Re: [PATCH v14 6/6] virtio-balloon: Add support for providing unused page reports to host

From: Michael S. Tsirkin
Date: Sun Dec 01 2019 - 06:46:51 EST

Next message: Federico Vaga: "[PATCH] doc:locking: fix locktorture parameter description"
Previous message: Jonathan Cameron: "Re: [PATCH v2] iio: adc: ad7887: Cleanup channel assignment"
Next in thread: Alexander Duyck: "Re: [PATCH v14 6/6] virtio-balloon: Add support for providing unused page reports to host"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Nov 29, 2019 at 01:13:32PM -0800, Alexander Duyck wrote:
> On Thu, Nov 28, 2019 at 7:26 AM David Hildenbrand <david@xxxxxxxxxx> wrote:
> >
> > On 19.11.19 22:46, Alexander Duyck wrote:
> > > From: Alexander Duyck <alexander.h.duyck@xxxxxxxxxxxxxxx>
> > >
> > > Add support for the page reporting feature provided by virtio-balloon.
> > > Reporting differs from the regular balloon functionality in that is is
> > > much less durable than a standard memory balloon. Instead of creating a
> > > list of pages that cannot be accessed the pages are only inaccessible
> > > while they are being indicated to the virtio interface. Once the
> > > interface has acknowledged them they are placed back into their respective
> > > free lists and are once again accessible by the guest system.
> >
> > Maybe add something like "In contrast to ordinary balloon
> > inflation/deflation, the guest can reuse all reported pages immediately
> > after reporting has finished, without having to notify the hypervisor
> > about it (e.g., VIRTIO_BALLOON_F_MUST_TELL_HOST does not apply)."
>
> Okay. I'll make a note of it for next version.

VIRTIO_BALLOON_F_MUST_TELL_HOST is IMHO misdocumented.
It states:
VIRTIO_BALLOON_F_MUST_TELL_HOST (0) Host has to be told before pages from the balloon are
used.
but really balloon always told host. The difference is in timing,
historically balloon gave up pages before sending the
message and before waiting for the buffer to be used by host.

I think this feature can be the same if we want.

> > [...]
> >
> > > /*
> > > * Balloon device works in 4K page units. So each page is pointed to by
> > > @@ -37,6 +38,9 @@
> > > #define VIRTIO_BALLOON_FREE_PAGE_SIZE \
> > > (1 << (VIRTIO_BALLOON_FREE_PAGE_ORDER + PAGE_SHIFT))
> > >
> > > +/* limit on the number of pages that can be on the reporting vq */
> > > +#define VIRTIO_BALLOON_VRING_HINTS_MAX 16
> >
> > Maybe rename that from HINTS to REPORTS
>
> I'll fix it for the next version.
>
> > > +
> > > #ifdef CONFIG_BALLOON_COMPACTION
> > > static struct vfsmount *balloon_mnt;
> > > #endif
> > > @@ -46,6 +50,7 @@ enum virtio_balloon_vq {
> > > VIRTIO_BALLOON_VQ_DEFLATE,
> > > VIRTIO_BALLOON_VQ_STATS,
> > > VIRTIO_BALLOON_VQ_FREE_PAGE,
> > > + VIRTIO_BALLOON_VQ_REPORTING,
> > > VIRTIO_BALLOON_VQ_MAX
> > > };
> > >
> > > @@ -113,6 +118,10 @@ struct virtio_balloon {
> > >
> > > /* To register a shrinker to shrink memory upon memory pressure */
> > > struct shrinker shrinker;
> > > +
> > > + /* Unused page reporting device */
> >
> > Sounds like the device is unused :D
> >
> > "Device info for reporting unused pages" ?
> >
> > I am in general wondering, should we rename "unused" to "free". I.e.,
> > "free page reporting" instead of "unused page reporting"? Or what was
> > the motivation behind using "unused" ?
>
> I honestly don't remember why I chose "unused" at this point. I can
> switch over to "free" if that is what is preferred.
>
> Looking over the code a bit more I suspect the reason for avoiding it
> is because free page hinting also mentioned reporting in a few spots.
>
> > > + struct virtqueue *reporting_vq;
> > > + struct page_reporting_dev_info pr_dev_info;
> > > };
> > >
> > > static struct virtio_device_id id_table[] = {
> > > @@ -152,6 +161,32 @@ static void tell_host(struct virtio_balloon *vb, struct virtqueue *vq)
> > >
> > > }
> > >
> > > +void virtballoon_unused_page_report(struct page_reporting_dev_info *pr_dev_info,
> > > + unsigned int nents)
> > > +{
> > > + struct virtio_balloon *vb =
> > > + container_of(pr_dev_info, struct virtio_balloon, pr_dev_info);
> > > + struct virtqueue *vq = vb->reporting_vq;
> > > + unsigned int unused, err;
> > > +
> > > + /* We should always be able to add these buffers to an empty queue. */
> >
> > This comment somewhat contradicts the error handling (and comment)
> > below. Maybe just drop it?
> >
> > > + err = virtqueue_add_inbuf(vq, pr_dev_info->sg, nents, vb,
> > > + GFP_NOWAIT | __GFP_NOWARN);
> > > +
> > > + /*
> > > + * In the extremely unlikely case that something has changed and we
> > > + * are able to trigger an error we will simply display a warning
> > > + * and exit without actually processing the pages.
> > > + */
> > > + if (WARN_ON(err))
> > > + return;
> >
> > Maybe WARN_ON_ONCE? (to not flood the log on recurring errors)
>
> Actually I might need to tweak things here a bit. It occurs to me that
> this can fail for more than just there not being space in the ring. I
> forgot that DMA mapping needs to also occur so in the case of a DMA
> mapping failure we would also see an error.

Balloon assumes DMA mapping is bypassed right now:

static int virtballoon_validate(struct virtio_device *vdev)
{
if (!page_poisoning_enabled())
__virtio_clear_bit(vdev, VIRTIO_BALLOON_F_PAGE_POISON);

__virtio_clear_bit(vdev, VIRTIO_F_IOMMU_PLATFORM);

^^^^^^^^

return 0;
}

I don't think it can work with things like a bounce buffer.

> I probably will switch it to a WARN_ON_ONCE. I may also need to add a
> return value to the function so that we can indicate that an entire
> batch has failed and that we need to abort.
>
> > > +
> > > + virtqueue_kick(vq);
> > > +
> > > + /* When host has read buffer, this completes via balloon_ack */
> > > + wait_event(vb->acked, virtqueue_get_buf(vq, &unused));
> >
> > Is it safe to rely on the same ack-ing mechanism as the inflate/deflate
> > queue? What if both mechanisms are used concurrently and race/both wait
> > for the hypervisor?
> >
> > Maybe we need a separate vb->acked + callback function.
>
> So if I understand correctly what is actually happening is that the
> wait event is simply a trigger that will wake us up, and at that point
> we check to see if the buffer we submitted is done. If not we go back
> to sleep. As such all we are really waiting on is the notification
> that the buffers we submitted have been processed. So it is using the
> same function but on a different virtual queue.
>
> > > +}
> > > +
> > > static void set_page_pfns(struct virtio_balloon *vb,
> > > __virtio32 pfns[], struct page *page)
> > > {
> > > @@ -476,6 +511,7 @@ static int init_vqs(struct virtio_balloon *vb)
> > > names[VIRTIO_BALLOON_VQ_DEFLATE] = "deflate";
> > > names[VIRTIO_BALLOON_VQ_STATS] = NULL;
> > > names[VIRTIO_BALLOON_VQ_FREE_PAGE] = NULL;
> > > + names[VIRTIO_BALLOON_VQ_REPORTING] = NULL;
> > >
> > > if (virtio_has_feature(vb->vdev, VIRTIO_BALLOON_F_STATS_VQ)) {
> > > names[VIRTIO_BALLOON_VQ_STATS] = "stats";
> > > @@ -487,11 +523,19 @@ static int init_vqs(struct virtio_balloon *vb)
> > > callbacks[VIRTIO_BALLOON_VQ_FREE_PAGE] = NULL;
> > > }
> > >
> > > + if (virtio_has_feature(vb->vdev, VIRTIO_BALLOON_F_REPORTING)) {
> > > + names[VIRTIO_BALLOON_VQ_REPORTING] = "reporting_vq";
> > > + callbacks[VIRTIO_BALLOON_VQ_REPORTING] = balloon_ack;
> > > + }
> > > +
> > > err = vb->vdev->config->find_vqs(vb->vdev, VIRTIO_BALLOON_VQ_MAX,
> > > vqs, callbacks, names, NULL, NULL);
> > > if (err)
> > > return err;
> > >
> > > + if (virtio_has_feature(vb->vdev, VIRTIO_BALLOON_F_REPORTING))
> > > + vb->reporting_vq = vqs[VIRTIO_BALLOON_VQ_REPORTING];
> > > +
> >
> > I'd register these in the same order they are defined (IOW, move this
> > further down)
>
> done.
>
> > > vb->inflate_vq = vqs[VIRTIO_BALLOON_VQ_INFLATE];
> > > vb->deflate_vq = vqs[VIRTIO_BALLOON_VQ_DEFLATE];
> > > if (virtio_has_feature(vb->vdev, VIRTIO_BALLOON_F_STATS_VQ)) {
> > > @@ -932,12 +976,30 @@ static int virtballoon_probe(struct virtio_device *vdev)
> > > if (err)
> > > goto out_del_balloon_wq;
> > > }
> > > +
> > > + vb->pr_dev_info.report = virtballoon_unused_page_report;
> > > + if (virtio_has_feature(vb->vdev, VIRTIO_BALLOON_F_REPORTING)) {
> > > + unsigned int capacity;
> > > +
> > > + capacity = min_t(unsigned int,
> > > + virtqueue_get_vring_size(vb->reporting_vq),
> > > + VIRTIO_BALLOON_VRING_HINTS_MAX);
> > > + vb->pr_dev_info.capacity = capacity;
> > > +
> > > + err = page_reporting_register(&vb->pr_dev_info);
> > > + if (err)
> > > + goto out_unregister_shrinker;
> > > + }
> >
> > It can happen here that we start reporting before marking the device
> > ready. Can that be problematic?
> >
> > Maybe we have to ignore any reports in virtballoon_unused_page_report()
> > until ready...
>
> I don't think there is an issue with us putting buffers on the ring
> before it is ready. I think it will just cause our function to sleep.
>
> I'm guessing that is the case since init_vqs will add a buffer to the
> stats vq and that happens even earlier in virtballoon_probe.
>
> > > +
> > > virtio_device_ready(vdev);
> > >
> > > if (towards_target(vb))
> > > virtballoon_changed(vdev);
> > > return 0;
> > >
> > > +out_unregister_shrinker:
> > > + if (virtio_has_feature(vb->vdev, VIRTIO_BALLOON_F_DEFLATE_ON_OOM))
> > > + virtio_balloon_unregister_shrinker(vb);
> >
> > A sync is done implicitly, right? So after this call, we won't get any
> > new callbacks/are stuck in a callback.
>
> >From what I can tell a read/write semaphore is used in
> unregister_shrinker when we delete it from the list so it shouldn't be
> an issue.
>
> > > out_del_balloon_wq:
> > > if (virtio_has_feature(vdev, VIRTIO_BALLOON_F_FREE_PAGE_HINT))
> > > destroy_workqueue(vb->balloon_wq);
> > > @@ -966,6 +1028,8 @@ static void virtballoon_remove(struct virtio_device *vdev)
> > > {
> > > struct virtio_balloon *vb = vdev->priv;
> > >
> > > + if (virtio_has_feature(vb->vdev, VIRTIO_BALLOON_F_REPORTING))
> > > + page_reporting_unregister(&vb->pr_dev_info);
> >
> > Dito, same question regarding syncs.
>
> Yes, although for that one I was using pointer deletion, a barrier,
> and a cancel_work_sync since I didn't support a list.
>
> > > if (virtio_has_feature(vb->vdev, VIRTIO_BALLOON_F_DEFLATE_ON_OOM))
> > > virtio_balloon_unregister_shrinker(vb);
> > > spin_lock_irq(&vb->stop_update_lock);
> > > @@ -1038,6 +1102,7 @@ static int virtballoon_validate(struct virtio_device *vdev)
> > > VIRTIO_BALLOON_F_DEFLATE_ON_OOM,
> > > VIRTIO_BALLOON_F_FREE_PAGE_HINT,
> > > VIRTIO_BALLOON_F_PAGE_POISON,
> > > + VIRTIO_BALLOON_F_REPORTING,
> > > };
> > >
> > > static struct virtio_driver virtio_balloon_driver = {
> > > diff --git a/include/uapi/linux/virtio_balloon.h b/include/uapi/linux/virtio_balloon.h
> > > index a1966cd7b677..19974392d324 100644
> > > --- a/include/uapi/linux/virtio_balloon.h
> > > +++ b/include/uapi/linux/virtio_balloon.h
> > > @@ -36,6 +36,7 @@
> > > #define VIRTIO_BALLOON_F_DEFLATE_ON_OOM 2 /* Deflate balloon on OOM */
> > > #define VIRTIO_BALLOON_F_FREE_PAGE_HINT 3 /* VQ to report free pages */
> > > #define VIRTIO_BALLOON_F_PAGE_POISON 4 /* Guest is using page poisoning */
> > > +#define VIRTIO_BALLOON_F_REPORTING 5 /* Page reporting virtqueue */
> > >
> > > /* Size of a PFN in the balloon interface. */
> > > #define VIRTIO_BALLOON_PFN_SHIFT 12
> > >
> > >
> >
> > Small and powerful patch :)
>
> Agreed. Although we will have to see if we can keep it that way.
> Ideally I want to leave this with the ability so specify what size
> scatterlist we receive. However if we have to flip it around then it
> will force us to add logic for chopping up the scatterlist for
> processing in chunks.
>
> Thanks for the review.
>
> - Alex

Next message: Federico Vaga: "[PATCH] doc:locking: fix locktorture parameter description"
Previous message: Jonathan Cameron: "Re: [PATCH v2] iio: adc: ad7887: Cleanup channel assignment"
Next in thread: Alexander Duyck: "Re: [PATCH v14 6/6] virtio-balloon: Add support for providing unused page reports to host"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]