On Fri, 19 Aug 2022 at 23:43, Alexei Starovoitov
<alexei.starovoitov@xxxxxxxxx> wrote:
>
> From: Alexei Starovoitov <ast@xxxxxxxxxx>
>
> Use call_rcu_tasks_trace() to wait for sleepable progs to finish.
> Then use call_rcu() to wait for normal progs to finish
> and finally do free_one() on each element when freeing objects
> into global memory pool.
>
> Signed-off-by: Alexei Starovoitov <ast@xxxxxxxxxx>
> ---
I fear this can make OOM issues very easy to run into, because one
sleepable prog that sleeps for a long period of time can hold the
freeing of elements from another sleepable prog which either does not
sleep often or sleeps for a very short period of time, and has a high
update frequency. I'm mostly worried that unrelated sleepable programs
not even using the same map will begin to affect each other.
Have you considered other options? E.g. we could directly expose
bpf_rcu_read_lock/bpf_rcu_read_unlock to the program and enforce that
access to RCU protected map lookups only happens in such read
sections, and unlock invalidates all RCU protected pointers? Sleepable
helpers can then not be invoked inside the BPF RCU read section. The
program uses RCU read section while accessing such maps, and sleeps
after doing bpf_rcu_read_unlock. They can be kfuncs.
It might also be useful in general, to access RCU protected data from
sleepable programs (i.e. make some sections of the program RCU
protected and non-sleepable at runtime). It will allow use of elements
from dynamically allocated maps with bpf_mem_alloc while not having to
wait for RCU tasks trace grace period, which can extend into minutes
(or even longer if unlucky).
One difference would be that you can pin a lookup across a sleep cycle
with this approach, but not with preallocated maps or the explicit RCU
section above, but I'm not sure it's worth it. It isn't possible now.
> kernel/bpf/memalloc.c | 14 +++++++++++++-
> 1 file changed, 13 insertions(+), 1 deletion(-)
>
> diff --git a/kernel/bpf/memalloc.c b/kernel/bpf/memalloc.c
> index 9e5ad7dc4dc7..d34383dc12d9 100644
> --- a/kernel/bpf/memalloc.c
> +++ b/kernel/bpf/memalloc.c
> @@ -224,6 +224,13 @@ static void __free_rcu(struct rcu_head *head)
> atomic_set(&c->call_rcu_in_progress, 0);
> }
>
> +static void __free_rcu_tasks_trace(struct rcu_head *head)
> +{
> + struct bpf_mem_cache *c = container_of(head, struct bpf_mem_cache, rcu);
> +
> + call_rcu(&c->rcu, __free_rcu);
> +}
> +
> static void enque_to_free(struct bpf_mem_cache *c, void *obj)
> {
> struct llist_node *llnode = obj;
> @@ -249,7 +256,11 @@ static void do_call_rcu(struct bpf_mem_cache *c)
> * from __free_rcu() and from drain_mem_cache().
> */
> __llist_add(llnode, &c->waiting_for_gp);
> - call_rcu(&c->rcu, __free_rcu);
> + /* Use call_rcu_tasks_trace() to wait for sleepable progs to finish.
> + * Then use call_rcu() to wait for normal progs to finish
> + * and finally do free_one() on each element.
> + */
> + call_rcu_tasks_trace(&c->rcu, __free_rcu_tasks_trace);
> }
>
> static void free_bulk(struct bpf_mem_cache *c)
> @@ -452,6 +463,7 @@ void bpf_mem_alloc_destroy(struct bpf_mem_alloc *ma)
> /* c->waiting_for_gp list was drained, but __free_rcu might
> * still execute. Wait for it now before we free 'c'.
> */
> + rcu_barrier_tasks_trace();
> rcu_barrier();
> free_percpu(ma->cache);
> ma->cache = NULL;
> --
> 2.30.2
>
