On 14/04/2020 03:44, Jens Axboe wrote: > On 4/13/20 1:09 PM, Pavel Begunkov wrote: >> On 13/04/2020 17:16, Jens Axboe wrote: >>> On 4/13/20 2:21 AM, Pavel Begunkov wrote: >>>> On 4/12/2020 6:14 PM, Hrvoje Zeba wrote: >>>>> On Sun, Apr 12, 2020 at 5:15 AM Pavel Begunkov <asml.silence@xxxxxxxxx> wrote: >>>>>> >>>>>> On 4/12/2020 5:07 AM, Jens Axboe wrote: >>>>>>> On 4/11/20 5:00 PM, Hrvoje Zeba wrote: >>>>>>>> Hi, >>>>>>>> >>>>>>>> I've been looking at timeouts and found a case I can't wrap my head around. >>>>>>>> >>>>>>>> Basically, If you submit OPs in a certain order, timeout fires before >>>>>>>> time elapses where I wouldn't expect it to. The order is as follows: >>>>>>>> >>>>>>>> poll(listen_socket, POLLIN) <- this never fires >>>>>>>> nop(async) >>>>>>>> timeout(1s, count=X) >>>>>>>> >>>>>>>> If you set X to anything but 0xffffffff/(unsigned)-1, the timeout does >>>>>>>> not fire (at least not immediately). This is expected apart from maybe >>>>>>>> setting X=1 which would potentially allow the timeout to fire if nop >>>>>>>> executes after the timeout is setup. >>>>>>>> >>>>>>>> If you set it to 0xffffffff, it will always fire (at least on my >>>>>>>> machine). Test program I'm using is attached. >>>>>>>> >>>>>>>> The funny thing is that, if you remove the poll, timeout will not fire. >>>>>>>> >>>>>>>> I'm using Linus' tree (v5.6-12604-gab6f762f0f53). >>>>>>>> >>>>>>>> Could anybody shine a bit of light here? >>>>>>> >>>>>>> Thinking about this, I think the mistake here is using the SQ side for >>>>>>> the timeouts. Let's say you queue up N requests that are waiting, like >>>>>>> the poll. Then you arm a timeout, it'll now be at N + count before it >>>>>>> fires. We really should be using the CQ side for the timeouts. >>>>>> >>>>>> As I get it, the problem is that timeout(off=0xffffffff, 1s) fires >>>>>> __immediately__ (i.e. not waiting 1s). >>>>> >>>>> Correct. >>>>> >>>>>> And still, the described behaviour is out of the definition. It's sounds >>>>>> like int overflow. Ok, I'll debug it, rest assured. I already see a >>>>>> couple of flaws anyway. >>>>> >>>>> For this particular case, >>>>> >>>>> req->sequence = ctx->cached_sq_head + count - 1; >>>>> >>>>> ends up being 1 which triggers in __req_need_defer() for nop sq. >>>> >>>> Right, that's it. The timeout's seq counter wraps around and triggers on >>>> previously submitted but still inflight requests. >>>> >>>> Jens, could you remind, do we limit number of inflight requests? We >>>> discussed it before, but can't find the thread. If we don't, vile stuff >>>> can happen with sequences. >>> >>> We don't. >> >> I was too quick to judge, there won't be anything too bad, and only if we throw >> 2^32 requests (~1TB). >> >> For the issue at hand, how about limiting timeouts' sqe->off by 2^31? This will >> solve the issue for now, and I can't imagine anyone waiting for over one billion >> requests to pass. > > I'm fine with that, but how do we handle someone asking for > INT_MAX? >INT_MAX is allowed, but I want to return -EINVAL instead. If you mean UINT_MAX, then sqe->off is u32, so can't happen. -- Pavel Begunkov
