Xen project Mailing List

Re: [PATCH] xen/page_alloc: Simplify domain_adjust_tot_pages

To: Alejandro Vallejo <alejandro.vallejo@xxxxxxxxx>

Date: Wed, 5 Mar 2025 11:50:06 +0100

Autocrypt: addr=jbeulich@xxxxxxxx; keydata= xsDiBFk3nEQRBADAEaSw6zC/EJkiwGPXbWtPxl2xCdSoeepS07jW8UgcHNurfHvUzogEq5xk hu507c3BarVjyWCJOylMNR98Yd8VqD9UfmX0Hb8/BrA+Hl6/DB/eqGptrf4BSRwcZQM32aZK 7Pj2XbGWIUrZrd70x1eAP9QE3P79Y2oLrsCgbZJfEwCgvz9JjGmQqQkRiTVzlZVCJYcyGGsD /0tbFCzD2h20ahe8rC1gbb3K3qk+LpBtvjBu1RY9drYk0NymiGbJWZgab6t1jM7sk2vuf0Py O9Hf9XBmK0uE9IgMaiCpc32XV9oASz6UJebwkX+zF2jG5I1BfnO9g7KlotcA/v5ClMjgo6Gl MDY4HxoSRu3i1cqqSDtVlt+AOVBJBACrZcnHAUSuCXBPy0jOlBhxPqRWv6ND4c9PH1xjQ3NP nxJuMBS8rnNg22uyfAgmBKNLpLgAGVRMZGaGoJObGf72s6TeIqKJo/LtggAS9qAUiuKVnygo 3wjfkS9A3DRO+SpU7JqWdsveeIQyeyEJ/8PTowmSQLakF+3fote9ybzd880fSmFuIEJldWxp Y2ggPGpiZXVsaWNoQHN1c2UuY29tPsJgBBMRAgAgBQJZN5xEAhsDBgsJCAcDAgQVAggDBBYC AwECHgECF4AACgkQoDSui/t3IH4J+wCfQ5jHdEjCRHj23O/5ttg9r9OIruwAn3103WUITZee e7Sbg12UgcQ5lv7SzsFNBFk3nEQQCACCuTjCjFOUdi5Nm244F+78kLghRcin/awv+IrTcIWF hUpSs1Y91iQQ7KItirz5uwCPlwejSJDQJLIS+QtJHaXDXeV6NI0Uef1hP20+y8qydDiVkv6l IreXjTb7DvksRgJNvCkWtYnlS3mYvQ9NzS9PhyALWbXnH6sIJd2O9lKS1Mrfq+y0IXCP10eS FFGg+Av3IQeFatkJAyju0PPthyTqxSI4lZYuJVPknzgaeuJv/2NccrPvmeDg6Coe7ZIeQ8Yj t0ARxu2xytAkkLCel1Lz1WLmwLstV30g80nkgZf/wr+/BXJW/oIvRlonUkxv+IbBM3dX2OV8 AmRv1ySWPTP7AAMFB/9PQK/VtlNUJvg8GXj9ootzrteGfVZVVT4XBJkfwBcpC/XcPzldjv+3 HYudvpdNK3lLujXeA5fLOH+Z/G9WBc5pFVSMocI71I8bT8lIAzreg0WvkWg5V2WZsUMlnDL9 mpwIGFhlbM3gfDMs7MPMu8YQRFVdUvtSpaAs8OFfGQ0ia3LGZcjA6Ik2+xcqscEJzNH+qh8V m5jjp28yZgaqTaRbg3M/+MTbMpicpZuqF4rnB0AQD12/3BNWDR6bmh+EkYSMcEIpQmBM51qM EKYTQGybRCjpnKHGOxG0rfFY1085mBDZCH5Kx0cl0HVJuQKC+dV2ZY5AqjcKwAxpE75MLFkr wkkEGBECAAkFAlk3nEQCGwwACgkQoDSui/t3IH7nnwCfcJWUDUFKdCsBH/E5d+0ZnMQi+G0A nAuWpQkjM1ASeQwSHEeAWPgskBQL

Cc: xen-devel@xxxxxxxxxxxxxxxxxxxx, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>, Julien Grall <julien@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>

Delivery-date: Wed, 05 Mar 2025 10:50:06 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 27.02.2025 15:50, Alejandro Vallejo wrote: > On Wed Feb 26, 2025 at 2:28 PM GMT, Roger Pau Monné wrote: >> On Wed, Feb 26, 2025 at 03:08:33PM +0100, Jan Beulich wrote: >>> On 26.02.2025 14:56, Roger Pau Monné wrote: >>>> On Mon, Feb 24, 2025 at 01:27:24PM +0000, Alejandro Vallejo wrote: >>>>> --- a/xen/common/page_alloc.c >>>>> +++ b/xen/common/page_alloc.c >>>>> @@ -490,13 +490,11 @@ static long outstanding_claims; /* total >>>>> outstanding claims by all domains */ >>>>> >>>>> unsigned long domain_adjust_tot_pages(struct domain *d, long pages) >>>>> { >>>>> - long dom_before, dom_after, dom_claimed, sys_before, sys_after; >>>>> - >>>>> ASSERT(rspin_is_locked(&d->page_alloc_lock)); >>>>> d->tot_pages += pages; >>>>> >>>>> /* >>>>> - * can test d->claimed_pages race-free because it can only change >>>>> + * can test d->outstanding_pages race-free because it can only change >>>>> * if d->page_alloc_lock and heap_lock are both held, see also >>>>> * domain_set_outstanding_pages below >>>>> */ >>>>> @@ -504,17 +502,16 @@ unsigned long domain_adjust_tot_pages(struct domain >>>>> *d, long pages) >>>>> goto out; >>>> >>>> I think you can probably short-circuit the logic below if pages == 0? >>>> (and avoid taking the heap_lock) >>> >>> Are there callers passing in 0? >> >> Not sure, but if there are no callers expected we might add an ASSERT >> to that effect then. >> >>>>> spin_lock(&heap_lock); >>>>> - /* adjust domain outstanding pages; may not go negative */ >>>>> - dom_before = d->outstanding_pages; >>>>> - dom_after = dom_before - pages; >>>>> - BUG_ON(dom_before < 0); >>>>> - dom_claimed = dom_after < 0 ? 0 : dom_after; >>>>> - d->outstanding_pages = dom_claimed; >>>>> - /* flag accounting bug if system outstanding_claims would go >>>>> negative */ >>>>> - sys_before = outstanding_claims; >>>>> - sys_after = sys_before - (dom_before - dom_claimed); >>>>> - BUG_ON(sys_after < 0); >>>>> - outstanding_claims = sys_after; >>>>> + BUG_ON(outstanding_claims < d->outstanding_pages); >>>>> + if ( pages > 0 && d->outstanding_pages < pages ) >>>>> + { >>>>> + /* `pages` exceeds the domain's outstanding count. Zero it out. >>>>> */ >>>>> + outstanding_claims -= d->outstanding_pages; >>>>> + d->outstanding_pages = 0; >>>>> + } else { >>>>> + outstanding_claims -= pages; >>>>> + d->outstanding_pages -= pages; >>>> >>>> I wonder if it's intentional for a pages < 0 value to modify >>>> outstanding_claims and d->outstanding_pages, I think those values >>>> should only be set from domain_set_outstanding_pages(). >>>> domain_adjust_tot_pages() should only decrease the value, but never >>>> increase either outstanding_claims or d->outstanding_pages. >>>> >>>> At best the behavior is inconsistent, because once >>>> d->outstanding_pages reaches 0 there will be no further modification >>>> from domain_adjust_tot_pages(). >>> >>> Right, at that point the claim has run out. While freeing pages with an >>> active claim means that the claim gets bigger (which naturally needs >>> reflecting in the global). >> >> domain_adjust_tot_pages() is not exclusively called when freeing >> pages, see steal_page() for example. >> >> When called from steal_page() it's wrong to increase the claim, as >> it assumes that the page removed from d->tot_pages is freed, but >> that's not the case. The domain might end up in a situation where >> the claim is bigger than the available amount of memory. >> >> Thanks, Roger. > > This is what I meant by my initial reply questioning the logic itself. > > It's all very dubious with memory_exchange and makes very little sense on the > tentative code I have for per-node claims. > > I'd be quite happy to put an early exit before the spin_lock on pages <= 0. > That also covers your initial comment and prevents claims from growing after a > domain started running if it didn't happen to consume all of them. > > Is anyone opposed? We first need to reach common understanding what a claim is (or is not). See the other reply just sent. Jan

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.