c
> index 39e50fe..215c44a 100644
> --- a/kernel/rcu/srcutree.c
> +++ b/kernel/rcu/srcutree.c
> @@ -1125,24 +1125,10 @@ static void srcu_advance_state(struct srcu_struct *sp)
>                       mutex_unlock(&sp->srcu_gp_mutex);
>                       return; /* Someone else started the grace period. */
>               }
> -     }
> -
> -     if (rcu_seq_state(READ_ONCE(sp->srcu_gp_seq)) == SRCU_STATE_SCAN1) {
> -             idx = 1 ^ (sp->srcu_idx & 1);
> -             if (!try_check_zero(sp, idx, 1)) {
> -                     mutex_unlock(&sp->srcu_gp_mutex);
> -                     return; /* readers present, retry later. */
> -             }
>               srcu_flip(sp);
> -             rcu_seq_set_state(&sp->srcu_gp_seq, SRCU_STATE_SCAN2);
>       }
> 
> -     if (rcu_seq_state(READ_ONCE(sp->srcu_gp_seq)) == SRCU_STATE_SCAN2) {
> -
> -             /*
> -              * SRCU read-side critical sections are normally short,
> -              * so check at least twice in quick succession after a flip.
> -              */
> +     if (rcu_seq_state(READ_ONCE(sp->srcu_gp_seq)) == SRCU_STATE_SCAN1) {
>               idx = 1 ^ (sp->srcu_idx & 1);
>               if (!try_check_zero(sp, idx, 2)) {
>                       mutex_unlock(&sp->srcu_gp_mutex);
> -- 
> 1.9.1
>

Reply via email to