1. 09 Sep, 2010 40 commits
    • Zach Brown's avatar
      RDS: lock rds_conn_count decrement in rds_conn_destroy() · fe8ff6b5
      Zach Brown authored
      rds_conn_destroy() can race with all other modifications of the
      rds_conn_count but it was modifying the count without locking.
      Signed-off-by: default avatarZach Brown <zach.brown@oracle.com>
      fe8ff6b5
    • Zach Brown's avatar
      RDS/IB: protect the list of IB devices · ea819867
      Zach Brown authored
      The RDS IB device list wasn't protected by any locking.  Traversal in
      both the get_mr and FMR flushing paths could race with additon and
      removal.
      
      List manipulation is done with RCU primatives and is protected by the
      write side of a rwsem.  The list traversal in the get_mr fast path is
      protected by a rcu read critical section.  The FMR list traversal is
      more problematic because it can block while traversing the list.  We
      protect this with the read side of the rwsem.
      Signed-off-by: default avatarZach Brown <zach.brown@oracle.com>
      ea819867
    • Zach Brown's avatar
      RDS/IB: print IB event strings as well as their number · 1bde04a6
      Zach Brown authored
      It's nice to not have to go digging in the code to see which event
      occurred.  It's easy to throw together a quick array that maps the ib
      event enums to their strings.  I didn't see anything in the stack that
      does this translation for us, but I also didn't look very hard.
      Signed-off-by: default avatarZach Brown <zach.brown@oracle.com>
      1bde04a6
    • Chris Mason's avatar
      RDS: flush fmrs before allocating new ones · 8576f374
      Chris Mason authored
      Flushing FMRs is somewhat expensive, and is currently kicked off when
      the interrupt handler notices that we are getting low.  The result of
      this is that FMR flushing only happens from the interrupt cpus.
      
      This spreads the load more effectively by triggering flushes just before
      we allocate a new FMR.
      Signed-off-by: default avatarChris Mason <chris.mason@oracle.com>
      8576f374
    • Chris Mason's avatar
      RDS: properly use sg_init_table · b4e1da3c
      Chris Mason authored
      This is only needed to keep debugging code from bugging.
      Signed-off-by: default avatarChris Mason <chris.mason@oracle.com>
      b4e1da3c
    • Zach Brown's avatar
      RDS/IB: track signaled sends · f046011c
      Zach Brown authored
      We're seeing bugs today where IB connection shutdown clears the send
      ring while the tasklet is processing completed sends.  Implementation
      details cause this to dereference a null pointer.  Shutdown needs to
      wait for send completion to stop before tearing down the connection.  We
      can't simply wait for the ring to empty because it may contain
      unsignaled sends that will never be processed.
      
      This patch tracks the number of signaled sends that we've posted and
      waits for them to complete.  It also makes sure that the tasklet has
      finished executing.
      Signed-off-by: default avatarZach Brown <zach.brown@oracle.com>
      f046011c
    • Zach Brown's avatar
      RDS: remove __init and __exit annotation · ef87b7ea
      Zach Brown authored
      The trivial amount of memory saved isn't worth the cost of dealing with section
      mismatches.
      Signed-off-by: default avatarZach Brown <zach.brown@oracle.com>
      ef87b7ea
    • Andy Grover's avatar
      RDS/IB: Use SLAB_HWCACHE_ALIGN flag for kmem_cache_create() · c20f5b96
      Andy Grover authored
      We are *definitely* counting cycles as closely as DaveM, so
      ensure hwcache alignment for our recv ring control structs.
      Signed-off-by: default avatarAndy Grover <andy.grover@oracle.com>
      c20f5b96
    • Zach Brown's avatar
      RDS/IB: always process recv completions · d455ab64
      Zach Brown authored
      The recv refill path was leaking fragments because the recv event handler had
      marked a ring element as free without freeing its frag.  This was happening
      because it wasn't processing receives when the conn wasn't marked up or
      connecting, as can be the case if it races with rmmod.
      
      Two observations support always processing receives in the callback.
      
      First, buildup should only post receives, thus triggering recv event handler
      calls, once it has built up all the state to handle them.  Teardown should
      destroy the CQ and drain the ring before tearing down the state needed to
      process recvs.  Both appear to be true today.
      
      Second, this test was fundamentally racy.  There is nothing to stop rmmod and
      connection destruction from swooping in the moment after the conn state was
      sampled but before real receive procesing starts.
      Signed-off-by: default avatarZach Brown <zach.brown@oracle.com>
      d455ab64
    • Zach Brown's avatar
      RDS: return to a single-threaded krdsd · 80c51be5
      Zach Brown authored
      We were seeing very nasty bugs due to fundamental assumption the current code
      makes about concurrent work struct processing.  The code simpy isn't able to
      handle concurrent connection shutdown work function execution today, for
      example, which is very much possible once a multi-threaded krdsd was
      introduced.  The problem compounds as additional work structs are added to the
      mix.
      
      krdsd is no longer perforance critical now that send and receive posting and
      FMR flushing are done elsewhere, so the safest fix is to move back to the
      single threaded krdsd that the current code was built around.
      Signed-off-by: default avatarZach Brown <zach.brown@oracle.com>
      80c51be5
    • Zach Brown's avatar
      RDS/IB: create a work queue for FMR flushing · 515e079d
      Zach Brown authored
      This patch moves the FMR flushing work in to its own mult-threaded work queue.
      This is to maintain performance in preparation for returning the main krdsd
      work queue back to a single threaded work queue to avoid deep-rooted
      concurrency bugs.
      
      This is also good because it further separates FMRs, which might be removed
      some day, from the rest of the code base.
      Signed-off-by: default avatarZach Brown <zach.brown@oracle.com>
      515e079d
    • Zach Brown's avatar
      RDS/IB: destroy connections on rmmod · 8aeb1ba6
      Zach Brown authored
      IB connections were not being destroyed during rmmod.
      
      First, recently IB device removal callback was changed to disconnect
      connections that used the removing device rather than destroying them.  So
      connections with devices during rmmod were not being destroyed.
      
      Second, rds_ib_destroy_nodev_conns() was being called before connections are
      disassociated with devices.  It would almost never find connections in the
      nodev list.
      
      We first get rid of rds_ib_destroy_conns(), which is no longer called, and
      refactor the existing caller into the main body of the function and get rid of
      the list and lock wrappers.
      
      Then we call rds_ib_destroy_nodev_conns() *after* ib_unregister_client() has
      removed the IB device from all the conns and put the conns on the nodev list.
      
      The result is that IB connections are destroyed by rmmod.
      Signed-off-by: default avatarZach Brown <zach.brown@oracle.com>
      8aeb1ba6
    • Zach Brown's avatar
      RDS/IB: wait for IB dev freeing work to finish during rmmod · 24fa163a
      Zach Brown authored
      The RDS IB client removal callback can queue work to drop the final reference
      to an IB device.  We have to make sure that this function has returned before
      we complete rmmod or the work threads can try to execute freed code.
      Signed-off-by: default avatarZach Brown <zach.brown@oracle.com>
      24fa163a
    • Andy Grover's avatar
      RDS/IB: Make ib_recv_refill return void · b6fb0df1
      Andy Grover authored
      Signed-off-by: default avatarAndy Grover <andy.grover@oracle.com>
      b6fb0df1
    • Andy Grover's avatar
      RDS: Remove unused XLIST_PTR_TAIL and xlist_protect() · fbf4d7e3
      Andy Grover authored
      Not used.
      Signed-off-by: default avatarAndy Grover <andy.grover@oracle.com>
      fbf4d7e3
    • Andy Grover's avatar
      RDS: whitespace · c9455d99
      Andy Grover authored
      c9455d99
    • Chris Mason's avatar
      RDS: use delayed work for the FMR flushes · 7a0ff5db
      Chris Mason authored
      Using a delayed work queue helps us make sure a healthy number of FMRs
      have queued up over the limit.  It makes for a large improvement in RDMA
      iops.
      Signed-off-by: default avatarChris Mason <chris.mason@oracle.com>
      7a0ff5db
    • Chris Mason's avatar
      rds: more FMRs are faster · eabb7322
      Chris Mason authored
      When we add more FMRs, we flush them less often and so we go faster.
      Signed-off-by: default avatarChris Mason <chris.mason@oracle.com>
      eabb7322
    • Chris Mason's avatar
      rds: recycle FMRs through lockless lists · 6fa70da6
      Chris Mason authored
      FRM allocation and recycling is performance critical and fairly lock
      intensive.  The current code has a per connection lock that all
      processes bang on and it becomes a major bottleneck on large systems.
      
      This changes things to use a number of cmpxchg based lists instead,
      allowing us to go through the whole FMR lifecycle without locking inside
      RDS.
      
      Zach Brown pointed out that our usage of cmpxchg for xlist removal is
      racey if someone manages to remove and add back an FMR struct into the list
      while another CPU can see the FMR's address at the head of the list.
      
      The second CPU might assume the list hasn't changed when in fact any
      number of operations might have happened in between the deletion and
      reinsertion.
      
      This commit maintains a per cpu count of CPUs that are currently
      in xlist removal, and establishes a grace period to make sure that
      nobody can see an entry we have just removed from the list.
      Signed-off-by: default avatarChris Mason <chris.mason@oracle.com>
      6fa70da6
    • Zach Brown's avatar
      rds: fix rds_send_xmit() serialization · 0f4b1c7e
      Zach Brown authored
      rds_send_xmit() was changed to hold an interrupt masking spinlock instead of a
      mutex so that it could be called from the IB receive tasklet path.  This broke
      the TCP transport because its xmit method can block and masks and unmasks
      interrupts.
      
      This patch serializes callers to rds_send_xmit() with a simple bit instead of
      the current spinlock or previous mutex.  This enables rds_send_xmit() to be
      called from any context and to call functions which block.  Getting rid of the
      c_send_lock exposes the bare c_lock acquisitions which are changed to block
      interrupts.
      
      A waitqueue is added so that rds_conn_shutdown() can wait for callers to leave
      rds_send_xmit() before tearing down partial send state.  This lets us get rid
      of c_senders.
      
      rds_send_xmit() is changed to check the conn state after acquiring the
      RDS_IN_XMIT bit to resolve races with the shutdown path.  Previously both
      worked with the conn state and then the lock in the same order, allowing them
      to race and execute the paths concurrently.
      
      rds_send_reset() isn't racing with rds_send_xmit() now that rds_conn_shutdown()
      properly ensures that rds_send_xmit() can't start once the conn state has been
      changed.  We can remove its previous use of the spinlock.
      
      Finally, c_send_generation is redundant.  Callers can race to test the c_flags
      bit by simply retrying instead of racing to test the c_send_generation atomic.
      Signed-off-by: default avatarZach Brown <zach.brown@oracle.com>
      0f4b1c7e
    • Zach Brown's avatar
      rds: block ints when acquiring c_lock in rds_conn_message_info() · 501dcccd
      Zach Brown authored
      conn->c_lock is acquired in interrupt context.  rds_conn_message_info() is
      called from user context and was acquiring c_lock without blocking interrupts,
      leading to possible deadlocks.
      Signed-off-by: default avatarZach Brown <zach.brown@oracle.com>
      501dcccd
    • Zach Brown's avatar
      rds: remove unused rds_send_acked_before() · 671202f3
      Zach Brown authored
      rds_send_acked_before() wasn't blocking interrupts when acquiring c_lock from
      user context but nothing calls it.  Rather than fix its use of c_lock we just
      remove the function.
      Signed-off-by: default avatarZach Brown <zach.brown@oracle.com>
      671202f3
    • Chris Mason's avatar
      RDS: use friendly gfp masks for prefill · 037f18a3
      Chris Mason authored
      When prefilling the rds frags, we end up doing a lot of allocations.
      We're not in atomic context here, and so there's no reason to dip into
      atomic reserves.  This changes the prefills to use masks that allow
      waiting.
      Signed-off-by: default avatarChris Mason <chris.mason@oracle.com>
      037f18a3
    • Chris Mason's avatar
      RDS/IB: Add caching of frags and incs · 33244125
      Chris Mason authored
      This patch is based heavily on an initial patch by Chris Mason.
      Instead of freeing slab memory and pages, it keeps them, and
      funnels them back to be reused.
      
      The lock minimization strategy uses xchg and cmpxchg atomic ops
      for manipulation of pointers to list heads. We anchor the lists with a
      pointer to a list_head struct instead of a static list_head struct.
      We just have to carefully use the existing primitives with
      the difference between a pointer and a static head struct.
      
      For example, 'list_empty()' means that our anchor pointer points to a list with
      a single item instead of meaning that our static head element doesn't point to
      any list items.
      
      Original patch by Chris, with significant mods and fixes by Andy and Zach.
      Signed-off-by: default avatarChris Mason <chris.mason@oracle.com>
      Signed-off-by: default avatarAndy Grover <andy.grover@oracle.com>
      Signed-off-by: default avatarZach Brown <zach.brown@oracle.com>
      33244125
    • Andy Grover's avatar
      RDS/IB: Remove ib_recv_unmap_page() · fc24f780
      Andy Grover authored
      All it does is call unmap_sg(), so just call that directly.
      
      The comment above unmap_page also may be incorrect, so we
      shouldn't hold on to it, either.
      Signed-off-by: default avatarAndy Grover <andy.grover@oracle.com>
      fc24f780
    • Andy Grover's avatar
      RDS: Assume recv->r_frag is always NULL in refill_one() · 3427e854
      Andy Grover authored
      refill_one() should never be called on a recv struct that
      doesn't need a new r_frag allocated. Add a WARN and remove
      conditional around r_frag alloc code.
      
      Also, add a comment to explain why r_ibinc may or may not
      need refilling.
      Signed-off-by: default avatarAndy Grover <andy.grover@oracle.com>
      3427e854
    • Andy Grover's avatar
      RDS: Use page_remainder_alloc() for recv bufs · 0b088e00
      Andy Grover authored
      Instead of splitting up a page into RDS_FRAG_SIZE chunks
      ourselves, ask rds_page_remainder_alloc() to do it. While it
      is possible PAGE_SIZE > FRAG_SIZE, on x86en it isn't, so having
      duplicate "carve up a page into buffers" code seems excessive.
      
      The other modification this spawns is the use of a single
      struct scatterlist in rds_page_frag instead of a bare page ptr.
      This causes verbosity to increase in some places, and decrease
      in others.
      
      Finally, I decided to unify the lifetimes and alloc/free of
      rds_page_frag and its page. This is a nice simplification in itself,
      but will be extra-nice once we come to adding cmason's recycling
      patch.
      Signed-off-by: default avatarAndy Grover <andy.grover@oracle.com>
      0b088e00
    • Zach Brown's avatar
      RDS/IB: disconnect when IB devices are removed · fc19de38
      Zach Brown authored
      Currently IB device removal destroys connections which are associated with the
      device.  This prevents connections from being re-established when replacement
      devices are added.
      
      Instead we'll queue shutdown work on the connections as their devices are
      removed.  When we see that devices are added we triger connection attempts on
      all connections that don't currently have a device.
      
      The result is that RDS sockets can resume device-independent work (bcopy, not
      RDMA) across IB device removal and restoration.
      Signed-off-by: default avatarZach Brown <zach.brown@oracle.com>
      fc19de38
    • Zach Brown's avatar
      RDS: introduce rds_conn_connect_if_down() · f3c6808d
      Zach Brown authored
      A few paths had the same block of code to queue a connection's connect work if
      it was in the right state.  Let's move this in to a helper function.
      Signed-off-by: default avatarZach Brown <zach.brown@oracle.com>
      f3c6808d
    • Zach Brown's avatar
      RDS/IB: add refcount tracking to struct rds_ib_device · 3e0249f9
      Zach Brown authored
      The RDS IB client .remove callback used to free the rds_ibdev for the given
      device unconditionally.  This could race other users of the struct.  This patch
      adds refcounting so that we only free the rds_ibdev once all of its users are
      done.
      
      Many rds_ibdev users are tied to connections.  We give the connection a
      reference and change these users to reference the device in the connection
      instead of looking it up in the IB client data.  The only user of the IB client
      data remaining is the first lookup of the device as connections are built up.
      
      Incrementing the reference count of a device found in the IB client data could
      race with final freeing so we use an RCU grace period to make sure that freeing
      won't happen until those lookups are done.
      
      MRs need the rds_ibdev to get at the pool that they're freed in to.  They exist
      outside a connection and many MRs can reference different devices from one
      socket, so it was natural to have each MR hold a reference.  MR refs can be
      dropped from interrupt handlers and final device teardown can block so we push
      it off to a work struct.  Pool teardown had to be fixed to cancel its pending
      work instead of deadlocking waiting for all queued work, including itself, to
      finish.
      
      MRs get their reference from the global device list, which gets a reference.
      It is left unprotected by locks and remains racy.  A simple global lock would
      be a significant bottleneck.  More scalable (complicated) locking should be
      done carefully in a later patch.
      Signed-off-by: default avatarZach Brown <zach.brown@oracle.com>
      3e0249f9
    • Zach Brown's avatar
      RDS/IB: get the xmit max_sge from the RDS IB device on the connection · 89bf9d41
      Zach Brown authored
      rds_ib_xmit_rdma() was calling ib_get_client_data() to get at the rds_ibdevice
      just to get the max_sge for the transmit.  This patch instead has it get it
      directly off the rds_ibdev which is stored on the connection.
      
      The current code won't free the rds_ibdev until all the IB connections that use
      it are freed.  So it's safe to reference the rds_ibdev this way.  In the future
      it also makes it easier to support proper reference counting of the rds_ibdev
      struct.
      
      As an additional bonus, this gets rid of the performance hit of calling in to
      the IB stack to look up the rds_ibdev.  The current implementation in the IB
      stack acquires an interrupt blocking spinlock to protect the registration of
      client callback data.
      Signed-off-by: default avatarZach Brown <zach.brown@oracle.com>
      89bf9d41
    • Zach Brown's avatar
      RDS/IB: rds_ib_cm_handle_connect() forgot to unlock c_cm_lock · a46ca94e
      Zach Brown authored
      rds_ib_cm_handle_connect() could return without unlocking the c_conn_lock if
      rds_setup_qp() failed.  Rather than adding another imbalanced mutex_unlock() to
      this error path we only unlock the mutex once as we exit the function, reducing
      the likelyhood of making this same mistake in the future.  We remove the
      previous mulitple return sites, leaving one unambigious return path.
      Signed-off-by: default avatarZach Brown <zach.brown@oracle.com>
      a46ca94e
    • Chris Mason's avatar
      rds: Fix reference counting on the for xmit_atomic and xmit_rdma · 1cc2228c
      Chris Mason authored
      This makes sure we have the proper number of references in
      rds_ib_xmit_atomic and rds_ib_xmit_rdma.  We also consistently
      drop references the same way for all message types as the IOs end.
      Signed-off-by: default avatarChris Mason <chris.mason@oracle.com>
      1cc2228c
    • Chris Mason's avatar
      rds: use RCU to protect the connection hash · bcf50ef2
      Chris Mason authored
      The connection hash was almost entirely RCU ready, this
      just makes the final couple of changes to use RCU instead
      of spinlocks for everything.
      Signed-off-by: default avatarChris Mason <chris.mason@oracle.com>
      bcf50ef2
    • Chris Mason's avatar
      RDS: use locking on the connection hash list · abf45439
      Chris Mason authored
      rds_conn_destroy really needs locking while it changes the
      connection hash.
      Signed-off-by: default avatarChris Mason <chris.mason@oracle.com>
      abf45439
    • Chris Mason's avatar
      rds: Fix RDMA message reference counting · c9e65383
      Chris Mason authored
      The RDS send_xmit code was trying to get fancy with message
      counting and was dropping the final reference on the RDMA messages
      too early.  This resulted in memory corruption and oopsen.
      
      The fix here is to always add a ref as the parts of the message passes
      through rds_send_xmit, and always drop a ref as the parts of the message
      go through completion handling.
      Signed-off-by: default avatarChris Mason <chris.mason@oracle.com>
      c9e65383
    • Chris Mason's avatar
      rds: don't let RDS shutdown a connection while senders are present · 7e3f2952
      Chris Mason authored
      This is the first in a long line of patches that tries to fix races
      between RDS connection shutdown and RDS traffic.
      
      Here we are maintaining a count of active senders to make sure
      the connection doesn't go away while they are using it.
      Signed-off-by: default avatarChris Mason <chris.mason@oracle.com>
      7e3f2952
    • Chris Mason's avatar
      rds: Use RCU for the bind lookup searches · 38a4e5e6
      Chris Mason authored
      The RDS bind lookups are somewhat expensive in terms of CPU
      time and locking overhead.  This commit changes them into a
      faster RCU based hash tree instead of the rbtrees they were using
      before.
      
      On large NUMA systems it is a significant improvement.
      Signed-off-by: default avatarChris Mason <chris.mason@oracle.com>
      38a4e5e6
    • Andy Grover's avatar
      RDS/IB: add _to_node() macros for numa and use {k,v}malloc_node() · e4c52c98
      Andy Grover authored
      Allocate send/recv rings in memory that is node-local to the HCA.
      This significantly helps performance.
      Signed-off-by: default avatarAndy Grover <andy.grover@oracle.com>
      e4c52c98
    • Andy Grover's avatar
      4a81802b