| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 8 Feb 2023 11:45:14 +0100
From: Vlastimil Babka <vbabka@...e.cz>
To: Andrew Morton <akpm@...ux-foundation.org>,
Alexander Halbuer <halbuer@....uni-hannover.de>,
Kees Cook <keescook@...omium.org>,
"linux-hardening@...r.kernel.org" <linux-hardening@...r.kernel.org>
Cc: linux-mm@...ck.org, linux-kernel@...r.kernel.org,
Mel Gorman <mgorman@...hsingularity.net>
Subject: Re: [PATCH] mm: reduce lock contention of pcp buffer refill
On 2/3/23 00:25, Andrew Morton wrote:
> On Wed, 1 Feb 2023 17:25:49 +0100 Alexander Halbuer <halbuer@....uni-hannover.de> wrote:
>
>> The `rmqueue_bulk` function batches the allocation of multiple elements to
>> refill the per-CPU buffers into a single hold of the zone lock. Each
>> element is allocated and checked using the `check_pcp_refill` function.
>> The check touches every related struct page which is especially expensive
>> for higher order allocations (huge pages). This patch reduces the time
>> holding the lock by moving the check out of the critical section similar
>> to the `rmqueue_buddy` function which allocates a single element.
>> Measurements of parallel allocation-heavy workloads show a reduction of
>> the average huge page allocation latency of 50 percent for two cores and
>> nearly 90 percent for 24 cores.
>
> Sounds nice.
>
> Were you able to test how much benefit we get by simply removing the
> check_new_pages() call from rmqueue_bulk()?
>
> Vlastimil, I find this quite confusing:
>
> #ifdef CONFIG_DEBUG_VM
> /*
> * With DEBUG_VM enabled, order-0 pages are checked for expected state when
> * being allocated from pcp lists. With debug_pagealloc also enabled, they are
> * also checked when pcp lists are refilled from the free lists.
> */
> static inline bool check_pcp_refill(struct page *page, unsigned int order)
> {
> if (debug_pagealloc_enabled_static())
> return check_new_pages(page, order);
> else
> return false;
> }
>
> static inline bool check_new_pcp(struct page *page, unsigned int order)
> {
> return check_new_pages(page, order);
> }
> #else
> /*
> * With DEBUG_VM disabled, free order-0 pages are checked for expected state
> * when pcp lists are being refilled from the free lists. With debug_pagealloc
> * enabled, they are also checked when being allocated from the pcp lists.
> */
> static inline bool check_pcp_refill(struct page *page, unsigned int order)
> {
> return check_new_pages(page, order);
> }
> static inline bool check_new_pcp(struct page *page, unsigned int order)
> {
> if (debug_pagealloc_enabled_static())
> return check_new_pages(page, order);
> else
> return false;
> }
> #endif /* CONFIG_DEBUG_VM */
>
> and the 4462b32c9285b5 changelog is a struggle to follow.
>
> Why are we performing *any* checks when CONFIG_DEBUG_VM=n and when
> debug_pagealloc_enabled is false?
Well AFAIK the history was like this
- at first we always did the checks when allocating or freeing a page, even
when it was allocated/freed from the pcplist
- then Mel in 479f854a207c and 4db7548ccbd9 changed it so the checks were
done only when moving between pcplist and zone's freelists, so the
pcplist-cached fast paths were now faster. But that means it may not catch
some errors anymore, so with DEBUG_VM checks were still done on every alloc/free
- my 4462b32c9285b5 changed it so that when debug_pagelloc is boot-time
enabled, the checks happen both on pcplist and zone's freelist alloc/free.
This was mainly to allow enabling the checks on production kernels without
recompiling with DEBUG_VM. But it's a mode where catching the culprit is
more desirable than peak performance
> Anyway, these checks sounds quite costly so let's revisit their
> desirability?
So AFAIK never in the past we went with not doing the checks at all. But
given that by default we don't do them on pcplists for years, and the
majority of allocations are using pcplists, maybe indeed we won't lose much
coverage by not doing the checks at all.
But I wonder also what kernel hardening folks think here - are the hardened
kernels usually built with DEBUG_VM or debug_pagealloc enabled, or would you
like to hook some other kernel option for keeping the checks on page/alloc
free active? And should those checks be done on every alloc/free, including
pcplist cached allocations?
Powered by blists - more mailing lists