[PATCH] arm64: restore get_current() optimisation

Jon Hunter jonathanh at nvidia.com
Thu Mar 2 07:30:26 PST 2017


Hi Mark,

On 02/03/17 12:35, Mark Rutland wrote:
> On Thu, Mar 02, 2017 at 11:35:06AM +0000, Jon Hunter wrote:
>> Hi Mark,
> 
> Hi Jon,
> 
>> On 03/01/17 18:27, Mark Rutland wrote:
>>> Commit c02433dd6de32f04 ("arm64: split thread_info from task stack")
>>> inverted the relationship between get_current() and
>>> current_thread_info(), with sp_el0 now holding the current task_struct
>>> rather than the current thead_info. The new implementation of
>>> get_current() prevents the compiler from being able to optimize repeated
>>> calls to either, resulting in a noticeable penalty in some
>>> microbenchmarks.
>>>
>>> This patch restores the previous optimisation by implementing
>>> get_current() in the same way as our old current_thread_info(), using a
>>> non-volatile asm statement.
> 
>>> +/*
>>> + * We don't use read_sysreg() as we want the compiler to cache the value where
>>> + * possible.
>>> + */
>>>  static __always_inline struct task_struct *get_current(void)
>>>  {
>>> -	return (struct task_struct *)read_sysreg(sp_el0);
>>> +	unsigned long sp_el0;
>>> +
>>> +	asm ("mrs %0, sp_el0" : "=r" (sp_el0));
>>> +
>>> +	return (struct task_struct *)sp_el0;
>>>  }
>>>  
>>>  #define current get_current()
> 
>> I noticed that with v4.10 I am seeing the following panic ...
> 
> Ouch. :(
> 
> For reference, which toolchain are you using? This kind of code tends to be
> toolchain-sensitive.

This is with Ubuntu/Linaro 5.4.0-6ubuntu1~16.04.4. I have also tried ...

gcc version 5.3.1 20160412 (Linaro GCC 5.3-2016.05) 
gcc version 6.2.1 20161016 (Linaro GCC 6.2-2016.11)

... and see the same panic.
 
>> [  184.523390] Unable to handle kernel paging request at virtual address ffff8001bb7a2800
>> [  184.531316] pgd = ffff8000b96b1000
>> [  184.534711] [ffff8001bb7a2800] *pgd=0000000000000000
>> [  184.539670] Internal error: Oops: 96000005 [#1] PREEMPT SMP
> 
> That ESR_EL1 value decodes as a "Data Abort taken without a change in Exception
> level", the DFSC decodes as "Translation fault, level 1", and WnR is clear.
> 
> So we're blowing up on a read of a bogus address.
> 
>> [  184.566458] PC is at regcache_flat_read+0x14/0x20
>> [  184.571155] LR is at regcache_read+0x50/0x78
>> [  184.575417] pc : [<ffff0000085d0c6c>] lr : [<ffff0000085cefa8>] pstate: 400001c5
> 
> Judging by the PC, that read could be any of:
> 
> * the read of map->cache at the start of regcache_flat_read()
> 
> * an inlined regcache_get_index_by_order()'s read of map->reg_stride_order
> 
> * the read of cache[regcache_flat_get_index(map, reg)]
> 
> ... so it seems either map or map->cache is dodgy.
> 
> If you're can addr2line that PC, that should tell us which access is
> blowing up, and therefore which pointer is dodgy.
> 
> We'll want the full output considering inlined functions, i.e.
> 
> ${CROSS_COMPILE}addr2line -ife vmlinux 0xffff0000085d0c6c

This shows ...

regcache_flat_read
/home/jonathanh/workdir/tegra/korg-linux.git/drivers/base/regmap/regcache-flat.c:60
 
>> [  184.582802] sp : ffff8000b964b970
>> [  184.586108] x29: ffff8000b964b970 x28: ffff8000b9584800 
>> [  184.591412] x27: ffff8000b964bcc8 x26: ffff8000b9461000 
>> [  184.596716] x25: 0000000000000000 x24: 0000000000000000 
>> [  184.602019] x23: 00000000ffff8000 x22: ffff8000b964ba1c 
>> [  184.607322] x21: ffff8000b964ba1c x20: 00000000ffff8000 
>> [  184.612626] x19: ffff8000bb7dc400 x18: 0000000000000000 
>> [  184.617928] x17: 0000000000000001 x16: ffff0000081f79e8 
>> [  184.623230] x15: 0000000000497000 x14: 0000000000000000 
>> [  184.628532] x13: 0000000000000001 x12: 0000000005cc6000 
>> [  184.633835] x11: 0000000000000000 x10: ffff8000bc16bf00 
>> [  184.639138] x9 : 0000000000000000 x8 : 0000000000000000 
>> [  184.644441] x7 : ffff8000bff68908 x6 : 0000000000000000 
>> [  184.649742] x5 : ffff000008fc9f00 x4 : ffff8000bb7aa800 
>> [  184.655044] x3 : 0000000000000002 x2 : ffff8000b964ba1c 
>> [  184.660347] x1 : 000000003fffe000 x0 : 0000000000000000 
> 
>> [  185.178203] [<ffff0000085d0c6c>] regcache_flat_read+0x14/0x20
>> [  185.183939] [<ffff0000085cce60>] _regmap_read+0x98/0xe8
>> [  185.189155] [<ffff0000085cd218>] _regmap_update_bits+0xa0/0xf0
>> [  185.194978] [<ffff0000085ce1d8>] regmap_update_bits_base+0x60/0x90
>> [  185.201152] [<ffff000008856c44>] snd_soc_component_update_bits+0x24/0x40
> 
> AFAICT, these don't implicitly access current as part of generating the
> map pointer, so the dodgy pointer must have been generated above this
> level.
> 
> At this level I can't see why current would be involved at all. Beyond this
> point it's rather painful to follow the backtrace due to inlining.
> 
>> [  185.207843] [<ffff00000884e7f4>] dapm_power_widgets+0x474/0x730
>> [  185.213751] [<ffff00000884eb2c>] soc_dapm_mux_update_power.isra.29+0x7c/0xa0
>> [  185.220787] [<ffff00000884eb9c>] snd_soc_dapm_mux_update_power+0x4c/0x88
>> [  185.227479] [<ffff00000886bd04>] tegra210_xbar_put_value_enum+0x1b4/0x228
>> [  185.234256] [<ffff000008830110>] snd_ctl_elem_write+0x110/0x188
>> [  185.240165] [<ffff000008830610>] snd_ctl_ioctl+0xd0/0x798
>> [  185.245557] [<ffff0000081f7354>] do_vfs_ioctl+0xa4/0x738
>> [  185.250859] [<ffff0000081f7a74>] SyS_ioctl+0x8c/0xa0
>> [  185.255818] [<ffff000008082f30>] el0_svc_naked+0x24/0x28
>> [  185.261121] Code: 52800000 b941c883 f9410084 1ac32421 (b8615881) 
>> [  185.267223] ---[ end trace 5f6a6332822eca30 ]---
>>
>> Bisecting the panic ends up at this patch and reverting it on top of v4.10 prevents this from
>> occurring. 
>>
>> The occurs when I start playing audio on Tegra210 using tinymix. I do have some out-of-tree
>> patches for Tegra audio that I am using when seeing this but I have been using those for
>> probably a year or so, as I am gradually upstreaming bits.
>>
>> I am a bit flummoxed by the above, any thoughts?
> 
> Likewise. :/
> 
> It could just be that this happens to change the alignment/size of things, and
> unmasks a latent bug. Possibly, the removal of volatile has allowed some code
> to be reordered, highlighting missing barriers/synchronisation.
> 
> Maybe we are generating current wrong in some case, though I can't see how, and
> this is the only such report I've seen.
> 
> If the commit in question is resulting in get_current() behaving differently,
> it *might* be possible to detect with the hack below. I haven't seen it blow up
> on my test systems.

Unfortunately, that did not catch it :-(
 
> Otherwise, it might be worth giving KASAN a go; that might detect data
> corruption. If you have a recent enough toolchain, you only need enable
> CONFIG_KASAN. This will make your kernel Image a fair amount larger.

I enabled this with gcc 6.2.1 but now the PC is at __asan_load4 ...

[   19.516956] Unable to handle kernel paging request at virtual address ffff100033fcc660
[   19.524940] pgd = ffff80009c4c8000
[   19.528365] [ffff100033fcc660] *pgd=0000000000000000
[   19.533357] Internal error: Oops: 96000006 [#1] PREEMPT SMP
[   19.538949] Modules linked in:
[   19.542033] CPU: 1 PID: 1465 Comm: tinymix Not tainted 4.10.0-00018-g0db5ca31acab #3
[   19.549822] Hardware name: Google Pixel C (DT)
[   19.554289] task: ffff8000a47e0d00 task.stack: ffff8000a3818000
[   19.560239] PC is at __asan_load4+0x24/0xa0
[   19.564450] LR is at regcache_flat_read+0x40/0x68
[   19.569176] pc : [<ffff200008269f94>] lr : [<ffff200008889ec8>] pstate: 200001c5
[   19.576616] sp : ffff8000a381b5a0
[   19.579951] x29: ffff8000a381b5a0 x28: ffff2000092a4240 
[   19.585288] x27: 0000000000000000 x26: 00000000a4c19f80 
[   19.590624] x25: 0000000000000000 x24: 00000000ffff8000 
[   19.595960] x23: ffff8000a381b6c0 x22: ffff80009fe6b300 
[   19.601295] x21: ffff8000a381b6c0 x20: ffff80009f821b00 
[   19.606632] x19: 000000003fffe000 x18: 0000000000000000 
[   19.611967] x17: 0000000000000001 x16: ffff2000082ac7d0 
[   19.617302] x15: 0000000000497000 x14: ffff200008c4f2f0 
[   19.622637] x13: ffff200008c4f264 x12: ffffffffffffffff 
[   19.627972] x11: 0000000000000040 x10: 0000000000000870 
[   19.633307] x9 : ffff8000a381b5a0 x8 : 00000000f4f4f404 
[   19.638642] x7 : ffff1000147036d4 x6 : 00000000f3f3f3f3 
[   19.643976] x5 : 0000000000000000 x4 : ffff80019fe63300 
[   19.649312] x3 : ffff200008889e88 x2 : 0000000000000000 
[   19.654646] x1 : 1ffff00033fcc660 x0 : dfff200000000000 
[   19.659979] 
[   19.661494] Process tinymix (pid: 1465, stack limit = 0xffff8000a3818000)
[   19.668304] Stack: (0xffff8000a381b5a0 to 0xffff8000a381c000)
[   19.674077] b5a0: ffff8000a381b5b0 ffff200008889ec8 ffff8000a381b5e0 ffff200008886ed4
[   19.681955] b5c0: ffff80009f821b00 ffff200009b08580 00000000ffff8000 ffff8000a381b6c0
[   19.689834] b5e0: ffff8000a381b610 ffff200008883908 ffff80009f821b00 ffff80009f821b00
[   19.697711] b600: 00000000ffff8000 ffff80009f821ced ffff8000a381b650 ffff200008883fb8
[   19.705590] b620: 1ffff000147036d4 ffff8000a381b7c0 ffff80009f821b00 0000000000000000
[   19.713467] b640: 00000000ffff8000 ffff200008883f14 ffff8000a381b700 ffff2000088859cc
[   19.721344] b660: ffff80009f821b00 ffff80009f821b30 ffff80009f821bb0 0000000000000000
[   19.729222] b680: 00000000ffff8000 00000000a4c19f80 00000000ffff8000 ffff8000a381b7c0
[   19.737100] b6a0: 0000000041b58ab3 ffff2000094ee250 ffff200008883e88 ffff80009f821b30
[   19.744979] b6c0: ffff200008880c50 0000000000000000 ffff8000a381b6e0 ffff200008880c70
[   19.752856] b6e0: ffff8000a381b700 ffff2000088859a0 ffff8000a381b700 ffff2000088859ac
[   19.760733] b700: ffff8000a381b760 ffff200008c5cad4 1ffff000147036f4 ffff80009ffe5bc0
[   19.768610] b720: 00000000ffff8000 00000000a4c19f80 00000000ffff8000 ffff80009ec442a8
[   19.776489] b740: ffff8000a381bae0 ffff200009c69f80 0000000000000000 ffff200008c5cab0
[   19.784366] b760: ffff8000a381b800 ffff200008c4ed24 ffff80009ee6de00 ffff80009ec44280
[   19.792243] b780: ffff200009c6a168 ffff200009c6a228 ffff200009c6a198 ffff8000a381b8f0
[   19.800120] b7a0: 0000000041b58ab3 ffff20000953f560 ffff200008c5ca38 ffff200008c4c2f0
[   19.807997] b7c0: ffff8000a381b700 ffff8000a381b7c0 ffff200009c6a198 ffff80009f29d500
[   19.815875] b7e0: ffff200009c6a148 ffff200009c69f80 ffff8000a381b800 ffff200008c4ed0c
[   19.823754] b800: ffff8000a381b970 ffff200008c4f264 ffff80009ee6dcc8 ffff20000931e4a0
[   19.831630] b820: 0000000000000008 ffff200009c5c990 ffff80009ee8de00 ffff200009c69f80
[   19.839507] b840: ffff2000092f0d60 0000000000000002 ffff80009ee8de00 0000000000000028
[   19.847384] b860: 1ffff00014703712 ffff2000ffff8000 ffff8000a4c19f80 ffff80009ffe5bc0
[   19.855261] b880: ffff2000092a3000 0000000009b08580 0000000041b58ab3 ffff20000953f2c0
[   19.863138] b8a0: ffff200008c4e480 ffff200008883908 ffff80009ed9c110 ffff80009ed9c110
[   19.871015] b8c0: ffff8000a381b8f0 ffff200008880ca4 ffff80009f821b00 0000000000000000
[   19.878892] b8e0: ffff80009f821b30 ffff200008880c98 ffff8000a381b8f0 ffff8000a381b8f0
[   19.886769] b900: ffff8000a381b930 ffff200008c4be90 ffff80009ecabc00 ffff80009ec443a0
[   19.894647] b920: ffff80009ec44280 ffff200008c4be64 ffff8000a381b930 ffff8000a381b930
[   19.902524] b940: ffff80009ecabc00 ffff20000931e4a0 0000000000000008 ffff200009c5c990
[   19.910403] b960: ffff8000a381b970 ffff200008c4f240 ffff8000a381b9c0 ffff200008c4f2f0
[   19.918281] b980: ffff200009c69f80 ffff8000a381bae0 ffff200009c69fd0 ffff200009c6a210
[   19.926158] b9a0: ffff80009ee8de00 0000000000000001 ffff200009c5c980 ffff200008c4f2d8
[   19.934036] b9c0: ffff8000a381ba10 ffff200008c7bda0 ffff8000a381bb58 ffff2000092f0bf4
[   19.941912] b9e0: ffff8000a381bb08 00000000ff1cf313 0000000000000002 ffff200009c5c980
[   19.949790] ba00: 0000000000000001 ffff200008c7bd80 ffff8000a381bb80 ffff200008c1e9b4
[   19.957667] ba20: ffff8000a3e71100 ffff80009ee8de00 1ffff0001470377c 0000000000000055
[   19.965546] ba40: ffff80009ee8de00 ffff80009f29d500 ffff80009f29d9a0 ffff8000a441f200
[   19.973423] ba60: 0000000000000000 ffff8000a47e0d00 1ffff00014703760 0000000000000050
[   19.981301] ba80: 0000000000000001 0000000000000000 1ffff00014703758 ffff8000a3e71100
[   19.989178] baa0: ffff8000a3e71148 ffff80009ffe5ca0 ffff80009ffe5b80 0000000300000000
[   19.997056] bac0: 0000000041b58ab3 ffff2000095421a0 ffff200008c7bb40 ffff8000a441f210
[   20.004933] bae0: ffff80009ee8de00 3f30031f00000240 ffff800000000000 ffff8000a4c19f80
[   20.012810] bb00: 0000000041b58ab3 ffff20000953e4f0 ff1cf31300000440 ffff200000000000
[   20.020688] bb20: ffff8000a381bb80 ffff200008c1e86c ffff8000a3e71100 0f1f03ff00000040
[   20.028564] bb40: 1ffff00000000001 0000000000000000 0000ffffcc230cc8 ffff80009f29d500
[   20.036443] bb60: ffff80009f29d9a0 ffff8000a441f200 ffff8000a381bb80 ffff200008c1e98c
[   20.044321] bb80: ffff8000a381bc60 ffff200008c1f190 1ffff00014703798 ffff8000a3e71100
[   20.052197] bba0: ffff8000a441f200 0000000000000000 0000ffffcc230cc8 ffff80009f29d500
[   20.060076] bbc0: ffff80009f29dd70 000000000000001d ffff200008e14000 ffff200008213d04
[   20.067953] bbe0: 0000000041b58ab3 ffff20000953e4c0 ffff200008c1e7e8 0000ffffcc230cc8
[   20.075830] bc00: 0000ffffcc230cc8 ffff80009ef4aec0 ffff80009f29d500 000000000000001d
[   20.083707] bc20: ffff8000a381bc30 ffff200008213d2c ffff8000a381bc60 ffff200008c1f148
[   20.091583] bc40: 1ffff00014703798 00000000c4c85513 ffff8000a381bc60 ffff200008c1f16c
[   20.099461] bc60: ffff8000a381bd40 ffff2000082abebc 1ffff000147037b4 00000000c4c85513
[   20.107339] bc80: ffff80009cdbfb80 0000ffffcc230cc8 ffff20000929b0a0 ffff80009ef4aec0
[   20.115216] bca0: 0000000000000123 000000000000001d ffff200008e14000 014000c000000055
[   20.123094] bcc0: 0000000041b58ab3 ffff20000953e4c0 ffff200008c1f058 0000000000000000
[   20.130970] bce0: 0000000000000000 0000000000000000 0000000000000000 ffff80009c455a40
[   20.138847] bd00: ffff7e0002711570 0000000000000000 ffff8000a47e0d00 ffff8000a381bec0
[   20.146725] bd20: ffff8000a381bd30 ffff20000809f5d8 ffff8000a381bd40 ffff2000082abea4
[   20.154602] bd40: ffff8000a381be80 ffff2000082ac85c 0000000000000000 ffff80009cdbfb80
[   20.162479] bd60: ffff80009cdbfb80 0000000000000003 00000000c4c85513 0000ffffcc230cc8
[   20.170355] bd80: 0000000000000123 000000000000001d ffff200008e14000 ffff8000a47e0d00
[   20.178232] bda0: 0000000041b58ab3 ffff2000094dd808 ffff2000082abd88 ffff20000808336c
[   20.186109] bdc0: 0000000000000000 00006000b6877000 ffffffffffffffff 0000000000415230
[   20.193986] bde0: 0000000060000000 0000000000000024 0000000092000047 000000000a148018
[   20.201863] be00: 0000000041b58ab3 ffff2000094cc5c8 ffff200008081360 ffff2000094da138
[   20.209741] be20: ffff200008239b00 ffff80009e48b0f0 ffff8000a381be40 ffff2000082bd2d4
[   20.217617] be40: ffff8000a381be80 ffff2000082ac810 0000000000000000 ffff80009cdbfb80
[   20.225494] be60: ffff80009cdbfb80 0000000000000003 00000000c4c85513 ffff2000082ac7f4
[   20.233370] be80: 0000000000000000 ffff200008083730 0000000000000000 00006000b6877000
[   20.241247] bea0: ffffffffffffffff 000000000041c51c 0000000080000000 0000000000000015
[   20.249125] bec0: 0000000000000003 00000000c4c85513 0000ffffcc230cc8 0000000000000010
[   20.257002] bee0: fffffffffffffff0 0000000000000040 000000000000003f 0000000000000000
[   20.264879] bf00: 000000000000001d 0000000000000004 0101010101010101 0000000000000005
[   20.272756] bf20: ffffffffffffffff 0000000000499000 0000000000499000 0000000000497000
[   20.280634] bf40: 0000ffffcc231528 0000000000000001 0000000000000000 00000000004001a0
[   20.288510] bf60: 0000000000000000 00000000004001a0 0000000000000000 0000000000000000
[   20.296386] bf80: 000000000040559c 00000000004054e4 0000000000000000 0000000000000000
[   20.304263] bfa0: 0000000000000000 0000ffffcc230ca0 0000000000402998 0000ffffcc230ca0
[   20.312139] bfc0: 000000000041c51c 0000000080000000 0000000000000003 000000000000001d
[   20.320016] bfe0: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[   20.327888] Call trace:
[   20.330358] Exception stack(0xffff8000a381b370 to 0xffff8000a381b4a0)
[   20.336821] b360:                                   000000003fffe000 0001000000000000
[   20.344698] b380: ffff8000a381b5a0 ffff200008269f94 00000000200001c5 0000000000000025
[   20.352575] b3a0: 0000000000000000 00000000a4c19f80 0000000041b58ab3 ffff2000094cc5c8
[   20.360452] b3c0: ffff200008081360 0000000000000003 ffff200009729b74 0000000000000008
[   20.368330] b3e0: ffff200008e2fec0 ffff200008e37000 ffff8000a381b400 ffff200008549b64
[   20.376208] b400: ffff8000a381b410 ffff20000811a1ec ffff8000a381b440 ffff20000811a860
[   20.384085] b420: ffff8000a381b430 ffff20000811a2cc ffff8000a381b470 ffff20000811aa60
[   20.391961] b440: 0000000000000002 ffff8000a375ef80 ffff8000bff628e0 0000000000000001
[   20.399838] b460: ffff8000a381b470 ffff20000811a988 dfff200000000000 1ffff00033fcc660
[   20.407715] b480: 0000000000000000 ffff200008889e88 ffff80019fe63300 0000000000000000
[   20.415595] [<ffff200008269f94>] __asan_load4+0x24/0xa0
[   20.420845] [<ffff200008889ec8>] regcache_flat_read+0x40/0x68
[   20.426618] [<ffff200008886ed4>] regcache_read+0x7c/0xa8
[   20.431955] [<ffff200008883908>] _regmap_read+0xd0/0x130
[   20.437292] [<ffff200008883fb8>] _regmap_update_bits+0x130/0x178
[   20.443322] [<ffff2000088859cc>] regmap_update_bits_base+0x84/0xd0
[   20.449532] [<ffff200008c5cad4>] snd_soc_component_update_bits+0x9c/0xf0
[   20.456256] [<ffff200008c4ed24>] dapm_power_widgets+0x8a4/0xd28
[   20.462199] [<ffff200008c4f264>] soc_dapm_mux_update_power.isra.29+0xbc/0xe0
[   20.469270] [<ffff200008c4f2f0>] snd_soc_dapm_mux_update_power+0x68/0xb0
[   20.475996] [<ffff200008c7bda0>] tegra210_xbar_put_value_enum+0x260/0x348
[   20.482809] [<ffff200008c1e9b4>] snd_ctl_elem_write+0x1cc/0x250
[   20.488751] [<ffff200008c1f190>] snd_ctl_ioctl+0x138/0x998
[   20.494263] [<ffff2000082abebc>] do_vfs_ioctl+0x134/0xa48
[   20.499684] [<ffff2000082ac85c>] SyS_ioctl+0x8c/0xa0
[   20.504675] [<ffff200008083730>] el0_svc_naked+0x24/0x28
[   20.510013] Code: d343fc01 aa0003e4 d2c40000 f2fbffe0 (78606822) 
[   20.516180] ---[ end trace 97433b67122c9a34 ]---

Cheers
Jon

-- 
nvpublic



More information about the linux-arm-kernel mailing list