Re: [PATCH 1/5] mm/swapfile: add percpu_ref support for swap

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 2021/4/14 9:17, Huang, Ying wrote:
> Miaohe Lin <linmiaohe@xxxxxxxxxx> writes:
> 
>> On 2021/4/12 15:24, Huang, Ying wrote:
>>> "Huang, Ying" <ying.huang@xxxxxxxxx> writes:
>>>
>>>> Miaohe Lin <linmiaohe@xxxxxxxxxx> writes:
>>>>
>>>>> We will use percpu-refcount to serialize against concurrent swapoff. This
>>>>> patch adds the percpu_ref support for later fixup.
>>>>>
>>>>> Signed-off-by: Miaohe Lin <linmiaohe@xxxxxxxxxx>
>>>>> ---
>>>>>  include/linux/swap.h |  2 ++
>>>>>  mm/swapfile.c        | 25 ++++++++++++++++++++++---
>>>>>  2 files changed, 24 insertions(+), 3 deletions(-)
>>>>>
>>>>> diff --git a/include/linux/swap.h b/include/linux/swap.h
>>>>> index 144727041e78..849ba5265c11 100644
>>>>> --- a/include/linux/swap.h
>>>>> +++ b/include/linux/swap.h
>>>>> @@ -240,6 +240,7 @@ struct swap_cluster_list {
>>>>>   * The in-memory structure used to track swap areas.
>>>>>   */
>>>>>  struct swap_info_struct {
>>>>> +	struct percpu_ref users;	/* serialization against concurrent swapoff */
>>>>>  	unsigned long	flags;		/* SWP_USED etc: see above */
>>>>>  	signed short	prio;		/* swap priority of this type */
>>>>>  	struct plist_node list;		/* entry in swap_active_head */
>>>>> @@ -260,6 +261,7 @@ struct swap_info_struct {
>>>>>  	struct block_device *bdev;	/* swap device or bdev of swap file */
>>>>>  	struct file *swap_file;		/* seldom referenced */
>>>>>  	unsigned int old_block_size;	/* seldom referenced */
>>>>> +	struct completion comp;		/* seldom referenced */
>>>>>  #ifdef CONFIG_FRONTSWAP
>>>>>  	unsigned long *frontswap_map;	/* frontswap in-use, one bit per page */
>>>>>  	atomic_t frontswap_pages;	/* frontswap pages in-use counter */
>>>>> diff --git a/mm/swapfile.c b/mm/swapfile.c
>>>>> index 149e77454e3c..724173cd7d0c 100644
>>>>> --- a/mm/swapfile.c
>>>>> +++ b/mm/swapfile.c
>>>>> @@ -39,6 +39,7 @@
>>>>>  #include <linux/export.h>
>>>>>  #include <linux/swap_slots.h>
>>>>>  #include <linux/sort.h>
>>>>> +#include <linux/completion.h>
>>>>>  
>>>>>  #include <asm/tlbflush.h>
>>>>>  #include <linux/swapops.h>
>>>>> @@ -511,6 +512,15 @@ static void swap_discard_work(struct work_struct *work)
>>>>>  	spin_unlock(&si->lock);
>>>>>  }
>>>>>  
>>>>> +static void swap_users_ref_free(struct percpu_ref *ref)
>>>>> +{
>>>>> +	struct swap_info_struct *si;
>>>>> +
>>>>> +	si = container_of(ref, struct swap_info_struct, users);
>>>>> +	complete(&si->comp);
>>>>> +	percpu_ref_exit(&si->users);
>>>>
>>>> Because percpu_ref_exit() is used, we cannot use percpu_ref_tryget() in
>>>> get_swap_device(), better to add comments there.
>>>
>>> I just noticed that the comments of percpu_ref_tryget_live() says,
>>>
>>>  * This function is safe to call as long as @ref is between init and exit.
>>>
>>> While we need to call get_swap_device() almost at any time, so it's
>>> better to avoid to call percpu_ref_exit() at all.  This will waste some
>>> memory, but we need to follow the API definition to avoid potential
>>> issues in the long term.
>>
>> I have to admit that I'am not really familiar with percpu_ref. So I read the
>> implementation code of the percpu_ref and found percpu_ref_tryget_live() could
>> be called after exit now. But you're right we need to follow the API definition
>> to avoid potential issues in the long term.
>>
>>>
>>> And we need to call percpu_ref_init() before insert the swap_info_struct
>>> into the swap_info[].
>>
>> If we remove the call to percpu_ref_exit(), we should not use percpu_ref_init()
>> here because *percpu_ref->data is assumed to be NULL* in percpu_ref_init() while
>> this is not the case as we do not call percpu_ref_exit(). Maybe percpu_ref_reinit()
>> or percpu_ref_resurrect() will do the work.
>>
>> One more thing, how could I distinguish the killed percpu_ref from newly allocated one?
>> It seems percpu_ref_is_dying is only safe to call when @ref is between init and exit.
>> Maybe I could do this in alloc_swap_info()?
> 
> Yes.  In alloc_swap_info(), you can distinguish newly allocated and
> reused swap_info_struct.
> 
>>>
>>>>> +}
>>>>> +
>>>>>  static void alloc_cluster(struct swap_info_struct *si, unsigned long idx)
>>>>>  {
>>>>>  	struct swap_cluster_info *ci = si->cluster_info;
>>>>> @@ -2500,7 +2510,7 @@ static void enable_swap_info(struct swap_info_struct *p, int prio,
>>>>>  	 * Guarantee swap_map, cluster_info, etc. fields are valid
>>>>>  	 * between get/put_swap_device() if SWP_VALID bit is set
>>>>>  	 */
>>>>> -	synchronize_rcu();
>>>>> +	percpu_ref_reinit(&p->users);
>>>>
>>>> Although the effect is same, I think it's better to use
>>>> percpu_ref_resurrect() here to improve code readability.
>>>
>>> Check the original commit description for commit eb085574a752 "mm, swap:
>>> fix race between swapoff and some swap operations" and discussion email
>>> thread as follows again,
>>>
>>> https://lore.kernel.org/linux-mm/20171219053650.GB7829@xxxxxxxxxxxxxxxxxx/
>>>
>>> I found that the synchronize_rcu() here is to avoid to call smp_rmb() or
>>> smp_load_acquire() in get_swap_device().  Now we will use
>>> percpu_ref_tryget_live() in get_swap_device(), so we will need to add
>>> the necessary memory barrier, or make sure percpu_ref_tryget_live() has
>>> ACQUIRE semantics.  Per my understanding, we need to change
>>> percpu_ref_tryget_live() for that.
>>>
>>
>> Do you mean the below scene is possible?
>>
>> cpu1
>> swapon()
>>   ...
>>   percpu_ref_init
>>   ...
>>   setup_swap_info
>>   /* smp_store_release() is inside percpu_ref_reinit */
>>   percpu_ref_reinit
> 
> spin_unlock() has RELEASE semantics already.
> 
>>   ...
>>
>> cpu2
>> get_swap_device()
>>   /* ignored  smp_rmb() */
>>   percpu_ref_tryget_live
> 
> Some kind of ACQUIRE is required here to guarantee the refcount is
> checked before fetching the other fields of swap_info_struct.  I have
> sent out a RFC patch to mailing list to discuss this.

Many thanks.
But We may still need to add a smp_rmb() in get_swap_device() in case
we can't add ACQUIRE for refcount.

> >>   ...
>>
>> There is indeed missing smp_rmb() in percpu_ref_tryget_live. So I think the above
>> scene possible and we should fix this.
>>
>>>>>  	spin_lock(&swap_lock);
>>>>>  	spin_lock(&p->lock);
>>>>>  	_enable_swap_info(p);
>>>>> @@ -2621,11 +2631,13 @@ SYSCALL_DEFINE1(swapoff, const char __user *, specialfile)
>>>>>  	p->flags &= ~SWP_VALID;		/* mark swap device as invalid */
>>>>>  	spin_unlock(&p->lock);
>>>>>  	spin_unlock(&swap_lock);
>>>>> +
>>>>> +	percpu_ref_kill(&p->users);
>>>>>  	/*
>>>>>  	 * wait for swap operations protected by get/put_swap_device()
>>>>>  	 * to complete
>>>>>  	 */
>>>>> -	synchronize_rcu();
>>>>> +	wait_for_completion(&p->comp);
>>>>
>>>> Better to move percpu_ref_kill() after the comments.  And maybe revise
>>>> the comments.
>>>
>>> After reading the original commit description as above, I found that we
>>> need synchronize_rcu() here to protect the accessing to the swap cache
>>> data structure.  Because there's call_rcu() during percpu_ref_kill(), it
>>> appears OK to keep the synchronize_rcu() here.  And we need to revise
>>> the comments to make it clear what is protected by which operation.
>>>
>>
>> Per my understanding, percpu_ref->data->release is called only after the refcnt
>> reaches 0, including a full grace period has elapsed or refcnt won't be 0.
>> wait_for_completion() is used for waiting the last refcnt being released. So
>> synchronize_rcu() is not necessary here?
> 
> Then we will depends on the implementation of percpu_ref.  If it changed
> its implementation, it may take long to find out we need to change the
> code here.  I guess in most cases, even adding a synchronize_rcu() here,
> we still only need to wait for one grace period.  So the overhead to
> call synchronize_rcu() is low here.  And the code is easier to be
> maintained.
> 

Sounds reasonable. Will do. Thanks.

> Best Regards,
> Huang, Ying
> .
> 





[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Bugtraq]     [Linux OMAP]     [Linux MIPS]     [eCos]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux