I'll trim it a bit again..
On 28/02/2022 18:55, John Harrison wrote:
On 2/28/2022 09:12, Tvrtko Ursulin wrote:
On 25/02/2022 18:48, John Harrison wrote:
On 2/25/2022 10:14, Tvrtko Ursulin wrote:
[snip]
Your only objection is that ends up with too long total time before
reset? Or something else as well?
An unnecessarily long total heartbeat timeout is the main objection.
(2.5 + 12) * 5 = 72.5 seconds. That is a massive change from the
current 12.5s.
If we are happy with that huge increase then fine. But I'm pretty
sure you are going to get a lot more bug reports about hung systems
not recovering. 10-20s is just about long enough for someone to wait
before leaning on the power button of their machine. Over a minute is
not. That kind of delay is going to cause support issues.
Sorry I wrote 12s, while you actually said tP * 12, so 7.68s, chosen
just so it is longer than tH * 3?
And how do you keep coming up with factor of five? Isn't it four
periods before "heartbeat stopped"? (Prio normal, hearbeat, barrier
and then reset.)
Prio starts at low not normal.
Right, slipped my mind since I only keep seeing that one priority ladder
block in intel_engine_heartbeat.c/heartbeat()..
From the point of view of user experience I agree reasonable
responsiveness is needed before user "reaches for the power button".
In your proposal we are talking about 3 * 2.5s + 2 * 7.5s, so 22.5s.
Question of workloads.. what is the actual preempt timeout compute is
happy with? And I don't mean compute setups with disabled hangcheck,
which you say they want anyway, but if we target defaults for end
users. Do we have some numbers on what they are likely to run?
Not that I have ever seen. This is all just finger in the air stuff. I
don't recall if we invented the number and the compute people agreed
with it or if they proposed the number to us.
Yeah me neither. And found nothing in my email archives. :(
Thinking about it today I don't see that disabled timeout is a practical
default.
With it, if users have something un-preemptable to run (assuming prio
normal), it would get killed after ~13s (5 * 2.5).
If we go for my scheme it gets killed in ~17.5s (3 * (2.5 + 2.5) + 2.5
(third pulse triggers preempt timeout)).
And if we go for your scheme it gets killed in ~22.5s (4 * 2.5 + 2 * 3 *
2.5).
If I did not confuse any calculation this time round, then the
differences for default case for normal priority sound pretty immaterial
to me.
What if we gave them a default of 2.5s? That would be 4 * (2.5s +
2.5s) = 20s worst case until reset, comparable to your proposal. Are
there realistic workloads which are non-preemptable for 2.5s? I am
having hard time imagining someone would run them on a general purpose
desktop since it would mean frozen and unusable UI anyway.
Advantage still being in my mind that there would be no fudging of
timeouts during driver load and heartbeat periods depending on
priority. To me it feels more plausible to account for preempt timeout
in heartbeat pulses that to calculate preempt timeout to be longer
than hearbeat pulses, just to avoid races between the two.
Except that when the user asks for a heartbeat period of 2.5s you are
actually setting it to 5s. How is that not a major fudge that is totally
disregarding the user's request?
This is indeed the core question. My thinking:
It is not defined in the heartbeat ABI that N pulses should do anything,
just that they are periodic pulses which check the health of an engine.
If we view user priority as not under our control then we can say that
any heartbeat pulse can trigger preempt timeout and we should let it do
that.
From that it follows that it is justified to account for preempt
timeout in the decision when to schedule heartbeat pulses and that it is
legitimate to do it for all of them.
It also avoids the double reset problem, regardless of the backend and
regardless of how the user configured the timeouts. Without the need to
fudge them neither during driver load or during sysfs store.
User has configured that heartbeat pulses should be sent every N
seconds, yes, but I think we are free to account for inherent hardware
and software latencies in our calculations. Especially since other than
flawed Gen12 RCS, other engines will be much closer to the configured
period.
It is just the same as user asking for preempt timeout N and we say on
driver load "oh no you won't get it". Same for heartbeats, they said
2.5s, we said 2.5s + broken engine factor...
I don't see a problem there. Nothing timing sensitive relies on the
heartbeat interval nor we provided any guarantees.
That patch from Chris for instance AFAIR accounted for scheduling or
context switch latencies. Because what is the point of sending further
elevated priority pulses if we did not leave enough time to the engine
to schedule them in, react with preemption, or signalling completion?
Persistence itself can stay. There are valid UMD use cases. It is
just massively over complicated and doesn't work in all corner
cases when not using execlist submission or on newer platforms.
The simplification that is planned is to allow contexts to
persist until the associated DRM master handle is closed. At that
point, all contexts associated with that DRM handle are killed.
That is what AMD and others apparently implement.
Okay, that goes against one recent IGT patch which appeared to
work around something by moving the position of _context_ close.
No it does not. The context close is not the trigger. The trigger is
Well patch says:
"""
The spin all test relied on context persistence unecessarily by trying
to destroy contexts while keeping spinners active.
The current implementation of context persistence in i915 can cause
failures with GuC enabled, and persistence is not needed for this test.
Moving intel_ctx_destroy after igt_spin_end.
"""
Implying moving context close to after spin end fixes things for
GuC, not fd close.
That's because persistence is currently a big pile of poo and does
not work in all the corner cases. The correct solution is to leave
the IGT alone and just fix the implementation of persistence.
However, the IGT update to not use the broken feature is a trivial
test change (two lines?) whereas fixing the broken feature is a
significant KMD re-work. It needs to be done but no-one currently has
the time to do it. But trivially changing the test allows the test to
work and test the features it is meant to be testing (which is not
persistence).
Clear as mud. If the statement is that persistence cannot simply be
removed, then for sure it cannot be said that anything can be fixed or
unblocked by allowing some test to pass with GuC, by making them avoid
using persistence (and not even explicitly with a context param). It
implies persistence does not work with the GuC, which is then in
contradiction with the statement that we cannot just remove
persistence. I truly have no idea what the argument is here.
Persistence works in the right set of circumstances. Those circumstances
do not involve dynamically changing heartbeat settings, platforms with
dependent engines, etc. The correct fix is to leave the IGT test alone
and fix the persistence implementation. However, that is not trivial and
we have many other high priority holes still to plug. Whereas changing
the IGT to not use a feature it is not intended to be testing anyway is
a trivial change and gets us the test coverage of what that IGT is meant
to be for.
It may be acceptable if someone is reviewing overall coverage and making
sure all is not removed and so a missing ABI in GuC backend not swept
under the carpet. That's my main concern. If it is acknowledged
persistence is a needed ABI, then how can we upstream dependent engine
support without making sure this ABI is respected? Removing it's use
from random tests does not fill me with confidence that we are on top of
this topic.
Regards,
Tvrtko