| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 15 Jun 2024 17:28:55 -0700 From: Yosry Ahmed <yosryahmed@...gle.com> To: Shakeel Butt <shakeel.butt@...ux.dev> Cc: Andrew Morton <akpm@...ux-foundation.org>, Johannes Weiner <hannes@...xchg.org>, Michal Hocko <mhocko@...e.com>, Roman Gushchin <roman.gushchin@...ux.dev>, Jesper Dangaard Brouer <hawk@...nel.org>, Yu Zhao <yuzhao@...gle.com>, Muchun Song <songmuchun@...edance.com>, Facebook Kernel Team <kernel-team@...a.com>, linux-mm@...ck.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH] memcg: use ratelimited stats flush in the reclaim On Sat, Jun 15, 2024 at 1:13 AM Shakeel Butt <shakeel.butt@...ux.dev> wrote: > > The Meta prod is seeing large amount of stalls in memcg stats flush > from the memcg reclaim code path. At the moment, this specific callsite > is doing a synchronous memcg stats flush. The rstat flush is an > expensive and time consuming operation, so concurrent relaimers will > busywait on the lock potentially for a long time. Actually this issue is > not unique to Meta and has been observed by Cloudflare [1] as well. For > the Cloudflare case, the stalls were due to contention between kswapd > threads running on their 8 numa node machines which does not make sense > as rstat flush is global and flush from one kswapd thread should be > sufficient for all. Simply replace the synchronous flush with the > ratelimited one. > > One may raise a concern on potentially using 2 sec stale (at worst) > stats for heuristics like desirable inactive:active ratio and preferring > inactive file pages over anon pages but these specific heuristics do not > require very precise stats and also are ignored under severe memory > pressure. This patch has been running on Meta fleet for more than a > month and we have not observed any issues. Please note that MGLRU is not > impacted by this issue at all as it avoids rstat flushing completely. > > Link: https://lore.kernel.org/all/6ee2518b-81dd-4082-bdf5-322883895ffc@kernel.org [1] > Signed-off-by: Shakeel Butt <shakeel.butt@...ux.dev> > --- > mm/vmscan.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/mm/vmscan.c b/mm/vmscan.c > index c0429fd6c573..bda4f92eba71 100644 > --- a/mm/vmscan.c > +++ b/mm/vmscan.c > @@ -2263,7 +2263,7 @@ static void prepare_scan_control(pg_data_t *pgdat, struct scan_control *sc) > * Flush the memory cgroup stats, so that we read accurate per-memcg > * lruvec stats for heuristics. > */ > - mem_cgroup_flush_stats(sc->target_mem_cgroup); > + mem_cgroup_flush_stats_ratelimited(sc->target_mem_cgroup); I think you already know my opinion about this one :) I don't like it at all, and I will explain why below. I know it may be a necessary evil, but I would like us to make sure there is no other option before going forward with this. Unfortunately, I am travelling this week, so I probably won't be able to follow up on this for a week or so, but I will try to lay down my thoughts as much as I can. Why don't I like this? - From a high level, I don't like the approach of replacing problematic flushing calls with the ratelimited version. It strikes me as a whac-a-mole approach that is mitigating symptoms of a larger problem. - With the added thresholding code, a flush is only done if there is a significant number of pending updates in the relevant subtree. Choosing the ratelimited approach is intentionally ignoring a significant change in stats (although arguably it could be irrelevant stats). - Reclaim code is an iterative process, so not updating the stats on every retry is very counterintuitive. We are retrying reclaim using the same stats and heuristics used by a previous iteration, essentially dismissing the effects of those previous iterations. - Indeterministic behavior like this one is very difficult to debug if it causes problems. The missing updates in the last 2s (or whatever period) could be of any magnitude. We may be ignoring GBs of free/allocated memory. What's worse is, if it causes any problems, tracing it back to this flush will be extremely difficult. What can we do? - Try to make more fundamental improvements to the flushing code (for memcgs or cgroups in general). The per-memcg flushing thresholding is an example of this. For example, if flushing is taking too long because we are flushing all subsystems, it may make sense to have separate rstat trees for separate subsystems. One other thing we can try is add a mutex in the memcg flushing path. I had initially had this in my subtree flushing series [1], but I dropped it as we thought it's not very useful. Currently in mem_cgroup_flush_stats(), we check if there are enough pending updates to flush, then we call cgroup_flush_stats() and spin on the lock. It is possible that while we spin, those pending updates we observed have been flushed. If we add back the mutex like in [1], then once we acquire the mutex we check again to make sure there are still enough stats to flush. [1]https://lore.kernel.org/all/20231010032117.1577496-6-yosryahmed@google.com/ - Try to avoid the need for flushing in this path. I am not sure what approach MGLRU uses to avoid the flush, but if we can do something similar for classic LRUs that would be preferable. I am guessing MGLRU may be maintaining its own stats outside of the rstat framework. - Try to figure out if one (or a few) update paths are regressing all flushers. If one specific stat or stats update path is causing most of the updates, we can try to fix that instead. Especially if it's a counter that is continuously being increased and decreases (so the net change is not as high as we think). At the end of the day, all of the above may not work, and we may have to live with just using the ratelimited approach. But I *really* hope we could actually go the other way. Fix things on a more fundamental level and eventually drop the ratelimited variants completely. Just my 2c. Sorry for the long email :)
Powered by blists - more mailing lists