From: Chengming Zhou <[email protected]>
Changes in v5:
- Drop "RFC".
- Retest to update performance numbers (little difference with RFC v1).
- Add Reviewed-by and Tested-by tags. Many thanks!
- Change to better function name: __put_partials().
- Some minor improvements of comments and changelog.
- RFC v4: https://lore.kernel.org/all/[email protected]/
Changes in RFC v4:
- Reorder patches to put the two cleanup patches to the front.
- Move slab_node_partial flag functions to mm/slub.c.
- Fix freeze_slab() by using slab_update_freelist().
- Fix build error when !CONFIG_SLUB_CPU_PARTIAL.
- Add a patch to rename all *unfreeze_partials* functions.
- Add a patch to update inconsistent documentations in the source.
- Some comments and changelog improvements.
- Add Reviewed-by and Suggested-by tags. Many thanks!
- RFC v3: https://lore.kernel.org/all/[email protected]/
Changes in RFC v3:
- Directly use __set_bit() and __clear_bit() for the slab_node_partial
flag operations to avoid exporting non-atomic "workingset" interfaces.
- Change get_partial() related functions to return a slab instead of
returning the freelist or single object.
- Don't freeze any slab under the node list_lock to further reduce
list_lock holding times, as suggested by Vlastimil Babka.
- Introduce freeze_slab() to do the delay freezing and return freelist.
- Reorder patches.
- RFC v2: https://lore.kernel.org/all/[email protected]/
Changes in RFC v2:
- Reuse PG_workingset bit to keep track of whether slub is on the
per-node partial list, as suggested by Matthew Wilcox.
- Fix OOM problem on kernel without CONFIG_SLUB_CPU_PARTIAL, which
is caused by leak of partial slabs when get_partial_node().
- Add a patch to simplify acquire_slab().
- Reorder patches a little.
- RFC v1: https://lore.kernel.org/all/[email protected]/
1. Problem
==========
Now we have to freeze the slab when get from the node partial list, and
unfreeze the slab when put to the node partial list. Because we need to
rely on the node list_lock to synchronize the "frozen" bit changes.
This implementation has some drawbacks:
- Alloc path: twice cmpxchg_double.
It has to get some partial slabs from node when the allocator has used
up the CPU partial slabs. So it freeze the slab (one cmpxchg_double)
with node list_lock held, put those frozen slabs on its CPU partial
list. Later ___slab_alloc() will cmpxchg_double try-loop again if that
slab is picked to use.
- Alloc path: amplified contention on node list_lock.
Since we have to synchronize the "frozen" bit changes under the node
list_lock, the contention of slab (struct page) can be transferred
to the node list_lock. On machine with many CPUs in one node, the
contention of list_lock will be amplified by all CPUs' alloc path.
The current code has to workaround this problem by avoiding using
cmpxchg_double try-loop, which will just break and return when
contention of page encountered and the first cmpxchg_double failed.
But this workaround has its own problem. For more context, see
9b1ea29bc0d7 ("Revert "mm, slub: consider rest of partial list if
acquire_slab() fails"").
- Free path: redundant unfreeze.
__slab_free() will freeze and cache some slabs on its partial list,
and flush them to the node partial list when exceed, which has to
unfreeze those slabs again under the node list_lock. Actually we
don't need to freeze slab on CPU partial list, in which case we
can save the unfreeze cmpxchg_double operations in flush path.
2. Solution
===========
We solve these problems by leaving slabs unfrozen when moving out of
the node partial list and on CPU partial list, so "frozen" bit is 0.
These partial slabs won't be manipulate concurrently by alloc path,
the only racer is free path, which may manipulate its list when !inuse.
So we need to introduce another synchronization way to avoid it, we
reuse PG_workingset to keep track of whether the slab is on node partial
list or not, only in that case we can manipulate the slab list.
The slab will be delay frozen when it's picked to actively use by the
CPU, it becomes full at the same time, in which case we still need to
rely on "frozen" bit to avoid manipulating its list. So the slab will
be frozen only when activate use and be unfrozen only when deactivate.
The current updated scheme (which this series implemented) is:
- node partial slabs: PG_Workingset && !frozen
- cpu partial slabs: !PG_Workingset && !frozen
- cpu slabs: !PG_Workingset && frozen
- full slabs: !PG_Workingset && !frozen
The most important change is that "frozen" bit is not set for the cpu
partial slabs anymore, __slab_free() will grab node list_lock then
check by !PG_Workingset that it's not on a node partial list.
And the "frozen" bit is still kept for the cpu slabs for performance,
since we don't need to grab node list_lock to check whether PG_Workingset
is set or not if the "frozen" bit is set in the __slab_free().
3. Testing
==========
We did some simple testing on a server with 128 CPUs (2 nodes) to compare
performance.
- perf bench sched messaging -g 5 -t -l 100000
baseline v5
7.042s 6.934s
7.022s 6.865s
7.054s 7.009s
- stress-ng --rawpkt 128 --rawpkt-ops 100000000
baseline v5
2.42s 2.18s
2.45s 2.16s
2.44s 2.17s
It shows above there is about 10% improvement on stress-ng rawpkt
testcase, although no much improvement on perf sched bench testcase.
Thanks for any comment and code review!
Chengming Zhou (9):
slub: Reflow ___slab_alloc()
slub: Change get_partial() interfaces to return slab
slub: Keep track of whether slub is on the per-node partial list
slub: Prepare __slab_free() for unfrozen partial slab out of node
partial list
slub: Introduce freeze_slab()
slub: Delay freezing of partial slabs
slub: Optimize deactivate_slab()
slub: Rename all *unfreeze_partials* functions to *put_partials*
slub: Update frozen slabs documentations in the source
mm/slub.c | 384 +++++++++++++++++++++++++-----------------------------
1 file changed, 180 insertions(+), 204 deletions(-)
--
2.20.1
From: Chengming Zhou <[email protected]>
We need all get_partial() related interfaces to return a slab, instead
of returning the freelist (or object).
Use the partial_context.object to return back freelist or object for
now. This patch shouldn't have any functional changes.
Suggested-by: Vlastimil Babka <[email protected]>
Signed-off-by: Chengming Zhou <[email protected]>
Reviewed-by: Vlastimil Babka <[email protected]>
Tested-by: Hyeonggon Yoo <[email protected]>
---
mm/slub.c | 63 +++++++++++++++++++++++++++++--------------------------
1 file changed, 33 insertions(+), 30 deletions(-)
diff --git a/mm/slub.c b/mm/slub.c
index 0b0fdc8c189f..03384cd965c5 100644
--- a/mm/slub.c
+++ b/mm/slub.c
@@ -204,9 +204,9 @@ DEFINE_STATIC_KEY_FALSE(slub_debug_enabled);
/* Structure holding parameters for get_partial() call chain */
struct partial_context {
- struct slab **slab;
gfp_t flags;
unsigned int orig_size;
+ void *object;
};
static inline bool kmem_cache_debug(struct kmem_cache *s)
@@ -2269,10 +2269,11 @@ static inline bool pfmemalloc_match(struct slab *slab, gfp_t gfpflags);
/*
* Try to allocate a partial slab from a specific node.
*/
-static void *get_partial_node(struct kmem_cache *s, struct kmem_cache_node *n,
- struct partial_context *pc)
+static struct slab *get_partial_node(struct kmem_cache *s,
+ struct kmem_cache_node *n,
+ struct partial_context *pc)
{
- struct slab *slab, *slab2;
+ struct slab *slab, *slab2, *partial = NULL;
void *object = NULL;
unsigned long flags;
unsigned int partial_slabs = 0;
@@ -2288,27 +2289,28 @@ static void *get_partial_node(struct kmem_cache *s, struct kmem_cache_node *n,
spin_lock_irqsave(&n->list_lock, flags);
list_for_each_entry_safe(slab, slab2, &n->partial, slab_list) {
- void *t;
-
if (!pfmemalloc_match(slab, pc->flags))
continue;
if (IS_ENABLED(CONFIG_SLUB_TINY) || kmem_cache_debug(s)) {
object = alloc_single_from_partial(s, n, slab,
pc->orig_size);
- if (object)
+ if (object) {
+ partial = slab;
+ pc->object = object;
break;
+ }
continue;
}
- t = acquire_slab(s, n, slab, object == NULL);
- if (!t)
+ object = acquire_slab(s, n, slab, object == NULL);
+ if (!object)
break;
- if (!object) {
- *pc->slab = slab;
+ if (!partial) {
+ partial = slab;
+ pc->object = object;
stat(s, ALLOC_FROM_PARTIAL);
- object = t;
} else {
put_cpu_partial(s, slab, 0);
stat(s, CPU_PARTIAL_NODE);
@@ -2324,20 +2326,21 @@ static void *get_partial_node(struct kmem_cache *s, struct kmem_cache_node *n,
}
spin_unlock_irqrestore(&n->list_lock, flags);
- return object;
+ return partial;
}
/*
* Get a slab from somewhere. Search in increasing NUMA distances.
*/
-static void *get_any_partial(struct kmem_cache *s, struct partial_context *pc)
+static struct slab *get_any_partial(struct kmem_cache *s,
+ struct partial_context *pc)
{
#ifdef CONFIG_NUMA
struct zonelist *zonelist;
struct zoneref *z;
struct zone *zone;
enum zone_type highest_zoneidx = gfp_zone(pc->flags);
- void *object;
+ struct slab *slab;
unsigned int cpuset_mems_cookie;
/*
@@ -2372,8 +2375,8 @@ static void *get_any_partial(struct kmem_cache *s, struct partial_context *pc)
if (n && cpuset_zone_allowed(zone, pc->flags) &&
n->nr_partial > s->min_partial) {
- object = get_partial_node(s, n, pc);
- if (object) {
+ slab = get_partial_node(s, n, pc);
+ if (slab) {
/*
* Don't check read_mems_allowed_retry()
* here - if mems_allowed was updated in
@@ -2381,7 +2384,7 @@ static void *get_any_partial(struct kmem_cache *s, struct partial_context *pc)
* between allocation and the cpuset
* update
*/
- return object;
+ return slab;
}
}
}
@@ -2393,17 +2396,18 @@ static void *get_any_partial(struct kmem_cache *s, struct partial_context *pc)
/*
* Get a partial slab, lock it and return it.
*/
-static void *get_partial(struct kmem_cache *s, int node, struct partial_context *pc)
+static struct slab *get_partial(struct kmem_cache *s, int node,
+ struct partial_context *pc)
{
- void *object;
+ struct slab *slab;
int searchnode = node;
if (node == NUMA_NO_NODE)
searchnode = numa_mem_id();
- object = get_partial_node(s, get_node(s, searchnode), pc);
- if (object || node != NUMA_NO_NODE)
- return object;
+ slab = get_partial_node(s, get_node(s, searchnode), pc);
+ if (slab || node != NUMA_NO_NODE)
+ return slab;
return get_any_partial(s, pc);
}
@@ -3213,10 +3217,10 @@ static void *___slab_alloc(struct kmem_cache *s, gfp_t gfpflags, int node,
new_objects:
pc.flags = gfpflags;
- pc.slab = &slab;
pc.orig_size = orig_size;
- freelist = get_partial(s, node, &pc);
- if (freelist) {
+ slab = get_partial(s, node, &pc);
+ if (slab) {
+ freelist = pc.object;
if (kmem_cache_debug(s)) {
/*
* For debug caches here we had to go through
@@ -3408,12 +3412,11 @@ static void *__slab_alloc_node(struct kmem_cache *s,
void *object;
pc.flags = gfpflags;
- pc.slab = &slab;
pc.orig_size = orig_size;
- object = get_partial(s, node, &pc);
+ slab = get_partial(s, node, &pc);
- if (object)
- return object;
+ if (slab)
+ return pc.object;
slab = new_slab(s, gfpflags, node);
if (unlikely(!slab)) {
--
2.20.1
From: Chengming Zhou <[email protected]>
The get_partial() interface used in ___slab_alloc() may return a single
object in the "kmem_cache_debug(s)" case, in which we will just return
the "freelist" object.
Move this handling up to prepare for later changes.
And the "pfmemalloc_match()" part is not needed for node partial slab,
since we already check this in the get_partial_node().
Signed-off-by: Chengming Zhou <[email protected]>
Reviewed-by: Vlastimil Babka <[email protected]>
Tested-by: Hyeonggon Yoo <[email protected]>
---
mm/slub.c | 31 +++++++++++++++----------------
1 file changed, 15 insertions(+), 16 deletions(-)
diff --git a/mm/slub.c b/mm/slub.c
index 63d281dfacdb..0b0fdc8c189f 100644
--- a/mm/slub.c
+++ b/mm/slub.c
@@ -3216,8 +3216,21 @@ static void *___slab_alloc(struct kmem_cache *s, gfp_t gfpflags, int node,
pc.slab = &slab;
pc.orig_size = orig_size;
freelist = get_partial(s, node, &pc);
- if (freelist)
- goto check_new_slab;
+ if (freelist) {
+ if (kmem_cache_debug(s)) {
+ /*
+ * For debug caches here we had to go through
+ * alloc_single_from_partial() so just store the
+ * tracking info and return the object.
+ */
+ if (s->flags & SLAB_STORE_USER)
+ set_track(s, freelist, TRACK_ALLOC, addr);
+
+ return freelist;
+ }
+
+ goto retry_load_slab;
+ }
slub_put_cpu_ptr(s->cpu_slab);
slab = new_slab(s, gfpflags, node);
@@ -3253,20 +3266,6 @@ static void *___slab_alloc(struct kmem_cache *s, gfp_t gfpflags, int node,
inc_slabs_node(s, slab_nid(slab), slab->objects);
-check_new_slab:
-
- if (kmem_cache_debug(s)) {
- /*
- * For debug caches here we had to go through
- * alloc_single_from_partial() so just store the tracking info
- * and return the object
- */
- if (s->flags & SLAB_STORE_USER)
- set_track(s, freelist, TRACK_ALLOC, addr);
-
- return freelist;
- }
-
if (unlikely(!pfmemalloc_match(slab, gfpflags))) {
/*
* For !pfmemalloc_match() case we don't load freelist so that
--
2.20.1
From: Chengming Zhou <[email protected]>
Now we rely on the "frozen" bit to see if we should manipulate the
slab->slab_list, which will be changed in the following patch.
Instead we introduce another way to keep track of whether slub is on
the per-node partial list, here we reuse the PG_workingset bit.
We use __set_bit and __clear_bit directly instead of the atomic version
for better performance and it's safe since it's protected by the slub
node list_lock.
Suggested-by: Matthew Wilcox <[email protected]>
Signed-off-by: Chengming Zhou <[email protected]>
Reviewed-by: Vlastimil Babka <[email protected]>
Tested-by: Hyeonggon Yoo <[email protected]>
---
mm/slub.c | 22 ++++++++++++++++++++++
1 file changed, 22 insertions(+)
diff --git a/mm/slub.c b/mm/slub.c
index 03384cd965c5..eed8ae0dbaf9 100644
--- a/mm/slub.c
+++ b/mm/slub.c
@@ -2116,6 +2116,25 @@ static void discard_slab(struct kmem_cache *s, struct slab *slab)
free_slab(s, slab);
}
+/*
+ * SLUB reuses PG_workingset bit to keep track of whether it's on
+ * the per-node partial list.
+ */
+static inline bool slab_test_node_partial(const struct slab *slab)
+{
+ return folio_test_workingset((struct folio *)slab_folio(slab));
+}
+
+static inline void slab_set_node_partial(struct slab *slab)
+{
+ __set_bit(PG_workingset, folio_flags(slab_folio(slab), 0));
+}
+
+static inline void slab_clear_node_partial(struct slab *slab)
+{
+ __clear_bit(PG_workingset, folio_flags(slab_folio(slab), 0));
+}
+
/*
* Management of partially allocated slabs.
*/
@@ -2127,6 +2146,7 @@ __add_partial(struct kmem_cache_node *n, struct slab *slab, int tail)
list_add_tail(&slab->slab_list, &n->partial);
else
list_add(&slab->slab_list, &n->partial);
+ slab_set_node_partial(slab);
}
static inline void add_partial(struct kmem_cache_node *n,
@@ -2141,6 +2161,7 @@ static inline void remove_partial(struct kmem_cache_node *n,
{
lockdep_assert_held(&n->list_lock);
list_del(&slab->slab_list);
+ slab_clear_node_partial(slab);
n->nr_partial--;
}
@@ -4833,6 +4854,7 @@ static int __kmem_cache_do_shrink(struct kmem_cache *s)
if (free == slab->objects) {
list_move(&slab->slab_list, &discard);
+ slab_clear_node_partial(slab);
n->nr_partial--;
dec_slabs_node(s, node, slab->objects);
} else if (free <= SHRINK_PROMOTE_MAX)
--
2.20.1
From: Chengming Zhou <[email protected]>
We will have unfrozen slabs out of the node partial list later, so we
need a freeze_slab() function to freeze the partial slab and get its
freelist.
Signed-off-by: Chengming Zhou <[email protected]>
Reviewed-by: Vlastimil Babka <[email protected]>
Tested-by: Hyeonggon Yoo <[email protected]>
---
mm/slub.c | 27 +++++++++++++++++++++++++++
1 file changed, 27 insertions(+)
diff --git a/mm/slub.c b/mm/slub.c
index 1880b483350e..edf567971679 100644
--- a/mm/slub.c
+++ b/mm/slub.c
@@ -3098,6 +3098,33 @@ static inline void *get_freelist(struct kmem_cache *s, struct slab *slab)
return freelist;
}
+/*
+ * Freeze the partial slab and return the pointer to the freelist.
+ */
+static inline void *freeze_slab(struct kmem_cache *s, struct slab *slab)
+{
+ struct slab new;
+ unsigned long counters;
+ void *freelist;
+
+ do {
+ freelist = slab->freelist;
+ counters = slab->counters;
+
+ new.counters = counters;
+ VM_BUG_ON(new.frozen);
+
+ new.inuse = slab->objects;
+ new.frozen = 1;
+
+ } while (!slab_update_freelist(s, slab,
+ freelist, counters,
+ NULL, new.counters,
+ "freeze_slab"));
+
+ return freelist;
+}
+
/*
* Slow path. The lockless freelist is empty or we need to perform
* debugging duties.
--
2.20.1
From: Chengming Zhou <[email protected]>
Since the introduce of unfrozen slabs on cpu partial list, we don't
need to synchronize the slab frozen state under the node list_lock.
The caller of deactivate_slab() and the caller of __slab_free() won't
manipulate the slab list concurrently.
So we can get node list_lock in the last stage if we really need to
manipulate the slab list in this path.
Signed-off-by: Chengming Zhou <[email protected]>
Reviewed-by: Vlastimil Babka <[email protected]>
Tested-by: Hyeonggon Yoo <[email protected]>
---
mm/slub.c | 79 ++++++++++++++++++-------------------------------------
1 file changed, 26 insertions(+), 53 deletions(-)
diff --git a/mm/slub.c b/mm/slub.c
index bcb5b2c4e213..d137468fe4b9 100644
--- a/mm/slub.c
+++ b/mm/slub.c
@@ -2468,10 +2468,8 @@ static void init_kmem_cache_cpus(struct kmem_cache *s)
static void deactivate_slab(struct kmem_cache *s, struct slab *slab,
void *freelist)
{
- enum slab_modes { M_NONE, M_PARTIAL, M_FREE, M_FULL_NOLIST };
struct kmem_cache_node *n = get_node(s, slab_nid(slab));
int free_delta = 0;
- enum slab_modes mode = M_NONE;
void *nextfree, *freelist_iter, *freelist_tail;
int tail = DEACTIVATE_TO_HEAD;
unsigned long flags = 0;
@@ -2509,65 +2507,40 @@ static void deactivate_slab(struct kmem_cache *s, struct slab *slab,
/*
* Stage two: Unfreeze the slab while splicing the per-cpu
* freelist to the head of slab's freelist.
- *
- * Ensure that the slab is unfrozen while the list presence
- * reflects the actual number of objects during unfreeze.
- *
- * We first perform cmpxchg holding lock and insert to list
- * when it succeed. If there is mismatch then the slab is not
- * unfrozen and number of objects in the slab may have changed.
- * Then release lock and retry cmpxchg again.
*/
-redo:
-
- old.freelist = READ_ONCE(slab->freelist);
- old.counters = READ_ONCE(slab->counters);
- VM_BUG_ON(!old.frozen);
-
- /* Determine target state of the slab */
- new.counters = old.counters;
- if (freelist_tail) {
- new.inuse -= free_delta;
- set_freepointer(s, freelist_tail, old.freelist);
- new.freelist = freelist;
- } else
- new.freelist = old.freelist;
-
- new.frozen = 0;
+ do {
+ old.freelist = READ_ONCE(slab->freelist);
+ old.counters = READ_ONCE(slab->counters);
+ VM_BUG_ON(!old.frozen);
+
+ /* Determine target state of the slab */
+ new.counters = old.counters;
+ new.frozen = 0;
+ if (freelist_tail) {
+ new.inuse -= free_delta;
+ set_freepointer(s, freelist_tail, old.freelist);
+ new.freelist = freelist;
+ } else {
+ new.freelist = old.freelist;
+ }
+ } while (!slab_update_freelist(s, slab,
+ old.freelist, old.counters,
+ new.freelist, new.counters,
+ "unfreezing slab"));
+ /*
+ * Stage three: Manipulate the slab list based on the updated state.
+ */
if (!new.inuse && n->nr_partial >= s->min_partial) {
- mode = M_FREE;
+ stat(s, DEACTIVATE_EMPTY);
+ discard_slab(s, slab);
+ stat(s, FREE_SLAB);
} else if (new.freelist) {
- mode = M_PARTIAL;
- /*
- * Taking the spinlock removes the possibility that
- * acquire_slab() will see a slab that is frozen
- */
spin_lock_irqsave(&n->list_lock, flags);
- } else {
- mode = M_FULL_NOLIST;
- }
-
-
- if (!slab_update_freelist(s, slab,
- old.freelist, old.counters,
- new.freelist, new.counters,
- "unfreezing slab")) {
- if (mode == M_PARTIAL)
- spin_unlock_irqrestore(&n->list_lock, flags);
- goto redo;
- }
-
-
- if (mode == M_PARTIAL) {
add_partial(n, slab, tail);
spin_unlock_irqrestore(&n->list_lock, flags);
stat(s, tail);
- } else if (mode == M_FREE) {
- stat(s, DEACTIVATE_EMPTY);
- discard_slab(s, slab);
- stat(s, FREE_SLAB);
- } else if (mode == M_FULL_NOLIST) {
+ } else {
stat(s, DEACTIVATE_FULL);
}
}
--
2.20.1
From: Chengming Zhou <[email protected]>
Now we will freeze slabs when moving them out of node partial list to
cpu partial list, this method needs two cmpxchg_double operations:
1. freeze slab (acquire_slab()) under the node list_lock
2. get_freelist() when pick used in ___slab_alloc()
Actually we don't need to freeze when moving slabs out of node partial
list, we can delay freezing to when use slab freelist in ___slab_alloc(),
so we can save one cmpxchg_double().
And there are other good points:
- The moving of slabs between node partial list and cpu partial list
becomes simpler, since we don't need to freeze or unfreeze at all.
- The node list_lock contention would be less, since we don't need to
freeze any slab under the node list_lock.
We can achieve this because there is no concurrent path would manipulate
the partial slab list except the __slab_free() path, which is now
serialized by slab_test_node_partial() under the list_lock.
Since the slab returned by get_partial() interfaces is not frozen anymore
and no freelist is returned in the partial_context, so we need to use the
introduced freeze_slab() to freeze it and get its freelist.
Similarly, the slabs on the CPU partial list are not frozen anymore,
we need to freeze_slab() on it before use.
We can now delete acquire_slab() as it became unused.
Signed-off-by: Chengming Zhou <[email protected]>
Reviewed-by: Vlastimil Babka <[email protected]>
Tested-by: Hyeonggon Yoo <[email protected]>
---
mm/slub.c | 113 +++++++++++-------------------------------------------
1 file changed, 23 insertions(+), 90 deletions(-)
diff --git a/mm/slub.c b/mm/slub.c
index edf567971679..bcb5b2c4e213 100644
--- a/mm/slub.c
+++ b/mm/slub.c
@@ -2234,51 +2234,6 @@ static void *alloc_single_from_new_slab(struct kmem_cache *s,
return object;
}
-/*
- * Remove slab from the partial list, freeze it and
- * return the pointer to the freelist.
- *
- * Returns a list of objects or NULL if it fails.
- */
-static inline void *acquire_slab(struct kmem_cache *s,
- struct kmem_cache_node *n, struct slab *slab,
- int mode)
-{
- void *freelist;
- unsigned long counters;
- struct slab new;
-
- lockdep_assert_held(&n->list_lock);
-
- /*
- * Zap the freelist and set the frozen bit.
- * The old freelist is the list of objects for the
- * per cpu allocation list.
- */
- freelist = slab->freelist;
- counters = slab->counters;
- new.counters = counters;
- if (mode) {
- new.inuse = slab->objects;
- new.freelist = NULL;
- } else {
- new.freelist = freelist;
- }
-
- VM_BUG_ON(new.frozen);
- new.frozen = 1;
-
- if (!__slab_update_freelist(s, slab,
- freelist, counters,
- new.freelist, new.counters,
- "acquire_slab"))
- return NULL;
-
- remove_partial(n, slab);
- WARN_ON(!freelist);
- return freelist;
-}
-
#ifdef CONFIG_SLUB_CPU_PARTIAL
static void put_cpu_partial(struct kmem_cache *s, struct slab *slab, int drain);
#else
@@ -2295,7 +2250,6 @@ static struct slab *get_partial_node(struct kmem_cache *s,
struct partial_context *pc)
{
struct slab *slab, *slab2, *partial = NULL;
- void *object = NULL;
unsigned long flags;
unsigned int partial_slabs = 0;
@@ -2314,7 +2268,7 @@ static struct slab *get_partial_node(struct kmem_cache *s,
continue;
if (IS_ENABLED(CONFIG_SLUB_TINY) || kmem_cache_debug(s)) {
- object = alloc_single_from_partial(s, n, slab,
+ void *object = alloc_single_from_partial(s, n, slab,
pc->orig_size);
if (object) {
partial = slab;
@@ -2324,13 +2278,10 @@ static struct slab *get_partial_node(struct kmem_cache *s,
continue;
}
- object = acquire_slab(s, n, slab, object == NULL);
- if (!object)
- break;
+ remove_partial(n, slab);
if (!partial) {
partial = slab;
- pc->object = object;
stat(s, ALLOC_FROM_PARTIAL);
} else {
put_cpu_partial(s, slab, 0);
@@ -2629,9 +2580,6 @@ static void __unfreeze_partials(struct kmem_cache *s, struct slab *partial_slab)
unsigned long flags = 0;
while (partial_slab) {
- struct slab new;
- struct slab old;
-
slab = partial_slab;
partial_slab = slab->next;
@@ -2644,23 +2592,7 @@ static void __unfreeze_partials(struct kmem_cache *s, struct slab *partial_slab)
spin_lock_irqsave(&n->list_lock, flags);
}
- do {
-
- old.freelist = slab->freelist;
- old.counters = slab->counters;
- VM_BUG_ON(!old.frozen);
-
- new.counters = old.counters;
- new.freelist = old.freelist;
-
- new.frozen = 0;
-
- } while (!__slab_update_freelist(s, slab,
- old.freelist, old.counters,
- new.freelist, new.counters,
- "unfreezing slab"));
-
- if (unlikely(!new.inuse && n->nr_partial >= s->min_partial)) {
+ if (unlikely(!slab->inuse && n->nr_partial >= s->min_partial)) {
slab->next = slab_to_discard;
slab_to_discard = slab;
} else {
@@ -3167,7 +3099,6 @@ static void *___slab_alloc(struct kmem_cache *s, gfp_t gfpflags, int node,
node = NUMA_NO_NODE;
goto new_slab;
}
-redo:
if (unlikely(!node_match(slab, node))) {
/*
@@ -3243,7 +3174,8 @@ static void *___slab_alloc(struct kmem_cache *s, gfp_t gfpflags, int node,
new_slab:
- if (slub_percpu_partial(c)) {
+#ifdef CONFIG_SLUB_CPU_PARTIAL
+ while (slub_percpu_partial(c)) {
local_lock_irqsave(&s->cpu_slab->lock, flags);
if (unlikely(c->slab)) {
local_unlock_irqrestore(&s->cpu_slab->lock, flags);
@@ -3255,12 +3187,22 @@ static void *___slab_alloc(struct kmem_cache *s, gfp_t gfpflags, int node,
goto new_objects;
}
- slab = c->slab = slub_percpu_partial(c);
+ slab = slub_percpu_partial(c);
slub_set_percpu_partial(c, slab);
local_unlock_irqrestore(&s->cpu_slab->lock, flags);
stat(s, CPU_PARTIAL_ALLOC);
- goto redo;
+
+ if (unlikely(!node_match(slab, node) ||
+ !pfmemalloc_match(slab, gfpflags))) {
+ slab->next = NULL;
+ __unfreeze_partials(s, slab);
+ continue;
+ }
+
+ freelist = freeze_slab(s, slab);
+ goto retry_load_slab;
}
+#endif
new_objects:
@@ -3268,8 +3210,8 @@ static void *___slab_alloc(struct kmem_cache *s, gfp_t gfpflags, int node,
pc.orig_size = orig_size;
slab = get_partial(s, node, &pc);
if (slab) {
- freelist = pc.object;
if (kmem_cache_debug(s)) {
+ freelist = pc.object;
/*
* For debug caches here we had to go through
* alloc_single_from_partial() so just store the
@@ -3281,6 +3223,7 @@ static void *___slab_alloc(struct kmem_cache *s, gfp_t gfpflags, int node,
return freelist;
}
+ freelist = freeze_slab(s, slab);
goto retry_load_slab;
}
@@ -3682,18 +3625,8 @@ static void __slab_free(struct kmem_cache *s, struct slab *slab,
was_frozen = new.frozen;
new.inuse -= cnt;
if ((!new.inuse || !prior) && !was_frozen) {
-
- if (kmem_cache_has_cpu_partial(s) && !prior) {
-
- /*
- * Slab was on no list before and will be
- * partially empty
- * We can defer the list move and instead
- * freeze it.
- */
- new.frozen = 1;
-
- } else { /* Needs to be taken off a list */
+ /* Needs to be taken off a list */
+ if (!kmem_cache_has_cpu_partial(s) || prior) {
n = get_node(s, slab_nid(slab));
/*
@@ -3723,9 +3656,9 @@ static void __slab_free(struct kmem_cache *s, struct slab *slab,
* activity can be necessary.
*/
stat(s, FREE_FROZEN);
- } else if (new.frozen) {
+ } else if (kmem_cache_has_cpu_partial(s) && !prior) {
/*
- * If we just froze the slab then put it onto the
+ * If we started with a full slab then put it onto the
* per cpu partial list.
*/
put_cpu_partial(s, slab, 1);
--
2.20.1
From: Chengming Zhou <[email protected]>
Since all partial slabs on the CPU partial list are not frozen anymore,
we don't unfreeze when moving cpu partial slabs to node partial list,
it's better to rename these functions.
Signed-off-by: Chengming Zhou <[email protected]>
Reviewed-by: Vlastimil Babka <[email protected]>
Tested-by: Hyeonggon Yoo <[email protected]>
---
mm/slub.c | 34 +++++++++++++++++-----------------
1 file changed, 17 insertions(+), 17 deletions(-)
diff --git a/mm/slub.c b/mm/slub.c
index d137468fe4b9..c20bdf5dab0f 100644
--- a/mm/slub.c
+++ b/mm/slub.c
@@ -2546,7 +2546,7 @@ static void deactivate_slab(struct kmem_cache *s, struct slab *slab,
}
#ifdef CONFIG_SLUB_CPU_PARTIAL
-static void __unfreeze_partials(struct kmem_cache *s, struct slab *partial_slab)
+static void __put_partials(struct kmem_cache *s, struct slab *partial_slab)
{
struct kmem_cache_node *n = NULL, *n2 = NULL;
struct slab *slab, *slab_to_discard = NULL;
@@ -2588,9 +2588,9 @@ static void __unfreeze_partials(struct kmem_cache *s, struct slab *partial_slab)
}
/*
- * Unfreeze all the cpu partial slabs.
+ * Put all the cpu partial slabs to the node partial list.
*/
-static void unfreeze_partials(struct kmem_cache *s)
+static void put_partials(struct kmem_cache *s)
{
struct slab *partial_slab;
unsigned long flags;
@@ -2601,11 +2601,11 @@ static void unfreeze_partials(struct kmem_cache *s)
local_unlock_irqrestore(&s->cpu_slab->lock, flags);
if (partial_slab)
- __unfreeze_partials(s, partial_slab);
+ __put_partials(s, partial_slab);
}
-static void unfreeze_partials_cpu(struct kmem_cache *s,
- struct kmem_cache_cpu *c)
+static void put_partials_cpu(struct kmem_cache *s,
+ struct kmem_cache_cpu *c)
{
struct slab *partial_slab;
@@ -2613,7 +2613,7 @@ static void unfreeze_partials_cpu(struct kmem_cache *s,
c->partial = NULL;
if (partial_slab)
- __unfreeze_partials(s, partial_slab);
+ __put_partials(s, partial_slab);
}
/*
@@ -2626,7 +2626,7 @@ static void unfreeze_partials_cpu(struct kmem_cache *s,
static void put_cpu_partial(struct kmem_cache *s, struct slab *slab, int drain)
{
struct slab *oldslab;
- struct slab *slab_to_unfreeze = NULL;
+ struct slab *slab_to_put = NULL;
unsigned long flags;
int slabs = 0;
@@ -2641,7 +2641,7 @@ static void put_cpu_partial(struct kmem_cache *s, struct slab *slab, int drain)
* per node partial list. Postpone the actual unfreezing
* outside of the critical section.
*/
- slab_to_unfreeze = oldslab;
+ slab_to_put = oldslab;
oldslab = NULL;
} else {
slabs = oldslab->slabs;
@@ -2657,17 +2657,17 @@ static void put_cpu_partial(struct kmem_cache *s, struct slab *slab, int drain)
local_unlock_irqrestore(&s->cpu_slab->lock, flags);
- if (slab_to_unfreeze) {
- __unfreeze_partials(s, slab_to_unfreeze);
+ if (slab_to_put) {
+ __put_partials(s, slab_to_put);
stat(s, CPU_PARTIAL_DRAIN);
}
}
#else /* CONFIG_SLUB_CPU_PARTIAL */
-static inline void unfreeze_partials(struct kmem_cache *s) { }
-static inline void unfreeze_partials_cpu(struct kmem_cache *s,
- struct kmem_cache_cpu *c) { }
+static inline void put_partials(struct kmem_cache *s) { }
+static inline void put_partials_cpu(struct kmem_cache *s,
+ struct kmem_cache_cpu *c) { }
#endif /* CONFIG_SLUB_CPU_PARTIAL */
@@ -2709,7 +2709,7 @@ static inline void __flush_cpu_slab(struct kmem_cache *s, int cpu)
stat(s, CPUSLAB_FLUSH);
}
- unfreeze_partials_cpu(s, c);
+ put_partials_cpu(s, c);
}
struct slub_flush_work {
@@ -2737,7 +2737,7 @@ static void flush_cpu_slab(struct work_struct *w)
if (c->slab)
flush_slab(s, c);
- unfreeze_partials(s);
+ put_partials(s);
}
static bool has_cpu_slab(int cpu, struct kmem_cache *s)
@@ -3168,7 +3168,7 @@ static void *___slab_alloc(struct kmem_cache *s, gfp_t gfpflags, int node,
if (unlikely(!node_match(slab, node) ||
!pfmemalloc_match(slab, gfpflags))) {
slab->next = NULL;
- __unfreeze_partials(s, slab);
+ __put_partials(s, slab);
continue;
}
--
2.20.1
From: Chengming Zhou <[email protected]>
The current updated scheme (which this series implemented) is:
- node partial slabs: PG_Workingset && !frozen
- cpu partial slabs: !PG_Workingset && !frozen
- cpu slabs: !PG_Workingset && frozen
- full slabs: !PG_Workingset && !frozen
The most important change is that "frozen" bit is not set for the
cpu partial slabs anymore, __slab_free() will grab node list_lock
then check by !PG_Workingset that it's not on a node partial list.
And the "frozen" bit is still kept for the cpu slabs for performance,
since we don't need to grab node list_lock to check whether the
PG_Workingset is set or not if the "frozen" bit is set in __slab_free().
Update related documentations and comments in the source.
Signed-off-by: Chengming Zhou <[email protected]>
Tested-by: Hyeonggon Yoo <[email protected]>
---
mm/slub.c | 16 ++++++++++++----
1 file changed, 12 insertions(+), 4 deletions(-)
diff --git a/mm/slub.c b/mm/slub.c
index c20bdf5dab0f..a307d319e82c 100644
--- a/mm/slub.c
+++ b/mm/slub.c
@@ -76,13 +76,22 @@
*
* Frozen slabs
*
- * If a slab is frozen then it is exempt from list management. It is not
- * on any list except per cpu partial list. The processor that froze the
+ * If a slab is frozen then it is exempt from list management. It is
+ * the cpu slab which is actively allocated from by the processor that
+ * froze it and it is not on any list. The processor that froze the
* slab is the one who can perform list operations on the slab. Other
* processors may put objects onto the freelist but the processor that
* froze the slab is the only one that can retrieve the objects from the
* slab's freelist.
*
+ * CPU partial slabs
+ *
+ * The partially empty slabs cached on the CPU partial list are used
+ * for performance reasons, which speeds up the allocation process.
+ * These slabs are not frozen, but are also exempt from list management,
+ * by clearing the PG_workingset flag when moving out of the node
+ * partial list. Please see __slab_free() for more details.
+ *
* list_lock
*
* The list_lock protects the partial and full list on each node and
@@ -2617,8 +2626,7 @@ static void put_partials_cpu(struct kmem_cache *s,
}
/*
- * Put a slab that was just frozen (in __slab_free|get_partial_node) into a
- * partial slab slot if available.
+ * Put a slab into a partial slab slot if available.
*
* If we did not find a slot then simply move all the partials to the
* per node partial list.
--
2.20.1
From: Chengming Zhou <[email protected]>
Now the partially empty slub will be frozen when taken out of node partial
list, so the __slab_free() will know from "was_frozen" that the partially
empty slab is not on node partial list and is a cpu or cpu partial slab
of some cpu.
But we will change this, make partial slabs leave the node partial list
with unfrozen state, so we need to change __slab_free() to use the new
slab_test_node_partial() we just introduced.
Signed-off-by: Chengming Zhou <[email protected]>
Reviewed-by: Vlastimil Babka <[email protected]>
Tested-by: Hyeonggon Yoo <[email protected]>
---
mm/slub.c | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/mm/slub.c b/mm/slub.c
index eed8ae0dbaf9..1880b483350e 100644
--- a/mm/slub.c
+++ b/mm/slub.c
@@ -3631,6 +3631,7 @@ static void __slab_free(struct kmem_cache *s, struct slab *slab,
unsigned long counters;
struct kmem_cache_node *n = NULL;
unsigned long flags;
+ bool on_node_partial;
stat(s, FREE_SLOWPATH);
@@ -3678,6 +3679,7 @@ static void __slab_free(struct kmem_cache *s, struct slab *slab,
*/
spin_lock_irqsave(&n->list_lock, flags);
+ on_node_partial = slab_test_node_partial(slab);
}
}
@@ -3706,6 +3708,15 @@ static void __slab_free(struct kmem_cache *s, struct slab *slab,
return;
}
+ /*
+ * This slab was partially empty but not on the per-node partial list,
+ * in which case we shouldn't manipulate its list, just return.
+ */
+ if (prior && !on_node_partial) {
+ spin_unlock_irqrestore(&n->list_lock, flags);
+ return;
+ }
+
if (unlikely(!new.inuse && n->nr_partial >= s->min_partial))
goto slab_empty;
--
2.20.1
On Thu, Nov 02, 2023 at 03:23:27AM +0000, [email protected] wrote:
> From: Chengming Zhou <[email protected]>
>
> Now we will freeze slabs when moving them out of node partial list to
> cpu partial list, this method needs two cmpxchg_double operations:
>
> 1. freeze slab (acquire_slab()) under the node list_lock
> 2. get_freelist() when pick used in ___slab_alloc()
Recently -next has been failing to boot on a Raspberry Pi 3 with an arm
multi_v7_defconfig and a NFS rootfs, a bisect appears to point to this
patch (in -next as c8d312e039030edab25836a326bcaeb2a3d4db14) as having
introduced the issue. I've included the full bisect log below.
When we see problems we see RCU stalls while logging in, for example:
debian-testing-armhf login: root (automatic login)
Linux debian-testing-armhf 6.7.0-rc1-00006-gc8d312e03903 #1 SMP @1699864348 armv7l
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
[ 46.453323] rcu: INFO: rcu_sched detected stalls on CPUs/tasks:
[ 46.459361] rcu: 3-...0: (1 GPs behind) idle=def4/1/0x40000000 softirq=1304/1304 fqs=951
[ 46.467669] rcu: (detected by 0, t=2103 jiffies, g=1161, q=499 ncpus=4)
[ 46.474472] Sending NMI from CPU 0 to CPUs 3:
[ 56.478894] rcu: rcu_sched kthread timer wakeup didn't happen for 1002 jiffies! g1161 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402
[ 56.490195] rcu: Possible timer handling issue on cpu=0 timer-softirq=1650
[ 56.497259] rcu: rcu_sched kthread starved for 1005 jiffies! g1161 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 ->cpu=0
[ 56.507589] rcu: Unless rcu_sched kthread gets sufficient CPU time, OOM is now expected behavior.
[ 56.516681] rcu: RCU grace-period kthread stack dump:
[ 56.521803] task:rcu_sched state:I stack:0 pid:13 tgid:13 ppid:2 flags:0x00000000
[ 56.531267] __schedule from schedule+0x20/0xe8
[ 56.535883] schedule from schedule_timeout+0xa0/0x158
[ 56.541111] schedule_timeout from rcu_gp_fqs_loop+0x104/0x594
[ 56.547048] rcu_gp_fqs_loop from rcu_gp_kthread+0x14c/0x1c0
[ 56.552801] rcu_gp_kthread from kthread+0xe0/0xfc
[ 56.557674] kthread from ret_from_fork+0x14/0x28
[ 56.562457] Exception stack(0xf084dfb0 to 0xf084dff8)
[ 56.567584] dfa0: 00000000 00000000 00000000 00000000
[ 56.575886] dfc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 56.584191] dfe0: 00000000 00000000 00000000 00000000 00000013 00000000
[ 56.590907] rcu: Stack dump where RCU GP kthread last ran:
[ 56.596474] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 6.7.0-rc1-00006-gc8d312e03903 #1
[ 56.604515] Hardware name: BCM2835
[ 56.607965] PC is at default_idle_call+0x1c/0xb0
[ 56.612654] LR is at ct_kernel_enter.constprop.0+0x48/0x11c
[ 56.618311] pc : [<c1197054>] lr : [<c1195c98>] psr: 60010013
[ 56.624672] sp : c1b01f70 ip : c1d5af7c fp : 00000000
[ 56.629974] r10: c19cda60 r9 : 00000000 r8 : 00000000
[ 56.635277] r7 : c1b04d50 r6 : c1b04d18 r5 : c1d5b684 r4 : c1b09740
[ 56.641902] r3 : 00000000 r2 : 00000000 r1 : 00000001 r0 : 002a3114
[ 56.648528] Flags: nZCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none
[ 56.655774] Control: 10c5383d Table: 0237406a DAC: 00000051
[ 56.661605] default_idle_call from do_idle+0x208/0x290
[ 56.666920] do_idle from cpu_startup_entry+0x28/0x2c
[ 56.672059] cpu_startup_entry from rest_init+0xac/0xb0
[ 56.677371] rest_init from arch_post_acpi_subsys_init+0x0/0x8
Login ti
A full log for that run can be seen at:
https://validation.linaro.org/scheduler/job/4017095
Boots to initramfs with the same kernel image seem fine. Other systems,
including other 32 bit arm ones, don't seem to be having similar issues
with this userspace. I've not investigated beyond running the bisect,
the log for which is below:
git bisect start
# good: [64e6d94bfb47ed0732ad06aedf8ec6af5dd2ab84] Merge branch 'for-linux-next-fixes' of git://anongit.freedesktop.org/drm/drm-misc
git bisect good 64e6d94bfb47ed0732ad06aedf8ec6af5dd2ab84
# bad: [5a82d69d48c82e89aef44483d2a129f869f3506a] Add linux-next specific files for 20231120
git bisect bad 5a82d69d48c82e89aef44483d2a129f869f3506a
# good: [ce252a92a867da8a6622463bff637e5f7b904a46] Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless-next.git
git bisect good ce252a92a867da8a6622463bff637e5f7b904a46
# good: [c22e026efad504e3b056d4436920d173a09c580e] Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator.git
git bisect good c22e026efad504e3b056d4436920d173a09c580e
# good: [b7fc58ffb105470cb339163cc2b04e3f59387a45] Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/fpga/linux-fpga.git
git bisect good b7fc58ffb105470cb339163cc2b04e3f59387a45
# good: [26f89f0614f03e4016578a992fc2e86b048a5cb4] Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl.git
git bisect good 26f89f0614f03e4016578a992fc2e86b048a5cb4
# good: [602bf18307981f3bfd9ebf19921791a4256d3fd1] Merge branch 'for-6.7' into for-next
git bisect good 602bf18307981f3bfd9ebf19921791a4256d3fd1
# good: [9f16a68069822b1df6bfb8a9ef7258a1e32b25e7] Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/livepatching/livepatching
git bisect good 9f16a68069822b1df6bfb8a9ef7258a1e32b25e7
# good: [3ff57db6f6569ebc2cc333437e7e949749e59424] Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/krisman/unicode.git
git bisect good 3ff57db6f6569ebc2cc333437e7e949749e59424
# bad: [dd374e220ba492f95344a638b1efe5b2744fdd73] slub: Update frozen slabs documentations in the source
git bisect bad dd374e220ba492f95344a638b1efe5b2744fdd73
# good: [a3058965bb35490454953aa2c87ea51004839f2f] slub: Prepare __slab_free() for unfrozen partial slab out of node partial list
git bisect good a3058965bb35490454953aa2c87ea51004839f2f
# bad: [c8d312e039030edab25836a326bcaeb2a3d4db14] slub: Delay freezing of partial slabs
git bisect bad c8d312e039030edab25836a326bcaeb2a3d4db14
# good: [00b15a19ee543f0117cb217fcbab8b7b3fd50677] slub: Introduce freeze_slab()
git bisect good 00b15a19ee543f0117cb217fcbab8b7b3fd50677
# first bad commit: [c8d312e039030edab25836a326bcaeb2a3d4db14] slub: Delay freezing of partial slabs
On 2023/11/21 02:49, Mark Brown wrote:
> On Thu, Nov 02, 2023 at 03:23:27AM +0000, [email protected] wrote:
>> From: Chengming Zhou <[email protected]>
>>
>> Now we will freeze slabs when moving them out of node partial list to
>> cpu partial list, this method needs two cmpxchg_double operations:
>>
>> 1. freeze slab (acquire_slab()) under the node list_lock
>> 2. get_freelist() when pick used in ___slab_alloc()
>
> Recently -next has been failing to boot on a Raspberry Pi 3 with an arm
> multi_v7_defconfig and a NFS rootfs, a bisect appears to point to this
> patch (in -next as c8d312e039030edab25836a326bcaeb2a3d4db14) as having
> introduced the issue. I've included the full bisect log below.
>
> When we see problems we see RCU stalls while logging in, for example:
>
> debian-testing-armhf login: root (automatic login)
> Linux debian-testing-armhf 6.7.0-rc1-00006-gc8d312e03903 #1 SMP @1699864348 armv7l
> The programs included with the Debian GNU/Linux system are free software;
> the exact distribution terms for each program are described in the
> individual files in /usr/share/doc/*/copyright.
> Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
> permitted by applicable law.
> [ 46.453323] rcu: INFO: rcu_sched detected stalls on CPUs/tasks:
> [ 46.459361] rcu: 3-...0: (1 GPs behind) idle=def4/1/0x40000000 softirq=1304/1304 fqs=951
> [ 46.467669] rcu: (detected by 0, t=2103 jiffies, g=1161, q=499 ncpus=4)
> [ 46.474472] Sending NMI from CPU 0 to CPUs 3:
IIUC, here should print the backtrace of CPU 3, right? It looks like CPU 3 is the cause,
but we couldn't see what it's doing from the log.
Thanks!
> [ 56.478894] rcu: rcu_sched kthread timer wakeup didn't happen for 1002 jiffies! g1161 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402
> [ 56.490195] rcu: Possible timer handling issue on cpu=0 timer-softirq=1650
> [ 56.497259] rcu: rcu_sched kthread starved for 1005 jiffies! g1161 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 ->cpu=0
> [ 56.507589] rcu: Unless rcu_sched kthread gets sufficient CPU time, OOM is now expected behavior.
> [ 56.516681] rcu: RCU grace-period kthread stack dump:
> [ 56.521803] task:rcu_sched state:I stack:0 pid:13 tgid:13 ppid:2 flags:0x00000000
> [ 56.531267] __schedule from schedule+0x20/0xe8
> [ 56.535883] schedule from schedule_timeout+0xa0/0x158
> [ 56.541111] schedule_timeout from rcu_gp_fqs_loop+0x104/0x594
> [ 56.547048] rcu_gp_fqs_loop from rcu_gp_kthread+0x14c/0x1c0
> [ 56.552801] rcu_gp_kthread from kthread+0xe0/0xfc
> [ 56.557674] kthread from ret_from_fork+0x14/0x28
> [ 56.562457] Exception stack(0xf084dfb0 to 0xf084dff8)
> [ 56.567584] dfa0: 00000000 00000000 00000000 00000000
> [ 56.575886] dfc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
> [ 56.584191] dfe0: 00000000 00000000 00000000 00000000 00000013 00000000
> [ 56.590907] rcu: Stack dump where RCU GP kthread last ran:
> [ 56.596474] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 6.7.0-rc1-00006-gc8d312e03903 #1
> [ 56.604515] Hardware name: BCM2835
> [ 56.607965] PC is at default_idle_call+0x1c/0xb0
> [ 56.612654] LR is at ct_kernel_enter.constprop.0+0x48/0x11c
> [ 56.618311] pc : [<c1197054>] lr : [<c1195c98>] psr: 60010013
> [ 56.624672] sp : c1b01f70 ip : c1d5af7c fp : 00000000
> [ 56.629974] r10: c19cda60 r9 : 00000000 r8 : 00000000
> [ 56.635277] r7 : c1b04d50 r6 : c1b04d18 r5 : c1d5b684 r4 : c1b09740
> [ 56.641902] r3 : 00000000 r2 : 00000000 r1 : 00000001 r0 : 002a3114
> [ 56.648528] Flags: nZCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none
> [ 56.655774] Control: 10c5383d Table: 0237406a DAC: 00000051
> [ 56.661605] default_idle_call from do_idle+0x208/0x290
> [ 56.666920] do_idle from cpu_startup_entry+0x28/0x2c
> [ 56.672059] cpu_startup_entry from rest_init+0xac/0xb0
> [ 56.677371] rest_init from arch_post_acpi_subsys_init+0x0/0x8
> Login ti
>
> A full log for that run can be seen at:
>
> https://validation.linaro.org/scheduler/job/4017095
>
> Boots to initramfs with the same kernel image seem fine. Other systems,
> including other 32 bit arm ones, don't seem to be having similar issues
> with this userspace. I've not investigated beyond running the bisect,
> the log for which is below:
>
> git bisect start
> # good: [64e6d94bfb47ed0732ad06aedf8ec6af5dd2ab84] Merge branch 'for-linux-next-fixes' of git://anongit.freedesktop.org/drm/drm-misc
> git bisect good 64e6d94bfb47ed0732ad06aedf8ec6af5dd2ab84
> # bad: [5a82d69d48c82e89aef44483d2a129f869f3506a] Add linux-next specific files for 20231120
> git bisect bad 5a82d69d48c82e89aef44483d2a129f869f3506a
> # good: [ce252a92a867da8a6622463bff637e5f7b904a46] Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless-next.git
> git bisect good ce252a92a867da8a6622463bff637e5f7b904a46
> # good: [c22e026efad504e3b056d4436920d173a09c580e] Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator.git
> git bisect good c22e026efad504e3b056d4436920d173a09c580e
> # good: [b7fc58ffb105470cb339163cc2b04e3f59387a45] Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/fpga/linux-fpga.git
> git bisect good b7fc58ffb105470cb339163cc2b04e3f59387a45
> # good: [26f89f0614f03e4016578a992fc2e86b048a5cb4] Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl.git
> git bisect good 26f89f0614f03e4016578a992fc2e86b048a5cb4
> # good: [602bf18307981f3bfd9ebf19921791a4256d3fd1] Merge branch 'for-6.7' into for-next
> git bisect good 602bf18307981f3bfd9ebf19921791a4256d3fd1
> # good: [9f16a68069822b1df6bfb8a9ef7258a1e32b25e7] Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/livepatching/livepatching
> git bisect good 9f16a68069822b1df6bfb8a9ef7258a1e32b25e7
> # good: [3ff57db6f6569ebc2cc333437e7e949749e59424] Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/krisman/unicode.git
> git bisect good 3ff57db6f6569ebc2cc333437e7e949749e59424
> # bad: [dd374e220ba492f95344a638b1efe5b2744fdd73] slub: Update frozen slabs documentations in the source
> git bisect bad dd374e220ba492f95344a638b1efe5b2744fdd73
> # good: [a3058965bb35490454953aa2c87ea51004839f2f] slub: Prepare __slab_free() for unfrozen partial slab out of node partial list
> git bisect good a3058965bb35490454953aa2c87ea51004839f2f
> # bad: [c8d312e039030edab25836a326bcaeb2a3d4db14] slub: Delay freezing of partial slabs
> git bisect bad c8d312e039030edab25836a326bcaeb2a3d4db14
> # good: [00b15a19ee543f0117cb217fcbab8b7b3fd50677] slub: Introduce freeze_slab()
> git bisect good 00b15a19ee543f0117cb217fcbab8b7b3fd50677
> # first bad commit: [c8d312e039030edab25836a326bcaeb2a3d4db14] slub: Delay freezing of partial slabs
On Tue, Nov 21, 2023 at 08:58:40AM +0800, Chengming Zhou wrote:
> On 2023/11/21 02:49, Mark Brown wrote:
> > On Thu, Nov 02, 2023 at 03:23:27AM +0000, [email protected] wrote:
> > When we see problems we see RCU stalls while logging in, for example:
> > [ 46.453323] rcu: INFO: rcu_sched detected stalls on CPUs/tasks:
> > [ 46.459361] rcu: 3-...0: (1 GPs behind) idle=def4/1/0x40000000 softirq=1304/1304 fqs=951
> > [ 46.467669] rcu: (detected by 0, t=2103 jiffies, g=1161, q=499 ncpus=4)
> > [ 46.474472] Sending NMI from CPU 0 to CPUs 3:
> IIUC, here should print the backtrace of CPU 3, right? It looks like CPU 3 is the cause,
> but we couldn't see what it's doing from the log.
AIUI yes, but it looks like we've just completely lost the CPU - there's
more attempts to talk to it visible in the log:
> > A full log for that run can be seen at:
> >
> > https://validation.linaro.org/scheduler/job/4017095
but none of them appear to cause CPU 3 to respond. Note that 32 bit ARM
is just using a regular IPI rather than something that's actually a NMI
so this isn't hugely out of the ordinary, I'd guess it's stuck with
interrupts masked.
On 2023/11/21 09:29, Mark Brown wrote:
> On Tue, Nov 21, 2023 at 08:58:40AM +0800, Chengming Zhou wrote:
>> On 2023/11/21 02:49, Mark Brown wrote:
>>> On Thu, Nov 02, 2023 at 03:23:27AM +0000, [email protected] wrote:
>
>>> When we see problems we see RCU stalls while logging in, for example:
>
>>> [ 46.453323] rcu: INFO: rcu_sched detected stalls on CPUs/tasks:
>>> [ 46.459361] rcu: 3-...0: (1 GPs behind) idle=def4/1/0x40000000 softirq=1304/1304 fqs=951
>>> [ 46.467669] rcu: (detected by 0, t=2103 jiffies, g=1161, q=499 ncpus=4)
>>> [ 46.474472] Sending NMI from CPU 0 to CPUs 3:
>
>> IIUC, here should print the backtrace of CPU 3, right? It looks like CPU 3 is the cause,
>> but we couldn't see what it's doing from the log.
>
> AIUI yes, but it looks like we've just completely lost the CPU - there's
> more attempts to talk to it visible in the log:
>
>>> A full log for that run can be seen at:
>>>
>>> https://validation.linaro.org/scheduler/job/4017095
>
> but none of them appear to cause CPU 3 to respond. Note that 32 bit ARM
> is just using a regular IPI rather than something that's actually a NMI
> so this isn't hugely out of the ordinary, I'd guess it's stuck with
> interrupts masked.
Ah yes, there is no NMI on ARM, so CPU 3 maybe running somewhere with
interrupts disabled. I searched the full log, but still haven't a clue.
And there is no any WARNING or BUG related to SLUB in the log.
I wonder how to reproduce it locally with a Qemu VM since I don't have
the ARM machine.
Thanks!
On Tue, Nov 21, 2023 at 11:47:26PM +0800, Chengming Zhou wrote:
> Ah yes, there is no NMI on ARM, so CPU 3 maybe running somewhere with
> interrupts disabled. I searched the full log, but still haven't a clue.
> And there is no any WARNING or BUG related to SLUB in the log.
Yeah, nor anything else particularly. I tried turning on some debug
options:
CONFIG_SOFTLOCKUP_DETECTOR=y
CONFIG_DETECT_HUNG_TASK=y
CONFIG_WQ_WATCHDOG=y
CONFIG_DEBUG_PREEMPT=y
CONFIG_DEBUG_LOCKING=y
CONFIG_DEBUG_ATOMIC_SLEEP=y
https://validation.linaro.org/scheduler/job/4017828
which has some additional warnings related to clock changes but AFAICT
those come from today's -next rather than the debug stuff:
https://validation.linaro.org/scheduler/job/4017823
so that's not super helpful.
> I wonder how to reproduce it locally with a Qemu VM since I don't have
> the ARM machine.
There's sample qemu jobs available from for example KernelCI:
https://storage.kernelci.org/next/master/next-20231120/arm/multi_v7_defconfig/gcc-10/lab-baylibre/baseline-qemu_arm-virt-gicv3.html
(includes the command line, though it's not using Debian testing like my
test was). Note that I'm testing a bunch of platforms with the same
kernel/rootfs combination and it was only the Raspberry Pi 3 which blew
up. It is a bit tight for memory which might have some influence?
I'm really suspecting this may have made some underlying platform bug
more obvious :/
On Thu, Nov 2, 2023 at 12:24 PM <[email protected]> wrote:
>
> From: Chengming Zhou <[email protected]>
>
> The get_partial() interface used in ___slab_alloc() may return a single
> object in the "kmem_cache_debug(s)" case, in which we will just return
> the "freelist" object.
>
> Move this handling up to prepare for later changes.
>
> And the "pfmemalloc_match()" part is not needed for node partial slab,
> since we already check this in the get_partial_node().
>
> Signed-off-by: Chengming Zhou <[email protected]>
> Reviewed-by: Vlastimil Babka <[email protected]>
> Tested-by: Hyeonggon Yoo <[email protected]>
> ---
> mm/slub.c | 31 +++++++++++++++----------------
> 1 file changed, 15 insertions(+), 16 deletions(-)
>
> diff --git a/mm/slub.c b/mm/slub.c
> index 63d281dfacdb..0b0fdc8c189f 100644
> --- a/mm/slub.c
> +++ b/mm/slub.c
> @@ -3216,8 +3216,21 @@ static void *___slab_alloc(struct kmem_cache *s, gfp_t gfpflags, int node,
> pc.slab = &slab;
> pc.orig_size = orig_size;
> freelist = get_partial(s, node, &pc);
> - if (freelist)
> - goto check_new_slab;
> + if (freelist) {
> + if (kmem_cache_debug(s)) {
> + /*
> + * For debug caches here we had to go through
> + * alloc_single_from_partial() so just store the
> + * tracking info and return the object.
> + */
> + if (s->flags & SLAB_STORE_USER)
> + set_track(s, freelist, TRACK_ALLOC, addr);
> +
> + return freelist;
> + }
> +
> + goto retry_load_slab;
> + }
>
> slub_put_cpu_ptr(s->cpu_slab);
> slab = new_slab(s, gfpflags, node);
> @@ -3253,20 +3266,6 @@ static void *___slab_alloc(struct kmem_cache *s, gfp_t gfpflags, int node,
>
> inc_slabs_node(s, slab_nid(slab), slab->objects);
>
> -check_new_slab:
> -
> - if (kmem_cache_debug(s)) {
> - /*
> - * For debug caches here we had to go through
> - * alloc_single_from_partial() so just store the tracking info
> - * and return the object
> - */
> - if (s->flags & SLAB_STORE_USER)
> - set_track(s, freelist, TRACK_ALLOC, addr);
> -
> - return freelist;
> - }
> -
> if (unlikely(!pfmemalloc_match(slab, gfpflags))) {
> /*
> * For !pfmemalloc_match() case we don't load freelist so that
Looks good to me,
Reviewed-by: Hyeonggon Yoo <[email protected]>
> --
> 2.20.1
>
On Thu, Nov 2, 2023 at 12:24 PM <[email protected]> wrote:
>
> From: Chengming Zhou <[email protected]>
>
> We need all get_partial() related interfaces to return a slab, instead
> of returning the freelist (or object).
>
> Use the partial_context.object to return back freelist or object for
> now. This patch shouldn't have any functional changes.
>
> Suggested-by: Vlastimil Babka <[email protected]>
> Signed-off-by: Chengming Zhou <[email protected]>
> Reviewed-by: Vlastimil Babka <[email protected]>
> Tested-by: Hyeonggon Yoo <[email protected]>
> ---
> mm/slub.c | 63 +++++++++++++++++++++++++++++--------------------------
> 1 file changed, 33 insertions(+), 30 deletions(-)
>
> diff --git a/mm/slub.c b/mm/slub.c
> index 0b0fdc8c189f..03384cd965c5 100644
> --- a/mm/slub.c
> +++ b/mm/slub.c
> @@ -204,9 +204,9 @@ DEFINE_STATIC_KEY_FALSE(slub_debug_enabled);
>
> /* Structure holding parameters for get_partial() call chain */
> struct partial_context {
> - struct slab **slab;
> gfp_t flags;
> unsigned int orig_size;
> + void *object;
> };
>
> static inline bool kmem_cache_debug(struct kmem_cache *s)
> @@ -2269,10 +2269,11 @@ static inline bool pfmemalloc_match(struct slab *slab, gfp_t gfpflags);
> /*
> * Try to allocate a partial slab from a specific node.
> */
> -static void *get_partial_node(struct kmem_cache *s, struct kmem_cache_node *n,
> - struct partial_context *pc)
> +static struct slab *get_partial_node(struct kmem_cache *s,
> + struct kmem_cache_node *n,
> + struct partial_context *pc)
> {
> - struct slab *slab, *slab2;
> + struct slab *slab, *slab2, *partial = NULL;
> void *object = NULL;
> unsigned long flags;
> unsigned int partial_slabs = 0;
> @@ -2288,27 +2289,28 @@ static void *get_partial_node(struct kmem_cache *s, struct kmem_cache_node *n,
>
> spin_lock_irqsave(&n->list_lock, flags);
> list_for_each_entry_safe(slab, slab2, &n->partial, slab_list) {
> - void *t;
> -
> if (!pfmemalloc_match(slab, pc->flags))
> continue;
>
> if (IS_ENABLED(CONFIG_SLUB_TINY) || kmem_cache_debug(s)) {
> object = alloc_single_from_partial(s, n, slab,
> pc->orig_size);
> - if (object)
> + if (object) {
> + partial = slab;
> + pc->object = object;
> break;
> + }
> continue;
> }
>
> - t = acquire_slab(s, n, slab, object == NULL);
> - if (!t)
> + object = acquire_slab(s, n, slab, object == NULL);
> + if (!object)
> break;
>
> - if (!object) {
> - *pc->slab = slab;
> + if (!partial) {
> + partial = slab;
> + pc->object = object;
> stat(s, ALLOC_FROM_PARTIAL);
> - object = t;
> } else {
> put_cpu_partial(s, slab, 0);
> stat(s, CPU_PARTIAL_NODE);
> @@ -2324,20 +2326,21 @@ static void *get_partial_node(struct kmem_cache *s, struct kmem_cache_node *n,
>
> }
> spin_unlock_irqrestore(&n->list_lock, flags);
> - return object;
> + return partial;
> }
>
> /*
> * Get a slab from somewhere. Search in increasing NUMA distances.
> */
> -static void *get_any_partial(struct kmem_cache *s, struct partial_context *pc)
> +static struct slab *get_any_partial(struct kmem_cache *s,
> + struct partial_context *pc)
> {
> #ifdef CONFIG_NUMA
> struct zonelist *zonelist;
> struct zoneref *z;
> struct zone *zone;
> enum zone_type highest_zoneidx = gfp_zone(pc->flags);
> - void *object;
> + struct slab *slab;
> unsigned int cpuset_mems_cookie;
>
> /*
> @@ -2372,8 +2375,8 @@ static void *get_any_partial(struct kmem_cache *s, struct partial_context *pc)
>
> if (n && cpuset_zone_allowed(zone, pc->flags) &&
> n->nr_partial > s->min_partial) {
> - object = get_partial_node(s, n, pc);
> - if (object) {
> + slab = get_partial_node(s, n, pc);
> + if (slab) {
> /*
> * Don't check read_mems_allowed_retry()
> * here - if mems_allowed was updated in
> @@ -2381,7 +2384,7 @@ static void *get_any_partial(struct kmem_cache *s, struct partial_context *pc)
> * between allocation and the cpuset
> * update
> */
> - return object;
> + return slab;
> }
> }
> }
> @@ -2393,17 +2396,18 @@ static void *get_any_partial(struct kmem_cache *s, struct partial_context *pc)
> /*
> * Get a partial slab, lock it and return it.
> */
> -static void *get_partial(struct kmem_cache *s, int node, struct partial_context *pc)
> +static struct slab *get_partial(struct kmem_cache *s, int node,
> + struct partial_context *pc)
> {
> - void *object;
> + struct slab *slab;
> int searchnode = node;
>
> if (node == NUMA_NO_NODE)
> searchnode = numa_mem_id();
>
> - object = get_partial_node(s, get_node(s, searchnode), pc);
> - if (object || node != NUMA_NO_NODE)
> - return object;
> + slab = get_partial_node(s, get_node(s, searchnode), pc);
> + if (slab || node != NUMA_NO_NODE)
> + return slab;
>
> return get_any_partial(s, pc);
> }
> @@ -3213,10 +3217,10 @@ static void *___slab_alloc(struct kmem_cache *s, gfp_t gfpflags, int node,
> new_objects:
>
> pc.flags = gfpflags;
> - pc.slab = &slab;
> pc.orig_size = orig_size;
> - freelist = get_partial(s, node, &pc);
> - if (freelist) {
> + slab = get_partial(s, node, &pc);
> + if (slab) {
> + freelist = pc.object;
> if (kmem_cache_debug(s)) {
> /*
> * For debug caches here we had to go through
> @@ -3408,12 +3412,11 @@ static void *__slab_alloc_node(struct kmem_cache *s,
> void *object;
>
> pc.flags = gfpflags;
> - pc.slab = &slab;
> pc.orig_size = orig_size;
> - object = get_partial(s, node, &pc);
> + slab = get_partial(s, node, &pc);
>
> - if (object)
> - return object;
> + if (slab)
> + return pc.object;
>
> slab = new_slab(s, gfpflags, node);
> if (unlikely(!slab)) {
Looks good to me,
Reviewed-by: Hyeonggon Yoo <[email protected]>
On Thu, Nov 2, 2023 at 12:24 PM <[email protected]> wrote:
>
> From: Chengming Zhou <[email protected]>
>
> Now we rely on the "frozen" bit to see if we should manipulate the
> slab->slab_list, which will be changed in the following patch.
>
> Instead we introduce another way to keep track of whether slub is on
> the per-node partial list, here we reuse the PG_workingset bit.
>
> We use __set_bit and __clear_bit directly instead of the atomic version
> for better performance and it's safe since it's protected by the slub
> node list_lock.
>
> Suggested-by: Matthew Wilcox <[email protected]>
> Signed-off-by: Chengming Zhou <[email protected]>
> Reviewed-by: Vlastimil Babka <[email protected]>
> Tested-by: Hyeonggon Yoo <[email protected]>
> ---
> mm/slub.c | 22 ++++++++++++++++++++++
> 1 file changed, 22 insertions(+)
>
> diff --git a/mm/slub.c b/mm/slub.c
> index 03384cd965c5..eed8ae0dbaf9 100644
> --- a/mm/slub.c
> +++ b/mm/slub.c
> @@ -2116,6 +2116,25 @@ static void discard_slab(struct kmem_cache *s, struct slab *slab)
> free_slab(s, slab);
> }
>
> +/*
> + * SLUB reuses PG_workingset bit to keep track of whether it's on
> + * the per-node partial list.
> + */
> +static inline bool slab_test_node_partial(const struct slab *slab)
> +{
> + return folio_test_workingset((struct folio *)slab_folio(slab));
> +}
> +
> +static inline void slab_set_node_partial(struct slab *slab)
> +{
> + __set_bit(PG_workingset, folio_flags(slab_folio(slab), 0));
> +}
> +
> +static inline void slab_clear_node_partial(struct slab *slab)
> +{
> + __clear_bit(PG_workingset, folio_flags(slab_folio(slab), 0));
> +}
> +
> /*
> * Management of partially allocated slabs.
> */
> @@ -2127,6 +2146,7 @@ __add_partial(struct kmem_cache_node *n, struct slab *slab, int tail)
> list_add_tail(&slab->slab_list, &n->partial);
> else
> list_add(&slab->slab_list, &n->partial);
> + slab_set_node_partial(slab);
> }
>
> static inline void add_partial(struct kmem_cache_node *n,
> @@ -2141,6 +2161,7 @@ static inline void remove_partial(struct kmem_cache_node *n,
> {
> lockdep_assert_held(&n->list_lock);
> list_del(&slab->slab_list);
> + slab_clear_node_partial(slab);
> n->nr_partial--;
> }
>
> @@ -4833,6 +4854,7 @@ static int __kmem_cache_do_shrink(struct kmem_cache *s)
>
> if (free == slab->objects) {
> list_move(&slab->slab_list, &discard);
> + slab_clear_node_partial(slab);
> n->nr_partial--;
> dec_slabs_node(s, node, slab->objects);
> } else if (free <= SHRINK_PROMOTE_MAX)
> --
Looks good to me,
Reviewed-by: Hyeonggon Yoo <[email protected]>
On 11/21/23 19:21, Mark Brown wrote:
> On Tue, Nov 21, 2023 at 11:47:26PM +0800, Chengming Zhou wrote:
>
>> Ah yes, there is no NMI on ARM, so CPU 3 maybe running somewhere with
>> interrupts disabled. I searched the full log, but still haven't a clue.
>> And there is no any WARNING or BUG related to SLUB in the log.
>
> Yeah, nor anything else particularly. I tried turning on some debug
> options:
>
> CONFIG_SOFTLOCKUP_DETECTOR=y
> CONFIG_DETECT_HUNG_TASK=y
> CONFIG_WQ_WATCHDOG=y
> CONFIG_DEBUG_PREEMPT=y
> CONFIG_DEBUG_LOCKING=y
> CONFIG_DEBUG_ATOMIC_SLEEP=y
>
> https://validation.linaro.org/scheduler/job/4017828
>
> which has some additional warnings related to clock changes but AFAICT
> those come from today's -next rather than the debug stuff:
>
> https://validation.linaro.org/scheduler/job/4017823
>
> so that's not super helpful.
For the record (and to help debugging focus) on IRC we discussed that with
CONFIG_SLUB_CPU_PARTIAL=n the problem persists:
https://validation.linaro.org/scheduler/job/4017863
Which limits the scope of where to look so that's good :)
>> I wonder how to reproduce it locally with a Qemu VM since I don't have
>> the ARM machine.
>
> There's sample qemu jobs available from for example KernelCI:
>
> https://storage.kernelci.org/next/master/next-20231120/arm/multi_v7_defconfig/gcc-10/lab-baylibre/baseline-qemu_arm-virt-gicv3.html
>
> (includes the command line, though it's not using Debian testing like my
> test was). Note that I'm testing a bunch of platforms with the same
> kernel/rootfs combination and it was only the Raspberry Pi 3 which blew
> up. It is a bit tight for memory which might have some influence?
>
> I'm really suspecting this may have made some underlying platform bug
> more obvious :/
On 11/20/23 19:49, Mark Brown wrote:
> On Thu, Nov 02, 2023 at 03:23:27AM +0000, [email protected] wrote:
>> From: Chengming Zhou <[email protected]>
>>
>> Now we will freeze slabs when moving them out of node partial list to
>> cpu partial list, this method needs two cmpxchg_double operations:
>>
>> 1. freeze slab (acquire_slab()) under the node list_lock
>> 2. get_freelist() when pick used in ___slab_alloc()
>
> Recently -next has been failing to boot on a Raspberry Pi 3 with an arm
> multi_v7_defconfig and a NFS rootfs, a bisect appears to point to this
> patch (in -next as c8d312e039030edab25836a326bcaeb2a3d4db14) as having
> introduced the issue. I've included the full bisect log below.
>
> When we see problems we see RCU stalls while logging in, for example:
Can you try this, please?
----8<----
From 000030c1ff055ef6a2ca624d0142f08f3ef19d51 Mon Sep 17 00:00:00 2001
From: Vlastimil Babka <[email protected]>
Date: Wed, 22 Nov 2023 10:32:41 +0100
Subject: [PATCH] mm/slub: try to fix hangs without cmpxchg64/128
If we don't have cmpxchg64/128 and resort to slab_lock()/slab_unlock()
which uses PG_locked, we can get RMW with the newly introduced
slab_set/clear_node_partial() operation that modify PG_workingset so all
the operations have to be atomic now.
Signed-off-by: Vlastimil Babka <[email protected]>
---
mm/slub.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/mm/slub.c b/mm/slub.c
index bcb5b2c4e213..f2cdb81ab02e 100644
--- a/mm/slub.c
+++ b/mm/slub.c
@@ -522,7 +522,7 @@ static __always_inline void slab_unlock(struct slab *slab)
struct page *page = slab_page(slab);
VM_BUG_ON_PAGE(PageTail(page), page);
- __bit_spin_unlock(PG_locked, &page->flags);
+ bit_spin_unlock(PG_locked, &page->flags);
}
static inline bool
@@ -2127,12 +2127,12 @@ static inline bool slab_test_node_partial(const struct slab *slab)
static inline void slab_set_node_partial(struct slab *slab)
{
- __set_bit(PG_workingset, folio_flags(slab_folio(slab), 0));
+ set_bit(PG_workingset, folio_flags(slab_folio(slab), 0));
}
static inline void slab_clear_node_partial(struct slab *slab)
{
- __clear_bit(PG_workingset, folio_flags(slab_folio(slab), 0));
+ clear_bit(PG_workingset, folio_flags(slab_folio(slab), 0));
}
/*
--
2.42.1
On Wed, Nov 22, 2023 at 10:37:39AM +0100, Vlastimil Babka wrote:
> Can you try this, please?
> Subject: [PATCH] mm/slub: try to fix hangs without cmpxchg64/128
>
> If we don't have cmpxchg64/128 and resort to slab_lock()/slab_unlock()
> which uses PG_locked, we can get RMW with the newly introduced
> slab_set/clear_node_partial() operation that modify PG_workingset so all
> the operations have to be atomic now.
That seems to resolve the issue:
https://validation.linaro.org/scheduler/job/4018096
Tested-by: Mark Brown <[email protected]>
Thanks!
On 2023/11/22 17:37, Vlastimil Babka wrote:
> On 11/20/23 19:49, Mark Brown wrote:
>> On Thu, Nov 02, 2023 at 03:23:27AM +0000, [email protected] wrote:
>>> From: Chengming Zhou <[email protected]>
>>>
>>> Now we will freeze slabs when moving them out of node partial list to
>>> cpu partial list, this method needs two cmpxchg_double operations:
>>>
>>> 1. freeze slab (acquire_slab()) under the node list_lock
>>> 2. get_freelist() when pick used in ___slab_alloc()
>>
>> Recently -next has been failing to boot on a Raspberry Pi 3 with an arm
>> multi_v7_defconfig and a NFS rootfs, a bisect appears to point to this
>> patch (in -next as c8d312e039030edab25836a326bcaeb2a3d4db14) as having
>> introduced the issue. I've included the full bisect log below.
>>
>> When we see problems we see RCU stalls while logging in, for example:
>
> Can you try this, please?
>
Great! I manually disabled __CMPXCHG_DOUBLE to reproduce the problem,
and this patch can solve the machine hang problem.
BTW, I also did the performance testcase on the machine with 128 CPUs.
stress-ng --rawpkt 128 --rawpkt-ops 100000000
base patched
2.22s 2.35s
2.21s 3.14s
2.19s 4.75s
Found this atomic version performance numbers are not stable.
Should I change back to reuse the slab->__unused (mapcount) field?
Or should we check "s->flags & __CMPXCHG_DOUBLE" in slab_set/clear_node_partial()
to avoid using the atomic version?
Thanks!
> ----8<----
> From 000030c1ff055ef6a2ca624d0142f08f3ef19d51 Mon Sep 17 00:00:00 2001
> From: Vlastimil Babka <[email protected]>
> Date: Wed, 22 Nov 2023 10:32:41 +0100
> Subject: [PATCH] mm/slub: try to fix hangs without cmpxchg64/128
>
> If we don't have cmpxchg64/128 and resort to slab_lock()/slab_unlock()
> which uses PG_locked, we can get RMW with the newly introduced
> slab_set/clear_node_partial() operation that modify PG_workingset so all
> the operations have to be atomic now.
>
> Signed-off-by: Vlastimil Babka <[email protected]>
> ---
> mm/slub.c | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/mm/slub.c b/mm/slub.c
> index bcb5b2c4e213..f2cdb81ab02e 100644
> --- a/mm/slub.c
> +++ b/mm/slub.c
> @@ -522,7 +522,7 @@ static __always_inline void slab_unlock(struct slab *slab)
> struct page *page = slab_page(slab);
>
> VM_BUG_ON_PAGE(PageTail(page), page);
> - __bit_spin_unlock(PG_locked, &page->flags);
> + bit_spin_unlock(PG_locked, &page->flags);
> }
>
> static inline bool
> @@ -2127,12 +2127,12 @@ static inline bool slab_test_node_partial(const struct slab *slab)
>
> static inline void slab_set_node_partial(struct slab *slab)
> {
> - __set_bit(PG_workingset, folio_flags(slab_folio(slab), 0));
> + set_bit(PG_workingset, folio_flags(slab_folio(slab), 0));
> }
>
> static inline void slab_clear_node_partial(struct slab *slab)
> {
> - __clear_bit(PG_workingset, folio_flags(slab_folio(slab), 0));
> + clear_bit(PG_workingset, folio_flags(slab_folio(slab), 0));
> }
>
> /*
On 11/22/23 12:35, Chengming Zhou wrote:
> On 2023/11/22 17:37, Vlastimil Babka wrote:
>> On 11/20/23 19:49, Mark Brown wrote:
>>> On Thu, Nov 02, 2023 at 03:23:27AM +0000, [email protected] wrote:
>>>> From: Chengming Zhou <[email protected]>
>>>>
>>>> Now we will freeze slabs when moving them out of node partial list to
>>>> cpu partial list, this method needs two cmpxchg_double operations:
>>>>
>>>> 1. freeze slab (acquire_slab()) under the node list_lock
>>>> 2. get_freelist() when pick used in ___slab_alloc()
>>>
>>> Recently -next has been failing to boot on a Raspberry Pi 3 with an arm
>>> multi_v7_defconfig and a NFS rootfs, a bisect appears to point to this
>>> patch (in -next as c8d312e039030edab25836a326bcaeb2a3d4db14) as having
>>> introduced the issue. I've included the full bisect log below.
>>>
>>> When we see problems we see RCU stalls while logging in, for example:
>>
>> Can you try this, please?
>>
>
> Great! I manually disabled __CMPXCHG_DOUBLE to reproduce the problem,
> and this patch can solve the machine hang problem.
>
> BTW, I also did the performance testcase on the machine with 128 CPUs.
>
> stress-ng --rawpkt 128 --rawpkt-ops 100000000
>
> base patched
> 2.22s 2.35s
> 2.21s 3.14s
> 2.19s 4.75s
>
> Found this atomic version performance numbers are not stable.
That's weirdly too bad. Is that measured also with __CMPXCHG_DOUBLE
disabled, or just the patch? The PG_workingset flag change should be
uncontended as we are doing it under list_lock, and with __CMPXCHG_DOUBLE
there should be no interfering PG_locked interference.
On 2023/11/22 19:40, Vlastimil Babka wrote:
> On 11/22/23 12:35, Chengming Zhou wrote:
>> On 2023/11/22 17:37, Vlastimil Babka wrote:
>>> On 11/20/23 19:49, Mark Brown wrote:
>>>> On Thu, Nov 02, 2023 at 03:23:27AM +0000, [email protected] wrote:
>>>>> From: Chengming Zhou <[email protected]>
>>>>>
>>>>> Now we will freeze slabs when moving them out of node partial list to
>>>>> cpu partial list, this method needs two cmpxchg_double operations:
>>>>>
>>>>> 1. freeze slab (acquire_slab()) under the node list_lock
>>>>> 2. get_freelist() when pick used in ___slab_alloc()
>>>>
>>>> Recently -next has been failing to boot on a Raspberry Pi 3 with an arm
>>>> multi_v7_defconfig and a NFS rootfs, a bisect appears to point to this
>>>> patch (in -next as c8d312e039030edab25836a326bcaeb2a3d4db14) as having
>>>> introduced the issue. I've included the full bisect log below.
>>>>
>>>> When we see problems we see RCU stalls while logging in, for example:
>>>
>>> Can you try this, please?
>>>
>>
>> Great! I manually disabled __CMPXCHG_DOUBLE to reproduce the problem,
>> and this patch can solve the machine hang problem.
>>
>> BTW, I also did the performance testcase on the machine with 128 CPUs.
>>
>> stress-ng --rawpkt 128 --rawpkt-ops 100000000
>>
>> base patched
>> 2.22s 2.35s
>> 2.21s 3.14s
>> 2.19s 4.75s
>>
>> Found this atomic version performance numbers are not stable.
>
> That's weirdly too bad. Is that measured also with __CMPXCHG_DOUBLE
> disabled, or just the patch? The PG_workingset flag change should be
The performance test is just the patch.
> uncontended as we are doing it under list_lock, and with __CMPXCHG_DOUBLE
> there should be no interfering PG_locked interference.
>
Yes, I don't know. Maybe it's related with my kernel config, making the
atomic operation much expensive? Will look again..
And I also tested the atomic-optional version like below, found the
performance numbers are much stable.
diff --git a/mm/slub.c b/mm/slub.c
index a307d319e82c..e11d34d51a14 100644
--- a/mm/slub.c
+++ b/mm/slub.c
@@ -531,7 +531,7 @@ static __always_inline void slab_unlock(struct slab *slab)
struct page *page = slab_page(slab);
VM_BUG_ON_PAGE(PageTail(page), page);
- __bit_spin_unlock(PG_locked, &page->flags);
+ bit_spin_unlock(PG_locked, &page->flags);
}
static inline bool
@@ -2136,12 +2136,18 @@ static inline bool slab_test_node_partial(const struct slab *slab)
static inline void slab_set_node_partial(struct slab *slab)
{
- __set_bit(PG_workingset, folio_flags(slab_folio(slab), 0));
+ if (slab->slab_cache->flags & __CMPXCHG_DOUBLE)
+ __set_bit(PG_workingset, folio_flags(slab_folio(slab), 0));
+ else
+ set_bit(PG_workingset, folio_flags(slab_folio(slab), 0));
}
static inline void slab_clear_node_partial(struct slab *slab)
{
- __clear_bit(PG_workingset, folio_flags(slab_folio(slab), 0));
+ if (slab->slab_cache->flags & __CMPXCHG_DOUBLE)
+ __clear_bit(PG_workingset, folio_flags(slab_folio(slab), 0));
+ else
+ clear_bit(PG_workingset, folio_flags(slab_folio(slab), 0));
}
On 11/22/23 12:54, Chengming Zhou wrote:
> On 2023/11/22 19:40, Vlastimil Babka wrote:
>> On 11/22/23 12:35, Chengming Zhou wrote:
>>> On 2023/11/22 17:37, Vlastimil Babka wrote:
>>>> On 11/20/23 19:49, Mark Brown wrote:
>>>>> On Thu, Nov 02, 2023 at 03:23:27AM +0000, [email protected] wrote:
>>>>>> From: Chengming Zhou <[email protected]>
>>>>>>
>>>>>> Now we will freeze slabs when moving them out of node partial list to
>>>>>> cpu partial list, this method needs two cmpxchg_double operations:
>>>>>>
>>>>>> 1. freeze slab (acquire_slab()) under the node list_lock
>>>>>> 2. get_freelist() when pick used in ___slab_alloc()
>>>>>
>>>>> Recently -next has been failing to boot on a Raspberry Pi 3 with an arm
>>>>> multi_v7_defconfig and a NFS rootfs, a bisect appears to point to this
>>>>> patch (in -next as c8d312e039030edab25836a326bcaeb2a3d4db14) as having
>>>>> introduced the issue. I've included the full bisect log below.
>>>>>
>>>>> When we see problems we see RCU stalls while logging in, for example:
>>>>
>>>> Can you try this, please?
>>>>
>>>
>>> Great! I manually disabled __CMPXCHG_DOUBLE to reproduce the problem,
>>> and this patch can solve the machine hang problem.
>>>
>>> BTW, I also did the performance testcase on the machine with 128 CPUs.
>>>
>>> stress-ng --rawpkt 128 --rawpkt-ops 100000000
>>>
>>> base patched
>>> 2.22s 2.35s
>>> 2.21s 3.14s
>>> 2.19s 4.75s
>>>
>>> Found this atomic version performance numbers are not stable.
>>
>> That's weirdly too bad. Is that measured also with __CMPXCHG_DOUBLE
>> disabled, or just the patch? The PG_workingset flag change should be
>
> The performance test is just the patch.
>
>> uncontended as we are doing it under list_lock, and with __CMPXCHG_DOUBLE
>> there should be no interfering PG_locked interference.
>>
>
> Yes, I don't know. Maybe it's related with my kernel config, making the
> atomic operation much expensive? Will look again..
I doubt it can explain going from 2.19s to 4.75s, must have been some
interference on the machine?
> And I also tested the atomic-optional version like below, found the
> performance numbers are much stable.
This gets rather ugly and fragile so I'd maybe rather go back to the
__unused field approach :/
> diff --git a/mm/slub.c b/mm/slub.c
> index a307d319e82c..e11d34d51a14 100644
> --- a/mm/slub.c
> +++ b/mm/slub.c
> @@ -531,7 +531,7 @@ static __always_inline void slab_unlock(struct slab *slab)
> struct page *page = slab_page(slab);
>
> VM_BUG_ON_PAGE(PageTail(page), page);
> - __bit_spin_unlock(PG_locked, &page->flags);
> + bit_spin_unlock(PG_locked, &page->flags);
> }
>
> static inline bool
> @@ -2136,12 +2136,18 @@ static inline bool slab_test_node_partial(const struct slab *slab)
>
> static inline void slab_set_node_partial(struct slab *slab)
> {
> - __set_bit(PG_workingset, folio_flags(slab_folio(slab), 0));
> + if (slab->slab_cache->flags & __CMPXCHG_DOUBLE)
> + __set_bit(PG_workingset, folio_flags(slab_folio(slab), 0));
> + else
> + set_bit(PG_workingset, folio_flags(slab_folio(slab), 0));
> }
>
> static inline void slab_clear_node_partial(struct slab *slab)
> {
> - __clear_bit(PG_workingset, folio_flags(slab_folio(slab), 0));
> + if (slab->slab_cache->flags & __CMPXCHG_DOUBLE)
> + __clear_bit(PG_workingset, folio_flags(slab_folio(slab), 0));
> + else
> + clear_bit(PG_workingset, folio_flags(slab_folio(slab), 0));
> }
On 2023/11/22 21:19, Vlastimil Babka wrote:
> On 11/22/23 12:54, Chengming Zhou wrote:
>> On 2023/11/22 19:40, Vlastimil Babka wrote:
>>> On 11/22/23 12:35, Chengming Zhou wrote:
>>>> On 2023/11/22 17:37, Vlastimil Babka wrote:
>>>>> On 11/20/23 19:49, Mark Brown wrote:
>>>>>> On Thu, Nov 02, 2023 at 03:23:27AM +0000, [email protected] wrote:
>>>>>>> From: Chengming Zhou <[email protected]>
>>>>>>>
>>>>>>> Now we will freeze slabs when moving them out of node partial list to
>>>>>>> cpu partial list, this method needs two cmpxchg_double operations:
>>>>>>>
>>>>>>> 1. freeze slab (acquire_slab()) under the node list_lock
>>>>>>> 2. get_freelist() when pick used in ___slab_alloc()
>>>>>>
>>>>>> Recently -next has been failing to boot on a Raspberry Pi 3 with an arm
>>>>>> multi_v7_defconfig and a NFS rootfs, a bisect appears to point to this
>>>>>> patch (in -next as c8d312e039030edab25836a326bcaeb2a3d4db14) as having
>>>>>> introduced the issue. I've included the full bisect log below.
>>>>>>
>>>>>> When we see problems we see RCU stalls while logging in, for example:
>>>>>
>>>>> Can you try this, please?
>>>>>
>>>>
>>>> Great! I manually disabled __CMPXCHG_DOUBLE to reproduce the problem,
>>>> and this patch can solve the machine hang problem.
>>>>
>>>> BTW, I also did the performance testcase on the machine with 128 CPUs.
>>>>
>>>> stress-ng --rawpkt 128 --rawpkt-ops 100000000
>>>>
>>>> base patched
>>>> 2.22s 2.35s
>>>> 2.21s 3.14s
>>>> 2.19s 4.75s
>>>>
>>>> Found this atomic version performance numbers are not stable.
>>>
>>> That's weirdly too bad. Is that measured also with __CMPXCHG_DOUBLE
>>> disabled, or just the patch? The PG_workingset flag change should be
>>
>> The performance test is just the patch.
>>
>>> uncontended as we are doing it under list_lock, and with __CMPXCHG_DOUBLE
>>> there should be no interfering PG_locked interference.
>>>
>>
>> Yes, I don't know. Maybe it's related with my kernel config, making the
>> atomic operation much expensive? Will look again..
>
> I doubt it can explain going from 2.19s to 4.75s, must have been some
> interference on the machine?
>
Yes, it looks so. There are some background services on the 128 CPUs machine.
Although "stress-ng --rawpkt 128 --rawpkt-ops 100000000" has so much regression,
I tried other less contented testcases:
1. stress-ng --rawpkt 64 --rawpkt-ops 100000000
2. perf bench sched messaging -g 5 -t -l 100000
The performance numbers of this atomic version are pretty much the same.
So this atomic version should be good in most cases IMHO.
>> And I also tested the atomic-optional version like below, found the
>> performance numbers are much stable.
>
> This gets rather ugly and fragile so I'd maybe rather go back to the
> __unused field approach :/
>
Agree. If we don't want this atomic version, the __unused field approach
seems better.
Thanks!
On 11/22/23 15:28, Chengming Zhou wrote:
>
> Yes, it looks so. There are some background services on the 128 CPUs machine.
> Although "stress-ng --rawpkt 128 --rawpkt-ops 100000000" has so much regression,
> I tried other less contented testcases:
>
> 1. stress-ng --rawpkt 64 --rawpkt-ops 100000000
> 2. perf bench sched messaging -g 5 -t -l 100000
>
> The performance numbers of this atomic version are pretty much the same.
>
> So this atomic version should be good in most cases IMHO.
OK will fold the fix using full atomic version.
>>> And I also tested the atomic-optional version like below, found the
>>> performance numbers are much stable.
>>
>> This gets rather ugly and fragile so I'd maybe rather go back to the
>> __unused field approach :/
>>
>
> Agree. If we don't want this atomic version, the __unused field approach
> seems better.
>
> Thanks!
>
On Thu, Nov 2, 2023 at 12:24 PM <[email protected]> wrote:
>
> From: Chengming Zhou <[email protected]>
>
> Now the partially empty slub will be frozen when taken out of node partial
> list, so the __slab_free() will know from "was_frozen" that the partially
> empty slab is not on node partial list and is a cpu or cpu partial slab
> of some cpu.
>
> But we will change this, make partial slabs leave the node partial list
> with unfrozen state, so we need to change __slab_free() to use the new
> slab_test_node_partial() we just introduced.
>
> Signed-off-by: Chengming Zhou <[email protected]>
> Reviewed-by: Vlastimil Babka <[email protected]>
> Tested-by: Hyeonggon Yoo <[email protected]>
> ---
> mm/slub.c | 11 +++++++++++
> 1 file changed, 11 insertions(+)
>
> diff --git a/mm/slub.c b/mm/slub.c
> index eed8ae0dbaf9..1880b483350e 100644
> --- a/mm/slub.c
> +++ b/mm/slub.c
> @@ -3631,6 +3631,7 @@ static void __slab_free(struct kmem_cache *s, struct slab *slab,
> unsigned long counters;
> struct kmem_cache_node *n = NULL;
> unsigned long flags;
> + bool on_node_partial;
>
> stat(s, FREE_SLOWPATH);
>
> @@ -3678,6 +3679,7 @@ static void __slab_free(struct kmem_cache *s, struct slab *slab,
> */
> spin_lock_irqsave(&n->list_lock, flags);
>
> + on_node_partial = slab_test_node_partial(slab);
> }
> }
>
> @@ -3706,6 +3708,15 @@ static void __slab_free(struct kmem_cache *s, struct slab *slab,
> return;
> }
>
> + /*
> + * This slab was partially empty but not on the per-node partial list,
> + * in which case we shouldn't manipulate its list, just return.
> + */
> + if (prior && !on_node_partial) {
> + spin_unlock_irqrestore(&n->list_lock, flags);
> + return;
> + }
> +
> if (unlikely(!new.inuse && n->nr_partial >= s->min_partial))
> goto slab_empty;
>
Looks good to me,
Reviewed-by: Hyeonggon Yoo <[email protected]>
> --
> 2.20.1
>
On Thu, Nov 2, 2023 at 12:25 PM <[email protected]> wrote:
>
> From: Chengming Zhou <[email protected]>
>
> Now we will freeze slabs when moving them out of node partial list to
> cpu partial list, this method needs two cmpxchg_double operations:
>
> 1. freeze slab (acquire_slab()) under the node list_lock
> 2. get_freelist() when pick used in ___slab_alloc()
>
> Actually we don't need to freeze when moving slabs out of node partial
> list, we can delay freezing to when use slab freelist in ___slab_alloc(),
> so we can save one cmpxchg_double().
>
> And there are other good points:
> - The moving of slabs between node partial list and cpu partial list
> becomes simpler, since we don't need to freeze or unfreeze at all.
>
> - The node list_lock contention would be less, since we don't need to
> freeze any slab under the node list_lock.
>
> We can achieve this because there is no concurrent path would manipulate
> the partial slab list except the __slab_free() path, which is now
> serialized by slab_test_node_partial() under the list_lock.
>
> Since the slab returned by get_partial() interfaces is not frozen anymore
> and no freelist is returned in the partial_context, so we need to use the
> introduced freeze_slab() to freeze it and get its freelist.
>
> Similarly, the slabs on the CPU partial list are not frozen anymore,
> we need to freeze_slab() on it before use.
>
> We can now delete acquire_slab() as it became unused.
>
> Signed-off-by: Chengming Zhou <[email protected]>
> Reviewed-by: Vlastimil Babka <[email protected]>
> Tested-by: Hyeonggon Yoo <[email protected]>
> ---
> mm/slub.c | 113 +++++++++++-------------------------------------------
> 1 file changed, 23 insertions(+), 90 deletions(-)
>
> diff --git a/mm/slub.c b/mm/slub.c
> index edf567971679..bcb5b2c4e213 100644
> --- a/mm/slub.c
> +++ b/mm/slub.c
> @@ -2234,51 +2234,6 @@ static void *alloc_single_from_new_slab(struct kmem_cache *s,
> return object;
> }
>
> -/*
> - * Remove slab from the partial list, freeze it and
> - * return the pointer to the freelist.
> - *
> - * Returns a list of objects or NULL if it fails.
> - */
> -static inline void *acquire_slab(struct kmem_cache *s,
> - struct kmem_cache_node *n, struct slab *slab,
> - int mode)
Nit: alloc_single_from_partial()'s comment still refers to acquire_slab().
> -{
> - void *freelist;
> - unsigned long counters;
> - struct slab new;
> -
> - lockdep_assert_held(&n->list_lock);
> -
> - /*
> - * Zap the freelist and set the frozen bit.
> - * The old freelist is the list of objects for the
> - * per cpu allocation list.
> - */
> - freelist = slab->freelist;
> - counters = slab->counters;
> - new.counters = counters;
> - if (mode) {
> - new.inuse = slab->objects;
> - new.freelist = NULL;
> - } else {
> - new.freelist = freelist;
> - }
> -
> - VM_BUG_ON(new.frozen);
> - new.frozen = 1;
> -
> - if (!__slab_update_freelist(s, slab,
> - freelist, counters,
> - new.freelist, new.counters,
> - "acquire_slab"))
> - return NULL;
> -
> - remove_partial(n, slab);
> - WARN_ON(!freelist);
> - return freelist;
> -}
> -
> #ifdef CONFIG_SLUB_CPU_PARTIAL
> static void put_cpu_partial(struct kmem_cache *s, struct slab *slab, int drain);
> #else
> @@ -2295,7 +2250,6 @@ static struct slab *get_partial_node(struct kmem_cache *s,
> struct partial_context *pc)
> {
> struct slab *slab, *slab2, *partial = NULL;
> - void *object = NULL;
> unsigned long flags;
> unsigned int partial_slabs = 0;
>
> @@ -2314,7 +2268,7 @@ static struct slab *get_partial_node(struct kmem_cache *s,
> continue;
>
> if (IS_ENABLED(CONFIG_SLUB_TINY) || kmem_cache_debug(s)) {
> - object = alloc_single_from_partial(s, n, slab,
> + void *object = alloc_single_from_partial(s, n, slab,
> pc->orig_size);
> if (object) {
> partial = slab;
> @@ -2324,13 +2278,10 @@ static struct slab *get_partial_node(struct kmem_cache *s,
> continue;
> }
>
> - object = acquire_slab(s, n, slab, object == NULL);
> - if (!object)
> - break;
> + remove_partial(n, slab);
>
> if (!partial) {
> partial = slab;
> - pc->object = object;
> stat(s, ALLOC_FROM_PARTIAL);
> } else {
> put_cpu_partial(s, slab, 0);
> @@ -2629,9 +2580,6 @@ static void __unfreeze_partials(struct kmem_cache *s, struct slab *partial_slab)
> unsigned long flags = 0;
>
> while (partial_slab) {
> - struct slab new;
> - struct slab old;
> -
> slab = partial_slab;
> partial_slab = slab->next;
>
> @@ -2644,23 +2592,7 @@ static void __unfreeze_partials(struct kmem_cache *s, struct slab *partial_slab)
> spin_lock_irqsave(&n->list_lock, flags);
> }
>
> - do {
> -
> - old.freelist = slab->freelist;
> - old.counters = slab->counters;
> - VM_BUG_ON(!old.frozen);
> -
> - new.counters = old.counters;
> - new.freelist = old.freelist;
> -
> - new.frozen = 0;
> -
> - } while (!__slab_update_freelist(s, slab,
> - old.freelist, old.counters,
> - new.freelist, new.counters,
> - "unfreezing slab"));
> -
> - if (unlikely(!new.inuse && n->nr_partial >= s->min_partial)) {
> + if (unlikely(!slab->inuse && n->nr_partial >= s->min_partial)) {
> slab->next = slab_to_discard;
> slab_to_discard = slab;
> } else {
> @@ -3167,7 +3099,6 @@ static void *___slab_alloc(struct kmem_cache *s, gfp_t gfpflags, int node,
> node = NUMA_NO_NODE;
> goto new_slab;
> }
> -redo:
>
> if (unlikely(!node_match(slab, node))) {
> /*
> @@ -3243,7 +3174,8 @@ static void *___slab_alloc(struct kmem_cache *s, gfp_t gfpflags, int node,
>
> new_slab:
>
> - if (slub_percpu_partial(c)) {
> +#ifdef CONFIG_SLUB_CPU_PARTIAL
> + while (slub_percpu_partial(c)) {
> local_lock_irqsave(&s->cpu_slab->lock, flags);
> if (unlikely(c->slab)) {
> local_unlock_irqrestore(&s->cpu_slab->lock, flags);
> @@ -3255,12 +3187,22 @@ static void *___slab_alloc(struct kmem_cache *s, gfp_t gfpflags, int node,
> goto new_objects;
> }
>
> - slab = c->slab = slub_percpu_partial(c);
> + slab = slub_percpu_partial(c);
> slub_set_percpu_partial(c, slab);
> local_unlock_irqrestore(&s->cpu_slab->lock, flags);
> stat(s, CPU_PARTIAL_ALLOC);
> - goto redo;
> +
> + if (unlikely(!node_match(slab, node) ||
> + !pfmemalloc_match(slab, gfpflags))) {
> + slab->next = NULL;
> + __unfreeze_partials(s, slab);
> + continue;
> + }
> +
> + freelist = freeze_slab(s, slab);
> + goto retry_load_slab;
> }
> +#endif
>
> new_objects:
>
> @@ -3268,8 +3210,8 @@ static void *___slab_alloc(struct kmem_cache *s, gfp_t gfpflags, int node,
> pc.orig_size = orig_size;
> slab = get_partial(s, node, &pc);
> if (slab) {
> - freelist = pc.object;
> if (kmem_cache_debug(s)) {
> + freelist = pc.object;
> /*
> * For debug caches here we had to go through
> * alloc_single_from_partial() so just store the
> @@ -3281,6 +3223,7 @@ static void *___slab_alloc(struct kmem_cache *s, gfp_t gfpflags, int node,
> return freelist;
> }
>
> + freelist = freeze_slab(s, slab);
> goto retry_load_slab;
> }
>
> @@ -3682,18 +3625,8 @@ static void __slab_free(struct kmem_cache *s, struct slab *slab,
> was_frozen = new.frozen;
> new.inuse -= cnt;
> if ((!new.inuse || !prior) && !was_frozen) {
> -
> - if (kmem_cache_has_cpu_partial(s) && !prior) {
> -
> - /*
> - * Slab was on no list before and will be
> - * partially empty
> - * We can defer the list move and instead
> - * freeze it.
> - */
> - new.frozen = 1;
> -
> - } else { /* Needs to be taken off a list */
> + /* Needs to be taken off a list */
> + if (!kmem_cache_has_cpu_partial(s) || prior) {
>
> n = get_node(s, slab_nid(slab));
> /*
> @@ -3723,9 +3656,9 @@ static void __slab_free(struct kmem_cache *s, struct slab *slab,
> * activity can be necessary.
> */
> stat(s, FREE_FROZEN);
> - } else if (new.frozen) {
> + } else if (kmem_cache_has_cpu_partial(s) && !prior) {
> /*
> - * If we just froze the slab then put it onto the
> + * If we started with a full slab then put it onto the
> * per cpu partial list.
> */
> put_cpu_partial(s, slab, 1);
> --
Looks good to me,
Reviewed-by: Hyeonggon Yoo <[email protected]>
Thanks!
> 2.20.1
>
On Thu, Nov 2, 2023 at 12:25 PM <[email protected]> wrote:
>
> From: Chengming Zhou <[email protected]>
>
> Since the introduce of unfrozen slabs on cpu partial list, we don't
> need to synchronize the slab frozen state under the node list_lock.
>
> The caller of deactivate_slab() and the caller of __slab_free() won't
> manipulate the slab list concurrently.
>
> So we can get node list_lock in the last stage if we really need to
> manipulate the slab list in this path.
>
> Signed-off-by: Chengming Zhou <[email protected]>
> Reviewed-by: Vlastimil Babka <[email protected]>
> Tested-by: Hyeonggon Yoo <[email protected]>
> ---
> mm/slub.c | 79 ++++++++++++++++++-------------------------------------
> 1 file changed, 26 insertions(+), 53 deletions(-)
>
> diff --git a/mm/slub.c b/mm/slub.c
> index bcb5b2c4e213..d137468fe4b9 100644
> --- a/mm/slub.c
> +++ b/mm/slub.c
> @@ -2468,10 +2468,8 @@ static void init_kmem_cache_cpus(struct kmem_cache *s)
> static void deactivate_slab(struct kmem_cache *s, struct slab *slab,
> void *freelist)
> {
> - enum slab_modes { M_NONE, M_PARTIAL, M_FREE, M_FULL_NOLIST };
> struct kmem_cache_node *n = get_node(s, slab_nid(slab));
> int free_delta = 0;
> - enum slab_modes mode = M_NONE;
> void *nextfree, *freelist_iter, *freelist_tail;
> int tail = DEACTIVATE_TO_HEAD;
> unsigned long flags = 0;
> @@ -2509,65 +2507,40 @@ static void deactivate_slab(struct kmem_cache *s, struct slab *slab,
> /*
> * Stage two: Unfreeze the slab while splicing the per-cpu
> * freelist to the head of slab's freelist.
> - *
> - * Ensure that the slab is unfrozen while the list presence
> - * reflects the actual number of objects during unfreeze.
> - *
> - * We first perform cmpxchg holding lock and insert to list
> - * when it succeed. If there is mismatch then the slab is not
> - * unfrozen and number of objects in the slab may have changed.
> - * Then release lock and retry cmpxchg again.
> */
> -redo:
> -
> - old.freelist = READ_ONCE(slab->freelist);
> - old.counters = READ_ONCE(slab->counters);
> - VM_BUG_ON(!old.frozen);
> -
> - /* Determine target state of the slab */
> - new.counters = old.counters;
> - if (freelist_tail) {
> - new.inuse -= free_delta;
> - set_freepointer(s, freelist_tail, old.freelist);
> - new.freelist = freelist;
> - } else
> - new.freelist = old.freelist;
> -
> - new.frozen = 0;
> + do {
> + old.freelist = READ_ONCE(slab->freelist);
> + old.counters = READ_ONCE(slab->counters);
> + VM_BUG_ON(!old.frozen);
> +
> + /* Determine target state of the slab */
> + new.counters = old.counters;
> + new.frozen = 0;
> + if (freelist_tail) {
> + new.inuse -= free_delta;
> + set_freepointer(s, freelist_tail, old.freelist);
> + new.freelist = freelist;
> + } else {
> + new.freelist = old.freelist;
> + }
> + } while (!slab_update_freelist(s, slab,
> + old.freelist, old.counters,
> + new.freelist, new.counters,
> + "unfreezing slab"));
>
> + /*
> + * Stage three: Manipulate the slab list based on the updated state.
> + */
deactivate_slab() might unconsciously put empty slabs into partial list, like:
deactivate_slab() __slab_free()
cmpxchg(), slab's not empty
cmpxchg(), slab's empty
and unfrozen
spin_lock(&n->list_lock)
(slab's empty but not
on partial list,
spin_unlock(&n->list_lock) and return)
spin_lock(&n->list_lock)
put slab into partial list
spin_unlock(&n->list_lock)
IMHO it should be fine in the real world, but just wanted to
mention as it doesn't seem to be intentional.
Otherwise it looks good to me!
> if (!new.inuse && n->nr_partial >= s->min_partial) {
> - mode = M_FREE;
> + stat(s, DEACTIVATE_EMPTY);
> + discard_slab(s, slab);
> + stat(s, FREE_SLAB);
> } else if (new.freelist) {
> - mode = M_PARTIAL;
> - /*
> - * Taking the spinlock removes the possibility that
> - * acquire_slab() will see a slab that is frozen
> - */
> spin_lock_irqsave(&n->list_lock, flags);
> - } else {
> - mode = M_FULL_NOLIST;
> - }
> -
> -
> - if (!slab_update_freelist(s, slab,
> - old.freelist, old.counters,
> - new.freelist, new.counters,
> - "unfreezing slab")) {
> - if (mode == M_PARTIAL)
> - spin_unlock_irqrestore(&n->list_lock, flags);
> - goto redo;
> - }
> -
> -
> - if (mode == M_PARTIAL) {
> add_partial(n, slab, tail);
> spin_unlock_irqrestore(&n->list_lock, flags);
> stat(s, tail);
> - } else if (mode == M_FREE) {
> - stat(s, DEACTIVATE_EMPTY);
> - discard_slab(s, slab);
> - stat(s, FREE_SLAB);
> - } else if (mode == M_FULL_NOLIST) {
> + } else {
> stat(s, DEACTIVATE_FULL);
> }
> }
> --
> 2.20.1
>
On Thu, Nov 2, 2023 at 12:25 PM <[email protected]> wrote:
>
> From: Chengming Zhou <[email protected]>
>
> Since all partial slabs on the CPU partial list are not frozen anymore,
> we don't unfreeze when moving cpu partial slabs to node partial list,
> it's better to rename these functions.
>
> Signed-off-by: Chengming Zhou <[email protected]>
> Reviewed-by: Vlastimil Babka <[email protected]>
> Tested-by: Hyeonggon Yoo <[email protected]>
> ---
> mm/slub.c | 34 +++++++++++++++++-----------------
> 1 file changed, 17 insertions(+), 17 deletions(-)
>
> diff --git a/mm/slub.c b/mm/slub.c
> index d137468fe4b9..c20bdf5dab0f 100644
> --- a/mm/slub.c
> +++ b/mm/slub.c
> @@ -2546,7 +2546,7 @@ static void deactivate_slab(struct kmem_cache *s, struct slab *slab,
> }
>
> #ifdef CONFIG_SLUB_CPU_PARTIAL
> -static void __unfreeze_partials(struct kmem_cache *s, struct slab *partial_slab)
> +static void __put_partials(struct kmem_cache *s, struct slab *partial_slab)
> {
> struct kmem_cache_node *n = NULL, *n2 = NULL;
> struct slab *slab, *slab_to_discard = NULL;
> @@ -2588,9 +2588,9 @@ static void __unfreeze_partials(struct kmem_cache *s, struct slab *partial_slab)
> }
>
> /*
> - * Unfreeze all the cpu partial slabs.
> + * Put all the cpu partial slabs to the node partial list.
> */
> -static void unfreeze_partials(struct kmem_cache *s)
> +static void put_partials(struct kmem_cache *s)
> {
> struct slab *partial_slab;
> unsigned long flags;
> @@ -2601,11 +2601,11 @@ static void unfreeze_partials(struct kmem_cache *s)
> local_unlock_irqrestore(&s->cpu_slab->lock, flags);
>
> if (partial_slab)
> - __unfreeze_partials(s, partial_slab);
> + __put_partials(s, partial_slab);
> }
>
> -static void unfreeze_partials_cpu(struct kmem_cache *s,
> - struct kmem_cache_cpu *c)
> +static void put_partials_cpu(struct kmem_cache *s,
> + struct kmem_cache_cpu *c)
> {
> struct slab *partial_slab;
>
> @@ -2613,7 +2613,7 @@ static void unfreeze_partials_cpu(struct kmem_cache *s,
> c->partial = NULL;
>
> if (partial_slab)
> - __unfreeze_partials(s, partial_slab);
> + __put_partials(s, partial_slab);
> }
>
> /*
> @@ -2626,7 +2626,7 @@ static void unfreeze_partials_cpu(struct kmem_cache *s,
> static void put_cpu_partial(struct kmem_cache *s, struct slab *slab, int drain)
> {
> struct slab *oldslab;
> - struct slab *slab_to_unfreeze = NULL;
> + struct slab *slab_to_put = NULL;
> unsigned long flags;
> int slabs = 0;
>
> @@ -2641,7 +2641,7 @@ static void put_cpu_partial(struct kmem_cache *s, struct slab *slab, int drain)
> * per node partial list. Postpone the actual unfreezing
> * outside of the critical section.
> */
> - slab_to_unfreeze = oldslab;
> + slab_to_put = oldslab;
> oldslab = NULL;
> } else {
> slabs = oldslab->slabs;
> @@ -2657,17 +2657,17 @@ static void put_cpu_partial(struct kmem_cache *s, struct slab *slab, int drain)
>
> local_unlock_irqrestore(&s->cpu_slab->lock, flags);
>
> - if (slab_to_unfreeze) {
> - __unfreeze_partials(s, slab_to_unfreeze);
> + if (slab_to_put) {
> + __put_partials(s, slab_to_put);
> stat(s, CPU_PARTIAL_DRAIN);
> }
> }
>
> #else /* CONFIG_SLUB_CPU_PARTIAL */
>
> -static inline void unfreeze_partials(struct kmem_cache *s) { }
> -static inline void unfreeze_partials_cpu(struct kmem_cache *s,
> - struct kmem_cache_cpu *c) { }
> +static inline void put_partials(struct kmem_cache *s) { }
> +static inline void put_partials_cpu(struct kmem_cache *s,
> + struct kmem_cache_cpu *c) { }
>
> #endif /* CONFIG_SLUB_CPU_PARTIAL */
>
> @@ -2709,7 +2709,7 @@ static inline void __flush_cpu_slab(struct kmem_cache *s, int cpu)
> stat(s, CPUSLAB_FLUSH);
> }
>
> - unfreeze_partials_cpu(s, c);
> + put_partials_cpu(s, c);
> }
>
> struct slub_flush_work {
> @@ -2737,7 +2737,7 @@ static void flush_cpu_slab(struct work_struct *w)
> if (c->slab)
> flush_slab(s, c);
>
> - unfreeze_partials(s);
> + put_partials(s);
> }
>
> static bool has_cpu_slab(int cpu, struct kmem_cache *s)
> @@ -3168,7 +3168,7 @@ static void *___slab_alloc(struct kmem_cache *s, gfp_t gfpflags, int node,
> if (unlikely(!node_match(slab, node) ||
> !pfmemalloc_match(slab, gfpflags))) {
> slab->next = NULL;
> - __unfreeze_partials(s, slab);
> + __put_partials(s, slab);
> continue;
> }
>
> --
Looks good to me,
Reviewed-by: Hyeonggon Yoo <[email protected]>
Thanks!
> 2.20.1
>
On Thu, Nov 2, 2023 at 12:25 PM <[email protected]> wrote:
>
> From: Chengming Zhou <[email protected]>
>
> The current updated scheme (which this series implemented) is:
> - node partial slabs: PG_Workingset && !frozen
> - cpu partial slabs: !PG_Workingset && !frozen
> - cpu slabs: !PG_Workingset && frozen
> - full slabs: !PG_Workingset && !frozen
>
> The most important change is that "frozen" bit is not set for the
> cpu partial slabs anymore, __slab_free() will grab node list_lock
> then check by !PG_Workingset that it's not on a node partial list.
>
> And the "frozen" bit is still kept for the cpu slabs for performance,
> since we don't need to grab node list_lock to check whether the
> PG_Workingset is set or not if the "frozen" bit is set in __slab_free().
>
> Update related documentations and comments in the source.
>
> Signed-off-by: Chengming Zhou <[email protected]>
> Tested-by: Hyeonggon Yoo <[email protected]>
> ---
> mm/slub.c | 16 ++++++++++++----
> 1 file changed, 12 insertions(+), 4 deletions(-)
>
> diff --git a/mm/slub.c b/mm/slub.c
> index c20bdf5dab0f..a307d319e82c 100644
> --- a/mm/slub.c
> +++ b/mm/slub.c
> @@ -76,13 +76,22 @@
> *
> * Frozen slabs
> *
> - * If a slab is frozen then it is exempt from list management. It is not
> - * on any list except per cpu partial list. The processor that froze the
> + * If a slab is frozen then it is exempt from list management. It is
> + * the cpu slab which is actively allocated from by the processor that
> + * froze it and it is not on any list. The processor that froze the
> * slab is the one who can perform list operations on the slab. Other
> * processors may put objects onto the freelist but the processor that
> * froze the slab is the only one that can retrieve the objects from the
> * slab's freelist.
> *
> + * CPU partial slabs
> + *
> + * The partially empty slabs cached on the CPU partial list are used
> + * for performance reasons, which speeds up the allocation process.
> + * These slabs are not frozen, but are also exempt from list management,
> + * by clearing the PG_workingset flag when moving out of the node
> + * partial list. Please see __slab_free() for more details.
> + *
> * list_lock
> *
> * The list_lock protects the partial and full list on each node and
> @@ -2617,8 +2626,7 @@ static void put_partials_cpu(struct kmem_cache *s,
> }
>
> /*
> - * Put a slab that was just frozen (in __slab_free|get_partial_node) into a
> - * partial slab slot if available.
> + * Put a slab into a partial slab slot if available.
> *
> * If we did not find a slot then simply move all the partials to the
> * per node partial list.
> --
Looks good to me,
Reviewed-by: Hyeonggon Yoo <[email protected]>
Thanks!
> 2.20.1
>
On 2023/12/3 14:53, Hyeonggon Yoo wrote:
> On Thu, Nov 2, 2023 at 12:25 PM <[email protected]> wrote:
>>
>> From: Chengming Zhou <[email protected]>
>>
>> Now we will freeze slabs when moving them out of node partial list to
>> cpu partial list, this method needs two cmpxchg_double operations:
>>
>> 1. freeze slab (acquire_slab()) under the node list_lock
>> 2. get_freelist() when pick used in ___slab_alloc()
>>
>> Actually we don't need to freeze when moving slabs out of node partial
>> list, we can delay freezing to when use slab freelist in ___slab_alloc(),
>> so we can save one cmpxchg_double().
>>
>> And there are other good points:
>> - The moving of slabs between node partial list and cpu partial list
>> becomes simpler, since we don't need to freeze or unfreeze at all.
>>
>> - The node list_lock contention would be less, since we don't need to
>> freeze any slab under the node list_lock.
>>
>> We can achieve this because there is no concurrent path would manipulate
>> the partial slab list except the __slab_free() path, which is now
>> serialized by slab_test_node_partial() under the list_lock.
>>
>> Since the slab returned by get_partial() interfaces is not frozen anymore
>> and no freelist is returned in the partial_context, so we need to use the
>> introduced freeze_slab() to freeze it and get its freelist.
>>
>> Similarly, the slabs on the CPU partial list are not frozen anymore,
>> we need to freeze_slab() on it before use.
>>
>> We can now delete acquire_slab() as it became unused.
>>
>> Signed-off-by: Chengming Zhou <[email protected]>
>> Reviewed-by: Vlastimil Babka <[email protected]>
>> Tested-by: Hyeonggon Yoo <[email protected]>
>> ---
>> mm/slub.c | 113 +++++++++++-------------------------------------------
>> 1 file changed, 23 insertions(+), 90 deletions(-)
>>
>> diff --git a/mm/slub.c b/mm/slub.c
>> index edf567971679..bcb5b2c4e213 100644
>> --- a/mm/slub.c
>> +++ b/mm/slub.c
>> @@ -2234,51 +2234,6 @@ static void *alloc_single_from_new_slab(struct kmem_cache *s,
>> return object;
>> }
>>
>> -/*
>> - * Remove slab from the partial list, freeze it and
>> - * return the pointer to the freelist.
>> - *
>> - * Returns a list of objects or NULL if it fails.
>> - */
>> -static inline void *acquire_slab(struct kmem_cache *s,
>> - struct kmem_cache_node *n, struct slab *slab,
>> - int mode)
>
> Nit: alloc_single_from_partial()'s comment still refers to acquire_slab().
>
Ah, right! It should be changed to remove_partial().
diff --git a/mm/slub.c b/mm/slub.c
index 437485a2408d..623c17a4cdd6 100644
--- a/mm/slub.c
+++ b/mm/slub.c
@@ -2463,7 +2463,7 @@ static inline void remove_partial(struct kmem_cache_node *n,
}
/*
- * Called only for kmem_cache_debug() caches instead of acquire_slab(), with a
+ * Called only for kmem_cache_debug() caches instead of remove_partial(), with a
* slab from the n->partial list. Remove only a single object from the slab, do
* the alloc_debug_processing() checks and leave the slab on the list, or move
* it to full list if it was the last free object.
Hi Vlastimil, could you please help to fold it?
Thanks!
>> -{
>> - void *freelist;
>> - unsigned long counters;
>> - struct slab new;
>> -
>> - lockdep_assert_held(&n->list_lock);
>> -
>> - /*
>> - * Zap the freelist and set the frozen bit.
>> - * The old freelist is the list of objects for the
>> - * per cpu allocation list.
>> - */
>> - freelist = slab->freelist;
>> - counters = slab->counters;
>> - new.counters = counters;
>> - if (mode) {
>> - new.inuse = slab->objects;
>> - new.freelist = NULL;
>> - } else {
>> - new.freelist = freelist;
>> - }
>> -
>> - VM_BUG_ON(new.frozen);
>> - new.frozen = 1;
>> -
>> - if (!__slab_update_freelist(s, slab,
>> - freelist, counters,
>> - new.freelist, new.counters,
>> - "acquire_slab"))
>> - return NULL;
>> -
>> - remove_partial(n, slab);
>> - WARN_ON(!freelist);
>> - return freelist;
>> -}
>> -
>> #ifdef CONFIG_SLUB_CPU_PARTIAL
>> static void put_cpu_partial(struct kmem_cache *s, struct slab *slab, int drain);
>> #else
>> @@ -2295,7 +2250,6 @@ static struct slab *get_partial_node(struct kmem_cache *s,
>> struct partial_context *pc)
>> {
>> struct slab *slab, *slab2, *partial = NULL;
>> - void *object = NULL;
>> unsigned long flags;
>> unsigned int partial_slabs = 0;
>>
>> @@ -2314,7 +2268,7 @@ static struct slab *get_partial_node(struct kmem_cache *s,
>> continue;
>>
>> if (IS_ENABLED(CONFIG_SLUB_TINY) || kmem_cache_debug(s)) {
>> - object = alloc_single_from_partial(s, n, slab,
>> + void *object = alloc_single_from_partial(s, n, slab,
>> pc->orig_size);
>> if (object) {
>> partial = slab;
>> @@ -2324,13 +2278,10 @@ static struct slab *get_partial_node(struct kmem_cache *s,
>> continue;
>> }
>>
>> - object = acquire_slab(s, n, slab, object == NULL);
>> - if (!object)
>> - break;
>> + remove_partial(n, slab);
>>
>> if (!partial) {
>> partial = slab;
>> - pc->object = object;
>> stat(s, ALLOC_FROM_PARTIAL);
>> } else {
>> put_cpu_partial(s, slab, 0);
>> @@ -2629,9 +2580,6 @@ static void __unfreeze_partials(struct kmem_cache *s, struct slab *partial_slab)
>> unsigned long flags = 0;
>>
>> while (partial_slab) {
>> - struct slab new;
>> - struct slab old;
>> -
>> slab = partial_slab;
>> partial_slab = slab->next;
>>
>> @@ -2644,23 +2592,7 @@ static void __unfreeze_partials(struct kmem_cache *s, struct slab *partial_slab)
>> spin_lock_irqsave(&n->list_lock, flags);
>> }
>>
>> - do {
>> -
>> - old.freelist = slab->freelist;
>> - old.counters = slab->counters;
>> - VM_BUG_ON(!old.frozen);
>> -
>> - new.counters = old.counters;
>> - new.freelist = old.freelist;
>> -
>> - new.frozen = 0;
>> -
>> - } while (!__slab_update_freelist(s, slab,
>> - old.freelist, old.counters,
>> - new.freelist, new.counters,
>> - "unfreezing slab"));
>> -
>> - if (unlikely(!new.inuse && n->nr_partial >= s->min_partial)) {
>> + if (unlikely(!slab->inuse && n->nr_partial >= s->min_partial)) {
>> slab->next = slab_to_discard;
>> slab_to_discard = slab;
>> } else {
>> @@ -3167,7 +3099,6 @@ static void *___slab_alloc(struct kmem_cache *s, gfp_t gfpflags, int node,
>> node = NUMA_NO_NODE;
>> goto new_slab;
>> }
>> -redo:
>>
>> if (unlikely(!node_match(slab, node))) {
>> /*
>> @@ -3243,7 +3174,8 @@ static void *___slab_alloc(struct kmem_cache *s, gfp_t gfpflags, int node,
>>
>> new_slab:
>>
>> - if (slub_percpu_partial(c)) {
>> +#ifdef CONFIG_SLUB_CPU_PARTIAL
>> + while (slub_percpu_partial(c)) {
>> local_lock_irqsave(&s->cpu_slab->lock, flags);
>> if (unlikely(c->slab)) {
>> local_unlock_irqrestore(&s->cpu_slab->lock, flags);
>> @@ -3255,12 +3187,22 @@ static void *___slab_alloc(struct kmem_cache *s, gfp_t gfpflags, int node,
>> goto new_objects;
>> }
>>
>> - slab = c->slab = slub_percpu_partial(c);
>> + slab = slub_percpu_partial(c);
>> slub_set_percpu_partial(c, slab);
>> local_unlock_irqrestore(&s->cpu_slab->lock, flags);
>> stat(s, CPU_PARTIAL_ALLOC);
>> - goto redo;
>> +
>> + if (unlikely(!node_match(slab, node) ||
>> + !pfmemalloc_match(slab, gfpflags))) {
>> + slab->next = NULL;
>> + __unfreeze_partials(s, slab);
>> + continue;
>> + }
>> +
>> + freelist = freeze_slab(s, slab);
>> + goto retry_load_slab;
>> }
>> +#endif
>>
>> new_objects:
>>
>> @@ -3268,8 +3210,8 @@ static void *___slab_alloc(struct kmem_cache *s, gfp_t gfpflags, int node,
>> pc.orig_size = orig_size;
>> slab = get_partial(s, node, &pc);
>> if (slab) {
>> - freelist = pc.object;
>> if (kmem_cache_debug(s)) {
>> + freelist = pc.object;
>> /*
>> * For debug caches here we had to go through
>> * alloc_single_from_partial() so just store the
>> @@ -3281,6 +3223,7 @@ static void *___slab_alloc(struct kmem_cache *s, gfp_t gfpflags, int node,
>> return freelist;
>> }
>>
>> + freelist = freeze_slab(s, slab);
>> goto retry_load_slab;
>> }
>>
>> @@ -3682,18 +3625,8 @@ static void __slab_free(struct kmem_cache *s, struct slab *slab,
>> was_frozen = new.frozen;
>> new.inuse -= cnt;
>> if ((!new.inuse || !prior) && !was_frozen) {
>> -
>> - if (kmem_cache_has_cpu_partial(s) && !prior) {
>> -
>> - /*
>> - * Slab was on no list before and will be
>> - * partially empty
>> - * We can defer the list move and instead
>> - * freeze it.
>> - */
>> - new.frozen = 1;
>> -
>> - } else { /* Needs to be taken off a list */
>> + /* Needs to be taken off a list */
>> + if (!kmem_cache_has_cpu_partial(s) || prior) {
>>
>> n = get_node(s, slab_nid(slab));
>> /*
>> @@ -3723,9 +3656,9 @@ static void __slab_free(struct kmem_cache *s, struct slab *slab,
>> * activity can be necessary.
>> */
>> stat(s, FREE_FROZEN);
>> - } else if (new.frozen) {
>> + } else if (kmem_cache_has_cpu_partial(s) && !prior) {
>> /*
>> - * If we just froze the slab then put it onto the
>> + * If we started with a full slab then put it onto the
>> * per cpu partial list.
>> */
>> put_cpu_partial(s, slab, 1);
>> --
>
> Looks good to me,
> Reviewed-by: Hyeonggon Yoo <[email protected]>
>
> Thanks!
>
>> 2.20.1
>>
On 2023/12/3 17:23, Hyeonggon Yoo wrote:
> On Thu, Nov 2, 2023 at 12:25 PM <[email protected]> wrote:
>>
>> From: Chengming Zhou <[email protected]>
>>
>> Since the introduce of unfrozen slabs on cpu partial list, we don't
>> need to synchronize the slab frozen state under the node list_lock.
>>
>> The caller of deactivate_slab() and the caller of __slab_free() won't
>> manipulate the slab list concurrently.
>>
>> So we can get node list_lock in the last stage if we really need to
>> manipulate the slab list in this path.
>>
>> Signed-off-by: Chengming Zhou <[email protected]>
>> Reviewed-by: Vlastimil Babka <[email protected]>
>> Tested-by: Hyeonggon Yoo <[email protected]>
>> ---
>> mm/slub.c | 79 ++++++++++++++++++-------------------------------------
>> 1 file changed, 26 insertions(+), 53 deletions(-)
>>
>> diff --git a/mm/slub.c b/mm/slub.c
>> index bcb5b2c4e213..d137468fe4b9 100644
>> --- a/mm/slub.c
>> +++ b/mm/slub.c
>> @@ -2468,10 +2468,8 @@ static void init_kmem_cache_cpus(struct kmem_cache *s)
>> static void deactivate_slab(struct kmem_cache *s, struct slab *slab,
>> void *freelist)
>> {
>> - enum slab_modes { M_NONE, M_PARTIAL, M_FREE, M_FULL_NOLIST };
>> struct kmem_cache_node *n = get_node(s, slab_nid(slab));
>> int free_delta = 0;
>> - enum slab_modes mode = M_NONE;
>> void *nextfree, *freelist_iter, *freelist_tail;
>> int tail = DEACTIVATE_TO_HEAD;
>> unsigned long flags = 0;
>> @@ -2509,65 +2507,40 @@ static void deactivate_slab(struct kmem_cache *s, struct slab *slab,
>> /*
>> * Stage two: Unfreeze the slab while splicing the per-cpu
>> * freelist to the head of slab's freelist.
>> - *
>> - * Ensure that the slab is unfrozen while the list presence
>> - * reflects the actual number of objects during unfreeze.
>> - *
>> - * We first perform cmpxchg holding lock and insert to list
>> - * when it succeed. If there is mismatch then the slab is not
>> - * unfrozen and number of objects in the slab may have changed.
>> - * Then release lock and retry cmpxchg again.
>> */
>> -redo:
>> -
>> - old.freelist = READ_ONCE(slab->freelist);
>> - old.counters = READ_ONCE(slab->counters);
>> - VM_BUG_ON(!old.frozen);
>> -
>> - /* Determine target state of the slab */
>> - new.counters = old.counters;
>> - if (freelist_tail) {
>> - new.inuse -= free_delta;
>> - set_freepointer(s, freelist_tail, old.freelist);
>> - new.freelist = freelist;
>> - } else
>> - new.freelist = old.freelist;
>> -
>> - new.frozen = 0;
>> + do {
>> + old.freelist = READ_ONCE(slab->freelist);
>> + old.counters = READ_ONCE(slab->counters);
>> + VM_BUG_ON(!old.frozen);
>> +
>> + /* Determine target state of the slab */
>> + new.counters = old.counters;
>> + new.frozen = 0;
>> + if (freelist_tail) {
>> + new.inuse -= free_delta;
>> + set_freepointer(s, freelist_tail, old.freelist);
>> + new.freelist = freelist;
>> + } else {
>> + new.freelist = old.freelist;
>> + }
>> + } while (!slab_update_freelist(s, slab,
>> + old.freelist, old.counters,
>> + new.freelist, new.counters,
>> + "unfreezing slab"));
>>
>> + /*
>> + * Stage three: Manipulate the slab list based on the updated state.
>> + */
>
> deactivate_slab() might unconsciously put empty slabs into partial list, like:
>
> deactivate_slab() __slab_free()
> cmpxchg(), slab's not empty
> cmpxchg(), slab's empty
> and unfrozen
Hi,
Sorry, but I don't get it here how __slab_free() can see the slab empty,
since the slab is not empty from deactivate_slab() path, and it can't be
used by any CPU at that time?
Thanks for review!
> spin_lock(&n->list_lock)
> (slab's empty but not
> on partial list,
>
> spin_unlock(&n->list_lock) and return)
> spin_lock(&n->list_lock)
> put slab into partial list
> spin_unlock(&n->list_lock)
>
> IMHO it should be fine in the real world, but just wanted to
> mention as it doesn't seem to be intentional.
>
> Otherwise it looks good to me!
>
>> if (!new.inuse && n->nr_partial >= s->min_partial) {
>> - mode = M_FREE;
>> + stat(s, DEACTIVATE_EMPTY);
>> + discard_slab(s, slab);
>> + stat(s, FREE_SLAB);
>> } else if (new.freelist) {
>> - mode = M_PARTIAL;
>> - /*
>> - * Taking the spinlock removes the possibility that
>> - * acquire_slab() will see a slab that is frozen
>> - */
>> spin_lock_irqsave(&n->list_lock, flags);
>> - } else {
>> - mode = M_FULL_NOLIST;
>> - }
>> -
>> -
>> - if (!slab_update_freelist(s, slab,
>> - old.freelist, old.counters,
>> - new.freelist, new.counters,
>> - "unfreezing slab")) {
>> - if (mode == M_PARTIAL)
>> - spin_unlock_irqrestore(&n->list_lock, flags);
>> - goto redo;
>> - }
>> -
>> -
>> - if (mode == M_PARTIAL) {
>> add_partial(n, slab, tail);
>> spin_unlock_irqrestore(&n->list_lock, flags);
>> stat(s, tail);
>> - } else if (mode == M_FREE) {
>> - stat(s, DEACTIVATE_EMPTY);
>> - discard_slab(s, slab);
>> - stat(s, FREE_SLAB);
>> - } else if (mode == M_FULL_NOLIST) {
>> + } else {
>> stat(s, DEACTIVATE_FULL);
>> }
>> }
>> --
>> 2.20.1
>>
On Sun, Dec 3, 2023 at 7:26 PM Chengming Zhou <[email protected]> wrote:
>
> On 2023/12/3 17:23, Hyeonggon Yoo wrote:
> > On Thu, Nov 2, 2023 at 12:25 PM <[email protected]> wrote:
> >>
> >> From: Chengming Zhou <[email protected]>
> >>
> >> Since the introduce of unfrozen slabs on cpu partial list, we don't
> >> need to synchronize the slab frozen state under the node list_lock.
> >>
> >> The caller of deactivate_slab() and the caller of __slab_free() won't
> >> manipulate the slab list concurrently.
> >>
> >> So we can get node list_lock in the last stage if we really need to
> >> manipulate the slab list in this path.
> >>
> >> Signed-off-by: Chengming Zhou <[email protected]>
> >> Reviewed-by: Vlastimil Babka <[email protected]>
> >> Tested-by: Hyeonggon Yoo <[email protected]>
> >> ---
> >> mm/slub.c | 79 ++++++++++++++++++-------------------------------------
> >> 1 file changed, 26 insertions(+), 53 deletions(-)
> >>
> >> diff --git a/mm/slub.c b/mm/slub.c
> >> index bcb5b2c4e213..d137468fe4b9 100644
> >> --- a/mm/slub.c
> >> +++ b/mm/slub.c
> >> @@ -2468,10 +2468,8 @@ static void init_kmem_cache_cpus(struct kmem_cache *s)
> >> static void deactivate_slab(struct kmem_cache *s, struct slab *slab,
> >> void *freelist)
> >> {
> >> - enum slab_modes { M_NONE, M_PARTIAL, M_FREE, M_FULL_NOLIST };
> >> struct kmem_cache_node *n = get_node(s, slab_nid(slab));
> >> int free_delta = 0;
> >> - enum slab_modes mode = M_NONE;
> >> void *nextfree, *freelist_iter, *freelist_tail;
> >> int tail = DEACTIVATE_TO_HEAD;
> >> unsigned long flags = 0;
> >> @@ -2509,65 +2507,40 @@ static void deactivate_slab(struct kmem_cache *s, struct slab *slab,
> >> /*
> >> * Stage two: Unfreeze the slab while splicing the per-cpu
> >> * freelist to the head of slab's freelist.
> >> - *
> >> - * Ensure that the slab is unfrozen while the list presence
> >> - * reflects the actual number of objects during unfreeze.
> >> - *
> >> - * We first perform cmpxchg holding lock and insert to list
> >> - * when it succeed. If there is mismatch then the slab is not
> >> - * unfrozen and number of objects in the slab may have changed.
> >> - * Then release lock and retry cmpxchg again.
> >> */
> >> -redo:
> >> -
> >> - old.freelist = READ_ONCE(slab->freelist);
> >> - old.counters = READ_ONCE(slab->counters);
> >> - VM_BUG_ON(!old.frozen);
> >> -
> >> - /* Determine target state of the slab */
> >> - new.counters = old.counters;
> >> - if (freelist_tail) {
> >> - new.inuse -= free_delta;
> >> - set_freepointer(s, freelist_tail, old.freelist);
> >> - new.freelist = freelist;
> >> - } else
> >> - new.freelist = old.freelist;
> >> -
> >> - new.frozen = 0;
> >> + do {
> >> + old.freelist = READ_ONCE(slab->freelist);
> >> + old.counters = READ_ONCE(slab->counters);
> >> + VM_BUG_ON(!old.frozen);
> >> +
> >> + /* Determine target state of the slab */
> >> + new.counters = old.counters;
> >> + new.frozen = 0;
> >> + if (freelist_tail) {
> >> + new.inuse -= free_delta;
> >> + set_freepointer(s, freelist_tail, old.freelist);
> >> + new.freelist = freelist;
> >> + } else {
> >> + new.freelist = old.freelist;
> >> + }
> >> + } while (!slab_update_freelist(s, slab,
> >> + old.freelist, old.counters,
> >> + new.freelist, new.counters,
> >> + "unfreezing slab"));
> >>
> >> + /*
> >> + * Stage three: Manipulate the slab list based on the updated state.
> >> + */
> >
> > deactivate_slab() might unconsciously put empty slabs into partial list, like:
> >
> > deactivate_slab() __slab_free()
> > cmpxchg(), slab's not empty
> > cmpxchg(), slab's empty
> > and unfrozen
>
> Hi,
>
> Sorry, but I don't get it here how __slab_free() can see the slab empty,
> since the slab is not empty from deactivate_slab() path, and it can't be
> used by any CPU at that time?
The scenario is CPU B previously allocated an object from slab X, but
put it into node partial list and then CPU A have taken slab X into cpu slab.
While slab X is CPU A's cpu slab, when CPU B frees an object from slab X,
it puts the object into slab X's freelist using cmpxchg.
Let's say in CPU A the deactivation path performs cmpxchg and X.inuse was 1,
and then CPU B frees (__slab_free()) to slab X's freelist using cmpxchg,
_before_ slab X's put into partial list by CPU A.
Then CPU A thinks it's not empty so put it into partial list, but by CPU B
the slab has become empty.
Maybe I am confused, in that case please tell me I'm wrong :)
Thanks!
--
Hyeonggon
On 2023/12/3 19:19, Hyeonggon Yoo wrote:
> On Sun, Dec 3, 2023 at 7:26 PM Chengming Zhou <[email protected]> wrote:
>>
>> On 2023/12/3 17:23, Hyeonggon Yoo wrote:
>>> On Thu, Nov 2, 2023 at 12:25 PM <[email protected]> wrote:
>>>>
>>>> From: Chengming Zhou <[email protected]>
>>>>
>>>> Since the introduce of unfrozen slabs on cpu partial list, we don't
>>>> need to synchronize the slab frozen state under the node list_lock.
>>>>
>>>> The caller of deactivate_slab() and the caller of __slab_free() won't
>>>> manipulate the slab list concurrently.
>>>>
>>>> So we can get node list_lock in the last stage if we really need to
>>>> manipulate the slab list in this path.
>>>>
>>>> Signed-off-by: Chengming Zhou <[email protected]>
>>>> Reviewed-by: Vlastimil Babka <[email protected]>
>>>> Tested-by: Hyeonggon Yoo <[email protected]>
>>>> ---
>>>> mm/slub.c | 79 ++++++++++++++++++-------------------------------------
>>>> 1 file changed, 26 insertions(+), 53 deletions(-)
>>>>
>>>> diff --git a/mm/slub.c b/mm/slub.c
>>>> index bcb5b2c4e213..d137468fe4b9 100644
>>>> --- a/mm/slub.c
>>>> +++ b/mm/slub.c
>>>> @@ -2468,10 +2468,8 @@ static void init_kmem_cache_cpus(struct kmem_cache *s)
>>>> static void deactivate_slab(struct kmem_cache *s, struct slab *slab,
>>>> void *freelist)
>>>> {
>>>> - enum slab_modes { M_NONE, M_PARTIAL, M_FREE, M_FULL_NOLIST };
>>>> struct kmem_cache_node *n = get_node(s, slab_nid(slab));
>>>> int free_delta = 0;
>>>> - enum slab_modes mode = M_NONE;
>>>> void *nextfree, *freelist_iter, *freelist_tail;
>>>> int tail = DEACTIVATE_TO_HEAD;
>>>> unsigned long flags = 0;
>>>> @@ -2509,65 +2507,40 @@ static void deactivate_slab(struct kmem_cache *s, struct slab *slab,
>>>> /*
>>>> * Stage two: Unfreeze the slab while splicing the per-cpu
>>>> * freelist to the head of slab's freelist.
>>>> - *
>>>> - * Ensure that the slab is unfrozen while the list presence
>>>> - * reflects the actual number of objects during unfreeze.
>>>> - *
>>>> - * We first perform cmpxchg holding lock and insert to list
>>>> - * when it succeed. If there is mismatch then the slab is not
>>>> - * unfrozen and number of objects in the slab may have changed.
>>>> - * Then release lock and retry cmpxchg again.
>>>> */
>>>> -redo:
>>>> -
>>>> - old.freelist = READ_ONCE(slab->freelist);
>>>> - old.counters = READ_ONCE(slab->counters);
>>>> - VM_BUG_ON(!old.frozen);
>>>> -
>>>> - /* Determine target state of the slab */
>>>> - new.counters = old.counters;
>>>> - if (freelist_tail) {
>>>> - new.inuse -= free_delta;
>>>> - set_freepointer(s, freelist_tail, old.freelist);
>>>> - new.freelist = freelist;
>>>> - } else
>>>> - new.freelist = old.freelist;
>>>> -
>>>> - new.frozen = 0;
>>>> + do {
>>>> + old.freelist = READ_ONCE(slab->freelist);
>>>> + old.counters = READ_ONCE(slab->counters);
>>>> + VM_BUG_ON(!old.frozen);
>>>> +
>>>> + /* Determine target state of the slab */
>>>> + new.counters = old.counters;
>>>> + new.frozen = 0;
>>>> + if (freelist_tail) {
>>>> + new.inuse -= free_delta;
>>>> + set_freepointer(s, freelist_tail, old.freelist);
>>>> + new.freelist = freelist;
>>>> + } else {
>>>> + new.freelist = old.freelist;
>>>> + }
>>>> + } while (!slab_update_freelist(s, slab,
>>>> + old.freelist, old.counters,
>>>> + new.freelist, new.counters,
>>>> + "unfreezing slab"));
>>>>
>>>> + /*
>>>> + * Stage three: Manipulate the slab list based on the updated state.
>>>> + */
>>>
>>> deactivate_slab() might unconsciously put empty slabs into partial list, like:
>>>
>>> deactivate_slab() __slab_free()
>>> cmpxchg(), slab's not empty
>>> cmpxchg(), slab's empty
>>> and unfrozen
>>
>> Hi,
>>
>> Sorry, but I don't get it here how __slab_free() can see the slab empty,
>> since the slab is not empty from deactivate_slab() path, and it can't be
>> used by any CPU at that time?
>
> The scenario is CPU B previously allocated an object from slab X, but
> put it into node partial list and then CPU A have taken slab X into cpu slab.
>
> While slab X is CPU A's cpu slab, when CPU B frees an object from slab X,
> it puts the object into slab X's freelist using cmpxchg.
>
> Let's say in CPU A the deactivation path performs cmpxchg and X.inuse was 1,
> and then CPU B frees (__slab_free()) to slab X's freelist using cmpxchg,
> _before_ slab X's put into partial list by CPU A.
>
> Then CPU A thinks it's not empty so put it into partial list, but by CPU B
> the slab has become empty.
>
> Maybe I am confused, in that case please tell me I'm wrong :)
>
Ah, you're right! I misunderstood the slab "empty" with "full". :)
Yes, in this case the "empty" slab would be put into the node partial list,
and it should be fine in the real world as you noted earlier.
Thanks!
On 12/3/23 11:15, Chengming Zhou wrote:
> On 2023/12/3 14:53, Hyeonggon Yoo wrote:
>> On Thu, Nov 2, 2023 at 12:25 PM <[email protected]> wrote:
>>>
>>> From: Chengming Zhou <[email protected]>
>>>
>>> Now we will freeze slabs when moving them out of node partial list to
>>> cpu partial list, this method needs two cmpxchg_double operations:
>>>
>>> 1. freeze slab (acquire_slab()) under the node list_lock
>>> 2. get_freelist() when pick used in ___slab_alloc()
>>>
>>> Actually we don't need to freeze when moving slabs out of node partial
>>> list, we can delay freezing to when use slab freelist in ___slab_alloc(),
>>> so we can save one cmpxchg_double().
>>>
>>> And there are other good points:
>>> - The moving of slabs between node partial list and cpu partial list
>>> becomes simpler, since we don't need to freeze or unfreeze at all.
>>>
>>> - The node list_lock contention would be less, since we don't need to
>>> freeze any slab under the node list_lock.
>>>
>>> We can achieve this because there is no concurrent path would manipulate
>>> the partial slab list except the __slab_free() path, which is now
>>> serialized by slab_test_node_partial() under the list_lock.
>>>
>>> Since the slab returned by get_partial() interfaces is not frozen anymore
>>> and no freelist is returned in the partial_context, so we need to use the
>>> introduced freeze_slab() to freeze it and get its freelist.
>>>
>>> Similarly, the slabs on the CPU partial list are not frozen anymore,
>>> we need to freeze_slab() on it before use.
>>>
>>> We can now delete acquire_slab() as it became unused.
>>>
>>> Signed-off-by: Chengming Zhou <[email protected]>
>>> Reviewed-by: Vlastimil Babka <[email protected]>
>>> Tested-by: Hyeonggon Yoo <[email protected]>
>>> ---
>>> mm/slub.c | 113 +++++++++++-------------------------------------------
>>> 1 file changed, 23 insertions(+), 90 deletions(-)
>>>
>>> diff --git a/mm/slub.c b/mm/slub.c
>>> index edf567971679..bcb5b2c4e213 100644
>>> --- a/mm/slub.c
>>> +++ b/mm/slub.c
>>> @@ -2234,51 +2234,6 @@ static void *alloc_single_from_new_slab(struct kmem_cache *s,
>>> return object;
>>> }
>>>
>>> -/*
>>> - * Remove slab from the partial list, freeze it and
>>> - * return the pointer to the freelist.
>>> - *
>>> - * Returns a list of objects or NULL if it fails.
>>> - */
>>> -static inline void *acquire_slab(struct kmem_cache *s,
>>> - struct kmem_cache_node *n, struct slab *slab,
>>> - int mode)
>>
>> Nit: alloc_single_from_partial()'s comment still refers to acquire_slab().
>>
>
> Ah, right! It should be changed to remove_partial().
>
> diff --git a/mm/slub.c b/mm/slub.c
> index 437485a2408d..623c17a4cdd6 100644
> --- a/mm/slub.c
> +++ b/mm/slub.c
> @@ -2463,7 +2463,7 @@ static inline void remove_partial(struct kmem_cache_node *n,
> }
>
> /*
> - * Called only for kmem_cache_debug() caches instead of acquire_slab(), with a
> + * Called only for kmem_cache_debug() caches instead of remove_partial(), with a
> * slab from the n->partial list. Remove only a single object from the slab, do
> * the alloc_debug_processing() checks and leave the slab on the list, or move
> * it to full list if it was the last free object.
>
> Hi Vlastimil, could you please help to fold it?
Done, thanks.
On 12/3/23 10:23, Hyeonggon Yoo wrote:
> On Thu, Nov 2, 2023 at 12:25 PM <[email protected]> wrote:
>>
>> From: Chengming Zhou <[email protected]>
>>
>> Since the introduce of unfrozen slabs on cpu partial list, we don't
>> need to synchronize the slab frozen state under the node list_lock.
>>
>> The caller of deactivate_slab() and the caller of __slab_free() won't
>> manipulate the slab list concurrently.
>>
>> So we can get node list_lock in the last stage if we really need to
>> manipulate the slab list in this path.
>>
>> Signed-off-by: Chengming Zhou <[email protected]>
>> Reviewed-by: Vlastimil Babka <[email protected]>
>> Tested-by: Hyeonggon Yoo <[email protected]>
>> ---
>> mm/slub.c | 79 ++++++++++++++++++-------------------------------------
>> 1 file changed, 26 insertions(+), 53 deletions(-)
>>
>> diff --git a/mm/slub.c b/mm/slub.c
>> index bcb5b2c4e213..d137468fe4b9 100644
>> --- a/mm/slub.c
>> +++ b/mm/slub.c
>> @@ -2468,10 +2468,8 @@ static void init_kmem_cache_cpus(struct kmem_cache *s)
>> static void deactivate_slab(struct kmem_cache *s, struct slab *slab,
>> void *freelist)
>> {
>> - enum slab_modes { M_NONE, M_PARTIAL, M_FREE, M_FULL_NOLIST };
>> struct kmem_cache_node *n = get_node(s, slab_nid(slab));
>> int free_delta = 0;
>> - enum slab_modes mode = M_NONE;
>> void *nextfree, *freelist_iter, *freelist_tail;
>> int tail = DEACTIVATE_TO_HEAD;
>> unsigned long flags = 0;
>> @@ -2509,65 +2507,40 @@ static void deactivate_slab(struct kmem_cache *s, struct slab *slab,
>> /*
>> * Stage two: Unfreeze the slab while splicing the per-cpu
>> * freelist to the head of slab's freelist.
>> - *
>> - * Ensure that the slab is unfrozen while the list presence
>> - * reflects the actual number of objects during unfreeze.
>> - *
>> - * We first perform cmpxchg holding lock and insert to list
>> - * when it succeed. If there is mismatch then the slab is not
>> - * unfrozen and number of objects in the slab may have changed.
>> - * Then release lock and retry cmpxchg again.
>> */
>> -redo:
>> -
>> - old.freelist = READ_ONCE(slab->freelist);
>> - old.counters = READ_ONCE(slab->counters);
>> - VM_BUG_ON(!old.frozen);
>> -
>> - /* Determine target state of the slab */
>> - new.counters = old.counters;
>> - if (freelist_tail) {
>> - new.inuse -= free_delta;
>> - set_freepointer(s, freelist_tail, old.freelist);
>> - new.freelist = freelist;
>> - } else
>> - new.freelist = old.freelist;
>> -
>> - new.frozen = 0;
>> + do {
>> + old.freelist = READ_ONCE(slab->freelist);
>> + old.counters = READ_ONCE(slab->counters);
>> + VM_BUG_ON(!old.frozen);
>> +
>> + /* Determine target state of the slab */
>> + new.counters = old.counters;
>> + new.frozen = 0;
>> + if (freelist_tail) {
>> + new.inuse -= free_delta;
>> + set_freepointer(s, freelist_tail, old.freelist);
>> + new.freelist = freelist;
>> + } else {
>> + new.freelist = old.freelist;
>> + }
>> + } while (!slab_update_freelist(s, slab,
>> + old.freelist, old.counters,
>> + new.freelist, new.counters,
>> + "unfreezing slab"));
>>
>> + /*
>> + * Stage three: Manipulate the slab list based on the updated state.
>> + */
>
> deactivate_slab() might unconsciously put empty slabs into partial list, like:
>
> deactivate_slab() __slab_free()
> cmpxchg(), slab's not empty
> cmpxchg(), slab's empty
> and unfrozen
> spin_lock(&n->list_lock)
> (slab's empty but not
> on partial list,
>
> spin_unlock(&n->list_lock) and return)
> spin_lock(&n->list_lock)
> put slab into partial list
> spin_unlock(&n->list_lock)
>
> IMHO it should be fine in the real world, but just wanted to
> mention as it doesn't seem to be intentional.
I've noticed it too during review, but then realized it's not a new
behavior, same thing could happen with deactivate_slab() already before the
series. Free slabs on partial list are supported, we even keep some
intentionally as long as "n->nr_partial < s->min_partial" (and that check is
racy too), so no need to try making this more strict.
> Otherwise it looks good to me!
Good enough for a reviewed-by? :)
On Thu, 2 Nov 2023, [email protected] wrote:
> From: Chengming Zhou <[email protected]>
>
> The current updated scheme (which this series implemented) is:
> - node partial slabs: PG_Workingset && !frozen
> - cpu partial slabs: !PG_Workingset && !frozen
> - cpu slabs: !PG_Workingset && frozen
> - full slabs: !PG_Workingset && !frozen
The above would be good to include in the comments.
Acked-by: Christoph Lameter (Ampere) <[email protected]>
On Tue, Dec 5, 2023 at 2:55 AM Vlastimil Babka <[email protected]> wrote:
>
> On 12/3/23 10:23, Hyeonggon Yoo wrote:
> > On Thu, Nov 2, 2023 at 12:25 PM <[email protected]> wrote:
> >>
> >> From: Chengming Zhou <[email protected]>
> >>
> >> Since the introduce of unfrozen slabs on cpu partial list, we don't
> >> need to synchronize the slab frozen state under the node list_lock.
> >>
> >> The caller of deactivate_slab() and the caller of __slab_free() won't
> >> manipulate the slab list concurrently.
> >>
> >> So we can get node list_lock in the last stage if we really need to
> >> manipulate the slab list in this path.
> >>
> >> Signed-off-by: Chengming Zhou <[email protected]>
> >> Reviewed-by: Vlastimil Babka <[email protected]>
> >> Tested-by: Hyeonggon Yoo <[email protected]>
> >> ---
> >> mm/slub.c | 79 ++++++++++++++++++-------------------------------------
> >> 1 file changed, 26 insertions(+), 53 deletions(-)
> >>
> >> diff --git a/mm/slub.c b/mm/slub.c
> >> index bcb5b2c4e213..d137468fe4b9 100644
> >> --- a/mm/slub.c
> >> +++ b/mm/slub.c
> >> @@ -2468,10 +2468,8 @@ static void init_kmem_cache_cpus(struct kmem_cache *s)
> >> static void deactivate_slab(struct kmem_cache *s, struct slab *slab,
> >> void *freelist)
> >> {
> >> - enum slab_modes { M_NONE, M_PARTIAL, M_FREE, M_FULL_NOLIST };
> >> struct kmem_cache_node *n = get_node(s, slab_nid(slab));
> >> int free_delta = 0;
> >> - enum slab_modes mode = M_NONE;
> >> void *nextfree, *freelist_iter, *freelist_tail;
> >> int tail = DEACTIVATE_TO_HEAD;
> >> unsigned long flags = 0;
> >> @@ -2509,65 +2507,40 @@ static void deactivate_slab(struct kmem_cache *s, struct slab *slab,
> >> /*
> >> * Stage two: Unfreeze the slab while splicing the per-cpu
> >> * freelist to the head of slab's freelist.
> >> - *
> >> - * Ensure that the slab is unfrozen while the list presence
> >> - * reflects the actual number of objects during unfreeze.
> >> - *
> >> - * We first perform cmpxchg holding lock and insert to list
> >> - * when it succeed. If there is mismatch then the slab is not
> >> - * unfrozen and number of objects in the slab may have changed.
> >> - * Then release lock and retry cmpxchg again.
> >> */
> >> -redo:
> >> -
> >> - old.freelist = READ_ONCE(slab->freelist);
> >> - old.counters = READ_ONCE(slab->counters);
> >> - VM_BUG_ON(!old.frozen);
> >> -
> >> - /* Determine target state of the slab */
> >> - new.counters = old.counters;
> >> - if (freelist_tail) {
> >> - new.inuse -= free_delta;
> >> - set_freepointer(s, freelist_tail, old.freelist);
> >> - new.freelist = freelist;
> >> - } else
> >> - new.freelist = old.freelist;
> >> -
> >> - new.frozen = 0;
> >> + do {
> >> + old.freelist = READ_ONCE(slab->freelist);
> >> + old.counters = READ_ONCE(slab->counters);
> >> + VM_BUG_ON(!old.frozen);
> >> +
> >> + /* Determine target state of the slab */
> >> + new.counters = old.counters;
> >> + new.frozen = 0;
> >> + if (freelist_tail) {
> >> + new.inuse -= free_delta;
> >> + set_freepointer(s, freelist_tail, old.freelist);
> >> + new.freelist = freelist;
> >> + } else {
> >> + new.freelist = old.freelist;
> >> + }
> >> + } while (!slab_update_freelist(s, slab,
> >> + old.freelist, old.counters,
> >> + new.freelist, new.counters,
> >> + "unfreezing slab"));
> >>
> >> + /*
> >> + * Stage three: Manipulate the slab list based on the updated state.
> >> + */
> >
> > deactivate_slab() might unconsciously put empty slabs into partial list, like:
> >
> > deactivate_slab() __slab_free()
> > cmpxchg(), slab's not empty
> > cmpxchg(), slab's empty
> > and unfrozen
> > spin_lock(&n->list_lock)
> > (slab's empty but not
> > on partial list,
> >
> > spin_unlock(&n->list_lock) and return)
> > spin_lock(&n->list_lock)
> > put slab into partial list
> > spin_unlock(&n->list_lock)
> >
> > IMHO it should be fine in the real world, but just wanted to
> > mention as it doesn't seem to be intentional.
>
> I've noticed it too during review, but then realized it's not a new
> behavior, same thing could happen with deactivate_slab() already before the
> series.
Ah, you are right.
> Free slabs on partial list are supported, we even keep some
> intentionally as long as "n->nr_partial < s->min_partial" (and that check is
> racy too) so no need to try making this more strict.
Agreed.
> > Otherwise it looks good to me!
>
> Good enough for a reviewed-by? :)
Yes,
Reviewed-by: Hyeonggon Yoo <[email protected]>
Thanks!
--
Hyeonggon
On 2023/12/5 05:41, Christoph Lameter (Ampere) wrote:
> On Thu, 2 Nov 2023, [email protected] wrote:
>
>> From: Chengming Zhou <[email protected]>
>>
>> The current updated scheme (which this series implemented) is:
>> - node partial slabs: PG_Workingset && !frozen
>> - cpu partial slabs: !PG_Workingset && !frozen
>> - cpu slabs: !PG_Workingset && frozen
>> - full slabs: !PG_Workingset && !frozen
>
> The above would be good to include in the comments.
>
> Acked-by: Christoph Lameter (Ampere) <[email protected]>
>
Thanks for your review and suggestion!
Maybe something like this:
diff --git a/mm/slub.c b/mm/slub.c
index 623c17a4cdd6..21f88bd9c16b 100644
--- a/mm/slub.c
+++ b/mm/slub.c
@@ -93,6 +93,12 @@
* by clearing the PG_workingset flag when moving out of the node
* partial list. Please see __slab_free() for more details.
*
+ * To sum up, the current scheme is:
+ * - node partial slab: PG_Workingset && !frozen
+ * - cpu partial slab: !PG_Workingset && !frozen
+ * - cpu slab: !PG_Workingset && frozen
+ * - full slab: !PG_Workingset && !frozen
+ *
* list_lock
*
* The list_lock protects the partial and full list on each node and
On 12/5/23 07:06, Chengming Zhou wrote:
> On 2023/12/5 05:41, Christoph Lameter (Ampere) wrote:
>> On Thu, 2 Nov 2023, [email protected] wrote:
>>
>>> From: Chengming Zhou <[email protected]>
>>>
>>> The current updated scheme (which this series implemented) is:
>>> - node partial slabs: PG_Workingset && !frozen
>>> - cpu partial slabs: !PG_Workingset && !frozen
>>> - cpu slabs: !PG_Workingset && frozen
>>> - full slabs: !PG_Workingset && !frozen
>>
>> The above would be good to include in the comments.
>>
>> Acked-by: Christoph Lameter (Ampere) <[email protected]>
>>
>
> Thanks for your review and suggestion!
>
> Maybe something like this:
Thanks, added.
> diff --git a/mm/slub.c b/mm/slub.c
> index 623c17a4cdd6..21f88bd9c16b 100644
> --- a/mm/slub.c
> +++ b/mm/slub.c
> @@ -93,6 +93,12 @@
> * by clearing the PG_workingset flag when moving out of the node
> * partial list. Please see __slab_free() for more details.
> *
> + * To sum up, the current scheme is:
> + * - node partial slab: PG_Workingset && !frozen
> + * - cpu partial slab: !PG_Workingset && !frozen
> + * - cpu slab: !PG_Workingset && frozen
> + * - full slab: !PG_Workingset && !frozen
> + *
> * list_lock
> *
> * The list_lock protects the partial and full list on each node and