On Thu, Oct 21, 2021 at 05:39:28PM +0200, Christian Schoenebeck wrote: > On Freitag, 8. Oktober 2021 18:08:48 CEST Christian Schoenebeck wrote: > > On Freitag, 8. Oktober 2021 16:24:42 CEST Christian Schoenebeck wrote: > > > On Freitag, 8. Oktober 2021 09:25:33 CEST Greg Kurz wrote: > > > > On Thu, 7 Oct 2021 16:42:49 +0100 > > > > > > > > Stefan Hajnoczi wrote: > > > > > On Thu, Oct 07, 2021 at 02:51:55PM +0200, Christian Schoenebeck wrote: > > > > > > On Donnerstag, 7. Oktober 2021 07:23:59 CEST Stefan Hajnoczi wrote: > > > > > > > On Mon, Oct 04, 2021 at 09:38:00PM +0200, Christian Schoenebeck > > > > wrote: > > > > > > > > At the moment the maximum transfer size with virtio is limited > > > > > > > > to > > > > > > > > 4M > > > > > > > > (1024 * PAGE_SIZE). This series raises this limit to its maximum > > > > > > > > theoretical possible transfer size of 128M (32k pages) according > > > > > > > > to > > > > > > > > the > > > > > > > > virtio specs: > > > > > > > > > > > > > > > > https://docs.oasis-open.org/virtio/virtio/v1.1/cs01/virtio-v1.1- > > > > > > > > cs > > > > > > > > 01 > > > > > > > > .html# > > > > > > > > x1-240006 > > > > > > > > > > > > > > Hi Christian, > > > > > > > > > > > I took a quick look at the code: > > > > Hi, > > > > > > > > Thanks Stefan for sharing virtio expertise and helping Christian ! > > > > > > > > > > > - The Linux 9p driver restricts descriptor chains to 128 elements > > > > > > > > > > > > > > (net/9p/trans_virtio.c:VIRTQUEUE_NUM) > > > > > > > > > > > > Yes, that's the limitation that I am about to remove (WIP); current > > > > > > kernel > > > > > > patches: > > > > > > https://lore.kernel.org/netdev/cover.1632327421.git.linux_oss@crudeb > > > > > > yt > > > > > > e. > > > > > > com/> > > > > > > > > > > I haven't read the patches yet but I'm concerned that today the driver > > > > > is pretty well-behaved and this new patch series introduces a spec > > > > > violation. Not fixing existing spec violations is okay, but adding new > > > > > ones is a red flag. I think we need to figure out a clean solution. > > > > > > Nobody has reviewed the kernel patches yet. My main concern therefore > > > actually is that the kernel patches are already too complex, because the > > > current situation is that only Dominique is handling 9p patches on kernel > > > side, and he barely has time for 9p anymore. > > > > > > Another reason for me to catch up on reading current kernel code and > > > stepping in as reviewer of 9p on kernel side ASAP, independent of this > > > issue. > > > > > > As for current kernel patches' complexity: I can certainly drop patch 7 > > > entirely as it is probably just overkill. Patch 4 is then the biggest > > > chunk, I have to see if I can simplify it, and whether it would make > > > sense to squash with patch 3. > > > > > > > > > > - The QEMU 9pfs code passes iovecs directly to preadv(2) and will > > > > > > > fail > > > > > > > > > > > > > > with EINVAL when called with more than IOV_MAX iovecs > > > > > > > (hw/9pfs/9p.c:v9fs_read()) > > > > > > > > > > > > Hmm, which makes me wonder why I never encountered this error during > > > > > > testing. > > > > > > > > > > > > Most people will use the 9p qemu 'local' fs driver backend in > > > > > > practice, > > > > > > so > > > > > > that v9fs_read() call would translate for most people to this > > > > > > implementation on QEMU side (hw/9p/9p-local.c): > > > > > > > > > > > > static ssize_t local_preadv(FsContext *ctx, V9fsFidOpenState *fs, > > > > > > > > > > > > const struct iovec *iov, > > > > > > int iovcnt, off_t offset) > > > > > > > > > > > > { > > > > > > #ifdef CONFIG_PREADV > > > > > > > > > > > > return preadv(fs->fd, iov, iovcnt, offset); > > > > > > > > > > > > #else > > > > > > > > > > > > int err = lseek(fs->fd, offset, SEEK_SET); > > > > > > if (err == -1) { > > > > > > > > > > > > return err; > > > > > > > > > > > > } else { > > > > > > > > > > > > return readv(fs->fd, iov, iovcnt); > > > > > > > > > > > > } > > > > > > > > > > > > #endif > > > > > > } > > > > > > > > > > > > > Unless I misunderstood the code, neither side can take advantage > > > > > > > of > > > > > > > the > > > > > > > new 32k descriptor chain limit? > > > > > > > > > > > > > > Thanks, > > > > > > > Stefan > > > > > > > > > > > > I need to check that when I have some more time. One possible > > > > > > explanation > > > > > > might be that preadv() already has this wrapped into a loop in its > > > > > > implementation to circumvent a limit like IOV_MAX. It might be > > > > > > another > > > > > > "it > > > > > > works, but not portable" issue, but not sure. > > > > > > > > > > > > There are still a bunch of other issues I have to resolve. If you > > > > > > look > > > > > > at > > > > > > net/9p/client.c on kernel side, you'll notice that it basically does > > > > > > this ATM> > > > > > > > > > > > > > kmalloc(msize); > > > > > > > > Note that this is done twice : once for the T message (client request) > > > > and > > > > once for the R message (server answer). The 9p driver could adjust the > > > > size > > > > of the T message to what's really needed instead of allocating the full > > > > msize. R message size is not known though. > > > > > > Would it make sense adding a second virtio ring, dedicated to server > > > responses to solve this? IIRC 9p server already calculates appropriate > > > exact sizes for each response type. So server could just push space that's > > > really needed for its responses. > > > > > > > > > for every 9p request. So not only does it allocate much more memory > > > > > > for > > > > > > every request than actually required (i.e. say 9pfs was mounted with > > > > > > msize=8M, then a 9p request that actually would just need 1k would > > > > > > nevertheless allocate 8M), but also it allocates > PAGE_SIZE, which > > > > > > obviously may fail at any time.> > > > > > > > > > > The PAGE_SIZE limitation sounds like a kmalloc() vs vmalloc() > > > > > situation. > > > > > > Hu, I didn't even consider vmalloc(). I just tried the kvmalloc() wrapper > > > as a quick & dirty test, but it crashed in the same way as kmalloc() with > > > large msize values immediately on mounting: > > > > > > diff --git a/net/9p/client.c b/net/9p/client.c > > > index a75034fa249b..cfe300a4b6ca 100644 > > > --- a/net/9p/client.c > > > +++ b/net/9p/client.c > > > @@ -227,15 +227,18 @@ static int parse_opts(char *opts, struct p9_client > > > *clnt) > > > > > > static int p9_fcall_init(struct p9_client *c, struct p9_fcall *fc, > > > > > > int alloc_msize) > > > > > > { > > > > > > - if (likely(c->fcall_cache) && alloc_msize == c->msize) { > > > + //if (likely(c->fcall_cache) && alloc_msize == c->msize) { > > > + if (false) { > > > > > > fc->sdata = kmem_cache_alloc(c->fcall_cache, GFP_NOFS); > > > fc->cache = c->fcall_cache; > > > > > > } else { > > > > > > - fc->sdata = kmalloc(alloc_msize, GFP_NOFS); > > > + fc->sdata = kvmalloc(alloc_msize, GFP_NOFS); > > > > Ok, GFP_NOFS -> GFP_KERNEL did the trick. > > > > Now I get: > > > > virtio: bogus descriptor or out of resources > > > > So, still some work ahead on both ends. > > Few hacks later (only changes on 9p client side) I got this running stable > now. The reason for the virtio error above was that kvmalloc() returns a > non-logical kernel address for any kvmalloc(>4M), i.e. an address that is > inaccessible from host side, hence that "bogus descriptor" message by QEMU. > So I had to split those linear 9p client buffers into sparse ones (set of > individual pages). > > I tested this for some days with various virtio transmission sizes and it > works as expected up to 128 MB (more precisely: 128 MB read space + 128 MB > write space per virtio round trip message). > > I did not encounter a show stopper for large virtio transmission sizes > (4 MB ... 128 MB) on virtio level, neither as a result of testing, nor after > reviewing the existing code. > > About IOV_MAX: that's apparently not an issue on virtio level. Most of the > iovec code, both on Linux kernel side and on QEMU side do not have this > limitation. It is apparently however indeed a limitation for userland apps > calling the Linux kernel's syscalls yet. > > Stefan, as it stands now, I am even more convinced that the upper virtio > transmission size limit should not be squeezed into the queue size argument of > virtio_add_queue(). Not because of the previous argument that it would waste > space (~1MB), but rather because they are two different things. To outline > this, just a quick recap of what happens exactly when a bulk message is pushed > over the virtio wire (assuming virtio "split" layout here): > > ---------- [recap-start] ---------- > > For each bulk message sent guest <-> host, exactly *one* of the pre-allocated > descriptors is taken and placed (subsequently) into exactly *one* position of > the two available/used ring buffers. The actual descriptor table though, > containing all the DMA addresses of the message bulk data, is allocated just > in time for each round trip message. Say, it is the first message sent, it > yields in the following structure: > > Ring Buffer Descriptor Table Bulk Data Pages > > +-+ +-+ +-----------------+ > |D|------------->|d|---------->| Bulk data block | > +-+ |d|--------+ +-----------------+ > | | |d|------+ | > +-+ . | | +-----------------+ > | | . | +->| Bulk data block | > . . | +-----------------+ > . |d|-+ | > . +-+ | | +-----------------+ > | | | +--->| Bulk data block | > +-+ | +-----------------+ > | | | . > +-+ | . > | . > | +-----------------+ > +-------->| Bulk data block | > +-----------------+ > Legend: > D: pre-allocated descriptor > d: just in time allocated descriptor > -->: memory pointer (DMA) > > The bulk data blocks are allocated by the respective device driver above > virtio subsystem level (guest side). > > There are exactly as many descriptors pre-allocated (D) as the size of a ring > buffer. > > A "descriptor" is more or less just a chainable DMA memory pointer; defined > as: > > /* Virtio ring descriptors: 16 bytes. These can chain together via "next". */ > struct vring_desc { > /* Address (guest-physical). */ > __virtio64 addr; > /* Length. */ > __virtio32 len; > /* The flags as indicated above. */ > __virtio16 flags; > /* We chain unused descriptors via this, too */ > __virtio16 next; > }; > > There are 2 ring buffers; the "available" ring buffer is for sending a message > guest->host (which will transmit DMA addresses of guest allocated bulk data > blocks that are used for data sent to device, and separate guest allocated > bulk data blocks that will be used by host side to place its response bulk > data), and the "used" ring buffer is for sending host->guest to let guest know > about host's response and that it could now safely consume and then deallocate > the bulk data blocks subsequently. > > ---------- [recap-end] ---------- > > So the "queue size" actually defines the ringbuffer size. It does not define > the maximum amount of descriptors. The "queue size" rather defines how many > pending messages can be pushed into either one ringbuffer before the other > side would need to wait until the counter side would step up (i.e. ring buffer > full). > > The maximum amount of descriptors (what VIRTQUEUE_MAX_SIZE actually is) OTOH > defines the max. bulk data size that could be transmitted with each virtio > round trip message. > > And in fact, 9p currently handles the virtio "queue size" as directly > associative with its maximum amount of active 9p requests the server could > handle simultaniously: > > hw/9pfs/9p.h:#define MAX_REQ 128 > hw/9pfs/9p.h: V9fsPDU pdus[MAX_REQ]; > hw/9pfs/virtio-9p-device.c: v->vq = virtio_add_queue(vdev, MAX_REQ, > handle_9p_output); > > So if I would change it like this, just for the purpose to increase the max. > virtio transmission size: > > --- a/hw/9pfs/virtio-9p-device.c > +++ b/hw/9pfs/virtio-9p-device.c > @@ -218,7 +218,7 @@ static void virtio_9p_device_realize(DeviceState *dev, Error **errp) > v->config_size = sizeof(struct virtio_9p_config) + strlen(s->fsconf.tag); > virtio_init(vdev, "virtio-9p", VIRTIO_ID_9P, v->config_size, > VIRTQUEUE_MAX_SIZE); > - v->vq = virtio_add_queue(vdev, MAX_REQ, handle_9p_output); > + v->vq = virtio_add_queue(vdev, 32*1024, handle_9p_output); > } > > Then it would require additional synchronization code on both ends and > therefore unnecessary complexity, because it would now be possible that more > requests are pushed into the ringbuffer than server could handle. > > There is one potential issue though that probably did justify the "don't > exceed the queue size" rule: > > ATM the descriptor table is allocated (just in time) as *one* continuous > buffer via kmalloc_array(): > https://github.com/torvalds/linux/blob/2f111a6fd5b5297b4e92f53798ca086f7c7d33a4/drivers/virtio/virtio_ring.c#L440 > > So assuming transmission size of 2 * 128 MB that kmalloc_array() call would > yield in kmalloc(1M) and the latter might fail if guest had highly fragmented > physical memory. For such kind of error case there is currently a fallback > path in virtqueue_add_split() that would then use the required amount of > pre-allocated descriptors instead: > https://github.com/torvalds/linux/blob/2f111a6fd5b5297b4e92f53798ca086f7c7d33a4/drivers/virtio/virtio_ring.c#L525 > > That fallback recovery path would no longer be viable if the queue size was > exceeded. There would be alternatives though, e.g. by allowing to chain > indirect descriptor tables (currently prohibited by the virtio specs). Making the maximum number of descriptors independent of the queue size requires a change to the VIRTIO spec since the two values are currently explicitly tied together by the spec. Before doing that, are there benchmark results showing that 1 MB vs 128 MB produces a performance improvement? I'm asking because if performance with 1 MB is good then you can probably do that without having to change VIRTIO and also because it's counter-intuitive that 9p needs 128 MB for good performance when it's ultimately implemented on top of disk and network I/O that have lower size limits. Stefan