Re: [PATCH] block: Annotate a racy read in blk_do_io_stat()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, May 10, 2024 at 09:20:58AM -0700, Bart Van Assche wrote:
> On 5/10/24 8:41 AM, Paul E. McKenney wrote:
> > On Fri, May 10, 2024 at 07:28:41AM -0700, Bart Van Assche wrote:
> > > On 5/10/24 07:19, Breno Leitao wrote:
> > > > diff --git a/block/blk.h b/block/blk.h
> > > > index d9f584984bc4..57a1d73a0718 100644
> > > > --- a/block/blk.h
> > > > +++ b/block/blk.h
> > > > @@ -353,7 +353,8 @@ int blk_dev_init(void);
> > > >     */
> > > >    static inline bool blk_do_io_stat(struct request *rq)
> > > >    {
> > > > -	return (rq->rq_flags & RQF_IO_STAT) && !blk_rq_is_passthrough(rq);
> > > > +	/* Disk stats reading isn’t critical, let it race */
> > > > +	return (data_race(rq->rq_flags) & RQF_IO_STAT) && !blk_rq_is_passthrough(rq);
> > > >    }
> > > >    void update_io_ticks(struct block_device *part, unsigned long now, bool end);
> > > 
> > > Why to annotate this race with data_race() instead of READ_ONCE()? Are
> > > there any cases in which it is better to use data_race() than
> > > READ_ONCE()?
> > 
> > We use this pattern quite a bit in RCU.  For example, suppose that we
> > have a variable that is accessed only under a given lock, except that it
> > is also locklessly accessed for diagnostics or statistics.  Then having
> > unmarked (normal C language) accesses under the lock and data_race()
> > for that statistics enables KCSAN to flag other (buggy) lockless accesses.
> 
> Can using data_race() instead of READ_ONCE() result in incorrect code
> generation, e.g. the compiler emitting a read twice and reading two
> different values?

It could.

And if that was a big enough problem, you might want READ_ONCE() there.
The cases in Linux-kernel RCU involve quantities that rarely change,
so even if the compiler does something counterproductive, the odds of
output being affected are low.

So why not just always use READ_ONCE() for debugging/statistical accesses?

To see that, consider a variable that is supposed to be accessed only
under a lock (aside from the debugging/statistical access).  Under RCU's
KCSAN rules, marking those debugging/statistical accesses with READ_ONCE()
would require all the updates to be marked with WRITE_ONCE().  Which would
prevent KCSAN from noticing a buggy lockless WRITE_ONCE() update of
that variable.

In contrast, if we use data_race() for the debugging/statistical accesses
and leave the normal lock-protected accesses unmarked (as normal
C-language accesses), then KCSAN will complain about buggy lockless
accesses, even if they are marked with READ_ONCE() or WRITE_ONCE().

Does that help, or am I missing your point?

							Thanx, Paul




[Index of Archives]     [Linux RAID]     [Linux SCSI]     [Linux ATA RAID]     [IDE]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Device Mapper]

  Powered by Linux