lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20251002145332.00003f63@huawei.com>
Date: Thu, 2 Oct 2025 14:53:32 +0100
From: Jonathan Cameron <jonathan.cameron@...wei.com>
To: Raghavendra K T <raghavendra.kt@....com>
CC: <AneeshKumar.KizhakeVeetil@....com>, <Michael.Day@....com>,
	<akpm@...ux-foundation.org>, <bharata@....com>, <dave.hansen@...el.com>,
	<david@...hat.com>, <dongjoo.linux.dev@...il.com>, <feng.tang@...el.com>,
	<gourry@...rry.net>, <hannes@...xchg.org>, <honggyu.kim@...com>,
	<hughd@...gle.com>, <jhubbard@...dia.com>, <jon.grimm@....com>,
	<k.shutemov@...il.com>, <kbusch@...a.com>, <kmanaouil.dev@...il.com>,
	<leesuyeon0506@...il.com>, <leillc@...gle.com>, <liam.howlett@...cle.com>,
	<linux-kernel@...r.kernel.org>, <linux-mm@...ck.org>,
	<mgorman@...hsingularity.net>, <mingo@...hat.com>, <nadav.amit@...il.com>,
	<nphamcs@...il.com>, <peterz@...radead.org>, <riel@...riel.com>,
	<rientjes@...gle.com>, <rppt@...nel.org>, <santosh.shukla@....com>,
	<shivankg@....com>, <shy828301@...il.com>, <sj@...nel.org>, <vbabka@...e.cz>,
	<weixugc@...gle.com>, <willy@...radead.org>, <ying.huang@...ux.alibaba.com>,
	<ziy@...dia.com>, <dave@...olabs.net>, <yuanchu@...gle.com>,
	<kinseyho@...gle.com>, <hdanton@...a.com>, <harry.yoo@...cle.com>
Subject: Re: [RFC PATCH V3 03/17] mm: Scan the mm and create a migration
 list

On Thu, 14 Aug 2025 15:32:53 +0000
Raghavendra K T <raghavendra.kt@....com> wrote:

> Since we already have the list of mm_struct in the system, add a module to
> scan each mm that walks VMAs of each mm_struct and scan all the pages
> associated with that.
> 
>  In the scan path: Check for the recently acccessed pages (PFNs) belonging

Bonus space at start of line.

> to slowtier nodes. Add all those to a list.
> 
> Signed-off-by: Raghavendra K T <raghavendra.kt@....com>

A few superficial comments. I'm out of time today to take a closer read
though but thought I'd send these as might not get back to this for a while.

> ---
>  mm/kscand.c | 321 +++++++++++++++++++++++++++++++++++++++++++++++++++-
>  1 file changed, 320 insertions(+), 1 deletion(-)
> 
> diff --git a/mm/kscand.c b/mm/kscand.c
> index d5b0d3041b0f..1d883d411664 100644
> --- a/mm/kscand.c
> +++ b/mm/kscand.c

> +
> +static bool kscand_eligible_srcnid(int nid)
> +{
> +	/* Only promotion case is considered */
> +	return  !node_is_toptier(nid);

one space before ! not 2.


> +}
> +
>  static inline int kscand_has_work(void)
>  {
>  	return !list_empty(&kscand_scan.mm_head);
> @@ -84,11 +122,277 @@ static void kscand_wait_work(void)
>  			scan_sleep_jiffies);
>  }
>  
> +static inline bool is_valid_folio(struct folio *folio)
> +{
> +	if (!folio || !folio_mapped(folio) || !folio_raw_mapping(folio))
> +		return false;
> +
> +	if (folio_test_unevictable(folio) || folio_is_zone_device(folio) ||
> +		folio_maybe_mapped_shared(folio))
> +		return false;
> +
> +	return true;
> +}
> +
One blank line only unless local convention matches this.
> +
> +static bool folio_idle_clear_pte_refs_one(struct folio *folio,

> +
> +static int hot_vma_idle_pte_entry(pte_t *pte,
> +				 unsigned long addr,
> +				 unsigned long next,
> +				 struct mm_walk *walk)
> +{
> +	struct page *page;
> +	struct folio *folio;
> +	struct mm_struct *mm;
> +	struct vm_area_struct *vma;
> +	struct kscand_migrate_info *info;
> +	struct kscand_scanctrl *scanctrl = walk->private;
> +	int srcnid;
> +
> +	scanctrl->address = addr;
> +	pte_t pteval = ptep_get(pte);

Mixing declarations and code is a bit messy.
I'd just declare pte_t pteval earlier.


> +
> +	if (!pte_present(pteval))
> +		return 0;
> +
> +	if (pte_none(pteval))
> +		return 0;
> +
> +	vma = walk->vma;
> +	mm = vma->vm_mm;
> +
> +	page = pte_page(*pte);
> +
One line only here.
> +
> +	folio = page_folio(page);
> +	folio_get(folio);
> +
> +	if (!is_valid_folio(folio)) {
> +		folio_put(folio);
> +		return 0;
> +	}
> +	folio_set_idle(folio);
> +	page_idle_clear_pte_refs(page, pte, walk);
> +	srcnid = folio_nid(folio);
> +
> +

one blank line.

> +	if (!folio_test_lru(folio)) {

Maybe a goto given common code in all exit paths around here.

> +		folio_put(folio);
> +		return 0;
> +	}
> +
> +	if (!kscand_eligible_srcnid(srcnid)) {
> +		folio_put(folio);
> +		return 0;
> +	}
> +	if (!folio_test_idle(folio) &&
> +		(folio_test_young(folio) || folio_test_referenced(folio))) {

Odd looking wrapping. I'd align after ( i.e.
	if (!folio_test_idle(folio) &&
	    (folio_test_young(folio) || folio_test_referenced(folio))) {

> +
> +		/* XXX: Leaking memory. TBD: consume info */
> +
> +		info = kzalloc(sizeof(struct kscand_migrate_info), GFP_NOWAIT);
> +		if (info && scanctrl) {
> +			info->pfn = folio_pfn(folio);
> +			info->address = addr;
> +			list_add_tail(&info->migrate_node, &scanctrl->scan_list);
> +		}
> +	}
> +
> +	folio_put(folio);
> +	return 0;
> +}

> +static unsigned long kscand_scan_mm_slot(void)
> +{
> +	bool next_mm = false;
> +	bool update_mmslot_info = false;
> +
> +	unsigned long vma_scanned_size = 0;
> +	unsigned long address;
> +
> +	struct mm_slot *slot;
> +	struct mm_struct *mm;
> +	struct vm_area_struct *vma = NULL;
> +	struct kscand_mm_slot *mm_slot;

Confusing to have a variable called mm_slot which isn't a struct mm_slot *
and another variable that is.

> +

One line enough.

> +
> +	spin_lock(&kscand_mm_lock);
> +
> +	if (kscand_scan.mm_slot) {
> +		mm_slot = kscand_scan.mm_slot;
> +		slot = &mm_slot->slot;
> +		address = mm_slot->address;
> +	} else {
> +		slot = list_entry(kscand_scan.mm_head.next,
> +				     struct mm_slot, mm_node);

Isn't that
		slot = list_first_entry(&kscand_scan.mm_head,
					struct mm_slot, mm_node);

Makes little difference other than pointing out it is the first entry.

> +		mm_slot = mm_slot_entry(slot, struct kscand_mm_slot, slot);
> +		address = mm_slot->address;

Could drop setting address out of the if/else given it's the same in both legs.

Alternatively treat this as a 'get the missing mm_slot' and do

	if (!kscand_scan.mm_slot) {
		struct mm_slot *next_slot =
			list_first_entry(&kscand_scan.mm_head,
					 struct mm_slot, mm_node);
		struct kscand_mm_slot *next_mm_slot = 
			mm_slot_entry(slot, struct kscand_mm_slot, slot);
		kscand_scan.mm_slot = next_mm_slot;
	}

	mm_slot = kscand_scan.mm_slot;
	slot = &mm_slot->slot;
	address = mm_slot->address;





> +		kscand_scan.mm_slot = mm_slot;
> +	}
> +
> +	mm = slot->mm;
> +	mm_slot->is_scanned = true;
> +	spin_unlock(&kscand_mm_lock);
> +
> +	if (unlikely(!mmap_read_trylock(mm)))
> +		goto outerloop_mmap_lock;
> +
> +	if (unlikely(kscand_test_exit(mm))) {

Some of these unlikelys feel like things we should leave to the branch
predictors to figure out.

> +		next_mm = true;
> +		goto outerloop;
> +	}
> +
> +	VMA_ITERATOR(vmi, mm, address);
> +
> +	for_each_vma(vmi, vma) {
> +		kscand_walk_page_vma(vma, &kscand_scanctrl);
> +		vma_scanned_size += vma->vm_end - vma->vm_start;
> +
> +		if (vma_scanned_size >= kscand_scan_size) {
> +			next_mm = true;
> +			/* TBD: Add scanned folios to migration list */
> +			break;
> +		}
> +	}
> +
> +	if (!vma)
> +		address = 0;
> +	else
> +		address = kscand_scanctrl.address + PAGE_SIZE;
> +
> +	update_mmslot_info = true;
> +
> +	if (update_mmslot_info)
> +		mm_slot->address = address;
> +
> +outerloop:
> +	/* exit_mmap will destroy ptes after this */
> +	mmap_read_unlock(mm);
> +
> +outerloop_mmap_lock:

This flow is getting a bit too complex for my liking.  Maybe factor
everything above here out given we run this in all exit paths. Then
that factored out code can do early returns etc, without the goto
nest.  Might be able to use guard() for the spin_lock as well to
allow return instead of goto in next bit.

> +	spin_lock(&kscand_mm_lock);
> +	WARN_ON(kscand_scan.mm_slot != mm_slot);
> +
> +	/*
> +	 * Release the current mm_slot if this mm is about to die, or
> +	 * if we scanned all vmas of this mm.
> +	 */
> +	if (unlikely(kscand_test_exit(mm)) || !vma || next_mm) {
> +		/*
> +		 * Make sure that if mm_users is reaching zero while
> +		 * kscand runs here, kscand_exit will find
> +		 * mm_slot not pointing to the exiting mm.
> +		 */
> +		if (slot->mm_node.next != &kscand_scan.mm_head) {
> +			slot = list_entry(slot->mm_node.next,
> +					struct mm_slot, mm_node);
> +			kscand_scan.mm_slot =
> +				mm_slot_entry(slot, struct kscand_mm_slot, slot);
> +
> +		} else
> +			kscand_scan.mm_slot = NULL;
> +
> +		if (kscand_test_exit(mm)) {
> +			kscand_collect_mm_slot(mm_slot);
> +			goto end;
> +		}
> +	}
> +	mm_slot->is_scanned = false;
> +end:
 +	spin_unlock(&kscand_mm_lock);
> +	return 0;
> +}
> +
>  static void kscand_do_scan(void)
>  {
>  	unsigned long iter = 0, mms_to_scan;
> @@ -101,7 +405,7 @@ static void kscand_do_scan(void)
>  			break;
>  
>  		if (kscand_has_work())
> -			msleep(100);
> +			kscand_scan_mm_slot();
>  
>  		iter++;
>  
> @@ -148,6 +452,7 @@ void __kscand_enter(struct mm_struct *mm)
>  	if (!kscand_slot)
>  		return;
>  
> +	kscand_slot->address = 0;
>  	slot = &kscand_slot->slot;
>  
>  	spin_lock(&kscand_mm_lock);
> @@ -175,6 +480,12 @@ void __kscand_exit(struct mm_struct *mm)
>  		hash_del(&slot->hash);
>  		list_del(&slot->mm_node);
>  		free = 1;
> +	} else if (mm_slot && kscand_scan.mm_slot == mm_slot && !mm_slot->is_scanned) {
> +		hash_del(&slot->hash);
> +		list_del(&slot->mm_node);
> +		free = 1;
> +		/* TBD: Set the actual next slot */
> +		kscand_scan.mm_slot = NULL;
>  	}
>  
>  	spin_unlock(&kscand_mm_lock);
> @@ -224,6 +535,12 @@ static int stop_kscand(void)
>  	return 0;
>  }
>  
> +static inline void init_list(void)

That's a very generic name that is likely to clash with something in future.
kscand_init_list()  Or don't bother as not a lot in here so you could just
put them inline.

> +{
> +	INIT_LIST_HEAD(&kscand_scanctrl.scan_list);
> +	init_waitqueue_head(&kscand_wait);
> +}
> +
>  static int __init kscand_init(void)
>  {
>  	int err;
> @@ -234,6 +551,8 @@ static int __init kscand_init(void)
>  		pr_err("kscand: kmem_cache error");
>  		return -ENOMEM;
>  	}
> +
> +	init_list();
>  	err = start_kscand();
>  	if (err)
>  		goto err_kscand;


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ