Hi Tene , when I read your note, I know that this bug appear in the kernel version of 3.14 - 3.17 . but why this can occur the operate system RHEL 6.6 what is still use the kernel of 2.6.32 ? I can't understand and need help . Can you explain for me or reply me for some reference? Thaks !!
在 2015年5月14日星期四 UTC+8上午6:37:32,Gil Tene写道: > > We had this one bite us hard and scare the %$^! out of us, so I figured > I'd share the fear... > > The linux futex_wait call has been broken for about a year (in upstream > since 3.14, around Jan 2014), and has just recently been fixed (in upstream > 3.18, around October 2014). More importantly this breakage seems to have > been back ported into major distros (e.g. into RHEL 6.6 and its cousins, > released in October 2014), and the fix for it has only recently been back > ported (e.g. RHEL 6.6.z and cousins have the fix). > > The impact of this kernel bug is very simple: user processes can deadlock > and hang in seemingly impossible situations. A futex wait call (and > anything using a futex wait) can stay blocked forever, even though it had > been properly woken up by someone. Thread.park() in Java may stay parked. > Etc. If you are lucky you may also find soft lockup messages in your dmesg > logs. If you are not that lucky (like us, for example), you'll spend a > couple of months of someone's time trying to find the fault in your code, > when there is nothing there to find. > > This behavior seems to regularly appear in the wild on Haswell servers > (all the machines where we have had customers hit it in the field and in > labs been Haswells), and since Haswell servers are basically what you get > if you buy a new machine now, or run on the cool new amazon EC2/GCE/Azure > stuff, you are bound to experience some interesting behavior. I don't know > of anyone that will see this as a good thing for production systems. Except > for maybe Netflix (maybe we should call this the linux fumonkey). > > The commit for the *fix* is here: > https://github.com/torvalds/linux/commit/76835b0ebf8a7fe85beb03c75121419a7dec52f0 > > The commit explanation says that it fixes > https://github.com/torvalds/linux/commit/b0c29f79ecea0b6fbcefc999e70f2843ae8306db > > (presumably the bug introduced with that change), which was made in Jan of > 2014into 3.14. That 3.14 code added logic to avoid taking a lock if the > code knows that there are no waiters. It documents (pretty elaborately) how > "…thus preventing tasks sleeping forever if wakers don't acknowledge all > possible waiters" with logic that explains how memory barriers guarantee > the correct order (see paragraph at line 141), which includes the statement > "this is done by the barriers in get_futex_key_refs(), through either ihold > or atomic_inc, depending on the futex type." (this assumption is the actual > bug). The assumption is further reinforced in the fact that the change > added a comment to every calls to get_futex_key_refs() in the code that > says "/* implies MB (B) */". > > The problem was that get_futex_key_refs() did NOT imply a memory barrier. > It only included a memory barrier for two explicit cases in a switch > statement that checks the futex type, but did not have a default case > handler, and therefor did not apply a memory barrier for other fuxtex > types. Like private futexes. Which are a very commonly used type of futex. > > The fix is simple, an added default case for the switch that just has an > explicit smp_mb() in it. There was a missing memory barrier in the wakeup > path, and now (hopefully) it's not missing any more... > > So lets be clear: *RHEL 6.6 (and CentOS 6.6., and Scientific Linux 6.6.) > are certainly broken on Haswell servers. *It is likely that recent > versions other distros are too (SLES, Ubuntu, Debia, Oracle Linux, etc.). > *The > good news is that fixes are out there (including 6.6.z)*. But the bad > news is that there is not much chatter saying "if you have a Haswell > system, get to version X now". For some reason, people seem to not have > noticed this or raised the alarm. We certainly haven't seen much "INSTALL > PATCHES NOW" fear mongering. And we really need it, so *I'm hoping this > posting will start a panic*. > > Bottom line: the bug is very real, but it probably only appeared in the > 3.14 upstream version (and distro versions that had backported > https://github.com/torvalds/linux/commit/b0c29f79ecea0b6fbcefc999e70f2843ae8306db > > , presumably after Jan 2014). The bug was fixed in 3.18 in October 2014, > but backports probably took a while (and some may still be pending). I now > for a fact that RHEL 6.6.z has the fix. I don't know about other distro > families and versions (yet), but if someone else does, please post > (including when was it broken, and when was it fixed). > > Note: I would like to profusely thank @aplokhotnyuk > <https://twitter.com/search?f=realtime&q=giltene%20latest%20patches&src=typd>. > > His tweet > <https://twitter.com/search?f=realtime&q=giltene%20latest%20patches&src=typd> > originally > alerted me to the bug's existence, and started us down the path of figuring > out the what//why/where/when behind it. Why this is not being shouted in > the streets is a mystery to me, and scary in its own right. We were lucky > enough that I had a "that looks suspiciously familiar" moment when I read > that tweet, and that I put 3.14 and 1.618 together and thought enough to > ask "Umm... have we only been seeing this bug on Haswell servers?". > > > > Without @aplokhotnyuk's tweet we'd probably still be searching for the > nonexistent bugs in our own locking code... And since the tweet originated > from another discussion on this group, it presents a rare "posting and > reading twitter actually helps us solve bugs sometimes" example. > > > > > -- You received this message because you are subscribed to the Google Groups "mechanical-sympathy" group. To unsubscribe from this group and stop receiving emails from it, send an email to mechanical-sympathy+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.