lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20210807032521.7591-1-peterx@redhat.com>
Date:   Fri,  6 Aug 2021 23:25:17 -0400
From:   Peter Xu <peterx@...hat.com>
To:     linux-kernel@...r.kernel.org, linux-mm@...ck.org
Cc:     Alistair Popple <apopple@...dia.com>,
        Tiberiu Georgescu <tiberiu.georgescu@...anix.com>,
        ivan.teterevkov@...anix.com,
        Mike Rapoport <rppt@...ux.vnet.ibm.com>,
        Hugh Dickins <hughd@...gle.com>, peterx@...hat.com,
        Matthew Wilcox <willy@...radead.org>,
        Andrea Arcangeli <aarcange@...hat.com>,
        David Hildenbrand <david@...hat.com>,
        "Kirill A . Shutemov" <kirill@...temov.name>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Mike Kravetz <mike.kravetz@...cle.com>
Subject: [PATCH RFC 0/4] mm: Enable PM_SWAP for shmem with PTE_MARKER

Summary
=======

[Based on v5.14-rc4]

This patchset enables PM_SWAP of pagemap on shmem.  IOW userspace will be able
to detect whether a shmem page is swapped out, just like anonymous pages.

This feature can be enabled with CONFIG_PTE_MARKER_PAGEOUT. When enabled, it
brings 0.8% overhead on swap-in performance on a shmem page, so I didn't make
it the default yet.  However IMHO 0.8% is still in an acceptable range that we
can even make it the default at last.  Comments are welcomed here.

There's one previous series that wanted to address the same issue but in
another way by Tiberiu A Georgescu <tiberiu.georgescu@...anix.com>, here:

https://lore.kernel.org/lkml/20210730160826.63785-1-tiberiu.georgescu@nutanix.com/

In that series it's done by looking up page cache for all none ptes.  However I
raised concern on 4x performance degradation for all shmem pagemap users.

Unlike the other approach, this series has zero overhead on pagemap read
because the PM_SWAP info is consolidated into the zapped PTEs directly.

Goals
=====

One major goal of this series is to add the PM_SWAP support, the reason is as
stated by Tiberiu and Ivan in the other patchset:

https://lore.kernel.org/lkml/CY4PR0201MB3460E372956C0E1B8D33F904E9E39@CY4PR0201MB3460.namprd02.prod.outlook.com/

As a summary: for some reason the userspace needs to scan the pages in the
background, however that scanning could misguide page reclaim on which page is
hot and which is cold.  With correct PM_SWAP information, the userspace can
correct the behavior of page reclaim by firstly fetching that info from
pagemap, and explicit madvise(MADV_PAGEOUT).  In this case, the pages are for
the guest, but it can be any shmem page.

Another major goal of this series is to do a proof-of-concept of the PTE marker
idea, and that's also the major reason why it's RFC.  So far PTE marker can
potentially be the solution for below three problems that I'm aware of:

  (a) PM_SWAP on shmem

  (b) Userfaultfd-wp on shmem/hugetlbfs

  (c) PM_SOFT_DIRTY lost for shmem over swapping

This series tries to resolve problem (a) which should be the simplest, ideally
it should solve immediate problem for the live migration issue raised by
Tiberiu and Ivan on proactive paging out unused guest pages.

Both (a) and (c) will be for performance-wise or statistic-wise.

Scenario (b) will require pte markers as part of the function to trap writes to
uffd-wp protected regions when the pages were e.g. swapped out or zapped for
any reason.

Currently, uffd-wp shmem work (still during review on the list, latest v5, [1])
used another solution called "special swap pte".  It works similarly like PTE
markers as both of the approachs are to persist information into zapped pte,
but people showed concern about that idea and it's suggested to use a safer
(swp-entry level operation, not pte level), and arch-independent approach.

Hopefully PTE markers satifsfy these demands.

Before I rework the uffd-wp series, I wanted to know whether this approach can
be accepted upstream.  So besides the swap part, comments on PTE markers will
be extremely welcomed.

What is PTE Markers?
====================

PTE markers are defined as some special PTEs that works like a "marker" just
like in normal life.  Firstly it uses a swap type, IOW it's not a valid/present
pte, so processor will trigger a page fault when it's accessed.  Meanwhile, the
format of the PTE is well-defined, so as to contain some information that we
would like to know before/during the page access happening.

In this specific case, when the shmem page is paged out, we set a marker
showing that this page was paged out, then when pagemap is read about this pte,
we know this is a swapped-out/very-cold page.

This use case is not an obvious one but the most simplest.  The uffd-wp use
case is more obvious (wr-protect is per-pte, so we can't save into page cache;
meanwhile we need that info to persist across zappings e.g. thp split or page
out of shmem pages).

So in the future, it can contain more information, e.g., whether this pte is
wr-protected by userfaultfd; whether this pte was written in this mm context
for soft-dirtying.  On 64 bit systems, we have a total of 58 bits (swp_offset).

I'm also curious whether it can be further expanded to other mm areas.  E.g.,
logically it can work too for non-RAM based memories outside shmem/hugetlbfs,
e.g. a common file system like ext4 or btrfs?  As long as there will be a need
to store some per-pte information across zapping of the ptes, then maybe it can
be considered.

Known Issues/Concerns
=====================

About THP
---------

Currently we don't need to worry about THP because paged out shmem pages will
be split when shrinking, IOW we only need to consider PTE, and the markers will
only be applied to a shmem pte not pmd or bigger.

About PM_SWAP Accuracy
----------------------

This is not an "accurate" solution to provide PM_SWAP bit.  Two exmaples:

  - When process A & B both map shmem page P somewhere, it can happen that only
    one of these ptes got marked with the pte marker.  Imagine below sequence:

    0. Process A & B both map shmem page P somewhere
    1. Process A zap pte of page P for some reason (e.g. thp split)
    2. System decides to recycle page P
    3. System replace process B's pte (pointed to P) by PTE marker
    4. System _didn't_ replace process A's pte because it was none pte, and
       it'll continue to be none pte
    5. Only process B's relevant pte has the PTE marker after P swapped out

  - When fork, we don't copy shmem vma ptes, including the pte markers.  So
    even if page P was swapped out, only the parent process has the pte marker
    installed, in child it'll be none pte if fork() happened after pageout.

Conclusion: just like it used to be, the PM_SWAP is best-effort.  But it should
work in 99.99% cases and it should already start to solve problems.

About Performance Impact
------------------------

Due to the special PTE marker, page fault logic needs to understand this pte
and there will be some extra logic to handle that.  The overhead is merely
non-observable with 0.82% perf drop.

For more information, please see the test section below where I wrote a test
for it.  When we really care about that small difference, the user can also
disable the shmem PM_SWAP support with !CONFIG_PTE_MARKER_PAGEOUT.

Tests
=====

Test case I used is here:

https://github.com/xzpeter/clibs/blob/master/bsd/pagemap.c

Functional test
---------------

Run with !CONFIG_PTE_MARKER_PAGEOUT, we'll miss the PM_SWAP when paged out (see
swap bit always being zeros):

       FAULT1 (expect swap==0): present bit 1, swap bit 0
      PAGEOUT (expect swap==1): present bit 0, swap bit 0
       FAULT2 (expect swap==0): present bit 1, swap bit 0
       REMOVE (expect swap==0): present bit 0, swap bit 0
      PAGEOUT (expect swap==1): present bit 0, swap bit 0
       REMOVE (expect swap==0): present bit 0, swap bit 0

Run with CONFIG_PTE_MARKER_PAGEOUT, we'll be able to observe correct PM_SWAP:

       FAULT1 (expect swap==0): present bit 1, swap bit 0
      PAGEOUT (expect swap==1): present bit 0, swap bit 1
       FAULT2 (expect swap==0): present bit 1, swap bit 0
       REMOVE (expect swap==0): present bit 0, swap bit 0
      PAGEOUT (expect swap==1): present bit 0, swap bit 1
       REMOVE (expect swap==0): present bit 0, swap bit 0

Performance test
----------------

The performance test is not about pagemap reading, because it should be the
same as before.  Instead there's indeed extra overhead in the fault path, when
the page is swapped in from the disk.  I did some sequential swap-in tests of
1GB range (each for 5 times in a loop) to measure the difference.

Hardware I used:

        Processor: Intel(R) Xeon(R) CPU E5-2630 v4 @ 2.20GHz
        Memory:    32GB memory, 16GB swap (on a PERC H330 Mini 2TBi disk)
        Test Size: 1GB shmem

I only measured the time to fault-in the pages on the disk, so the measurement
does not include pageout time, one can refer to the .c file.  Results:

   |-----------------------------------+------------------+------------|
   | Config                            | Time used (us)   | Change (%) |
   |-----------------------------------+------------------+------------|
   | !PTE_MARKER                       | 519652 (+-0.73%) |        N/A |
   | PTE_MARKER && !PTE_MARKER_PAGEOUT | 519874 (+-0.40%) |     -0.04% |
   | PTE_MARKER && PTE_MARKER_PAGEOUT  | 523914 (+-0.71%) |     -0.82% |
   |-----------------------------------+------------------+------------|

Any comment would be greatly welcomed.

[1] https://lore.kernel.org/lkml/20210715201422.211004-1-peterx@redhat.com/

Peter Xu (4):
  mm: Introduce PTE_MARKER swap entry
  mm: Check against orig_pte for finish_fault()
  mm: Handle PTE_MARKER page faults
  mm: Install marker pte when page out for shmem pages

 fs/proc/task_mmu.c      |  1 +
 include/linux/rmap.h    |  1 +
 include/linux/swap.h    | 14 ++++++++++++-
 include/linux/swapops.h | 45 +++++++++++++++++++++++++++++++++++++++++
 mm/Kconfig              | 17 ++++++++++++++++
 mm/memory.c             | 43 ++++++++++++++++++++++++++++++++++++++-
 mm/rmap.c               | 19 +++++++++++++++++
 mm/vmscan.c             |  2 +-
 8 files changed, 139 insertions(+), 3 deletions(-)

-- 
2.32.0


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ