[PATCH v14 2/3] sched: Move task_mm_cid_work to mm timer
From: Gabriele Monaco
Date: Mon Jul 07 2025 - 10:49:32 EST
Currently, the task_mm_cid_work function is called in a task work
triggered by a scheduler tick to frequently compact the mm_cids of each
process. This can delay the execution of the corresponding thread for
the entire duration of the function, negatively affecting the response
in case of real time tasks. In practice, we observe task_mm_cid_work
increasing the latency of 30-35us on a 128 cores system, this order of
magnitude is meaningful under PREEMPT_RT.
Run the task_mm_cid_work in a new timer connected to the mm_struct
rather than in the task context before returning to userspace.
This timer is initialised with the mm and disabled before freeing it.
The timer is armed while returning to userspace in
__rseq_handle_notify_resume, with an expiration of MM_CID_SCAN_DELAY.
To make sure this happens predictably also on long running tasks,
trigger a call to __rseq_handle_notify_resume also from the scheduler
tick if the runtime exceeded a 100ms threshold.
The main advantage of this change is that the function can be offloaded
to a different CPU and even preempted by RT tasks.
Moreover, this new behaviour is more predictable with periodic tasks
with short runtime, which may rarely run during a scheduler tick.
Now, the timer is always scheduled when the task returns to userspace.
The timer is disabled during mmdrop, since the function cannot sleep in
all kernel configurations, we cannot wait for a possibly running timer
to terminate. Make sure the mm is valid in case the task is terminating
by reserving it with mmgrab/mmdrop, returning prematurely if the timer
handler is really the last user while it gets to run.
This situation is unlikely since the timer is not armed for exiting
tasks, but it cannot be ruled out.
Fixes: 223baf9d17f2 ("sched: Fix performance regression introduced by mm_cid")
Signed-off-by: Gabriele Monaco <gmonaco@xxxxxxxxxx>
---
include/linux/mm_types.h | 23 +++++++--
include/linux/sched.h | 8 ++-
kernel/rseq.c | 2 +
kernel/sched/core.c | 103 +++++++++++++++++++++------------------
kernel/sched/sched.h | 8 +--
5 files changed, 88 insertions(+), 56 deletions(-)
diff --git a/include/linux/mm_types.h b/include/linux/mm_types.h
index d6b91e8a66d6d..9c159cf70a16c 100644
--- a/include/linux/mm_types.h
+++ b/include/linux/mm_types.h
@@ -990,11 +990,11 @@ struct mm_struct {
*/
struct mm_cid __percpu *pcpu_cid;
/*
- * @mm_cid_next_scan: Next mm_cid scan (in jiffies).
+ * @mm_cid_next_scan: Last mm_cid scan (in jiffies).
*
- * When the next mm_cid scan is due (in jiffies).
+ * When the last mm_cid scan occurred (in jiffies).
*/
- unsigned long mm_cid_next_scan;
+ unsigned long mm_cid_last_scan;
/**
* @nr_cpus_allowed: Number of CPUs allowed for mm.
*
@@ -1017,6 +1017,10 @@ struct mm_struct {
* mm nr_cpus_allowed updates.
*/
raw_spinlock_t cpus_allowed_lock;
+ /*
+ * @cid_timer: Timer to run the mm_cid scan.
+ */
+ struct timer_list cid_timer;
#endif
#ifdef CONFIG_MMU
atomic_long_t pgtables_bytes; /* size of all page tables */
@@ -1321,6 +1325,8 @@ enum mm_cid_state {
MM_CID_LAZY_PUT = (1U << 31),
};
+extern void task_mm_cid_scan(struct timer_list *timer);
+
static inline bool mm_cid_is_unset(int cid)
{
return cid == MM_CID_UNSET;
@@ -1393,12 +1399,14 @@ static inline int mm_alloc_cid_noprof(struct mm_struct *mm, struct task_struct *
if (!mm->pcpu_cid)
return -ENOMEM;
mm_init_cid(mm, p);
+ timer_setup(&mm->cid_timer, task_mm_cid_scan, TIMER_DEFERRABLE);
return 0;
}
#define mm_alloc_cid(...) alloc_hooks(mm_alloc_cid_noprof(__VA_ARGS__))
static inline void mm_destroy_cid(struct mm_struct *mm)
{
+ timer_shutdown(&mm->cid_timer);
free_percpu(mm->pcpu_cid);
mm->pcpu_cid = NULL;
}
@@ -1420,6 +1428,11 @@ static inline void mm_set_cpus_allowed(struct mm_struct *mm, const struct cpumas
WRITE_ONCE(mm->nr_cpus_allowed, cpumask_weight(mm_allowed));
raw_spin_unlock(&mm->cpus_allowed_lock);
}
+
+static inline bool mm_cid_scan_pending(struct mm_struct *mm)
+{
+ return mm && timer_pending(&mm->cid_timer);
+}
#else /* CONFIG_SCHED_MM_CID */
static inline void mm_init_cid(struct mm_struct *mm, struct task_struct *p) { }
static inline int mm_alloc_cid(struct mm_struct *mm, struct task_struct *p) { return 0; }
@@ -1430,6 +1443,10 @@ static inline unsigned int mm_cid_size(void)
return 0;
}
static inline void mm_set_cpus_allowed(struct mm_struct *mm, const struct cpumask *cpumask) { }
+static inline bool mm_cid_scan_pending(struct mm_struct *mm)
+{
+ return false;
+}
#endif /* CONFIG_SCHED_MM_CID */
struct mmu_gather;
diff --git a/include/linux/sched.h b/include/linux/sched.h
index 4f78a64beb52c..e90bc52dece3e 100644
--- a/include/linux/sched.h
+++ b/include/linux/sched.h
@@ -1432,7 +1432,7 @@ struct task_struct {
int last_mm_cid; /* Most recent cid in mm */
int migrate_from_cpu;
int mm_cid_active; /* Whether cid bitmap is active */
- struct callback_head cid_work;
+ unsigned long last_cid_reset; /* Time of last reset in jiffies */
#endif
struct tlbflush_unmap_batch tlb_ubc;
@@ -2277,4 +2277,10 @@ static __always_inline void alloc_tag_restore(struct alloc_tag *tag, struct allo
#define alloc_tag_restore(_tag, _old) do {} while (0)
#endif
+#ifdef CONFIG_SCHED_MM_CID
+extern void task_queue_mm_cid(struct task_struct *curr);
+#else
+static inline void task_queue_mm_cid(struct task_struct *curr) { }
+#endif
+
#endif
diff --git a/kernel/rseq.c b/kernel/rseq.c
index b7a1ec327e811..9ce0f79e35bfb 100644
--- a/kernel/rseq.c
+++ b/kernel/rseq.c
@@ -441,6 +441,8 @@ void __rseq_handle_notify_resume(struct ksignal *ksig, struct pt_regs *regs)
}
if (unlikely(rseq_update_cpu_node_id(t)))
goto error;
+ if (!mm_cid_scan_pending(t->mm))
+ task_queue_mm_cid(t);
return;
error:
diff --git a/kernel/sched/core.c b/kernel/sched/core.c
index ec68fc686bd74..ed316f0a31d9d 100644
--- a/kernel/sched/core.c
+++ b/kernel/sched/core.c
@@ -4542,7 +4542,6 @@ static void __sched_fork(unsigned long clone_flags, struct task_struct *p)
p->wake_entry.u_flags = CSD_TYPE_TTWU;
p->migration_pending = NULL;
#endif
- init_sched_mm_cid(p);
}
DEFINE_STATIC_KEY_FALSE(sched_numa_balancing);
@@ -10594,37 +10593,15 @@ static void sched_mm_cid_remote_clear_weight(struct mm_struct *mm, int cpu,
sched_mm_cid_remote_clear(mm, pcpu_cid, cpu);
}
-static void task_mm_cid_work(struct callback_head *work)
+void task_mm_cid_scan(struct timer_list *timer)
{
- unsigned long now = jiffies, old_scan, next_scan;
- struct task_struct *t = current;
struct cpumask *cidmask;
- struct mm_struct *mm;
+ struct mm_struct *mm = container_of(timer, struct mm_struct, cid_timer);
int weight, cpu;
- WARN_ON_ONCE(t != container_of(work, struct task_struct, cid_work));
-
- work->next = work; /* Prevent double-add */
- if (t->flags & PF_EXITING)
- return;
- mm = t->mm;
- if (!mm)
- return;
- old_scan = READ_ONCE(mm->mm_cid_next_scan);
- next_scan = now + msecs_to_jiffies(MM_CID_SCAN_DELAY);
- if (!old_scan) {
- unsigned long res;
-
- res = cmpxchg(&mm->mm_cid_next_scan, old_scan, next_scan);
- if (res != old_scan)
- old_scan = res;
- else
- old_scan = next_scan;
- }
- if (time_before(now, old_scan))
- return;
- if (!try_cmpxchg(&mm->mm_cid_next_scan, &old_scan, next_scan))
- return;
+ /* We are the last user, process already terminated. */
+ if (atomic_read(&mm->mm_count) == 1)
+ goto out_drop;
cidmask = mm_cidmask(mm);
/* Clear cids that were not recently used. */
for_each_possible_cpu(cpu)
@@ -10636,35 +10613,65 @@ static void task_mm_cid_work(struct callback_head *work)
*/
for_each_possible_cpu(cpu)
sched_mm_cid_remote_clear_weight(mm, cpu, weight);
+ WRITE_ONCE(mm->mm_cid_last_scan, jiffies);
+out_drop:
+ mmdrop(mm);
}
-void init_sched_mm_cid(struct task_struct *t)
+void task_tick_mm_cid(struct rq *rq, struct task_struct *t)
{
- struct mm_struct *mm = t->mm;
- int mm_users = 0;
+ u64 rtime = t->se.sum_exec_runtime - t->se.prev_sum_exec_runtime;
- if (mm) {
- mm_users = atomic_read(&mm->mm_users);
- if (mm_users == 1)
- mm->mm_cid_next_scan = jiffies + msecs_to_jiffies(MM_CID_SCAN_DELAY);
+ /*
+ * If a task is running unpreempted for a long time, it won't get its
+ * mm_cid compacted and won't update its mm_cid value after a
+ * compaction occurs.
+ * For such a task, this function does two things:
+ * A) trigger the mm_cid recompaction,
+ * B) trigger an update of the task's rseq->mm_cid field at some point
+ * after recompaction, so it can get a mm_cid value closer to 0.
+ * A change in the mm_cid triggers an rseq_preempt.
+ *
+ * B occurs once after the compaction work completes, both A and B
+ * don't run as long as the compaction work is pending.
+ */
+ if (!t->mm || (t->flags & (PF_EXITING | PF_KTHREAD)) ||
+ mm_cid_scan_pending(t->mm))
+ return;
+ if (rtime < RSEQ_UNPREEMPTED_THRESHOLD)
+ return;
+ if (time_after(t->mm->mm_cid_last_scan, t->last_cid_reset)) {
+ /* Update mm_cid field */
+ int old_cid = t->mm_cid;
+
+ if (!t->mm_cid_active)
+ return;
+ mm_cid_snapshot_time(rq, t->mm);
+ mm_cid_put_lazy(t);
+ t->last_mm_cid = t->mm_cid = mm_cid_get(rq, t, t->mm);
+ if (old_cid != t->mm_cid)
+ rseq_preempt(t);
+ } else {
+ /* Trigger mm_cid recompaction */
+ rseq_set_notify_resume(t);
}
- t->cid_work.next = &t->cid_work; /* Protect against double add */
- init_task_work(&t->cid_work, task_mm_cid_work);
}
-void task_tick_mm_cid(struct rq *rq, struct task_struct *curr)
+void task_queue_mm_cid(struct task_struct *curr)
{
- struct callback_head *work = &curr->cid_work;
- unsigned long now = jiffies;
+ int requeued;
- if (!curr->mm || (curr->flags & (PF_EXITING | PF_KTHREAD)) ||
- work->next != work)
- return;
- if (time_before(now, READ_ONCE(curr->mm->mm_cid_next_scan)))
- return;
-
- /* No page allocation under rq lock */
- task_work_add(curr, work, TWA_RESUME);
+ /*
+ * @curr must be a user thread and the timer must not be pending.
+ * Access to this timer is not serialised across threads sharing the
+ * same mm: ensure racing threads don't postpone enqueued timers and
+ * don't mmgrab() if they didn't enqueue the timer themselves.
+ * mmgrab() is necessary to ensure the mm exists until the timer runs.
+ */
+ requeued = timer_reduce(&curr->mm->cid_timer,
+ jiffies + msecs_to_jiffies(MM_CID_SCAN_DELAY));
+ if (!requeued && timer_pending(&curr->mm->cid_timer))
+ mmgrab(curr->mm);
}
void sched_mm_cid_exit_signals(struct task_struct *t)
diff --git a/kernel/sched/sched.h b/kernel/sched/sched.h
index 475bb5998295e..3e72323fbde06 100644
--- a/kernel/sched/sched.h
+++ b/kernel/sched/sched.h
@@ -3606,14 +3606,14 @@ extern const char *preempt_modes[];
#define SCHED_MM_CID_PERIOD_NS (100ULL * 1000000) /* 100ms */
#define MM_CID_SCAN_DELAY 100 /* 100ms */
+#define RSEQ_UNPREEMPTED_THRESHOLD SCHED_MM_CID_PERIOD_NS
extern raw_spinlock_t cid_lock;
extern int use_cid_lock;
extern void sched_mm_cid_migrate_from(struct task_struct *t);
extern void sched_mm_cid_migrate_to(struct rq *dst_rq, struct task_struct *t);
-extern void task_tick_mm_cid(struct rq *rq, struct task_struct *curr);
-extern void init_sched_mm_cid(struct task_struct *t);
+extern void task_tick_mm_cid(struct rq *rq, struct task_struct *t);
static inline void __mm_cid_put(struct mm_struct *mm, int cid)
{
@@ -3809,6 +3809,7 @@ static inline int mm_cid_get(struct rq *rq, struct task_struct *t,
int cid;
lockdep_assert_rq_held(rq);
+ t->last_cid_reset = jiffies;
cpumask = mm_cidmask(mm);
cid = __this_cpu_read(pcpu_cid->cid);
if (mm_cid_is_valid(cid)) {
@@ -3881,8 +3882,7 @@ static inline void switch_mm_cid(struct rq *rq,
static inline void switch_mm_cid(struct rq *rq, struct task_struct *prev, struct task_struct *next) { }
static inline void sched_mm_cid_migrate_from(struct task_struct *t) { }
static inline void sched_mm_cid_migrate_to(struct rq *dst_rq, struct task_struct *t) { }
-static inline void task_tick_mm_cid(struct rq *rq, struct task_struct *curr) { }
-static inline void init_sched_mm_cid(struct task_struct *t) { }
+static inline void task_tick_mm_cid(struct rq *rq, struct task_struct *t) { }
#endif /* !CONFIG_SCHED_MM_CID */
extern u64 avg_vruntime(struct cfs_rq *cfs_rq);
--
2.50.0