lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <f4d0f763-f679-4885-994d-def2831d2448@redhat.com>
Date: Tue, 29 Oct 2024 13:20:55 +0100
From: David Hildenbrand <david@...hat.com>
To: Daniel Gomez <d@...ces.com>, Baolin Wang <baolin.wang@...ux.alibaba.com>,
 Daniel Gomez <da.gomez@...sung.com>,
 "Kirill A. Shutemov" <kirill@...temov.name>
Cc: Matthew Wilcox <willy@...radead.org>, akpm@...ux-foundation.org,
 hughd@...gle.com, wangkefeng.wang@...wei.com, 21cnbao@...il.com,
 ryan.roberts@....com, ioworker0@...il.com, linux-mm@...ck.org,
 linux-kernel@...r.kernel.org,
 "Kirill A . Shutemov" <kirill.shutemov@...ux.intel.com>
Subject: Re: [RFC PATCH v3 0/4] Support large folios for tmpfs

On 28.10.24 22:56, Daniel Gomez wrote:
> On Fri Oct 25, 2024 at 10:21 PM CEST, David Hildenbrand wrote:
>> Sorry for the late reply!
>>
>>>>>>> IMHO, as I discussed with Kirill, we still need maintain compatibility
>>>>>>> with the 'huge=' mount option. This means that if 'huge=never' is set
>>>>>>> for tmpfs, huge page allocation will still be prohibited (which can
>>>>>>> address Hugh's request?). However, if 'huge=' is not set, we can
>>>>>>> allocate large folios based on the write size.
>>>
>>> So, in order to make tmpfs behave like other filesystems, we need to
>>> allocate large folios by default. Not setting 'huge=' is the same as
>>> setting it to 'huge=never' as per documentation. But 'huge=' is meant to
>>> control THP, not large folios, so it should not have a conflict here, or
>>> else, what case are you thinking?
>>
>> I think we really have to move away from "huge/thp == PMD", that's a
>> historical artifact. Everything else will simply be inconsistent and
>> confusing in the future -- and I don't see any real need for that. For
>> anonymous memory and anon shmem we managed the transition. (there is a
>> longer writeup from me about this topic, so I won't go into detail).
>>
>>
>> I think I raised this in the past, but tmpfs/shmem is just like any
>> other file system .. except it sometimes really isn't and behaves much
>> more like (swappable) anonymous memory. (or mlocked files)
>>
>> There are many systems out there that run without swap enabled, or with
>> extremely minimal swap (IIRC until recently kubernetes was completely
>> incompatible with swapping). Swap can even be disabled today for shmem
>> using a mount option.
>>
>> That's a big difference to all other file systems where you are
>> guaranteed to have backend storage where you can simply evict under
>> memory pressure (might temporarily fail, of course).
>>
>> I *think* that's the reason why we have the "huge=" parameter that also
>> controls the THP allocations during page faults (IOW possible memory
>> over-allocation). Maybe also because it was a new feature, and we only
>> had a single THP size.
>>
>> There is, of course also the "fallocate() might not free up memory if
>> there is an unexpected reference on the page because splitting it will
>> fail" problem, that even exists when not over-allocating memory in the
>> first place ...
>>
>>
>> So ...I don't think tmpfs behaves like other file system in some cases.
>> And I don't think ignoring these points is a good idea.
> 
> Assuming a system without swap, what's the difference you are concern
> about between using the current tmpfs allocation method vs large folios
> implementation?

As raised above, there is the interesting interaction between 
fallocate(FALLOC_FL_PUNCH_HOLE) and raised refcounts, where we can fail 
to reclaim memory.

shmem_fallocate()->shmem_truncate_range()->truncate_inode_pages_range()->truncate_inode_partial_folio().

It's better than it was in the past -- in the past we didn't even try 
splitting, but today splitting can still fail and we'll never try 
reclaiming that memory again later. This is very different to anonymous 
memory where we have the deferred split queue+remember which pages where 
zapped implicitly using the page tables (instead of zeroing them out and 
not freeing up the memory).

It's one of the issues people ran into when using THP+shmem for backing 
guest VMs along with memory ballooning. For that reason, the 
recommendation still is to disable THP when using shmem for backing 
guest VMs and relying on memory overcommit optimizations such as memory 
balloon inflation.

> 
>>
>> Fortunately I don't maintain that code :)
>>
>>
>> If we don't want to go with the shmem_enabled toggles, we should
>> probably still extend the documentation to cover "all THP sizes", like
>> we did elsewhere.
>>
>> huge=never: no THPs of any size
>> huge=always: THPs of any size (fault/write/etc)
>> huge=fadvise: like "always" but only with fadvise/madvise
>> huge=within_size: like "fadvise" but respect i_size
>>
>> We could think about adding a "nowaste" extension and try make it the
>> default.
>>
>> For example
>>
>> "huge=always:nowaste: THPs of any size as long as we don't over-allocate
>> memory (write)"
> 
> This is the default behaviour in other fs too. I don't think is
> necessary to make it explicit.

Please keep in mind that allocating THPs of different size during *page 
faults* will have to fit into the whole picture we are creating here.

That's also what "huge=always" controls for shmem today IIRC.

>>>
>>>>>>
>>>>>> I consider allocating large folios in shmem/tmpfs on the write path less
>>>>>> controversial than allocating them on the page fault path -- especially
>>>>>> as long as we stay within the size to-be-written.
>>>>>>
>>>>>> I think in RHEL THP on shmem/tmpfs are disabled as default (e.g.,
>>>>>> shmem_enabled=never). Maybe because of some rather undesired
>>>>>> side-effects (maybe some are historical?): I recall issues with VMs with
>>>>>> THP+ memory ballooning, as we cannot reclaim pages of folios if
>>>>>> splitting fails). I assume most of these problematic use cases don't use
>>>>>> tmpfs as an ordinary file system (write()/read()), but mmap() the whole
>>>>>> thing.
>>>>>>
>>>>>> Sadly, I don't find any information about shmem/tmpfs + THP in the RHEL
>>>>>> documentation; most documentation is only concerned about anon THP.
>>>>>> Which makes me conclude that they are not suggested as of now.
>>>>>>
>>>>>> I see more issues with allocating them on the page fault path and not
>>>>>> having a way to disable it -- compared to allocating them on the write()
>>>>>> path.
>>>>>
>>>>> I may not understand your issues. IIUC, you can disable allocating huge
>>>>> pages on the page fault path by using the 'huge=never' mount option or
>>>>> setting shmem_enabled=deny. No?
>>>>
>>>> That's what I am saying: if there is some way to disable it that will
>>>> keep working, great.
>>>
>>> I agree. That aligns with what I recall Hugh requested. However, I
>>> believe if that is the way to go, we shouldn't limit it to tmpfs.
>>> Otherwise, why should tmpfs be prevented from allocating large folios if
>>> other filesystems in the system are allowed to allocate them?
>>
>> See above. On systems without/little swap you might not want them for
>> shmem/tmpfs, but would happily use them elsewhere.
>>
>> The "write() won't waste memory" case is really interesting, the
>> "fallocate cannot free the memory" still exists. A shrinker might help.
> 
> The previous implementation with large folios allocation was wrong
> and was actually wasting memory by rounding up while trying to find
> the order. Matthew already pointed it out [1]. So, with that fixed, we
> should not end up wasting memory.

Again, we should have a clear path forward how we deal with page faults 
and how this fits into the picture.

-- 
Cheers,

David / dhildenb


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ