Re: [linus:master] [x86] 4817f70c25: stress-ng.mmapaddr.ops_per_sec 63.0% regression

From: Qi Zheng
Date: Wed Jan 29 2025 - 03:14:20 EST

Next message: Joel Granados: "[GIT PULL] sysctl constification changes for v6.14-rc1"
Previous message: Krzysztof Kozlowski: "Re: [PATCH 2/2] MAINTAINERS: Update the documentation file supported for MICROCHIP SSC DRIVER"
In reply to: Rik van Riel: "Re: [linus:master] [x86] 4817f70c25: stress-ng.mmapaddr.ops_per_sec 63.0% regression"
Next in thread: Rik van Riel: "Re: [linus:master] [x86] 4817f70c25: stress-ng.mmapaddr.ops_per_sec 63.0% regression"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Rik,

On 2025/1/29 02:35, Rik van Riel wrote:

On Wed, 2025-01-29 at 01:06 +0800, Qi Zheng wrote:

I did reproduce the performance regression using the following test
program:

stress-ng --timeout 60 --times --verify --metrics --no-rand-seed
--mmapaddr 64

And its call stack is as follows:

bpftrace -e 'k:_raw_spin_unlock_irqrestore {@[kstack,comm]=count();}
interval:s:1 {exit();}'

@[
_raw_spin_unlock_irqrestore+5
free_one_page+85
rcu_do_batch+424
rcu_core+401
handle_softirqs+204
irq_exit_rcu+208

That looks like the RCU freeing somehow bypassing the
per-cpu-pages, and hitting the zone->lock at page free
time, while regular freeing usually puts pages in the
CPU-local free page cache, without the lock?

Take the following call stack as an example:

@[
_raw_spin_unlock_irqrestore+5
free_one_page+85
tlb_remove_table_rcu+140
rcu_do_batch+424
rcu_core+401
handle_softirqs+204
irq_exit_rcu+208
sysvec_apic_timer_interrupt+113
asm_sysvec_apic_timer_interrupt+26
_raw_spin_unlock_irqrestore+29
get_page_from_freelist+2014
__alloc_frozen_pages_noprof+364
alloc_pages_mpol+123
alloc_pages_noprof+14
get_free_pages_noprof+17
__x64_sys_mincore+141
do_syscall_64+98
entry_SYSCALL_64_after_hwframe+118
, stress-ng-mmapa]: 5301

It looks like the following happened:

get_page_from_freelist
--> rmqueue
--> rmqueue_pcplist
--> pcp_spin_trylock (hold the pcp lock)
__rmqueue_pcplist
--> rmqueue_bulk
--> spin_lock_irqsave(&zone->lock)
__rmqueue
spin_unlock_irqrestore(&zone->lock)

<run softirq at this time>

tlb_remove_table_rcu
--> free_frozen_pages
--> pcp = pcp_spin_trylock (failed!!!)
if (!pcp)
free_one_page

It seems that the pcp lock is held when doing tlb_remove_table_rcu(), so
trylock fails, then bypassing PCP and calling free_one_page() directly,
which leads to the hot spot of zone lock.

As for the regular freeing, since the freeing operation will not be
performed in the softirq, the above situation will not occur.

Right?

I'm not quite sure why this would be happening, though.

Maybe the RCU batches are too big for the PCPs to
hold them?

If that is the case, chances are more code paths are
hitting that issue, and we should just fix it, rather
than trying to bypass it.

Maybe the reason is more simple than that?

I have not found a place where it explicitly bypasses
the PCPs, but who knows?

Next message: Joel Granados: "[GIT PULL] sysctl constification changes for v6.14-rc1"
Previous message: Krzysztof Kozlowski: "Re: [PATCH 2/2] MAINTAINERS: Update the documentation file supported for MICROCHIP SSC DRIVER"
In reply to: Rik van Riel: "Re: [linus:master] [x86] 4817f70c25: stress-ng.mmapaddr.ops_per_sec 63.0% regression"
Next in thread: Rik van Riel: "Re: [linus:master] [x86] 4817f70c25: stress-ng.mmapaddr.ops_per_sec 63.0% regression"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]