LinuxLists.cc - [PATCH]updated ipc lock patch

[permalink] [raw]

Subject: Re: [PATCH]updated ipc lock patch

On Thu, 24 Oct 2002, Andrew Morton wrote:
> mingming cao wrote:
> >
> > Hi Andrew,
> >
> > Here is the updated ipc lock patch:
>
> Well I can get you a bit of testing and attention, but I'm afraid
> my knowledge of the IPC code is negligible.
>
> So to be able to commend this change to Linus I'd have to rely on
> assurances from people who _do_ understand IPC (Hugh?) and on lots
> of testing.
>
> So yes, I'll include it, and would solicit success reports from
> people who are actually exercising that code path, thanks.

Manfred and I have both reviewed the patch (or the 2.5.44 version)
and we both recommend it highly (well, let Manfred speak for himself).

I can't claim great expertise on IPC (never on msg, but some on shm and
sem), but (unless there's an error we've missed) there's no change to
IPC functionality here - it's an exercise in "self-evidently" better
locking (there used to be just one spinlock covering all e.g. sems),
with RCU to avoid the dirty cacheline bouncing in earlier version.

And I rarely exercise IPC paths, except when testing if I change
something: I do hope someone else can vouch for it in practice,
we believe Mingming has devised a fine patch here.

Hugh

2002-10-24 23:21:50

[permalink] [raw]

Subject: Re: [PATCH]updated ipc lock patch

Andrew Morton wrote:
>
> mingming cao wrote:
> >
> > Hi Andrew,
> >
> > Here is the updated ipc lock patch:
>
> Well I can get you a bit of testing and attention, but I'm afraid
> my knowledge of the IPC code is negligible.
>
> So to be able to commend this change to Linus I'd have to rely on
> assurances from people who _do_ understand IPC (Hugh?) and on lots
> of testing.

Thanks for your quick feedback. I did LTP tests on it--it passed(well,
I saw a failure on shmctl(), but the failure was there since 2.5.43
kernel). I will do more stress tests on it soon.

Mingming

2002-10-24 23:24:31

by Andrew Morton

[permalink] [raw]

Subject: Re: [PATCH]updated ipc lock patch

Hugh Dickins wrote:
>
> ...
> Manfred and I have both reviewed the patch (or the 2.5.44 version)
> and we both recommend it highly (well, let Manfred speak for himself).
>

OK, thanks.

So I took a look. Wish I hadn't :( The locking rules in there
are outrageously uncommented. You must be brave people.

What about this code?

void ipc_rcu_free(void* ptr, int size)
{
struct rcu_ipc_free* arg;

arg = (struct rcu_ipc_free *) kmalloc(sizeof(*arg), GFP_KERNEL);
if (arg == NULL)
return;
arg->ptr = ptr;
arg->size = size;
call_rcu(&arg->rcu_head, ipc_free_callback, arg);
}

Are we sure that it's never called under locks?

And it seems that if the kmalloc fails, we decide to leak some
memory, yes?

If so it would be better to use GFP_ATOMIC there. Avoids any
locking problems and also increases the chance of the allocation
succeeding. (With an explanatory comment, naturally :)).

Even better: is it possible to embed the rcu_ipc_free inside the
object-to-be-freed? Perhaps not?

Stylistically, it is best to not typecast the return value
from kmalloc, btw. You should never typecast the return
value of anything which returns a void *, because it weakens
your compile-time checking. Example:

foo *bar = (foo *)zot();

The compiler will swallow that, regardless of what zot() returns.
Someone could go and change zot() to return a reiserfs_inode *
and you would never know about it. Whereas:

foo *bar = zot();

Says to the compiler "zot() must return a bar * or a void *",
which is much tighter checking, yes?

There is an insane amount of inlining in the ipc code. I
couldn't keep my paws off it.

Before:
mnm:/usr/src/25> size ipc/*.o
text data bss dec hex filename
28346 224 192 28762 705a ipc/built-in.o
7390 20 64 7474 1d32 ipc/msg.o
11236 16 64 11316 2c34 ipc/sem.o
8136 160 64 8360 20a8 ipc/shm.o
1584 0 0 1584 630 ipc/util.o

After:
mnm:/usr/src/25> size ipc/*.o
text data bss dec hex filename
19274 224 192 19690 4cea ipc/built-in.o
4846 20 64 4930 1342 ipc/msg.o
7636 16 64 7716 1e24 ipc/sem.o
4808 160 64 5032 13a8 ipc/shm.o
1984 0 0 1984 7c0 ipc/util.o

--- 25/ipc/util.h~ipc-akpm Thu Oct 24 16:03:32 2002
+++ 25-akpm/ipc/util.h Thu Oct 24 16:08:25 2002
@@ -54,63 +54,11 @@ void* ipc_alloc(int size);
void ipc_free(void* ptr, int size);
void ipc_rcu_free(void* arg, int size);

-extern inline struct kern_ipc_perm* ipc_get(struct ipc_ids* ids, int id)
-{
- struct kern_ipc_perm* out;
- int lid = id % SEQ_MULTIPLIER;
- if(lid >= ids->size)
- return NULL;
- rmb();
- out = ids->entries[lid].p;
- return out;
-}
-
-extern inline struct kern_ipc_perm* ipc_lock(struct ipc_ids* ids, int id)
-{
- struct kern_ipc_perm* out;
- int lid = id % SEQ_MULTIPLIER;
-
- rcu_read_lock();
- if(lid >= ids->size) {
- rcu_read_unlock();
- return NULL;
- }
- rmb();
- out = ids->entries[lid].p;
- if(out == NULL) {
- rcu_read_unlock();
- return NULL;
- }
- spin_lock(&out->lock);
-
- /* ipc_rmid() may have already freed the ID while ipc_lock
- * was spinning: here verify that the structure is still valid
- */
- if (out->deleted) {
- spin_unlock(&out->lock);
- rcu_read_unlock();
- return NULL;
- }
- return out;
-}
-
-extern inline void ipc_unlock(struct kern_ipc_perm* perm)
-{
- spin_unlock(&perm->lock);
- rcu_read_unlock();
-}
-
-extern inline int ipc_buildid(struct ipc_ids* ids, int id, int seq)
-{
- return SEQ_MULTIPLIER*seq + id;
-}
-
-extern inline int ipc_checkid(struct ipc_ids* ids, struct kern_ipc_perm* ipcp, int uid)
-{
- if(uid/SEQ_MULTIPLIER != ipcp->seq)
- return 1;
- return 0;
-}
+struct kern_ipc_perm* ipc_get(struct ipc_ids* ids, int id);
+struct kern_ipc_perm* ipc_lock(struct ipc_ids* ids, int id);
+void ipc_unlock(struct kern_ipc_perm* perm);
+int ipc_buildid(struct ipc_ids* ids, int id, int seq);
+int ipc_checkid(struct ipc_ids* ids, struct kern_ipc_perm* ipcp, int uid);

void kernel_to_ipc64_perm(struct kern_ipc_perm *in, struct ipc64_perm *out);
void ipc64_perm_to_ipc_perm(struct ipc64_perm *in, struct ipc_perm *out);
--- 25/ipc/util.c~ipc-akpm Thu Oct 24 16:07:07 2002
+++ 25-akpm/ipc/util.c Thu Oct 24 16:07:51 2002
@@ -359,6 +359,61 @@ void ipc64_perm_to_ipc_perm (struct ipc6
out->seq = in->seq;
}

+struct kern_ipc_perm* ipc_get(struct ipc_ids* ids, int id)
+{
+ struct kern_ipc_perm* out;
+ int lid = id % SEQ_MULTIPLIER;
+ if(lid >= ids->size)
+ return NULL;
+ rmb();
+ out = ids->entries[lid].p;
+ return out;
+}
+
+struct kern_ipc_perm* ipc_lock(struct ipc_ids* ids, int id)
+{
+ struct kern_ipc_perm* out;
+ int lid = id % SEQ_MULTIPLIER;
+
+ rcu_read_lock();
+ if(lid >= ids->size)
+ goto fail;
+ rmb();
+ out = ids->entries[lid].p;
+ if (out == NULL)
+ goto fail;
+ spin_lock(&out->lock);
+
+ /* ipc_rmid() may have already freed the ID while ipc_lock
+ * was spinning: here verify that the structure is still valid
+ */
+ if (!out->deleted)
+ return out;
+
+ spin_unlock(&out->lock);
+fail:
+ rcu_read_unlock();
+ return NULL;
+}
+
+void ipc_unlock(struct kern_ipc_perm* perm)
+{
+ spin_unlock(&perm->lock);
+ rcu_read_unlock();
+}
+
+int ipc_buildid(struct ipc_ids* ids, int id, int seq)
+{
+ return SEQ_MULTIPLIER*seq + id;
+}
+
+int ipc_checkid(struct ipc_ids* ids, struct kern_ipc_perm* ipcp, int uid)
+{
+ if(uid/SEQ_MULTIPLIER != ipcp->seq)
+ return 1;
+ return 0;
+}
+
#ifndef __ia64__

/**

.

2002-10-24 23:52:03

[permalink] [raw]

Subject: Re: [PATCH]updated ipc lock patch

On Thu, 24 Oct 2002, Andrew Morton wrote:
> Hugh Dickins wrote:
> >
> > ...
> > Manfred and I have both reviewed the patch (or the 2.5.44 version)
> > and we both recommend it highly (well, let Manfred speak for himself).
>
> OK, thanks.
>
> So I took a look. Wish I hadn't :( The locking rules in there
> are outrageously uncommented. You must be brave people.

Ah, we all like to criticize the lack of comments in others' code.

> What about this code?
>
> void ipc_rcu_free(void* ptr, int size)
> {
> struct rcu_ipc_free* arg;
>
> arg = (struct rcu_ipc_free *) kmalloc(sizeof(*arg), GFP_KERNEL);
> if (arg == NULL)
> return;
> arg->ptr = ptr;
> arg->size = size;
> call_rcu(&arg->rcu_head, ipc_free_callback, arg);
> }
>
> Are we sure that it's never called under locks?

Yes.

> And it seems that if the kmalloc fails, we decide to leak some
> memory, yes?

Yes, but why would it fail?
and what do you think should be the alternative?

> If so it would be better to use GFP_ATOMIC there. Avoids any
> locking problems and also increases the chance of the allocation
> succeeding. (With an explanatory comment, naturally :)).

There are no locking doubts here.
GFP_ATOMIC would _reduce_ the chance of the allocation succeeding:
GFP_KERNEL does include the __GFP_WAIT flag, GFP_ATOMIC does not.

> Even better: is it possible to embed the rcu_ipc_free inside the
> object-to-be-freed? Perhaps not?

It would certainly be possible (I did suggest it as a maybe),
but it's unclear whether it's worthwhile wasting the extra memory
longterm like that. Mingming chose not to embed, I see no reason
to overrule.

> Stylistically, it is best to not typecast the return value
> from kmalloc, btw. You should never typecast the return
> value of anything which returns a void *, because it weakens
> your compile-time checking. Example:
>
> foo *bar = (foo *)zot();
>
> The compiler will swallow that, regardless of what zot() returns.
> Someone could go and change zot() to return a reiserfs_inode *
> and you would never know about it. Whereas:
>
> foo *bar = zot();
>
> Says to the compiler "zot() must return a bar * or a void *",
> which is much tighter checking, yes?

You have too much time on your hands, Andrew :-)

> There is an insane amount of inlining in the ipc code. I
> couldn't keep my paws off it.

I agree tempting: I thought you might like that in a subsequent patch,
yes? Mingming was splitting locks, not doing a cleanup of inlines.

Hugh

2002-10-25 00:05:53

[permalink] [raw]

Subject: Re: [PATCH]updated ipc lock patch

Andrew Morton wrote:
>
> What about this code?
>
> void ipc_rcu_free(void* ptr, int size)
> {
> struct rcu_ipc_free* arg;
>
> arg = (struct rcu_ipc_free *) kmalloc(sizeof(*arg), GFP_KERNEL);
> if (arg == NULL)
> return;
> arg->ptr = ptr;
> arg->size = size;
> call_rcu(&arg->rcu_head, ipc_free_callback, arg);
> }
>
> Are we sure that it's never called under locks?
Did you see any place where this is called with lock(s) hold? Maybe
there is, but I could not see here. They are called from the functions
which are used by IPC code only. Inside IPC there is only spin_lock per
ID and sem_undo lock. Both of them are not hold when ipc_rcu_free is
called.

>
> And it seems that if the kmalloc fails, we decide to leak some
> memory, yes?
>

yes.

> If so it would be better to use GFP_ATOMIC there. Avoids any
> locking problems and also increases the chance of the allocation
> succeeding. (With an explanatory comment, naturally :)).
>

Good point. I agree GFP_ATOMIC fits better here.

> Even better: is it possible to embed the rcu_ipc_free inside the
> object-to-be-freed? Perhaps not?

Are you saying that have a static RCU header structure in the
object-to-be-freed? I think it's possible. It fits well in the rmid
case, where the object to be freed is an kern_ipc_perm structure. But
for the grow_ary() case, the object to be freed is a array of struct
ipc_id, so it need a little bit more changes there. Maybe add a new
structure ipc_entries, which include the RCU header structure and the
pointer to the entries array. Then have the ipc_ids->entries point to
ipc_entries. Just a little concern that this way we added a reference
when looking up the IPC ID from the array.

2002-10-25 00:31:00

by Rick Lindsley

[permalink] [raw]

Subject: Re: [Lse-tech] Re: [PATCH]updated ipc lock patch

slightly offtopic ...

> There is an insane amount of inlining in the ipc code. I
> couldn't keep my paws off it.

I agree tempting: I thought you might like that in a subsequent patch,
yes? Mingming was splitting locks, not doing a cleanup of inlines.

There was a time when "inline" was a very cool tool because it had been
judged that the overhead of actually calling a function was just too
heinous to contemplate. From comments in this and other discussions,
is it safe to say that the pendulum has now swung the other way? I see
a lot of people concerned about code size and apparently returning to
the axiom of "if you use it more than once, make it a function." Are
we as a community coming around to using inlining only on very tight,
very critical functions?

Rick

2002-10-25 00:18:31

by Andrew Morton

[permalink] [raw]

Subject: Re: [PATCH]updated ipc lock patch

mingming cao wrote:
>
> > Even better: is it possible to embed the rcu_ipc_free inside the
> > object-to-be-freed? Perhaps not?
>
> Are you saying that have a static RCU header structure in the
> object-to-be-freed? I think it's possible. It fits well in the rmid
> case, where the object to be freed is an kern_ipc_perm structure. But
> for the grow_ary() case, the object to be freed is a array of struct
> ipc_id, so it need a little bit more changes there. Maybe add a new
> structure ipc_entries, which include the RCU header structure and the
> pointer to the entries array. Then have the ipc_ids->entries point to
> ipc_entries. Just a little concern that this way we added a reference
> when looking up the IPC ID from the array.

This is a place where a mempool is appropriate. The objects have
a "guaranteed to be returned if you wait for long enough" lifecycle.

But Hugh's right here. The chance of the single-page GFP_KERNEL
allocation failing is tiny; the probability depending upon the
VM-of-the-day. Let's leave it be.

2002-10-25 01:01:40

by Robert Love

[permalink] [raw]

Subject: Re: [Lse-tech] Re: [PATCH]updated ipc lock patch

On Thu, 2002-10-24 at 20:35, Rick Lindsley wrote:

> There was a time when "inline" was a very cool tool because it had been
> judged that the overhead of actually calling a function was just too
> heinous to contemplate. From comments in this and other discussions,
> is it safe to say that the pendulum has now swung the other way? I see
> a lot of people concerned about code size and apparently returning to
> the axiom of "if you use it more than once, make it a function." Are
> we as a community coming around to using inlining only on very tight,
> very critical functions?

I think so, at least Andrew is championing us in that direction. But I
agree.

It somewhere became the notion if the function is small, it
automatically should be inlined. I suspect Andrew has even stricter
criteria than me (I think super small functions should be inlined) but
the general "its only a couple of lines" or "it could be a macro" are
not sufficient criterion for inlining.

So, my thoughts on suitable criteria would be:

- used only once and only ever in that one spot (i.e.
it really could be part of the caller, but it was pulled
out for cleanliness. Keep it inline to not have the
cleanliness cause a performance degradation (however
small)).

- small functions, where small is so small the function
overhead is nearly the same size. Stuff that might not
even do anything but return a permutation of an argument,
etc.

- very very time critical functions in time critical places

So that removes the previous criteria of "the function is N lines or
smaller" where N is some number less than 100 :)

Robert Love

2002-10-25 04:16:30

[permalink] [raw]

Subject: Re: [PATCH]updated ipc lock patch

On Thu, 24 Oct 2002 16:30:32 -0700
Andrew Morton <[email protected]> wrote:

> Hugh Dickins wrote:
> >
> > ...
> > Manfred and I have both reviewed the patch (or the 2.5.44 version)
> > and we both recommend it highly (well, let Manfred speak for himself).
> >
>
> OK, thanks.
>
> So I took a look. Wish I hadn't :( The locking rules in there
> are outrageously uncommented. You must be brave people.

Agreed. Here's my brief audit:

>+ int max_id = ids->max_id;
>
>- for (id = 0; id <= ids->max_id; id++) {
>+ read_barrier_depends();
>+ for (id = 0; id <= max_id; id++) {

That needs to be a rmb(), not a read_barrier_depends(). And like all
barriers, it *requires* a comment:
/* We must read max_id before reading any entries */

I can't see the following in the patch posted, but:
> void ipc_rcu_free(void* ptr, int size)
> {
> struct rcu_ipc_free* arg;
>
> arg = (struct rcu_ipc_free *) kmalloc(sizeof(*arg), GFP_KERNEL);
> if (arg == NULL)
> return;
> arg->ptr = ptr;
> arg->size = size;
> call_rcu(&arg->rcu_head, ipc_free_callback, arg);
> }

This is unacceptable crap, sorry. You *must* allocate the resources
required to free the object *at the time you allocate the object*,
since freeing must not fail.

> Even better: is it possible to embed the rcu_ipc_free inside the
> object-to-be-freed? Perhaps not?

Yes, this must be done.

Rusty.
--
there are those who do and those who hang on and you don't see too
many doers quoting their contemporaries. -- Larry McVoy

2002-10-25 05:30:26

by Manfred Spraul

[permalink] [raw]

Subject: Re: [PATCH]updated ipc lock patch

Andrew Morton wrote:

>Hugh Dickins wrote:
>
>
>>...
>>Manfred and I have both reviewed the patch (or the 2.5.44 version)
>>and we both recommend it highly (well, let Manfred speak for himself).
>>
>>
>>
>
>OK, thanks.
>
>So I took a look. Wish I hadn't :( The locking rules in there
>are outrageously uncommented. You must be brave people.
>
>
Ahm. No idea who wrote the current locking. But the patch is very nice,
it reduces the lock contention without increasing the number of spinlock
calls.

--
Manfred

2002-10-25 05:53:29

[permalink] [raw]

Subject: Re: [PATCH]updated ipc lock patch

Rusty Russell wrote:
>
>
> Here's my brief audit:
>
> >+ int max_id = ids->max_id;
> >
> >- for (id = 0; id <= ids->max_id; id++) {
> >+ read_barrier_depends();
> >+ for (id = 0; id <= max_id; id++) {
>
> That needs to be a rmb(), not a read_barrier_depends().

Thanks for spending some time reviewing the barriers for me. While I was
thinking the reason why a rmb is needed here, I found that maybe we
don't need a barrier here at all. Since ipc_findkey()(the code above)
and the grow_ary() are both protected by ipc_ids.sem(there missing
document for this), so both the max_id and the the entries array seen by
ipc_findkey should be the latest one.

Also I think it's safe to remove the rmb() in ipc_get() for the same
reason. ipc_get() is only used by shm_get_stat() through shm_get() and
is called with the shm_ids.sem protected. (Maybe ipc_get should be
removed totally?)

> And like all
> barriers, it *requires* a comment:
> /* We must read max_id before reading any entries */
>
Sure. I will add such comments on all places where barriers are being
used. I will do as much as I can to add more comments in the code about
what lock/sem are hold before/after the funtion is called.:-)

> I can't see the following in the patch posted, but:
> > void ipc_rcu_free(void* ptr, int size)
> > {
> > struct rcu_ipc_free* arg;
> >
> > arg = (struct rcu_ipc_free *) kmalloc(sizeof(*arg), GFP_KERNEL);
> > if (arg == NULL)
> > return;
> > arg->ptr = ptr;
> > arg->size = size;
> > call_rcu(&arg->rcu_head, ipc_free_callback, arg);
> > }
>
> This is unacceptable crap, sorry. You *must* allocate the resources
> required to free the object *at the time you allocate the object*,
> since freeing must not fail.
>
> > Even better: is it possible to embed the rcu_ipc_free inside the
> > object-to-be-freed? Perhaps not?
>
> Yes, this must be done.
>
I thought about embed rcu_ipc_free inside the ipc_ids structure before.
But there could be a problem if grow_ary() is called again before the
old array associated with the previous grow_ary() has not scheduled to
be freed yet. I see a need to do that now, as you made very good point.
I will make the changes tomorrow.

Thanks a lot for your comments.

Mingming

2002-10-25 07:22:09

[permalink] [raw]

Subject: Re: [PATCH]updated ipc lock patch

In message <[email protected]> you write:
> > This is unacceptable crap, sorry. You *must* allocate the resources
> > required to free the object *at the time you allocate the object*,
> > since freeing must not fail.
> >
> > > Even better: is it possible to embed the rcu_ipc_free inside the
> > > object-to-be-freed? Perhaps not?
> >
> > Yes, this must be done.
> >
> I thought about embed rcu_ipc_free inside the ipc_ids structure before.
> But there could be a problem if grow_ary() is called again before the
> old array associated with the previous grow_ary() has not scheduled to
> be freed yet. I see a need to do that now, as you made very good point.
> I will make the changes tomorrow.

You don't need to allocate it in the object, but you *do* need to fail
grow_ary() if you can't allocate it.

I had the same dilemma when I tried to write a generic "kfree_rcu(void
*)" last year: you simply can't do it 8(

Cheers,
Rusty.
--
Anyone who quotes me in their sig is an idiot. -- Rusty Russell.

2002-10-25 14:25:08

by Paul Larson

[permalink] [raw]

Subject: Re: [Lse-tech] Re: [PATCH]updated ipc lock patch

On Thu, 2002-10-24 at 18:23, mingming cao wrote:
> Thanks for your quick feedback. I did LTP tests on it--it passed(well,
> I saw a failure on shmctl(), but the failure was there since 2.5.43
> kernel). I will do more stress tests on it soon.
Which shmctl() test is this? To my knowledge, there are no current
known issues with shmctl tests. There is however one with sem02 in
semctl() that last I heard has been partially fixed in the kernel and
still needs to be fixed in glibc. Is that the one you are referring to,
or is there really some other shmctl test in LTP that is failing?

Thanks,
Paul Larson

2002-10-25 16:47:21

by Rik van Riel

[permalink] [raw]

Subject: Re: [PATCH]updated ipc lock patch

On Thu, 24 Oct 2002, Andrew Morton wrote:

> And it seems that if the kmalloc fails, we decide to leak some
> memory, yes?
>
> If so it would be better to use GFP_ATOMIC there. Avoids any
> locking problems and also increases the chance of the allocation
> succeeding. (With an explanatory comment, naturally :)).

Actually, under memory load GFP_KERNEL will wait for the
memory to become available, while GFP_ATOMIC will fail.

Using GFP_ATOMIC here will probably increase the risk of
a memory leak.

regards,

Rik
--
Bravely reimplemented by the knights who say "NIH".
http://www.surriel.com/ http://distro.conectiva.com/
Current spamtrap: <a href=mailto:"[email protected]">[email protected]</a>

2002-10-25 17:14:44

by Cliff White

[permalink] [raw]

Subject: Re: [PATCH]updated ipc lock patch

> mingming cao wrote:
> >
> > Hi Andrew,
> >
> > Here is the updated ipc lock patch:
>
> Well I can get you a bit of testing and attention, but I'm afraid
> my knowledge of the IPC code is negligible.
>
> So to be able to commend this change to Linus I'd have to rely on
> assurances from people who _do_ understand IPC (Hugh?) and on lots
> of testing.
>
> So yes, I'll include it, and would solicit success reports from
> people who are actually exercising that code path, thanks.
>
> > http://www.osdl.org/projects/dbt1prfrns/results/mingming/index.html
>
> DBT1 is really interesting, and I'm glad the OSDL team have
> put it together. If people would only stop sending me patches
> I'd be using it ;)
>
Thank you very much for that :)

> Could someone please help explain the results? Comparing, say,
> http://www.osdl.org/projects/dbt1prfrns/results/mingming/run.2cpu.42-mm2.r5/index.html
> and
> http://www.osdl.org/projects/dbt1prfrns/results/mingming/run.18.r5/index.html
>
> It would appear that 2.5 completely smoked 2.4 on response time,
> yet the overall bogotransactions/sec is significantly lower.
> What should we conclude from this?

Whoa - we ran these 5 times for an average. The 2.5 run you picked was the
'off' run -
It has the worse results. You will notice on this run, there are a large
number of errors
which didn't happen on the other runs - this lowered the BT/sec number. Use
one of the
other 2.5 ones and you'll see something more sensible. ( say, 42-mm2.r3)
Unfortunately,
on average, 2.4 still beats 2.5 on both response time and BT's

2.5.42-mm2 2.5.42-mm2-ipclock 2.4.18
Average over 5 runs 85.0 BT 89.8 BT 96.92 BT
Std Deviation 5 runs 7.4 BT 1.0 BT 2.07 BT
Average of best 4 runs 88.15 BT 90.2 BT 97.2 BT
Std Deviation 4 run 2.8 BT 0.5 BT 2.3 BT
>
One other place to start comparing is in the system information which is at
the bottom of the page.
Some points (might be minor) :
Cpu statistics:
2.4.18 - cpu %idle averages around 1.5% %system swings between 3-7% %nice
steady at ~3.6%
2.5.42-mm2 cpu %idle 0.0 all thru run, %system steady at ~6% % nice up ~5.5
Swap (sar -r)
Very slight differences - we consumed ~98% of the memory in both cases, 2.4
swapped a little
bit (%28) more than 2.5 (%26)
We also include profile data for both the load and run phase. (profile=2)

> Also I see:
>
> 14.7 minute duration
> and
> Time for DBT run 19:36
>
> What is the 14.7 minutes referring to?
>
The 14.7 minute time comes from the workload driver log, which are parsed to
get the
response numbers. The 'Time for' stamps come from the master driver script,
and include some
of the workload startup and shutdown time. The workload driver waits a bit to
be sure things are
stable, before the official run data is collected. The script timestamp waits
until the run clients are
dead. So there's always a bit of a delta between the two.

> Also:
>
> 2.5: Time for key creation 1:27
> 2.4: Time for key creation 14:24
> versus:
> 2.5: Time for table creation 16:48
> 2.4: Time for table creation 8:58
>

This is a Mystery Question - we don't have an answer, we were hoping _you
would see something :)
Table creation involves sequential inserts of data from a flat file to an
SAPDB B-tree on a devspace.
Our devspace is a raw device, so we're doing raw io, plus some processing.
This op is write-intensive
'Key creation' is establishing a foreign key column contraint on various
tables. For each table, it examines every row in the table,
looks up (does a B-tree index lookup) the column value in a second table to
find a specific primary key that matches the
column value in the first table. So again, some I/O, a bit of processing. Key
creation (foreign key) is read-intensive.
Also interesting is the delta in index creation:
2.5 Time for index creation 27:58
2.4 Time for index creation 17:21
Index creation requires a read of the table, a sort, then creation of a B-tree
index. Both the index and
table creates build a B-tree for SAP-DB ( both run slower on 2.5 ) - the table
creation does no sorting.
We also notice that the times for both index and key creation varies a bit
more across runs with the -mm2 kernel,
as shown by the standard deviation across the runs.
mingming and 2.4.18 are a bit more consistent. ( we threw out -mm2 run 5 for
this average, due to the errors)

Results are: average time[std dev]
Action 2.4.18 2.5.42-mm2 2.5.42-mm2-ipclock
table create 8:55 [0:04] 19:03 [2:40] 19.39 [0:50]
index create 17:17 [0:11] 25:19 [5:31] 28:05 [0:02]
key create 14:23 [0:16] 15:21 [6:37] 18:46 [0:17]

Also interesting is -mm2 run2 - foreign key creation took 5:26, the run
completed with no errors...why so fast, only one time?
It is an ongoing mystery. We Just Don't Know Why Right Now.
We are working on better data capture of db/run errors, and we'd love to hear
suggestions
on improving the instrumentation.

> So it's all rather confusing. Masses of numbers usually _are_
> confusing. What really adds tons of value to such an exercise is
> for the person who ran the test to write up some conclusions.

Yes, agreed. We don't yet know enough to map from test results to an exact
kernel area.
We just added a database expert to staff (Mary Edie Meredith) so we intend to
get better.
We'll probably be nagging you a bit, and again we very much appreciate all
suggestions.

To
> tell the developers what went well, what went poorly, what areas
> to focus on, etc. To use your own judgement to tell us what to
> zoom in on.
>
> Is that something which could be added?
>
It is something we are working on adding.
cliffw

>
> -------------------------------------------------------
> This sf.net email is sponsored by: Influence the future
> of Java(TM) technology. Join the Java Community
> Process(SM) (JCP(SM)) program now.
> http://ads.sourceforge.net/cgi-bin/redirect.pl?sunm0003en
> _______________________________________________
> Lse-tech mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/lse-tech
>

------- End of Forwarded Message

2002-10-28 01:00:55

[permalink] [raw]

Subject: Re: [PATCH]updated ipc lock patch

In message <[email protected]> you
write:
> On Sun, 27 Oct 2002, Rusty Russell wrote:
> >
> > You can't do that. It's the price you pay. It's nonsensical to fail
> > to destroy an shm or sem.
>
> Ironic, but not nonsensical.

Yes, nonsensical. Firstly, it's in violation of the standard to fail
IPC_RMID under random circumstances. Secondly, failing to clean up is
an unhandlable error, since you're quite possible in the failure path
of the code already. This is a well known issue.

> > Using a mempool is putting your head in the sand, because it's use is
> > not bounded. Might as well just ignore kmalloc failures and leak
> > memory, which is *really* dumb, because if we get killed by the
> > oom-killer because we're out of memory, and that results in IPC trying
> > to free.
>
> Bounded in what sense? The mempool is dedicated to ipc freeing, it's
> not being drawn on by other kinds of use. In the OOM-kill case of
> actually getting down to using the reserved pool, each reserved item
> will be returned when RCU (and, in the vfree case, the additional
> scheduled work) has done with it. Unbounded in that we cannot say
> how many milliseconds that will take, but so what?

Two oom kills. Three oom kills. Four oom kills. Where's the bound
here?

Our allocator behavior for GFP_KERNEL has changed several times. Are
you sure that it won't *ever* fail under other circomstances?

> Okay (I expect, didn't review it) for just the ids arrays, but too much
> memory waste if we have to allocate for each msq, sema, shm: if there's
> a better solution available. mempool looks better to us.

It's a hacky, fragile and incorrect solution. It's completely
tasteless.

There are *three* things this patch does, and it's not clear which
ones helped the dbt1 benchmark (and I can't find the source). But
let's assume they're all good optimizations (*cough*).

In order to save 12 bytes, you've added dozens of lines of subtle,
fragile, incorrect code. You honestly think this is a worthwhile
tradeoff?

> > Hope that helps,
>
> Not yet. You seem to have had a bad experience with something like
> this (the mempools or the RCU or the combination), and you're warning
> us away without actually telling us what you found.

I *wrote* the RCU interface (though the implementation in 2.5 isn't
mine). I thought it was pretty clear how it was supposed to be used.
Obviously, I was wrong.

> I suspect that whatever it was that you found, is not relevant to
> this IPC case.

Clear code vs. bad code? Definitely relevent here.

Patch below is against Mingming's mm4 release. Compiles, untested.
Rusty.
--
Anyone who quotes me in their sig is an idiot. -- Rusty Russell.

Commentry: There are several cases where ipc_alloc is *always*
followed by ipc_free, so the extra allocation is gratuitous, but these
are temporary allocations and the extra size is not critical.

diff -urpN --exclude TAGS -X /home/rusty/devel/kernel/kernel-patches/current-dontdiff --minimal working-2.5.44-mm4-ipc-rcu/include/linux/msg.h working-2.5.44-mm4-ipc-rcu-fix/include/linux/msg.h
--- working-2.5.44-mm4-ipc-rcu/include/linux/msg.h 2002-07-21 17:43:10.000000000 +1000
+++ working-2.5.44-mm4-ipc-rcu-fix/include/linux/msg.h 2002-10-28 11:12:54.000000000 +1100
@@ -2,6 +2,7 @@
#define _LINUX_MSG_H

#include <linux/ipc.h>
+#include <linux/rcupdate.h>

/* ipcs ctl commands */
#define MSG_STAT 11
@@ -90,6 +91,8 @@ struct msg_queue {
struct list_head q_messages;
struct list_head q_receivers;
struct list_head q_senders;
+
+ struct rcu_head q_free; /* Used to free this via rcu */
};

asmlinkage long sys_msgget (key_t key, int msgflg);
diff -urpN --exclude TAGS -X /home/rusty/devel/kernel/kernel-patches/current-dontdiff --minimal working-2.5.44-mm4-ipc-rcu/include/linux/sem.h working-2.5.44-mm4-ipc-rcu-fix/include/linux/sem.h
--- working-2.5.44-mm4-ipc-rcu/include/linux/sem.h 2002-06-06 21:38:40.000000000 +1000
+++ working-2.5.44-mm4-ipc-rcu-fix/include/linux/sem.h 2002-10-28 11:24:39.000000000 +1100
@@ -2,6 +2,7 @@
#define _LINUX_SEM_H

#include <linux/ipc.h>
+#include <linux/rcupdate.h>

/* semop flags */
#define SEM_UNDO 0x1000 /* undo the operation on exit */
@@ -94,6 +95,7 @@ struct sem_array {
struct sem_queue **sem_pending_last; /* last pending operation */
struct sem_undo *undo; /* undo requests on this array */
unsigned long sem_nsems; /* no. of semaphores in array */
+ struct rcu_head sem_free; /* used to rcu free array. */
};

/* One queue for each sleeping process in the system. */
diff -urpN --exclude TAGS -X /home/rusty/devel/kernel/kernel-patches/current-dontdiff --minimal working-2.5.44-mm4-ipc-rcu/ipc/util.c working-2.5.44-mm4-ipc-rcu-fix/ipc/util.c
--- working-2.5.44-mm4-ipc-rcu/ipc/util.c 2002-10-28 11:08:35.000000000 +1100
+++ working-2.5.44-mm4-ipc-rcu-fix/ipc/util.c 2002-10-28 12:01:09.000000000 +1100
@@ -213,21 +213,49 @@ struct kern_ipc_perm* ipc_rmid(struct ip
return p;
}

+struct ipc_rcu_kmalloc
+{
+ struct rcu_head rcu;
+ /* "void *" makes sure alignment of following data is sane. */
+ void *data[0];
+};
+
+struct ipc_rcu_vmalloc
+{
+ struct rcu_head rcu;
+ struct work_struct work;
+ /* "void *" makes sure alignment of following data is sane. */
+ void *data[0];
+};
+
+static inline int use_vmalloc(int size)
+{
+ /* Too big for a single page? */
+ if (sizeof(struct ipc_rcu_kmalloc) + size > PAGE_SIZE)
+ return 1;
+ return 0;
+}
+
/**
* ipc_alloc - allocate ipc space
* @size: size desired
*
* Allocate memory from the appropriate pools and return a pointer to it.
- * NULL is returned if the allocation fails
+ * NULL is returned if the allocation fails. This can be freed with
+ * ipc_free (to free immediately) or ipc_rcu_free (to free once safe).
*/
-
void* ipc_alloc(int size)
{
void* out;
- if(size > PAGE_SIZE)
- out = vmalloc(size);
- else
- out = kmalloc(size, GFP_KERNEL);
+ /* We prepend the allocation with the rcu struct, and
+ workqueue if necessary (for vmalloc). */
+ if (use_vmalloc(size)) {
+ out = vmalloc(sizeof(struct ipc_rcu_vmalloc) + size);
+ if (out) out += sizeof(struct ipc_rcu_vmalloc);
+ } else {
+ out = kmalloc(sizeof(struct ipc_rcu_kmalloc)+size, GFP_KERNEL);
+ if (out) out += sizeof(struct ipc_rcu_kmalloc);
+ }
return out;
}

@@ -242,48 +270,36 @@ void* ipc_alloc(int size)

void ipc_free(void* ptr, int size)
{
- if(size > PAGE_SIZE)
- vfree(ptr);
+ if (use_vmalloc(size))
+ vfree(ptr - sizeof(struct ipc_rcu_vmalloc));
else
- kfree(ptr);
+ kfree(ptr - sizeof(struct ipc_rcu_kmalloc));
}

/*
* Since RCU callback function is called in bh,
* we need to defer the vfree to schedule_work
*/
-static void ipc_free_scheduled(void* arg)
+static void ipc_schedule_free(void *arg)
{
- struct rcu_ipc_free *a = (struct rcu_ipc_free *)arg;
- vfree(a->ptr);
- kfree(a);
-}
+ struct ipc_rcu_vmalloc *free = arg;

-static void ipc_free_callback(void* arg)
-{
- struct rcu_ipc_free *a = (struct rcu_ipc_free *)arg;
- /*
- * if data is vmalloced, then we need to delay the free
- */
- if (a->size > PAGE_SIZE) {
- INIT_WORK(&a->work, ipc_free_scheduled, arg);
- schedule_work(&a->work);
- } else {
- kfree(a->ptr);
- kfree(a);
- }
+ INIT_WORK(&free->work, vfree, free);
+ schedule_work(&free->work);
}

void ipc_rcu_free(void* ptr, int size)
{
- struct rcu_ipc_free* arg;
-
- arg = (struct rcu_ipc_free *) kmalloc(sizeof(*arg), GFP_KERNEL);
- if (arg == NULL)
- return;
- arg->ptr = ptr;
- arg->size = size;
- call_rcu(&arg->rcu_head, ipc_free_callback, arg);
+ if (use_vmalloc(size)) {
+ struct ipc_rcu_vmalloc *free;
+ free = ptr - sizeof(*free);
+ call_rcu(&free->rcu, ipc_schedule_free, free);
+ } else {
+ struct ipc_rcu_kmalloc *free;
+ free = ptr - sizeof(*free);
+ /* kfree takes a "const void *" so gcc warns. So we cast. */
+ call_rcu(&free->rcu, (void (*)(void *))kfree, free);
+ }
}

/**

2002-10-28 01:11:02

[permalink] [raw]

Subject: Re: [PATCH]updated ipc lock patch

> diff -urpN --exclude TAGS -X /home/rusty/devel/kernel/kernel-patches/current-dontdiff --minimal working-2.5.44-mm4-ipc-rcu/include/linux/msg.h working-2.5.44-mm4-ipc-rcu-fix/include/linux/msg.h
> --- working-2.5.44-mm4-ipc-rcu/include/linux/msg.h 2002-07-21 17:43:10.000000000 +1000
> +++ working-2.5.44-mm4-ipc-rcu-fix/include/linux/msg.h 2002-10-28 11:12:54.000000000 +1100

Oops. That patch had some fluff in msg.h and sem.h. Delete those, or
just use this instead (still against Mingming's mm4 "ignore kmalloc
failure" patch):

diff -urpN --exclude TAGS -X /home/rusty/devel/kernel/kernel-patches/current-dontdiff --minimal working-2.5.44-mm4-ipc-rcu/ipc/util.c working-2.5.44-mm4-ipc-rcu-fix/ipc/util.c
--- working-2.5.44-mm4-ipc-rcu/ipc/util.c 2002-10-28 11:08:35.000000000 +1100
+++ working-2.5.44-mm4-ipc-rcu-fix/ipc/util.c 2002-10-28 12:01:09.000000000 +1100
@@ -213,21 +213,49 @@ struct kern_ipc_perm* ipc_rmid(struct ip
return p;
}

+struct ipc_rcu_kmalloc
+{
+ struct rcu_head rcu;
+ /* "void *" makes sure alignment of following data is sane. */
+ void *data[0];
+};
+
+struct ipc_rcu_vmalloc
+{
+ struct rcu_head rcu;
+ struct work_struct work;
+ /* "void *" makes sure alignment of following data is sane. */
+ void *data[0];
+};
+
+static inline int use_vmalloc(int size)
+{
+ /* Too big for a single page? */
+ if (sizeof(struct ipc_rcu_kmalloc) + size > PAGE_SIZE)
+ return 1;
+ return 0;
+}
+
/**
* ipc_alloc - allocate ipc space
* @size: size desired
*
* Allocate memory from the appropriate pools and return a pointer to it.
- * NULL is returned if the allocation fails
+ * NULL is returned if the allocation fails. This can be freed with
+ * ipc_free (to free immediately) or ipc_rcu_free (to free once safe).
*/
-
void* ipc_alloc(int size)
{
void* out;
- if(size > PAGE_SIZE)
- out = vmalloc(size);
- else
- out = kmalloc(size, GFP_KERNEL);
+ /* We prepend the allocation with the rcu struct, and
+ workqueue if necessary (for vmalloc). */
+ if (use_vmalloc(size)) {
+ out = vmalloc(sizeof(struct ipc_rcu_vmalloc) + size);
+ if (out) out += sizeof(struct ipc_rcu_vmalloc);
+ } else {
+ out = kmalloc(sizeof(struct ipc_rcu_kmalloc)+size, GFP_KERNEL);
+ if (out) out += sizeof(struct ipc_rcu_kmalloc);
+ }
return out;
}

@@ -242,48 +270,36 @@ void* ipc_alloc(int size)

void ipc_free(void* ptr, int size)
{
- if(size > PAGE_SIZE)
- vfree(ptr);
+ if (use_vmalloc(size))
+ vfree(ptr - sizeof(struct ipc_rcu_vmalloc));
else
- kfree(ptr);
+ kfree(ptr - sizeof(struct ipc_rcu_kmalloc));
}

/*
* Since RCU callback function is called in bh,
* we need to defer the vfree to schedule_work
*/
-static void ipc_free_scheduled(void* arg)
+static void ipc_schedule_free(void *arg)
{
- struct rcu_ipc_free *a = (struct rcu_ipc_free *)arg;
- vfree(a->ptr);
- kfree(a);
-}
+ struct ipc_rcu_vmalloc *free = arg;

-static void ipc_free_callback(void* arg)
-{
- struct rcu_ipc_free *a = (struct rcu_ipc_free *)arg;
- /*
- * if data is vmalloced, then we need to delay the free
- */
- if (a->size > PAGE_SIZE) {
- INIT_WORK(&a->work, ipc_free_scheduled, arg);
- schedule_work(&a->work);
- } else {
- kfree(a->ptr);
- kfree(a);
- }
+ INIT_WORK(&free->work, vfree, free);
+ schedule_work(&free->work);
}

void ipc_rcu_free(void* ptr, int size)
{
- struct rcu_ipc_free* arg;
-
- arg = (struct rcu_ipc_free *) kmalloc(sizeof(*arg), GFP_KERNEL);
- if (arg == NULL)
- return;
- arg->ptr = ptr;
- arg->size = size;
- call_rcu(&arg->rcu_head, ipc_free_callback, arg);
+ if (use_vmalloc(size)) {
+ struct ipc_rcu_vmalloc *free;
+ free = ptr - sizeof(*free);
+ call_rcu(&free->rcu, ipc_schedule_free, free);
+ } else {
+ struct ipc_rcu_kmalloc *free;
+ free = ptr - sizeof(*free);
+ /* kfree takes a "const void *" so gcc warns. So we cast. */
+ call_rcu(&free->rcu, (void (*)(void *))kfree, free);
+ }
}

/**

--
Anyone who quotes me in their sig is an idiot. -- Rusty Russell.

2002-10-28 01:20:20

by Davide Libenzi

[permalink] [raw]

Subject: Re: [PATCH]updated ipc lock patch

On Mon, 28 Oct 2002, Rusty Russell wrote:

> +struct ipc_rcu_kmalloc
> +{
> + struct rcu_head rcu;
> + /* "void *" makes sure alignment of following data is sane. */
> + void *data[0];
> +};

Rusty, why not using gcc "aligned" keywords instead of black magic :

void *data[0];

- Davide

2002-10-28 04:36:49

[permalink] [raw]

Subject: Re: [PATCH]updated ipc lock patch

In message <[email protected]> y
ou write:
> On Mon, 28 Oct 2002, Rusty Russell wrote:
>
> > +struct ipc_rcu_kmalloc
> > +{
> > + struct rcu_head rcu;
> > + /* "void *" makes sure alignment of following data is sane. */
> > + void *data[0];
> > +};
>
> Rusty, why not using gcc "aligned" keywords instead of black magic :
>
> void *data[0];

I think it's clearer *why* it's being done than:

struct ipc_rcu_kmalloc
{
struct rcu_head rcu;
} __attribute__((aligned(__alignof__(void *))));

And simpler than:

struct ipc_rcu_kmalloc
{
struct rcu_head rcu;
/* "void *" makes sure alignment of following data is sane. */
char data[0] __attribute__((aligned(__alignof__(void *))));
};

Rusty.
--
Anyone who quotes me in their sig is an idiot. -- Rusty Russell.

2002-10-28 14:14:38

[permalink] [raw]

Subject: Re: [PATCH]updated ipc lock patch

You may prefer to skip the history and goto Your_patch;

On Mon, 28 Oct 2002, Rusty Russell wrote:
> In message <[email protected]> you
> write:
> > On Sun, 27 Oct 2002, Rusty Russell wrote:
> > >
> > > You can't do that. It's the price you pay. It's nonsensical to fail
> > > to destroy an shm or sem.
> >
> > Ironic, but not nonsensical: remember, this would only happen (if we
> > abandoned the mempool method and) the task trying to free is itself
> > being OOM-killed - sometimes, OOM-killing will kill the very task
> > that might have gone on to free even more memory, just a sad fact.

(Since you're bringing our discussion to linux-kernel,
I've restored the full paragraph of my side of the argument above.)

> Yes, nonsensical. Firstly, it's in violation of the standard to fail
> IPC_RMID under random circumstances. Secondly, failing to clean up is
> an unhandlable error, since you're quite possible in the failure path
> of the code already. This is a well known issue.

The task which would have failed was being OOM-killed: it's not even
going to get back to userspace. It might have been OOM-killed just
before it tried to IPC_RMID, but it happened during, that's all.
I think OOM-killing lies, shall we say, outside the standard?

But that's all irrelevant: we (Andrew tidied patch by Mingming
following recommendation by me of solution by Andrew) added the
mempool so that it will surely succeed, as you insisted, even if
OOM-kill intervenes at the worst moment.

> > > Using a mempool is putting your head in the sand, because it's use is
> > > not bounded. Might as well just ignore kmalloc failures and leak
> > > memory, which is *really* dumb, because if we get killed by the
> > > oom-killer because we're out of memory, and that results in IPC trying
> > > to free.
> >
> > Bounded in what sense? The mempool is dedicated to ipc freeing, it's
> > not being drawn on by other kinds of use. In the OOM-kill case of
> > actually getting down to using the reserved pool, each reserved item
> > will be returned when RCU (and, in the vfree case, the additional
> > scheduled work) has done with it. Unbounded in that we cannot say
> > how many milliseconds that will take, but so what?
>
> Two oom kills. Three oom kills. Four oom kills. Where's the bound
> here?

No bound to the number of possible OOM kills, but what problem is that?
I got excited for a few minutes when I thought you were saying that the
task being OOM-killed would exit holding on to its mempool buffer. But
that's not so, is it? We'd have wider, more serious resource problems
with OOM kills if that were so.

> Our allocator behavior for GFP_KERNEL has changed several times. Are
> you sure that it won't *ever* fail under other circomstances?

Well, I'll be surprised if we change kmalloc(GFP_KERNEL) to fail for
reasons other than memory shortage ("insufficient privilege"? hmm,
we'd change the names before that); though how hard it tries to decide
if there's really a memory shortage certainly changes from one kernel
to another. But so long as it doesn't fail very often in normal
circumstances, it's okay: the reserved mempool buffers back it up.

> > Okay (I expect, didn't review it) for just the ids arrays, but too much
> > memory waste if we have to allocate for each msq, sema, shm: if there's
> > a better solution available. mempool looks better to us.
>
> It's a hacky, fragile and incorrect solution. It's completely
> tasteless.

I guess it's a step forward that you haven't called it senseless.
Hacky, tasteless? Maybe, depends on your taste. I'm inclined to
counter that it's _fashionable_, which holds about as much weight.
But fragile, incorrect? You've repeatedly failed to argue that.

> In order to save 12 bytes, you've added dozens of lines of subtle,
> fragile, incorrect code. You honestly think this is a worthwhile
> tradeoff?

I thought mempool was the best way to go, to avoid wasting 80 bytes
per msq, sema, shmseg - I thought it would get ugly (hacky, tasteless)
to avoid the struct work overhead in some cases and not others.

Your_patch shows that it need not be ugly, and reduces the normal
waste to 16 bytes per msq, sema, shmseg. These are not struct pages,
that amount will often be wasted by cacheline alignment too, so I'm
not going to get into a fight over it.

I think your patch looks quite nice - apart from the subtle hacky
fragile tasteless void *data[0]; but if something like that is
necessary, I'm sure someone can come up with a better there.

If Andrew or Mingming likes it and wants to replace the mempool
solution by yours, I'm not going to object (but if that is done,
remove struct rcu_ipc_free from ipc/util.h, and move its includes
of rcupdate.h and workqueue.h to ipc/util.c). If they prefer the
mempool method, that's fine with me too.

But I wish you'd introduced your patch as "Here, I think this is
a nicer way of doing it, and doesn't waste as much as you thought:
you don't have to bother with a mempool this way" instead of getting
so mysteriously upset about it, implying some idiot failure in the
mempool method which you've not yet revealed to us.

Hugh

2002-10-28 16:53:39

by Davide Libenzi

[permalink] [raw]

Subject: Re: [PATCH]updated ipc lock patch

On Mon, 28 Oct 2002, Rusty Russell wrote:

> In message <[email protected]> y
> ou write:
> > On Mon, 28 Oct 2002, Rusty Russell wrote:
> >
> > > +struct ipc_rcu_kmalloc
> > > +{
> > > + struct rcu_head rcu;
> > > + /* "void *" makes sure alignment of following data is sane. */
> > > + void *data[0];
> > > +};
> >
> > Rusty, why not using gcc "aligned" keywords instead of black magic :
> >
> > void *data[0];
>
> I think it's clearer *why* it's being done than:
>
> struct ipc_rcu_kmalloc
> {
> struct rcu_head rcu;
> } __attribute__((aligned(__alignof__(void *))));

Well, not really Rusty. The above syntax uses documented gcc features
already used inside the kernel, while the fact that void *data[0];
enforces alignment it is not ( to my knowledge ) documented anywhere.
You can also avoid the comment using the aligned syntax ...

- Davide

2002-10-28 19:59:47

by Dipankar Sarma

[permalink] [raw]

Subject: Re: [PATCH]updated ipc lock patch

Hi Rusty,

I am pathologically late in catching up lkml, so if I missed some
context here, I apologize in advance. I have just started looking
at mm6 ipc code and I want to point out a few things.

On Mon, Oct 28, 2002 at 02:20:04AM +0100, Rusty Russell wrote:
> Yes, nonsensical. Firstly, it's in violation of the standard to fail
> IPC_RMID under random circumstances. Secondly, failing to clean up is
> an unhandlable error, since you're quite possible in the failure path
> of the code already. This is a well known issue.

I am not sure how Ming/Hugh's current IPC changes affect IPC_RMID.
It affects only when you are trying to add a new ipc. In fact,
since it is a *add* operation (grow_ary()), it seems ok to fail it if rcu_head
allocation fails. Feel free to correct me if I missed something here.
AFAICS, the rcu stuff doesn't affect any freeing other than the IPC
id array.

> Two oom kills. Three oom kills. Four oom kills. Where's the bound
> here?
>
> Our allocator behavior for GFP_KERNEL has changed several times. Are
> you sure that it won't *ever* fail under other circomstances?
>
> > Okay (I expect, didn't review it) for just the ids arrays, but too much
> > memory waste if we have to allocate for each msq, sema, shm: if there's
> > a better solution available. mempool looks better to us.
>
> It's a hacky, fragile and incorrect solution. It's completely
> tasteless.

Yes, the mempool code is broken, but only because rcu_backup_pool
is created three times, one by each IPC mechanism init :-)

> > Not yet. You seem to have had a bad experience with something like
> > this (the mempools or the RCU or the combination), and you're warning
> > us away without actually telling us what you found.
>
> I *wrote* the RCU interface (though the implementation in 2.5 isn't
> mine). I thought it was pretty clear how it was supposed to be used.
> Obviously, I was wrong.

Yes, we went through this a long time ago and the general model
is to embedd the rcu_head thereby allocating it at the time
of allocation of the RCU protected data. This increases the
probability of recovery from low-memory situation as compared
to having to allocte during freeing.

That said, it seems that Ming/Hugh's patch does allocate
the rcu_head at the time of *growing* the array. It is just
that they allocate it for the freeing array rather than the
allocated array. I don't see how this is semantically different
from clubbing the two allocations other than the fact that
smaller number of allocation calls would likely reduce the
likelyhood of allocation failures.

> Patch below is against Mingming's mm4 release. Compiles, untested.
> Rusty.

Yes, this is the typical RCU model, except that in this case (IPC),
I am not quite sure if it is in effect that different from what Ming/Hugh
have done.

Thanks
Dipankar

2002-10-28 22:10:53

[permalink] [raw]

Subject: Re: [PATCH]updated ipc lock patch

Dipankar Sarma wrote:
>
> On Mon, Oct 28, 2002 at 02:20:04AM +0100, Rusty Russell wrote:
> > Yes, nonsensical. Firstly, it's in violation of the standard to fail
> > IPC_RMID under random circumstances. Secondly, failing to clean up is
> > an unhandlable error, since you're quite possible in the failure path
> > of the code already. This is a well known issue.
>
> I am not sure how Ming/Hugh's current IPC changes affect IPC_RMID.
> It affects only when you are trying to add a new ipc. In fact,
> since it is a *add* operation (grow_ary()), it seems ok to fail it if rcu_head
> allocation fails. Feel free to correct me if I missed something here.
> AFAICS, the rcu stuff doesn't affect any freeing other than the IPC
> id array.
>

We extended the usage of RCU to IPC_RMID, to prevent ipc_lock()
returning an invalid IPC ID which has been removed by ioc_rmid.

> > It's a hacky, fragile and incorrect solution. It's completely
> > tasteless.
>
> Yes, the mempool code is broken, but only because rcu_backup_pool
> is created three times, one by each IPC mechanism init :-)
>

That's my bad, thanks for pointing this out. It's easy to fix if we
decide to go with mempool way.

> > Patch below is against Mingming's mm4 release. Compiles, untested.
> > Rusty.
>
> Yes, this is the typical RCU model, except that in this case (IPC),
> I am not quite sure if it is in effect that different from what Ming/Hugh
> have done.

Rusty's patch looks good to me. I would like to replace the mempool in
IPC with this typical RCU model. Rusty, if you like, I will make a patch
against mm6. There need some cleanups. One thing is that ipc_alloc()
are called by other places(besides grow_ary()), and they don't need to
the RCU header structure.

Mingming

2002-10-28 22:21:18

[permalink] [raw]

Subject: Re: [PATCH]updated ipc lock patch

In message <20021029013059.A13287@dikhow> you write:
> Hi Rusty,
>
> I am pathologically late in catching up lkml, so if I missed some
> context here, I apologize in advance. I have just started looking
> at mm6 ipc code and I want to point out a few things.

That's OK, I'm still 1500 behind 8(

If all current uses are embedded, can we remove the "void
*arg" and reduce the size of struct rcu_head by 25%? Users can always
embed it in their own struct which has a "void *arg", but if that's
the uncommon case, it'd be nice to slim it a little.

It'd also be nice to change the double linked list to a single
too: as far as I can tell the only issue is the list_add_tail in
call_rcu(): how important is this ordering? It can be done by keeping
a head as well as a tail pointer if required.

I'd be happy to prepare a patch, to avoid more complaints of bloat 8)

> That said, it seems that Ming/Hugh's patch does allocate
> the rcu_head at the time of *growing* the array. It is just
> that they allocate it for the freeing array rather than the
> allocated array. I don't see how this is semantically different
> from clubbing the two allocations other than the fact that
> smaller number of allocation calls would likely reduce the
> likelyhood of allocation failures.

We must be looking at different variants of the patch. This one does:
IPC_RMID -> freeary() -> ipc_rcu_free -> kmalloc.

Cheers,
Rusty.
--
Anyone who quotes me in their sig is an idiot. -- Rusty Russell.

2002-10-28 22:21:23

[permalink] [raw]

Subject: Re: [PATCH]updated ipc lock patch

In message <[email protected]> you
write:
> (Since you're bringing our discussion to linux-kernel,
> I've restored the full paragraph of my side of the argument above.)

Hi Hugh,

Thanks for your complete reply. I thought it was my fault
that it fell off lkml, and "corrected" it. Sorry about that.

> > Two oom kills. Three oom kills. Four oom kills. Where's the bound
> > here?
>
> No bound to the number of possible OOM kills, but what problem is that?

Sorry, I'm obviously not making myself clear, since I've said this
three times now.

1) The memory is required for one whole RCU period (whether from
kmalloc or the mempool). This can be an almost arbitrarily long
time (I've seen it take a good fraction of a second).

2) This is a problem, because other tasks could be OOM killed during
that period, and could also try to use this mempool.

3) So, the size of the mempool which guarantees there will be enough?
It's equal to the number of things you might free, which means
you might as well allocate them together.

This is the correctness problem with the mempool IPC implementation.

> > Our allocator behavior for GFP_KERNEL has changed several times. Are
> > you sure that it won't *ever* fail under other circomstances?
>
> Well, I'll be surprised if we change kmalloc(GFP_KERNEL) to fail for
> reasons other than memory shortage ("insufficient privilege"? hmm,
> we'd change the names before that); though how hard it tries to decide
> if there's really a memory shortage certainly changes from one kernel
> to another. But so long as it doesn't fail very often in normal
> circumstances, it's okay: the reserved mempool buffers back it up.

Once again, if ever returns NULL other than for tasks being OOM
killed, the problem gets wider.

It would be reasonable for the page allocator one day to say "hmm, at
the rate kswapd is going, it's going to take > 1 minute to fill this
allocation. Let's fail it immediately instead".

This is the fragility problem with the mempool IPC implementation: you
are relying on the kmalloc implementation details which you are
explicitly not allowed to do (see previous "should kmalloc fail?"
threads).

> Your_patch shows that it need not be ugly, and reduces the normal
> waste to 16 bytes per msq, sema, shmseg. These are not struct pages,
> that amount will often be wasted by cacheline alignment too, so I'm
> not going to get into a fight over it.

It could be reduced to 12 bytes by cutting out the "arg", and 8 bytes
by making it a single linked list. I've posted this separately.

> I think your patch looks quite nice - apart from the subtle hacky
> fragile tasteless void *data[0]; but if something like that is
> necessary, I'm sure someone can come up with a better there.

Yes, it's tasteless, but not fragile. Skipping it would be fragile
(it's unneccessary since struct rcu_head has a pointer in it).

I'm not sure that the alternative is nicer, either, though 8(

> But I wish you'd introduced your patch as "Here, I think this is
> a nicer way of doing it, and doesn't waste as much as you thought:
> you don't have to bother with a mempool this way" instead of getting
> so mysteriously upset about it, implying some idiot failure in the
> mempool method which you've not yet revealed to us.

You're right. This took far more time than simply producing the patch
myself would have taken.

But despite that, I prefer to take the un-Viro-like approach of
believing that my fellow programmers cleverer than I am, and hence
require only a few subtle pointers when I manage to spot errors.

Rusty.
--
Anyone who quotes me in their sig is an idiot. -- Rusty Russell.

2002-10-28 23:28:57

[permalink] [raw]

Subject: Re: [PATCH]updated ipc lock patch

In message <[email protected]> yo
u write:
> On Mon, 28 Oct 2002, Rusty Russell wrote:
>
> > I think it's clearer *why* it's being done than:
> >
> > struct ipc_rcu_kmalloc
> > {
> > struct rcu_head rcu;
> > } __attribute__((aligned(__alignof__(void *))));
>
> Well, not really Rusty. The above syntax uses documented gcc features
> already used inside the kernel, while the fact that void *data[0];
> enforces alignment it is not ( to my knowledge ) documented anywhere.
> You can also avoid the comment using the aligned syntax ...

A comment is definitely required: you must say *why* you are aligning
the structure (a clearer comment would be better, of course):

/* We return a pointer after the structure to the unwitting
caller: ensure safe alignment. */

The alignment of a structure member of type X is the alignment of type
X: this seems obvious to me. And "type X data[0];" is the standard
way of representing a variable struct.

Have we picked all the nits yet? 8)
Rusty.
--
Anyone who quotes me in their sig is an idiot. -- Rusty Russell.

2002-10-28 23:36:23

by Davide Libenzi

[permalink] [raw]

Subject: Re: [PATCH]updated ipc lock patch

On Tue, 29 Oct 2002, Rusty Russell wrote:

> In message <[email protected]> yo
> u write:
> > On Mon, 28 Oct 2002, Rusty Russell wrote:
> >
> > > I think it's clearer *why* it's being done than:
> > >
> > > struct ipc_rcu_kmalloc
> > > {
> > > struct rcu_head rcu;
> > > } __attribute__((aligned(__alignof__(void *))));
> >
> > Well, not really Rusty. The above syntax uses documented gcc features
> > already used inside the kernel, while the fact that void *data[0];
> > enforces alignment it is not ( to my knowledge ) documented anywhere.
> > You can also avoid the comment using the aligned syntax ...
>
> A comment is definitely required: you must say *why* you are aligning
> the structure (a clearer comment would be better, of course):
>
> /* We return a pointer after the structure to the unwitting
> caller: ensure safe alignment. */
>
> The alignment of a structure member of type X is the alignment of type
> X: this seems obvious to me. And "type X data[0];" is the standard
> way of representing a variable struct.
>
> Have we picked all the nits yet? 8)

Rusty, I give you two reason why you should be using the gcc documented
"aligned" features :)

1) using "void *data[0];" and expecting an alignement, being undocumented,
will force not obvious constraints for the gcc folks

2) I was looking at my latest copy of the ISO standard, section :
6.7.5.2 "Array declarators" - Point 1)
where it is explicitly declared that the constant expression that
declared the size of the array must be greater then zero

Looking at how gcc folks is driving towards standards I will expect them
screaming at you in a near future :)

- Davide

2002-10-29 00:19:22

[permalink] [raw]

Subject: Re: [PATCH]updated ipc lock patch

On Tue, 29 Oct 2002, Rusty Russell wrote:
> >
> > No bound to the number of possible OOM kills, but what problem is that?
>
> Sorry, I'm obviously not making myself clear, since I've said this
> three times now.
>
> 1) The memory is required for one whole RCU period (whether from
> kmalloc or the mempool). This can be an almost arbitrarily long
> time (I've seen it take a good fraction of a second).

That's a very short time compared with an OOMing thrash: no worries there.

> 2) This is a problem, because other tasks could be OOM killed during
> that period, and could also try to use this mempool.

They'll try to use the mempool, maybe some will be allowed to wait
for their kmalloc(GFP_KERNEL) memory, and others will be PF_MEMDIEd and
proceed to take a reserved mempool buffer, and others will be PF_MEMDIEd
and have to wait for a reserved mempool buffer. Which will be released
to them in due course. No worries there.

> 3) So, the size of the mempool which guarantees there will be enough?
> It's equal to the number of things you might free, which means
> you might as well allocate them together.

No, they take their turns. It's sure not as efficient as each getting
a kmalloc'ed buffer immediately, but its failures will be rare. And
it doesn't matter whether the failures only occur when heading for
OOM-kill or not: we just don't want failure to be the common case.
If kmalloc evolves into something that normally fails half the time,
well, I'd think that'd be called a bug.

> This is the correctness problem with the mempool IPC implementation.

No. There may be other situations which might need at least
NR_CPUS reserved mempool buffer to avoid deadlock, but that's not
the case here. Looks like mempool will be superseded as you wish
in the IPC context, fine; but I do think you need to take a look
at mempool_alloc: it's a different beast from what you suppose.

Hugh

2002-10-29 02:43:48

[permalink] [raw]

Subject: Re: [PATCH]updated ipc lock patch

In message <[email protected]> you write:
> > Yes, this is the typical RCU model, except that in this case (IPC),
> > I am not quite sure if it is in effect that different from what Ming/Hugh
> > have done.
>
> Rusty's patch looks good to me. I would like to replace the mempool in
> IPC with this typical RCU model. Rusty, if you like, I will make a patch
> against mm6. There need some cleanups. One thing is that ipc_alloc()
> are called by other places(besides grow_ary()), and they don't need to
> the RCU header structure.

Yes, I noticed that, but I'm not sure it's worth separating
ipc_alloc() and ipc_rcu_alloc() for a couple of temporary allocations.

Anyway, glad you like the patch,
Rusty.
--
Anyone who quotes me in their sig is an idiot. -- Rusty Russell.

2002-10-29 02:58:35