From owner-svn-src-head@freebsd.org Fri Jun 8 18:37:48 2018 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 10EA1FD06DF; Fri, 8 Jun 2018 18:37:48 +0000 (UTC) (envelope-from kostikbel@gmail.com) Received: from kib.kiev.ua (kib.kiev.ua [IPv6:2001:470:d5e7:1::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 7D7066EAFF; Fri, 8 Jun 2018 18:37:47 +0000 (UTC) (envelope-from kostikbel@gmail.com) Received: from tom.home (kib@localhost [127.0.0.1]) by kib.kiev.ua (8.15.2/8.15.2) with ESMTP id w58IbWct027129; Fri, 8 Jun 2018 21:37:35 +0300 (EEST) (envelope-from kostikbel@gmail.com) DKIM-Filter: OpenDKIM Filter v2.10.3 kib.kiev.ua w58IbWct027129 Received: (from kostik@localhost) by tom.home (8.15.2/8.15.2/Submit) id w58IbWwv027128; Fri, 8 Jun 2018 21:37:32 +0300 (EEST) (envelope-from kostikbel@gmail.com) X-Authentication-Warning: tom.home: kostik set sender to kostikbel@gmail.com using -f Date: Fri, 8 Jun 2018 21:37:32 +0300 From: Konstantin Belousov To: Mark Johnston Cc: Ryan Libby , Mateusz Guzik , Justin Hibbits , src-committers , svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r334708 - head/sys/kern Message-ID: <20180608183732.GK2450@kib.kiev.ua> References: <201806061257.w56CvCwq089369@repo.freebsd.org> <20180606140311.GU2450@kib.kiev.ua> <20180608033242.GA54099@pesky> <20180608173755.GJ2450@kib.kiev.ua> <20180608183010.GC65388@pesky> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20180608183010.GC65388@pesky> User-Agent: Mutt/1.10.0 (2018-05-17) X-Spam-Status: No, score=-2.0 required=5.0 tests=ALL_TRUSTED,BAYES_00, DKIM_ADSP_CUSTOM_MED,FREEMAIL_FROM,NML_ADSP_CUSTOM_MED autolearn=no autolearn_force=no version=3.4.1 X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on tom.home X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Jun 2018 18:37:48 -0000 On Fri, Jun 08, 2018 at 02:30:10PM -0400, Mark Johnston wrote: > On Fri, Jun 08, 2018 at 08:37:55PM +0300, Konstantin Belousov wrote: > > On Thu, Jun 07, 2018 at 11:02:29PM -0700, Ryan Libby wrote: > > > On Thu, Jun 7, 2018 at 10:03 PM, Mateusz Guzik wrote: > > > > Checking it without any locks is perfectly valid in this case. It is done > > > > after v_holdcnt gets bumped from a non-zero value. So at that time it > > > > is at least two. Of course that result is stale as an arbitrary number of > > > > other threads could have bumped and dropped the ref past that point. > > > > The minimum value is 1 since we hold the ref. But this means the > > > > vnode must not be on the free list and that's what the assertion is > > > > verifying. > > > > > > > > The problem is indeed lack of ordering against the code clearing the > > > > flag for the case where 2 threads to vhold and one does the 0->1 > > > > transition. > > > > > > > > That said, the fence is required for the assertion to work. > > > > > > > > > > Yeah, I agree with this logic. What I mean is that reordering between > > > v_holdcnt 0->1 and v_iflag is normally settled by the release and > > > acquisition of the vnode interlock, which we are supposed to hold for > > > v_*i*flag. A quick scan seems to show all of the checks of VI_FREE that > > > are not asserts do hold the vnode interlock. So, I'm just saying that I > > > don't think the possible reordering affects them. > > But do we know that only VI_FREE checks are affected ? > > > > My concern is that users of _vhold() rely on seeing up to date state of the > > vnode, and VI_FREE is only an example of the problem. Most likely, the > > code which fetched the vnode pointer before _vhold() call, should guarantee > > visibility. > > Wouldn't this be a problem only if we permit lockless accesses of vnode > state outside of _vhold() and other vnode subroutines? The current > protocol requires that the interlock be held, and this synchronizes with > code which performs 0->1 and 1->0 transitions of the hold count. If this > requirement is relaxed in the future, then fences would indeed be > needed. I do not claim that my concern is a real problem. I stated it as a thing to look at when deciding whether the fences should be added (unconditionally ?). If you argument is that the only current lock-less protocol for the struct vnode state is the v_holdcnt transitions for > 1, then I can agree with it.