[RHEL7,COMMIT] mm/mem_cgroup_iter: Always assign iter->last_visited under rcu

Submitted by Vasily Averin on March 3, 2021, 6:26 a.m.


Message ID 202103030626.1236Q6Ks009169@vz7build.vvs.sw.ru
State New
Series "mm/mem_cgroup_iter: Reduce the number of iterator restarts upon cgroup removals"
Headers show

Commit Message

Vasily Averin March 3, 2021, 6:26 a.m.
The commit is pushed to "branch-rh7-3.10.0-1160.15.2.vz7.173.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-1160.15.2.vz7.173.1
commit c9fa6de3805a9083bac9889d1bda0f7d07cd6fd5
Author: Konstantin Khorenko <khorenko@virtuozzo.com>
Date:   Wed Mar 3 09:26:06 2021 +0300

    mm/mem_cgroup_iter: Always assign iter->last_visited under rcu
    Patch-set description:
    May thanks to Kirill Tkhai for his bright ideas and review!
    Problem description from the user point of view:
      * the Node is slow
      * the Node has a lot of free RAM
      * the Node has a lot of swapin/swapout
      * kswapd is always running
    Problem in a nutshell from technical point of view:
      * kswapd is looping in shrink_zone() inside the loop
          do {} while ((memcg = mem_cgroup_iter(root, memcg, &reclaim)));
        (and never goes trough the outer loop)
      * there are a quite a number of memory cgroups of the Node (~1000)
      * some cgroups are hard to reclaim (reclaim may take ~3 seconds),
        this is because of very busy disk due to permanent swapin/swapout
      * mem_cgroup_iter() does not have success scanning all cgroups
        in a row, it restarts from the root cgroup one time after
        another (after different number of cgroups scanned)
    Q: Why does mem_cgroup_iter() restart from the root memcg?
    A: Because it is invalidated once some memory cgroup is
       destroyed on the Node.
       Note: ANY memory cgroup destroy on the Node leads to iter
    The following patchset solves this problem in the following way:
    there is no need to restart the iter until we see the iter has
    the position which is exactly the memory cgroup being destroyed.
    The patchset ensures the iter->last_visited is NULL-ified on
    invalidation and thus restarts only in the unlikely case when
    the iter points to the memcg being destroyed.
    Testing: i've tested this patchset using modified kernel which breaks
    the memcg iterator in case of global reclaim with probability of 2%.
    3 kernels have been tested: "release", KASAN-only, "debug" kernels.
    Each worked for 12 hours, no issues, from 12000 to 26000 races were
    caught during this period (i.e. dying memcg was found in some iterator
    and wiped).
    The testing scenario is documented in the jira issue.
    +++ Current patch description:
    It's quite strange to have rcu section in mem_cgroup_iter(),
    but do not use rcu_dereference/rcu_assign for pointers being defended.
    We plan to access/assign '->last_visited' during iterator invalidation,
    so we'll need the protection there anyway.
    Signed-off-by: Konstantin Khorenko <khorenko@virtuozzo.com>
    Reviewed-by: Kirill Tkhai <ktkhai@virtuozzo.com>
 mm/memcontrol.c | 18 ++++++++++++++----
 1 file changed, 14 insertions(+), 4 deletions(-)

Patch hide | download patch | download mbox

diff --git a/mm/memcontrol.c b/mm/memcontrol.c
index 804d644..4d25cd3 100644
--- a/mm/memcontrol.c
+++ b/mm/memcontrol.c
@@ -194,8 +194,18 @@  struct mem_cgroup_reclaim_iter {
 	 * last scanned hierarchy member. Valid only if last_dead_count
 	 * matches memcg->dead_count of the hierarchy root group.
+	 *
+	 * Memory pointed by 'last_visited' is freed not earlier than
+	 * one rcu period after we accessed it:
+	 *   cgroup_offline_fn()
+	 *    offline_css()
+	 *    list_del_rcu()
+	 *    dput()
+	 *    ...
+	 *     cgroup_diput()
+	 *      call_rcu(&cgrp->rcu_head, cgroup_free_rcu)
-	struct mem_cgroup *last_visited;
+	struct mem_cgroup __rcu *last_visited;
 	unsigned long last_dead_count;
 	/* scan generation, increased every round-trip */
@@ -1594,7 +1604,7 @@  mem_cgroup_iter_load(struct mem_cgroup_reclaim_iter *iter,
 	*sequence = atomic_read(&root->dead_count);
 	if (iter->last_dead_count == *sequence) {
-		position = iter->last_visited;
+		position = rcu_dereference(iter->last_visited);
 		 * We cannot take a reference to root because we might race
@@ -1622,7 +1632,7 @@  static void mem_cgroup_iter_update(struct mem_cgroup_reclaim_iter *iter,
 	 * don't lose destruction events in between.  We could have
 	 * raced with the destruction of @new_position after all.
-	iter->last_visited = new_position;
+	rcu_assign_pointer(iter->last_visited, new_position);
 	iter->last_dead_count = sequence;
@@ -1683,7 +1693,7 @@  struct mem_cgroup *mem_cgroup_iter(struct mem_cgroup *root,
 			mz = mem_cgroup_zoneinfo(root, nid, zid);
 			iter = &mz->reclaim_iter[reclaim->priority];
 			if (prev && reclaim->generation != iter->generation) {
-				iter->last_visited = NULL;
+				rcu_assign_pointer(iter->last_visited, NULL);
 				goto out_unlock;