Re: [RFC PATCH] xfs: fix per-cpu CIL structure aggregation racing with dying cpus

From: Dave Chinner
Date: Mon Aug 21 2023 - 01:18:06 EST

Next message: Christophe Leroy: "Re: [PATCH v4 21/28] net: wan: Add framer framework support"
Previous message: Vaibhav Jain: "Re: [PATCH] powerpc: Enable generic cpu idle-loop"
Next in thread: Darrick J. Wong: "Re: [RFC PATCH] xfs: fix per-cpu CIL structure aggregation racing with dying cpus"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Aug 04, 2023 at 03:38:54PM -0700, Darrick J. Wong wrote:
> From: Darrick J. Wong <djwong@xxxxxxxxxx>
>
> In commit 7c8ade2121200 ("xfs: implement percpu cil space used
> calculation"), the XFS committed (log) item list code was converted to
> use per-cpu lists and space tracking to reduce cpu contention when
> multiple threads are modifying different parts of the filesystem and
> hence end up contending on the log structures during transaction commit.
> Each CPU tracks its own commit items and space usage, and these do not
> have to be merged into the main CIL until either someone wants to push
> the CIL items, or we run over a soft threshold and switch to slower (but
> more accurate) accounting with atomics.
>
> Unfortunately, the for_each_cpu iteration suffers from the same race
> with cpu dying problem that was identified in commit 8b57b11cca88f
> ("pcpcntrs: fix dying cpu summation race") -- CPUs are removed from
> cpu_online_mask before the CPUHP_XFS_DEAD callback gets called. As a
> result, both CIL percpu structure aggregation functions fail to collect
> the items and accounted space usage at the correct point in time.
>
> If we're lucky, the items that are collected from the online cpus exceed
> the space given to those cpus, and the log immediately shuts down in
> xlog_cil_insert_items due to the (apparent) log reservation overrun.
> This happens periodically with generic/650, which exercises cpu hotplug
> vs. the filesystem code.
>
> Applying the same sort of fix from 8b57b11cca88f to the CIL code seems
> to make the generic/650 problem go away, but I've been told that tglx
> was not happy when he saw:
>
> "...the only thing we actually need to care about is that
> percpu_counter_sum() iterates dying CPUs. That's trivial to do, and when
> there are no CPUs dying, it has no addition overhead except for a
> cpumask_or() operation."
>
> I have no idea what the /correct/ solution is, but I've been holding on
> to this patch for 3 months. In that time, 8b57b11cca88 hasn't been
> reverted and cpu_dying_mask hasn't been removed, so I'm sending this and
> we'll see what happens.
>
> So, how /do/ we perform periodic aggregation of per-cpu data safely?
> Move the xlog_cil_pcp_dead call to the dying section, where at least the
> other cpus will all be stopped? And have it dump its items into any
> online cpu's data structure?

I suspect that we have to stop using for_each_*cpu() and hotplug
notifiers altogether for this code.

That is, we simply create our own bitmap for nr_possible_cpus in the
CIL checkpoint context we allocate for each checkpoint (i.e. the
struct xfs_cil_ctx). When we store something on that CPU for that
CIL context, we set the corresponding bit for that CPU. Then when we
are aggregating the checkpoint, we simply walk all the cpus with the
"has items" bit set and grab everything.

This gets rid of the need for hotplug notifiers completely - we just
don't care if the CPU is online or offline when we sweep the CIL
context for items at push time - if the bit is set then there's
stuff to sweep...

-Dave.
--
Dave Chinner
david@xxxxxxxxxxxxx

Next message: Christophe Leroy: "Re: [PATCH v4 21/28] net: wan: Add framer framework support"
Previous message: Vaibhav Jain: "Re: [PATCH] powerpc: Enable generic cpu idle-loop"
Next in thread: Darrick J. Wong: "Re: [RFC PATCH] xfs: fix per-cpu CIL structure aggregation racing with dying cpus"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]