/sys/tools is just used for stuff relating to kernel build infrastructure. This should really go in /tools/test.

This is fine because callers of zone_alloc_bucket() and zone_free_bucket() already check bucketdisable, right?

Should we perhaps use a named constant akin to EPOCH_INIT here? EPOCH_INACTIVE?

FWIW I tend to prefer the use of atomic_load/atomic_store over the volatile qualifier. It makes the code more straightforward to follow since information about accesses is encoded in the code itself rather than in the type definition.

Yes. The one wrinkle with UMA integration is that you more or less can't run without a per-cpu bucket in a SMR zone. If you can't get a bucket it means you're going to serialize on every free. So I changed the bucketdisable logic to ignore SMR zones and added the bit that preserves the existing bucket if you can't allocate so that you get at least N frees per-synchronization event.

You could push the epoch # into the slab layer and force it to handle smr as well and get rid of the constraints on buckets. But it's a lot more complicated for questionable gain.

I just noticed that the keg does not need the SMR flag.

This should moved to consume one of the spare pointers in the read-only section.

Sure can.

Yeah that is probably good form.

One thing that I like about rcu on linux is that they define a number of macros that are not strictly necessary but denote which fields are being accessed and modified within a section. It is purely for the reader but I think worth the effort.

The language describing the invariant is not very good.

You might note that the global rd_seq is lazily updated, so it is really just a lower bound.

... but may need to spin until the difference wr_seq - rd_seq is smaller than than SMR_SEQ_MAX_DELTA.

Would it be worth adding a counter for instances of this scenario?

This is a dead store.

"sequence numbers"?

SMR_SEQ_INVALID

"the current write sequence value"?

Shouldn't this be using an atomic_load?

Shouldn't we be using the named constant SMR_SEQ_INVALID here and elsewhere in UMA?

It would be nice to have a counter for this case.

Can't we optimize this a bit by writing dtor = (uz_flags & UMA_ZFLAG_CTORDTOR) != 0 || UMA_ALWAYS_CTORDTOR?

This means that the bucket cache is now FIFO for all zones, and zone_fetch_bucket() is getting the least recently used bucket. Can't we use LRU only for SMR zones? It is also kind of weird that bucket_cache_reclaim() still fetches buckets from the tail of the queue. For SMR zones this increases the likelihood that a draining thread will have to poll while waiting for the read sequence number to advance.

This needs to be updated with the new SMR flag.

Definitely counters & sysctl are on my todo. I have been using dtrace and hwpmc to verify.

I just wanted to be sure the compiler wouldn't confuse it for an uninitialized value. It is accessed after the for loop.

Yes I can make the test an inline since it would be repeated.

Yes I can restore this. Your observation about reclaim is important. I will fix both.

I have my doubts about the efficacy of this given that we have two buckets already between alloc/free. So data in uzd_buckets is going to be stale and going to a different cpu. However, I have restored it. I'm just going to have reclaim pop the head though. Even if there is some minor improvement in cache effect it is rare enough that it won't matter and I'm sensitive to adding tons of special cases to support this.

Why not just atomic_add?

Is it legal to smr_advance() inside an SMR section? I think no, and we should KASSERT. Otherwise, there's a potential deadlock here if a CPU is in an SMR section and tries to advance too far, where it would attempt to wait on itself.

Separately, can you state rationale for waiting until goal (completely caught up)? A couple other options might be goal - SMR_SEQ_MAX_DELTA + 1 (minimally caught up), or goal - SMR_SEQ_MAX_DELTA/2 (somewhere in between). I think a minimum wait may be better, after all it wouldn't restrict how much we actually advance the read hand.

SMR_SEQ_GEQ(g_rd_seq, goal) (vs GT) reads like an off-by-one according to the comment, but I think it's actually just that you are combining the separate case for s_rd_seq == goal, which is in range (and therefore not skippable), but means that all readers have observed it. I think for clarity it would be good to either call this out or have a separate comment and test for it.

Redundant, success is already true.

Spell it c_seq = SMR_SEQ_INVALID ?

I need to think about this some more... I think this may still be a problem. Isn't it possible that the same race results in us observing SMR_SEQ_INVALID here instead of the stale value? I guess this is done this way to avoid a loop in smr_enter, but would a __predict_false loop be so
bad?

This would be easier to read with a SMR_SEQ_MIN(x, y) macro. Ditto above.

Do you want to replace "epoch" here with "sequence"?

Pedantically, these should be int32_t, or else they would break with an int > 4 bytes.

This is just for the KASSERT, right? You're not trying to forcibly load the c_global? In that case I suggest just just spelling the KASSERT with smr->c_global->g_name and losing the local.

smr_advance()

"epoch"?

Blank line for style.

This placement is a little surprising with smr having moved out from under uma. You might consider if you think it would read better in vm_init() now.

I still believe this is safe. The race would be that the cpu had loaded a value that is now stale and has not stored it yet. Imagine a hypervisor thread was preempted for a long time. However, in this case, we are guaranteed that no user data has been loaded yet. Which means that the local copy of g_wr_seq which was fetched before c_seq is guaranteed to be less than or equal to the sequence number of the actual data accesses that follow. Since we don't allow rd_seq to advance beyond the wr_seq that we observed at the start of the function we can not advance unsafely.

I had looked at a loop but it has other implications and I think as long as I can prove it's not strictly necessary it will just have to be a quirk with a lot of comments.

It does bring to mind that I have not thought extensively about what happens if the thread running poll() is preempted and looking at very stale values. That is perhaps more concerning. I need to re-evaluate with this in mind and possibly reload the global values after spinwaits.

Never mind about SMR_SEQ_INVALID, I see why that doesn't matter.

I think this is okay, I get that we'd rather handle this case in smr_poll() than by looping in smr_enter().

What case is this covering? If it is the uma_zfree_arg() path, it looks wrong (we pass SKIP_NONE for SMR), and I don't see any other callers that pass SKIP_DTOR.

Also comparison with == feels more fragile than a comparison with </<= (e.g. because of SKIP_CNT). Should we add a new SKIP_SYNC?

I just noticed that this means that uma_zfree_arg() can't pass non-NULL udata when freeing to an SMR zone. It's probably not a big deal (consumers can embed a pointer in the structure itself if desired), but we should probably have an assert to catch that.

I was experimenting with a 64bit value so I could use tsc instead of a synthetic clock and this was necessary. It is likely valuable on its own and should be committed separately.

"a the"

"Readers never advance [either] sequence number"

More parens for hygiene, although obviously safe in practice below.

"static inline" now? I think the compiler may do it anyway, but it may better capture the intent.

Could consider moving this to a static inline and just passing udata=NULL from SMR instead of c&p, or do you see this and the SMR path diverging further in the future?

Is this deliberately missing from uma_zfree_smr? It seems like a potential point of confusion, being different from free() and uma_zfree/_arg(). If so, maybe KASSERT(item != NULL) there instead of crashing in pmap_kextract so that misuse may be more easily diagnosed?

Better to do domain = itemdomain = 0 here too, like in uma_zfree_arg. Else if !NUMA then itemdomain is uninitialized, and a compiler may get angry when it is passed to cache_free() (although it is harmless).