Jesper Dangaard Brouer <brouer@xxxxxxxxxx> writes: > This removes the workqueue scheme that periodically tests when > inflight reach zero such that page_pool memory can be freed. > > This change adds code to fast-path free checking for a shutdown flags > bit after returning PP pages. I think the general approach is workable, but spotted a few issues with the details, see below. > Performance is very important for PP, as the fast path is used for > XDP_DROP use-cases where NIC drivers recycle PP pages directly into PP > alloc cache. > > The goal were that this code change should have zero impact on this > fast-path. The slight code reorg of likely() are deliberate. Micro > benchmarking done via kernel module[1] on x86_64, shows this code > change only cost a single instruction extra (approx 0.3 nanosec on CPU > E5-1650 @3.60GHz). > > It is possible to make this code zero impact via static_key, but that > change is not considered worth the complexity. > > [1] https://github.com/netoptimizer/prototype-kernel/blob/master/kernel/lib/bench_page_pool_simple.c > > Signed-off-by: Jesper Dangaard Brouer <brouer@xxxxxxxxxx> > --- > include/net/page_pool.h | 9 ++-- > net/core/page_pool.c | 100 +++++++++++++++++++++++++++++------------------ > 2 files changed, 66 insertions(+), 43 deletions(-) > > diff --git a/include/net/page_pool.h b/include/net/page_pool.h > index c8ec2f34722b..a71c0f2695b0 100644 > --- a/include/net/page_pool.h > +++ b/include/net/page_pool.h > @@ -50,6 +50,9 @@ > PP_FLAG_DMA_SYNC_DEV |\ > PP_FLAG_PAGE_FRAG) > > +/* Internal flag: PP in shutdown phase, waiting for inflight pages */ > +#define PP_FLAG_SHUTDOWN BIT(8) > + > /* > * Fast allocation side cache array/stack > * > @@ -151,11 +154,6 @@ static inline u64 *page_pool_ethtool_stats_get(u64 *data, void *stats) > struct page_pool { > struct page_pool_params p; > > - struct delayed_work release_dw; > - void (*disconnect)(void *); > - unsigned long defer_start; > - unsigned long defer_warn; > - > u32 pages_state_hold_cnt; > unsigned int frag_offset; > struct page *frag_page; > @@ -165,6 +163,7 @@ struct page_pool { > /* these stats are incremented while in softirq context */ > struct page_pool_alloc_stats alloc_stats; > #endif > + void (*disconnect)(void *); > u32 xdp_mem_id; > > /* > diff --git a/net/core/page_pool.c b/net/core/page_pool.c > index e212e9d7edcb..b8359d84e30f 100644 > --- a/net/core/page_pool.c > +++ b/net/core/page_pool.c > @@ -23,9 +23,6 @@ > > #include <trace/events/page_pool.h> > > -#define DEFER_TIME (msecs_to_jiffies(1000)) > -#define DEFER_WARN_INTERVAL (60 * HZ) > - > #define BIAS_MAX LONG_MAX > > #ifdef CONFIG_PAGE_POOL_STATS > @@ -380,6 +377,10 @@ static struct page *__page_pool_alloc_pages_slow(struct page_pool *pool, > struct page *page; > int i, nr_pages; > > + /* API usage BUG: PP in shutdown phase, cannot alloc new pages */ > + if (WARN_ON(pool->p.flags & PP_FLAG_SHUTDOWN)) > + return NULL; > + > /* Don't support bulk alloc for high-order pages */ > if (unlikely(pp_order)) > return __page_pool_alloc_page_order(pool, gfp); > @@ -445,15 +446,20 @@ struct page *page_pool_alloc_pages(struct page_pool *pool, gfp_t gfp) > } > EXPORT_SYMBOL(page_pool_alloc_pages); > > +/* Avoid inlining code to avoid speculative fetching cacheline */ > +noinline u32 pp_read_hold_cnt(struct page_pool *pool) > +{ > + return READ_ONCE(pool->pages_state_hold_cnt); > +} > + > /* Calculate distance between two u32 values, valid if distance is below 2^(31) > * https://en.wikipedia.org/wiki/Serial_number_arithmetic#General_Solution > */ > #define _distance(a, b) (s32)((a) - (b)) > > -static s32 page_pool_inflight(struct page_pool *pool) > +static s32 __page_pool_inflight(struct page_pool *pool, > + u32 hold_cnt, u32 release_cnt) > { > - u32 release_cnt = atomic_read(&pool->pages_state_release_cnt); > - u32 hold_cnt = READ_ONCE(pool->pages_state_hold_cnt); > s32 inflight; > > inflight = _distance(hold_cnt, release_cnt); > @@ -464,6 +470,16 @@ static s32 page_pool_inflight(struct page_pool *pool) > return inflight; > } > > +static s32 page_pool_inflight(struct page_pool *pool) > +{ > + u32 hold_cnt = READ_ONCE(pool->pages_state_hold_cnt); > + u32 release_cnt = atomic_read(&pool->pages_state_release_cnt); > + return __page_pool_inflight(pool, hold_cnt, release_cnt); > +} > + > +static int page_pool_free_attempt(struct page_pool *pool, > + u32 hold_cnt, u32 release_cnt); > + > /* Disconnects a page (from a page_pool). API users can have a need > * to disconnect a page (from a page_pool), to allow it to be used as > * a regular page (that will eventually be returned to the normal > @@ -471,8 +487,10 @@ static s32 page_pool_inflight(struct page_pool *pool) > */ > void page_pool_release_page(struct page_pool *pool, struct page *page) > { > + unsigned int flags = READ_ONCE(pool->p.flags); > dma_addr_t dma; > - int count; > + u32 release_cnt; > + u32 hold_cnt; > > if (!(pool->p.flags & PP_FLAG_DMA_MAP)) > /* Always account for inflight pages, even if we didn't > @@ -490,11 +508,15 @@ void page_pool_release_page(struct page_pool *pool, struct page *page) > skip_dma_unmap: > page_pool_clear_pp_info(page); > > - /* This may be the last page returned, releasing the pool, so > - * it is not safe to reference pool afterwards. > - */ > - count = atomic_inc_return_relaxed(&pool->pages_state_release_cnt); > - trace_page_pool_state_release(pool, page, count); > + if (flags & PP_FLAG_SHUTDOWN) > + hold_cnt = pp_read_hold_cnt(pool); > + > + release_cnt = atomic_inc_return(&pool->pages_state_release_cnt); > + trace_page_pool_state_release(pool, page, release_cnt); > + > + /* In shutdown phase, last page will free pool instance */ > + if (flags & PP_FLAG_SHUTDOWN) > + page_pool_free_attempt(pool, hold_cnt, release_cnt); Since the assumption is that no new pages will be allocated once the PP_FLAG_SHUTDOWN is set (i.e., hold_count can not increase in the case), I don't think it matters what order you read the hold and release counts in? So you could simplify the above to just: > + if (flags & PP_FLAG_SHUTDOWN) > + page_pool_free_attempt(pool, pp_read_hold_cnt(pool), release_cnt); and drop the second check of the flag further up? You could probably even lose the hold_cnt argument entirely from page_pool_free_attempt() and just have it call pp_read_hold_cnt() directly? > } > EXPORT_SYMBOL(page_pool_release_page); > > @@ -535,7 +557,7 @@ static bool page_pool_recycle_in_ring(struct page_pool *pool, struct page *page) > static bool page_pool_recycle_in_cache(struct page *page, > struct page_pool *pool) > { > - if (unlikely(pool->alloc.count == PP_ALLOC_CACHE_SIZE)) { > + if (pool->alloc.count == PP_ALLOC_CACHE_SIZE) { > recycle_stat_inc(pool, cache_full); > return false; > } > @@ -546,6 +568,8 @@ static bool page_pool_recycle_in_cache(struct page *page, > return true; > } > > +static void page_pool_empty_ring(struct page_pool *pool); > + > /* If the page refcnt == 1, this will try to recycle the page. > * if PP_FLAG_DMA_SYNC_DEV is set, we'll try to sync the DMA area for > * the configured size min(dma_sync_size, pool->max_len). > @@ -572,7 +596,8 @@ __page_pool_put_page(struct page_pool *pool, struct page *page, > page_pool_dma_sync_for_device(pool, page, > dma_sync_size); > > - if (allow_direct && in_softirq() && > + /* During PP shutdown, no direct recycle must occur */ > + if (likely(allow_direct && in_softirq()) && > page_pool_recycle_in_cache(page, pool)) > return NULL; > > @@ -609,6 +634,8 @@ void page_pool_put_defragged_page(struct page_pool *pool, struct page *page, > recycle_stat_inc(pool, ring_full); > page_pool_return_page(pool, page); > } > + if (pool->p.flags & PP_FLAG_SHUTDOWN) > + page_pool_empty_ring(pool); > } > EXPORT_SYMBOL(page_pool_put_defragged_page); > > @@ -648,13 +675,17 @@ void page_pool_put_page_bulk(struct page_pool *pool, void **data, > > /* Hopefully all pages was return into ptr_ring */ > if (likely(i == bulk_len)) > - return; > + goto out; > > /* ptr_ring cache full, free remaining pages outside producer lock > * since put_page() with refcnt == 1 can be an expensive operation > */ > for (; i < bulk_len; i++) > page_pool_return_page(pool, data[i]); > + > +out: > + if (pool->p.flags & PP_FLAG_SHUTDOWN) > + page_pool_empty_ring(pool); > } > EXPORT_SYMBOL(page_pool_put_page_bulk); > > @@ -737,6 +768,7 @@ struct page *page_pool_alloc_frag(struct page_pool *pool, > } > EXPORT_SYMBOL(page_pool_alloc_frag); > > +noinline > static void page_pool_empty_ring(struct page_pool *pool) > { > struct page *page; > @@ -796,39 +828,29 @@ static void page_pool_scrub(struct page_pool *pool) > page_pool_empty_ring(pool); > } So this is not in the diff context, but page_pool_empty_ring() does this: static void page_pool_empty_ring(struct page_pool *pool) { struct page *page; /* Empty recycle ring */ while ((page = ptr_ring_consume_bh(&pool->ring))) { /* Verify the refcnt invariant of cached pages */ if (!(page_ref_count(page) == 1)) pr_crit("%s() page_pool refcnt %d violation\n", __func__, page_ref_count(page)); page_pool_return_page(pool, page); } } ...and with this patch, that page_pool_return_page() call will now free the pool memory entirely when the last page is returned. When it does this, the condition in the while loop will still execute afterwards; it would return false, but if the pool was freed, it's now referencing freed memory when trying to read from pool->ring. So I think page_pool_empty_ring needs to either pull out all the pages in the ring to an on-stack buffer before calling page_pool_return_page() on them, or there needs to be some other way to break the loop early. There are a couple of other places where page_pool_return_page() is called in a loop where the loop variable lives inside struct page_pool, so we need to be absolutely sure they will never be called in the shutdown stage, or they'll have to be fixed as well. > > -static int page_pool_release(struct page_pool *pool) > +noinline > +static int page_pool_free_attempt(struct page_pool *pool, > + u32 hold_cnt, u32 release_cnt) > { > int inflight; > > - page_pool_scrub(pool); > - inflight = page_pool_inflight(pool); > + inflight = __page_pool_inflight(pool, hold_cnt, release_cnt); > if (!inflight) > page_pool_free(pool); > > return inflight; > } > > -static void page_pool_release_retry(struct work_struct *wq) > +static int page_pool_release(struct page_pool *pool) > { > - struct delayed_work *dwq = to_delayed_work(wq); > - struct page_pool *pool = container_of(dwq, typeof(*pool), release_dw); > int inflight; > > - inflight = page_pool_release(pool); > + page_pool_scrub(pool); > + inflight = page_pool_inflight(pool); > if (!inflight) > - return; > - > - /* Periodic warning */ > - if (time_after_eq(jiffies, pool->defer_warn)) { > - int sec = (s32)((u32)jiffies - (u32)pool->defer_start) / HZ; > - > - pr_warn("%s() stalled pool shutdown %d inflight %d sec\n", > - __func__, inflight, sec); > - pool->defer_warn = jiffies + DEFER_WARN_INTERVAL; > - } > + page_pool_free(pool); > > - /* Still not ready to be disconnected, retry later */ > - schedule_delayed_work(&pool->release_dw, DEFER_TIME); > + return inflight; > } > > void page_pool_use_xdp_mem(struct page_pool *pool, void (*disconnect)(void *), > @@ -868,11 +890,13 @@ void page_pool_destroy(struct page_pool *pool) > if (!page_pool_release(pool)) > return; > > - pool->defer_start = jiffies; > - pool->defer_warn = jiffies + DEFER_WARN_INTERVAL; > + /* PP have pages inflight, thus cannot immediately release memory. > + * Enter into shutdown phase. > + */ > + pool->p.flags |= PP_FLAG_SHUTDOWN; I think there's another race here: once the flag is set in this line (does this need a memory barrier, BTW?), another CPU can return the last outstanding page, read the flag and call page_pool_empty_ring(). If this happens before the call to page_pool_empty_ring() below, you'll get a use-after-free. To avoid this, we could artificially bump the pool->hold_cnt *before* setting the flag above; that way we know that the page_pool_empty_ring() won't trigger a release, because inflight pages will never go below 1. And then, below the page_pool_empty_ring() call below, we can add an artificial bump of the release_cnt as well, which means we'll get proper atomic semantics on the counters and only ever release once. I.e.,: > - INIT_DELAYED_WORK(&pool->release_dw, page_pool_release_retry); > - schedule_delayed_work(&pool->release_dw, DEFER_TIME); > + /* Concurrent CPUs could have returned last pages into ptr_ring */ > + page_pool_empty_ring(pool); release_cnt = atomic_inc_return(&pool->pages_state_release_cnt); page_pool_free_attempt(pool, release_cnt); -Toke
