From: Gleb Natapov <gleb@kernel.org>
To: "Paul E. McKenney" <paulmck@linux.vnet.ibm.com>
Cc: "Michael S. Tsirkin" <mst@redhat.com>,
kvm@vger.kernel.org, mtosatti@redhat.com
Subject: Re: [PATCHv2] KVM: optimize apic interrupt delivery
Date: Fri, 6 Dec 2013 13:32:17 +0200 [thread overview]
Message-ID: <20131206113217.GE21068@minantech.com> (raw)
In-Reply-To: <20131205230033.GB15492@linux.vnet.ibm.com>
On Thu, Dec 05, 2013 at 03:00:33PM -0800, Paul E. McKenney wrote:
> > > > The question is: Is it safe to have a call_rcu() without any additional rate limiting
> > > > on user triggerable code path?
> > >
> > > That would be a good way to allow users to run your system out of memory,
> > > especially on systems with limited memory. (If you have several GB of
> > > free space, you might be OK.)
> > >
> > Thanks! Got it.
>
> Does the following help?
>
Looks good to me.
> Thanx, Paul
>
> ------------------------------------------------------------------------
>
> rcu: Document call_rcu() safety mechanisms and limitations
>
> The call_rcu() family of primitives will take action to accelerate
> grace periods when the number of callbacks pending on a given CPU
> becomes excessive. Although this safety mechanism can be useful,
> it is no substitute for users of call_rcu() having rate-limit controls
> in place. This commit adds this nuance to the documentation.
>
> Reported-by: "Michael S. Tsirkin" <mst@redhat.com>
> Reported-by: Gleb Natapov <gleb@redhat.com>
> Signed-off-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
>
> diff --git a/Documentation/RCU/checklist.txt b/Documentation/RCU/checklist.txt
> index 91266193b8f4..5733e31836b5 100644
> --- a/Documentation/RCU/checklist.txt
> +++ b/Documentation/RCU/checklist.txt
> @@ -256,10 +256,11 @@ over a rather long period of time, but improvements are always welcome!
> variations on this theme.
>
> b. Limiting update rate. For example, if updates occur only
> - once per hour, then no explicit rate limiting is required,
> - unless your system is already badly broken. The dcache
> - subsystem takes this approach -- updates are guarded
> - by a global lock, limiting their rate.
> + once per hour, then no explicit rate limiting is
> + required, unless your system is already badly broken.
> + Older versions of the dcache subsystem takes this
> + approach -- updates were guarded by a global lock,
> + limiting their rate.
>
> c. Trusted update -- if updates can only be done manually by
> superuser or some other trusted user, then it might not
> @@ -268,7 +269,8 @@ over a rather long period of time, but improvements are always welcome!
> the machine.
>
> d. Use call_rcu_bh() rather than call_rcu(), in order to take
> - advantage of call_rcu_bh()'s faster grace periods.
> + advantage of call_rcu_bh()'s faster grace periods. (This
> + is only a partial solution, though.)
>
> e. Periodically invoke synchronize_rcu(), permitting a limited
> number of updates per grace period.
> @@ -276,6 +278,13 @@ over a rather long period of time, but improvements are always welcome!
> The same cautions apply to call_rcu_bh(), call_rcu_sched(),
> call_srcu(), and kfree_rcu().
>
> + Note that although these primitives do take action to avoid memory
> + exhaustion when any given CPU has too many callbacks, a determined
> + user could still exhaust memory. This is especially the case
> + if a system with a large number of CPUs has been configured to
> + offload all of its RCU callbacks onto a single CPU, or if the
> + system has relatively little free memory.
> +
> 9. All RCU list-traversal primitives, which include
> rcu_dereference(), list_for_each_entry_rcu(), and
> list_for_each_safe_rcu(), must be either within an RCU read-side
>
> --
> To unsubscribe from this list: send the line "unsubscribe kvm" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
--
Gleb.
next prev parent reply other threads:[~2013-12-06 11:32 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-09-11 13:02 [PATCHv2] KVM: optimize apic interrupt delivery Gleb Natapov
2012-09-11 13:26 ` Avi Kivity
2012-09-11 14:02 ` Michael S. Tsirkin
2012-09-11 14:46 ` Gleb Natapov
2012-09-11 15:51 ` Avi Kivity
2012-09-11 14:10 ` Michael S. Tsirkin
2012-09-11 17:13 ` Paul E. McKenney
2012-09-11 20:04 ` Avi Kivity
2012-09-11 22:39 ` Michael S. Tsirkin
2012-09-12 7:41 ` Avi Kivity
2012-09-11 22:33 ` Michael S. Tsirkin
2012-09-12 1:03 ` Paul E. McKenney
2012-09-12 7:45 ` Avi Kivity
2012-09-12 12:34 ` Gleb Natapov
[not found] ` <505081E9.8080505@redhat.com>
2012-09-12 12:44 ` Gleb Natapov
2012-09-12 15:13 ` Paul E. McKenney
2013-11-26 16:24 ` Michael S. Tsirkin
2013-11-26 19:35 ` Paul E. McKenney
2013-11-27 8:00 ` Gleb Natapov
2013-11-27 17:06 ` Paul E. McKenney
2013-11-28 8:55 ` Gleb Natapov
2013-12-05 23:00 ` Paul E. McKenney
2013-12-06 11:32 ` Gleb Natapov [this message]
2013-11-26 20:07 ` Marcelo Tosatti
2012-09-12 12:17 ` Gleb Natapov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20131206113217.GE21068@minantech.com \
--to=gleb@kernel.org \
--cc=kvm@vger.kernel.org \
--cc=mst@redhat.com \
--cc=mtosatti@redhat.com \
--cc=paulmck@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.