From mboxrd@z Thu Jan 1 00:00:00 1970 From: Gleb Natapov Subject: Re: [PATCHv2] KVM: optimize apic interrupt delivery Date: Fri, 6 Dec 2013 13:32:17 +0200 Message-ID: <20131206113217.GE21068@minantech.com> References: <20120912123441.GQ20907@redhat.com> <505081E9.8080505@redhat.com> <20120912124426.GR20907@redhat.com> <20120912151354.GO4257@linux.vnet.ibm.com> <20131126162402.GA24806@redhat.com> <20131126193506.GE4137@linux.vnet.ibm.com> <20131127080009.GO959@redhat.com> <20131127170635.GM4137@linux.vnet.ibm.com> <20131128085506.GB959@redhat.com> <20131205230033.GB15492@linux.vnet.ibm.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: "Michael S. Tsirkin" , kvm@vger.kernel.org, mtosatti@redhat.com To: "Paul E. McKenney" Return-path: Received: from mail-ea0-f180.google.com ([209.85.215.180]:61100 "EHLO mail-ea0-f180.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754507Ab3LFLcZ (ORCPT ); Fri, 6 Dec 2013 06:32:25 -0500 Received: by mail-ea0-f180.google.com with SMTP id f15so239133eak.25 for ; Fri, 06 Dec 2013 03:32:23 -0800 (PST) Content-Disposition: inline In-Reply-To: <20131205230033.GB15492@linux.vnet.ibm.com> Sender: kvm-owner@vger.kernel.org List-ID: On Thu, Dec 05, 2013 at 03:00:33PM -0800, Paul E. McKenney wrote: > > > > The question is: Is it safe to have a call_rcu() without any additional rate limiting > > > > on user triggerable code path? > > > > > > That would be a good way to allow users to run your system out of memory, > > > especially on systems with limited memory. (If you have several GB of > > > free space, you might be OK.) > > > > > Thanks! Got it. > > Does the following help? > Looks good to me. > Thanx, Paul > > ------------------------------------------------------------------------ > > rcu: Document call_rcu() safety mechanisms and limitations > > The call_rcu() family of primitives will take action to accelerate > grace periods when the number of callbacks pending on a given CPU > becomes excessive. Although this safety mechanism can be useful, > it is no substitute for users of call_rcu() having rate-limit controls > in place. This commit adds this nuance to the documentation. > > Reported-by: "Michael S. Tsirkin" > Reported-by: Gleb Natapov > Signed-off-by: Paul E. McKenney > > diff --git a/Documentation/RCU/checklist.txt b/Documentation/RCU/checklist.txt > index 91266193b8f4..5733e31836b5 100644 > --- a/Documentation/RCU/checklist.txt > +++ b/Documentation/RCU/checklist.txt > @@ -256,10 +256,11 @@ over a rather long period of time, but improvements are always welcome! > variations on this theme. > > b. Limiting update rate. For example, if updates occur only > - once per hour, then no explicit rate limiting is required, > - unless your system is already badly broken. The dcache > - subsystem takes this approach -- updates are guarded > - by a global lock, limiting their rate. > + once per hour, then no explicit rate limiting is > + required, unless your system is already badly broken. > + Older versions of the dcache subsystem takes this > + approach -- updates were guarded by a global lock, > + limiting their rate. > > c. Trusted update -- if updates can only be done manually by > superuser or some other trusted user, then it might not > @@ -268,7 +269,8 @@ over a rather long period of time, but improvements are always welcome! > the machine. > > d. Use call_rcu_bh() rather than call_rcu(), in order to take > - advantage of call_rcu_bh()'s faster grace periods. > + advantage of call_rcu_bh()'s faster grace periods. (This > + is only a partial solution, though.) > > e. Periodically invoke synchronize_rcu(), permitting a limited > number of updates per grace period. > @@ -276,6 +278,13 @@ over a rather long period of time, but improvements are always welcome! > The same cautions apply to call_rcu_bh(), call_rcu_sched(), > call_srcu(), and kfree_rcu(). > > + Note that although these primitives do take action to avoid memory > + exhaustion when any given CPU has too many callbacks, a determined > + user could still exhaust memory. This is especially the case > + if a system with a large number of CPUs has been configured to > + offload all of its RCU callbacks onto a single CPU, or if the > + system has relatively little free memory. > + > 9. All RCU list-traversal primitives, which include > rcu_dereference(), list_for_each_entry_rcu(), and > list_for_each_safe_rcu(), must be either within an RCU read-side > > -- > To unsubscribe from this list: send the line "unsubscribe kvm" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html -- Gleb.