lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <3fde204b-5dfd-f7dd-cdc9-37c2fabdd723@arm.com>
Date:   Tue, 27 Apr 2021 17:50:00 +0100
From:   Robin Murphy <robin.murphy@....com>
To:     Kai Shen <shenkai8@...wei.com>,
        Catalin Marinas <catalin.marinas@....com>
Cc:     will@...nel.org, linux-arm-kernel@...ts.infradead.org,
        LKML <linux-kernel@...r.kernel.org>, xuwei5@...ilicon.com,
        hewenliang4@...wei.com, wuxu.wu@...wei.com
Subject: Re: [PATCH] arm64:align function __arch_clear_user

On 2021-04-25 03:07, Kai Shen wrote:
> On 2021/4/23 23:37, Catalin Marinas wrote:
>> On Mon, Apr 19, 2021 at 10:05:16AM +0800, Kai Shen wrote:
>>> On 2021/4/14 18:41, Catalin Marinas wrote:
>>>> On Wed, Apr 14, 2021 at 05:25:43PM +0800, Kai Shen wrote:
>>>>> Performance decreases happen in __arch_clear_user when this
>>>>> function is not correctly aligned on HISI-HIP08 arm64 SOC which
>>>>> fetches 32 bytes (8 instructions) from icache with a 32-bytes
>>>>> aligned end address. As a result, if the hot loop is not 32-bytes
>>>>> aligned, it may take more icache fetches which leads to decrease
>>>>> in performance.
>>>>> Dump of assembler code for function __arch_clear_user:
>>>>>          0xffff0000809e3f10 :    nop
>>>>>          0xffff0000809e3f14 :    mov x2, x1
>>>>>          0xffff0000809e3f18 :    subs x1, x1, #0x8
>>>>>          0xffff0000809e3f1c :    b.mi 0xffff0000809e3f30 
>>>>> <__arch_clear_user+3
>>>>> -----  0xffff0000809e3f20 :    str    xzr, [x0],#8
>>>>> hot    0xffff0000809e3f24 :    nop
>>>>> loop   0xffff0000809e3f28 :    subs x1, x1, #0x8
>>>>> -----  0xffff0000809e3f2c :    b.pl  0xffff0000809e3f20 
>>>>> <__arch_clear_user+1
>>>>> The hot loop above takes one icache fetch as the code is in one
>>>>> 32-bytes aligned area and the loop takes one more icache fetch
>>>>> when it is not aligned like below.
>>>>>          0xffff0000809e4178 :   str    xzr, [x0],#8
>>>>>          0xffff0000809e417c :   nop
>>>>>          0xffff0000809e4180 :   subs x1, x1, #0x8
>>>>>          0xffff0000809e4184 :   b.pl  0xffff0000809e4178 
>>>>> <__arch_clear_user+
>>>>> Data collected by perf:
>>>>>                            aligned   not aligned
>>>>>             instructions   57733790     57739065
>>>>>          L1-dcache-store   14938070     13718242
>>>>> L1-dcache-store-misses     349280       349869
>>>>>          L1-icache-loads   15380895     28500665
>>>>> As we can see, L1-icache-loads almost double when the loop is not
>>>>> aligned.

Sure, if the function spans two cache lines, and I$ pressure is so high 
that it gets evicted between each call, then indeed one would expect 
about twice as many fetches in total compared to if the function fits in 
a single line. However, that's not necessarily indicative of visible 
performance - if the predictors and prefetchers can do their jobs well 
enough there could still be little to no impact on actual execution latency.

If you want to use perf to try to justify this, at least drill down into 
more specific events to show that you're really stalling on I$ misses. 
The most convincing argument, though, would be a measured difference in 
actual user-memory-zeroing bandwidth - the fact that you haven't shared 
that, even for your synthetic test, makes me suspect that it's probably 
not as significant and exciting as a supposed "2x" figure... ;)

>>>>> This problem is found in linux 4.19 on HISI-HIP08 arm64 SOC.
>>>>> Not sure what the case is on other arm64 SOC, but it should do
>>>>> no harm.
>>>>> Signed-off-by: Kai Shen <shenkai8@...wei.com>
>>>>
>>>> Do you have a real world workload that's affected by this function?
>>>>
>>>> I'm against adding alignments and nops for specific hardware
>>>> implementations. What about lots of other loops that the compiler may
>>>> generate or that we wrote in asm?
>>>
>>> The benchmark we used which suffer performance decrease:
>>>      https://github.com/redhat-performance/libMicro
>>>      pread $OPTS -N "pread_z1k"    -s 1k    -I 300  -f /dev/zero
>>>      pread $OPTS -N "pread_z10k"    -s 10k    -I 1000 -f /dev/zero
>>>      pread $OPTS -N "pread_z100k"    -s 100k    -I 2000 -f /dev/zero
>>
>> Is there any real world use-case that would benefit from this
>> optimisation? Reading /dev/zero in a loop hardly counts as a practical
>> workload.
>>
> Operations like "dd if=/dev/zero of=/dev/sda1" ?

Surely the write() side of that operation is still going to dominate 
either way? What kind of device would sda be for the whole operation to 
be significantly bottlenecked on *instruction fetch bandwidth* in read()!?

FWIW I'm currently playing about with some changes to this code anyway - 
I'll make sure to check whether function alignment has any noticeable 
impact on the microarchitectures I have to hand.

Robin.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ