Re: [PATCH] RDMA/mlx5: reduce stack usage in mlx5_ib_ufile_hw_cleanup

[Patrisious Haddad <phaddad@nvidia.com>]

On 6/10/2025 1:31 PM, Arnd Bergmann wrote:
> External email: Use caution opening links or attachments
>
>
> On Tue, Jun 10, 2025, at 11:50, Patrisious Haddad wrote:
>> On 6/10/2025 12:28 PM, Arnd Bergmann wrote:
>>>    void mlx5_ib_ufile_hw_cleanup(struct ib_uverbs_file *ufile)
>>>    {
>>> -       struct mlx5_async_cmd async_cmd[MAX_ASYNC_CMDS];
>>> +       struct mlx5_async_cmd *async_cmd;
>> Please preserve reverse Christmas tree deceleration.
>>>           struct ib_ucontext *ucontext = ufile->ucontext;
>>>           struct ib_device *device = ucontext->device;
>>>           struct mlx5_ib_dev *dev = to_mdev(device);
>>> @@ -2678,6 +2678,10 @@ void mlx5_ib_ufile_hw_cleanup(struct ib_uverbs_file *ufile)
>>>           int head = 0;
>>>           int tail = 0;
>>>
>>> +       async_cmd = kcalloc(MAX_ASYNC_CMDS, sizeof(*async_cmd), GFP_KERNEL);
>>> +       if (WARN_ON(!async_cmd))
>>> +               return;
>> But honestly I'm not sure I like this, the whole point of this patch was
>> performance optimization for teardown flow, and this function is called
>> in a loop not even one time.
>>
>> So I'm really not sure about how much kcalloc can slow it down here, and
>> it failing is whole other issue.
> Generally speaking, kcalloc is fairly quick and won't fail here,
> but it can take some time under memory pressure if it ends up
> in memory reclaim.
>
>> I'm thinking out-loud here, but theoretically we know stack size and
>> this struct size at compile time , so can we should be able to add some
>> kind of ifdef check "if (stack_frame_size < struct_size)" skip this
>> function and maybe print some warning.
>> (since it is purely optimization function and logically the code will
>> continue correctly without it - but if it needs to be executed then let
>> it stay like this and needs a big enough stack - which is most of today
>> systems anyway) ?
> The thing I'm most interested here is the compile-time warning:
> we currently have some configurations that have a very high warning
> limit of 2048 bytes or even unlimited, which means that a number
> of functions that accidentally use too much stack space (either from
> a compiler misoptimization or a programmer error) are missed and
> can end up causing problems later. I posted this patch as part of
> a larger work to eventually reduce the default warning limit
> for those corner cases.
>
> The risk in this particular function to actually overflow is fairly
> low since it gets called from sys_close() or __fput(), which
> are not nested deeply. I can think of a couple of other ways to
> keep your fast path and also build cleanly with a lower warning
> limit.
>
> - check which exact configurations actually trigger the high stack
>    usage and then skip the optimization in those cases. The most
>    likely causes are CONFIG_KASAN_STACK and CONFIG_KMSAN, both
>    of which already make the kernel a lot slower.

Personally I prefer this option the most.
But If I were you I would wait to hear if the maintainers got a problem 
with that approach ...

>
> - reduce MAX_ASYNC_CMDS to always stay under the warning limit, either
>    picking a lower value unconditionally, or based on the Kconfig
>    options that trigger it

No the number 8 wasn't chosen arbitrarily it also due to performance 
reasons, whereas note that it is also the number

of commands that can be sent in parallel for destruction so reducing it 
isn't ideal.

>
> - preallocate the array as part of an existing structure, whichever
>    makes sense here (mlx5_ib_dev maybe?).
Can work but not ideal.
>
> - reorganize the code in some other form to have the stack not
>    blow the warning limit. As far as I can tell, I only see this
>    particular one with clang but not gcc, and that often means
>    it happens because of some particular inlining decisions that
>    clang takes, and we can force them by adding strategic
>    __always_inline or noinline annotations that make both compilers
>    do the same thing.
Sounds like the hardest option to implement but I have no quarrel with it.
>
>        Arnd