On Mon, 30 May 2022, cael wrote: > Thanks, You are right, barrier is needed here. I changed the patch as follows: > 1) WRITE_ONCE and READ_ONCE is used to access ldata->no_room since > n_tty_kick_worker would be called in kworker and reader cpu; > 2) smp_mb added in chars_in_buffer as this function will be called in > reader and kworker, accessing commit_head and read_tail; and to make > sure that read_tail is not read before setting no_room in > n_tty_receive_buf_common; > 3) smp_mb added in n_tty_read to make sure that no_room is not read > before setting read_tail. Please include proper changelog to all revised patch submissions, not just list of changes you've made (and properly version the submissions with [PATCH v2] etc. in the subject). > --- > diff --git a/drivers/tty/n_tty.c b/drivers/tty/n_tty.c > index efc72104c840..3327687da0d3 100644 > --- a/drivers/tty/n_tty.c > +++ b/drivers/tty/n_tty.c > @@ -201,8 +201,8 @@ static void n_tty_kick_worker(struct tty_struct *tty) > struct n_tty_data *ldata = tty->disc_data; > > /* Did the input worker stop? Restart it */ > - if (unlikely(ldata->no_room)) { > - ldata->no_room = 0; > + if (unlikely(READ_ONCE(ldata->no_room))) { > + WRITE_ONCE(ldata->no_room, 0); > WARN_RATELIMIT(tty->port->itty == NULL, > "scheduling with invalid itty\n"); > @@ -221,6 +221,7 @@ static ssize_t chars_in_buffer(struct tty_struct *tty) > struct n_tty_data *ldata = tty->disc_data; > ssize_t n = 0; > > + smp_mb(); You should add the reason in comment for any barriers you add. > if (!ldata->icanon) > n = ldata->commit_head - ldata->read_tail; > else > @@ -1632,7 +1633,7 @@ n_tty_receive_buf_common(struct tty_struct *tty, > const unsigned char *cp, > if (overflow && room < 0) > ldata->read_head--; > room = overflow; > - ldata->no_room = flow && !room; > + WRITE_ONCE(ldata->no_room, flow && !room); > } else > overflow = 0; > > @@ -1663,6 +1664,9 @@ n_tty_receive_buf_common(struct tty_struct *tty, > const unsigned char *cp, > } else > n_tty_check_throttle(tty); > > + if (!chars_in_buffer(tty)) > + n_tty_kick_worker(tty); > + Instead of having the barrier in chars_in_buffer() perhaps it would be more obvious what's going on here and also scope down to the cases where the barrier might be needed in the first place if you'd do: if (ldata->no_room) { /* ... */ smp_mb(); if (!chars_in_buffer(tty)) n_tty_kick_worker(tty); } -- i. > up_read(&tty->termios_rwsem); > > return rcvd; > @@ -2180,8 +2184,10 @@ static ssize_t n_tty_read(struct tty_struct > *tty, struct file *file, > if (time) > timeout = time; > } > - if (tail != ldata->read_tail) > + if (tail != ldata->read_tail) { > + smp_mb(); > n_tty_kick_worker(tty); > + } > up_read(&tty->termios_rwsem); > > remove_wait_queue(&tty->read_wait, &wait); > -- > 2.27.0 > > Ilpo Järvinen <ilpo.jarvinen@xxxxxxxxxxxxxxx> 于2022年5月25日周三 19:21写道: > > > > On Wed, 25 May 2022, cael wrote: > > > > > >Now you switched to an entirely different case, not the one we were > > > >talking about. ...There is no ldisc->no_room = true race in the case > > > >you now described. > > > So, I think we should back to the case ldata->no_room=true as > > > ldata->no_room=false seems harmless. > > > > > > >I'm not worried about the case where both cpus call n_tty_kick_worker but > > > >the case where producer cpu sees chars_in_buffer() > 0 and consumer cpu > > > >!no_room. > > > > > > As ldata->no_room=true is set before checking chars_in_buffer() > > > > Please take a brief look at Documentation/memory-barriers.txt and then > > tell me if you still find this claim to be true. > > > > > if producer > > > finds chars_in_buffer() > 0, then if reader is currently in n_tty_read, > > > > ...Then please do a similar analysis for ldata->read_tail. What guarantees > > its update is seen by the producer cpu when the reader is already past the > > point you think it still must be in? > > > > > when reader quits n_tty_read, n_tty_kick_worker will be called. If reader > > > has already exited n_tty_read, which means that reader still has data to read, > > > next time reader will call n_tty_kick_worker inside n_tty_read too. > > > > C-level analysis alone is not going to be very useful here given you're > > dealing with a concurrency challenge here. > > > > > > -- > > i. > > > > >