Date: Fri, 1 Jan 2021 10:52:23 -0800 From: Ryan Libby <rlibby@freebsd.org> To: meloun.michal@gmail.com Cc: src-committers <src-committers@freebsd.org>, dev-commits-src-all@freebsd.org, dev-commits-src-main@freebsd.org Subject: Re: git: 942951ba46ec - main - uma dbg: catch more corruption with atomics Message-ID: <CAHgpiFzvm8ZHXj2hOgRLpEMA1eAXpaaew4qBCjo5=cx5ndd2Yg@mail.gmail.com> In-Reply-To: <d89b9ec0-29bd-3a54-7927-a9b49bde394c@gmail.com> References: <202012312103.0BVL3dGu073808@gitrepo.freebsd.org> <d89b9ec0-29bd-3a54-7927-a9b49bde394c@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] On Fri, Jan 1, 2021 at 5:46 AM Michal Meloun <meloun.michal@gmail.com> wrote: > > > > On 31.12.2020 22:03, Ryan Libby wrote: > > The branch main has been updated by rlibby: > > > > URL: https://cgit.FreeBSD.org/src/commit/?id=942951ba46ecd5ebab18de006a24dc52e2d3f745 > > > > commit 942951ba46ecd5ebab18de006a24dc52e2d3f745 > > Author: Ryan Libby <rlibby@FreeBSD.org> > > AuthorDate: 2020-12-31 21:02:45 +0000 > > Commit: Ryan Libby <rlibby@FreeBSD.org> > > CommitDate: 2020-12-31 21:02:45 +0000 > > > > uma dbg: catch more corruption with atomics > > > > Use atomic testandset and testandclear to catch concurrent double free, > > and to reduce the number of atomic operations. > > > > Submitted by: jeff > > Reviewed by: cem, kib, markj (all previous version) > > Sponsored by: Dell EMC Isilon > > Differential Revision: https://reviews.freebsd.org/D22703 > Unfortunately, this broke arm and arm64 kernel with random > 'duplicate alloc'/'duplicate free' panics. > > Michal > Thanks for the report. It's probably going to be several hours before I can dig into this properly. A GENERIC-NODEBUG kernel should avoid the problem. >From a quick scan of source, it looks to me like arm64's atomic_testand{set,clear}_64 are broken because of a wrong mask value under _ATOMIC_TEST_OP_IMPL(64, ...). If you would like to test a patch, you could try the one attached (only compile tested on my end). Ryan > > --- > > sys/vm/uma_core.c | 9 ++++----- > > 1 file changed, 4 insertions(+), 5 deletions(-) > > > > diff --git a/sys/vm/uma_core.c b/sys/vm/uma_core.c > > index a0192642205d..39c846effac8 100644 > > --- a/sys/vm/uma_core.c > > +++ b/sys/vm/uma_core.c > > @@ -5392,10 +5392,10 @@ uma_dbg_alloc(uma_zone_t zone, uma_slab_t slab, void *item) > > keg = zone->uz_keg; > > freei = slab_item_index(slab, keg, item); > > > > - if (BIT_ISSET(keg->uk_ipers, freei, slab_dbg_bits(slab, keg))) > > + if (BIT_TEST_SET_ATOMIC(keg->uk_ipers, freei, > > + slab_dbg_bits(slab, keg))) > > panic("Duplicate alloc of %p from zone %p(%s) slab %p(%d)", > > item, zone, zone->uz_name, slab, freei); > > - BIT_SET_ATOMIC(keg->uk_ipers, freei, slab_dbg_bits(slab, keg)); > > } > > > > /* > > @@ -5426,11 +5426,10 @@ uma_dbg_free(uma_zone_t zone, uma_slab_t slab, void *item) > > panic("Unaligned free of %p from zone %p(%s) slab %p(%d)", > > item, zone, zone->uz_name, slab, freei); > > > > - if (!BIT_ISSET(keg->uk_ipers, freei, slab_dbg_bits(slab, keg))) > > + if (!BIT_TEST_CLR_ATOMIC(keg->uk_ipers, freei, > > + slab_dbg_bits(slab, keg))) > > panic("Duplicate free of %p from zone %p(%s) slab %p(%d)", > > item, zone, zone->uz_name, slab, freei); > > - > > - BIT_CLR_ATOMIC(keg->uk_ipers, freei, slab_dbg_bits(slab, keg)); > > } > > #endif /* INVARIANTS */ > > > > [-- Attachment #2 --] From 4fb1d412636bf6fe59d0457e7dd17da5e59ce55f Mon Sep 17 00:00:00 2001 From: Ryan Libby <rlibby@FreeBSD.org> Date: Fri, 1 Jan 2021 10:43:03 -0800 Subject: [PATCH] arm64: fix mask in atomic_test 64 ops These macros generate both the 32 and 64-bit ops but the mask was hard coded for 32-bit ops. --- sys/arm64/include/atomic.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sys/arm64/include/atomic.h b/sys/arm64/include/atomic.h index 99dd73d4f85f..9c5d6224f3e2 100644 --- a/sys/arm64/include/atomic.h +++ b/sys/arm64/include/atomic.h @@ -409,7 +409,7 @@ _ATOMIC_TEST_OP_PROTO(t, op, _llsc) \ uint##t##_t mask, old, tmp; \ int res; \ \ - mask = 1u << (val & 0x1f); \ + mask = ((uint##t##_t)1) << (val & (t - 1)); \ __asm __volatile( \ "1: ldxr %"#w"2, [%3]\n" \ " "#llsc_asm_op" %"#w"0, %"#w"2, %"#w"4\n" \ @@ -427,7 +427,7 @@ _ATOMIC_TEST_OP_PROTO(t, op, _lse) \ { \ uint##t##_t mask, old; \ \ - mask = 1u << (val & 0x1f); \ + mask = ((uint##t##_t)1) << (val & (t - 1)); \ __asm __volatile( \ ".arch_extension lse\n" \ "ld"#lse_asm_op" %"#w"2, %"#w"0, [%1]\n" \ -- 2.30.0
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAHgpiFzvm8ZHXj2hOgRLpEMA1eAXpaaew4qBCjo5=cx5ndd2Yg>