lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20210806084458.GG6464@techsingularity.net>
Date:   Fri, 6 Aug 2021 09:44:58 +0100
From:   Mel Gorman <mgorman@...hsingularity.net>
To:     Andrew Morton <akpm@...ux-foundation.org>
Cc:     Thomas Gleixner <tglx@...utronix.de>,
        Ingo Molnar <mingo@...nel.org>,
        Vlastimil Babka <vbabka@...e.cz>,
        Hugh Dickins <hughd@...gle.com>,
        Daniel Vacek <neelx.g@...il.com>,
        Linux-MM <linux-mm@...ck.org>,
        Linux-RT-Users <linux-rt-users@...r.kernel.org>,
        LKML <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH 1/1] mm/vmstat: Protect per cpu variables with preempt
 disable on RT

On Thu, Aug 05, 2021 at 04:22:06PM -0700, Andrew Morton wrote:
> On Thu,  5 Aug 2021 17:00:19 +0100 Mel Gorman <mgorman@...hsingularity.net> wrote:
> 
> > From: Ingo Molnar <mingo@...e.hu>
> > 
> > Disable preemption on -RT for the vmstat code. On vanila the code runs
> > in IRQ-off regions while on -RT it may not when stats are updated under
> > a local_lock. "preempt_disable" ensures that the same resources is not
> > updated in parallel due to preemption.
> > 
> > This patch differs from the preempt-rt version where __count_vm_event and
> > __count_vm_events are also protected. The counters are explicitly "allowed
> > to be to be racy" so there is no need to protect them from preemption. Only
> > the accurate page stats that are updated by a read-modify-write need
> > protection. This patch also differs in that a preempt_[en|dis]able_rt
> > helper is not used. As vmstat is the only user of the helper, it was
> > suggested that it be open-coded in vmstat.c instead of risking the helper
> > being used in unnecessary contexts.
> > 
> > ...
> >
> > --- a/mm/vmstat.c
> > +++ b/mm/vmstat.c
> > @@ -319,6 +319,16 @@ void __mod_zone_page_state(struct zone *zone, enum zone_stat_item item,
> >  	long x;
> >  	long t;
> >  
> > +	/*
> > +	 * Accurate vmstat updates require a RMW. On !PREEMPT_RT kernels,
> > +	 * atomicity is provided by IRQs being disabled -- either explicitly
> > +	 * or via local_lock_irq. On PREEMPT_RT, local_lock_irq only disables
> > +	 * CPU migrations and preemption potentially corrupts a counter so
> > +	 * disable preemption.
> > +	 */
> > +	if (IS_ENABLED(CONFIG_PREEMPT_RT))
> > +		preempt_disable();
> 
> This is so obvious I expect it has been discussed, but...  why not
> 
> static inline void preempt_disable_if_rt(void)
> {
> 	if (IS_ENABLED(CONFIG_PREEMPT_RT))
> 		preempt_disable();
> }
> 
> ?
> 

The changelog briefly mentions it "also differs in that a
preempt_[en|dis]able_rt" helper was not used. It is preferred that the RT
helper does not exist and potentially get reused in other contexts that
could have a different solution. Hence, it's open-coded for mm/vmstat.c
even though it looks awkward. Obviously the helper could be in mm/vmstat.c
but the only name that made sense was preempt_[en|dis]able_rt and that
would likely get promoted to a common header for some reason.

The vmstat counters are "special" in that they have to be fast, an
accurate counter must be available cheaply and they are updated from a
mix of IRQ-disabled and local_lock_irq-disabled sections where the latter
only disables CPU migrations (but not preemption) on PREEMPT_RT. It's
not a special case that should be encouraged but is somewhat justified
given how often vmstats get updated and its performance requirements.

The alternative would be to convert vmstat counters to percpu_counters.
It also takes care to protect from IRQ and preempt contexts based on
comments in the code and functionally is very similar to vmstat. However,
based on how it works, I think it would incur a performance regression
as well as having a larger memory footprint. The use of raw IRQ-safe
spinlocks risks parallel update scaling issues that vmstat avoids with
with rmw, cmpxchg and atomics depending on context combined combined with
workqueues to accumulate per-cpu values. Converting to percpu_counters
and then modifying the implementation to be similar to vmstat might work
but would also be high risk with some significant complexities such as
dealing with vmstat shepherd.

Hence, I think the open-coded is justified if somewhat clumsy so indicate
this is a special case we're willing to tolerate but also clumsy enough
that someone trying to copy it will be forced to think heavily about
their problem. The only change I'd like to make to the patch is to

s/See __mod_node_page_state/See __mod_zone_page_state/

which is based on an stupid typo compounded by cut&paste as noted by 
Daniel Vacek.

-- 
Mel Gorman
SUSE Labs

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ