Re: [PATCH v2 2/7] mm: vmscan: make global slab shrink lockless

From: Qi Zheng
Date: Sat Feb 25 2023 - 11:37:59 EST



On 2023/2/26 00:17, Kirill Tkhai wrote:
On 25.02.2023 18:57, Qi Zheng wrote:

<...>
How about this?

diff --git a/mm/vmscan.c b/mm/vmscan.c
index ffddbd204259..9d8c53075298 100644
--- a/mm/vmscan.c
+++ b/mm/vmscan.c
@@ -1012,7 +1012,7 @@ static unsigned long shrink_slab(gfp_t gfp_mask, int nid,
                                  int priority)
  {
         unsigned long ret, freed = 0;
-       struct shrinker *shrinker;
+       struct shrinker *shrinker = NULL;
         int srcu_idx, generation;

         /*
@@ -1025,11 +1025,15 @@ static unsigned long shrink_slab(gfp_t gfp_mask, int nid,
         if (!mem_cgroup_disabled() && !mem_cgroup_is_root(memcg))
                 return shrink_slab_memcg(gfp_mask, nid, memcg, priority);

+again:
         srcu_idx = srcu_read_lock(&shrinker_srcu);

         generation = atomic_read(&shrinker_srcu_generation);
-       list_for_each_entry_srcu(shrinker, &shrinker_list, list,
-                                srcu_read_lock_held(&shrinker_srcu)) {
+       if (!shrinker)
+               shrinker = list_entry_rcu(shrinker_list.next, struct shrinker, list);
+       else
+               shrinker = list_entry_rcu(shrinker->list.next, struct shrinker, list);
+       list_for_each_entry_from_rcu(shrinker, &shrinker_list, list) {
                 struct shrink_control sc = {
                         .gfp_mask = gfp_mask,
                         .nid = nid,
@@ -1042,8 +1046,9 @@ static unsigned long shrink_slab(gfp_t gfp_mask, int nid,
                 freed += ret;

                 if (atomic_read(&shrinker_srcu_generation) != generation) {
-                       freed = freed ? : 1;
-                       break;
+                       srcu_read_unlock(&shrinker_srcu, srcu_idx);

After SRCU in unlocked we can't believe @shrinker anymore. So, above list_entry_rcu(shrinker->list.next)
dereferences some random memory.

Indeed.


+                       cond_resched();
+                       goto again;
                 }
         }


diff --git a/mm/vmscan.c b/mm/vmscan.c
index 27ef9946ae8a..0b197bba1257 100644
--- a/mm/vmscan.c
+++ b/mm/vmscan.c
@@ -204,6 +204,7 @@ static void set_task_reclaim_state(struct task_struct *task,
   LIST_HEAD(shrinker_list);
   DEFINE_MUTEX(shrinker_mutex);
   DEFINE_SRCU(shrinker_srcu);
+static atomic_t shrinker_srcu_generation = ATOMIC_INIT(0);
     #ifdef CONFIG_MEMCG
   static int shrinker_nr_max;
@@ -782,6 +783,7 @@ void unregister_shrinker(struct shrinker *shrinker)
       debugfs_entry = shrinker_debugfs_remove(shrinker);
       mutex_unlock(&shrinker_mutex);
   +    atomic_inc(&shrinker_srcu_generation);
       synchronize_srcu(&shrinker_srcu);
         debugfs_remove_recursive(debugfs_entry);
@@ -799,6 +801,7 @@ EXPORT_SYMBOL(unregister_shrinker);
    */
   void synchronize_shrinkers(void)
   {
+    atomic_inc(&shrinker_srcu_generation);
       synchronize_srcu(&shrinker_srcu);
   }
   EXPORT_SYMBOL(synchronize_shrinkers);
@@ -908,18 +911,19 @@ static unsigned long shrink_slab_memcg(gfp_t gfp_mask, int nid,
   {
       struct shrinker_info *info;
       unsigned long ret, freed = 0;
-    int srcu_idx;
-    int i;
+    int srcu_idx, generation;
+    int i = 0;
         if (!mem_cgroup_online(memcg))
           return 0;
-
+again:
       srcu_idx = srcu_read_lock(&shrinker_srcu);
       info = shrinker_info_srcu(memcg, nid);
       if (unlikely(!info))
           goto unlock;
   -    for_each_set_bit(i, info->map, info->map_nr_max) {
+    generation = atomic_read(&shrinker_srcu_generation);
+    for_each_set_bit_from(i, info->map, info->map_nr_max) {
           struct shrink_control sc = {
               .gfp_mask = gfp_mask,
               .nid = nid,
@@ -965,6 +969,11 @@ static unsigned long shrink_slab_memcg(gfp_t gfp_mask, int nid,
                   set_shrinker_bit(memcg, nid, i);
           }
           freed += ret;
+
+        if (atomic_read(&shrinker_srcu_generation) != generation) {
+            srcu_read_unlock(&shrinker_srcu, srcu_idx);

Maybe we can add the following code here, so as to avoid repeating the
current id and avoid triggering softlockup:

             i++;

This is OK.

             cond_resched();

Possible, existing cond_resched() in do_shrink_slab() is enough.

Yeah.

I will add this patch in the next version. May I mark you as the author
of this patch?

Thanks,
Qi


And this. :)

Thanks,
Qi


Thanks,
Qi

+            goto again;
+        }
       }
   unlock:
       srcu_read_unlock(&shrinker_srcu, srcu_idx);
@@ -1004,7 +1013,7 @@ static unsigned long shrink_slab(gfp_t gfp_mask, int nid,
   {
       unsigned long ret, freed = 0;
       struct shrinker *shrinker;
-    int srcu_idx;
+    int srcu_idx, generation;
         /*
        * The root memcg might be allocated even though memcg is disabled
@@ -1017,6 +1026,7 @@ static unsigned long shrink_slab(gfp_t gfp_mask, int nid,
           return shrink_slab_memcg(gfp_mask, nid, memcg, priority);
         srcu_idx = srcu_read_lock(&shrinker_srcu);
+    generation = atomic_read(&shrinker_srcu_generation);
         list_for_each_entry_srcu(shrinker, &shrinker_list, list,
                    srcu_read_lock_held(&shrinker_srcu)) {
@@ -1030,6 +1040,11 @@ static unsigned long shrink_slab(gfp_t gfp_mask, int nid,
           if (ret == SHRINK_EMPTY)
               ret = 0;
           freed += ret;
+
+        if (atomic_read(&shrinker_srcu_generation) != generation) {
+            freed = freed ? : 1;
+            break;
+        }
       }
         srcu_read_unlock(&shrinker_srcu, srcu_idx);







--
Thanks,
Qi