From patchwork Tue Apr 30 20:38:56 2013
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Daniel Vetter <daniel.vetter@ffwll.ch>
X-Patchwork-Id: 2506221
Return-Path: 
 <dri-devel-bounces+patchwork-dri-devel=patchwork.kernel.org@lists.freedesktop.org>
X-Original-To: patchwork-dri-devel@patchwork.kernel.org
Delivered-To: patchwork-process-083081@patchwork1.kernel.org
Received: from gabe.freedesktop.org (gabe.freedesktop.org [131.252.210.177])
	by patchwork1.kernel.org (Postfix) with ESMTP id 96A7D3FD85
	for <patchwork-dri-devel@patchwork.kernel.org>;
	Tue, 30 Apr 2013 20:36:11 +0000 (UTC)
Received: from gabe.freedesktop.org (localhost [127.0.0.1])
	by gabe.freedesktop.org (Postfix) with ESMTP id 5F3F1E60DC
	for <patchwork-dri-devel@patchwork.kernel.org>;
	Tue, 30 Apr 2013 13:36:11 -0700 (PDT)
X-Original-To: dri-devel@lists.freedesktop.org
Delivered-To: dri-devel@lists.freedesktop.org
Received: from mail-we0-f171.google.com (mail-we0-f171.google.com
	[74.125.82.171])
	by gabe.freedesktop.org (Postfix) with ESMTP id 574C1E5F16
	for <dri-devel@lists.freedesktop.org>;
	Tue, 30 Apr 2013 13:35:58 -0700 (PDT)
Received: by mail-we0-f171.google.com with SMTP id t57so795255wey.16
	for <dri-devel@lists.freedesktop.org>;
	Tue, 30 Apr 2013 13:35:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ffwll.ch; s=google;
	h=x-received:from:to:cc:subject:date:message-id:x-mailer:in-reply-to
	:references; bh=t2LXNsg0lMGMq5nl/ka3rTVGtMDxcYOKgWHOnEW0fqM=;
	b=hth31vdDxc2s1eQSDPYx6c9bb06FspBDjwfHa3k/+rwT0psS6q8YWFgfF+Bz6sltFa
	fEZeh+M00c8VGnldezsf7vqxF3459CdDX89O+uAtZj1k183dCP866YhFIxwapCxXK+Pq
	a+CaLk7rRJoew82M6BOzPVNRd6HiNBXOLLAtY=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=google.com; s=20120113;
	h=x-received:from:to:cc:subject:date:message-id:x-mailer:in-reply-to
	:references:x-gm-message-state;
	bh=t2LXNsg0lMGMq5nl/ka3rTVGtMDxcYOKgWHOnEW0fqM=;
	b=ABYZJz+/gwsdqp0ZoJ1UeuXvqBGmo0IK06dxFgZSJi/G41TocHzvrLK7x9G8tDj6yI
	C/w3fuP00gRjK54js4Q9kU92ZiHf47CJ3LzVMFmihn4IvcaGFcVKua8Z5cNavduCyd36
	Tc/G23QHfsN+7qHTsUcHTbncUZ7WSdxXOaw+3sd9lrgZkZ2JaARu2GSAK4V2qBHl0YS6
	NN0/+kwBNDgS/cB6B1a23nXfEFgqeNCVmnM1C7Sd9J18ReiImh+8PeEtLwsCy1KuoKY5
	pNYEp8Z4GUGLUlr2gh0hB+xzwwv7dSSHNkpxod898DxnKoaicbtjvR9X9X1KlbnHBrsP
	pfNQ==
X-Received: by 10.180.183.139 with SMTP id em11mr5677260wic.16.1367354157086;
	Tue, 30 Apr 2013 13:35:57 -0700 (PDT)
Received: from phenom.ffwll.local (178-83-130-250.dynamic.hispeed.ch.
	[178.83.130.250]) by mx.google.com with ESMTPSA id
	a9sm29285474wiv.0.2013.04.30.13.35.55 for <multiple recipients>
	(version=TLSv1.2 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
	Tue, 30 Apr 2013 13:35:56 -0700 (PDT)
From: Daniel Vetter <daniel.vetter@ffwll.ch>
To: LKML <linux-kernel@vger.kernel.org>
Subject: [PATCH] [RFC] mutex: w/w mutex slowpath debugging
Date: Tue, 30 Apr 2013 22:38:56 +0200
Message-Id: <1367354336-13719-1-git-send-email-daniel.vetter@ffwll.ch>
X-Mailer: git-send-email 1.7.10.4
In-Reply-To: <1367350179.30667.70.camel@gandalf.local.home>
References: <1367350179.30667.70.camel@gandalf.local.home>
X-Gm-Message-State: 
 ALoCoQmEdovZLsB9/jExi5Q05tJ+T2ovv/sP+EhLUIFQe3Sjp/1w1F5PJG3EW91FK6CbAi9Qa265
Cc: linux-arch@vger.kernel.org, peterz@infradead.org,
	Daniel Vetter <daniel.vetter@ffwll.ch>, x86@kernel.org,
	dri-devel@lists.freedesktop.org, linaro-mm-sig@lists.linaro.org,
	robclark@gmail.com, rostedt@goodmis.org, tglx@linutronix.de,
	mingo@elte.hu, linux-media@vger.kernel.org
X-BeenThere: dri-devel@lists.freedesktop.org
X-Mailman-Version: 2.1.13
Precedence: list
List-Id: Direct Rendering Infrastructure - Development
	<dri-devel.lists.freedesktop.org>
List-Unsubscribe: <http://lists.freedesktop.org/mailman/options/dri-devel>,
	<mailto:dri-devel-request@lists.freedesktop.org?subject=unsubscribe>
List-Archive: <http://lists.freedesktop.org/archives/dri-devel>
List-Post: <mailto:dri-devel@lists.freedesktop.org>
List-Help: <mailto:dri-devel-request@lists.freedesktop.org?subject=help>
List-Subscribe: <http://lists.freedesktop.org/mailman/listinfo/dri-devel>,
	<mailto:dri-devel-request@lists.freedesktop.org?subject=subscribe>
MIME-Version: 1.0
Sender: 
 dri-devel-bounces+patchwork-dri-devel=patchwork.kernel.org@lists.freedesktop.org
Errors-To: 
 dri-devel-bounces+patchwork-dri-devel=patchwork.kernel.org@lists.freedesktop.org

Injects EDEADLK conditions at pseudo-random interval, with exponential
backoff up to UINT_MAX (to ensure that every lock operation still
completes in a reasonable time).

This way we can test the wound slowpath even for ww mutex users where
contention is never expected, and the ww deadlock avoidance algorithm
is only needed for correctness against malicious userspace. An example
would be protecting kernel modesetting properties, which thanks to
single-threaded X isn't really expected to contend, ever.

I've looked into using the CONFIG_FAULT_INJECTION infrastructure, but
decided against it for two reasons:

- EDEADLK handling is mandatory for ww mutex users and should never
  affect the outcome of a syscall. This is in contrast to -ENOMEM
  injection. So fine configurability isn't required.

- The fault injection framework only allows to set a simple
  probability for failure. Now the probability that a ww mutex acquire
  stage with N locks will never complete (due to too many injected
  EDEADLK backoffs) is zero. But the expected number of ww_mutex_lock
  operations for the completely uncontended case would be O(exp(N)).
  The per-acuiqire ctx exponential backoff solution choosen here only
  results in O(log N) overhead due to injection and so O(log N * N)
  lock operations. This way we can fail with high probability (and so
  have good test coverage even for fancy backoff and lock acquisition
  paths) without running into patalogical cases.

Note that EDEADLK will only ever be injected when we managed to
acquire the lock. This prevents any behaviour changes for users which
rely on the EALREADY semantics.

v2: Drop the cargo-culted __sched (I should read docs next time
around) and annotate the non-debug case with inline to prevent gcc
from doing something horrible.

Cc: Steven Rostedt <rostedt@goodmis.org>
Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch>
---
 include/linux/mutex.h |    8 ++++++++
 kernel/mutex.c        |   32 ++++++++++++++++++++++++++++++++
 lib/Kconfig.debug     |   10 ++++++++++
 3 files changed, 50 insertions(+)

diff --git a/include/linux/mutex.h b/include/linux/mutex.h
index 004f863..82d56ec 100644
--- a/include/linux/mutex.h
+++ b/include/linux/mutex.h
@@ -93,6 +93,10 @@ struct ww_acquire_ctx {
 #ifdef CONFIG_DEBUG_LOCK_ALLOC
 	struct lockdep_map dep_map;
 #endif
+#ifdef CONFIG_DEBUG_WW_MUTEX_SLOWPATH
+	unsigned deadlock_inject_interval;
+	unsigned deadlock_inject_countdown;
+#endif
 };
 
 struct ww_mutex {
@@ -278,6 +282,10 @@ static inline void ww_acquire_init(struct ww_acquire_ctx *ctx,
 			 &ww_class->acquire_key, 0);
 	mutex_acquire(&ctx->dep_map, 0, 0, _RET_IP_);
 #endif
+#ifdef CONFIG_DEBUG_WW_MUTEX_SLOWPATH
+	ctx->deadlock_inject_interval = ctx->stamp & 0xf;
+	ctx->deadlock_inject_countdown = ctx->deadlock_inject_interval;
+#endif
 }
 
 /**
diff --git a/kernel/mutex.c b/kernel/mutex.c
index 66807c7..816fdfc 100644
--- a/kernel/mutex.c
+++ b/kernel/mutex.c
@@ -827,6 +827,36 @@ int __sched mutex_trylock(struct mutex *lock)
 EXPORT_SYMBOL(mutex_trylock);
 
 #ifndef CONFIG_DEBUG_LOCK_ALLOC
+
+#ifdef CONFIG_DEBUG_WW_MUTEX_SLOWPATH
+static int
+ww_mutex_deadlock_injection(struct ww_mutex *lock, struct ww_acquire_ctx *ctx)
+{
+	if (ctx->deadlock_inject_countdown-- == 0) {
+		tmp = ctx->deadlock_inject_interval;
+		if (tmp > UINT_MAX/4)
+			tmp = UINT_MAX;
+		else
+			tmp = tmp*2 + tmp + tmp/2;
+
+		ctx->deadlock_inject_interval = tmp;
+		ctx->deadlock_inject_countdown = tmp;
+
+		ww_mutex_unlock(lock);
+
+		return -EDEADLK;
+	}
+
+	return 0;
+}
+#else
+static inline int
+ww_mutex_deadlock_injection(struct ww_mutex *lock, struct ww_acquire_ctx *ctx)
+{
+	return 0;
+}
+#endif
+
 int __sched
 ww_mutex_lock(struct ww_mutex *lock, struct ww_acquire_ctx *ctx)
 {
@@ -839,6 +869,7 @@ ww_mutex_lock(struct ww_mutex *lock, struct ww_acquire_ctx *ctx)
 	if (likely(!ret)) {
 		ww_mutex_set_context_fastpath(lock, ctx);
 		mutex_set_owner(&lock->base);
+		return ww_mutex_deadlock_injection(lock, ctx);
 	} else
 		ret = __ww_mutex_lock_slowpath(lock, ctx);
 	return ret;
@@ -857,6 +888,7 @@ ww_mutex_lock_interruptible(struct ww_mutex *lock, struct ww_acquire_ctx *ctx)
 	if (likely(!ret)) {
 		ww_mutex_set_context_fastpath(lock, ctx);
 		mutex_set_owner(&lock->base);
+		return ww_mutex_deadlock_injection(lock, ctx);
 	} else
 		ret = __ww_mutex_lock_interruptible_slowpath(lock, ctx);
 	return ret;
diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug
index 28be08c..8c41f73 100644
--- a/lib/Kconfig.debug
+++ b/lib/Kconfig.debug
@@ -547,6 +547,16 @@ config DEBUG_MUTEXES
 	 This feature allows mutex semantics violations to be detected and
 	 reported.
 
+config DEBUG_WW_MUTEX_SLOWPATH
+	bool "Wait/wound mutex debugging: Slowpath testing"
+	depends on DEBUG_KERNEL
+	help
+	 This feature enables slowpath testing for w/w mutex users by
+	 injecting additional -EDEADLK wound/backoff cases. Together with
+	 the full mutex checks enabled with (CONFIG_PROVE_LOCKING) this
+	 will test all possible w/w mutex interface abuse with the
+	 exception of simply not acquiring all the required locks.
+
 config DEBUG_LOCK_ALLOC
 	bool "Lock debugging: detect incorrect freeing of live locks"
 	depends on DEBUG_KERNEL && TRACE_IRQFLAGS_SUPPORT && STACKTRACE_SUPPORT && LOCKDEP_SUPPORT