From: "Paul E. McKenney" <paulmck@kernel.org>
To: "Jason A. Donenfeld" <Jason@zx2c4.com>
Cc: Jakub Kicinski <kuba@kernel.org>,
Julia Lawall <Julia.Lawall@inria.fr>,
linux-block@vger.kernel.org, kernel-janitors@vger.kernel.org,
bridge@lists.linux.dev, linux-trace-kernel@vger.kernel.org,
Mathieu Desnoyers <mathieu.desnoyers@efficios.com>,
kvm@vger.kernel.org, linuxppc-dev@lists.ozlabs.org,
"Naveen N. Rao" <naveen.n.rao@linux.ibm.com>,
Christophe Leroy <christophe.leroy@csgroup.eu>,
Nicholas Piggin <npiggin@gmail.com>,
netdev@vger.kernel.org, wireguard@lists.zx2c4.com,
linux-kernel@vger.kernel.org, ecryptfs@vger.kernel.org,
Neil Brown <neilb@suse.de>, Olga Kornievskaia <kolga@netapp.com>,
Dai Ngo <Dai.Ngo@oracle.com>, Tom Talpey <tom@talpey.com>,
linux-nfs@vger.kernel.org, linux-can@vger.kernel.org,
Lai Jiangshan <jiangshanlai@gmail.com>,
netfilter-devel@vger.kernel.org, coreteam@netfilter.org,
Vlastimil Babka <vbabka@suse.cz>
Subject: Re: [PATCH 00/14] replace call_rcu by kfree_rcu for simple kmem_cache_free callback
Date: Thu, 13 Jun 2024 05:46:11 -0700 [thread overview]
Message-ID: <e06440e2-9121-4c92-8bf2-945977987052@paulmck-laptop> (raw)
In-Reply-To: <Zmrkkel0Fo4_g75a@zx2c4.com>
On Thu, Jun 13, 2024 at 02:22:41PM +0200, Jason A. Donenfeld wrote:
> On Wed, Jun 12, 2024 at 08:38:02PM -0700, Paul E. McKenney wrote:
> > o Make the current kmem_cache_destroy() asynchronously wait for
> > all memory to be returned, then complete the destruction.
> > (This gets rid of a valuable debugging technique because
> > in normal use, it is a bug to attempt to destroy a kmem_cache
> > that has objects still allocated.)
> >
> > o Make a kmem_cache_destroy_rcu() that asynchronously waits for
> > all memory to be returned, then completes the destruction.
> > (This raises the question of what to is it takes a "long time"
> > for the objects to be freed.)
>
> These seem like the best two options.
I like them myself, but much depends on how much violence they do to
the slab subsystem and to debuggability.
> > o Make a kmem_cache_free_barrier() that blocks until all
> > objects in the specified kmem_cache have been freed.
> >
> > o Make a kmem_cache_destroy_wait() that waits for all memory to
> > be returned, then does the destruction. This is equivalent to:
> >
> > kmem_cache_free_barrier(&mycache);
> > kmem_cache_destroy(&mycache);
>
> These also seem fine, but I'm less keen about blocking behavior.
One advantage of the blocking behavior is that it pinpoints memory
leaks from that slab. On the other hand, one can argue that you want
this to block during testing but to be asynchronous in production.
Borrowing someone else's hand, there are probably lots of other arguments
one can make.
> Though, along the ideas of kmem_cache_destroy_rcu(), you might also
> consider renaming this last one to kmem_cache_destroy_rcu_wait/barrier().
> This way, it's RCU focused, and you can deal directly with the question
> of, "how long is too long to block/to memleak?"
Good point!
> Specifically what I mean is that we can still claim a memory leak has
> occurred if one batched kfree_rcu freeing grace period has elapsed since
> the last call to kmem_cache_destroy_rcu_wait/barrier() or
> kmem_cache_destroy_rcu(). In that case, you quit blocking, or you quit
> asynchronously waiting, and then you splat about a memleak like we have
> now.
How about a kmem_cache_destroy_rcu() that marks that specified cache
for destruction, and then a kmem_cache_destroy_barrier() that waits?
I took the liberty of adding your name to the Google document [1] and
adding this section:
kmem_cache_destroy_rcu/_barrier()
The idea here is to provide a asynchronous
kmem_cache_destroy_rcu() as described above along with a
kmem_cache_destroy_barrier() that waits for the destruction
of all prior kmem_cache instances previously passed
to kmem_cache_destroy_rcu(). Alternatively, could
return a cookie that could be passed into a later call to
kmem_cache_destroy_barrier(). This alternative has the
advantage of isolating which kmem_cache instance is suffering
the memory leak.
Please let me know if either liberty is in any way problematic.
> But then, if that mechanism generally works, we don't really need a new
> function and we can just go with the first option of making
> kmem_cache_destroy() asynchronously wait. It'll wait, as you described,
> but then we adjust the tail of every kfree_rcu batch freeing cycle to
> check if there are _still_ any old outstanding kmem_cache_destroy()
> requests. If so, then we can splat and keep the old debugging info we
> currently have for finding memleaks.
The mechanism can always be sabotaged by memory-leak bugs on the part
of the user of the kmem_cache structure in play, right?
OK, but I see your point. I added this to the existing
"kmem_cache_destroy() Lingers for kfree_rcu()" section:
One way of preserving this debugging information is to splat if
all of the slab’s memory has not been freed within a reasonable
timeframe, perhaps the same 21 seconds that causes an RCU CPU
stall warning.
Does that capture it?
Thanx, Paul
[1] https://docs.google.com/document/d/1v0rcZLvvjVGejT3523W0rDy_sLFu2LWc_NR3fQItZaA/edit?usp=sharing
next prev parent reply other threads:[~2024-06-13 12:46 UTC|newest]
Thread overview: 68+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-06-09 8:27 Julia Lawall
2024-06-09 8:27 ` [PATCH 01/14] wireguard: allowedips: " Julia Lawall
2024-06-09 14:32 ` Jason A. Donenfeld
2024-06-09 14:36 ` Julia Lawall
2024-06-10 20:38 ` Vlastimil Babka
2024-06-10 20:59 ` Jason A. Donenfeld
2024-06-12 21:33 ` [PATCH 00/14] " Jakub Kicinski
2024-06-12 22:37 ` Paul E. McKenney
2024-06-12 22:46 ` Jakub Kicinski
2024-06-12 22:52 ` Jens Axboe
2024-06-12 23:04 ` Paul E. McKenney
2024-06-12 23:31 ` Jason A. Donenfeld
2024-06-13 0:31 ` Jason A. Donenfeld
2024-06-13 3:38 ` Paul E. McKenney
2024-06-13 12:22 ` Jason A. Donenfeld
2024-06-13 12:46 ` Paul E. McKenney [this message]
2024-06-13 14:11 ` Jason A. Donenfeld
2024-06-13 15:12 ` Paul E. McKenney
2024-06-17 15:10 ` Vlastimil Babka
2024-06-17 16:12 ` Paul E. McKenney
2024-06-17 17:23 ` Vlastimil Babka
2024-06-17 18:42 ` Uladzislau Rezki
2024-06-17 21:08 ` Vlastimil Babka
2024-06-18 9:31 ` Uladzislau Rezki
2024-06-18 16:48 ` Paul E. McKenney
2024-06-18 17:21 ` Vlastimil Babka
2024-06-18 17:53 ` Paul E. McKenney
2024-06-19 9:28 ` Vlastimil Babka
2024-06-19 16:46 ` Paul E. McKenney
2024-06-21 9:32 ` Uladzislau Rezki
2024-07-15 20:39 ` Vlastimil Babka
2024-07-24 13:53 ` Paul E. McKenney
2024-07-24 14:40 ` Vlastimil Babka
2024-10-08 16:41 ` Vlastimil Babka
2024-10-08 20:02 ` Paul E. McKenney
2024-10-09 17:08 ` Julia Lawall
2024-10-09 21:02 ` Paul E. McKenney
2024-06-19 9:51 ` Uladzislau Rezki
2024-06-19 9:56 ` Vlastimil Babka
2024-06-19 11:22 ` Uladzislau Rezki
2024-06-17 18:54 ` Paul E. McKenney
2024-06-17 21:34 ` Vlastimil Babka
2024-06-13 14:17 ` Jakub Kicinski
2024-06-13 14:53 ` Paul E. McKenney
2024-06-13 11:58 ` Jason A. Donenfeld
2024-06-13 12:47 ` Paul E. McKenney
2024-06-13 13:06 ` Uladzislau Rezki
2024-06-13 15:06 ` Paul E. McKenney
2024-06-13 17:38 ` Uladzislau Rezki
2024-06-13 17:45 ` Paul E. McKenney
2024-06-13 17:58 ` Uladzislau Rezki
2024-06-13 18:13 ` Paul E. McKenney
2024-06-14 12:35 ` Uladzislau Rezki
2024-06-14 14:17 ` Paul E. McKenney
2024-06-14 14:50 ` Uladzislau Rezki
2024-06-14 19:33 ` Jason A. Donenfeld
2024-06-17 13:50 ` Uladzislau Rezki
2024-06-17 14:56 ` Jason A. Donenfeld
2024-06-17 16:30 ` Uladzislau Rezki
2024-06-17 16:33 ` Jason A. Donenfeld
2024-06-17 16:38 ` Vlastimil Babka
2024-06-17 17:04 ` Jason A. Donenfeld
2024-06-17 21:19 ` Vlastimil Babka
2024-06-17 16:42 ` Uladzislau Rezki
2024-06-17 16:57 ` Jason A. Donenfeld
2024-06-17 17:19 ` Uladzislau Rezki
2024-06-17 14:37 ` Vlastimil Babka
2024-10-08 16:36 ` Vlastimil Babka
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=e06440e2-9121-4c92-8bf2-945977987052@paulmck-laptop \
--to=paulmck@kernel.org \
--cc=Dai.Ngo@oracle.com \
--cc=Jason@zx2c4.com \
--cc=Julia.Lawall@inria.fr \
--cc=bridge@lists.linux.dev \
--cc=christophe.leroy@csgroup.eu \
--cc=coreteam@netfilter.org \
--cc=ecryptfs@vger.kernel.org \
--cc=jiangshanlai@gmail.com \
--cc=kernel-janitors@vger.kernel.org \
--cc=kolga@netapp.com \
--cc=kuba@kernel.org \
--cc=kvm@vger.kernel.org \
--cc=linux-block@vger.kernel.org \
--cc=linux-can@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-nfs@vger.kernel.org \
--cc=linux-trace-kernel@vger.kernel.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=mathieu.desnoyers@efficios.com \
--cc=naveen.n.rao@linux.ibm.com \
--cc=neilb@suse.de \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=npiggin@gmail.com \
--cc=tom@talpey.com \
--cc=vbabka@suse.cz \
--cc=wireguard@lists.zx2c4.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).