lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <CAK1f24=XFHnnPQdM8vLF7uis6hUQCix5ZGAFg0=ReZwm5+qzpg@mail.gmail.com>
Date: Tue, 21 Jan 2025 20:57:11 +0800
From: Lance Yang <ioworker0@...il.com>
To: David Hildenbrand <david@...hat.com>
Cc: Barry Song <21cnbao@...il.com>, akpm@...ux-foundation.org, ryan.roberts@....com, 
	dev.jain@....com, shy828301@...il.com, ziy@...dia.com, libang.li@...group.com, 
	baolin.wang@...ux.alibaba.com, linux-kernel@...r.kernel.org, 
	linux-mm@...ck.org, Mingzhe Yang <mingzhe.yang@...com>
Subject: Re: [RFC 2/2] mm/mthp: relax anon mTHP PTE Mapping restrictions

On Mon, Jan 20, 2025 at 9:38 PM David Hildenbrand <david@...hat.com> wrote:
>
> On 20.01.25 14:20, Lance Yang wrote:
> > On Mon, Jan 20, 2025 at 10:15 AM Barry Song <21cnbao@...il.com> wrote:
> >>
> >> On Mon, Jan 20, 2025 at 2:23 PM Lance Yang <ioworker0@...il.com> wrote:
> >>>
> >>> Previously, mTHP could only be mapped to PTEs where all entries were none.
> >>> With this change, PTEs within the range mapping the demand-zero page can
> >>> now be treated as `pte_none` and remapped to a new mTHP, providing more
> >>> opportunities to take advantage of mTHP.
> >>>
> >>> Signed-off-by: Mingzhe Yang <mingzhe.yang@...com>
> >>> Signed-off-by: Lance Yang <ioworker0@...il.com>
> >>> ---
> >>>   mm/memory.c | 11 +++++++++--
> >>>   1 file changed, 9 insertions(+), 2 deletions(-)
> >>>
> >>> diff --git a/mm/memory.c b/mm/memory.c
> >>> index 4e148309b3e0..99ec75c6f0fe 100644
> >>> --- a/mm/memory.c
> >>> +++ b/mm/memory.c
> >>> @@ -4815,7 +4815,8 @@ static struct folio *alloc_anon_folio(struct vm_fault *vmf)
> >>>          order = highest_order(orders);
> >>>          while (orders) {
> >>>                  addr = ALIGN_DOWN(vmf->address, PAGE_SIZE << order);
> >>> -               if (pte_range_none(pte + pte_index(addr), 1 << order))
> >>> +               if (pte_range_none_or_zeropfn(pte + pte_index(addr), 1 << order,
> >>> +                                             NULL))
> >>>                          break;
> >>>                  order = next_order(&orders, order);
> >>>          }
> >>> @@ -4867,6 +4868,7 @@ static vm_fault_t do_anonymous_page(struct vm_fault *vmf)
> >>>   {
> >>>          struct vm_area_struct *vma = vmf->vma;
> >>>          unsigned long addr = vmf->address;
> >>> +       bool any_zeropfn = false;
> >>>          struct folio *folio;
> >>>          vm_fault_t ret = 0;
> >>>          int nr_pages = 1;
> >>> @@ -4939,7 +4941,8 @@ static vm_fault_t do_anonymous_page(struct vm_fault *vmf)
> >>>          if (nr_pages == 1 && vmf_pte_changed(vmf)) {
> >>>                  update_mmu_tlb(vma, addr, vmf->pte);
> >>>                  goto release;
> >>> -       } else if (nr_pages > 1 && !pte_range_none(vmf->pte, nr_pages)) {
> >>> +       } else if (nr_pages > 1 && !pte_range_none_or_zeropfn(
> >>> +                                          vmf->pte, nr_pages, &any_zeropfn)) {
> >>>                  update_mmu_tlb_range(vma, addr, vmf->pte, nr_pages);
> >>>                  goto release;
> >>>          }
> >>> @@ -4965,6 +4968,10 @@ static vm_fault_t do_anonymous_page(struct vm_fault *vmf)
> >>>                  entry = pte_mkuffd_wp(entry);
> >>>          set_ptes(vma->vm_mm, addr, vmf->pte, entry, nr_pages);
> >>>
> >>> +       /* At least one PTE was mapped to the zero page */
> >>> +       if (nr_pages > 1 && any_zeropfn)
> >>> +               flush_tlb_range(vma, addr, addr + (nr_pages * PAGE_SIZE));
> >>
> >
> > Thanks for taking time to review!
> >
> >> Do we also need mmu_notifier?
> >>
> >>          mmu_notifier_range_init(...)
> >>          mmu_notifier_invalidate_range_start(&range);
> >>
> >> By the way, this is getting much more complex, but are we seeing any real
> >> benefits? I’ve tested this before, and it seems that zeropfn-mapped
> >> anonymous folios are quite rare.
> >
> > Hmm... Agreed that it's getting more complex. I don't have any data
> > showing real benefits yet, so let's put this patch aside for now until I do.
>

Thanks so much for the lesson! It's really helpful to me ;)

> The motivation for the huge zeropage case was that we would install the
> huge zeropage on read fault, to then PTE-map it on write fault and only
> COW a single PTE. It would require khugepaged to collapse in order to
> get a THP again.

One thing I’d like to do is adjust the patch[1] and resend that out.

Case1: After a read-then-immediately-write operation, we end up with a
PTE-mapped huge zeropage and one PTE-mapped page.

Case 2: Most PTEs within the PMD are set to none.

In either case, we can pre-zero the new THP before khugepaged
collapses the PMD, which will reduce the process-visible downtime ;)

Do you see this as a useful improvement?

[1] https://lore.kernel.org/linux-mm/20240308074921.45752-1-ioworker0@gmail.com/

>
> So read-then-immediately-write would not give us a PMD-mapped THP with
> the huge shared zeropage enabled, but would give us a PMD-mapped THP
> with the huge shared zeropage disabled, which is rather inconsistent.
>
> In case of mTHP, the behavior is at least always the same, and the
> performance gain is likely not as huge as in the PMD case. Maybe we can
> just wait until khugepaged will fix it up, where a lot of that
> complexity will reside either way.

Yeah, It’s better to let khugepaged handle that and keep the complexity on
its side.

>
> So I agree that it might be useful, but also that there must be a good
> reason to have that complexity here.
>
>
> It might also be a valid question if we should even always use the
> shared zeropage on read faults with mTHP enabled, because maybe it could
> be more efficient to avoid the TLB flush when ripping out the shared
> zeropage etc and just give it an mTHP, if our shrinker works as expected

It sounds good to me ;p

Perhaps we could add a switch to just give it an mTHP on read faults with
mTHP enabled, instead of always using the shared zeropage. Would this
switch be per-process or per-cgroup? If it makes sense, I’d like to
get involved.

>
> Using the huge zeropage is rather "obviously good" because it also
> reduces TLB pressure + page table walk and can be zapped fairly easily
> and efficiently to install a fresh PMD-mapped THP.

Yep, as for the huge zeropage, it’s indeed better than the shared zeropage for
reducing TLB pressure and page table walks. TBH, the shared zeropage is less
effective for mTHP than the huge zeropage is for THP.

Thanks,
Lance


>
> --
> Cheers,
>
> David / dhildenb
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ