From nobody Sun Nov 24 06:43:49 2024 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6882B139CE2 for ; Tue, 22 Oct 2024 02:29:29 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1729564169; cv=none; b=TZrZE+GWFBkMi8JtJQeM0Eipj5r0D8O5mPjfqj2tj2Ie/6stuQivPJHWdxPU4Kqc38cPSWKbAGSlfNX7C6ecL3Smk1hfdFjn8/M+jD2QzfWnSbh99eqOy3pt/CKnoLBypi6/Kau3DYTJR0/BWEJpGrUCgMBykPU3pMLEZ9NVj8M= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1729564169; c=relaxed/simple; bh=l0Rc5IGCCn8tUgQhaia//s1aeodcdSMkEpn6k6T1Ivs=; h=Message-ID:Date:From:To:Cc:Subject:References:MIME-Version: Content-Type; b=rQyMeZaoOuAVlSoOE1S89KkLD8QVENR3uS/n2r3nqD0zu17jpYsCMbbSK39kgfn0quwtfmXgdV4dotKnOQzPxpnoLqcRnbpY/lzhGls1mtdpyjxlZLaVBztKjBmVuZEiM/ZjZ0EB8TPa8H2H1awHTGd3Ci74g8VFbsNPzNpI6y0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id 0D45FC4CEE5; Tue, 22 Oct 2024 02:29:29 +0000 (UTC) Received: from rostedt by gandalf with local (Exim 4.98) (envelope-from ) id 1t34ep-00000004dy9-1EFN; Mon, 21 Oct 2024 22:30:03 -0400 Message-ID: <20241022023003.156847915@goodmis.org> User-Agent: quilt/0.68 Date: Mon, 21 Oct 2024 22:29:20 -0400 From: Steven Rostedt To: linux-kernel@vger.kernel.org Cc: Masami Hiramatsu , Mark Rutland , Mathieu Desnoyers , Andrew Morton , Petr Pavlu Subject: [for-next][PATCH v2 1/3] ring-buffer: Limit time with disabled interrupts in rb_check_pages() References: <20241022022919.695045683@goodmis.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Petr Pavlu The function rb_check_pages() validates the integrity of a specified per-CPU tracing ring buffer. It does so by traversing the underlying linked list and checking its next and prev links. To guarantee that the list isn't modified during the check, a caller typically needs to take cpu_buffer->reader_lock. This prevents the check from running concurrently, for example, with a potential reader which can make the list temporarily inconsistent when swapping its old reader page into the buffer. A problem with this approach is that the time when interrupts are disabled is non-deterministic, dependent on the ring buffer size. This particularly affects PREEMPT_RT because the reader_lock is a raw spinlock which doesn't become sleepable on PREEMPT_RT kernels. Modify the check so it still attempts to traverse the entire list, but gives up the reader_lock between checking individual pages. Introduce for this purpose a new variable ring_buffer_per_cpu.cnt which is bumped any time the list is modified. The value is used by rb_check_pages() to detect such a change and restart the check. Cc: Masami Hiramatsu Cc: Mathieu Desnoyers Link: https://lore.kernel.org/20241015112810.27203-1-petr.pavlu@suse.com Signed-off-by: Petr Pavlu Signed-off-by: Steven Rostedt (Google) --- kernel/trace/ring_buffer.c | 98 ++++++++++++++++++++++++++++---------- 1 file changed, 72 insertions(+), 26 deletions(-) diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c index 3ea4f7bb1837..adde95400ab4 100644 --- a/kernel/trace/ring_buffer.c +++ b/kernel/trace/ring_buffer.c @@ -482,6 +482,8 @@ struct ring_buffer_per_cpu { unsigned long nr_pages; unsigned int current_context; struct list_head *pages; + /* pages generation counter, incremented when the list changes */ + unsigned long cnt; struct buffer_page *head_page; /* read from head */ struct buffer_page *tail_page; /* write to tail */ struct buffer_page *commit_page; /* committed pages */ @@ -1475,40 +1477,87 @@ static void rb_check_bpage(struct ring_buffer_per_c= pu *cpu_buffer, RB_WARN_ON(cpu_buffer, val & RB_FLAG_MASK); } =20 +static bool rb_check_links(struct ring_buffer_per_cpu *cpu_buffer, + struct list_head *list) +{ + if (RB_WARN_ON(cpu_buffer, + rb_list_head(rb_list_head(list->next)->prev) !=3D list)) + return false; + + if (RB_WARN_ON(cpu_buffer, + rb_list_head(rb_list_head(list->prev)->next) !=3D list)) + return false; + + return true; +} + /** * rb_check_pages - integrity check of buffer pages * @cpu_buffer: CPU buffer with pages to test * * As a safety measure we check to make sure the data pages have not * been corrupted. - * - * Callers of this function need to guarantee that the list of pages doesn= 't get - * modified during the check. In particular, if it's possible that the fun= ction - * is invoked with concurrent readers which can swap in a new reader page = then - * the caller should take cpu_buffer->reader_lock. */ static void rb_check_pages(struct ring_buffer_per_cpu *cpu_buffer) { - struct list_head *head =3D rb_list_head(cpu_buffer->pages); - struct list_head *tmp; + struct list_head *head, *tmp; + unsigned long buffer_cnt; + unsigned long flags; + int nr_loops =3D 0; =20 - if (RB_WARN_ON(cpu_buffer, - rb_list_head(rb_list_head(head->next)->prev) !=3D head)) + /* + * Walk the linked list underpinning the ring buffer and validate all + * its next and prev links. + * + * The check acquires the reader_lock to avoid concurrent processing + * with code that could be modifying the list. However, the lock cannot + * be held for the entire duration of the walk, as this would make the + * time when interrupts are disabled non-deterministic, dependent on the + * ring buffer size. Therefore, the code releases and re-acquires the + * lock after checking each page. The ring_buffer_per_cpu.cnt variable + * is then used to detect if the list was modified while the lock was + * not held, in which case the check needs to be restarted. + * + * The code attempts to perform the check at most three times before + * giving up. This is acceptable because this is only a self-validation + * to detect problems early on. In practice, the list modification + * operations are fairly spaced, and so this check typically succeeds at + * most on the second try. + */ +again: + if (++nr_loops > 3) return; =20 - if (RB_WARN_ON(cpu_buffer, - rb_list_head(rb_list_head(head->prev)->next) !=3D head)) - return; + raw_spin_lock_irqsave(&cpu_buffer->reader_lock, flags); + head =3D rb_list_head(cpu_buffer->pages); + if (!rb_check_links(cpu_buffer, head)) + goto out_locked; + buffer_cnt =3D cpu_buffer->cnt; + tmp =3D head; + raw_spin_unlock_irqrestore(&cpu_buffer->reader_lock, flags); =20 - for (tmp =3D rb_list_head(head->next); tmp !=3D head; tmp =3D rb_list_hea= d(tmp->next)) { - if (RB_WARN_ON(cpu_buffer, - rb_list_head(rb_list_head(tmp->next)->prev) !=3D tmp)) - return; + while (true) { + raw_spin_lock_irqsave(&cpu_buffer->reader_lock, flags); =20 - if (RB_WARN_ON(cpu_buffer, - rb_list_head(rb_list_head(tmp->prev)->next) !=3D tmp)) - return; + if (buffer_cnt !=3D cpu_buffer->cnt) { + /* The list was updated, try again. */ + raw_spin_unlock_irqrestore(&cpu_buffer->reader_lock, flags); + goto again; + } + + tmp =3D rb_list_head(tmp->next); + if (tmp =3D=3D head) + /* The iteration circled back, all is done. */ + goto out_locked; + + if (!rb_check_links(cpu_buffer, tmp)) + goto out_locked; + + raw_spin_unlock_irqrestore(&cpu_buffer->reader_lock, flags); } + +out_locked: + raw_spin_unlock_irqrestore(&cpu_buffer->reader_lock, flags); } =20 /* @@ -2535,6 +2584,7 @@ rb_remove_pages(struct ring_buffer_per_cpu *cpu_buffe= r, unsigned long nr_pages) =20 /* make sure pages points to a valid page in the ring buffer */ cpu_buffer->pages =3D next_page; + cpu_buffer->cnt++; =20 /* update head page */ if (head_bit) @@ -2641,6 +2691,7 @@ rb_insert_pages(struct ring_buffer_per_cpu *cpu_buffe= r) * pointer to point to end of list */ head_page->prev =3D last_page; + cpu_buffer->cnt++; success =3D true; break; } @@ -2876,12 +2927,8 @@ int ring_buffer_resize(struct trace_buffer *buffer, = unsigned long size, */ synchronize_rcu(); for_each_buffer_cpu(buffer, cpu) { - unsigned long flags; - cpu_buffer =3D buffer->buffers[cpu]; - raw_spin_lock_irqsave(&cpu_buffer->reader_lock, flags); rb_check_pages(cpu_buffer); - raw_spin_unlock_irqrestore(&cpu_buffer->reader_lock, flags); } atomic_dec(&buffer->record_disabled); } @@ -5299,6 +5346,7 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_bu= ffer) rb_list_head(reader->list.next)->prev =3D &cpu_buffer->reader_page->list; rb_inc_page(&cpu_buffer->head_page); =20 + cpu_buffer->cnt++; local_inc(&cpu_buffer->pages_read); =20 /* Finally update the reader page to the new head */ @@ -5838,12 +5886,9 @@ void ring_buffer_read_finish(struct ring_buffer_iter *iter) { struct ring_buffer_per_cpu *cpu_buffer =3D iter->cpu_buffer; - unsigned long flags; =20 /* Use this opportunity to check the integrity of the ring buffer. */ - raw_spin_lock_irqsave(&cpu_buffer->reader_lock, flags); rb_check_pages(cpu_buffer); - raw_spin_unlock_irqrestore(&cpu_buffer->reader_lock, flags); =20 atomic_dec(&cpu_buffer->resize_disabled); kfree(iter->event); @@ -6760,6 +6805,7 @@ int ring_buffer_subbuf_order_set(struct trace_buffer = *buffer, int order) /* Install the new pages, remove the head from the list */ cpu_buffer->pages =3D cpu_buffer->new_pages.next; list_del_init(&cpu_buffer->new_pages); + cpu_buffer->cnt++; =20 cpu_buffer->head_page =3D list_entry(cpu_buffer->pages, struct buffer_page, list); --=20 2.45.2