* [PATCH v5 0/2] xenbus/backend: Add a memory pressure handler callback
@ 2019-12-10 8:06 SeongJae Park
2019-12-10 8:06 ` [PATCH v5 1/2] xenbus/backend: Add " SeongJae Park
2019-12-10 8:06 ` [PATCH v5 2/2] xen/blkback: Squeeze page pools if a memory pressure is detected SeongJae Park
0 siblings, 2 replies; 14+ messages in thread
From: SeongJae Park @ 2019-12-10 8:06 UTC (permalink / raw)
To: sjpark
Cc: axboe, konrad.wilk, linux-block, linux-kernel, pdurrant,
roger.pau, sj38.park, xen-devel, SeongJae Park
Granting pages consumes backend system memory. In systems configured
with insufficient spare memory for those pages, it can cause a memory
pressure situation. However, finding the optimal amount of the spare
memory is challenging for large systems having dynamic resource
utilization patterns. Also, such a static configuration might lack a
flexibility.
To mitigate such problems, this patchset adds a memory reclaim callback
to 'xenbus_driver' (patch 1) and use it to mitigate the problem in
'xen-blkback' (patch 2).
Base Version
------------
This patch is based on v5.4. A complete tree is also available at my
public git repo:
https://github.com/sjp38/linux/tree/blkback_squeezing_v5
Patch History
-------------
Changes from v4
(https://lore.kernel.org/xen-devel/20191209194305.20828-1-sjpark@amazon.com/)
- Remove domain id parameter from the callback (suggested by Jergen Gross)
Changes from v3
(https://lore.kernel.org/xen-devel/20191209085839.21215-1-sjpark@amazon.com/)
- Add general callback in xen_driver and use it (suggested by Juergen
Gross)
Changes from v2
(https://lore.kernel.org/linux-block/af195033-23d5-38ed-b73b-f6e2e3b34541@amazon.com)
- Rename the module parameter and variables for brevity (aggressive
shrinking -> squeezing)
Changes from v1
(https://lore.kernel.org/xen-devel/20191204113419.2298-1-sjpark@amazon.com/)
- Adjust the description to not use the term, `arbitrarily` (suggested
by Paul Durrant)
- Specify time unit of the duration in the parameter description,
(suggested by Maximilian Heyne)
- Change default aggressive shrinking duration from 1ms to 10ms
- Merge two patches into one single patch
SeongJae Park (2):
xenbus/backend: Add memory pressure handler callback
xen/blkback: Squeeze page pools if a memory pressure is detected
drivers/block/xen-blkback/blkback.c | 23 +++++++++++++++--
drivers/block/xen-blkback/common.h | 1 +
drivers/block/xen-blkback/xenbus.c | 3 ++-
drivers/xen/xenbus/xenbus_probe_backend.c | 31 +++++++++++++++++++++++
include/xen/xenbus.h | 1 +
5 files changed, 56 insertions(+), 3 deletions(-)
--
2.17.1
^ permalink raw reply [flat|nested] 14+ messages in thread
* [PATCH v5 1/2] xenbus/backend: Add memory pressure handler callback
2019-12-10 8:06 [PATCH v5 0/2] xenbus/backend: Add a memory pressure handler callback SeongJae Park
@ 2019-12-10 8:06 ` SeongJae Park
2019-12-10 8:17 ` Jürgen Groß
2019-12-10 10:16 ` Roger Pau Monné
2019-12-10 8:06 ` [PATCH v5 2/2] xen/blkback: Squeeze page pools if a memory pressure is detected SeongJae Park
1 sibling, 2 replies; 14+ messages in thread
From: SeongJae Park @ 2019-12-10 8:06 UTC (permalink / raw)
To: sjpark
Cc: axboe, konrad.wilk, linux-block, linux-kernel, pdurrant,
roger.pau, sj38.park, xen-devel, SeongJae Park
Granting pages consumes backend system memory. In systems configured
with insufficient spare memory for those pages, it can cause a memory
pressure situation. However, finding the optimal amount of the spare
memory is challenging for large systems having dynamic resource
utilization patterns. Also, such a static configuration might lack a
flexibility.
To mitigate such problems, this commit adds a memory reclaim callback to
'xenbus_driver'. Using this facility, 'xenbus' would be able to monitor
a memory pressure and request specific devices of specific backend
drivers which causing the given pressure to voluntarily release its
memory.
That said, this commit simply requests every callback registered driver
to release its memory for every domain, rather than issueing the
requests to the drivers and the domain in charge. Such things will be
done in a futur. Also, this commit focuses on memory only. However, it
would be ablt to be extended for general resources.
Signed-off-by: SeongJae Park <sjpark@amazon.de>
---
drivers/xen/xenbus/xenbus_probe_backend.c | 31 +++++++++++++++++++++++
include/xen/xenbus.h | 1 +
2 files changed, 32 insertions(+)
diff --git a/drivers/xen/xenbus/xenbus_probe_backend.c b/drivers/xen/xenbus/xenbus_probe_backend.c
index b0bed4faf44c..5a5ba29e39df 100644
--- a/drivers/xen/xenbus/xenbus_probe_backend.c
+++ b/drivers/xen/xenbus/xenbus_probe_backend.c
@@ -248,6 +248,34 @@ static int backend_probe_and_watch(struct notifier_block *notifier,
return NOTIFY_DONE;
}
+static int xenbus_backend_reclaim(struct device *dev, void *data)
+{
+ struct xenbus_driver *drv;
+ if (!dev->driver)
+ return -ENOENT;
+ drv = to_xenbus_driver(dev->driver);
+ if (drv && drv->reclaim)
+ drv->reclaim(to_xenbus_device(dev));
+ return 0;
+}
+
+/*
+ * Returns 0 always because we are using shrinker to only detect memory
+ * pressure.
+ */
+static unsigned long xenbus_backend_shrink_count(struct shrinker *shrinker,
+ struct shrink_control *sc)
+{
+ bus_for_each_dev(&xenbus_backend.bus, NULL, NULL,
+ xenbus_backend_reclaim);
+ return 0;
+}
+
+static struct shrinker xenbus_backend_shrinker = {
+ .count_objects = xenbus_backend_shrink_count,
+ .seeks = DEFAULT_SEEKS,
+};
+
static int __init xenbus_probe_backend_init(void)
{
static struct notifier_block xenstore_notifier = {
@@ -264,6 +292,9 @@ static int __init xenbus_probe_backend_init(void)
register_xenstore_notifier(&xenstore_notifier);
+ if (register_shrinker(&xenbus_backend_shrinker))
+ pr_warn("shrinker registration failed\n");
+
return 0;
}
subsys_initcall(xenbus_probe_backend_init);
diff --git a/include/xen/xenbus.h b/include/xen/xenbus.h
index 869c816d5f8c..cdb075e4182f 100644
--- a/include/xen/xenbus.h
+++ b/include/xen/xenbus.h
@@ -104,6 +104,7 @@ struct xenbus_driver {
struct device_driver driver;
int (*read_otherend_details)(struct xenbus_device *dev);
int (*is_ready)(struct xenbus_device *dev);
+ unsigned (*reclaim)(struct xenbus_device *dev);
};
static inline struct xenbus_driver *to_xenbus_driver(struct device_driver *drv)
--
2.17.1
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [PATCH v5 2/2] xen/blkback: Squeeze page pools if a memory pressure is detected
2019-12-10 8:06 [PATCH v5 0/2] xenbus/backend: Add a memory pressure handler callback SeongJae Park
2019-12-10 8:06 ` [PATCH v5 1/2] xenbus/backend: Add " SeongJae Park
@ 2019-12-10 8:06 ` SeongJae Park
2019-12-10 11:04 ` Roger Pau Monné
1 sibling, 1 reply; 14+ messages in thread
From: SeongJae Park @ 2019-12-10 8:06 UTC (permalink / raw)
To: sjpark
Cc: axboe, konrad.wilk, linux-block, linux-kernel, pdurrant,
roger.pau, sj38.park, xen-devel, SeongJae Park
Each `blkif` has a free pages pool for the grant mapping. The size of
the pool starts from zero and be increased on demand while processing
the I/O requests. If current I/O requests handling is finished or 100
milliseconds has passed since last I/O requests handling, it checks and
shrinks the pool to not exceed the size limit, `max_buffer_pages`.
Therefore, `blkfront` running guests can cause a memory pressure in the
`blkback` running guest by attaching a large number of block devices and
inducing I/O. System administrators can avoid such problematic
situations by limiting the maximum number of devices each guest can
attach. However, finding the optimal limit is not so easy. Improper
set of the limit can results in the memory pressure or a resource
underutilization. This commit avoids such problematic situations by
squeezing the pools (returns every free page in the pool to the system)
for a while (users can set this duration via a module parameter) if a
memory pressure is detected.
Discussions
===========
The `blkback`'s original shrinking mechanism returns only pages in the
pool, which are not currently be used by `blkback`, to the system. In
other words, the pages are not mapped with foreign pages. Because this
commit is changing only the shrink limit but uses the mechanism as is,
this commit does not introduce improper mappings related security
issues.
Once a memory pressure is detected, this commit keeps the squeezing
limit for a user-specified time duration. The duration should be
neither too long nor too short. If it is too long, the squeezing
incurring overhead can reduce the I/O performance. If it is too short,
`blkback` will not free enough pages to reduce the memory pressure.
This commit sets the value as `10 milliseconds` by default because it is
a short time in terms of I/O while it is a long time in terms of memory
operations. Also, as the original shrinking mechanism works for at
least every 100 milliseconds, this could be a somewhat reasonable
choice. I also tested other durations (refer to the below section for
more details) and confirmed that 10 milliseconds is the one that works
best with the test. That said, the proper duration depends on actual
configurations and workloads. That's why this commit is allowing users
to set it as their optimal value via the module parameter.
Memory Pressure Test
====================
To show how this commit fixes the memory pressure situation well, I
configured a test environment on a xen-running virtualization system.
On the `blkfront` running guest instances, I attach a large number of
network-backed volume devices and induce I/O to those. Meanwhile, I
measure the number of pages that swapped in and out on the `blkback`
running guest. The test ran twice, once for the `blkback` before this
commit and once for that after this commit. As shown below, this commit
has dramatically reduced the memory pressure:
pswpin pswpout
before 76,672 185,799
after 212 3,325
Optimal Aggressive Shrinking Duration
-------------------------------------
To find a best squeezing duration, I repeated the test with three
different durations (1ms, 10ms, and 100ms). The results are as below:
duration pswpin pswpout
1 852 6,424
10 212 3,325
100 203 3,340
As expected, the memory pressure has decreased as the duration is
increased, but the reduction stopped from the `10ms`. Based on this
results, I chose the default duration as 10ms.
Performance Overhead Test
=========================
This commit could incur I/O performance degradation under severe memory
pressure because the squeezing will require more page allocations per
I/O. To show the overhead, I artificially made a worst-case squeezing
situation and measured the I/O performance of a `blkfront` running
guest.
For the artificial squeezing, I set the `blkback.max_buffer_pages` using
the `/sys/module/xen_blkback/parameters/max_buffer_pages` file. We set
the value to `1024` and `0`. The `1024` is the default value. Setting
the value as `0` is same to a situation doing the squeezing always
(worst-case).
For the I/O performance measurement, I use a simple `dd` command.
Default Performance
-------------------
[dom0]# echo 1024 > /sys/module/xen_blkback/parameters/max_buffer_pages
[instance]$ for i in {1..5}; do dd if=/dev/zero of=file bs=4k count=$((256*512)); sync; done
131072+0 records in
131072+0 records out
536870912 bytes (537 MB) copied, 11.7257 s, 45.8 MB/s
131072+0 records in
131072+0 records out
536870912 bytes (537 MB) copied, 13.8827 s, 38.7 MB/s
131072+0 records in
131072+0 records out
536870912 bytes (537 MB) copied, 13.8781 s, 38.7 MB/s
131072+0 records in
131072+0 records out
536870912 bytes (537 MB) copied, 13.8737 s, 38.7 MB/s
131072+0 records in
131072+0 records out
536870912 bytes (537 MB) copied, 13.8702 s, 38.7 MB/s
Worst-case Performance
----------------------
[dom0]# echo 0 > /sys/module/xen_blkback/parameters/max_buffer_pages
[instance]$ for i in {1..5}; do dd if=/dev/zero of=file bs=4k count=$((256*512)); sync; done
131072+0 records in
131072+0 records out
536870912 bytes (537 MB) copied, 11.7257 s, 45.8 MB/s
131072+0 records in
131072+0 records out
536870912 bytes (537 MB) copied, 13.878 s, 38.7 MB/s
131072+0 records in
131072+0 records out
536870912 bytes (537 MB) copied, 13.8746 s, 38.7 MB/s
131072+0 records in
131072+0 records out
536870912 bytes (537 MB) copied, 13.8786 s, 38.7 MB/s
131072+0 records in
131072+0 records out
536870912 bytes (537 MB) copied, 13.8749 s, 38.7 MB/s
In short, even worst case squeezing makes no visible performance
degradation. I think this is due to the slow speed of the I/O. In
other words, the additional page allocation overhead is hidden under the
much slower I/O latency.
Nevertheless, pleaset note that this is just a very simple and minimal
test.
Reviewed-by: Juergen Gross <jgross@suse.com>
Signed-off-by: SeongJae Park <sjpark@amazon.de>
---
drivers/block/xen-blkback/blkback.c | 23 +++++++++++++++++++++--
drivers/block/xen-blkback/common.h | 1 +
drivers/block/xen-blkback/xenbus.c | 3 ++-
3 files changed, 24 insertions(+), 3 deletions(-)
diff --git a/drivers/block/xen-blkback/blkback.c b/drivers/block/xen-blkback/blkback.c
index fd1e19f1a49f..4d4dba7ea721 100644
--- a/drivers/block/xen-blkback/blkback.c
+++ b/drivers/block/xen-blkback/blkback.c
@@ -142,6 +142,22 @@ static inline bool persistent_gnt_timeout(struct persistent_gnt *persistent_gnt)
HZ * xen_blkif_pgrant_timeout);
}
+/* Once a memory pressure is detected, squeeze free page pools for a while. */
+static int xen_blkif_buffer_squeeze_duration_ms = 10;
+module_param_named(buffer_squeeze_duration_ms,
+ xen_blkif_buffer_squeeze_duration_ms, int, 0644);
+MODULE_PARM_DESC(buffer_squeeze_duration_ms,
+"Duration in ms to squeeze pages buffer when a memory pressure is detected");
+
+static unsigned long xen_blk_buffer_squeeze_end;
+
+unsigned xen_blkbk_reclaim(struct xenbus_device *dev)
+{
+ xen_blk_buffer_squeeze_end = jiffies +
+ msecs_to_jiffies(xen_blkif_buffer_squeeze_duration_ms);
+ return 0;
+}
+
static inline int get_free_page(struct xen_blkif_ring *ring, struct page **page)
{
unsigned long flags;
@@ -656,8 +672,11 @@ int xen_blkif_schedule(void *arg)
ring->next_lru = jiffies + msecs_to_jiffies(LRU_INTERVAL);
}
- /* Shrink if we have more than xen_blkif_max_buffer_pages */
- shrink_free_pagepool(ring, xen_blkif_max_buffer_pages);
+ /* Shrink the free pages pool if it is too large. */
+ if (time_before(jiffies, xen_blk_buffer_squeeze_end))
+ shrink_free_pagepool(ring, 0);
+ else
+ shrink_free_pagepool(ring, xen_blkif_max_buffer_pages);
if (log_stats && time_after(jiffies, ring->st_print))
print_stats(ring);
diff --git a/drivers/block/xen-blkback/common.h b/drivers/block/xen-blkback/common.h
index 1d3002d773f7..c0334cda79fe 100644
--- a/drivers/block/xen-blkback/common.h
+++ b/drivers/block/xen-blkback/common.h
@@ -383,6 +383,7 @@ irqreturn_t xen_blkif_be_int(int irq, void *dev_id);
int xen_blkif_schedule(void *arg);
int xen_blkif_purge_persistent(void *arg);
void xen_blkbk_free_caches(struct xen_blkif_ring *ring);
+unsigned xen_blkbk_reclaim(struct xenbus_device *dev);
int xen_blkbk_flush_diskcache(struct xenbus_transaction xbt,
struct backend_info *be, int state);
diff --git a/drivers/block/xen-blkback/xenbus.c b/drivers/block/xen-blkback/xenbus.c
index b90dbcd99c03..de49a09e6933 100644
--- a/drivers/block/xen-blkback/xenbus.c
+++ b/drivers/block/xen-blkback/xenbus.c
@@ -1115,7 +1115,8 @@ static struct xenbus_driver xen_blkbk_driver = {
.ids = xen_blkbk_ids,
.probe = xen_blkbk_probe,
.remove = xen_blkbk_remove,
- .otherend_changed = frontend_changed
+ .otherend_changed = frontend_changed,
+ .reclaim = xen_blkbk_reclaim
};
int xen_blkif_xenbus_init(void)
--
2.17.1
^ permalink raw reply related [flat|nested] 14+ messages in thread
* Re: [PATCH v5 1/2] xenbus/backend: Add memory pressure handler callback
2019-12-10 8:06 ` [PATCH v5 1/2] xenbus/backend: Add " SeongJae Park
@ 2019-12-10 8:17 ` Jürgen Groß
2019-12-10 10:16 ` Roger Pau Monné
1 sibling, 0 replies; 14+ messages in thread
From: Jürgen Groß @ 2019-12-10 8:17 UTC (permalink / raw)
To: SeongJae Park, sjpark
Cc: axboe, konrad.wilk, linux-block, linux-kernel, pdurrant,
roger.pau, xen-devel, SeongJae Park
On 10.12.19 09:06, SeongJae Park wrote:
> Granting pages consumes backend system memory. In systems configured
> with insufficient spare memory for those pages, it can cause a memory
> pressure situation. However, finding the optimal amount of the spare
> memory is challenging for large systems having dynamic resource
> utilization patterns. Also, such a static configuration might lack a
> flexibility.
>
> To mitigate such problems, this commit adds a memory reclaim callback to
> 'xenbus_driver'. Using this facility, 'xenbus' would be able to monitor
> a memory pressure and request specific devices of specific backend
> drivers which causing the given pressure to voluntarily release its
> memory.
>
> That said, this commit simply requests every callback registered driver
> to release its memory for every domain, rather than issueing the
> requests to the drivers and the domain in charge. Such things will be
> done in a futur. Also, this commit focuses on memory only. However, it
> would be ablt to be extended for general resources.
>
> Signed-off-by: SeongJae Park <sjpark@amazon.de>
Reviewed-by: Juergen Gross <jgross@suse.com>
Juergen
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [PATCH v5 1/2] xenbus/backend: Add memory pressure handler callback
2019-12-10 8:06 ` [PATCH v5 1/2] xenbus/backend: Add " SeongJae Park
2019-12-10 8:17 ` Jürgen Groß
@ 2019-12-10 10:16 ` Roger Pau Monné
2019-12-10 10:21 ` [Xen-devel] " Roger Pau Monné
2019-12-11 3:50 ` SeongJae Park
1 sibling, 2 replies; 14+ messages in thread
From: Roger Pau Monné @ 2019-12-10 10:16 UTC (permalink / raw)
To: SeongJae Park
Cc: sjpark, axboe, konrad.wilk, linux-block, linux-kernel, pdurrant,
xen-devel, SeongJae Park
On Tue, Dec 10, 2019 at 08:06:27AM +0000, SeongJae Park wrote:
> Granting pages consumes backend system memory. In systems configured
> with insufficient spare memory for those pages, it can cause a memory
> pressure situation. However, finding the optimal amount of the spare
> memory is challenging for large systems having dynamic resource
> utilization patterns. Also, such a static configuration might lack a
s/lack a/lack/
> flexibility.
>
> To mitigate such problems, this commit adds a memory reclaim callback to
> 'xenbus_driver'. Using this facility, 'xenbus' would be able to monitor
> a memory pressure and request specific devices of specific backend
s/monitor a/monitor/
> drivers which causing the given pressure to voluntarily release its
...which are causing...
> memory.
>
> That said, this commit simply requests every callback registered driver
> to release its memory for every domain, rather than issueing the
s/issueing/issuing/
> requests to the drivers and the domain in charge. Such things will be
I'm afraid I don't understand the "domain in charge" part of this
sentence.
> done in a futur. Also, this commit focuses on memory only. However, it
... done in a future change. Also I think the period after only should
be removed in order to tie both sentences together.
> would be ablt to be extended for general resources.
s/ablt/able/
>
> Signed-off-by: SeongJae Park <sjpark@amazon.de>
> ---
> drivers/xen/xenbus/xenbus_probe_backend.c | 31 +++++++++++++++++++++++
> include/xen/xenbus.h | 1 +
> 2 files changed, 32 insertions(+)
>
> diff --git a/drivers/xen/xenbus/xenbus_probe_backend.c b/drivers/xen/xenbus/xenbus_probe_backend.c
> index b0bed4faf44c..5a5ba29e39df 100644
> --- a/drivers/xen/xenbus/xenbus_probe_backend.c
> +++ b/drivers/xen/xenbus/xenbus_probe_backend.c
> @@ -248,6 +248,34 @@ static int backend_probe_and_watch(struct notifier_block *notifier,
> return NOTIFY_DONE;
> }
>
> +static int xenbus_backend_reclaim(struct device *dev, void *data)
> +{
> + struct xenbus_driver *drv;
Newline and const.
> + if (!dev->driver)
> + return -ENOENT;
> + drv = to_xenbus_driver(dev->driver);
> + if (drv && drv->reclaim)
> + drv->reclaim(to_xenbus_device(dev));
You seem to completely ignore the return of the reclaim hook...
> + return 0;
> +}
> +
> +/*
> + * Returns 0 always because we are using shrinker to only detect memory
> + * pressure.
> + */
> +static unsigned long xenbus_backend_shrink_count(struct shrinker *shrinker,
> + struct shrink_control *sc)
> +{
> + bus_for_each_dev(&xenbus_backend.bus, NULL, NULL,
> + xenbus_backend_reclaim);
> + return 0;
> +}
> +
> +static struct shrinker xenbus_backend_shrinker = {
> + .count_objects = xenbus_backend_shrink_count,
> + .seeks = DEFAULT_SEEKS,
> +};
> +
> static int __init xenbus_probe_backend_init(void)
> {
> static struct notifier_block xenstore_notifier = {
> @@ -264,6 +292,9 @@ static int __init xenbus_probe_backend_init(void)
>
> register_xenstore_notifier(&xenstore_notifier);
>
> + if (register_shrinker(&xenbus_backend_shrinker))
> + pr_warn("shrinker registration failed\n");
> +
> return 0;
> }
> subsys_initcall(xenbus_probe_backend_init);
> diff --git a/include/xen/xenbus.h b/include/xen/xenbus.h
> index 869c816d5f8c..cdb075e4182f 100644
> --- a/include/xen/xenbus.h
> +++ b/include/xen/xenbus.h
> @@ -104,6 +104,7 @@ struct xenbus_driver {
> struct device_driver driver;
> int (*read_otherend_details)(struct xenbus_device *dev);
> int (*is_ready)(struct xenbus_device *dev);
> + unsigned (*reclaim)(struct xenbus_device *dev);
... hence I wonder why it's returning an unsigned when it's just
ignored.
IMO it should return an int to signal errors, and the return should be
ignored.
Also, I think it would preferable for this function to take an extra
parameter to describe the resource the driver should attempt to free
(ie: memory or interrupts for example). I'm however not able to find
any existing Linux type to describe such resources.
Thanks, Roger.
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [Xen-devel] [PATCH v5 1/2] xenbus/backend: Add memory pressure handler callback
2019-12-10 10:16 ` Roger Pau Monné
@ 2019-12-10 10:21 ` Roger Pau Monné
2019-12-10 10:24 ` SeongJae Park
2019-12-11 3:50 ` SeongJae Park
1 sibling, 1 reply; 14+ messages in thread
From: Roger Pau Monné @ 2019-12-10 10:21 UTC (permalink / raw)
To: SeongJae Park
Cc: axboe, sjpark, konrad.wilk, pdurrant, SeongJae Park,
linux-kernel, linux-block, xen-devel
On Tue, Dec 10, 2019 at 11:16:35AM +0100, Roger Pau Monné wrote:
> On Tue, Dec 10, 2019 at 08:06:27AM +0000, SeongJae Park wrote:
> > diff --git a/include/xen/xenbus.h b/include/xen/xenbus.h
> > index 869c816d5f8c..cdb075e4182f 100644
> > --- a/include/xen/xenbus.h
> > +++ b/include/xen/xenbus.h
> > @@ -104,6 +104,7 @@ struct xenbus_driver {
> > struct device_driver driver;
> > int (*read_otherend_details)(struct xenbus_device *dev);
> > int (*is_ready)(struct xenbus_device *dev);
> > + unsigned (*reclaim)(struct xenbus_device *dev);
>
> ... hence I wonder why it's returning an unsigned when it's just
> ignored.
>
> IMO it should return an int to signal errors, and the return should be
> ignored.
Meant to write 'shouldn't be ignored' sorry.
Roger.
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [Xen-devel] [PATCH v5 1/2] xenbus/backend: Add memory pressure handler callback
2019-12-10 10:21 ` [Xen-devel] " Roger Pau Monné
@ 2019-12-10 10:24 ` SeongJae Park
0 siblings, 0 replies; 14+ messages in thread
From: SeongJae Park @ 2019-12-10 10:24 UTC (permalink / raw)
To: Roger Pau Monné
Cc: Jens Axboe, SeongJae Park, konrad.wilk, pdurrant, SeongJae Park,
LKML, linux-block, xen-devel
On Tue, Dec 10, 2019 at 11:21 AM Roger Pau Monné <roger.pau@citrix.com> wrote:
>
> On Tue, Dec 10, 2019 at 11:16:35AM +0100, Roger Pau Monné wrote:
> > On Tue, Dec 10, 2019 at 08:06:27AM +0000, SeongJae Park wrote:
> > > diff --git a/include/xen/xenbus.h b/include/xen/xenbus.h
> > > index 869c816d5f8c..cdb075e4182f 100644
> > > --- a/include/xen/xenbus.h
> > > +++ b/include/xen/xenbus.h
> > > @@ -104,6 +104,7 @@ struct xenbus_driver {
> > > struct device_driver driver;
> > > int (*read_otherend_details)(struct xenbus_device *dev);
> > > int (*is_ready)(struct xenbus_device *dev);
> > > + unsigned (*reclaim)(struct xenbus_device *dev);
> >
> > ... hence I wonder why it's returning an unsigned when it's just
> > ignored.
> >
> > IMO it should return an int to signal errors, and the return should be
> > ignored.
>
> Meant to write 'shouldn't be ignored' sorry.
Thanks for good opinions and comments! I will apply your comments in the next
version.
Thanks,
SeongJae Park
>
> Roger.
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [PATCH v5 2/2] xen/blkback: Squeeze page pools if a memory pressure is detected
2019-12-10 8:06 ` [PATCH v5 2/2] xen/blkback: Squeeze page pools if a memory pressure is detected SeongJae Park
@ 2019-12-10 11:04 ` Roger Pau Monné
2019-12-11 4:08 ` SeongJae Park
0 siblings, 1 reply; 14+ messages in thread
From: Roger Pau Monné @ 2019-12-10 11:04 UTC (permalink / raw)
To: SeongJae Park
Cc: sjpark, axboe, konrad.wilk, linux-block, linux-kernel, pdurrant,
xen-devel, SeongJae Park
On Tue, Dec 10, 2019 at 08:06:28AM +0000, SeongJae Park wrote:
> Each `blkif` has a free pages pool for the grant mapping. The size of
> the pool starts from zero and be increased on demand while processing
> the I/O requests. If current I/O requests handling is finished or 100
> milliseconds has passed since last I/O requests handling, it checks and
> shrinks the pool to not exceed the size limit, `max_buffer_pages`.
>
> Therefore, `blkfront` running guests can cause a memory pressure in the
> `blkback` running guest by attaching a large number of block devices and
> inducing I/O.
Hm, I don't think this is actually true. blkfront cannot attach an
arbitrary number of devices, blkfront is just a frontend for a device
that's instantiated by the Xen toolstack, so it's the toolstack the one
that controls the amount of PV block devices.
> System administrators can avoid such problematic
> situations by limiting the maximum number of devices each guest can
> attach. However, finding the optimal limit is not so easy. Improper
> set of the limit can results in the memory pressure or a resource
> underutilization. This commit avoids such problematic situations by
> squeezing the pools (returns every free page in the pool to the system)
> for a while (users can set this duration via a module parameter) if a
> memory pressure is detected.
>
> Discussions
> ===========
>
> The `blkback`'s original shrinking mechanism returns only pages in the
> pool, which are not currently be used by `blkback`, to the system. In
> other words, the pages are not mapped with foreign pages. Because this
^ that ^ granted
> commit is changing only the shrink limit but uses the mechanism as is,
> this commit does not introduce improper mappings related security
> issues.
That last sentence is hard to parse. I think something like:
"Because this commit is changing only the shrink limit but still uses the
same freeing mechanism it does not touch pages which are currently
mapping grants."
>
> Once a memory pressure is detected, this commit keeps the squeezing
> limit for a user-specified time duration. The duration should be
> neither too long nor too short. If it is too long, the squeezing
> incurring overhead can reduce the I/O performance. If it is too short,
> `blkback` will not free enough pages to reduce the memory pressure.
> This commit sets the value as `10 milliseconds` by default because it is
> a short time in terms of I/O while it is a long time in terms of memory
> operations. Also, as the original shrinking mechanism works for at
> least every 100 milliseconds, this could be a somewhat reasonable
> choice. I also tested other durations (refer to the below section for
> more details) and confirmed that 10 milliseconds is the one that works
> best with the test. That said, the proper duration depends on actual
> configurations and workloads. That's why this commit is allowing users
^ allows
> to set it as their optimal value via the module parameter.
... to set the duration as a module parameter.
>
> Memory Pressure Test
> ====================
>
> To show how this commit fixes the memory pressure situation well, I
> configured a test environment on a xen-running virtualization system.
> On the `blkfront` running guest instances, I attach a large number of
> network-backed volume devices and induce I/O to those. Meanwhile, I
> measure the number of pages that swapped in and out on the `blkback`
> running guest. The test ran twice, once for the `blkback` before this
> commit and once for that after this commit. As shown below, this commit
> has dramatically reduced the memory pressure:
>
> pswpin pswpout
I assume pswpin means 'pages swapped in' and pswpout 'pages swapped
out'. Might be good to add a note to that effect.
> before 76,672 185,799
> after 212 3,325
>
> Optimal Aggressive Shrinking Duration
> -------------------------------------
>
> To find a best squeezing duration, I repeated the test with three
> different durations (1ms, 10ms, and 100ms). The results are as below:
>
> duration pswpin pswpout
> 1 852 6,424
> 10 212 3,325
> 100 203 3,340
>
> As expected, the memory pressure has decreased as the duration is
> increased, but the reduction stopped from the `10ms`. Based on this
> results, I chose the default duration as 10ms.
>
> Performance Overhead Test
> =========================
>
> This commit could incur I/O performance degradation under severe memory
> pressure because the squeezing will require more page allocations per
> I/O. To show the overhead, I artificially made a worst-case squeezing
> situation and measured the I/O performance of a `blkfront` running
> guest.
>
> For the artificial squeezing, I set the `blkback.max_buffer_pages` using
> the `/sys/module/xen_blkback/parameters/max_buffer_pages` file. We set
> the value to `1024` and `0`. The `1024` is the default value. Setting
> the value as `0` is same to a situation doing the squeezing always
> (worst-case).
>
> For the I/O performance measurement, I use a simple `dd` command.
>
> Default Performance
> -------------------
>
> [dom0]# echo 1024 > /sys/module/xen_blkback/parameters/max_buffer_pages
> [instance]$ for i in {1..5}; do dd if=/dev/zero of=file bs=4k count=$((256*512)); sync; done
> 131072+0 records in
> 131072+0 records out
> 536870912 bytes (537 MB) copied, 11.7257 s, 45.8 MB/s
> 131072+0 records in
> 131072+0 records out
> 536870912 bytes (537 MB) copied, 13.8827 s, 38.7 MB/s
> 131072+0 records in
> 131072+0 records out
> 536870912 bytes (537 MB) copied, 13.8781 s, 38.7 MB/s
> 131072+0 records in
> 131072+0 records out
> 536870912 bytes (537 MB) copied, 13.8737 s, 38.7 MB/s
> 131072+0 records in
> 131072+0 records out
> 536870912 bytes (537 MB) copied, 13.8702 s, 38.7 MB/s
>
> Worst-case Performance
> ----------------------
>
> [dom0]# echo 0 > /sys/module/xen_blkback/parameters/max_buffer_pages
> [instance]$ for i in {1..5}; do dd if=/dev/zero of=file bs=4k count=$((256*512)); sync; done
> 131072+0 records in
> 131072+0 records out
> 536870912 bytes (537 MB) copied, 11.7257 s, 45.8 MB/s
> 131072+0 records in
> 131072+0 records out
> 536870912 bytes (537 MB) copied, 13.878 s, 38.7 MB/s
> 131072+0 records in
> 131072+0 records out
> 536870912 bytes (537 MB) copied, 13.8746 s, 38.7 MB/s
> 131072+0 records in
> 131072+0 records out
> 536870912 bytes (537 MB) copied, 13.8786 s, 38.7 MB/s
> 131072+0 records in
> 131072+0 records out
> 536870912 bytes (537 MB) copied, 13.8749 s, 38.7 MB/s
>
> In short, even worst case squeezing makes no visible performance
> degradation.
I would argue that with a ~40MB/s throughput you won't see any
performance difference at all regardless of the size of the pool of
free pages or the amount of persistent grants because the bottleneck is
on the storage performance itself.
You need to test this using nullblk or some kind of fast storage, or
else the above figures are not going to reflect any changes you make
because they are hidden by the poor performance of the underlying
storage.
> I think this is due to the slow speed of the I/O. In
> other words, the additional page allocation overhead is hidden under the
> much slower I/O latency.
>
> Nevertheless, pleaset note that this is just a very simple and minimal
> test.
I would like to add that IMO this is papering over an existing issue,
which is how pages to be used to map grants are allocated. Grant
mappings _shouldn't_ consume RAM pages in the first place, and IIRC
the fact that they do is because Linux balloons out memory in order to
re-use those pages to map grants and have a valid page struct.
A way to solve this would be to hotplug a fake memory region and use
it in order to map grant pages, without having to balloon out RAM
regions. At the end of day on a PV domain mapping a grant should just
require virtual address space.
This is going to get even worse for PVH that requires a physical memory
address in order to map a grant, but that's another story.
>
> Reviewed-by: Juergen Gross <jgross@suse.com>
> Signed-off-by: SeongJae Park <sjpark@amazon.de>
> ---
> drivers/block/xen-blkback/blkback.c | 23 +++++++++++++++++++++--
> drivers/block/xen-blkback/common.h | 1 +
> drivers/block/xen-blkback/xenbus.c | 3 ++-
> 3 files changed, 24 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/block/xen-blkback/blkback.c b/drivers/block/xen-blkback/blkback.c
> index fd1e19f1a49f..4d4dba7ea721 100644
> --- a/drivers/block/xen-blkback/blkback.c
> +++ b/drivers/block/xen-blkback/blkback.c
> @@ -142,6 +142,22 @@ static inline bool persistent_gnt_timeout(struct persistent_gnt *persistent_gnt)
> HZ * xen_blkif_pgrant_timeout);
> }
>
> +/* Once a memory pressure is detected, squeeze free page pools for a while. */
> +static int xen_blkif_buffer_squeeze_duration_ms = 10;
unsigned?
You can likely drop the xen_blkif prefix since this is a static
variable.
> +module_param_named(buffer_squeeze_duration_ms,
> + xen_blkif_buffer_squeeze_duration_ms, int, 0644);
> +MODULE_PARM_DESC(buffer_squeeze_duration_ms,
> +"Duration in ms to squeeze pages buffer when a memory pressure is detected");
> +
> +static unsigned long xen_blk_buffer_squeeze_end;
> +
> +unsigned xen_blkbk_reclaim(struct xenbus_device *dev)
> +{
> + xen_blk_buffer_squeeze_end = jiffies +
> + msecs_to_jiffies(xen_blkif_buffer_squeeze_duration_ms);
> + return 0;
> +}
> +
> static inline int get_free_page(struct xen_blkif_ring *ring, struct page **page)
> {
> unsigned long flags;
> @@ -656,8 +672,11 @@ int xen_blkif_schedule(void *arg)
> ring->next_lru = jiffies + msecs_to_jiffies(LRU_INTERVAL);
> }
>
> - /* Shrink if we have more than xen_blkif_max_buffer_pages */
> - shrink_free_pagepool(ring, xen_blkif_max_buffer_pages);
> + /* Shrink the free pages pool if it is too large. */
> + if (time_before(jiffies, xen_blk_buffer_squeeze_end))
> + shrink_free_pagepool(ring, 0);
> + else
> + shrink_free_pagepool(ring, xen_blkif_max_buffer_pages);
>
> if (log_stats && time_after(jiffies, ring->st_print))
> print_stats(ring);
> diff --git a/drivers/block/xen-blkback/common.h b/drivers/block/xen-blkback/common.h
> index 1d3002d773f7..c0334cda79fe 100644
> --- a/drivers/block/xen-blkback/common.h
> +++ b/drivers/block/xen-blkback/common.h
> @@ -383,6 +383,7 @@ irqreturn_t xen_blkif_be_int(int irq, void *dev_id);
> int xen_blkif_schedule(void *arg);
> int xen_blkif_purge_persistent(void *arg);
> void xen_blkbk_free_caches(struct xen_blkif_ring *ring);
> +unsigned xen_blkbk_reclaim(struct xenbus_device *dev);
>
> int xen_blkbk_flush_diskcache(struct xenbus_transaction xbt,
> struct backend_info *be, int state);
> diff --git a/drivers/block/xen-blkback/xenbus.c b/drivers/block/xen-blkback/xenbus.c
> index b90dbcd99c03..de49a09e6933 100644
> --- a/drivers/block/xen-blkback/xenbus.c
> +++ b/drivers/block/xen-blkback/xenbus.c
> @@ -1115,7 +1115,8 @@ static struct xenbus_driver xen_blkbk_driver = {
> .ids = xen_blkbk_ids,
> .probe = xen_blkbk_probe,
> .remove = xen_blkbk_remove,
> - .otherend_changed = frontend_changed
> + .otherend_changed = frontend_changed,
> + .reclaim = xen_blkbk_reclaim
While at it please add the ending comma so that new addition don't
have to modify the previous line.
Thanks, Roger.
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: Re: [PATCH v5 1/2] xenbus/backend: Add memory pressure handler callback
2019-12-10 10:16 ` Roger Pau Monné
2019-12-10 10:21 ` [Xen-devel] " Roger Pau Monné
@ 2019-12-11 3:50 ` SeongJae Park
2019-12-11 10:51 ` Roger Pau Monné
1 sibling, 1 reply; 14+ messages in thread
From: SeongJae Park @ 2019-12-11 3:50 UTC (permalink / raw)
To: roger.pau
Cc: sjpark, axboe, konrad.wilk, linux-block, linux-kernel, pdurrant,
xen-devel, SeongJae Park, sj38.park
On Tue, 10 Dec 2019 11:16:35 +0100 "Roger Pau Monné" <roger.pau@citrix.com> wrote:
> > Granting pages consumes backend system memory. In systems configured
> > with insufficient spare memory for those pages, it can cause a memory
> > pressure situation. However, finding the optimal amount of the spare
> > memory is challenging for large systems having dynamic resource
> > utilization patterns. Also, such a static configuration might lack a
>
> s/lack a/lack/
>
> > flexibility.
> >
> > To mitigate such problems, this commit adds a memory reclaim callback to
> > 'xenbus_driver'. Using this facility, 'xenbus' would be able to monitor
> > a memory pressure and request specific devices of specific backend
>
> s/monitor a/monitor/
>
> > drivers which causing the given pressure to voluntarily release its
>
> ...which are causing...
>
> > memory.
> >
> > That said, this commit simply requests every callback registered driver
> > to release its memory for every domain, rather than issueing the
>
> s/issueing/issuing/
>
> > requests to the drivers and the domain in charge. Such things will be
>
> I'm afraid I don't understand the "domain in charge" part of this
> sentence.
>
> > done in a futur. Also, this commit focuses on memory only. However, it
>
> ... done in a future change. Also I think the period after only should
> be removed in order to tie both sentences together.
>
> > would be ablt to be extended for general resources.
>
> s/ablt/able/
>
> >
> > Signed-off-by: SeongJae Park <sjpark@amazon.de>
> > ---
> > drivers/xen/xenbus/xenbus_probe_backend.c | 31 +++++++++++++++++++++++
> > include/xen/xenbus.h | 1 +
> > 2 files changed, 32 insertions(+)
> >
> > diff --git a/drivers/xen/xenbus/xenbus_probe_backend.c b/drivers/xen/xenbus/xenbus_probe_backend.c
> > index b0bed4faf44c..5a5ba29e39df 100644
> > --- a/drivers/xen/xenbus/xenbus_probe_backend.c
> > +++ b/drivers/xen/xenbus/xenbus_probe_backend.c
> > @@ -248,6 +248,34 @@ static int backend_probe_and_watch(struct notifier_block *notifier,
> > return NOTIFY_DONE;
> > }
> >
> > +static int xenbus_backend_reclaim(struct device *dev, void *data)
> > +{
> > + struct xenbus_driver *drv;
>
> Newline and const.
>
> > + if (!dev->driver)
> > + return -ENOENT;
> > + drv = to_xenbus_driver(dev->driver);
> > + if (drv && drv->reclaim)
> > + drv->reclaim(to_xenbus_device(dev));
>
> You seem to completely ignore the return of the reclaim hook...
>
> > + return 0;
> > +}
> > +
> > +/*
> > + * Returns 0 always because we are using shrinker to only detect memory
> > + * pressure.
> > + */
> > +static unsigned long xenbus_backend_shrink_count(struct shrinker *shrinker,
> > + struct shrink_control *sc)
> > +{
> > + bus_for_each_dev(&xenbus_backend.bus, NULL, NULL,
> > + xenbus_backend_reclaim);
> > + return 0;
> > +}
> > +
> > +static struct shrinker xenbus_backend_shrinker = {
> > + .count_objects = xenbus_backend_shrink_count,
> > + .seeks = DEFAULT_SEEKS,
> > +};
> > +
> > static int __init xenbus_probe_backend_init(void)
> > {
> > static struct notifier_block xenstore_notifier = {
> > @@ -264,6 +292,9 @@ static int __init xenbus_probe_backend_init(void)
> >
> > register_xenstore_notifier(&xenstore_notifier);
> >
> > + if (register_shrinker(&xenbus_backend_shrinker))
> > + pr_warn("shrinker registration failed\n");
> > +
> > return 0;
> > }
> > subsys_initcall(xenbus_probe_backend_init);
> > diff --git a/include/xen/xenbus.h b/include/xen/xenbus.h
> > index 869c816d5f8c..cdb075e4182f 100644
> > --- a/include/xen/xenbus.h
> > +++ b/include/xen/xenbus.h
> > @@ -104,6 +104,7 @@ struct xenbus_driver {
> > struct device_driver driver;
> > int (*read_otherend_details)(struct xenbus_device *dev);
> > int (*is_ready)(struct xenbus_device *dev);
> > + unsigned (*reclaim)(struct xenbus_device *dev);
>
> ... hence I wonder why it's returning an unsigned when it's just
> ignored.
>
> IMO it should return an int to signal errors, and the return should be
> ignored.
I first thought similarly and set the callback to return something. However,
as this callback is called to simply notify the memory pressure and ask the
driver to free its memory as many as possible, I couldn't easily imagine what
kind of errors that need to be handled by its caller can occur in the callback,
especially because current blkback's callback implementation has no such error.
So, if you and others agree, I would like to simply set the return type to
'void' for now and defer the error handling to a future change.
>
> Also, I think it would preferable for this function to take an extra
> parameter to describe the resource the driver should attempt to free
> (ie: memory or interrupts for example). I'm however not able to find
> any existing Linux type to describe such resources.
Yes, such extention would be the right direction. However, because there is no
existing Linux type to describe the type of resources to reclaim as you also
mentioned, there could be many different opinions about its implementation
detail. In my opinion, it could be also possible to simply add another
callback for another resource type. That said, because currently we have an
use case and an implementation for the memory pressure only, I would like to
let it as is for now and defer the extension as a future work, if you and
others have no objection.
Thanks,
SeongJae Park
>
> Thanks, Roger.
>
>
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: Re: [PATCH v5 2/2] xen/blkback: Squeeze page pools if a memory pressure is detected
2019-12-10 11:04 ` Roger Pau Monné
@ 2019-12-11 4:08 ` SeongJae Park
2019-12-11 11:14 ` Roger Pau Monné
0 siblings, 1 reply; 14+ messages in thread
From: SeongJae Park @ 2019-12-11 4:08 UTC (permalink / raw)
To: Roger Pau Monné
Cc: sjpark, axboe, konrad.wilk, linux-block, linux-kernel, pdurrant,
xen-devel, SeongJae Park, sj38.park
On Tue, 10 Dec 2019 12:04:32 +0100 "Roger Pau Monné" <roger.pau@citrix.com> wrote:
> > Each `blkif` has a free pages pool for the grant mapping. The size of
> > the pool starts from zero and be increased on demand while processing
> > the I/O requests. If current I/O requests handling is finished or 100
> > milliseconds has passed since last I/O requests handling, it checks and
> > shrinks the pool to not exceed the size limit, `max_buffer_pages`.
> >
> > Therefore, `blkfront` running guests can cause a memory pressure in the
> > `blkback` running guest by attaching a large number of block devices and
> > inducing I/O.
>
> Hm, I don't think this is actually true. blkfront cannot attach an
> arbitrary number of devices, blkfront is just a frontend for a device
> that's instantiated by the Xen toolstack, so it's the toolstack the one
> that controls the amount of PV block devices.
Right, the problem can occur only if it is mis-configured so that the frontend
running guests can attach a large number of devices which is enough to cause
the memory pressure. I tried to explain it in below paragraph, but seems above
paragraph is a little bit confusing. I will wordsmith the sentence in the next
version.
>
> > System administrators can avoid such problematic
> > situations by limiting the maximum number of devices each guest can
> > attach. However, finding the optimal limit is not so easy. Improper
> > set of the limit can results in the memory pressure or a resource
> > underutilization. This commit avoids such problematic situations by
> > squeezing the pools (returns every free page in the pool to the system)
> > for a while (users can set this duration via a module parameter) if a
> > memory pressure is detected.
> >
> > Discussions
> > ===========
> >
> > The `blkback`'s original shrinking mechanism returns only pages in the
> > pool, which are not currently be used by `blkback`, to the system. In
> > other words, the pages are not mapped with foreign pages. Because this
> ^ that ^ granted
> > commit is changing only the shrink limit but uses the mechanism as is,
> > this commit does not introduce improper mappings related security
> > issues.
>
> That last sentence is hard to parse. I think something like:
>
> "Because this commit is changing only the shrink limit but still uses the
> same freeing mechanism it does not touch pages which are currently
> mapping grants."
>
> >
> > Once a memory pressure is detected, this commit keeps the squeezing
> > limit for a user-specified time duration. The duration should be
> > neither too long nor too short. If it is too long, the squeezing
> > incurring overhead can reduce the I/O performance. If it is too short,
> > `blkback` will not free enough pages to reduce the memory pressure.
> > This commit sets the value as `10 milliseconds` by default because it is
> > a short time in terms of I/O while it is a long time in terms of memory
> > operations. Also, as the original shrinking mechanism works for at
> > least every 100 milliseconds, this could be a somewhat reasonable
> > choice. I also tested other durations (refer to the below section for
> > more details) and confirmed that 10 milliseconds is the one that works
> > best with the test. That said, the proper duration depends on actual
> > configurations and workloads. That's why this commit is allowing users
> ^ allows
> > to set it as their optimal value via the module parameter.
>
> ... to set the duration as a module parameter.
Thank you for great suggestions, I will apply those.
>
> >
> > Memory Pressure Test
> > ====================
> >
> > To show how this commit fixes the memory pressure situation well, I
> > configured a test environment on a xen-running virtualization system.
> > On the `blkfront` running guest instances, I attach a large number of
> > network-backed volume devices and induce I/O to those. Meanwhile, I
> > measure the number of pages that swapped in and out on the `blkback`
> > running guest. The test ran twice, once for the `blkback` before this
> > commit and once for that after this commit. As shown below, this commit
> > has dramatically reduced the memory pressure:
> >
> > pswpin pswpout
>
> I assume pswpin means 'pages swapped in' and pswpout 'pages swapped
> out'. Might be good to add a note to that effect.
Good point! I will add the note.
>
> > before 76,672 185,799
> > after 212 3,325
> >
> > Optimal Aggressive Shrinking Duration
> > -------------------------------------
> >
> > To find a best squeezing duration, I repeated the test with three
> > different durations (1ms, 10ms, and 100ms). The results are as below:
> >
> > duration pswpin pswpout
> > 1 852 6,424
> > 10 212 3,325
> > 100 203 3,340
> >
> > As expected, the memory pressure has decreased as the duration is
> > increased, but the reduction stopped from the `10ms`. Based on this
> > results, I chose the default duration as 10ms.
> >
> > Performance Overhead Test
> > =========================
> >
> > This commit could incur I/O performance degradation under severe memory
> > pressure because the squeezing will require more page allocations per
> > I/O. To show the overhead, I artificially made a worst-case squeezing
> > situation and measured the I/O performance of a `blkfront` running
> > guest.
> >
> > For the artificial squeezing, I set the `blkback.max_buffer_pages` using
> > the `/sys/module/xen_blkback/parameters/max_buffer_pages` file. We set
> > the value to `1024` and `0`. The `1024` is the default value. Setting
> > the value as `0` is same to a situation doing the squeezing always
> > (worst-case).
> >
> > For the I/O performance measurement, I use a simple `dd` command.
> >
> > Default Performance
> > -------------------
> >
> > [dom0]# echo 1024 > /sys/module/xen_blkback/parameters/max_buffer_pages
> > [instance]$ for i in {1..5}; do dd if=/dev/zero of=file bs=4k count=$((256*512)); sync; done
> > 131072+0 records in
> > 131072+0 records out
> > 536870912 bytes (537 MB) copied, 11.7257 s, 45.8 MB/s
> > 131072+0 records in
> > 131072+0 records out
> > 536870912 bytes (537 MB) copied, 13.8827 s, 38.7 MB/s
> > 131072+0 records in
> > 131072+0 records out
> > 536870912 bytes (537 MB) copied, 13.8781 s, 38.7 MB/s
> > 131072+0 records in
> > 131072+0 records out
> > 536870912 bytes (537 MB) copied, 13.8737 s, 38.7 MB/s
> > 131072+0 records in
> > 131072+0 records out
> > 536870912 bytes (537 MB) copied, 13.8702 s, 38.7 MB/s
> >
> > Worst-case Performance
> > ----------------------
> >
> > [dom0]# echo 0 > /sys/module/xen_blkback/parameters/max_buffer_pages
> > [instance]$ for i in {1..5}; do dd if=/dev/zero of=file bs=4k count=$((256*512)); sync; done
> > 131072+0 records in
> > 131072+0 records out
> > 536870912 bytes (537 MB) copied, 11.7257 s, 45.8 MB/s
> > 131072+0 records in
> > 131072+0 records out
> > 536870912 bytes (537 MB) copied, 13.878 s, 38.7 MB/s
> > 131072+0 records in
> > 131072+0 records out
> > 536870912 bytes (537 MB) copied, 13.8746 s, 38.7 MB/s
> > 131072+0 records in
> > 131072+0 records out
> > 536870912 bytes (537 MB) copied, 13.8786 s, 38.7 MB/s
> > 131072+0 records in
> > 131072+0 records out
> > 536870912 bytes (537 MB) copied, 13.8749 s, 38.7 MB/s
> >
> > In short, even worst case squeezing makes no visible performance
> > degradation.
>
> I would argue that with a ~40MB/s throughput you won't see any
> performance difference at all regardless of the size of the pool of
> free pages or the amount of persistent grants because the bottleneck is
> on the storage performance itself.
>
> You need to test this using nullblk or some kind of fast storage, or
> else the above figures are not going to reflect any changes you make
> because they are hidden by the poor performance of the underlying
> storage.
Yes, agree that. My test is just a minimal check for my environment. I will
note the points and concerns in the commit message.
>
> > I think this is due to the slow speed of the I/O. In
> > other words, the additional page allocation overhead is hidden under the
> > much slower I/O latency.
> >
> > Nevertheless, pleaset note that this is just a very simple and minimal
> > test.
>
> I would like to add that IMO this is papering over an existing issue,
> which is how pages to be used to map grants are allocated. Grant
> mappings _shouldn't_ consume RAM pages in the first place, and IIRC
> the fact that they do is because Linux balloons out memory in order to
> re-use those pages to map grants and have a valid page struct.
>
> A way to solve this would be to hotplug a fake memory region and use
> it in order to map grant pages, without having to balloon out RAM
> regions. At the end of day on a PV domain mapping a grant should just
> require virtual address space.
>
> This is going to get even worse for PVH that requires a physical memory
> address in order to map a grant, but that's another story.
Yes, as Paul also pointed out and suggested, we should consider a structural
solution in a big picture. Until the big change is ready, this simple solution
would work as a point fix.
>
> >
> > Reviewed-by: Juergen Gross <jgross@suse.com>
> > Signed-off-by: SeongJae Park <sjpark@amazon.de>
> > ---
> > drivers/block/xen-blkback/blkback.c | 23 +++++++++++++++++++++--
> > drivers/block/xen-blkback/common.h | 1 +
> > drivers/block/xen-blkback/xenbus.c | 3 ++-
> > 3 files changed, 24 insertions(+), 3 deletions(-)
> >
> > diff --git a/drivers/block/xen-blkback/blkback.c b/drivers/block/xen-blkback/blkback.c
> > index fd1e19f1a49f..4d4dba7ea721 100644
> > --- a/drivers/block/xen-blkback/blkback.c
> > +++ b/drivers/block/xen-blkback/blkback.c
> > @@ -142,6 +142,22 @@ static inline bool persistent_gnt_timeout(struct persistent_gnt *persistent_gnt)
> > HZ * xen_blkif_pgrant_timeout);
> > }
> >
> > +/* Once a memory pressure is detected, squeeze free page pools for a while. */
> > +static int xen_blkif_buffer_squeeze_duration_ms = 10;
>
> unsigned?
Good eye!
>
> You can likely drop the xen_blkif prefix since this is a static
> variable.
You're right! I will also remove the prefix for other static variables, too.
>
> > +module_param_named(buffer_squeeze_duration_ms,
> > + xen_blkif_buffer_squeeze_duration_ms, int, 0644);
> > +MODULE_PARM_DESC(buffer_squeeze_duration_ms,
> > +"Duration in ms to squeeze pages buffer when a memory pressure is detected");
> > +
> > +static unsigned long xen_blk_buffer_squeeze_end;
> > +
> > +unsigned xen_blkbk_reclaim(struct xenbus_device *dev)
> > +{
> > + xen_blk_buffer_squeeze_end = jiffies +
> > + msecs_to_jiffies(xen_blkif_buffer_squeeze_duration_ms);
> > + return 0;
> > +}
> > +
> > static inline int get_free_page(struct xen_blkif_ring *ring, struct page **page)
> > {
> > unsigned long flags;
> > @@ -656,8 +672,11 @@ int xen_blkif_schedule(void *arg)
> > ring->next_lru = jiffies + msecs_to_jiffies(LRU_INTERVAL);
> > }
> >
> > - /* Shrink if we have more than xen_blkif_max_buffer_pages */
> > - shrink_free_pagepool(ring, xen_blkif_max_buffer_pages);
> > + /* Shrink the free pages pool if it is too large. */
> > + if (time_before(jiffies, xen_blk_buffer_squeeze_end))
> > + shrink_free_pagepool(ring, 0);
> > + else
> > + shrink_free_pagepool(ring, xen_blkif_max_buffer_pages);
> >
> > if (log_stats && time_after(jiffies, ring->st_print))
> > print_stats(ring);
> > diff --git a/drivers/block/xen-blkback/common.h b/drivers/block/xen-blkback/common.h
> > index 1d3002d773f7..c0334cda79fe 100644
> > --- a/drivers/block/xen-blkback/common.h
> > +++ b/drivers/block/xen-blkback/common.h
> > @@ -383,6 +383,7 @@ irqreturn_t xen_blkif_be_int(int irq, void *dev_id);
> > int xen_blkif_schedule(void *arg);
> > int xen_blkif_purge_persistent(void *arg);
> > void xen_blkbk_free_caches(struct xen_blkif_ring *ring);
> > +unsigned xen_blkbk_reclaim(struct xenbus_device *dev);
> >
> > int xen_blkbk_flush_diskcache(struct xenbus_transaction xbt,
> > struct backend_info *be, int state);
> > diff --git a/drivers/block/xen-blkback/xenbus.c b/drivers/block/xen-blkback/xenbus.c
> > index b90dbcd99c03..de49a09e6933 100644
> > --- a/drivers/block/xen-blkback/xenbus.c
> > +++ b/drivers/block/xen-blkback/xenbus.c
> > @@ -1115,7 +1115,8 @@ static struct xenbus_driver xen_blkbk_driver = {
> > .ids = xen_blkbk_ids,
> > .probe = xen_blkbk_probe,
> > .remove = xen_blkbk_remove,
> > - .otherend_changed = frontend_changed
> > + .otherend_changed = frontend_changed,
> > + .reclaim = xen_blkbk_reclaim
>
> While at it please add the ending comma so that new addition don't
> have to modify the previous line.
Yes, I will add the comma!
Thanks,
SeongJae Park
>
> Thanks, Roger.
>
>
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: Re: [PATCH v5 1/2] xenbus/backend: Add memory pressure handler callback
2019-12-11 3:50 ` SeongJae Park
@ 2019-12-11 10:51 ` Roger Pau Monné
2019-12-11 11:52 ` SeongJae Park
0 siblings, 1 reply; 14+ messages in thread
From: Roger Pau Monné @ 2019-12-11 10:51 UTC (permalink / raw)
To: SeongJae Park
Cc: sjpark, axboe, konrad.wilk, linux-block, linux-kernel, pdurrant,
xen-devel, SeongJae Park
On Wed, Dec 11, 2019 at 04:50:58AM +0100, SeongJae Park wrote:
> On Tue, 10 Dec 2019 11:16:35 +0100 "Roger Pau Monné" <roger.pau@citrix.com> wrote:
> > > diff --git a/include/xen/xenbus.h b/include/xen/xenbus.h
> > > index 869c816d5f8c..cdb075e4182f 100644
> > > --- a/include/xen/xenbus.h
> > > +++ b/include/xen/xenbus.h
> > > @@ -104,6 +104,7 @@ struct xenbus_driver {
> > > struct device_driver driver;
> > > int (*read_otherend_details)(struct xenbus_device *dev);
> > > int (*is_ready)(struct xenbus_device *dev);
> > > + unsigned (*reclaim)(struct xenbus_device *dev);
> >
> > ... hence I wonder why it's returning an unsigned when it's just
> > ignored.
> >
> > IMO it should return an int to signal errors, and the return should be
> > ignored.
>
> I first thought similarly and set the callback to return something. However,
> as this callback is called to simply notify the memory pressure and ask the
> driver to free its memory as many as possible, I couldn't easily imagine what
> kind of errors that need to be handled by its caller can occur in the callback,
> especially because current blkback's callback implementation has no such error.
> So, if you and others agree, I would like to simply set the return type to
> 'void' for now and defer the error handling to a future change.
Yes, I also wondered the same, but seeing you returned an integer I
assumed there was interest in returning some kind of value. If there's
nothing to return let's just make it void.
> >
> > Also, I think it would preferable for this function to take an extra
> > parameter to describe the resource the driver should attempt to free
> > (ie: memory or interrupts for example). I'm however not able to find
> > any existing Linux type to describe such resources.
>
> Yes, such extention would be the right direction. However, because there is no
> existing Linux type to describe the type of resources to reclaim as you also
> mentioned, there could be many different opinions about its implementation
> detail. In my opinion, it could be also possible to simply add another
> callback for another resource type. That said, because currently we have an
> use case and an implementation for the memory pressure only, I would like to
> let it as is for now and defer the extension as a future work, if you and
> others have no objection.
Ack, can I please ask the callback to be named reclaim_memory or some
such then?
Thanks, Roger.
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: Re: [PATCH v5 2/2] xen/blkback: Squeeze page pools if a memory pressure is detected
2019-12-11 4:08 ` SeongJae Park
@ 2019-12-11 11:14 ` Roger Pau Monné
2019-12-11 11:52 ` SeongJae Park
0 siblings, 1 reply; 14+ messages in thread
From: Roger Pau Monné @ 2019-12-11 11:14 UTC (permalink / raw)
To: SeongJae Park
Cc: sjpark, axboe, konrad.wilk, linux-block, linux-kernel, pdurrant,
xen-devel, SeongJae Park
Hello,
I see that you have already sent v6, for future iterations can you
please wait until the conversation on the previous version has been
settled?
I'm still replying to your replies to v5, and hence you should hold off
sending v6 until we get some kind of conclusion/agreement.
On Wed, Dec 11, 2019 at 05:08:12AM +0100, SeongJae Park wrote:
> On Tue, 10 Dec 2019 12:04:32 +0100 "Roger Pau Monné" <roger.pau@citrix.com> wrote:
>
> > > Each `blkif` has a free pages pool for the grant mapping. The size of
> > > the pool starts from zero and be increased on demand while processing
> > > the I/O requests. If current I/O requests handling is finished or 100
> > > milliseconds has passed since last I/O requests handling, it checks and
> > > shrinks the pool to not exceed the size limit, `max_buffer_pages`.
> > >
> > > Therefore, `blkfront` running guests can cause a memory pressure in the
> > > `blkback` running guest by attaching a large number of block devices and
> > > inducing I/O.
> >
> > Hm, I don't think this is actually true. blkfront cannot attach an
> > arbitrary number of devices, blkfront is just a frontend for a device
> > that's instantiated by the Xen toolstack, so it's the toolstack the one
> > that controls the amount of PV block devices.
>
> Right, the problem can occur only if it is mis-configured so that the frontend
> running guests can attach a large number of devices which is enough to cause
> the memory pressure. I tried to explain it in below paragraph, but seems above
> paragraph is a little bit confusing. I will wordsmith the sentence in the next
> version.
I would word it along these lines:
"Host administrators can cause memory pressure in blkback by attaching
a large number of block devices and inducing I/O."
> >
> > > System administrators can avoid such problematic
> > > situations by limiting the maximum number of devices each guest can
> > > attach. However, finding the optimal limit is not so easy. Improper
> > > set of the limit can results in the memory pressure or a resource
> > > underutilization. This commit avoids such problematic situations by
> > > squeezing the pools (returns every free page in the pool to the system)
> > > for a while (users can set this duration via a module parameter) if a
> > > memory pressure is detected.
> > >
> > > Discussions
> > > ===========
> > >
> > > The `blkback`'s original shrinking mechanism returns only pages in the
> > > pool, which are not currently be used by `blkback`, to the system. In
> > > other words, the pages are not mapped with foreign pages. Because this
> > ^ that ^ granted
> > > commit is changing only the shrink limit but uses the mechanism as is,
> > > this commit does not introduce improper mappings related security
> > > issues.
> >
> > That last sentence is hard to parse. I think something like:
> >
> > "Because this commit is changing only the shrink limit but still uses the
> > same freeing mechanism it does not touch pages which are currently
> > mapping grants."
> >
> > >
> > > Once a memory pressure is detected, this commit keeps the squeezing
> > > limit for a user-specified time duration. The duration should be
> > > neither too long nor too short. If it is too long, the squeezing
> > > incurring overhead can reduce the I/O performance. If it is too short,
> > > `blkback` will not free enough pages to reduce the memory pressure.
> > > This commit sets the value as `10 milliseconds` by default because it is
> > > a short time in terms of I/O while it is a long time in terms of memory
> > > operations. Also, as the original shrinking mechanism works for at
> > > least every 100 milliseconds, this could be a somewhat reasonable
> > > choice. I also tested other durations (refer to the below section for
> > > more details) and confirmed that 10 milliseconds is the one that works
> > > best with the test. That said, the proper duration depends on actual
> > > configurations and workloads. That's why this commit is allowing users
> > ^ allows
> > > to set it as their optimal value via the module parameter.
> >
> > ... to set the duration as a module parameter.
>
> Thank you for great suggestions, I will apply those.
>
> >
> > >
> > > Memory Pressure Test
> > > ====================
> > >
> > > To show how this commit fixes the memory pressure situation well, I
> > > configured a test environment on a xen-running virtualization system.
> > > On the `blkfront` running guest instances, I attach a large number of
> > > network-backed volume devices and induce I/O to those. Meanwhile, I
> > > measure the number of pages that swapped in and out on the `blkback`
> > > running guest. The test ran twice, once for the `blkback` before this
> > > commit and once for that after this commit. As shown below, this commit
> > > has dramatically reduced the memory pressure:
> > >
> > > pswpin pswpout
> >
> > I assume pswpin means 'pages swapped in' and pswpout 'pages swapped
> > out'. Might be good to add a note to that effect.
>
> Good point! I will add the note.
>
> >
> > > before 76,672 185,799
> > > after 212 3,325
> > >
> > > Optimal Aggressive Shrinking Duration
> > > -------------------------------------
> > >
> > > To find a best squeezing duration, I repeated the test with three
> > > different durations (1ms, 10ms, and 100ms). The results are as below:
> > >
> > > duration pswpin pswpout
> > > 1 852 6,424
> > > 10 212 3,325
> > > 100 203 3,340
> > >
> > > As expected, the memory pressure has decreased as the duration is
> > > increased, but the reduction stopped from the `10ms`. Based on this
> > > results, I chose the default duration as 10ms.
> > >
> > > Performance Overhead Test
> > > =========================
> > >
> > > This commit could incur I/O performance degradation under severe memory
> > > pressure because the squeezing will require more page allocations per
> > > I/O. To show the overhead, I artificially made a worst-case squeezing
> > > situation and measured the I/O performance of a `blkfront` running
> > > guest.
> > >
> > > For the artificial squeezing, I set the `blkback.max_buffer_pages` using
> > > the `/sys/module/xen_blkback/parameters/max_buffer_pages` file. We set
> > > the value to `1024` and `0`. The `1024` is the default value. Setting
> > > the value as `0` is same to a situation doing the squeezing always
> > > (worst-case).
> > >
> > > For the I/O performance measurement, I use a simple `dd` command.
> > >
> > > Default Performance
> > > -------------------
> > >
> > > [dom0]# echo 1024 > /sys/module/xen_blkback/parameters/max_buffer_pages
> > > [instance]$ for i in {1..5}; do dd if=/dev/zero of=file bs=4k count=$((256*512)); sync; done
> > > 131072+0 records in
> > > 131072+0 records out
> > > 536870912 bytes (537 MB) copied, 11.7257 s, 45.8 MB/s
> > > 131072+0 records in
> > > 131072+0 records out
> > > 536870912 bytes (537 MB) copied, 13.8827 s, 38.7 MB/s
> > > 131072+0 records in
> > > 131072+0 records out
> > > 536870912 bytes (537 MB) copied, 13.8781 s, 38.7 MB/s
> > > 131072+0 records in
> > > 131072+0 records out
> > > 536870912 bytes (537 MB) copied, 13.8737 s, 38.7 MB/s
> > > 131072+0 records in
> > > 131072+0 records out
> > > 536870912 bytes (537 MB) copied, 13.8702 s, 38.7 MB/s
While this is useful, it's kind of too verbose IMO. If you need to do
this kind of performance comparisons I would recommend using ministat
(available at least on Debian and FreeBSD) in order to plot the
results and give the std deviation and statistical difference given a
confidence level.
The output of ministat can be pasted in the commit message, since it's
a text based tool.
> > >
> > > Worst-case Performance
> > > ----------------------
> > >
> > > [dom0]# echo 0 > /sys/module/xen_blkback/parameters/max_buffer_pages
> > > [instance]$ for i in {1..5}; do dd if=/dev/zero of=file bs=4k count=$((256*512)); sync; done
> > > 131072+0 records in
> > > 131072+0 records out
> > > 536870912 bytes (537 MB) copied, 11.7257 s, 45.8 MB/s
> > > 131072+0 records in
> > > 131072+0 records out
> > > 536870912 bytes (537 MB) copied, 13.878 s, 38.7 MB/s
> > > 131072+0 records in
> > > 131072+0 records out
> > > 536870912 bytes (537 MB) copied, 13.8746 s, 38.7 MB/s
> > > 131072+0 records in
> > > 131072+0 records out
> > > 536870912 bytes (537 MB) copied, 13.8786 s, 38.7 MB/s
> > > 131072+0 records in
> > > 131072+0 records out
> > > 536870912 bytes (537 MB) copied, 13.8749 s, 38.7 MB/s
> > >
> > > In short, even worst case squeezing makes no visible performance
> > > degradation.
> >
> > I would argue that with a ~40MB/s throughput you won't see any
> > performance difference at all regardless of the size of the pool of
> > free pages or the amount of persistent grants because the bottleneck is
> > on the storage performance itself.
> >
> > You need to test this using nullblk or some kind of fast storage, or
> > else the above figures are not going to reflect any changes you make
> > because they are hidden by the poor performance of the underlying
> > storage.
>
> Yes, agree that. My test is just a minimal check for my environment. I will
> note the points and concerns in the commit message.
I'm afraid that just adding a note about this concerns is not enough.
We should make sure that this change doesn't regress the current
performance of fast storage backends, and hence I have to ask you to
test with null_blk or a fast storage and provide the figures.
> >
> > > I think this is due to the slow speed of the I/O. In
> > > other words, the additional page allocation overhead is hidden under the
> > > much slower I/O latency.
> > >
> > > Nevertheless, pleaset note that this is just a very simple and minimal
> > > test.
> >
> > I would like to add that IMO this is papering over an existing issue,
> > which is how pages to be used to map grants are allocated. Grant
> > mappings _shouldn't_ consume RAM pages in the first place, and IIRC
> > the fact that they do is because Linux balloons out memory in order to
> > re-use those pages to map grants and have a valid page struct.
> >
> > A way to solve this would be to hotplug a fake memory region and use
> > it in order to map grant pages, without having to balloon out RAM
> > regions. At the end of day on a PV domain mapping a grant should just
> > require virtual address space.
> >
> > This is going to get even worse for PVH that requires a physical memory
> > address in order to map a grant, but that's another story.
>
> Yes, as Paul also pointed out and suggested, we should consider a structural
> solution in a big picture. Until the big change is ready, this simple solution
> would work as a point fix.
Getting a proper solution would be my preference, in the mean time I
guess it's fine to accept such a bodge, as it's pretty small and
non-intrusive.
Thanks, Roger.
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: Re: Re: [PATCH v5 1/2] xenbus/backend: Add memory pressure handler callback
2019-12-11 10:51 ` Roger Pau Monné
@ 2019-12-11 11:52 ` SeongJae Park
0 siblings, 0 replies; 14+ messages in thread
From: SeongJae Park @ 2019-12-11 11:52 UTC (permalink / raw)
To: Roger Pau Monné
Cc: sjpark, axboe, konrad.wilk, linux-block, linux-kernel, pdurrant,
xen-devel, SeongJae Park
On Wed, 11 Dec 2019 11:51:12 +0100 "Roger Pau Monné" <roger.pau@citrix.com> wrote:
> > On Tue, 10 Dec 2019 11:16:35 +0100 "Roger Pau Monné" <roger.pau@citrix.com> wrote:
> > > > diff --git a/include/xen/xenbus.h b/include/xen/xenbus.h
> > > > index 869c816d5f8c..cdb075e4182f 100644
> > > > --- a/include/xen/xenbus.h
> > > > +++ b/include/xen/xenbus.h
> > > > @@ -104,6 +104,7 @@ struct xenbus_driver {
> > > > struct device_driver driver;
> > > > int (*read_otherend_details)(struct xenbus_device *dev);
> > > > int (*is_ready)(struct xenbus_device *dev);
> > > > + unsigned (*reclaim)(struct xenbus_device *dev);
> > >
> > > ... hence I wonder why it's returning an unsigned when it's just
> > > ignored.
> > >
> > > IMO it should return an int to signal errors, and the return should be
> > > ignored.
> >
> > I first thought similarly and set the callback to return something. However,
> > as this callback is called to simply notify the memory pressure and ask the
> > driver to free its memory as many as possible, I couldn't easily imagine what
> > kind of errors that need to be handled by its caller can occur in the callback,
> > especially because current blkback's callback implementation has no such error.
> > So, if you and others agree, I would like to simply set the return type to
> > 'void' for now and defer the error handling to a future change.
>
> Yes, I also wondered the same, but seeing you returned an integer I
> assumed there was interest in returning some kind of value. If there's
> nothing to return let's just make it void.
>
> > >
> > > Also, I think it would preferable for this function to take an extra
> > > parameter to describe the resource the driver should attempt to free
> > > (ie: memory or interrupts for example). I'm however not able to find
> > > any existing Linux type to describe such resources.
> >
> > Yes, such extention would be the right direction. However, because there is no
> > existing Linux type to describe the type of resources to reclaim as you also
> > mentioned, there could be many different opinions about its implementation
> > detail. In my opinion, it could be also possible to simply add another
> > callback for another resource type. That said, because currently we have an
> > use case and an implementation for the memory pressure only, I would like to
> > let it as is for now and defer the extension as a future work, if you and
> > others have no objection.
>
> Ack, can I please ask the callback to be named reclaim_memory or some
> such then?
Yes, I will change the name.
Thanks,
SeongJae Park
>
> Thanks, Roger.
>
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: Re: Re: [PATCH v5 2/2] xen/blkback: Squeeze page pools if a memory pressure is detected
2019-12-11 11:14 ` Roger Pau Monné
@ 2019-12-11 11:52 ` SeongJae Park
0 siblings, 0 replies; 14+ messages in thread
From: SeongJae Park @ 2019-12-11 11:52 UTC (permalink / raw)
To: Roger Pau Monné
Cc: sjpark, axboe, konrad.wilk, linux-block, linux-kernel, pdurrant,
xen-devel, SeongJae Park
On Wed, 11 Dec 2019 12:14:44 +0100 "Roger Pau Monné" <roger.pau@citrix.com> wrote:
>
> I see that you have already sent v6, for future iterations can you
> please wait until the conversation on the previous version has been
> settled?
>
> I'm still replying to your replies to v5, and hence you should hold off
> sending v6 until we get some kind of conclusion/agreement.
Sorry, I was inpatient.
>
> On Wed, Dec 11, 2019 at 05:08:12AM +0100, SeongJae Park wrote:
> > On Tue, 10 Dec 2019 12:04:32 +0100 "Roger Pau Monné" <roger.pau@citrix.com> wrote:
> >
> > > > Each `blkif` has a free pages pool for the grant mapping. The size of
> > > > the pool starts from zero and be increased on demand while processing
> > > > the I/O requests. If current I/O requests handling is finished or 100
> > > > milliseconds has passed since last I/O requests handling, it checks and
> > > > shrinks the pool to not exceed the size limit, `max_buffer_pages`.
> > > >
> > > > Therefore, `blkfront` running guests can cause a memory pressure in the
> > > > `blkback` running guest by attaching a large number of block devices and
> > > > inducing I/O.
> > >
> > > Hm, I don't think this is actually true. blkfront cannot attach an
> > > arbitrary number of devices, blkfront is just a frontend for a device
> > > that's instantiated by the Xen toolstack, so it's the toolstack the one
> > > that controls the amount of PV block devices.
> >
> > Right, the problem can occur only if it is mis-configured so that the frontend
> > running guests can attach a large number of devices which is enough to cause
> > the memory pressure. I tried to explain it in below paragraph, but seems above
> > paragraph is a little bit confusing. I will wordsmith the sentence in the next
> > version.
>
> I would word it along these lines:
>
> "Host administrators can cause memory pressure in blkback by attaching
> a large number of block devices and inducing I/O."
Hmm, much better :)
>
> > >
> > > > System administrators can avoid such problematic
> > > > situations by limiting the maximum number of devices each guest can
> > > > attach. However, finding the optimal limit is not so easy. Improper
> > > > set of the limit can results in the memory pressure or a resource
> > > > underutilization. This commit avoids such problematic situations by
> > > > squeezing the pools (returns every free page in the pool to the system)
> > > > for a while (users can set this duration via a module parameter) if a
> > > > memory pressure is detected.
> > > >
> > > > Discussions
> > > > ===========
> > > >
> > > > The `blkback`'s original shrinking mechanism returns only pages in the
> > > > pool, which are not currently be used by `blkback`, to the system. In
> > > > other words, the pages are not mapped with foreign pages. Because this
> > > ^ that ^ granted
> > > > commit is changing only the shrink limit but uses the mechanism as is,
> > > > this commit does not introduce improper mappings related security
> > > > issues.
> > >
> > > That last sentence is hard to parse. I think something like:
> > >
> > > "Because this commit is changing only the shrink limit but still uses the
> > > same freeing mechanism it does not touch pages which are currently
> > > mapping grants."
> > >
> > > >
> > > > Once a memory pressure is detected, this commit keeps the squeezing
> > > > limit for a user-specified time duration. The duration should be
> > > > neither too long nor too short. If it is too long, the squeezing
> > > > incurring overhead can reduce the I/O performance. If it is too short,
> > > > `blkback` will not free enough pages to reduce the memory pressure.
> > > > This commit sets the value as `10 milliseconds` by default because it is
> > > > a short time in terms of I/O while it is a long time in terms of memory
> > > > operations. Also, as the original shrinking mechanism works for at
> > > > least every 100 milliseconds, this could be a somewhat reasonable
> > > > choice. I also tested other durations (refer to the below section for
> > > > more details) and confirmed that 10 milliseconds is the one that works
> > > > best with the test. That said, the proper duration depends on actual
> > > > configurations and workloads. That's why this commit is allowing users
> > > ^ allows
> > > > to set it as their optimal value via the module parameter.
> > >
> > > ... to set the duration as a module parameter.
> >
> > Thank you for great suggestions, I will apply those.
> >
> > >
> > > >
> > > > Memory Pressure Test
> > > > ====================
> > > >
> > > > To show how this commit fixes the memory pressure situation well, I
> > > > configured a test environment on a xen-running virtualization system.
> > > > On the `blkfront` running guest instances, I attach a large number of
> > > > network-backed volume devices and induce I/O to those. Meanwhile, I
> > > > measure the number of pages that swapped in and out on the `blkback`
> > > > running guest. The test ran twice, once for the `blkback` before this
> > > > commit and once for that after this commit. As shown below, this commit
> > > > has dramatically reduced the memory pressure:
> > > >
> > > > pswpin pswpout
> > >
> > > I assume pswpin means 'pages swapped in' and pswpout 'pages swapped
> > > out'. Might be good to add a note to that effect.
> >
> > Good point! I will add the note.
> >
> > >
> > > > before 76,672 185,799
> > > > after 212 3,325
> > > >
> > > > Optimal Aggressive Shrinking Duration
> > > > -------------------------------------
> > > >
> > > > To find a best squeezing duration, I repeated the test with three
> > > > different durations (1ms, 10ms, and 100ms). The results are as below:
> > > >
> > > > duration pswpin pswpout
> > > > 1 852 6,424
> > > > 10 212 3,325
> > > > 100 203 3,340
> > > >
> > > > As expected, the memory pressure has decreased as the duration is
> > > > increased, but the reduction stopped from the `10ms`. Based on this
> > > > results, I chose the default duration as 10ms.
> > > >
> > > > Performance Overhead Test
> > > > =========================
> > > >
> > > > This commit could incur I/O performance degradation under severe memory
> > > > pressure because the squeezing will require more page allocations per
> > > > I/O. To show the overhead, I artificially made a worst-case squeezing
> > > > situation and measured the I/O performance of a `blkfront` running
> > > > guest.
> > > >
> > > > For the artificial squeezing, I set the `blkback.max_buffer_pages` using
> > > > the `/sys/module/xen_blkback/parameters/max_buffer_pages` file. We set
> > > > the value to `1024` and `0`. The `1024` is the default value. Setting
> > > > the value as `0` is same to a situation doing the squeezing always
> > > > (worst-case).
> > > >
> > > > For the I/O performance measurement, I use a simple `dd` command.
> > > >
> > > > Default Performance
> > > > -------------------
> > > >
> > > > [dom0]# echo 1024 > /sys/module/xen_blkback/parameters/max_buffer_pages
> > > > [instance]$ for i in {1..5}; do dd if=/dev/zero of=file bs=4k count=$((256*512)); sync; done
> > > > 131072+0 records in
> > > > 131072+0 records out
> > > > 536870912 bytes (537 MB) copied, 11.7257 s, 45.8 MB/s
> > > > 131072+0 records in
> > > > 131072+0 records out
> > > > 536870912 bytes (537 MB) copied, 13.8827 s, 38.7 MB/s
> > > > 131072+0 records in
> > > > 131072+0 records out
> > > > 536870912 bytes (537 MB) copied, 13.8781 s, 38.7 MB/s
> > > > 131072+0 records in
> > > > 131072+0 records out
> > > > 536870912 bytes (537 MB) copied, 13.8737 s, 38.7 MB/s
> > > > 131072+0 records in
> > > > 131072+0 records out
> > > > 536870912 bytes (537 MB) copied, 13.8702 s, 38.7 MB/s
>
> While this is useful, it's kind of too verbose IMO. If you need to do
> this kind of performance comparisons I would recommend using ministat
> (available at least on Debian and FreeBSD) in order to plot the
> results and give the std deviation and statistical difference given a
> confidence level.
>
> The output of ministat can be pasted in the commit message, since it's
> a text based tool.
Nice suggestion. I will use it.
>
> > > >
> > > > Worst-case Performance
> > > > ----------------------
> > > >
> > > > [dom0]# echo 0 > /sys/module/xen_blkback/parameters/max_buffer_pages
> > > > [instance]$ for i in {1..5}; do dd if=/dev/zero of=file bs=4k count=$((256*512)); sync; done
> > > > 131072+0 records in
> > > > 131072+0 records out
> > > > 536870912 bytes (537 MB) copied, 11.7257 s, 45.8 MB/s
> > > > 131072+0 records in
> > > > 131072+0 records out
> > > > 536870912 bytes (537 MB) copied, 13.878 s, 38.7 MB/s
> > > > 131072+0 records in
> > > > 131072+0 records out
> > > > 536870912 bytes (537 MB) copied, 13.8746 s, 38.7 MB/s
> > > > 131072+0 records in
> > > > 131072+0 records out
> > > > 536870912 bytes (537 MB) copied, 13.8786 s, 38.7 MB/s
> > > > 131072+0 records in
> > > > 131072+0 records out
> > > > 536870912 bytes (537 MB) copied, 13.8749 s, 38.7 MB/s
> > > >
> > > > In short, even worst case squeezing makes no visible performance
> > > > degradation.
> > >
> > > I would argue that with a ~40MB/s throughput you won't see any
> > > performance difference at all regardless of the size of the pool of
> > > free pages or the amount of persistent grants because the bottleneck is
> > > on the storage performance itself.
> > >
> > > You need to test this using nullblk or some kind of fast storage, or
> > > else the above figures are not going to reflect any changes you make
> > > because they are hidden by the poor performance of the underlying
> > > storage.
> >
> > Yes, agree that. My test is just a minimal check for my environment. I will
> > note the points and concerns in the commit message.
>
> I'm afraid that just adding a note about this concerns is not enough.
>
> We should make sure that this change doesn't regress the current
> performance of fast storage backends, and hence I have to ask you to
> test with null_blk or a fast storage and provide the figures.
Ok, I will try it.
>
> > >
> > > > I think this is due to the slow speed of the I/O. In
> > > > other words, the additional page allocation overhead is hidden under the
> > > > much slower I/O latency.
> > > >
> > > > Nevertheless, pleaset note that this is just a very simple and minimal
> > > > test.
> > >
> > > I would like to add that IMO this is papering over an existing issue,
> > > which is how pages to be used to map grants are allocated. Grant
> > > mappings _shouldn't_ consume RAM pages in the first place, and IIRC
> > > the fact that they do is because Linux balloons out memory in order to
> > > re-use those pages to map grants and have a valid page struct.
> > >
> > > A way to solve this would be to hotplug a fake memory region and use
> > > it in order to map grant pages, without having to balloon out RAM
> > > regions. At the end of day on a PV domain mapping a grant should just
> > > require virtual address space.
> > >
> > > This is going to get even worse for PVH that requires a physical memory
> > > address in order to map a grant, but that's another story.
> >
> > Yes, as Paul also pointed out and suggested, we should consider a structural
> > solution in a big picture. Until the big change is ready, this simple solution
> > would work as a point fix.
>
> Getting a proper solution would be my preference, in the mean time I
> guess it's fine to accept such a bodge, as it's pretty small and
> non-intrusive.
Thanks,
SeongJae Park
>
> Thanks, Roger.
>
^ permalink raw reply [flat|nested] 14+ messages in thread
end of thread, other threads:[~2019-12-11 11:52 UTC | newest]
Thread overview: 14+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-12-10 8:06 [PATCH v5 0/2] xenbus/backend: Add a memory pressure handler callback SeongJae Park
2019-12-10 8:06 ` [PATCH v5 1/2] xenbus/backend: Add " SeongJae Park
2019-12-10 8:17 ` Jürgen Groß
2019-12-10 10:16 ` Roger Pau Monné
2019-12-10 10:21 ` [Xen-devel] " Roger Pau Monné
2019-12-10 10:24 ` SeongJae Park
2019-12-11 3:50 ` SeongJae Park
2019-12-11 10:51 ` Roger Pau Monné
2019-12-11 11:52 ` SeongJae Park
2019-12-10 8:06 ` [PATCH v5 2/2] xen/blkback: Squeeze page pools if a memory pressure is detected SeongJae Park
2019-12-10 11:04 ` Roger Pau Monné
2019-12-11 4:08 ` SeongJae Park
2019-12-11 11:14 ` Roger Pau Monné
2019-12-11 11:52 ` SeongJae Park
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).