Hello, Thanks for the advice, Dennis Zhou and Christoph Lameter. I really appreciate it. I edited this patch by changing the pcpu_nr_empty_pop_pages to atomic_t variable. Here is the v2 patch: https://patchwork.kernel.org/project/linux-mm/patch/20211026084312.2138852-1-songyuanzheng@xxxxxxxxxx/. Would you mind reviewing it again? Thanks, Yuanzheng Song -----Original Message----- From: Dennis Zhou [mailto:dennis@xxxxxxxxxx] Sent: Tuesday, October 26, 2021 10:42 AM To: Christoph Lameter <cl@xxxxxxxxx> Cc: songyuanzheng <songyuanzheng@xxxxxxxxxx>; dennis@xxxxxxxxxx; tj@xxxxxxxxxx; akpm@xxxxxxxxxxxxxxxxxxxx; linux-mm@xxxxxxxxx; linux-kernel@xxxxxxxxxxxxxxx Subject: Re: [PATCH -next] mm/percpu: fix data-race with pcpu_nr_empty_pop_pages Hello, On Mon, Oct 25, 2021 at 09:50:48AM +0200, Christoph Lameter wrote: > On Mon, 25 Oct 2021, Yuanzheng Song wrote: > > > When reading the pcpu_nr_empty_pop_pages in pcpu_alloc() and writing > > the pcpu_nr_empty_pop_pages in > > pcpu_update_empty_pages() at the same time, the data-race occurs. > > Looks like a use case for the atomic RMV instructions. > Yeah. I see 2 options. Switch the variable over to an atomic or we can move the read behind pcpu_lock. All the writes are already behind it othewise that would actually be problematic. In this particular case, reading a wrong # of empty pages isn't a big deal as eventually the background work will get scheduled. Thanks, Dennis > > To fix this issue, use READ_ONCE() and WRITE_ONCE() to read and > > write the pcpu_nr_empty_pop_pages. > > Never thought that READ_ONCE and WRITE_ONCE can fix races like this. > Really? > > > diff --git a/mm/percpu.c b/mm/percpu.c index > > 293009cc03ef..e8ef92e698ab 100644 > > --- a/mm/percpu.c > > +++ b/mm/percpu.c > > @@ -574,7 +574,9 @@ static void pcpu_isolate_chunk(struct pcpu_chunk > > *chunk) > > > > if (!chunk->isolated) { > > chunk->isolated = true; > > - pcpu_nr_empty_pop_pages -= chunk->nr_empty_pop_pages; > > + WRITE_ONCE(pcpu_nr_empty_pop_pages, > > + READ_ONCE(pcpu_nr_empty_pop_pages) - > > + chunk->nr_empty_pop_pages); > > atomic_sub()? > > > } > > list_move(&chunk->list, > > &pcpu_chunk_lists[pcpu_to_depopulate_slot]); > > } > > @@ -585,7 +587,9 @@ static void pcpu_reintegrate_chunk(struct > > pcpu_chunk *chunk) > > > > if (chunk->isolated) { > > chunk->isolated = false; > > - pcpu_nr_empty_pop_pages += chunk->nr_empty_pop_pages; > > + WRITE_ONCE(pcpu_nr_empty_pop_pages, > > + READ_ONCE(pcpu_nr_empty_pop_pages) + > > + chunk->nr_empty_pop_pages); > > atomic_add()? >
