From b7c4789e62f8b88808f29a7ca2f1d1e59757590d Mon Sep 17 00:00:00 2001 From: Shakeel Butt Date: Thu, 5 Apr 2018 16:21:57 -0700 Subject: [PATCH] UPSTREAM: slab, slub: skip unnecessary kasan_cache_shutdown() Upstream commit f9e13c0a5a33d1eaec374d6d4dab53a4f72756a0. The kasan quarantine is designed to delay freeing slab objects to catch use-after-free. The quarantine can be large (several percent of machine memory size). When kmem_caches are deleted related objects are flushed from the quarantine but this requires scanning the entire quarantine which can be very slow. We have seen the kernel busily working on this while holding slab_mutex and badly affecting cache_reaper, slabinfo readers and memcg kmem cache creations. It can easily reproduced by following script: yes . | head -1000000 | xargs stat > /dev/null for i in `seq 1 10`; do seq 500 | (cd /cg/memory && xargs mkdir) seq 500 | xargs -I{} sh -c 'echo $BASHPID > \ /cg/memory/{}/tasks && exec stat .' > /dev/null seq 500 | (cd /cg/memory && xargs rmdir) done The busy stack: kasan_cache_shutdown shutdown_cache memcg_destroy_kmem_caches mem_cgroup_css_free css_free_rwork_fn process_one_work worker_thread kthread ret_from_fork This patch is based on the observation that if the kmem_cache to be destroyed is empty then there should not be any objects of this cache in the quarantine. Without the patch the script got stuck for couple of hours. With the patch the script completed within a second. Link: http://lkml.kernel.org/r/20180327230603.54721-1-shakeelb@google.com Signed-off-by: Shakeel Butt Reviewed-by: Andrew Morton Acked-by: Andrey Ryabinin Acked-by: Christoph Lameter Cc: Vladimir Davydov Cc: Alexander Potapenko Cc: Greg Thelen Cc: Dmitry Vyukov Cc: Pekka Enberg Cc: David Rientjes Cc: Joonsoo Kim Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Andrey Konovalov Change-Id: Id191e26b2daf1159cda3af80270d3c58394b4867 Bug: 128674696 --- mm/kasan/kasan.c | 3 ++- mm/slab.c | 12 ++++++++++++ mm/slab.h | 1 + mm/slub.c | 11 +++++++++++ 4 files changed, 26 insertions(+), 1 deletion(-) diff --git a/mm/kasan/kasan.c b/mm/kasan/kasan.c index 14dc6424d79f..e423ca4864ae 100644 --- a/mm/kasan/kasan.c +++ b/mm/kasan/kasan.c @@ -382,7 +382,8 @@ void kasan_cache_shrink(struct kmem_cache *cache) void kasan_cache_shutdown(struct kmem_cache *cache) { - quarantine_remove_cache(cache); + if (!__kmem_cache_empty(cache)) + quarantine_remove_cache(cache); } size_t kasan_metadata_size(struct kmem_cache *cache) diff --git a/mm/slab.c b/mm/slab.c index a9e224885619..f6a89cf88499 100644 --- a/mm/slab.c +++ b/mm/slab.c @@ -2298,6 +2298,18 @@ out: return nr_freed; } +bool __kmem_cache_empty(struct kmem_cache *s) +{ + int node; + struct kmem_cache_node *n; + + for_each_kmem_cache_node(s, node, n) + if (!list_empty(&n->slabs_full) || + !list_empty(&n->slabs_partial)) + return false; + return true; +} + int __kmem_cache_shrink(struct kmem_cache *cachep) { int ret = 0; diff --git a/mm/slab.h b/mm/slab.h index 485d9fbb8802..5ae25e24ffd5 100644 --- a/mm/slab.h +++ b/mm/slab.h @@ -165,6 +165,7 @@ static inline unsigned long kmem_cache_flags(unsigned long object_size, SLAB_TEMPORARY | \ SLAB_ACCOUNT) +bool __kmem_cache_empty(struct kmem_cache *); int __kmem_cache_shutdown(struct kmem_cache *); void __kmem_cache_release(struct kmem_cache *); int __kmem_cache_shrink(struct kmem_cache *); diff --git a/mm/slub.c b/mm/slub.c index d40993275f98..a834cc3c841d 100644 --- a/mm/slub.c +++ b/mm/slub.c @@ -3689,6 +3689,17 @@ static void free_partial(struct kmem_cache *s, struct kmem_cache_node *n) discard_slab(s, page); } +bool __kmem_cache_empty(struct kmem_cache *s) +{ + int node; + struct kmem_cache_node *n; + + for_each_kmem_cache_node(s, node, n) + if (n->nr_partial || slabs_node(s, node)) + return false; + return true; +} + /* * Release all resources used by a slab cache. */