On 14/04/2020 19:04, Jens Axboe wrote: > On 4/14/20 9:46 AM, Pavel Begunkov wrote: >> On 14/04/2020 03:44, Jens Axboe wrote: >>> On 4/13/20 1:09 PM, Pavel Begunkov wrote: >>>> On 13/04/2020 17:16, Jens Axboe wrote: >>>>> On 4/13/20 2:21 AM, Pavel Begunkov wrote: >>>>>> On 4/12/2020 6:14 PM, Hrvoje Zeba wrote: >>>>>>> On Sun, Apr 12, 2020 at 5:15 AM Pavel Begunkov <asml.silence@xxxxxxxxx> wrote: >>>>>>>> >>>>>>>> On 4/12/2020 5:07 AM, Jens Axboe wrote: >>>>>>>>> On 4/11/20 5:00 PM, Hrvoje Zeba wrote: >>>>>>>>>> Hi, >>>>>>>>>> >>>>>>>>>> I've been looking at timeouts and found a case I can't wrap my head around. >>>>>>>>>> >>>>>>>>>> Basically, If you submit OPs in a certain order, timeout fires before >>>>>>>>>> time elapses where I wouldn't expect it to. The order is as follows: >>>>>>>>>> >>>>>>>>>> poll(listen_socket, POLLIN) <- this never fires >>>>>>>>>> nop(async) >>>>>>>>>> timeout(1s, count=X) >>>>>>>>>> >>>>>>>>>> If you set X to anything but 0xffffffff/(unsigned)-1, the timeout does >>>>>>>>>> not fire (at least not immediately). This is expected apart from maybe >>>>>>>>>> setting X=1 which would potentially allow the timeout to fire if nop >>>>>>>>>> executes after the timeout is setup. >>>>>>>>>> >>>>>>>>>> If you set it to 0xffffffff, it will always fire (at least on my >>>>>>>>>> machine). Test program I'm using is attached. >>>>>>>>>> >>>>>>>>>> The funny thing is that, if you remove the poll, timeout will not fire. >>>>>>>>>> >>>>>>>>>> I'm using Linus' tree (v5.6-12604-gab6f762f0f53). >>>>>>>>>> >>>>>>>>>> Could anybody shine a bit of light here? >>>>>>>>> >>>>>>>>> Thinking about this, I think the mistake here is using the SQ side for >>>>>>>>> the timeouts. Let's say you queue up N requests that are waiting, like >>>>>>>>> the poll. Then you arm a timeout, it'll now be at N + count before it >>>>>>>>> fires. We really should be using the CQ side for the timeouts. >>>>>>>> >>>>>>>> As I get it, the problem is that timeout(off=0xffffffff, 1s) fires >>>>>>>> __immediately__ (i.e. not waiting 1s). >>>>>>> >>>>>>> Correct. >>>>>>> >>>>>>>> And still, the described behaviour is out of the definition. It's sounds >>>>>>>> like int overflow. Ok, I'll debug it, rest assured. I already see a >>>>>>>> couple of flaws anyway. >>>>>>> >>>>>>> For this particular case, >>>>>>> >>>>>>> req->sequence = ctx->cached_sq_head + count - 1; >>>>>>> >>>>>>> ends up being 1 which triggers in __req_need_defer() for nop sq. >>>>>> >>>>>> Right, that's it. The timeout's seq counter wraps around and triggers on >>>>>> previously submitted but still inflight requests. >>>>>> >>>>>> Jens, could you remind, do we limit number of inflight requests? We >>>>>> discussed it before, but can't find the thread. If we don't, vile stuff >>>>>> can happen with sequences. >>>>> >>>>> We don't. >>>> >>>> I was too quick to judge, there won't be anything too bad, and only if we throw >>>> 2^32 requests (~1TB). >>>> >>>> For the issue at hand, how about limiting timeouts' sqe->off by 2^31? This will >>>> solve the issue for now, and I can't imagine anyone waiting for over one billion >>>> requests to pass. >>> >>> I'm fine with that, but how do we handle someone asking for > INT_MAX? >> >>> INT_MAX is allowed, but I want to return -EINVAL instead. >> If you mean UINT_MAX, then sqe->off is u32, so can't happen. > > No, I mean count > INT_MAX, what you're suggesting we just don't support. Got it. That's what my question was about. > If there are apps right now using that, how do we handle it? 1. if # of inflight requests is limited (empirically/naturally or not), then we can extend req->seq to >= 33 bits (leaving sqe->off u32), and it'll just work. e.g. if req->seq is u64, then we need 2^64 - 2^32 inflight requests to hit the issue. And I don't expect anybody creating requests worth of 1ZB (2^30 TB). 2. or to think about something I'll send 1., and then out of curiosity give a thought to 2. -- Pavel Begunkov
