On Mon, 2 Nov 2020 17:41:47 +0100
Petr Mladek <pmla...@suse.com> wrote:
> > + i = atomic_read(&nr_records);
> > + smp_mb__after_atomic();
> > + if (i < 0)
> > + cmpxchg(&recursed_functions[index].ip, ip, 0);
> > + else if (i <= index)
> > + atomic_cmpxchg(&nr_records, i, index + 1);
>
> This looks weird. It would shift nr_records past the record added
> in this call. It might skip many slots that were zeroed when clearing.
> Also we do not know if our entry was not zeroed as well.
nr_records always holds the next position to write to.
index = nr_records;
recursed_functions[index].ip = ip;
nr_records++;
Before clearing, we have:
nr_records = -1;
smp_mb();
memset(recursed_functions, 0);
smp_wmb();
nr_records = 0;
When we enter this function:
i = nr_records;
smp_mb();
if (i < 0)
return;
Thus, we just stopped all new updates while clearing the records.
But what about if something is currently updating?
i = nr_records;
smp_mb();
if (i < 0)
cmpxchg(recursed_functions, ip, 0);
The above shows that if the current updating process notices that the
clearing happens, it will clear the function it added.
else if (i <= index)
cmpxchg(nr_records, i, index + 1);
This makes sure that nr_records only grows if it is greater or equal to
zero.
The only race that I see that can happen, is the one in the comment I
showed. And that is after enabling the recursed functions again after
clearing, one CPU could add a function while another CPU that just added
that same function could be just exiting this routine, notice that a
clearing of the array happened, and remove its function (which was the same
as the one just happened). So we get a "zero" in the array. If this
happens, it is likely that that function will recurse again and will be
added later.
-- Steve
