| Message ID | 20231102032330.1036151-8-chengming.zhou@linux.dev |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a59:8f47:0:b0:403:3b70:6f57 with SMTP id j7csp102184vqu;
Wed, 1 Nov 2023 20:27:36 -0700 (PDT)
X-Google-Smtp-Source:
AGHT+IF0ouByK3uaYvZ9ixNQqDwLgAaqfdZ9SFie1k46YTiMN10kuQDFYf3aN4vK+ZivdjTAw6Ji
X-Received: by 2002:a05:6830:3d0e:b0:6c0:7bab:3457 with SMTP id
eu14-20020a0568303d0e00b006c07bab3457mr16561083otb.20.1698895656542;
Wed, 01 Nov 2023 20:27:36 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1698895656; cv=none;
d=google.com; s=arc-20160816;
b=vSRawYDpO1WbSsbioOzhW0bmne/Q2m5b/NDRWOK5AC7B4sFIndA1asyEDnQ1DsLxPZ
RXs0r8jWEn1+O2qlL3wEO7PH/H7kZ8LNJ+SEp2T3/vTovHGti3sQHSvYMnlYFYwsOUPe
4DZ7WqP9U5LqdJbKUgv1G746kyWjBcJ5HhvV8exi3rWgHLR6if671bbribPImiDSCvWW
KSRsjRJRlVARAIXRtoF8E6yZMuVHXl5PmILm80Lwu7VqSvEzXvTwwhQlyvVh3pDBSEvW
sDChXCbZpBmfpONlbJFD33uT53WRDYTcamch48jA6KszT5SJA3u/IptI2/trCUbsm3xo
UTFw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:content-transfer-encoding:mime-version
:references:in-reply-to:message-id:date:subject:cc:to:from
:dkim-signature;
bh=bbgfkr34Ut5bOat3PkSebFKZ4A5Cv7UHaj4yNDSPhuU=;
fh=Dd5ryTbz4gXtDU9jzXqg2hD87XusQgPqunF08GDmhnA=;
b=nQfjh2wnUIeQTVzFBvSSfCCMxzyNUr+xaYeDPTc/wmn2TsfXpi/0xXEQSZPijBO70A
v+/PRxzIddoOItLZjmmvT0TvI1Er/MFJG6+xEBFZ4VNVYOS8PmShdyqY13lW7r2Svr8V
FDTgPbyzo5Qt4CwTN53Gabe5Gf8+e0SBpPOADcO6JGHUqoTnKfZ0fP22AdGvTD4k443L
ENN96+i1ypRntG5cx8h8FZ4khb3pwGDbE8NkPMN6b4YtUMHl1Y2ffPkMGrGep+laaaEt
QBXbnZ/Qb1nqh24k9twTm9KDGm065/BimpkwnstfgBRgw0OvS76jHJ0tymF0nrPtlYhB
xI0Q==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@linux.dev header.s=key1 header.b=gHbx+Mfk;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 23.128.96.35 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.dev
Received: from groat.vger.email (groat.vger.email. [23.128.96.35])
by mx.google.com with ESMTPS id
v129-20020a626187000000b006901387b09bsi2676216pfb.344.2023.11.01.20.27.36
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Wed, 01 Nov 2023 20:27:36 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 23.128.96.35 as permitted sender) client-ip=23.128.96.35;
Authentication-Results: mx.google.com;
dkim=pass header.i=@linux.dev header.s=key1 header.b=gHbx+Mfk;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 23.128.96.35 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.dev
Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0])
by groat.vger.email (Postfix) with ESMTP id 5FBF580314EF;
Wed, 1 Nov 2023 20:27:25 -0700 (PDT)
X-Virus-Status: Clean
X-Virus-Scanned: clamav-milter 0.103.10 at groat.vger.email
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S1348390AbjKBDZY (ORCPT <rfc822;heyuhang3455@gmail.com>
+ 35 others); Wed, 1 Nov 2023 23:25:24 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55802 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S1348397AbjKBDZR (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Wed, 1 Nov 2023 23:25:17 -0400
Received: from out-186.mta1.migadu.com (out-186.mta1.migadu.com
[IPv6:2001:41d0:203:375::ba])
by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 89BB0127
for <linux-kernel@vger.kernel.org>;
Wed, 1 Nov 2023 20:25:11 -0700 (PDT)
X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and
include these headers.
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1;
t=1698895509;
h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
to:to:cc:cc:mime-version:mime-version:
content-transfer-encoding:content-transfer-encoding:
in-reply-to:in-reply-to:references:references;
bh=bbgfkr34Ut5bOat3PkSebFKZ4A5Cv7UHaj4yNDSPhuU=;
b=gHbx+MfkKMaXjWLoeHR6R2/oAAyFc9gfvo3ohtd4K4S4h0A6KE0hMrTwtFkBS0N7jtWhrk
xt6ezAgfua8IzYH47q+ur2/jbneBGFE275j69jA9HgOkeQ4CEUTLkH6FIThRIPBcrygeuj
fPAujlzG9ChYjmdwj+8gHQRxUvZnQVo=
From: chengming.zhou@linux.dev
To: vbabka@suse.cz, cl@linux.com, penberg@kernel.org
Cc: rientjes@google.com, iamjoonsoo.kim@lge.com,
akpm@linux-foundation.org, roman.gushchin@linux.dev,
42.hyeyoo@gmail.com, linux-mm@kvack.org,
linux-kernel@vger.kernel.org, chengming.zhou@linux.dev,
Chengming Zhou <zhouchengming@bytedance.com>
Subject: [PATCH v5 7/9] slub: Optimize deactivate_slab()
Date: Thu, 2 Nov 2023 03:23:28 +0000
Message-Id: <20231102032330.1036151-8-chengming.zhou@linux.dev>
In-Reply-To: <20231102032330.1036151-1-chengming.zhou@linux.dev>
References: <20231102032330.1036151-1-chengming.zhou@linux.dev>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Migadu-Flow: FLOW_OUT
X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,
SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED
autolearn=unavailable autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on groat.vger.email
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-Greylist: Sender passed SPF test,
not delayed by milter-greylist-4.6.4 (groat.vger.email [0.0.0.0]);
Wed, 01 Nov 2023 20:27:25 -0700 (PDT)
X-getmail-retrieved-from-mailbox: INBOX
X-GMAIL-THRID: 1781421211959672411
X-GMAIL-MSGID: 1781421211959672411
|
| Series |
slub: Delay freezing of CPU partial slabs
|
|
Commit Message
Chengming Zhou
Nov. 2, 2023, 3:23 a.m. UTC
From: Chengming Zhou <zhouchengming@bytedance.com> Since the introduce of unfrozen slabs on cpu partial list, we don't need to synchronize the slab frozen state under the node list_lock. The caller of deactivate_slab() and the caller of __slab_free() won't manipulate the slab list concurrently. So we can get node list_lock in the last stage if we really need to manipulate the slab list in this path. Signed-off-by: Chengming Zhou <zhouchengming@bytedance.com> Reviewed-by: Vlastimil Babka <vbabka@suse.cz> Tested-by: Hyeonggon Yoo <42.hyeyoo@gmail.com> --- mm/slub.c | 79 ++++++++++++++++++------------------------------------- 1 file changed, 26 insertions(+), 53 deletions(-)
Comments
On Thu, Nov 2, 2023 at 12:25 PM <chengming.zhou@linux.dev> wrote: > > From: Chengming Zhou <zhouchengming@bytedance.com> > > Since the introduce of unfrozen slabs on cpu partial list, we don't > need to synchronize the slab frozen state under the node list_lock. > > The caller of deactivate_slab() and the caller of __slab_free() won't > manipulate the slab list concurrently. > > So we can get node list_lock in the last stage if we really need to > manipulate the slab list in this path. > > Signed-off-by: Chengming Zhou <zhouchengming@bytedance.com> > Reviewed-by: Vlastimil Babka <vbabka@suse.cz> > Tested-by: Hyeonggon Yoo <42.hyeyoo@gmail.com> > --- > mm/slub.c | 79 ++++++++++++++++++------------------------------------- > 1 file changed, 26 insertions(+), 53 deletions(-) > > diff --git a/mm/slub.c b/mm/slub.c > index bcb5b2c4e213..d137468fe4b9 100644 > --- a/mm/slub.c > +++ b/mm/slub.c > @@ -2468,10 +2468,8 @@ static void init_kmem_cache_cpus(struct kmem_cache *s) > static void deactivate_slab(struct kmem_cache *s, struct slab *slab, > void *freelist) > { > - enum slab_modes { M_NONE, M_PARTIAL, M_FREE, M_FULL_NOLIST }; > struct kmem_cache_node *n = get_node(s, slab_nid(slab)); > int free_delta = 0; > - enum slab_modes mode = M_NONE; > void *nextfree, *freelist_iter, *freelist_tail; > int tail = DEACTIVATE_TO_HEAD; > unsigned long flags = 0; > @@ -2509,65 +2507,40 @@ static void deactivate_slab(struct kmem_cache *s, struct slab *slab, > /* > * Stage two: Unfreeze the slab while splicing the per-cpu > * freelist to the head of slab's freelist. > - * > - * Ensure that the slab is unfrozen while the list presence > - * reflects the actual number of objects during unfreeze. > - * > - * We first perform cmpxchg holding lock and insert to list > - * when it succeed. If there is mismatch then the slab is not > - * unfrozen and number of objects in the slab may have changed. > - * Then release lock and retry cmpxchg again. > */ > -redo: > - > - old.freelist = READ_ONCE(slab->freelist); > - old.counters = READ_ONCE(slab->counters); > - VM_BUG_ON(!old.frozen); > - > - /* Determine target state of the slab */ > - new.counters = old.counters; > - if (freelist_tail) { > - new.inuse -= free_delta; > - set_freepointer(s, freelist_tail, old.freelist); > - new.freelist = freelist; > - } else > - new.freelist = old.freelist; > - > - new.frozen = 0; > + do { > + old.freelist = READ_ONCE(slab->freelist); > + old.counters = READ_ONCE(slab->counters); > + VM_BUG_ON(!old.frozen); > + > + /* Determine target state of the slab */ > + new.counters = old.counters; > + new.frozen = 0; > + if (freelist_tail) { > + new.inuse -= free_delta; > + set_freepointer(s, freelist_tail, old.freelist); > + new.freelist = freelist; > + } else { > + new.freelist = old.freelist; > + } > + } while (!slab_update_freelist(s, slab, > + old.freelist, old.counters, > + new.freelist, new.counters, > + "unfreezing slab")); > > + /* > + * Stage three: Manipulate the slab list based on the updated state. > + */ deactivate_slab() might unconsciously put empty slabs into partial list, like: deactivate_slab() __slab_free() cmpxchg(), slab's not empty cmpxchg(), slab's empty and unfrozen spin_lock(&n->list_lock) (slab's empty but not on partial list, spin_unlock(&n->list_lock) and return) spin_lock(&n->list_lock) put slab into partial list spin_unlock(&n->list_lock) IMHO it should be fine in the real world, but just wanted to mention as it doesn't seem to be intentional. Otherwise it looks good to me! > if (!new.inuse && n->nr_partial >= s->min_partial) { > - mode = M_FREE; > + stat(s, DEACTIVATE_EMPTY); > + discard_slab(s, slab); > + stat(s, FREE_SLAB); > } else if (new.freelist) { > - mode = M_PARTIAL; > - /* > - * Taking the spinlock removes the possibility that > - * acquire_slab() will see a slab that is frozen > - */ > spin_lock_irqsave(&n->list_lock, flags); > - } else { > - mode = M_FULL_NOLIST; > - } > - > - > - if (!slab_update_freelist(s, slab, > - old.freelist, old.counters, > - new.freelist, new.counters, > - "unfreezing slab")) { > - if (mode == M_PARTIAL) > - spin_unlock_irqrestore(&n->list_lock, flags); > - goto redo; > - } > - > - > - if (mode == M_PARTIAL) { > add_partial(n, slab, tail); > spin_unlock_irqrestore(&n->list_lock, flags); > stat(s, tail); > - } else if (mode == M_FREE) { > - stat(s, DEACTIVATE_EMPTY); > - discard_slab(s, slab); > - stat(s, FREE_SLAB); > - } else if (mode == M_FULL_NOLIST) { > + } else { > stat(s, DEACTIVATE_FULL); > } > } > -- > 2.20.1 >
On 2023/12/3 17:23, Hyeonggon Yoo wrote: > On Thu, Nov 2, 2023 at 12:25 PM <chengming.zhou@linux.dev> wrote: >> >> From: Chengming Zhou <zhouchengming@bytedance.com> >> >> Since the introduce of unfrozen slabs on cpu partial list, we don't >> need to synchronize the slab frozen state under the node list_lock. >> >> The caller of deactivate_slab() and the caller of __slab_free() won't >> manipulate the slab list concurrently. >> >> So we can get node list_lock in the last stage if we really need to >> manipulate the slab list in this path. >> >> Signed-off-by: Chengming Zhou <zhouchengming@bytedance.com> >> Reviewed-by: Vlastimil Babka <vbabka@suse.cz> >> Tested-by: Hyeonggon Yoo <42.hyeyoo@gmail.com> >> --- >> mm/slub.c | 79 ++++++++++++++++++------------------------------------- >> 1 file changed, 26 insertions(+), 53 deletions(-) >> >> diff --git a/mm/slub.c b/mm/slub.c >> index bcb5b2c4e213..d137468fe4b9 100644 >> --- a/mm/slub.c >> +++ b/mm/slub.c >> @@ -2468,10 +2468,8 @@ static void init_kmem_cache_cpus(struct kmem_cache *s) >> static void deactivate_slab(struct kmem_cache *s, struct slab *slab, >> void *freelist) >> { >> - enum slab_modes { M_NONE, M_PARTIAL, M_FREE, M_FULL_NOLIST }; >> struct kmem_cache_node *n = get_node(s, slab_nid(slab)); >> int free_delta = 0; >> - enum slab_modes mode = M_NONE; >> void *nextfree, *freelist_iter, *freelist_tail; >> int tail = DEACTIVATE_TO_HEAD; >> unsigned long flags = 0; >> @@ -2509,65 +2507,40 @@ static void deactivate_slab(struct kmem_cache *s, struct slab *slab, >> /* >> * Stage two: Unfreeze the slab while splicing the per-cpu >> * freelist to the head of slab's freelist. >> - * >> - * Ensure that the slab is unfrozen while the list presence >> - * reflects the actual number of objects during unfreeze. >> - * >> - * We first perform cmpxchg holding lock and insert to list >> - * when it succeed. If there is mismatch then the slab is not >> - * unfrozen and number of objects in the slab may have changed. >> - * Then release lock and retry cmpxchg again. >> */ >> -redo: >> - >> - old.freelist = READ_ONCE(slab->freelist); >> - old.counters = READ_ONCE(slab->counters); >> - VM_BUG_ON(!old.frozen); >> - >> - /* Determine target state of the slab */ >> - new.counters = old.counters; >> - if (freelist_tail) { >> - new.inuse -= free_delta; >> - set_freepointer(s, freelist_tail, old.freelist); >> - new.freelist = freelist; >> - } else >> - new.freelist = old.freelist; >> - >> - new.frozen = 0; >> + do { >> + old.freelist = READ_ONCE(slab->freelist); >> + old.counters = READ_ONCE(slab->counters); >> + VM_BUG_ON(!old.frozen); >> + >> + /* Determine target state of the slab */ >> + new.counters = old.counters; >> + new.frozen = 0; >> + if (freelist_tail) { >> + new.inuse -= free_delta; >> + set_freepointer(s, freelist_tail, old.freelist); >> + new.freelist = freelist; >> + } else { >> + new.freelist = old.freelist; >> + } >> + } while (!slab_update_freelist(s, slab, >> + old.freelist, old.counters, >> + new.freelist, new.counters, >> + "unfreezing slab")); >> >> + /* >> + * Stage three: Manipulate the slab list based on the updated state. >> + */ > > deactivate_slab() might unconsciously put empty slabs into partial list, like: > > deactivate_slab() __slab_free() > cmpxchg(), slab's not empty > cmpxchg(), slab's empty > and unfrozen Hi, Sorry, but I don't get it here how __slab_free() can see the slab empty, since the slab is not empty from deactivate_slab() path, and it can't be used by any CPU at that time? Thanks for review! > spin_lock(&n->list_lock) > (slab's empty but not > on partial list, > > spin_unlock(&n->list_lock) and return) > spin_lock(&n->list_lock) > put slab into partial list > spin_unlock(&n->list_lock) > > IMHO it should be fine in the real world, but just wanted to > mention as it doesn't seem to be intentional. > > Otherwise it looks good to me! > >> if (!new.inuse && n->nr_partial >= s->min_partial) { >> - mode = M_FREE; >> + stat(s, DEACTIVATE_EMPTY); >> + discard_slab(s, slab); >> + stat(s, FREE_SLAB); >> } else if (new.freelist) { >> - mode = M_PARTIAL; >> - /* >> - * Taking the spinlock removes the possibility that >> - * acquire_slab() will see a slab that is frozen >> - */ >> spin_lock_irqsave(&n->list_lock, flags); >> - } else { >> - mode = M_FULL_NOLIST; >> - } >> - >> - >> - if (!slab_update_freelist(s, slab, >> - old.freelist, old.counters, >> - new.freelist, new.counters, >> - "unfreezing slab")) { >> - if (mode == M_PARTIAL) >> - spin_unlock_irqrestore(&n->list_lock, flags); >> - goto redo; >> - } >> - >> - >> - if (mode == M_PARTIAL) { >> add_partial(n, slab, tail); >> spin_unlock_irqrestore(&n->list_lock, flags); >> stat(s, tail); >> - } else if (mode == M_FREE) { >> - stat(s, DEACTIVATE_EMPTY); >> - discard_slab(s, slab); >> - stat(s, FREE_SLAB); >> - } else if (mode == M_FULL_NOLIST) { >> + } else { >> stat(s, DEACTIVATE_FULL); >> } >> } >> -- >> 2.20.1 >>
On Sun, Dec 3, 2023 at 7:26 PM Chengming Zhou <chengming.zhou@linux.dev> wrote: > > On 2023/12/3 17:23, Hyeonggon Yoo wrote: > > On Thu, Nov 2, 2023 at 12:25 PM <chengming.zhou@linux.dev> wrote: > >> > >> From: Chengming Zhou <zhouchengming@bytedance.com> > >> > >> Since the introduce of unfrozen slabs on cpu partial list, we don't > >> need to synchronize the slab frozen state under the node list_lock. > >> > >> The caller of deactivate_slab() and the caller of __slab_free() won't > >> manipulate the slab list concurrently. > >> > >> So we can get node list_lock in the last stage if we really need to > >> manipulate the slab list in this path. > >> > >> Signed-off-by: Chengming Zhou <zhouchengming@bytedance.com> > >> Reviewed-by: Vlastimil Babka <vbabka@suse.cz> > >> Tested-by: Hyeonggon Yoo <42.hyeyoo@gmail.com> > >> --- > >> mm/slub.c | 79 ++++++++++++++++++------------------------------------- > >> 1 file changed, 26 insertions(+), 53 deletions(-) > >> > >> diff --git a/mm/slub.c b/mm/slub.c > >> index bcb5b2c4e213..d137468fe4b9 100644 > >> --- a/mm/slub.c > >> +++ b/mm/slub.c > >> @@ -2468,10 +2468,8 @@ static void init_kmem_cache_cpus(struct kmem_cache *s) > >> static void deactivate_slab(struct kmem_cache *s, struct slab *slab, > >> void *freelist) > >> { > >> - enum slab_modes { M_NONE, M_PARTIAL, M_FREE, M_FULL_NOLIST }; > >> struct kmem_cache_node *n = get_node(s, slab_nid(slab)); > >> int free_delta = 0; > >> - enum slab_modes mode = M_NONE; > >> void *nextfree, *freelist_iter, *freelist_tail; > >> int tail = DEACTIVATE_TO_HEAD; > >> unsigned long flags = 0; > >> @@ -2509,65 +2507,40 @@ static void deactivate_slab(struct kmem_cache *s, struct slab *slab, > >> /* > >> * Stage two: Unfreeze the slab while splicing the per-cpu > >> * freelist to the head of slab's freelist. > >> - * > >> - * Ensure that the slab is unfrozen while the list presence > >> - * reflects the actual number of objects during unfreeze. > >> - * > >> - * We first perform cmpxchg holding lock and insert to list > >> - * when it succeed. If there is mismatch then the slab is not > >> - * unfrozen and number of objects in the slab may have changed. > >> - * Then release lock and retry cmpxchg again. > >> */ > >> -redo: > >> - > >> - old.freelist = READ_ONCE(slab->freelist); > >> - old.counters = READ_ONCE(slab->counters); > >> - VM_BUG_ON(!old.frozen); > >> - > >> - /* Determine target state of the slab */ > >> - new.counters = old.counters; > >> - if (freelist_tail) { > >> - new.inuse -= free_delta; > >> - set_freepointer(s, freelist_tail, old.freelist); > >> - new.freelist = freelist; > >> - } else > >> - new.freelist = old.freelist; > >> - > >> - new.frozen = 0; > >> + do { > >> + old.freelist = READ_ONCE(slab->freelist); > >> + old.counters = READ_ONCE(slab->counters); > >> + VM_BUG_ON(!old.frozen); > >> + > >> + /* Determine target state of the slab */ > >> + new.counters = old.counters; > >> + new.frozen = 0; > >> + if (freelist_tail) { > >> + new.inuse -= free_delta; > >> + set_freepointer(s, freelist_tail, old.freelist); > >> + new.freelist = freelist; > >> + } else { > >> + new.freelist = old.freelist; > >> + } > >> + } while (!slab_update_freelist(s, slab, > >> + old.freelist, old.counters, > >> + new.freelist, new.counters, > >> + "unfreezing slab")); > >> > >> + /* > >> + * Stage three: Manipulate the slab list based on the updated state. > >> + */ > > > > deactivate_slab() might unconsciously put empty slabs into partial list, like: > > > > deactivate_slab() __slab_free() > > cmpxchg(), slab's not empty > > cmpxchg(), slab's empty > > and unfrozen > > Hi, > > Sorry, but I don't get it here how __slab_free() can see the slab empty, > since the slab is not empty from deactivate_slab() path, and it can't be > used by any CPU at that time? The scenario is CPU B previously allocated an object from slab X, but put it into node partial list and then CPU A have taken slab X into cpu slab. While slab X is CPU A's cpu slab, when CPU B frees an object from slab X, it puts the object into slab X's freelist using cmpxchg. Let's say in CPU A the deactivation path performs cmpxchg and X.inuse was 1, and then CPU B frees (__slab_free()) to slab X's freelist using cmpxchg, _before_ slab X's put into partial list by CPU A. Then CPU A thinks it's not empty so put it into partial list, but by CPU B the slab has become empty. Maybe I am confused, in that case please tell me I'm wrong :) Thanks! -- Hyeonggon
On 2023/12/3 19:19, Hyeonggon Yoo wrote: > On Sun, Dec 3, 2023 at 7:26 PM Chengming Zhou <chengming.zhou@linux.dev> wrote: >> >> On 2023/12/3 17:23, Hyeonggon Yoo wrote: >>> On Thu, Nov 2, 2023 at 12:25 PM <chengming.zhou@linux.dev> wrote: >>>> >>>> From: Chengming Zhou <zhouchengming@bytedance.com> >>>> >>>> Since the introduce of unfrozen slabs on cpu partial list, we don't >>>> need to synchronize the slab frozen state under the node list_lock. >>>> >>>> The caller of deactivate_slab() and the caller of __slab_free() won't >>>> manipulate the slab list concurrently. >>>> >>>> So we can get node list_lock in the last stage if we really need to >>>> manipulate the slab list in this path. >>>> >>>> Signed-off-by: Chengming Zhou <zhouchengming@bytedance.com> >>>> Reviewed-by: Vlastimil Babka <vbabka@suse.cz> >>>> Tested-by: Hyeonggon Yoo <42.hyeyoo@gmail.com> >>>> --- >>>> mm/slub.c | 79 ++++++++++++++++++------------------------------------- >>>> 1 file changed, 26 insertions(+), 53 deletions(-) >>>> >>>> diff --git a/mm/slub.c b/mm/slub.c >>>> index bcb5b2c4e213..d137468fe4b9 100644 >>>> --- a/mm/slub.c >>>> +++ b/mm/slub.c >>>> @@ -2468,10 +2468,8 @@ static void init_kmem_cache_cpus(struct kmem_cache *s) >>>> static void deactivate_slab(struct kmem_cache *s, struct slab *slab, >>>> void *freelist) >>>> { >>>> - enum slab_modes { M_NONE, M_PARTIAL, M_FREE, M_FULL_NOLIST }; >>>> struct kmem_cache_node *n = get_node(s, slab_nid(slab)); >>>> int free_delta = 0; >>>> - enum slab_modes mode = M_NONE; >>>> void *nextfree, *freelist_iter, *freelist_tail; >>>> int tail = DEACTIVATE_TO_HEAD; >>>> unsigned long flags = 0; >>>> @@ -2509,65 +2507,40 @@ static void deactivate_slab(struct kmem_cache *s, struct slab *slab, >>>> /* >>>> * Stage two: Unfreeze the slab while splicing the per-cpu >>>> * freelist to the head of slab's freelist. >>>> - * >>>> - * Ensure that the slab is unfrozen while the list presence >>>> - * reflects the actual number of objects during unfreeze. >>>> - * >>>> - * We first perform cmpxchg holding lock and insert to list >>>> - * when it succeed. If there is mismatch then the slab is not >>>> - * unfrozen and number of objects in the slab may have changed. >>>> - * Then release lock and retry cmpxchg again. >>>> */ >>>> -redo: >>>> - >>>> - old.freelist = READ_ONCE(slab->freelist); >>>> - old.counters = READ_ONCE(slab->counters); >>>> - VM_BUG_ON(!old.frozen); >>>> - >>>> - /* Determine target state of the slab */ >>>> - new.counters = old.counters; >>>> - if (freelist_tail) { >>>> - new.inuse -= free_delta; >>>> - set_freepointer(s, freelist_tail, old.freelist); >>>> - new.freelist = freelist; >>>> - } else >>>> - new.freelist = old.freelist; >>>> - >>>> - new.frozen = 0; >>>> + do { >>>> + old.freelist = READ_ONCE(slab->freelist); >>>> + old.counters = READ_ONCE(slab->counters); >>>> + VM_BUG_ON(!old.frozen); >>>> + >>>> + /* Determine target state of the slab */ >>>> + new.counters = old.counters; >>>> + new.frozen = 0; >>>> + if (freelist_tail) { >>>> + new.inuse -= free_delta; >>>> + set_freepointer(s, freelist_tail, old.freelist); >>>> + new.freelist = freelist; >>>> + } else { >>>> + new.freelist = old.freelist; >>>> + } >>>> + } while (!slab_update_freelist(s, slab, >>>> + old.freelist, old.counters, >>>> + new.freelist, new.counters, >>>> + "unfreezing slab")); >>>> >>>> + /* >>>> + * Stage three: Manipulate the slab list based on the updated state. >>>> + */ >>> >>> deactivate_slab() might unconsciously put empty slabs into partial list, like: >>> >>> deactivate_slab() __slab_free() >>> cmpxchg(), slab's not empty >>> cmpxchg(), slab's empty >>> and unfrozen >> >> Hi, >> >> Sorry, but I don't get it here how __slab_free() can see the slab empty, >> since the slab is not empty from deactivate_slab() path, and it can't be >> used by any CPU at that time? > > The scenario is CPU B previously allocated an object from slab X, but > put it into node partial list and then CPU A have taken slab X into cpu slab. > > While slab X is CPU A's cpu slab, when CPU B frees an object from slab X, > it puts the object into slab X's freelist using cmpxchg. > > Let's say in CPU A the deactivation path performs cmpxchg and X.inuse was 1, > and then CPU B frees (__slab_free()) to slab X's freelist using cmpxchg, > _before_ slab X's put into partial list by CPU A. > > Then CPU A thinks it's not empty so put it into partial list, but by CPU B > the slab has become empty. > > Maybe I am confused, in that case please tell me I'm wrong :) > Ah, you're right! I misunderstood the slab "empty" with "full". :) Yes, in this case the "empty" slab would be put into the node partial list, and it should be fine in the real world as you noted earlier. Thanks!
On 12/3/23 10:23, Hyeonggon Yoo wrote: > On Thu, Nov 2, 2023 at 12:25 PM <chengming.zhou@linux.dev> wrote: >> >> From: Chengming Zhou <zhouchengming@bytedance.com> >> >> Since the introduce of unfrozen slabs on cpu partial list, we don't >> need to synchronize the slab frozen state under the node list_lock. >> >> The caller of deactivate_slab() and the caller of __slab_free() won't >> manipulate the slab list concurrently. >> >> So we can get node list_lock in the last stage if we really need to >> manipulate the slab list in this path. >> >> Signed-off-by: Chengming Zhou <zhouchengming@bytedance.com> >> Reviewed-by: Vlastimil Babka <vbabka@suse.cz> >> Tested-by: Hyeonggon Yoo <42.hyeyoo@gmail.com> >> --- >> mm/slub.c | 79 ++++++++++++++++++------------------------------------- >> 1 file changed, 26 insertions(+), 53 deletions(-) >> >> diff --git a/mm/slub.c b/mm/slub.c >> index bcb5b2c4e213..d137468fe4b9 100644 >> --- a/mm/slub.c >> +++ b/mm/slub.c >> @@ -2468,10 +2468,8 @@ static void init_kmem_cache_cpus(struct kmem_cache *s) >> static void deactivate_slab(struct kmem_cache *s, struct slab *slab, >> void *freelist) >> { >> - enum slab_modes { M_NONE, M_PARTIAL, M_FREE, M_FULL_NOLIST }; >> struct kmem_cache_node *n = get_node(s, slab_nid(slab)); >> int free_delta = 0; >> - enum slab_modes mode = M_NONE; >> void *nextfree, *freelist_iter, *freelist_tail; >> int tail = DEACTIVATE_TO_HEAD; >> unsigned long flags = 0; >> @@ -2509,65 +2507,40 @@ static void deactivate_slab(struct kmem_cache *s, struct slab *slab, >> /* >> * Stage two: Unfreeze the slab while splicing the per-cpu >> * freelist to the head of slab's freelist. >> - * >> - * Ensure that the slab is unfrozen while the list presence >> - * reflects the actual number of objects during unfreeze. >> - * >> - * We first perform cmpxchg holding lock and insert to list >> - * when it succeed. If there is mismatch then the slab is not >> - * unfrozen and number of objects in the slab may have changed. >> - * Then release lock and retry cmpxchg again. >> */ >> -redo: >> - >> - old.freelist = READ_ONCE(slab->freelist); >> - old.counters = READ_ONCE(slab->counters); >> - VM_BUG_ON(!old.frozen); >> - >> - /* Determine target state of the slab */ >> - new.counters = old.counters; >> - if (freelist_tail) { >> - new.inuse -= free_delta; >> - set_freepointer(s, freelist_tail, old.freelist); >> - new.freelist = freelist; >> - } else >> - new.freelist = old.freelist; >> - >> - new.frozen = 0; >> + do { >> + old.freelist = READ_ONCE(slab->freelist); >> + old.counters = READ_ONCE(slab->counters); >> + VM_BUG_ON(!old.frozen); >> + >> + /* Determine target state of the slab */ >> + new.counters = old.counters; >> + new.frozen = 0; >> + if (freelist_tail) { >> + new.inuse -= free_delta; >> + set_freepointer(s, freelist_tail, old.freelist); >> + new.freelist = freelist; >> + } else { >> + new.freelist = old.freelist; >> + } >> + } while (!slab_update_freelist(s, slab, >> + old.freelist, old.counters, >> + new.freelist, new.counters, >> + "unfreezing slab")); >> >> + /* >> + * Stage three: Manipulate the slab list based on the updated state. >> + */ > > deactivate_slab() might unconsciously put empty slabs into partial list, like: > > deactivate_slab() __slab_free() > cmpxchg(), slab's not empty > cmpxchg(), slab's empty > and unfrozen > spin_lock(&n->list_lock) > (slab's empty but not > on partial list, > > spin_unlock(&n->list_lock) and return) > spin_lock(&n->list_lock) > put slab into partial list > spin_unlock(&n->list_lock) > > IMHO it should be fine in the real world, but just wanted to > mention as it doesn't seem to be intentional. I've noticed it too during review, but then realized it's not a new behavior, same thing could happen with deactivate_slab() already before the series. Free slabs on partial list are supported, we even keep some intentionally as long as "n->nr_partial < s->min_partial" (and that check is racy too), so no need to try making this more strict. > Otherwise it looks good to me! Good enough for a reviewed-by? :)
On Tue, Dec 5, 2023 at 2:55 AM Vlastimil Babka <vbabka@suse.cz> wrote: > > On 12/3/23 10:23, Hyeonggon Yoo wrote: > > On Thu, Nov 2, 2023 at 12:25 PM <chengming.zhou@linux.dev> wrote: > >> > >> From: Chengming Zhou <zhouchengming@bytedance.com> > >> > >> Since the introduce of unfrozen slabs on cpu partial list, we don't > >> need to synchronize the slab frozen state under the node list_lock. > >> > >> The caller of deactivate_slab() and the caller of __slab_free() won't > >> manipulate the slab list concurrently. > >> > >> So we can get node list_lock in the last stage if we really need to > >> manipulate the slab list in this path. > >> > >> Signed-off-by: Chengming Zhou <zhouchengming@bytedance.com> > >> Reviewed-by: Vlastimil Babka <vbabka@suse.cz> > >> Tested-by: Hyeonggon Yoo <42.hyeyoo@gmail.com> > >> --- > >> mm/slub.c | 79 ++++++++++++++++++------------------------------------- > >> 1 file changed, 26 insertions(+), 53 deletions(-) > >> > >> diff --git a/mm/slub.c b/mm/slub.c > >> index bcb5b2c4e213..d137468fe4b9 100644 > >> --- a/mm/slub.c > >> +++ b/mm/slub.c > >> @@ -2468,10 +2468,8 @@ static void init_kmem_cache_cpus(struct kmem_cache *s) > >> static void deactivate_slab(struct kmem_cache *s, struct slab *slab, > >> void *freelist) > >> { > >> - enum slab_modes { M_NONE, M_PARTIAL, M_FREE, M_FULL_NOLIST }; > >> struct kmem_cache_node *n = get_node(s, slab_nid(slab)); > >> int free_delta = 0; > >> - enum slab_modes mode = M_NONE; > >> void *nextfree, *freelist_iter, *freelist_tail; > >> int tail = DEACTIVATE_TO_HEAD; > >> unsigned long flags = 0; > >> @@ -2509,65 +2507,40 @@ static void deactivate_slab(struct kmem_cache *s, struct slab *slab, > >> /* > >> * Stage two: Unfreeze the slab while splicing the per-cpu > >> * freelist to the head of slab's freelist. > >> - * > >> - * Ensure that the slab is unfrozen while the list presence > >> - * reflects the actual number of objects during unfreeze. > >> - * > >> - * We first perform cmpxchg holding lock and insert to list > >> - * when it succeed. If there is mismatch then the slab is not > >> - * unfrozen and number of objects in the slab may have changed. > >> - * Then release lock and retry cmpxchg again. > >> */ > >> -redo: > >> - > >> - old.freelist = READ_ONCE(slab->freelist); > >> - old.counters = READ_ONCE(slab->counters); > >> - VM_BUG_ON(!old.frozen); > >> - > >> - /* Determine target state of the slab */ > >> - new.counters = old.counters; > >> - if (freelist_tail) { > >> - new.inuse -= free_delta; > >> - set_freepointer(s, freelist_tail, old.freelist); > >> - new.freelist = freelist; > >> - } else > >> - new.freelist = old.freelist; > >> - > >> - new.frozen = 0; > >> + do { > >> + old.freelist = READ_ONCE(slab->freelist); > >> + old.counters = READ_ONCE(slab->counters); > >> + VM_BUG_ON(!old.frozen); > >> + > >> + /* Determine target state of the slab */ > >> + new.counters = old.counters; > >> + new.frozen = 0; > >> + if (freelist_tail) { > >> + new.inuse -= free_delta; > >> + set_freepointer(s, freelist_tail, old.freelist); > >> + new.freelist = freelist; > >> + } else { > >> + new.freelist = old.freelist; > >> + } > >> + } while (!slab_update_freelist(s, slab, > >> + old.freelist, old.counters, > >> + new.freelist, new.counters, > >> + "unfreezing slab")); > >> > >> + /* > >> + * Stage three: Manipulate the slab list based on the updated state. > >> + */ > > > > deactivate_slab() might unconsciously put empty slabs into partial list, like: > > > > deactivate_slab() __slab_free() > > cmpxchg(), slab's not empty > > cmpxchg(), slab's empty > > and unfrozen > > spin_lock(&n->list_lock) > > (slab's empty but not > > on partial list, > > > > spin_unlock(&n->list_lock) and return) > > spin_lock(&n->list_lock) > > put slab into partial list > > spin_unlock(&n->list_lock) > > > > IMHO it should be fine in the real world, but just wanted to > > mention as it doesn't seem to be intentional. > > I've noticed it too during review, but then realized it's not a new > behavior, same thing could happen with deactivate_slab() already before the > series. Ah, you are right. > Free slabs on partial list are supported, we even keep some > intentionally as long as "n->nr_partial < s->min_partial" (and that check is > racy too) so no need to try making this more strict. Agreed. > > Otherwise it looks good to me! > > Good enough for a reviewed-by? :) Yes, Reviewed-by: Hyeonggon Yoo <42.hyeyoo@gmail.com> Thanks! -- Hyeonggon
diff --git a/mm/slub.c b/mm/slub.c index bcb5b2c4e213..d137468fe4b9 100644 --- a/mm/slub.c +++ b/mm/slub.c @@ -2468,10 +2468,8 @@ static void init_kmem_cache_cpus(struct kmem_cache *s) static void deactivate_slab(struct kmem_cache *s, struct slab *slab, void *freelist) { - enum slab_modes { M_NONE, M_PARTIAL, M_FREE, M_FULL_NOLIST }; struct kmem_cache_node *n = get_node(s, slab_nid(slab)); int free_delta = 0; - enum slab_modes mode = M_NONE; void *nextfree, *freelist_iter, *freelist_tail; int tail = DEACTIVATE_TO_HEAD; unsigned long flags = 0; @@ -2509,65 +2507,40 @@ static void deactivate_slab(struct kmem_cache *s, struct slab *slab, /* * Stage two: Unfreeze the slab while splicing the per-cpu * freelist to the head of slab's freelist. - * - * Ensure that the slab is unfrozen while the list presence - * reflects the actual number of objects during unfreeze. - * - * We first perform cmpxchg holding lock and insert to list - * when it succeed. If there is mismatch then the slab is not - * unfrozen and number of objects in the slab may have changed. - * Then release lock and retry cmpxchg again. */ -redo: - - old.freelist = READ_ONCE(slab->freelist); - old.counters = READ_ONCE(slab->counters); - VM_BUG_ON(!old.frozen); - - /* Determine target state of the slab */ - new.counters = old.counters; - if (freelist_tail) { - new.inuse -= free_delta; - set_freepointer(s, freelist_tail, old.freelist); - new.freelist = freelist; - } else - new.freelist = old.freelist; - - new.frozen = 0; + do { + old.freelist = READ_ONCE(slab->freelist); + old.counters = READ_ONCE(slab->counters); + VM_BUG_ON(!old.frozen); + + /* Determine target state of the slab */ + new.counters = old.counters; + new.frozen = 0; + if (freelist_tail) { + new.inuse -= free_delta; + set_freepointer(s, freelist_tail, old.freelist); + new.freelist = freelist; + } else { + new.freelist = old.freelist; + } + } while (!slab_update_freelist(s, slab, + old.freelist, old.counters, + new.freelist, new.counters, + "unfreezing slab")); + /* + * Stage three: Manipulate the slab list based on the updated state. + */ if (!new.inuse && n->nr_partial >= s->min_partial) { - mode = M_FREE; + stat(s, DEACTIVATE_EMPTY); + discard_slab(s, slab); + stat(s, FREE_SLAB); } else if (new.freelist) { - mode = M_PARTIAL; - /* - * Taking the spinlock removes the possibility that - * acquire_slab() will see a slab that is frozen - */ spin_lock_irqsave(&n->list_lock, flags); - } else { - mode = M_FULL_NOLIST; - } - - - if (!slab_update_freelist(s, slab, - old.freelist, old.counters, - new.freelist, new.counters, - "unfreezing slab")) { - if (mode == M_PARTIAL) - spin_unlock_irqrestore(&n->list_lock, flags); - goto redo; - } - - - if (mode == M_PARTIAL) { add_partial(n, slab, tail); spin_unlock_irqrestore(&n->list_lock, flags); stat(s, tail); - } else if (mode == M_FREE) { - stat(s, DEACTIVATE_EMPTY); - discard_slab(s, slab); - stat(s, FREE_SLAB); - } else if (mode == M_FULL_NOLIST) { + } else { stat(s, DEACTIVATE_FULL); } }