The unlazy sequence of an rcuwalk lookup occurs a bit earlier than normal for O_CREAT lookups (i.e. in open_last_lookups()). The create logic here historically invoked complete_walk(), which clears the nd->root.mnt pointer when appropriate before the unlazy. This changed in commit 72287417abd1 ("open_last_lookups(): don't abuse complete_walk() when all we want is unlazy"), which refactored the create path to invoke unlazy_walk() and not consider nd->root.mnt. This tweak negatively impacts performance on a concurrent open(O_CREAT) workload to multiple independent mounts beneath the root directory. This attributes to increased spinlock contention on the root dentry via legitimize_root(), to the point where the spinlock becomes the primary bottleneck over the directory inode rwsem of the individual submounts. For example, the completion rate of a 32k thread aim7 create/close benchmark that repeatedly passes O_CREAT to open preexisting files drops from over 700k "jobs per minute" to 30, increasing the overall test time from a few minutes to over an hour. A similar, more simplified test to create a set of opener tasks across a set of submounts can demonstrate the problem more quickly. For example, consider sets of 100 open/close tasks each running against 64 independent filesystem mounts (i.e. 6400 tasks total), with each task completing 10k iterations before it exits. On an 80xcpu box running v5.16.0-rc2, this test completes in 50-55s. With this patch applied, the same test completes in 10-15s. This is not the most realistic workload in the world as it factors out inode allocation in the filesystem. The contention can also be avoided by more selective use of O_CREAT or via use of relative pathnames. That said, this regression appears to be an unintentional side effect of code cleanup and might be unexpected for users. Restore original behavior prior to commit 72287417abd1 by factoring the nd->root handling logic from complete_walk() into a new helper and invoke that from both places. Note that the LOOKUP_CACHE logic is not required here because it is incompatible with O_CREAT. Otherwise the tradeoff for this change is that this may impact behavior when an absolute path O_CREAT lookup lands on a symlink that contains another absolute path. The unlazy sequence of the create lookup now clears the nd->root mount pointer, which means that once we read said link via step_into(), the subsequent nd_jump_root() calls into set_root() to grab the mount pointer again (from refwalk mode). This is historical behavior for O_CREAT and less common than the current behavior of a typical create lookup unnecessarily legitimizing the root dentry. Signed-off-by: Brian Foster <bfoster@xxxxxxxxxx> --- Al, It looks like this one fell through the cracks from the last time I posted it [1]. IIRC, the change in v2 was to try and address your concern around the factoring and unclear helper naming of the original v1 [2]. Any chance of getting this version pulled? Thanks. Brian [1] https://lore.kernel.org/linux-fsdevel/20220112142459.544276-1-bfoster@xxxxxxxxxx/ [2] https://lore.kernel.org/linux-fsdevel/20220105180259.115760-1-bfoster@xxxxxxxxxx/ fs/namei.c | 23 ++++++++++++++--------- 1 file changed, 14 insertions(+), 9 deletions(-) diff --git a/fs/namei.c b/fs/namei.c index 53b4bc094db2..083b8b6bc566 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -858,6 +858,18 @@ static inline int d_revalidate(struct dentry *dentry, unsigned int flags) return 1; } +static inline bool nd_reset_root_and_unlazy(struct nameidata *nd) +{ + /* + * We don't want to zero nd->root for scoped-lookups or + * externally-managed nd->root. + */ + if (!(nd->state & ND_ROOT_PRESET)) + if (!(nd->flags & LOOKUP_IS_SCOPED)) + nd->root.mnt = NULL; + return try_to_unlazy(nd); +} + /** * complete_walk - successful completion of path walk * @nd: pointer nameidata @@ -874,15 +886,8 @@ static int complete_walk(struct nameidata *nd) int status; if (nd->flags & LOOKUP_RCU) { - /* - * We don't want to zero nd->root for scoped-lookups or - * externally-managed nd->root. - */ - if (!(nd->state & ND_ROOT_PRESET)) - if (!(nd->flags & LOOKUP_IS_SCOPED)) - nd->root.mnt = NULL; nd->flags &= ~LOOKUP_CACHED; - if (!try_to_unlazy(nd)) + if (!nd_reset_root_and_unlazy(nd)) return -ECHILD; } @@ -3457,7 +3462,7 @@ static const char *open_last_lookups(struct nameidata *nd, } else { /* create side of things */ if (nd->flags & LOOKUP_RCU) { - if (!try_to_unlazy(nd)) + if (!nd_reset_root_and_unlazy(nd)) return ERR_PTR(-ECHILD); } audit_inode(nd->name, dir, AUDIT_INODE_PARENT); -- 2.37.2