2006-06-25 20:48:02 -04:00
|
|
|
/*
|
2020-06-04 11:25:40 -04:00
|
|
|
* include/haproxy/task.h
|
2010-08-27 11:56:48 -04:00
|
|
|
* Functions for task management.
|
|
|
|
|
*
|
2020-06-04 11:25:40 -04:00
|
|
|
* Copyright (C) 2000-2020 Willy Tarreau - w@1wt.eu
|
2010-08-27 11:56:48 -04:00
|
|
|
*
|
|
|
|
|
* This library is free software; you can redistribute it and/or
|
|
|
|
|
* modify it under the terms of the GNU Lesser General Public
|
|
|
|
|
* License as published by the Free Software Foundation, version 2.1
|
|
|
|
|
* exclusively.
|
|
|
|
|
*
|
|
|
|
|
* This library is distributed in the hope that it will be useful,
|
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
|
|
|
* Lesser General Public License for more details.
|
|
|
|
|
*
|
|
|
|
|
* You should have received a copy of the GNU Lesser General Public
|
|
|
|
|
* License along with this library; if not, write to the Free Software
|
|
|
|
|
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
|
|
|
|
|
*/
|
2006-06-25 20:48:02 -04:00
|
|
|
|
2020-06-04 11:25:40 -04:00
|
|
|
#ifndef _HAPROXY_TASK_H
|
|
|
|
|
#define _HAPROXY_TASK_H
|
2006-06-25 20:48:02 -04:00
|
|
|
|
|
|
|
|
|
|
|
|
|
#include <sys/time.h>
|
2006-06-29 12:54:54 -04:00
|
|
|
|
2020-06-04 11:25:40 -04:00
|
|
|
#include <import/eb32sctree.h>
|
|
|
|
|
#include <import/eb32tree.h>
|
|
|
|
|
|
2020-05-27 06:58:42 -04:00
|
|
|
#include <haproxy/api.h>
|
2020-06-04 11:25:40 -04:00
|
|
|
#include <haproxy/fd.h>
|
2020-06-04 11:05:57 -04:00
|
|
|
#include <haproxy/global.h>
|
2020-06-01 06:09:26 -04:00
|
|
|
#include <haproxy/intops.h>
|
2020-05-27 12:01:47 -04:00
|
|
|
#include <haproxy/list.h>
|
2020-06-04 11:25:40 -04:00
|
|
|
#include <haproxy/pool.h>
|
|
|
|
|
#include <haproxy/task-t.h>
|
2020-05-28 09:29:19 -04:00
|
|
|
#include <haproxy/thread.h>
|
2020-06-04 11:25:40 -04:00
|
|
|
#include <haproxy/ticks.h>
|
2017-09-27 08:59:38 -04:00
|
|
|
|
2019-09-24 08:55:28 -04:00
|
|
|
|
2009-03-08 10:53:06 -04:00
|
|
|
/* Principle of the wait queue.
|
|
|
|
|
*
|
|
|
|
|
* We want to be able to tell whether an expiration date is before of after the
|
|
|
|
|
* current time <now>. We KNOW that expiration dates are never too far apart,
|
|
|
|
|
* because they are measured in ticks (milliseconds). We also know that almost
|
|
|
|
|
* all dates will be in the future, and that a very small part of them will be
|
|
|
|
|
* in the past, they are the ones which have expired since last time we checked
|
|
|
|
|
* them. Using ticks, we know if a date is in the future or in the past, but we
|
|
|
|
|
* cannot use that to store sorted information because that reference changes
|
|
|
|
|
* all the time.
|
|
|
|
|
*
|
2009-03-21 05:01:42 -04:00
|
|
|
* We'll use the fact that the time wraps to sort timers. Timers above <now>
|
|
|
|
|
* are in the future, timers below <now> are in the past. Here, "above" and
|
|
|
|
|
* "below" are to be considered modulo 2^31.
|
2009-03-08 10:53:06 -04:00
|
|
|
*
|
2009-03-21 05:01:42 -04:00
|
|
|
* Timers are stored sorted in an ebtree. We use the new ability for ebtrees to
|
|
|
|
|
* lookup values starting from X to only expire tasks between <now> - 2^31 and
|
|
|
|
|
* <now>. If the end of the tree is reached while walking over it, we simply
|
|
|
|
|
* loop back to the beginning. That way, we have no problem keeping sorted
|
|
|
|
|
* wrapping timers in a tree, between (now - 24 days) and (now + 24 days). The
|
|
|
|
|
* keys in the tree always reflect their real position, none can be infinite.
|
|
|
|
|
* This reduces the number of checks to be performed.
|
2009-03-08 10:53:06 -04:00
|
|
|
*
|
|
|
|
|
* Another nice optimisation is to allow a timer to stay at an old place in the
|
|
|
|
|
* queue as long as it's not further than the real expiration date. That way,
|
|
|
|
|
* we use the tree as a place holder for a minorant of the real expiration
|
|
|
|
|
* date. Since we have a very low chance of hitting a timeout anyway, we can
|
|
|
|
|
* bounce the nodes to their right place when we scan the tree if we encounter
|
|
|
|
|
* a misplaced node once in a while. This even allows us not to remove the
|
|
|
|
|
* infinite timers from the wait queue.
|
|
|
|
|
*
|
|
|
|
|
* So, to summarize, we have :
|
|
|
|
|
* - node->key always defines current position in the wait queue
|
|
|
|
|
* - timer is the real expiration date (possibly infinite)
|
2009-03-21 05:01:42 -04:00
|
|
|
* - node->key is always before or equal to timer
|
2009-03-08 10:53:06 -04:00
|
|
|
*
|
|
|
|
|
* The run queue works similarly to the wait queue except that the current date
|
|
|
|
|
* is replaced by an insertion counter which can also wrap without any problem.
|
|
|
|
|
*/
|
|
|
|
|
|
2009-03-21 05:01:42 -04:00
|
|
|
/* The farthest we can look back in a timer tree */
|
|
|
|
|
#define TIMER_LOOK_BACK (1U << 31)
|
2009-03-08 10:53:06 -04:00
|
|
|
|
2020-06-04 11:25:40 -04:00
|
|
|
/* tasklets are recognized with nice==-32768 */
|
|
|
|
|
#define TASK_IS_TASKLET(t) ((t)->nice == -32768)
|
|
|
|
|
|
|
|
|
|
|
2009-03-08 10:53:06 -04:00
|
|
|
/* a few exported variables */
|
2009-03-21 13:13:21 -04:00
|
|
|
extern unsigned int nb_tasks; /* total number of tasks */
|
2019-05-16 11:37:27 -04:00
|
|
|
extern volatile unsigned long global_tasks_mask; /* Mask of threads with tasks in the global runqueue */
|
2016-12-06 03:15:30 -05:00
|
|
|
extern unsigned int tasks_run_queue; /* run queue size */
|
|
|
|
|
extern unsigned int tasks_run_queue_cur;
|
2009-03-21 13:33:52 -04:00
|
|
|
extern unsigned int nb_tasks_cur;
|
2008-06-30 01:51:00 -04:00
|
|
|
extern unsigned int niced_tasks; /* number of niced tasks in the run queue */
|
2017-11-24 11:34:44 -05:00
|
|
|
extern struct pool_head *pool_head_task;
|
2018-05-18 12:45:28 -04:00
|
|
|
extern struct pool_head *pool_head_tasklet;
|
2017-11-24 11:34:44 -05:00
|
|
|
extern struct pool_head *pool_head_notification;
|
2019-09-24 02:25:15 -04:00
|
|
|
extern THREAD_LOCAL struct task_per_thread *sched; /* current's thread scheduler context */
|
2020-06-04 11:25:40 -04:00
|
|
|
|
2018-06-06 08:22:03 -04:00
|
|
|
#ifdef USE_THREAD
|
2018-10-15 08:52:21 -04:00
|
|
|
extern struct eb_root timers; /* sorted timers tree, global */
|
2018-05-18 12:38:23 -04:00
|
|
|
extern struct eb_root rqueue; /* tree constituting the run queue */
|
2018-06-06 08:22:03 -04:00
|
|
|
#endif
|
2018-07-26 09:59:38 -04:00
|
|
|
|
2018-10-15 10:12:48 -04:00
|
|
|
extern struct task_per_thread task_per_thread[MAX_THREADS];
|
2017-11-13 04:34:01 -05:00
|
|
|
|
2020-06-05 02:40:51 -04:00
|
|
|
__decl_thread(extern HA_SPINLOCK_T rq_lock); /* spin lock related to run queue */
|
|
|
|
|
__decl_thread(extern HA_RWLOCK_T wq_lock); /* RW lock related to the wait queue */
|
2007-05-13 13:43:47 -04:00
|
|
|
|
2020-06-30 05:48:48 -04:00
|
|
|
void task_kill(struct task *t);
|
2020-06-04 11:25:40 -04:00
|
|
|
void __task_wakeup(struct task *t, struct eb_root *);
|
|
|
|
|
void __task_queue(struct task *task, struct eb_root *wq);
|
|
|
|
|
|
|
|
|
|
struct work_list *work_list_create(int nbthread,
|
|
|
|
|
struct task *(*fct)(struct task *, void *, unsigned short),
|
|
|
|
|
void *arg);
|
|
|
|
|
void work_list_destroy(struct work_list *work, int nbthread);
|
2020-06-24 04:17:29 -04:00
|
|
|
unsigned int run_tasks_from_lists(unsigned int budgets[]);
|
2020-06-04 11:25:40 -04:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* This does 3 things :
|
|
|
|
|
* - wake up all expired tasks
|
|
|
|
|
* - call all runnable tasks
|
|
|
|
|
* - return the date of next event in <next> or eternity.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
void process_runnable_tasks();
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Extract all expired timers from the timer queue, and wakes up all
|
|
|
|
|
* associated tasks.
|
|
|
|
|
*/
|
|
|
|
|
void wake_expired_tasks();
|
|
|
|
|
|
|
|
|
|
/* Checks the next timer for the current thread by looking into its own timer
|
|
|
|
|
* list and the global one. It may return TICK_ETERNITY if no timer is present.
|
|
|
|
|
* Note that the next timer might very well be slightly in the past.
|
|
|
|
|
*/
|
|
|
|
|
int next_timer_expiry();
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Delete every tasks before running the master polling loop
|
|
|
|
|
*/
|
|
|
|
|
void mworker_cleantasks();
|
|
|
|
|
|
|
|
|
|
|
2018-08-01 09:58:44 -04:00
|
|
|
|
2009-03-07 11:25:21 -05:00
|
|
|
/* return 0 if task is in run queue, otherwise non-zero */
|
|
|
|
|
static inline int task_in_rq(struct task *t)
|
|
|
|
|
{
|
2018-05-18 12:45:28 -04:00
|
|
|
/* Check if leaf_p is NULL, in case he's not in the runqueue, and if
|
|
|
|
|
* it's not 0x1, which would mean it's in the tasklet list.
|
|
|
|
|
*/
|
2019-04-17 13:13:07 -04:00
|
|
|
return t->rq.node.leaf_p != NULL;
|
2009-03-07 11:25:21 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* return 0 if task is in wait queue, otherwise non-zero */
|
|
|
|
|
static inline int task_in_wq(struct task *t)
|
|
|
|
|
{
|
|
|
|
|
return t->wq.node.leaf_p != NULL;
|
|
|
|
|
}
|
|
|
|
|
|
2020-06-04 11:25:40 -04:00
|
|
|
/* returns true if the current thread has some work to do */
|
|
|
|
|
static inline int thread_has_tasks(void)
|
|
|
|
|
{
|
|
|
|
|
return (!!(global_tasks_mask & tid_bit) |
|
|
|
|
|
(sched->rqueue_size > 0) |
|
2020-06-24 03:39:48 -04:00
|
|
|
!!sched->tl_class_mask |
|
2020-06-04 11:25:40 -04:00
|
|
|
!MT_LIST_ISEMPTY(&sched->shared_tasklet_list));
|
|
|
|
|
}
|
|
|
|
|
|
2008-08-29 12:19:04 -04:00
|
|
|
/* puts the task <t> in run queue with reason flags <f>, and returns <t> */
|
2018-05-18 12:38:23 -04:00
|
|
|
/* This will put the task in the local runqueue if the task is only runnable
|
|
|
|
|
* by the current thread, in the global runqueue otherwies.
|
|
|
|
|
*/
|
|
|
|
|
static inline void task_wakeup(struct task *t, unsigned int f)
|
2008-08-29 09:26:14 -04:00
|
|
|
{
|
2018-05-18 12:38:23 -04:00
|
|
|
unsigned short state;
|
|
|
|
|
|
|
|
|
|
#ifdef USE_THREAD
|
|
|
|
|
struct eb_root *root;
|
|
|
|
|
|
2018-05-18 12:45:28 -04:00
|
|
|
if (t->thread_mask == tid_bit || global.nbthread == 1)
|
2019-09-24 02:25:15 -04:00
|
|
|
root = &sched->rqueue;
|
2018-05-18 12:38:23 -04:00
|
|
|
else
|
|
|
|
|
root = &rqueue;
|
|
|
|
|
#else
|
2019-09-24 02:25:15 -04:00
|
|
|
struct eb_root *root = &sched->rqueue;
|
2018-05-18 12:38:23 -04:00
|
|
|
#endif
|
|
|
|
|
|
2019-04-17 05:47:18 -04:00
|
|
|
state = _HA_ATOMIC_OR(&t->state, f);
|
|
|
|
|
while (!(state & (TASK_RUNNING | TASK_QUEUED))) {
|
2019-04-17 14:52:51 -04:00
|
|
|
if (_HA_ATOMIC_CAS(&t->state, &state, state | TASK_QUEUED)) {
|
|
|
|
|
__task_wakeup(t, root);
|
2019-04-17 05:47:18 -04:00
|
|
|
break;
|
2019-04-17 14:52:51 -04:00
|
|
|
}
|
2019-04-17 05:47:18 -04:00
|
|
|
}
|
2008-08-29 09:26:14 -04:00
|
|
|
}
|
2006-06-25 20:48:02 -04:00
|
|
|
|
2009-03-07 11:25:21 -05:00
|
|
|
/*
|
|
|
|
|
* Unlink the task from the wait queue, and possibly update the last_timer
|
|
|
|
|
* pointer. A pointer to the task itself is returned. The task *must* already
|
|
|
|
|
* be in the wait queue before calling this function. If unsure, use the safer
|
|
|
|
|
* task_unlink_wq() function.
|
2006-06-25 20:48:02 -04:00
|
|
|
*/
|
2009-03-07 11:25:21 -05:00
|
|
|
static inline struct task *__task_unlink_wq(struct task *t)
|
|
|
|
|
{
|
|
|
|
|
eb32_delete(&t->wq);
|
|
|
|
|
return t;
|
|
|
|
|
}
|
|
|
|
|
|
2018-10-15 08:52:21 -04:00
|
|
|
/* remove a task from its wait queue. It may either be the local wait queue if
|
BUG/MAJOR: task: add a new TASK_SHARED_WQ flag to fix foreing requeuing
Since 1.9 with commit b20aa9eef3 ("MAJOR: tasks: create per-thread wait
queues") a task bound to a single thread will not use locks when being
queued or dequeued because the wait queue is assumed to be the owner
thread's.
But there exists a rare situation where this is not true: the health
check tasks may be running on one thread waiting for a response, and
may in parallel be requeued by another thread calling health_adjust()
after a detecting a response error in traffic when "observe l7" is set,
and "fastinter" is lower than "inter", requiring to shorten the running
check's timeout. In this case, the task being requeued was present in
another thread's wait queue, thus opening a race during task_unlink_wq(),
and gets requeued into the calling thread's wait queue instead of the
running one's, opening a second race here.
This patch aims at protecting against the risk of calling task_unlink_wq()
from one thread while the task is queued on another thread, hence unlocked,
by introducing a new TASK_SHARED_WQ flag.
This new flag indicates that a task's position in the wait queue may be
adjusted by other threads than then one currently executing it. This means
that such WQ manipulations must be performed under a lock. There are two
types of such tasks:
- the global ones, using the global wait queue (technically speaking,
those whose thread_mask has at least 2 bits set).
- some local ones, which for now will be placed into the global wait
queue as well in order to benefit from its lock.
The flag is automatically set on initialization if the task's thread mask
indicates more than one thread. The caller must also set it if it intends
to let other threads update the task's expiration delay (e.g. delegated
I/Os), or if it intends to change the task's affinity over time as this
could lead to the same situation.
Right now only the situation described above seems to be affected by this
issue, and it is very difficult to trigger, and even then, will often have
no visible effect beyond stopping the checks for example once the race is
met. On my laptop it is feasible with the following config, chained to
httpterm:
global
maxconn 400 # provoke FD errors, calling health_adjust()
defaults
mode http
timeout client 10s
timeout server 10s
timeout connect 10s
listen px
bind :8001
option httpchk /?t=50
server sback 127.0.0.1:8000 backup
server-template s 0-999 127.0.0.1:8000 check port 8001 inter 100 fastinter 10 observe layer7
This patch will automatically address the case for the checks because
check tasks are created with multiple threads bound and will get the
TASK_SHARED_WQ flag set.
If in the future more tasks need to rely on this (multi-threaded muxes
for example) and the use of the global wait queue becomes a bottleneck
again, then it should not be too difficult to place locks on the local
wait queues and queue the task on its bound thread.
This patch needs to be backported to 2.1, 2.0 and 1.9. It depends on
previous patch "MINOR: task: only check TASK_WOKEN_ANY to decide to
requeue a task".
Many thanks to William Dauchy for providing detailed traces allowing to
spot the problem.
2019-12-19 01:39:06 -05:00
|
|
|
* the task is bound to a single thread or the global queue. If the task uses a
|
|
|
|
|
* shared wait queue, the global wait queue lock is used.
|
2018-10-15 08:52:21 -04:00
|
|
|
*/
|
2009-03-07 11:25:21 -05:00
|
|
|
static inline struct task *task_unlink_wq(struct task *t)
|
2006-06-25 20:48:02 -04:00
|
|
|
{
|
BUG/MAJOR: fd/threads, task/threads: ensure all spin locks are unlocked
Calculate if the fd or task should be locked once, before locking, and
reuse the calculation when determing when to unlock.
Fixes a race condition added in 87d54a9a for fds, and b20aa9ee for tasks,
released in 1.9-dev4. When one thread modifies thread_mask to be a single
thread for a task or fd while a second thread has locked or is waiting on a
lock for that task or fd, the second thread will not unlock it. For FDs,
this is observable when a listener is polled by multiple threads, and is
closed while those threads have events pending. For tasks, this seems
possible, where task_set_affinity is called, but I did not observe it.
This must be backported to 1.9.
2019-02-20 15:43:45 -05:00
|
|
|
unsigned long locked;
|
|
|
|
|
|
2018-10-15 08:52:21 -04:00
|
|
|
if (likely(task_in_wq(t))) {
|
BUG/MAJOR: task: add a new TASK_SHARED_WQ flag to fix foreing requeuing
Since 1.9 with commit b20aa9eef3 ("MAJOR: tasks: create per-thread wait
queues") a task bound to a single thread will not use locks when being
queued or dequeued because the wait queue is assumed to be the owner
thread's.
But there exists a rare situation where this is not true: the health
check tasks may be running on one thread waiting for a response, and
may in parallel be requeued by another thread calling health_adjust()
after a detecting a response error in traffic when "observe l7" is set,
and "fastinter" is lower than "inter", requiring to shorten the running
check's timeout. In this case, the task being requeued was present in
another thread's wait queue, thus opening a race during task_unlink_wq(),
and gets requeued into the calling thread's wait queue instead of the
running one's, opening a second race here.
This patch aims at protecting against the risk of calling task_unlink_wq()
from one thread while the task is queued on another thread, hence unlocked,
by introducing a new TASK_SHARED_WQ flag.
This new flag indicates that a task's position in the wait queue may be
adjusted by other threads than then one currently executing it. This means
that such WQ manipulations must be performed under a lock. There are two
types of such tasks:
- the global ones, using the global wait queue (technically speaking,
those whose thread_mask has at least 2 bits set).
- some local ones, which for now will be placed into the global wait
queue as well in order to benefit from its lock.
The flag is automatically set on initialization if the task's thread mask
indicates more than one thread. The caller must also set it if it intends
to let other threads update the task's expiration delay (e.g. delegated
I/Os), or if it intends to change the task's affinity over time as this
could lead to the same situation.
Right now only the situation described above seems to be affected by this
issue, and it is very difficult to trigger, and even then, will often have
no visible effect beyond stopping the checks for example once the race is
met. On my laptop it is feasible with the following config, chained to
httpterm:
global
maxconn 400 # provoke FD errors, calling health_adjust()
defaults
mode http
timeout client 10s
timeout server 10s
timeout connect 10s
listen px
bind :8001
option httpchk /?t=50
server sback 127.0.0.1:8000 backup
server-template s 0-999 127.0.0.1:8000 check port 8001 inter 100 fastinter 10 observe layer7
This patch will automatically address the case for the checks because
check tasks are created with multiple threads bound and will get the
TASK_SHARED_WQ flag set.
If in the future more tasks need to rely on this (multi-threaded muxes
for example) and the use of the global wait queue becomes a bottleneck
again, then it should not be too difficult to place locks on the local
wait queues and queue the task on its bound thread.
This patch needs to be backported to 2.1, 2.0 and 1.9. It depends on
previous patch "MINOR: task: only check TASK_WOKEN_ANY to decide to
requeue a task".
Many thanks to William Dauchy for providing detailed traces allowing to
spot the problem.
2019-12-19 01:39:06 -05:00
|
|
|
locked = t->state & TASK_SHARED_WQ;
|
2020-07-22 08:29:42 -04:00
|
|
|
BUG_ON(!locked && t->thread_mask != tid_bit);
|
BUG/MAJOR: fd/threads, task/threads: ensure all spin locks are unlocked
Calculate if the fd or task should be locked once, before locking, and
reuse the calculation when determing when to unlock.
Fixes a race condition added in 87d54a9a for fds, and b20aa9ee for tasks,
released in 1.9-dev4. When one thread modifies thread_mask to be a single
thread for a task or fd while a second thread has locked or is waiting on a
lock for that task or fd, the second thread will not unlock it. For FDs,
this is observable when a listener is polled by multiple threads, and is
closed while those threads have events pending. For tasks, this seems
possible, where task_set_affinity is called, but I did not observe it.
This must be backported to 1.9.
2019-02-20 15:43:45 -05:00
|
|
|
if (locked)
|
2019-05-28 12:48:07 -04:00
|
|
|
HA_RWLOCK_WRLOCK(TASK_WQ_LOCK, &wq_lock);
|
2009-03-07 11:25:21 -05:00
|
|
|
__task_unlink_wq(t);
|
BUG/MAJOR: fd/threads, task/threads: ensure all spin locks are unlocked
Calculate if the fd or task should be locked once, before locking, and
reuse the calculation when determing when to unlock.
Fixes a race condition added in 87d54a9a for fds, and b20aa9ee for tasks,
released in 1.9-dev4. When one thread modifies thread_mask to be a single
thread for a task or fd while a second thread has locked or is waiting on a
lock for that task or fd, the second thread will not unlock it. For FDs,
this is observable when a listener is polled by multiple threads, and is
closed while those threads have events pending. For tasks, this seems
possible, where task_set_affinity is called, but I did not observe it.
This must be backported to 1.9.
2019-02-20 15:43:45 -05:00
|
|
|
if (locked)
|
2019-05-28 12:48:07 -04:00
|
|
|
HA_RWLOCK_WRUNLOCK(TASK_WQ_LOCK, &wq_lock);
|
2018-10-15 08:52:21 -04:00
|
|
|
}
|
2007-04-29 04:41:56 -04:00
|
|
|
return t;
|
2006-06-25 20:48:02 -04:00
|
|
|
}
|
|
|
|
|
|
2020-06-04 11:25:40 -04:00
|
|
|
/* Place <task> into the wait queue, where it may already be. If the expiration
|
|
|
|
|
* timer is infinite, do nothing and rely on wake_expired_task to clean up.
|
|
|
|
|
* If the task uses a shared wait queue, it's queued into the global wait queue,
|
|
|
|
|
* protected by the global wq_lock, otherwise by it necessarily belongs to the
|
|
|
|
|
* current thread'sand is queued without locking.
|
|
|
|
|
*/
|
|
|
|
|
static inline void task_queue(struct task *task)
|
|
|
|
|
{
|
|
|
|
|
/* If we already have a place in the wait queue no later than the
|
|
|
|
|
* timeout we're trying to set, we'll stay there, because it is very
|
|
|
|
|
* unlikely that we will reach the timeout anyway. If the timeout
|
|
|
|
|
* has been disabled, it's useless to leave the queue as well. We'll
|
|
|
|
|
* rely on wake_expired_tasks() to catch the node and move it to the
|
|
|
|
|
* proper place should it ever happen. Finally we only add the task
|
|
|
|
|
* to the queue if it was not there or if it was further than what
|
|
|
|
|
* we want.
|
|
|
|
|
*/
|
|
|
|
|
if (!tick_isset(task->expire))
|
|
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
#ifdef USE_THREAD
|
|
|
|
|
if (task->state & TASK_SHARED_WQ) {
|
|
|
|
|
HA_RWLOCK_WRLOCK(TASK_WQ_LOCK, &wq_lock);
|
|
|
|
|
if (!task_in_wq(task) || tick_is_lt(task->expire, task->wq.key))
|
|
|
|
|
__task_queue(task, &timers);
|
|
|
|
|
HA_RWLOCK_WRUNLOCK(TASK_WQ_LOCK, &wq_lock);
|
|
|
|
|
} else
|
|
|
|
|
#endif
|
|
|
|
|
{
|
2020-07-22 08:20:14 -04:00
|
|
|
BUG_ON(task->thread_mask != tid_bit); // should have TASK_SHARED_WQ
|
2020-06-04 11:25:40 -04:00
|
|
|
if (!task_in_wq(task) || tick_is_lt(task->expire, task->wq.key))
|
|
|
|
|
__task_queue(task, &sched->timers);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* change the thread affinity of a task to <thread_mask>.
|
|
|
|
|
* This may only be done from within the running task itself or during its
|
|
|
|
|
* initialization. It will unqueue and requeue the task from the wait queue
|
|
|
|
|
* if it was in it. This is safe against a concurrent task_queue() call because
|
|
|
|
|
* task_queue() itself will unlink again if needed after taking into account
|
|
|
|
|
* the new thread_mask.
|
|
|
|
|
*/
|
|
|
|
|
static inline void task_set_affinity(struct task *t, unsigned long thread_mask)
|
|
|
|
|
{
|
|
|
|
|
if (unlikely(task_in_wq(t))) {
|
|
|
|
|
task_unlink_wq(t);
|
|
|
|
|
t->thread_mask = thread_mask;
|
|
|
|
|
task_queue(t);
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
t->thread_mask = thread_mask;
|
|
|
|
|
}
|
|
|
|
|
|
2006-06-25 20:48:02 -04:00
|
|
|
/*
|
2016-12-06 03:15:30 -05:00
|
|
|
* Unlink the task from the run queue. The tasks_run_queue size and number of
|
|
|
|
|
* niced tasks are updated too. A pointer to the task itself is returned. The
|
|
|
|
|
* task *must* already be in the run queue before calling this function. If
|
|
|
|
|
* unsure, use the safer task_unlink_rq() function. Note that the pointer to the
|
|
|
|
|
* next run queue entry is neither checked nor updated.
|
2006-06-25 20:48:02 -04:00
|
|
|
*/
|
2009-03-07 11:25:21 -05:00
|
|
|
static inline struct task *__task_unlink_rq(struct task *t)
|
|
|
|
|
{
|
2019-03-08 12:48:47 -05:00
|
|
|
_HA_ATOMIC_SUB(&tasks_run_queue, 1);
|
2018-07-26 09:59:38 -04:00
|
|
|
#ifdef USE_THREAD
|
2020-10-18 08:24:51 -04:00
|
|
|
if (t->state & TASK_GLOBAL)
|
2019-03-08 12:48:47 -05:00
|
|
|
_HA_ATOMIC_AND(&t->state, ~TASK_GLOBAL);
|
2020-10-18 08:24:51 -04:00
|
|
|
else
|
2018-07-26 09:59:38 -04:00
|
|
|
#endif
|
2019-09-24 02:25:15 -04:00
|
|
|
sched->rqueue_size--;
|
2018-07-26 09:59:38 -04:00
|
|
|
eb32sc_delete(&t->rq);
|
2009-03-07 11:25:21 -05:00
|
|
|
if (likely(t->nice))
|
2019-03-08 12:48:47 -05:00
|
|
|
_HA_ATOMIC_SUB(&niced_tasks, 1);
|
2009-03-07 11:25:21 -05:00
|
|
|
return t;
|
|
|
|
|
}
|
|
|
|
|
|
2015-02-23 10:07:01 -05:00
|
|
|
/* This function unlinks task <t> from the run queue if it is in it. It also
|
|
|
|
|
* takes care of updating the next run queue task if it was this task.
|
|
|
|
|
*/
|
2009-03-07 11:25:21 -05:00
|
|
|
static inline struct task *task_unlink_rq(struct task *t)
|
2006-06-25 20:48:02 -04:00
|
|
|
{
|
2019-03-14 11:14:04 -04:00
|
|
|
int is_global = t->state & TASK_GLOBAL;
|
|
|
|
|
|
|
|
|
|
if (is_global)
|
2018-05-18 12:38:23 -04:00
|
|
|
HA_SPIN_LOCK(TASK_RQ_LOCK, &rq_lock);
|
2019-04-12 10:10:55 -04:00
|
|
|
if (likely(task_in_rq(t)))
|
2009-03-07 11:25:21 -05:00
|
|
|
__task_unlink_rq(t);
|
2019-03-14 11:14:04 -04:00
|
|
|
if (is_global)
|
2018-05-18 12:38:23 -04:00
|
|
|
HA_SPIN_UNLOCK(TASK_RQ_LOCK, &rq_lock);
|
2008-07-05 12:16:19 -04:00
|
|
|
return t;
|
|
|
|
|
}
|
2008-06-24 02:17:16 -04:00
|
|
|
|
2020-07-03 11:13:05 -04:00
|
|
|
/* schedules tasklet <tl> to run onto thread <thr> or the current thread if
|
BUG/MEDIUM: task: close a possible data race condition on a tasklet's list link
In issue #958 Ashley Penney reported intermittent crashes on AWS's ARM
nodes which would not happen on x86 nodes. After investigation it turned
out that the Neoverse N1 CPU cores used in the Graviton2 CPU are much
more aggressive than the usual Cortex A53/A72/A55 or any x86 regarding
memory ordering.
The issue that was triggered there is that if a tasklet_wakeup() call
is made on a tasklet scheduled to run on a foreign thread and that
tasklet is just being dequeued to be processed, there can be a race at
two places:
- if MT_LIST_TRY_ADDQ() happens between MT_LIST_BEHEAD() and
LIST_SPLICE_END_DETACHED() if the tasklet is alone in the list,
because the emptiness tests matches ;
- if MT_LIST_TRY_ADDQ() happens during LIST_DEL_INIT() in
run_tasks_from_lists(), then depending on how LIST_DEL_INIT() ends
up being implemented, it may even corrupt the adjacent nodes while
they're being reused for the in-tree storage.
This issue was introduced in 2.2 when support for waking up remote
tasklets was added. Initially the attachment of a tasklet to a list
was enough to know its status and this used to be stable information.
Now it's not sufficient to rely on this anymore, thus we need to use
a different information.
This patch solves this by adding a new task flag, TASK_IN_LIST, which
is atomically set before attaching a tasklet to a list, and is only
removed after the tasklet is detached from a list. It is checked
by tasklet_wakeup_on() so that it may only be done while the tasklet
is out of any list, and is cleared during the state switch when calling
the tasklet. Note that the flag is not set for pure tasks as it's not
needed.
However this introduces a new special case: the function
tasklet_remove_from_tasklet_list() needs to keep both states in sync
and cannot check both the state and the attachment to a list at the
same time. This function is already limited to being used by the thread
owning the tasklet, so in this case the test remains reliable. However,
just like its predecessors, this function is wrong by design and it
should probably be replaced with a stricter one, a lazy one, or be
totally removed (it's only used in checks to avoid calling a possibly
scheduled event, and when freeing a tasklet). Regardless, for now the
function exists so the flag is removed only if the deletion could be
done, which covers all cases we're interested in regarding the insertion.
This removal is safe against a concurrent tasklet_wakeup_on() since
MT_LIST_DEL() guarantees the atomic test, and will ultimately clear
the flag only if the task could be deleted, so the flag will always
reflect the last state.
This should be carefully be backported as far as 2.2 after some
observation period. This patch depends on previous patch
"MINOR: task: remove __tasklet_remove_from_tasklet_list()".
2020-11-30 08:58:53 -05:00
|
|
|
* <thr> is negative. Note that it is illegal to wakeup a foreign tasklet if
|
|
|
|
|
* its tid is negative and it is illegal to self-assign a tasklet that was
|
|
|
|
|
* at least once scheduled on a specific thread.
|
2020-07-03 11:13:05 -04:00
|
|
|
*/
|
|
|
|
|
static inline void tasklet_wakeup_on(struct tasklet *tl, int thr)
|
2018-05-18 12:45:28 -04:00
|
|
|
{
|
BUG/MEDIUM: task: close a possible data race condition on a tasklet's list link
In issue #958 Ashley Penney reported intermittent crashes on AWS's ARM
nodes which would not happen on x86 nodes. After investigation it turned
out that the Neoverse N1 CPU cores used in the Graviton2 CPU are much
more aggressive than the usual Cortex A53/A72/A55 or any x86 regarding
memory ordering.
The issue that was triggered there is that if a tasklet_wakeup() call
is made on a tasklet scheduled to run on a foreign thread and that
tasklet is just being dequeued to be processed, there can be a race at
two places:
- if MT_LIST_TRY_ADDQ() happens between MT_LIST_BEHEAD() and
LIST_SPLICE_END_DETACHED() if the tasklet is alone in the list,
because the emptiness tests matches ;
- if MT_LIST_TRY_ADDQ() happens during LIST_DEL_INIT() in
run_tasks_from_lists(), then depending on how LIST_DEL_INIT() ends
up being implemented, it may even corrupt the adjacent nodes while
they're being reused for the in-tree storage.
This issue was introduced in 2.2 when support for waking up remote
tasklets was added. Initially the attachment of a tasklet to a list
was enough to know its status and this used to be stable information.
Now it's not sufficient to rely on this anymore, thus we need to use
a different information.
This patch solves this by adding a new task flag, TASK_IN_LIST, which
is atomically set before attaching a tasklet to a list, and is only
removed after the tasklet is detached from a list. It is checked
by tasklet_wakeup_on() so that it may only be done while the tasklet
is out of any list, and is cleared during the state switch when calling
the tasklet. Note that the flag is not set for pure tasks as it's not
needed.
However this introduces a new special case: the function
tasklet_remove_from_tasklet_list() needs to keep both states in sync
and cannot check both the state and the attachment to a list at the
same time. This function is already limited to being used by the thread
owning the tasklet, so in this case the test remains reliable. However,
just like its predecessors, this function is wrong by design and it
should probably be replaced with a stricter one, a lazy one, or be
totally removed (it's only used in checks to avoid calling a possibly
scheduled event, and when freeing a tasklet). Regardless, for now the
function exists so the flag is removed only if the deletion could be
done, which covers all cases we're interested in regarding the insertion.
This removal is safe against a concurrent tasklet_wakeup_on() since
MT_LIST_DEL() guarantees the atomic test, and will ultimately clear
the flag only if the task could be deleted, so the flag will always
reflect the last state.
This should be carefully be backported as far as 2.2 after some
observation period. This patch depends on previous patch
"MINOR: task: remove __tasklet_remove_from_tasklet_list()".
2020-11-30 08:58:53 -05:00
|
|
|
unsigned short state = tl->state;
|
|
|
|
|
|
|
|
|
|
do {
|
|
|
|
|
/* do nothing if someone else already added it */
|
|
|
|
|
if (state & TASK_IN_LIST)
|
|
|
|
|
return;
|
|
|
|
|
} while (!_HA_ATOMIC_CAS(&tl->state, &state, state | TASK_IN_LIST));
|
|
|
|
|
|
|
|
|
|
/* at this pint we're the first ones to add this task to the list */
|
|
|
|
|
|
2020-07-03 11:13:05 -04:00
|
|
|
if (likely(thr < 0)) {
|
2019-10-18 00:43:53 -04:00
|
|
|
/* this tasklet runs on the caller thread */
|
BUG/MEDIUM: task: close a possible data race condition on a tasklet's list link
In issue #958 Ashley Penney reported intermittent crashes on AWS's ARM
nodes which would not happen on x86 nodes. After investigation it turned
out that the Neoverse N1 CPU cores used in the Graviton2 CPU are much
more aggressive than the usual Cortex A53/A72/A55 or any x86 regarding
memory ordering.
The issue that was triggered there is that if a tasklet_wakeup() call
is made on a tasklet scheduled to run on a foreign thread and that
tasklet is just being dequeued to be processed, there can be a race at
two places:
- if MT_LIST_TRY_ADDQ() happens between MT_LIST_BEHEAD() and
LIST_SPLICE_END_DETACHED() if the tasklet is alone in the list,
because the emptiness tests matches ;
- if MT_LIST_TRY_ADDQ() happens during LIST_DEL_INIT() in
run_tasks_from_lists(), then depending on how LIST_DEL_INIT() ends
up being implemented, it may even corrupt the adjacent nodes while
they're being reused for the in-tree storage.
This issue was introduced in 2.2 when support for waking up remote
tasklets was added. Initially the attachment of a tasklet to a list
was enough to know its status and this used to be stable information.
Now it's not sufficient to rely on this anymore, thus we need to use
a different information.
This patch solves this by adding a new task flag, TASK_IN_LIST, which
is atomically set before attaching a tasklet to a list, and is only
removed after the tasklet is detached from a list. It is checked
by tasklet_wakeup_on() so that it may only be done while the tasklet
is out of any list, and is cleared during the state switch when calling
the tasklet. Note that the flag is not set for pure tasks as it's not
needed.
However this introduces a new special case: the function
tasklet_remove_from_tasklet_list() needs to keep both states in sync
and cannot check both the state and the attachment to a list at the
same time. This function is already limited to being used by the thread
owning the tasklet, so in this case the test remains reliable. However,
just like its predecessors, this function is wrong by design and it
should probably be replaced with a stricter one, a lazy one, or be
totally removed (it's only used in checks to avoid calling a possibly
scheduled event, and when freeing a tasklet). Regardless, for now the
function exists so the flag is removed only if the deletion could be
done, which covers all cases we're interested in regarding the insertion.
This removal is safe against a concurrent tasklet_wakeup_on() since
MT_LIST_DEL() guarantees the atomic test, and will ultimately clear
the flag only if the task could be deleted, so the flag will always
reflect the last state.
This should be carefully be backported as far as 2.2 after some
observation period. This patch depends on previous patch
"MINOR: task: remove __tasklet_remove_from_tasklet_list()".
2020-11-30 08:58:53 -05:00
|
|
|
if (tl->state & TASK_SELF_WAKING) {
|
|
|
|
|
LIST_ADDQ(&sched->tasklets[TL_BULK], &tl->list);
|
|
|
|
|
sched->tl_class_mask |= 1 << TL_BULK;
|
|
|
|
|
}
|
|
|
|
|
else if ((struct task *)tl == sched->current) {
|
|
|
|
|
_HA_ATOMIC_OR(&tl->state, TASK_SELF_WAKING);
|
|
|
|
|
LIST_ADDQ(&sched->tasklets[TL_BULK], &tl->list);
|
|
|
|
|
sched->tl_class_mask |= 1 << TL_BULK;
|
|
|
|
|
}
|
|
|
|
|
else if (sched->current_queue < 0) {
|
|
|
|
|
LIST_ADDQ(&sched->tasklets[TL_URGENT], &tl->list);
|
|
|
|
|
sched->tl_class_mask |= 1 << TL_URGENT;
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
LIST_ADDQ(&sched->tasklets[sched->current_queue], &tl->list);
|
|
|
|
|
sched->tl_class_mask |= 1 << sched->current_queue;
|
2019-10-11 10:35:01 -04:00
|
|
|
}
|
|
|
|
|
} else {
|
BUG/MEDIUM: task: close a possible data race condition on a tasklet's list link
In issue #958 Ashley Penney reported intermittent crashes on AWS's ARM
nodes which would not happen on x86 nodes. After investigation it turned
out that the Neoverse N1 CPU cores used in the Graviton2 CPU are much
more aggressive than the usual Cortex A53/A72/A55 or any x86 regarding
memory ordering.
The issue that was triggered there is that if a tasklet_wakeup() call
is made on a tasklet scheduled to run on a foreign thread and that
tasklet is just being dequeued to be processed, there can be a race at
two places:
- if MT_LIST_TRY_ADDQ() happens between MT_LIST_BEHEAD() and
LIST_SPLICE_END_DETACHED() if the tasklet is alone in the list,
because the emptiness tests matches ;
- if MT_LIST_TRY_ADDQ() happens during LIST_DEL_INIT() in
run_tasks_from_lists(), then depending on how LIST_DEL_INIT() ends
up being implemented, it may even corrupt the adjacent nodes while
they're being reused for the in-tree storage.
This issue was introduced in 2.2 when support for waking up remote
tasklets was added. Initially the attachment of a tasklet to a list
was enough to know its status and this used to be stable information.
Now it's not sufficient to rely on this anymore, thus we need to use
a different information.
This patch solves this by adding a new task flag, TASK_IN_LIST, which
is atomically set before attaching a tasklet to a list, and is only
removed after the tasklet is detached from a list. It is checked
by tasklet_wakeup_on() so that it may only be done while the tasklet
is out of any list, and is cleared during the state switch when calling
the tasklet. Note that the flag is not set for pure tasks as it's not
needed.
However this introduces a new special case: the function
tasklet_remove_from_tasklet_list() needs to keep both states in sync
and cannot check both the state and the attachment to a list at the
same time. This function is already limited to being used by the thread
owning the tasklet, so in this case the test remains reliable. However,
just like its predecessors, this function is wrong by design and it
should probably be replaced with a stricter one, a lazy one, or be
totally removed (it's only used in checks to avoid calling a possibly
scheduled event, and when freeing a tasklet). Regardless, for now the
function exists so the flag is removed only if the deletion could be
done, which covers all cases we're interested in regarding the insertion.
This removal is safe against a concurrent tasklet_wakeup_on() since
MT_LIST_DEL() guarantees the atomic test, and will ultimately clear
the flag only if the task could be deleted, so the flag will always
reflect the last state.
This should be carefully be backported as far as 2.2 after some
observation period. This patch depends on previous patch
"MINOR: task: remove __tasklet_remove_from_tasklet_list()".
2020-11-30 08:58:53 -05:00
|
|
|
/* this tasklet runs on a specific thread. */
|
|
|
|
|
MT_LIST_ADDQ(&task_per_thread[thr].shared_tasklet_list, (struct mt_list *)&tl->list);
|
|
|
|
|
if (sleeping_thread_mask & (1UL << thr)) {
|
|
|
|
|
_HA_ATOMIC_AND(&sleeping_thread_mask, ~(1UL << thr));
|
|
|
|
|
wake_thread(thr);
|
2019-09-24 08:55:28 -04:00
|
|
|
}
|
|
|
|
|
}
|
BUG/MEDIUM: task: close a possible data race condition on a tasklet's list link
In issue #958 Ashley Penney reported intermittent crashes on AWS's ARM
nodes which would not happen on x86 nodes. After investigation it turned
out that the Neoverse N1 CPU cores used in the Graviton2 CPU are much
more aggressive than the usual Cortex A53/A72/A55 or any x86 regarding
memory ordering.
The issue that was triggered there is that if a tasklet_wakeup() call
is made on a tasklet scheduled to run on a foreign thread and that
tasklet is just being dequeued to be processed, there can be a race at
two places:
- if MT_LIST_TRY_ADDQ() happens between MT_LIST_BEHEAD() and
LIST_SPLICE_END_DETACHED() if the tasklet is alone in the list,
because the emptiness tests matches ;
- if MT_LIST_TRY_ADDQ() happens during LIST_DEL_INIT() in
run_tasks_from_lists(), then depending on how LIST_DEL_INIT() ends
up being implemented, it may even corrupt the adjacent nodes while
they're being reused for the in-tree storage.
This issue was introduced in 2.2 when support for waking up remote
tasklets was added. Initially the attachment of a tasklet to a list
was enough to know its status and this used to be stable information.
Now it's not sufficient to rely on this anymore, thus we need to use
a different information.
This patch solves this by adding a new task flag, TASK_IN_LIST, which
is atomically set before attaching a tasklet to a list, and is only
removed after the tasklet is detached from a list. It is checked
by tasklet_wakeup_on() so that it may only be done while the tasklet
is out of any list, and is cleared during the state switch when calling
the tasklet. Note that the flag is not set for pure tasks as it's not
needed.
However this introduces a new special case: the function
tasklet_remove_from_tasklet_list() needs to keep both states in sync
and cannot check both the state and the attachment to a list at the
same time. This function is already limited to being used by the thread
owning the tasklet, so in this case the test remains reliable. However,
just like its predecessors, this function is wrong by design and it
should probably be replaced with a stricter one, a lazy one, or be
totally removed (it's only used in checks to avoid calling a possibly
scheduled event, and when freeing a tasklet). Regardless, for now the
function exists so the flag is removed only if the deletion could be
done, which covers all cases we're interested in regarding the insertion.
This removal is safe against a concurrent tasklet_wakeup_on() since
MT_LIST_DEL() guarantees the atomic test, and will ultimately clear
the flag only if the task could be deleted, so the flag will always
reflect the last state.
This should be carefully be backported as far as 2.2 after some
observation period. This patch depends on previous patch
"MINOR: task: remove __tasklet_remove_from_tasklet_list()".
2020-11-30 08:58:53 -05:00
|
|
|
_HA_ATOMIC_ADD(&tasks_run_queue, 1);
|
2020-07-03 11:13:05 -04:00
|
|
|
}
|
2018-05-18 12:45:28 -04:00
|
|
|
|
2020-07-03 11:13:05 -04:00
|
|
|
/* schedules tasklet <tl> to run onto the thread designated by tl->tid, which
|
|
|
|
|
* is either its owner thread if >= 0 or the current thread if < 0.
|
|
|
|
|
*/
|
|
|
|
|
static inline void tasklet_wakeup(struct tasklet *tl)
|
|
|
|
|
{
|
|
|
|
|
tasklet_wakeup_on(tl, tl->tid);
|
2018-05-18 12:45:28 -04:00
|
|
|
}
|
|
|
|
|
|
2020-11-30 08:52:11 -05:00
|
|
|
/* Try to remove a tasklet from the list. This call is inherently racy and may
|
|
|
|
|
* only be performed on the thread that was supposed to dequeue this tasklet.
|
BUG/MEDIUM: task: close a possible data race condition on a tasklet's list link
In issue #958 Ashley Penney reported intermittent crashes on AWS's ARM
nodes which would not happen on x86 nodes. After investigation it turned
out that the Neoverse N1 CPU cores used in the Graviton2 CPU are much
more aggressive than the usual Cortex A53/A72/A55 or any x86 regarding
memory ordering.
The issue that was triggered there is that if a tasklet_wakeup() call
is made on a tasklet scheduled to run on a foreign thread and that
tasklet is just being dequeued to be processed, there can be a race at
two places:
- if MT_LIST_TRY_ADDQ() happens between MT_LIST_BEHEAD() and
LIST_SPLICE_END_DETACHED() if the tasklet is alone in the list,
because the emptiness tests matches ;
- if MT_LIST_TRY_ADDQ() happens during LIST_DEL_INIT() in
run_tasks_from_lists(), then depending on how LIST_DEL_INIT() ends
up being implemented, it may even corrupt the adjacent nodes while
they're being reused for the in-tree storage.
This issue was introduced in 2.2 when support for waking up remote
tasklets was added. Initially the attachment of a tasklet to a list
was enough to know its status and this used to be stable information.
Now it's not sufficient to rely on this anymore, thus we need to use
a different information.
This patch solves this by adding a new task flag, TASK_IN_LIST, which
is atomically set before attaching a tasklet to a list, and is only
removed after the tasklet is detached from a list. It is checked
by tasklet_wakeup_on() so that it may only be done while the tasklet
is out of any list, and is cleared during the state switch when calling
the tasklet. Note that the flag is not set for pure tasks as it's not
needed.
However this introduces a new special case: the function
tasklet_remove_from_tasklet_list() needs to keep both states in sync
and cannot check both the state and the attachment to a list at the
same time. This function is already limited to being used by the thread
owning the tasklet, so in this case the test remains reliable. However,
just like its predecessors, this function is wrong by design and it
should probably be replaced with a stricter one, a lazy one, or be
totally removed (it's only used in checks to avoid calling a possibly
scheduled event, and when freeing a tasklet). Regardless, for now the
function exists so the flag is removed only if the deletion could be
done, which covers all cases we're interested in regarding the insertion.
This removal is safe against a concurrent tasklet_wakeup_on() since
MT_LIST_DEL() guarantees the atomic test, and will ultimately clear
the flag only if the task could be deleted, so the flag will always
reflect the last state.
This should be carefully be backported as far as 2.2 after some
observation period. This patch depends on previous patch
"MINOR: task: remove __tasklet_remove_from_tasklet_list()".
2020-11-30 08:58:53 -05:00
|
|
|
* This way it is safe to call MT_LIST_DEL without first removing the
|
|
|
|
|
* TASK_IN_LIST bit, which must absolutely be removed afterwards in case
|
|
|
|
|
* another thread would want to wake this tasklet up in parallel.
|
2019-03-25 13:02:54 -04:00
|
|
|
*/
|
2019-06-14 08:47:49 -04:00
|
|
|
static inline void tasklet_remove_from_tasklet_list(struct tasklet *t)
|
2019-03-25 13:02:54 -04:00
|
|
|
{
|
BUG/MEDIUM: task: close a possible data race condition on a tasklet's list link
In issue #958 Ashley Penney reported intermittent crashes on AWS's ARM
nodes which would not happen on x86 nodes. After investigation it turned
out that the Neoverse N1 CPU cores used in the Graviton2 CPU are much
more aggressive than the usual Cortex A53/A72/A55 or any x86 regarding
memory ordering.
The issue that was triggered there is that if a tasklet_wakeup() call
is made on a tasklet scheduled to run on a foreign thread and that
tasklet is just being dequeued to be processed, there can be a race at
two places:
- if MT_LIST_TRY_ADDQ() happens between MT_LIST_BEHEAD() and
LIST_SPLICE_END_DETACHED() if the tasklet is alone in the list,
because the emptiness tests matches ;
- if MT_LIST_TRY_ADDQ() happens during LIST_DEL_INIT() in
run_tasks_from_lists(), then depending on how LIST_DEL_INIT() ends
up being implemented, it may even corrupt the adjacent nodes while
they're being reused for the in-tree storage.
This issue was introduced in 2.2 when support for waking up remote
tasklets was added. Initially the attachment of a tasklet to a list
was enough to know its status and this used to be stable information.
Now it's not sufficient to rely on this anymore, thus we need to use
a different information.
This patch solves this by adding a new task flag, TASK_IN_LIST, which
is atomically set before attaching a tasklet to a list, and is only
removed after the tasklet is detached from a list. It is checked
by tasklet_wakeup_on() so that it may only be done while the tasklet
is out of any list, and is cleared during the state switch when calling
the tasklet. Note that the flag is not set for pure tasks as it's not
needed.
However this introduces a new special case: the function
tasklet_remove_from_tasklet_list() needs to keep both states in sync
and cannot check both the state and the attachment to a list at the
same time. This function is already limited to being used by the thread
owning the tasklet, so in this case the test remains reliable. However,
just like its predecessors, this function is wrong by design and it
should probably be replaced with a stricter one, a lazy one, or be
totally removed (it's only used in checks to avoid calling a possibly
scheduled event, and when freeing a tasklet). Regardless, for now the
function exists so the flag is removed only if the deletion could be
done, which covers all cases we're interested in regarding the insertion.
This removal is safe against a concurrent tasklet_wakeup_on() since
MT_LIST_DEL() guarantees the atomic test, and will ultimately clear
the flag only if the task could be deleted, so the flag will always
reflect the last state.
This should be carefully be backported as far as 2.2 after some
observation period. This patch depends on previous patch
"MINOR: task: remove __tasklet_remove_from_tasklet_list()".
2020-11-30 08:58:53 -05:00
|
|
|
if (MT_LIST_DEL((struct mt_list *)&t->list)) {
|
|
|
|
|
_HA_ATOMIC_AND(&t->state, ~TASK_IN_LIST);
|
2019-11-08 09:41:55 -05:00
|
|
|
_HA_ATOMIC_SUB(&tasks_run_queue, 1);
|
BUG/MEDIUM: task: close a possible data race condition on a tasklet's list link
In issue #958 Ashley Penney reported intermittent crashes on AWS's ARM
nodes which would not happen on x86 nodes. After investigation it turned
out that the Neoverse N1 CPU cores used in the Graviton2 CPU are much
more aggressive than the usual Cortex A53/A72/A55 or any x86 regarding
memory ordering.
The issue that was triggered there is that if a tasklet_wakeup() call
is made on a tasklet scheduled to run on a foreign thread and that
tasklet is just being dequeued to be processed, there can be a race at
two places:
- if MT_LIST_TRY_ADDQ() happens between MT_LIST_BEHEAD() and
LIST_SPLICE_END_DETACHED() if the tasklet is alone in the list,
because the emptiness tests matches ;
- if MT_LIST_TRY_ADDQ() happens during LIST_DEL_INIT() in
run_tasks_from_lists(), then depending on how LIST_DEL_INIT() ends
up being implemented, it may even corrupt the adjacent nodes while
they're being reused for the in-tree storage.
This issue was introduced in 2.2 when support for waking up remote
tasklets was added. Initially the attachment of a tasklet to a list
was enough to know its status and this used to be stable information.
Now it's not sufficient to rely on this anymore, thus we need to use
a different information.
This patch solves this by adding a new task flag, TASK_IN_LIST, which
is atomically set before attaching a tasklet to a list, and is only
removed after the tasklet is detached from a list. It is checked
by tasklet_wakeup_on() so that it may only be done while the tasklet
is out of any list, and is cleared during the state switch when calling
the tasklet. Note that the flag is not set for pure tasks as it's not
needed.
However this introduces a new special case: the function
tasklet_remove_from_tasklet_list() needs to keep both states in sync
and cannot check both the state and the attachment to a list at the
same time. This function is already limited to being used by the thread
owning the tasklet, so in this case the test remains reliable. However,
just like its predecessors, this function is wrong by design and it
should probably be replaced with a stricter one, a lazy one, or be
totally removed (it's only used in checks to avoid calling a possibly
scheduled event, and when freeing a tasklet). Regardless, for now the
function exists so the flag is removed only if the deletion could be
done, which covers all cases we're interested in regarding the insertion.
This removal is safe against a concurrent tasklet_wakeup_on() since
MT_LIST_DEL() guarantees the atomic test, and will ultimately clear
the flag only if the task could be deleted, so the flag will always
reflect the last state.
This should be carefully be backported as far as 2.2 after some
observation period. This patch depends on previous patch
"MINOR: task: remove __tasklet_remove_from_tasklet_list()".
2020-11-30 08:58:53 -05:00
|
|
|
}
|
2019-03-25 13:02:54 -04:00
|
|
|
}
|
|
|
|
|
|
2008-06-24 02:17:16 -04:00
|
|
|
/*
|
2009-03-21 13:13:21 -04:00
|
|
|
* Initialize a new task. The bare minimum is performed (queue pointers and
|
|
|
|
|
* state). The task is returned. This function should not be used outside of
|
BUG/MAJOR: task: add a new TASK_SHARED_WQ flag to fix foreing requeuing
Since 1.9 with commit b20aa9eef3 ("MAJOR: tasks: create per-thread wait
queues") a task bound to a single thread will not use locks when being
queued or dequeued because the wait queue is assumed to be the owner
thread's.
But there exists a rare situation where this is not true: the health
check tasks may be running on one thread waiting for a response, and
may in parallel be requeued by another thread calling health_adjust()
after a detecting a response error in traffic when "observe l7" is set,
and "fastinter" is lower than "inter", requiring to shorten the running
check's timeout. In this case, the task being requeued was present in
another thread's wait queue, thus opening a race during task_unlink_wq(),
and gets requeued into the calling thread's wait queue instead of the
running one's, opening a second race here.
This patch aims at protecting against the risk of calling task_unlink_wq()
from one thread while the task is queued on another thread, hence unlocked,
by introducing a new TASK_SHARED_WQ flag.
This new flag indicates that a task's position in the wait queue may be
adjusted by other threads than then one currently executing it. This means
that such WQ manipulations must be performed under a lock. There are two
types of such tasks:
- the global ones, using the global wait queue (technically speaking,
those whose thread_mask has at least 2 bits set).
- some local ones, which for now will be placed into the global wait
queue as well in order to benefit from its lock.
The flag is automatically set on initialization if the task's thread mask
indicates more than one thread. The caller must also set it if it intends
to let other threads update the task's expiration delay (e.g. delegated
I/Os), or if it intends to change the task's affinity over time as this
could lead to the same situation.
Right now only the situation described above seems to be affected by this
issue, and it is very difficult to trigger, and even then, will often have
no visible effect beyond stopping the checks for example once the race is
met. On my laptop it is feasible with the following config, chained to
httpterm:
global
maxconn 400 # provoke FD errors, calling health_adjust()
defaults
mode http
timeout client 10s
timeout server 10s
timeout connect 10s
listen px
bind :8001
option httpchk /?t=50
server sback 127.0.0.1:8000 backup
server-template s 0-999 127.0.0.1:8000 check port 8001 inter 100 fastinter 10 observe layer7
This patch will automatically address the case for the checks because
check tasks are created with multiple threads bound and will get the
TASK_SHARED_WQ flag set.
If in the future more tasks need to rely on this (multi-threaded muxes
for example) and the use of the global wait queue becomes a bottleneck
again, then it should not be too difficult to place locks on the local
wait queues and queue the task on its bound thread.
This patch needs to be backported to 2.1, 2.0 and 1.9. It depends on
previous patch "MINOR: task: only check TASK_WOKEN_ANY to decide to
requeue a task".
Many thanks to William Dauchy for providing detailed traces allowing to
spot the problem.
2019-12-19 01:39:06 -05:00
|
|
|
* task_new(). If the thread mask contains more than one thread, TASK_SHARED_WQ
|
|
|
|
|
* is set.
|
2008-06-24 02:17:16 -04:00
|
|
|
*/
|
2017-09-27 08:59:38 -04:00
|
|
|
static inline struct task *task_init(struct task *t, unsigned long thread_mask)
|
2008-06-24 02:17:16 -04:00
|
|
|
{
|
2009-03-07 11:25:21 -05:00
|
|
|
t->wq.node.leaf_p = NULL;
|
|
|
|
|
t->rq.node.leaf_p = NULL;
|
2018-05-18 12:38:23 -04:00
|
|
|
t->state = TASK_SLEEPING;
|
2017-10-31 11:06:06 -04:00
|
|
|
t->thread_mask = thread_mask;
|
BUG/MAJOR: task: add a new TASK_SHARED_WQ flag to fix foreing requeuing
Since 1.9 with commit b20aa9eef3 ("MAJOR: tasks: create per-thread wait
queues") a task bound to a single thread will not use locks when being
queued or dequeued because the wait queue is assumed to be the owner
thread's.
But there exists a rare situation where this is not true: the health
check tasks may be running on one thread waiting for a response, and
may in parallel be requeued by another thread calling health_adjust()
after a detecting a response error in traffic when "observe l7" is set,
and "fastinter" is lower than "inter", requiring to shorten the running
check's timeout. In this case, the task being requeued was present in
another thread's wait queue, thus opening a race during task_unlink_wq(),
and gets requeued into the calling thread's wait queue instead of the
running one's, opening a second race here.
This patch aims at protecting against the risk of calling task_unlink_wq()
from one thread while the task is queued on another thread, hence unlocked,
by introducing a new TASK_SHARED_WQ flag.
This new flag indicates that a task's position in the wait queue may be
adjusted by other threads than then one currently executing it. This means
that such WQ manipulations must be performed under a lock. There are two
types of such tasks:
- the global ones, using the global wait queue (technically speaking,
those whose thread_mask has at least 2 bits set).
- some local ones, which for now will be placed into the global wait
queue as well in order to benefit from its lock.
The flag is automatically set on initialization if the task's thread mask
indicates more than one thread. The caller must also set it if it intends
to let other threads update the task's expiration delay (e.g. delegated
I/Os), or if it intends to change the task's affinity over time as this
could lead to the same situation.
Right now only the situation described above seems to be affected by this
issue, and it is very difficult to trigger, and even then, will often have
no visible effect beyond stopping the checks for example once the race is
met. On my laptop it is feasible with the following config, chained to
httpterm:
global
maxconn 400 # provoke FD errors, calling health_adjust()
defaults
mode http
timeout client 10s
timeout server 10s
timeout connect 10s
listen px
bind :8001
option httpchk /?t=50
server sback 127.0.0.1:8000 backup
server-template s 0-999 127.0.0.1:8000 check port 8001 inter 100 fastinter 10 observe layer7
This patch will automatically address the case for the checks because
check tasks are created with multiple threads bound and will get the
TASK_SHARED_WQ flag set.
If in the future more tasks need to rely on this (multi-threaded muxes
for example) and the use of the global wait queue becomes a bottleneck
again, then it should not be too difficult to place locks on the local
wait queues and queue the task on its bound thread.
This patch needs to be backported to 2.1, 2.0 and 1.9. It depends on
previous patch "MINOR: task: only check TASK_WOKEN_ANY to decide to
requeue a task".
Many thanks to William Dauchy for providing detailed traces allowing to
spot the problem.
2019-12-19 01:39:06 -05:00
|
|
|
if (atleast2(thread_mask))
|
|
|
|
|
t->state |= TASK_SHARED_WQ;
|
2008-06-30 01:51:00 -04:00
|
|
|
t->nice = 0;
|
2009-03-28 12:54:35 -04:00
|
|
|
t->calls = 0;
|
2018-05-31 08:48:54 -04:00
|
|
|
t->call_date = 0;
|
|
|
|
|
t->cpu_time = 0;
|
|
|
|
|
t->lat_time = 0;
|
2017-07-24 11:52:58 -04:00
|
|
|
t->expire = TICK_ETERNITY;
|
2006-06-25 20:48:02 -04:00
|
|
|
return t;
|
|
|
|
|
}
|
|
|
|
|
|
2019-10-18 00:43:53 -04:00
|
|
|
/* Initialize a new tasklet. It's identified as a tasklet by ->nice=-32768. It
|
|
|
|
|
* is expected to run on the calling thread by default, it's up to the caller
|
|
|
|
|
* to change ->tid if it wants to own it.
|
|
|
|
|
*/
|
2018-05-18 12:45:28 -04:00
|
|
|
static inline void tasklet_init(struct tasklet *t)
|
|
|
|
|
{
|
|
|
|
|
t->nice = -32768;
|
|
|
|
|
t->calls = 0;
|
|
|
|
|
t->state = 0;
|
2018-07-19 10:02:16 -04:00
|
|
|
t->process = NULL;
|
2019-10-18 00:43:53 -04:00
|
|
|
t->tid = -1;
|
2019-10-11 10:35:01 -04:00
|
|
|
LIST_INIT(&t->list);
|
2018-05-18 12:45:28 -04:00
|
|
|
}
|
|
|
|
|
|
2019-10-18 00:43:53 -04:00
|
|
|
/* Allocate and initialize a new tasklet, local to the thread by default. The
|
2020-03-10 03:06:11 -04:00
|
|
|
* caller may assign its tid if it wants to own the tasklet.
|
2019-10-18 00:43:53 -04:00
|
|
|
*/
|
2018-05-18 12:45:28 -04:00
|
|
|
static inline struct tasklet *tasklet_new(void)
|
|
|
|
|
{
|
|
|
|
|
struct tasklet *t = pool_alloc(pool_head_tasklet);
|
|
|
|
|
|
|
|
|
|
if (t) {
|
|
|
|
|
tasklet_init(t);
|
|
|
|
|
}
|
|
|
|
|
return t;
|
|
|
|
|
}
|
|
|
|
|
|
2006-06-25 20:48:02 -04:00
|
|
|
/*
|
2009-03-21 13:13:21 -04:00
|
|
|
* Allocate and initialise a new task. The new task is returned, or NULL in
|
|
|
|
|
* case of lack of memory. The task count is incremented. Tasks should only
|
|
|
|
|
* be allocated this way, and must be freed using task_free().
|
|
|
|
|
*/
|
2017-09-27 08:59:38 -04:00
|
|
|
static inline struct task *task_new(unsigned long thread_mask)
|
2009-03-21 13:13:21 -04:00
|
|
|
{
|
2017-11-24 11:34:44 -05:00
|
|
|
struct task *t = pool_alloc(pool_head_task);
|
2009-03-21 13:13:21 -04:00
|
|
|
if (t) {
|
2019-03-08 12:48:47 -05:00
|
|
|
_HA_ATOMIC_ADD(&nb_tasks, 1);
|
2017-09-27 08:59:38 -04:00
|
|
|
task_init(t, thread_mask);
|
2009-03-21 13:13:21 -04:00
|
|
|
}
|
|
|
|
|
return t;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
2019-05-17 08:16:51 -04:00
|
|
|
* Free a task. Its context must have been freed since it will be lost. The
|
|
|
|
|
* task count is decremented. It it is the current task, this one is reset.
|
2006-06-25 20:48:02 -04:00
|
|
|
*/
|
2018-05-04 09:46:16 -04:00
|
|
|
static inline void __task_free(struct task *t)
|
2006-06-25 20:48:02 -04:00
|
|
|
{
|
2019-09-24 02:25:15 -04:00
|
|
|
if (t == sched->current) {
|
|
|
|
|
sched->current = NULL;
|
2019-05-17 08:16:51 -04:00
|
|
|
__ha_barrier_store();
|
|
|
|
|
}
|
2020-07-22 08:33:53 -04:00
|
|
|
BUG_ON(task_in_wq(t) || task_in_rq(t));
|
2017-11-24 11:34:44 -05:00
|
|
|
pool_free(pool_head_task, t);
|
2014-11-13 10:57:19 -05:00
|
|
|
if (unlikely(stopping))
|
2017-11-24 11:34:44 -05:00
|
|
|
pool_flush(pool_head_task);
|
2019-03-08 12:48:47 -05:00
|
|
|
_HA_ATOMIC_SUB(&nb_tasks, 1);
|
2006-06-25 20:48:02 -04:00
|
|
|
}
|
|
|
|
|
|
2019-05-07 13:05:35 -04:00
|
|
|
/* Destroys a task : it's unlinked from the wait queues and is freed if it's
|
|
|
|
|
* the current task or not queued otherwise it's marked to be freed by the
|
|
|
|
|
* scheduler. It does nothing if <t> is NULL.
|
|
|
|
|
*/
|
2019-04-17 16:51:06 -04:00
|
|
|
static inline void task_destroy(struct task *t)
|
2018-05-04 09:46:16 -04:00
|
|
|
{
|
2019-05-07 09:25:25 -04:00
|
|
|
if (!t)
|
|
|
|
|
return;
|
|
|
|
|
|
2019-04-17 16:51:06 -04:00
|
|
|
task_unlink_wq(t);
|
2020-03-10 03:06:11 -04:00
|
|
|
/* We don't have to explicitly remove from the run queue.
|
2019-04-17 16:51:06 -04:00
|
|
|
* If we are in the runqueue, the test below will set t->process
|
|
|
|
|
* to NULL, and the task will be free'd when it'll be its turn
|
|
|
|
|
* to run.
|
|
|
|
|
*/
|
|
|
|
|
|
2018-05-04 09:46:16 -04:00
|
|
|
/* There's no need to protect t->state with a lock, as the task
|
|
|
|
|
* has to run on the current thread.
|
|
|
|
|
*/
|
2019-09-24 02:25:15 -04:00
|
|
|
if (t == sched->current || !(t->state & (TASK_QUEUED | TASK_RUNNING)))
|
2018-05-04 09:46:16 -04:00
|
|
|
__task_free(t);
|
|
|
|
|
else
|
|
|
|
|
t->process = NULL;
|
|
|
|
|
}
|
|
|
|
|
|
2019-10-11 10:35:01 -04:00
|
|
|
/* Should only be called by the thread responsible for the tasklet */
|
2018-05-18 12:45:28 -04:00
|
|
|
static inline void tasklet_free(struct tasklet *tl)
|
|
|
|
|
{
|
2020-01-10 10:46:48 -05:00
|
|
|
if (MT_LIST_DEL((struct mt_list *)&tl->list))
|
2019-10-11 10:35:01 -04:00
|
|
|
_HA_ATOMIC_SUB(&tasks_run_queue, 1);
|
2018-06-08 11:08:19 -04:00
|
|
|
|
2018-05-18 12:45:28 -04:00
|
|
|
pool_free(pool_head_tasklet, tl);
|
|
|
|
|
if (unlikely(stopping))
|
|
|
|
|
pool_flush(pool_head_tasklet);
|
|
|
|
|
}
|
|
|
|
|
|
2019-09-20 11:18:35 -04:00
|
|
|
static inline void tasklet_set_tid(struct tasklet *tl, int tid)
|
|
|
|
|
{
|
|
|
|
|
tl->tid = tid;
|
|
|
|
|
}
|
|
|
|
|
|
2011-07-25 08:30:42 -04:00
|
|
|
/* Ensure <task> will be woken up at most at <when>. If the task is already in
|
|
|
|
|
* the run queue (but not running), nothing is done. It may be used that way
|
|
|
|
|
* with a delay : task_schedule(task, tick_add(now_ms, delay));
|
|
|
|
|
*/
|
|
|
|
|
static inline void task_schedule(struct task *task, int when)
|
|
|
|
|
{
|
2017-09-27 08:59:38 -04:00
|
|
|
/* TODO: mthread, check if there is no tisk with this test */
|
2011-07-25 08:30:42 -04:00
|
|
|
if (task_in_rq(task))
|
|
|
|
|
return;
|
|
|
|
|
|
2018-10-15 08:52:21 -04:00
|
|
|
#ifdef USE_THREAD
|
BUG/MAJOR: task: add a new TASK_SHARED_WQ flag to fix foreing requeuing
Since 1.9 with commit b20aa9eef3 ("MAJOR: tasks: create per-thread wait
queues") a task bound to a single thread will not use locks when being
queued or dequeued because the wait queue is assumed to be the owner
thread's.
But there exists a rare situation where this is not true: the health
check tasks may be running on one thread waiting for a response, and
may in parallel be requeued by another thread calling health_adjust()
after a detecting a response error in traffic when "observe l7" is set,
and "fastinter" is lower than "inter", requiring to shorten the running
check's timeout. In this case, the task being requeued was present in
another thread's wait queue, thus opening a race during task_unlink_wq(),
and gets requeued into the calling thread's wait queue instead of the
running one's, opening a second race here.
This patch aims at protecting against the risk of calling task_unlink_wq()
from one thread while the task is queued on another thread, hence unlocked,
by introducing a new TASK_SHARED_WQ flag.
This new flag indicates that a task's position in the wait queue may be
adjusted by other threads than then one currently executing it. This means
that such WQ manipulations must be performed under a lock. There are two
types of such tasks:
- the global ones, using the global wait queue (technically speaking,
those whose thread_mask has at least 2 bits set).
- some local ones, which for now will be placed into the global wait
queue as well in order to benefit from its lock.
The flag is automatically set on initialization if the task's thread mask
indicates more than one thread. The caller must also set it if it intends
to let other threads update the task's expiration delay (e.g. delegated
I/Os), or if it intends to change the task's affinity over time as this
could lead to the same situation.
Right now only the situation described above seems to be affected by this
issue, and it is very difficult to trigger, and even then, will often have
no visible effect beyond stopping the checks for example once the race is
met. On my laptop it is feasible with the following config, chained to
httpterm:
global
maxconn 400 # provoke FD errors, calling health_adjust()
defaults
mode http
timeout client 10s
timeout server 10s
timeout connect 10s
listen px
bind :8001
option httpchk /?t=50
server sback 127.0.0.1:8000 backup
server-template s 0-999 127.0.0.1:8000 check port 8001 inter 100 fastinter 10 observe layer7
This patch will automatically address the case for the checks because
check tasks are created with multiple threads bound and will get the
TASK_SHARED_WQ flag set.
If in the future more tasks need to rely on this (multi-threaded muxes
for example) and the use of the global wait queue becomes a bottleneck
again, then it should not be too difficult to place locks on the local
wait queues and queue the task on its bound thread.
This patch needs to be backported to 2.1, 2.0 and 1.9. It depends on
previous patch "MINOR: task: only check TASK_WOKEN_ANY to decide to
requeue a task".
Many thanks to William Dauchy for providing detailed traces allowing to
spot the problem.
2019-12-19 01:39:06 -05:00
|
|
|
if (task->state & TASK_SHARED_WQ) {
|
2019-05-28 12:48:07 -04:00
|
|
|
/* FIXME: is it really needed to lock the WQ during the check ? */
|
|
|
|
|
HA_RWLOCK_WRLOCK(TASK_WQ_LOCK, &wq_lock);
|
2018-10-15 08:52:21 -04:00
|
|
|
if (task_in_wq(task))
|
|
|
|
|
when = tick_first(when, task->expire);
|
|
|
|
|
|
|
|
|
|
task->expire = when;
|
|
|
|
|
if (!task_in_wq(task) || tick_is_lt(task->expire, task->wq.key))
|
|
|
|
|
__task_queue(task, &timers);
|
2019-05-28 12:48:07 -04:00
|
|
|
HA_RWLOCK_WRUNLOCK(TASK_WQ_LOCK, &wq_lock);
|
2018-10-15 08:52:21 -04:00
|
|
|
} else
|
|
|
|
|
#endif
|
|
|
|
|
{
|
BUG/MAJOR: task: add a new TASK_SHARED_WQ flag to fix foreing requeuing
Since 1.9 with commit b20aa9eef3 ("MAJOR: tasks: create per-thread wait
queues") a task bound to a single thread will not use locks when being
queued or dequeued because the wait queue is assumed to be the owner
thread's.
But there exists a rare situation where this is not true: the health
check tasks may be running on one thread waiting for a response, and
may in parallel be requeued by another thread calling health_adjust()
after a detecting a response error in traffic when "observe l7" is set,
and "fastinter" is lower than "inter", requiring to shorten the running
check's timeout. In this case, the task being requeued was present in
another thread's wait queue, thus opening a race during task_unlink_wq(),
and gets requeued into the calling thread's wait queue instead of the
running one's, opening a second race here.
This patch aims at protecting against the risk of calling task_unlink_wq()
from one thread while the task is queued on another thread, hence unlocked,
by introducing a new TASK_SHARED_WQ flag.
This new flag indicates that a task's position in the wait queue may be
adjusted by other threads than then one currently executing it. This means
that such WQ manipulations must be performed under a lock. There are two
types of such tasks:
- the global ones, using the global wait queue (technically speaking,
those whose thread_mask has at least 2 bits set).
- some local ones, which for now will be placed into the global wait
queue as well in order to benefit from its lock.
The flag is automatically set on initialization if the task's thread mask
indicates more than one thread. The caller must also set it if it intends
to let other threads update the task's expiration delay (e.g. delegated
I/Os), or if it intends to change the task's affinity over time as this
could lead to the same situation.
Right now only the situation described above seems to be affected by this
issue, and it is very difficult to trigger, and even then, will often have
no visible effect beyond stopping the checks for example once the race is
met. On my laptop it is feasible with the following config, chained to
httpterm:
global
maxconn 400 # provoke FD errors, calling health_adjust()
defaults
mode http
timeout client 10s
timeout server 10s
timeout connect 10s
listen px
bind :8001
option httpchk /?t=50
server sback 127.0.0.1:8000 backup
server-template s 0-999 127.0.0.1:8000 check port 8001 inter 100 fastinter 10 observe layer7
This patch will automatically address the case for the checks because
check tasks are created with multiple threads bound and will get the
TASK_SHARED_WQ flag set.
If in the future more tasks need to rely on this (multi-threaded muxes
for example) and the use of the global wait queue becomes a bottleneck
again, then it should not be too difficult to place locks on the local
wait queues and queue the task on its bound thread.
This patch needs to be backported to 2.1, 2.0 and 1.9. It depends on
previous patch "MINOR: task: only check TASK_WOKEN_ANY to decide to
requeue a task".
Many thanks to William Dauchy for providing detailed traces allowing to
spot the problem.
2019-12-19 01:39:06 -05:00
|
|
|
BUG_ON((task->thread_mask & tid_bit) == 0); // should have TASK_SHARED_WQ
|
2018-10-15 08:52:21 -04:00
|
|
|
if (task_in_wq(task))
|
|
|
|
|
when = tick_first(when, task->expire);
|
2011-07-25 08:30:42 -04:00
|
|
|
|
2018-10-15 08:52:21 -04:00
|
|
|
task->expire = when;
|
|
|
|
|
if (!task_in_wq(task) || tick_is_lt(task->expire, task->wq.key))
|
2019-09-24 02:25:15 -04:00
|
|
|
__task_queue(task, &sched->timers);
|
2018-10-15 08:52:21 -04:00
|
|
|
}
|
2011-07-25 08:30:42 -04:00
|
|
|
}
|
|
|
|
|
|
2017-07-12 08:31:10 -04:00
|
|
|
/* This function register a new signal. "lua" is the current lua
|
|
|
|
|
* execution context. It contains a pointer to the associated task.
|
|
|
|
|
* "link" is a list head attached to an other task that must be wake
|
|
|
|
|
* the lua task if an event occurs. This is useful with external
|
2020-03-10 03:06:11 -04:00
|
|
|
* events like TCP I/O or sleep functions. This function allocate
|
2017-07-12 08:31:10 -04:00
|
|
|
* memory for the signal.
|
|
|
|
|
*/
|
|
|
|
|
static inline struct notification *notification_new(struct list *purge, struct list *event, struct task *wakeup)
|
|
|
|
|
{
|
2017-11-24 11:34:44 -05:00
|
|
|
struct notification *com = pool_alloc(pool_head_notification);
|
2017-07-12 08:31:10 -04:00
|
|
|
if (!com)
|
|
|
|
|
return NULL;
|
|
|
|
|
LIST_ADDQ(purge, &com->purge_me);
|
|
|
|
|
LIST_ADDQ(event, &com->wake_me);
|
2017-11-07 04:42:54 -05:00
|
|
|
HA_SPIN_INIT(&com->lock);
|
2017-07-12 08:31:10 -04:00
|
|
|
com->task = wakeup;
|
|
|
|
|
return com;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* This function purge all the pending signals when the LUA execution
|
|
|
|
|
* is finished. This prevent than a coprocess try to wake a deleted
|
|
|
|
|
* task. This function remove the memory associated to the signal.
|
2017-12-10 11:14:07 -05:00
|
|
|
* The purge list is not locked because it is owned by only one
|
|
|
|
|
* process. before browsing this list, the caller must ensure to be
|
|
|
|
|
* the only one browser.
|
2017-07-12 08:31:10 -04:00
|
|
|
*/
|
|
|
|
|
static inline void notification_purge(struct list *purge)
|
|
|
|
|
{
|
|
|
|
|
struct notification *com, *back;
|
|
|
|
|
|
|
|
|
|
/* Delete all pending communication signals. */
|
|
|
|
|
list_for_each_entry_safe(com, back, purge, purge_me) {
|
2017-11-07 04:42:54 -05:00
|
|
|
HA_SPIN_LOCK(NOTIF_LOCK, &com->lock);
|
2017-07-12 08:31:10 -04:00
|
|
|
LIST_DEL(&com->purge_me);
|
2017-07-16 18:14:07 -04:00
|
|
|
if (!com->task) {
|
2017-11-07 04:42:54 -05:00
|
|
|
HA_SPIN_UNLOCK(NOTIF_LOCK, &com->lock);
|
2017-11-24 11:34:44 -05:00
|
|
|
pool_free(pool_head_notification, com);
|
2017-07-16 18:14:07 -04:00
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
com->task = NULL;
|
2017-11-07 04:42:54 -05:00
|
|
|
HA_SPIN_UNLOCK(NOTIF_LOCK, &com->lock);
|
2017-07-12 08:31:10 -04:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2017-12-10 11:10:57 -05:00
|
|
|
/* In some cases, the disconnected notifications must be cleared.
|
2020-03-10 03:06:11 -04:00
|
|
|
* This function just release memory blocks. The purge list is not
|
2017-12-10 11:10:57 -05:00
|
|
|
* locked because it is owned by only one process. Before browsing
|
|
|
|
|
* this list, the caller must ensure to be the only one browser.
|
|
|
|
|
* The "com" is not locked because when com->task is NULL, the
|
|
|
|
|
* notification is no longer used.
|
|
|
|
|
*/
|
|
|
|
|
static inline void notification_gc(struct list *purge)
|
|
|
|
|
{
|
|
|
|
|
struct notification *com, *back;
|
|
|
|
|
|
|
|
|
|
/* Delete all pending communication signals. */
|
|
|
|
|
list_for_each_entry_safe (com, back, purge, purge_me) {
|
|
|
|
|
if (com->task)
|
|
|
|
|
continue;
|
|
|
|
|
LIST_DEL(&com->purge_me);
|
|
|
|
|
pool_free(pool_head_notification, com);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2017-07-12 08:31:10 -04:00
|
|
|
/* This function sends signals. It wakes all the tasks attached
|
|
|
|
|
* to a list head, and remove the signal, and free the used
|
2017-12-10 11:14:07 -05:00
|
|
|
* memory. The wake list is not locked because it is owned by
|
|
|
|
|
* only one process. before browsing this list, the caller must
|
|
|
|
|
* ensure to be the only one browser.
|
2017-07-12 08:31:10 -04:00
|
|
|
*/
|
|
|
|
|
static inline void notification_wake(struct list *wake)
|
|
|
|
|
{
|
|
|
|
|
struct notification *com, *back;
|
|
|
|
|
|
|
|
|
|
/* Wake task and delete all pending communication signals. */
|
|
|
|
|
list_for_each_entry_safe(com, back, wake, wake_me) {
|
2017-11-07 04:42:54 -05:00
|
|
|
HA_SPIN_LOCK(NOTIF_LOCK, &com->lock);
|
2017-07-12 08:31:10 -04:00
|
|
|
LIST_DEL(&com->wake_me);
|
2017-07-16 18:14:07 -04:00
|
|
|
if (!com->task) {
|
2017-11-07 04:42:54 -05:00
|
|
|
HA_SPIN_UNLOCK(NOTIF_LOCK, &com->lock);
|
2017-11-24 11:34:44 -05:00
|
|
|
pool_free(pool_head_notification, com);
|
2017-07-16 18:14:07 -04:00
|
|
|
continue;
|
|
|
|
|
}
|
2017-07-12 08:31:10 -04:00
|
|
|
task_wakeup(com->task, TASK_WOKEN_MSG);
|
2017-07-16 18:14:07 -04:00
|
|
|
com->task = NULL;
|
2017-11-07 04:42:54 -05:00
|
|
|
HA_SPIN_UNLOCK(NOTIF_LOCK, &com->lock);
|
2017-07-12 08:31:10 -04:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2018-05-30 05:40:08 -04:00
|
|
|
/* This function returns true is some notification are pending
|
|
|
|
|
*/
|
|
|
|
|
static inline int notification_registered(struct list *wake)
|
|
|
|
|
{
|
|
|
|
|
return !LIST_ISEMPTY(wake);
|
|
|
|
|
}
|
|
|
|
|
|
2019-07-12 02:31:17 -04:00
|
|
|
/* adds list item <item> to work list <work> and wake up the associated task */
|
2019-08-08 09:47:21 -04:00
|
|
|
static inline void work_list_add(struct work_list *work, struct mt_list *item)
|
2019-07-12 02:31:17 -04:00
|
|
|
{
|
MINOR: lists: rename some MT_LIST operations to clarify them
Initially when mt_lists were added, their purpose was to be used with
the scheduler, where anyone may concurrently add the same tasklet, so
it sounded natural to implement a check in MT_LIST_ADD{,Q}. Later their
usage was extended and MT_LIST_ADD{,Q} started to be used on situations
where the element to be added was exclusively owned by the one performing
the operation so a conflict was impossible. This became more obvious with
the idle connections and the new macro was called MT_LIST_ADDQ_NOCHECK.
But this remains confusing and at many places it's not expected that
an MT_LIST_ADD could possibly fail, and worse, at some places we start
by initializing it before adding (and the test is superflous) so let's
rename them to something more conventional to denote the presence of the
check or not:
MT_LIST_ADD{,Q} : inconditional operation, the caller owns the
element, and doesn't care about the element's
current state (exactly like LIST_ADD)
MT_LIST_TRY_ADD{,Q}: only perform the operation if the element is not
already added or in the process of being added.
This means that the previously "safe" MT_LIST_ADD{,Q} are not "safe"
anymore. This also means that in case of backport mistakes in the
future causing this to be overlooked, the slower and safer functions
will still be used by default.
Note that the missing unchecked MT_LIST_ADD macro was added.
The rest of the code will have to be reviewed so that a number of
callers of MT_LIST_TRY_ADDQ are changed to MT_LIST_ADDQ to remove
the unneeded test.
2020-07-10 02:10:29 -04:00
|
|
|
MT_LIST_TRY_ADDQ(&work->head, item);
|
2019-07-12 02:31:17 -04:00
|
|
|
task_wakeup(work->task, TASK_WOKEN_OTHER);
|
|
|
|
|
}
|
|
|
|
|
|
2020-06-04 11:25:40 -04:00
|
|
|
#endif /* _HAPROXY_TASK_H */
|
2006-06-25 20:48:02 -04:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Local variables:
|
|
|
|
|
* c-indent-level: 8
|
|
|
|
|
* c-basic-offset: 8
|
|
|
|
|
* End:
|
|
|
|
|
*/
|
