Re: [PATCH 00/16] DEPT(Dependency Tracker)
On Thu, Feb 17, 2022 at 11:19:15PM -0500, Theodore Ts'o wrote: > On Thu, Feb 17, 2022 at 12:00:05PM -0500, Steven Rostedt wrote: > > > > I personally believe that there's potential that this can be helpful and we > > will want to merge it. > > > > But, what I believe Ted is trying to say is, if you do not know if the > > report is a bug or not, please do not ask the maintainers to determine it > > for you. This is a good opportunity for you to look to see why your tool > > reported an issue, and learn that subsystem. Look at if this is really a > > bug or not, and investigate why. > > I agree there's potential here, or I would have ignored the ext4 "bug > report". I just checked this one. Appreciate it... > When we can get rid of the false positives, I think it should be Of course, the false positives should be removed once it's found. I will try my best to remove all of those on my own as much as possible. However, thing is I can't see others than what I can see with my system. > merged; I'd just rather it not be merged until after the false > positives are fixed, since otherwise, someone well-meaning will start > using it with Syzkaller, and noise that maintainers need to deal with > (with people requesting reverts of two year old commits, etc) will > increase by a factor of ten or more. (With Syzbot reproducers that Agree. > set up random cgroups, IP tunnels with wiregaurd enabled, FUSE stress > testers, etc., that file system maintainers will be asked to try to > disentangle.) > > So from a maintainer's perspective, false positives are highly > negative. It may be that from some people's POV, one bug found and 20 > false positive might still be "useful". But if your tool gains a > reputation of not valuing maintainers' time, it's just going to make > us (or at least me :-) cranky, and it's going to be very hard to Agree. > recover from perception. So it's probably better to be very > conservative and careful in polishing it before asking for it to be > merged. If it's true that there are too many false positives like 95%, then I'll fix those fist for sure before asking to merge it. Let's see if so. To kernel developers, It'd be appreciated if you'd let us know if you can see real ones than false positives in the middle of developing something in the kernel so it's useful. Otherwise, it's hard to measure how many false positives it reports and how valuable it is and so on... Thanks, Byungchul
Re: [PATCH 00/16] DEPT(Dependency Tracker)
On Thu, Feb 17, 2022 at 05:06:18PM +, Matthew Wilcox wrote: > On Thu, Feb 17, 2022 at 12:00:05PM -0500, Steven Rostedt wrote: > > On Thu, 17 Feb 2022 10:51:09 -0500 > > "Theodore Ts'o" wrote: > > > > > I know that you're trying to help us, but this tool needs to be far > > > better than Lockdep before we should think about merging it. Even if > > > it finds 5% more potential deadlocks, if it creates 95% more false > > > positive reports --- and the ones it finds are crazy things that > > > rarely actually happen in practice, are the costs worth the benefits? > > > And who is bearing the costs, and who is receiving the benefits? > > > > I personally believe that there's potential that this can be helpful and we > > will want to merge it. > > > > But, what I believe Ted is trying to say is, if you do not know if the > > report is a bug or not, please do not ask the maintainers to determine it > > for you. This is a good opportunity for you to look to see why your tool > > reported an issue, and learn that subsystem. Look at if this is really a > > bug or not, and investigate why. > > I agree with Steven here, to the point where I'm willing to invest some > time being a beta-tester for this, so if you focus your efforts on > filesystem/mm kinds of problems, I can continue looking at them and > tell you what's helpful and what's unhelpful in the reports. I appreciate your support. I'll do my best to make it *THE* perfect tool for that purpose. I'd feel great if it helps a lot and saves you guys' time in advance, it might not for now tho. Thanks, Byungchul
Re: [PATCH 00/16] DEPT(Dependency Tracker)
On Thu, Feb 17, 2022 at 12:00:05PM -0500, Steven Rostedt wrote: > On Thu, 17 Feb 2022 10:51:09 -0500 > "Theodore Ts'o" wrote: > > > I know that you're trying to help us, but this tool needs to be far > > better than Lockdep before we should think about merging it. Even if > > it finds 5% more potential deadlocks, if it creates 95% more false > > positive reports --- and the ones it finds are crazy things that > > rarely actually happen in practice, are the costs worth the benefits? > > And who is bearing the costs, and who is receiving the benefits? > > I personally believe that there's potential that this can be helpful and we > will want to merge it. > > But, what I believe Ted is trying to say is, if you do not know if the > report is a bug or not, please do not ask the maintainers to determine it > for you. This is a good opportunity for you to look to see why your tool > reported an issue, and learn that subsystem. Look at if this is really a > bug or not, and investigate why. Appreciate your feedback. I'll be more careful in reporting things, and I think I need to make it more conservative... > The likely/unlikely tracing I do finds issues all over the kernel. But > before I report anything, I look at the subsystem and determine *why* it's > reporting what it does. In some cases, it's just a config issue. Where, I > may submit a patch saying "this is 100% wrong in X config, and we should > just remove the "unlikely". But I did the due diligence to find out exactly > what the issue is, and why the tooling reported what it reported. I'll try my best to do things that way. However, thing is that there's few reports with my system... That's why I shared Dept in LKML space. > I want to stress that your Dept tooling looks to have the potential of > being something that will be worth while including. But the false positives > needs to be down to the rate of lockdep false positives. As Ted said, if > it's reporting 95% false positives, nobody is going to look at the 5% of > real bugs that it finds. Agree. Dept should not be merged if so. I'm not pushing ahead, but I'm convinced that Dept works what a dependency tracker should do. Let's see how valuable it is esp. in the middle of developing something in the kernel. Thanks, Byungchul
Re: [PATCH 00/16] DEPT(Dependency Tracker)
On Thu, Feb 17, 2022 at 10:51:09AM -0500, Theodore Ts'o wrote: > On Thu, Feb 17, 2022 at 07:57:36PM +0900, Byungchul Park wrote: > > > > I've got several reports from the tool. Some of them look like false > > alarms and some others look like real deadlock possibility. Because of > > my unfamiliarity of the domain, it's hard to confirm if it's a real one. > > Let me add the reports on this email thread. > > The problem is we have so many potentially invalid, or > so-rare-as-to-be-not-worth-the-time-to-investigate-in-the- > grand-scheme-of-all-of-the-fires-burning-on-maintainers laps that it's > really not reasonable to ask maintainers to determine whether Even though I might have been wrong and might be gonna be wrong, you look so arrogant. You were hasty to judge and trying to walk over me. I reported it because I thought it was a real problem but couldn't confirm it. For the other reports that I thought was not real, I didn't even mention it. If you are talking about the previous report, then I felt so sorry as I told you. I skimmed through the part of the waits... Basically, I respect you and appreciate your feedback. Hope you not get me wrong. > Looking at the second ext4 report, it doesn't make any sense. Context > A is the kjournald thread. We don't do a commit until (a) the timeout > expires, or (b) someone explicitly requests that a commit happen > waking up j_wait_commit. I'm guessing that complaint here is that > DEPT thinks nothing is explicitly requesting a wake up. But note that > after 5 seconds (or whatever journal->j_commit_interval) is configured > to be we *will* always start a commit. So ergo, there can't be a deadlock. Yeah, it might not be a *deadlock deadlock* because the wait will be anyway woken up by one of the wake up points you mentioned. However, the dependency looks problematic because the three contexts participating in the dependency chain would be stuck for a while until one eventually wakes it up. I bet it would not be what you meant. Again. It's not critical but problematic. Or am I missing something? > At a higher level of discussion, it's an unfair tax on maintainer's > times to ask maintainers to help you debug DEPT for you. Tools like > Syzkaller and DEPT are useful insofar as they save us time in making > our subsystems better. But until you can prove that it's not going to > be a massive denial of service attack on maintainer's time, at the Partially I agree. I would understand you even if you don't support Dept until you think it's valuable enough. However, let me keep asking things to fs folks, not you, even though I would cc you on it. > If you know there there "appear to be false positives", you need to > make sure you've tracked them all down before trying to ask that this > be merged. To track them all down, I need to ask LKML because Dept works perfectly with my system. I don't want it to be merged with a lot of false positive still in there, either. > You may also want to add some documentation about why we should trust > this; in particular for wait channels, when a process calls schedule() > there may be multiple reasons why the thread will wake up --- in the > worst case, such as in the select(2) or epoll(2) system call, there > may be literally thousands of reasons (one for every file desriptor > the select is waiting on) --- why the process will wake up and thus > resolve the potential "deadlock" that DEPT is worrying about. How is > DEPT going to handle those cases? If the answer is that things need Thank you for the information but I don't get it which case you are concerning. I'd like to ask you a specific senario of that so that we can discuss it more - maybe I guess I could answer to it tho, but I won't ask you. Just give me an instance only if you think it's worthy. You look like a guy who unconditionally blames on new things before understanding it rather than asking and discussing. Again. I also think anyone doesn't have to spend his or her time for what he or she think is not worthy enough. > I know that you're trying to help us, but this tool needs to be far > better than Lockdep before we should think about merging it. Even if > it finds 5% more potential deadlocks, if it creates 95% more false It should not get merged for sure if so, but it sounds too sarcastic. Let's see if it creates 95% false positives for real. If it's true and I can't control it, I will give up. That's what I should do. There are a lot of factors to judge how valuable Dept is. Dept would be useful especially in the middle of development, rather than in the final state in the tree. It'd be appreciated if you think that sides more, too. Thanks, Byungchul
[PATCH 00/16] DEPT(Dependency Tracker)
Hi Linus and folks, I've been developing a tool for detecting deadlock possibilities by tracking wait/event rather than lock(?) acquisition order to try to cover all synchonization machanisms. It's done on v5.17-rc1 tag. https://github.com/lgebyungchulpark/linux-dept/commits/dept1.12_on_v5.17-rc1 Benifit: 0. Works with all lock primitives. 1. Works with wait_for_completion()/complete(). 2. Works with 'wait' on PG_locked. 3. Works with 'wait' on PG_writeback. 4. Works with swait/wakeup. 5. Works with waitqueue. 6. Multiple reports are allowed. 7. Deduplication control on multiple reports. 8. Withstand false positives thanks to 6. 9. Easy to tag any wait/event. Future work: 0. To make it more stable. 1. To separates Dept from Lockdep. 2. To improves performance in terms of time and space. 3. To use Dept as a dependency engine for Lockdep. 4. To add any missing tags of wait/event in the kernel. 5. To deduplicate stack trace. I've got several reports from the tool. Some of them look like false alarms and some others look like real deadlock possibility. Because of my unfamiliarity of the domain, it's hard to confirm if it's a real one. Let me add the reports on this email thread. How to interpret the report is: 1. E(event) in each context cannot be triggered because of the W(wait) that cannot be woken. 2. The stack trace helping find the problematic code is located in each conext's detail. Changes from RFC: 1. Prevent adding a wait tag at prepare_to_wait() but __schedule(). 2. Use try version at lockdep_acquire_cpus_lock() annotation. 3. Distinguish each syscall context from another. Thanks, Byungchul Byungchul Park (16): llist: Move llist_{head,node} definition to types.h dept: Implement Dept(Dependency Tracker) dept: Embed Dept data in Lockdep dept: Apply Dept to spinlock dept: Apply Dept to mutex families dept: Apply Dept to rwlock dept: Apply Dept to wait_for_completion()/complete() dept: Apply Dept to seqlock dept: Apply Dept to rwsem dept: Add proc knobs to show stats and dependency graph dept: Introduce split map concept and new APIs for them dept: Apply Dept to wait/event of PG_{locked,writeback} dept: Apply SDT to swait dept: Apply SDT to wait(waitqueue) locking/lockdep, cpu/hotplus: Use a weaker annotation in AP thread dept: Distinguish each syscall context from another include/linux/completion.h | 42 +- include/linux/dept.h | 523 +++ include/linux/dept_page.h | 78 ++ include/linux/dept_sdt.h | 62 + include/linux/hardirq.h|3 + include/linux/irqflags.h | 33 +- include/linux/llist.h |8 - include/linux/lockdep.h| 156 ++- include/linux/lockdep_types.h |3 + include/linux/mutex.h | 31 + include/linux/page-flags.h | 45 +- include/linux/pagemap.h|7 +- include/linux/percpu-rwsem.h | 10 +- include/linux/rtmutex.h|7 + include/linux/rwlock.h | 48 + include/linux/rwlock_api_smp.h |8 +- include/linux/rwlock_types.h |7 + include/linux/rwsem.h | 31 + include/linux/sched.h |7 + include/linux/seqlock.h| 59 +- include/linux/spinlock.h | 24 + include/linux/spinlock_types_raw.h | 13 + include/linux/swait.h |4 + include/linux/types.h |8 + include/linux/wait.h |6 +- init/init_task.c |2 + init/main.c|4 + kernel/Makefile|1 + kernel/cpu.c |2 +- kernel/dependency/Makefile |5 + kernel/dependency/dept.c | 2702 kernel/dependency/dept_hash.h | 10 + kernel/dependency/dept_internal.h | 26 + kernel/dependency/dept_object.h| 13 + kernel/dependency/dept_proc.c | 93 ++ kernel/entry/common.c |3 + kernel/exit.c |1 + kernel/fork.c |2 + kernel/locking/lockdep.c | 12 +- kernel/module.c|2 + kernel/sched/completion.c | 12 +- kernel/sched/core.c|3 + kernel/sched/swait.c | 10 + kernel/sched/wait.c| 16 + kernel/softirq.c |6 +- kernel/trace/trace_preemptirq.c| 19 +- lib/Kconfig.debug | 21 + mm/filemap.c | 68 + mm/page_ext.c |5 + 49 files changed, 4204 insertions(+), 57 deletions(-) create mode 100644 include/linux/dept.h create mode 100644 include/linux/dept_page.h create mode 100644
Re: [PATCH 00/16] DEPT(Dependency Tracker)
On Thu, Feb 17, 2022 at 12:00:05PM -0500, Steven Rostedt wrote: > > I personally believe that there's potential that this can be helpful and we > will want to merge it. > > But, what I believe Ted is trying to say is, if you do not know if the > report is a bug or not, please do not ask the maintainers to determine it > for you. This is a good opportunity for you to look to see why your tool > reported an issue, and learn that subsystem. Look at if this is really a > bug or not, and investigate why. I agree there's potential here, or I would have ignored the ext4 "bug report". When we can get rid of the false positives, I think it should be merged; I'd just rather it not be merged until after the false positives are fixed, since otherwise, someone well-meaning will start using it with Syzkaller, and noise that maintainers need to deal with (with people requesting reverts of two year old commits, etc) will increase by a factor of ten or more. (With Syzbot reproducers that set up random cgroups, IP tunnels with wiregaurd enabled, FUSE stress testers, etc., that file system maintainers will be asked to try to disentangle.) So from a maintainer's perspective, false positives are highly negative. It may be that from some people's POV, one bug found and 20 false positive might still be "useful". But if your tool gains a reputation of not valuing maintainers' time, it's just going to make us (or at least me :-) cranky, and it's going to be very hard to recover from perception. So it's probably better to be very conservative and careful in polishing it before asking for it to be merged. Cheers, - Ted
Re: [PATCH 00/16] DEPT(Dependency Tracker)
On Thu, Feb 17, 2022 at 12:00:05PM -0500, Steven Rostedt wrote: > On Thu, 17 Feb 2022 10:51:09 -0500 > "Theodore Ts'o" wrote: > > > I know that you're trying to help us, but this tool needs to be far > > better than Lockdep before we should think about merging it. Even if > > it finds 5% more potential deadlocks, if it creates 95% more false > > positive reports --- and the ones it finds are crazy things that > > rarely actually happen in practice, are the costs worth the benefits? > > And who is bearing the costs, and who is receiving the benefits? > > I personally believe that there's potential that this can be helpful and we > will want to merge it. > > But, what I believe Ted is trying to say is, if you do not know if the > report is a bug or not, please do not ask the maintainers to determine it > for you. This is a good opportunity for you to look to see why your tool > reported an issue, and learn that subsystem. Look at if this is really a > bug or not, and investigate why. I agree with Steven here, to the point where I'm willing to invest some time being a beta-tester for this, so if you focus your efforts on filesystem/mm kinds of problems, I can continue looking at them and tell you what's helpful and what's unhelpful in the reports.
Re: [PATCH 00/16] DEPT(Dependency Tracker)
On Thu, 17 Feb 2022 10:51:09 -0500 "Theodore Ts'o" wrote: > I know that you're trying to help us, but this tool needs to be far > better than Lockdep before we should think about merging it. Even if > it finds 5% more potential deadlocks, if it creates 95% more false > positive reports --- and the ones it finds are crazy things that > rarely actually happen in practice, are the costs worth the benefits? > And who is bearing the costs, and who is receiving the benefits? I personally believe that there's potential that this can be helpful and we will want to merge it. But, what I believe Ted is trying to say is, if you do not know if the report is a bug or not, please do not ask the maintainers to determine it for you. This is a good opportunity for you to look to see why your tool reported an issue, and learn that subsystem. Look at if this is really a bug or not, and investigate why. The likely/unlikely tracing I do finds issues all over the kernel. But before I report anything, I look at the subsystem and determine *why* it's reporting what it does. In some cases, it's just a config issue. Where, I may submit a patch saying "this is 100% wrong in X config, and we should just remove the "unlikely". But I did the due diligence to find out exactly what the issue is, and why the tooling reported what it reported. I want to stress that your Dept tooling looks to have the potential of being something that will be worth while including. But the false positives needs to be down to the rate of lockdep false positives. As Ted said, if it's reporting 95% false positives, nobody is going to look at the 5% of real bugs that it finds. -- Steve
Re: [PATCH 00/16] DEPT(Dependency Tracker)
On Thu, Feb 17, 2022 at 07:57:36PM +0900, Byungchul Park wrote: > > I've got several reports from the tool. Some of them look like false > alarms and some others look like real deadlock possibility. Because of > my unfamiliarity of the domain, it's hard to confirm if it's a real one. > Let me add the reports on this email thread. The problem is we have so many potentially invalid, or so-rare-as-to-be-not-worth-the-time-to-investigate-in-the- grand-scheme-of-all-of-the-fires-burning-on-maintainers laps that it's really not reasonable to ask maintainers to determine whether something is a false alarm or not. If I want more of these unreliable potential bug reports to investigate, there is a huge backlog in Syzkaller. :-) Looking at the second ext4 report, it doesn't make any sense. Context A is the kjournald thread. We don't do a commit until (a) the timeout expires, or (b) someone explicitly requests that a commit happen waking up j_wait_commit. I'm guessing that complaint here is that DEPT thinks nothing is explicitly requesting a wake up. But note that after 5 seconds (or whatever journal->j_commit_interval) is configured to be we *will* always start a commit. So ergo, there can't be a deadlock. At a higher level of discussion, it's an unfair tax on maintainer's times to ask maintainers to help you debug DEPT for you. Tools like Syzkaller and DEPT are useful insofar as they save us time in making our subsystems better. But until you can prove that it's not going to be a massive denial of service attack on maintainer's time, at the *very* least keep an RFC on the patch, or add massive warnings that more often than not DEPT is going to be sending maintainers on a wild goose chase. If you know there there "appear to be false positives", you need to make sure you've tracked them all down before trying to ask that this be merged. You may also want to add some documentation about why we should trust this; in particular for wait channels, when a process calls schedule() there may be multiple reasons why the thread will wake up --- in the worst case, such as in the select(2) or epoll(2) system call, there may be literally thousands of reasons (one for every file desriptor the select is waiting on) --- why the process will wake up and thus resolve the potential "deadlock" that DEPT is worrying about. How is DEPT going to handle those cases? If the answer is that things need to be tagged, then at least disclose potential reasons why DEPT might be untrustworthy to save your reviewers time. I know that you're trying to help us, but this tool needs to be far better than Lockdep before we should think about merging it. Even if it finds 5% more potential deadlocks, if it creates 95% more false positive reports --- and the ones it finds are crazy things that rarely actually happen in practice, are the costs worth the benefits? And who is bearing the costs, and who is receiving the benefits? Regards, - Ted