Re: [PATCH net-next v3 2/5] mm: add a signature in struct page

From: Ilias Apalodimas
Date: Mon Apr 19 2021 - 14:41:16 EST

Next message: Luigi Rizzo: "[PATCH] smp: add a best_effort version of smp_call_function_many()"
Previous message: Wesley Cheng: "Re: [PATCH] usb: dwc3: gadget: Avoid canceling current request for queuing error"
In reply to: Shakeel Butt: "Re: [PATCH net-next v3 2/5] mm: add a signature in struct page"
Next in thread: Jesper Dangaard Brouer: "Re: [PATCH net-next v3 2/5] mm: add a signature in struct page"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Apr 19, 2021 at 09:21:55AM -0700, Shakeel Butt wrote:
> On Mon, Apr 19, 2021 at 8:43 AM Ilias Apalodimas
> <ilias.apalodimas@xxxxxxxxxx> wrote:
> >
> [...]
> > > Pages mapped into the userspace have their refcnt elevated, so the
> > > page_ref_count() check by the drivers indicates to not reuse such
> > > pages.
> > >
> >
> > When tcp_zerocopy_receive() is invoked it will call tcp_zerocopy_vm_insert_batch()
> > which will end up doing a get_page().
> > What you are saying is that once the zerocopy is done though, skb_release_data()
> > won't be called, but instead put_page() will be? If that's the case then we are
> > indeed leaking DMA mappings and memory. That sounds weird though, since the
> > refcnt will be one in that case (zerocopy will do +1/-1 once it's done), so who
> > eventually frees the page?
> > If kfree_skb() (or any wrapper that calls skb_release_data()) is called
> > eventually, we'll end up properly recycling the page into our pool.
> >
>
> From what I understand (Eric, please correct me if I'm wrong) for
> simple cases there are 3 page references taken. One by the driver,
> second by skb and third by page table.
>
> In tcp_zerocopy_receive(), tcp_zerocopy_vm_insert_batch() gets one
> page ref through insert_page_into_pte_locked(). However before
> returning from tcp_zerocopy_receive(), the skb references are dropped
> through tcp_recv_skb(). So, whenever the user unmaps the page and
> drops the page ref only then that page can be reused by the driver.
>
> In my understanding, for zerocopy rx the skb_release_data() is called
> on the pages while they are still mapped into the userspace. So,
> skb_release_data() might not be the right place to recycle the page
> for zerocopy. The email chain at [1] has some discussion on how to
> bundle the recycling of pages with their lifetime.
>
> [1] https://lore.kernel.org/linux-mm/20210316013003.25271-1-arjunroy.kdev@xxxxxxxxx/

Ah right, you mentioned the same email before and I completely forgot about
it! In the past we had thoughts of 'stealing' the page on put_page instead of
skb_release_data(). We were afraid that this would cause a measurable
performance hit, so we tried to limit it within the skb lifecycle.

However I don't think this will be a problem. Assuming we are right here and
skb_release_data() is called while the userspace holds an extra reference from
the mapping here's what will happen:

skb_release_data() -> skb_free_head() -> page_pool_return_skb_page() ->
set_page_private() -> xdp_return_skb_frame() -> __xdp_return() ->
page_pool_put_full_page() -> page_pool_put_page() -> __page_pool_put_page()

When we call __page_pool_put_page(), the refcnt will be != 1 (because a user
mapping is still active), so we won't try to recycle it. Instead we'll remove
the DMA mappings and decrease the refcnt.

So although the recycling won't 'work', nothing bad will happen (famous last
words).

In any case, I'll double check with the test you pointed out before v4.

Thanks!
/Ilias

Next message: Luigi Rizzo: "[PATCH] smp: add a best_effort version of smp_call_function_many()"
Previous message: Wesley Cheng: "Re: [PATCH] usb: dwc3: gadget: Avoid canceling current request for queuing error"
In reply to: Shakeel Butt: "Re: [PATCH net-next v3 2/5] mm: add a signature in struct page"
Next in thread: Jesper Dangaard Brouer: "Re: [PATCH net-next v3 2/5] mm: add a signature in struct page"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]