Re: [PATCH v2 2/7] mm: vmscan: make global slab shrink lockless

Qi Zheng <zhengqi.arch@xxxxxxxxxxxxx> · Sun, 26 Feb 2023 21:56:10 +0800

On 2023/2/26 05:28, Kirill Tkhai wrote:
On 25.02.2023 19:37, Qi Zheng wrote:


On 2023/2/26 00:17, Kirill Tkhai wrote:
On 25.02.2023 18:57, Qi Zheng wrote:

<...>
How about this?

diff --git a/mm/vmscan.c b/mm/vmscan.c
index ffddbd204259..9d8c53075298 100644
--- a/mm/vmscan.c
+++ b/mm/vmscan.c
@@ -1012,7 +1012,7 @@ static unsigned long shrink_slab(gfp_t gfp_mask, int nid,
                                    int priority)
    {
           unsigned long ret, freed = 0;
-       struct shrinker *shrinker;
+       struct shrinker *shrinker = NULL;
           int srcu_idx, generation;

           /*
@@ -1025,11 +1025,15 @@ static unsigned long shrink_slab(gfp_t gfp_mask, int nid,
           if (!mem_cgroup_disabled() && !mem_cgroup_is_root(memcg))
                   return shrink_slab_memcg(gfp_mask, nid, memcg, priority);

+again:
           srcu_idx = srcu_read_lock(&shrinker_srcu);

           generation = atomic_read(&shrinker_srcu_generation);
-       list_for_each_entry_srcu(shrinker, &shrinker_list, list,
-                                srcu_read_lock_held(&shrinker_srcu)) {
+       if (!shrinker)
+               shrinker = list_entry_rcu(shrinker_list.next, struct shrinker, list);
+       else
+               shrinker = list_entry_rcu(shrinker->list.next, struct shrinker, list);
+       list_for_each_entry_from_rcu(shrinker, &shrinker_list, list) {
                   struct shrink_control sc = {
                           .gfp_mask = gfp_mask,
                           .nid = nid,
@@ -1042,8 +1046,9 @@ static unsigned long shrink_slab(gfp_t gfp_mask, int nid,
                   freed += ret;

                   if (atomic_read(&shrinker_srcu_generation) != generation) {
-                       freed = freed ? : 1;
-                       break;
+                       srcu_read_unlock(&shrinker_srcu, srcu_idx);

After SRCU in unlocked we can't believe @shrinker anymore. So, above list_entry_rcu(shrinker->list.next)
dereferences some random memory.

Indeed.


+                       cond_resched();
+                       goto again;
                   }
           }


diff --git a/mm/vmscan.c b/mm/vmscan.c
index 27ef9946ae8a..0b197bba1257 100644
--- a/mm/vmscan.c
+++ b/mm/vmscan.c
@@ -204,6 +204,7 @@ static void set_task_reclaim_state(struct task_struct *task,
     LIST_HEAD(shrinker_list);
     DEFINE_MUTEX(shrinker_mutex);
     DEFINE_SRCU(shrinker_srcu);
+static atomic_t shrinker_srcu_generation = ATOMIC_INIT(0);
       #ifdef CONFIG_MEMCG
     static int shrinker_nr_max;
@@ -782,6 +783,7 @@ void unregister_shrinker(struct shrinker *shrinker)
         debugfs_entry = shrinker_debugfs_remove(shrinker);
         mutex_unlock(&shrinker_mutex);
     +    atomic_inc(&shrinker_srcu_generation);
         synchronize_srcu(&shrinker_srcu);
           debugfs_remove_recursive(debugfs_entry);
@@ -799,6 +801,7 @@ EXPORT_SYMBOL(unregister_shrinker);
      */
     void synchronize_shrinkers(void)
     {
+    atomic_inc(&shrinker_srcu_generation);
         synchronize_srcu(&shrinker_srcu);
     }
     EXPORT_SYMBOL(synchronize_shrinkers);
@@ -908,18 +911,19 @@ static unsigned long shrink_slab_memcg(gfp_t gfp_mask, int nid,
     {
         struct shrinker_info *info;
         unsigned long ret, freed = 0;
-    int srcu_idx;
-    int i;
+    int srcu_idx, generation;
+    int i = 0;
           if (!mem_cgroup_online(memcg))
             return 0;
-
+again:
         srcu_idx = srcu_read_lock(&shrinker_srcu);
         info = shrinker_info_srcu(memcg, nid);
         if (unlikely(!info))
             goto unlock;
     -    for_each_set_bit(i, info->map, info->map_nr_max) {
+    generation = atomic_read(&shrinker_srcu_generation);
+    for_each_set_bit_from(i, info->map, info->map_nr_max) {
             struct shrink_control sc = {
                 .gfp_mask = gfp_mask,
                 .nid = nid,
@@ -965,6 +969,11 @@ static unsigned long shrink_slab_memcg(gfp_t gfp_mask, int nid,
                     set_shrinker_bit(memcg, nid, i);
             }
             freed += ret;
+
+        if (atomic_read(&shrinker_srcu_generation) != generation) {
+            srcu_read_unlock(&shrinker_srcu, srcu_idx);

Maybe we can add the following code here, so as to avoid repeating the
current id and avoid triggering softlockup:

               i++;

This is OK.

               cond_resched();

Possible, existing cond_resched() in do_shrink_slab() is enough.

Yeah.

I will add this patch in the next version. May I mark you as the author
of this patch?

I think, yes

Thanks. :)

Qi



And this. :)

Thanks,
Qi


Thanks,
Qi

+            goto again;
+        }
         }
     unlock:
         srcu_read_unlock(&shrinker_srcu, srcu_idx);
@@ -1004,7 +1013,7 @@ static unsigned long shrink_slab(gfp_t gfp_mask, int nid,
     {
         unsigned long ret, freed = 0;
         struct shrinker *shrinker;
-    int srcu_idx;
+    int srcu_idx, generation;
           /*
          * The root memcg might be allocated even though memcg is disabled
@@ -1017,6 +1026,7 @@ static unsigned long shrink_slab(gfp_t gfp_mask, int nid,
             return shrink_slab_memcg(gfp_mask, nid, memcg, priority);
           srcu_idx = srcu_read_lock(&shrinker_srcu);
+    generation = atomic_read(&shrinker_srcu_generation);
           list_for_each_entry_srcu(shrinker, &shrinker_list, list,
                      srcu_read_lock_held(&shrinker_srcu)) {
@@ -1030,6 +1040,11 @@ static unsigned long shrink_slab(gfp_t gfp_mask, int nid,
             if (ret == SHRINK_EMPTY)
                 ret = 0;
             freed += ret;
+
+        if (atomic_read(&shrinker_srcu_generation) != generation) {
+            freed = freed ? : 1;
+            break;
+        }
         }
           srcu_read_unlock(&shrinker_srcu, srcu_idx);









--
Thanks,
Qi







