| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20251002145332.00003f63@huawei.com>
Date: Thu, 2 Oct 2025 14:53:32 +0100
From: Jonathan Cameron <jonathan.cameron@...wei.com>
To: Raghavendra K T <raghavendra.kt@....com>
CC: <AneeshKumar.KizhakeVeetil@....com>, <Michael.Day@....com>,
<akpm@...ux-foundation.org>, <bharata@....com>, <dave.hansen@...el.com>,
<david@...hat.com>, <dongjoo.linux.dev@...il.com>, <feng.tang@...el.com>,
<gourry@...rry.net>, <hannes@...xchg.org>, <honggyu.kim@...com>,
<hughd@...gle.com>, <jhubbard@...dia.com>, <jon.grimm@....com>,
<k.shutemov@...il.com>, <kbusch@...a.com>, <kmanaouil.dev@...il.com>,
<leesuyeon0506@...il.com>, <leillc@...gle.com>, <liam.howlett@...cle.com>,
<linux-kernel@...r.kernel.org>, <linux-mm@...ck.org>,
<mgorman@...hsingularity.net>, <mingo@...hat.com>, <nadav.amit@...il.com>,
<nphamcs@...il.com>, <peterz@...radead.org>, <riel@...riel.com>,
<rientjes@...gle.com>, <rppt@...nel.org>, <santosh.shukla@....com>,
<shivankg@....com>, <shy828301@...il.com>, <sj@...nel.org>, <vbabka@...e.cz>,
<weixugc@...gle.com>, <willy@...radead.org>, <ying.huang@...ux.alibaba.com>,
<ziy@...dia.com>, <dave@...olabs.net>, <yuanchu@...gle.com>,
<kinseyho@...gle.com>, <hdanton@...a.com>, <harry.yoo@...cle.com>
Subject: Re: [RFC PATCH V3 03/17] mm: Scan the mm and create a migration
list
On Thu, 14 Aug 2025 15:32:53 +0000
Raghavendra K T <raghavendra.kt@....com> wrote:
> Since we already have the list of mm_struct in the system, add a module to
> scan each mm that walks VMAs of each mm_struct and scan all the pages
> associated with that.
>
> In the scan path: Check for the recently acccessed pages (PFNs) belonging
Bonus space at start of line.
> to slowtier nodes. Add all those to a list.
>
> Signed-off-by: Raghavendra K T <raghavendra.kt@....com>
A few superficial comments. I'm out of time today to take a closer read
though but thought I'd send these as might not get back to this for a while.
> ---
> mm/kscand.c | 321 +++++++++++++++++++++++++++++++++++++++++++++++++++-
> 1 file changed, 320 insertions(+), 1 deletion(-)
>
> diff --git a/mm/kscand.c b/mm/kscand.c
> index d5b0d3041b0f..1d883d411664 100644
> --- a/mm/kscand.c
> +++ b/mm/kscand.c
> +
> +static bool kscand_eligible_srcnid(int nid)
> +{
> + /* Only promotion case is considered */
> + return !node_is_toptier(nid);
one space before ! not 2.
> +}
> +
> static inline int kscand_has_work(void)
> {
> return !list_empty(&kscand_scan.mm_head);
> @@ -84,11 +122,277 @@ static void kscand_wait_work(void)
> scan_sleep_jiffies);
> }
>
> +static inline bool is_valid_folio(struct folio *folio)
> +{
> + if (!folio || !folio_mapped(folio) || !folio_raw_mapping(folio))
> + return false;
> +
> + if (folio_test_unevictable(folio) || folio_is_zone_device(folio) ||
> + folio_maybe_mapped_shared(folio))
> + return false;
> +
> + return true;
> +}
> +
One blank line only unless local convention matches this.
> +
> +static bool folio_idle_clear_pte_refs_one(struct folio *folio,
> +
> +static int hot_vma_idle_pte_entry(pte_t *pte,
> + unsigned long addr,
> + unsigned long next,
> + struct mm_walk *walk)
> +{
> + struct page *page;
> + struct folio *folio;
> + struct mm_struct *mm;
> + struct vm_area_struct *vma;
> + struct kscand_migrate_info *info;
> + struct kscand_scanctrl *scanctrl = walk->private;
> + int srcnid;
> +
> + scanctrl->address = addr;
> + pte_t pteval = ptep_get(pte);
Mixing declarations and code is a bit messy.
I'd just declare pte_t pteval earlier.
> +
> + if (!pte_present(pteval))
> + return 0;
> +
> + if (pte_none(pteval))
> + return 0;
> +
> + vma = walk->vma;
> + mm = vma->vm_mm;
> +
> + page = pte_page(*pte);
> +
One line only here.
> +
> + folio = page_folio(page);
> + folio_get(folio);
> +
> + if (!is_valid_folio(folio)) {
> + folio_put(folio);
> + return 0;
> + }
> + folio_set_idle(folio);
> + page_idle_clear_pte_refs(page, pte, walk);
> + srcnid = folio_nid(folio);
> +
> +
one blank line.
> + if (!folio_test_lru(folio)) {
Maybe a goto given common code in all exit paths around here.
> + folio_put(folio);
> + return 0;
> + }
> +
> + if (!kscand_eligible_srcnid(srcnid)) {
> + folio_put(folio);
> + return 0;
> + }
> + if (!folio_test_idle(folio) &&
> + (folio_test_young(folio) || folio_test_referenced(folio))) {
Odd looking wrapping. I'd align after ( i.e.
if (!folio_test_idle(folio) &&
(folio_test_young(folio) || folio_test_referenced(folio))) {
> +
> + /* XXX: Leaking memory. TBD: consume info */
> +
> + info = kzalloc(sizeof(struct kscand_migrate_info), GFP_NOWAIT);
> + if (info && scanctrl) {
> + info->pfn = folio_pfn(folio);
> + info->address = addr;
> + list_add_tail(&info->migrate_node, &scanctrl->scan_list);
> + }
> + }
> +
> + folio_put(folio);
> + return 0;
> +}
> +static unsigned long kscand_scan_mm_slot(void)
> +{
> + bool next_mm = false;
> + bool update_mmslot_info = false;
> +
> + unsigned long vma_scanned_size = 0;
> + unsigned long address;
> +
> + struct mm_slot *slot;
> + struct mm_struct *mm;
> + struct vm_area_struct *vma = NULL;
> + struct kscand_mm_slot *mm_slot;
Confusing to have a variable called mm_slot which isn't a struct mm_slot *
and another variable that is.
> +
One line enough.
> +
> + spin_lock(&kscand_mm_lock);
> +
> + if (kscand_scan.mm_slot) {
> + mm_slot = kscand_scan.mm_slot;
> + slot = &mm_slot->slot;
> + address = mm_slot->address;
> + } else {
> + slot = list_entry(kscand_scan.mm_head.next,
> + struct mm_slot, mm_node);
Isn't that
slot = list_first_entry(&kscand_scan.mm_head,
struct mm_slot, mm_node);
Makes little difference other than pointing out it is the first entry.
> + mm_slot = mm_slot_entry(slot, struct kscand_mm_slot, slot);
> + address = mm_slot->address;
Could drop setting address out of the if/else given it's the same in both legs.
Alternatively treat this as a 'get the missing mm_slot' and do
if (!kscand_scan.mm_slot) {
struct mm_slot *next_slot =
list_first_entry(&kscand_scan.mm_head,
struct mm_slot, mm_node);
struct kscand_mm_slot *next_mm_slot =
mm_slot_entry(slot, struct kscand_mm_slot, slot);
kscand_scan.mm_slot = next_mm_slot;
}
mm_slot = kscand_scan.mm_slot;
slot = &mm_slot->slot;
address = mm_slot->address;
> + kscand_scan.mm_slot = mm_slot;
> + }
> +
> + mm = slot->mm;
> + mm_slot->is_scanned = true;
> + spin_unlock(&kscand_mm_lock);
> +
> + if (unlikely(!mmap_read_trylock(mm)))
> + goto outerloop_mmap_lock;
> +
> + if (unlikely(kscand_test_exit(mm))) {
Some of these unlikelys feel like things we should leave to the branch
predictors to figure out.
> + next_mm = true;
> + goto outerloop;
> + }
> +
> + VMA_ITERATOR(vmi, mm, address);
> +
> + for_each_vma(vmi, vma) {
> + kscand_walk_page_vma(vma, &kscand_scanctrl);
> + vma_scanned_size += vma->vm_end - vma->vm_start;
> +
> + if (vma_scanned_size >= kscand_scan_size) {
> + next_mm = true;
> + /* TBD: Add scanned folios to migration list */
> + break;
> + }
> + }
> +
> + if (!vma)
> + address = 0;
> + else
> + address = kscand_scanctrl.address + PAGE_SIZE;
> +
> + update_mmslot_info = true;
> +
> + if (update_mmslot_info)
> + mm_slot->address = address;
> +
> +outerloop:
> + /* exit_mmap will destroy ptes after this */
> + mmap_read_unlock(mm);
> +
> +outerloop_mmap_lock:
This flow is getting a bit too complex for my liking. Maybe factor
everything above here out given we run this in all exit paths. Then
that factored out code can do early returns etc, without the goto
nest. Might be able to use guard() for the spin_lock as well to
allow return instead of goto in next bit.
> + spin_lock(&kscand_mm_lock);
> + WARN_ON(kscand_scan.mm_slot != mm_slot);
> +
> + /*
> + * Release the current mm_slot if this mm is about to die, or
> + * if we scanned all vmas of this mm.
> + */
> + if (unlikely(kscand_test_exit(mm)) || !vma || next_mm) {
> + /*
> + * Make sure that if mm_users is reaching zero while
> + * kscand runs here, kscand_exit will find
> + * mm_slot not pointing to the exiting mm.
> + */
> + if (slot->mm_node.next != &kscand_scan.mm_head) {
> + slot = list_entry(slot->mm_node.next,
> + struct mm_slot, mm_node);
> + kscand_scan.mm_slot =
> + mm_slot_entry(slot, struct kscand_mm_slot, slot);
> +
> + } else
> + kscand_scan.mm_slot = NULL;
> +
> + if (kscand_test_exit(mm)) {
> + kscand_collect_mm_slot(mm_slot);
> + goto end;
> + }
> + }
> + mm_slot->is_scanned = false;
> +end:
+ spin_unlock(&kscand_mm_lock);
> + return 0;
> +}
> +
> static void kscand_do_scan(void)
> {
> unsigned long iter = 0, mms_to_scan;
> @@ -101,7 +405,7 @@ static void kscand_do_scan(void)
> break;
>
> if (kscand_has_work())
> - msleep(100);
> + kscand_scan_mm_slot();
>
> iter++;
>
> @@ -148,6 +452,7 @@ void __kscand_enter(struct mm_struct *mm)
> if (!kscand_slot)
> return;
>
> + kscand_slot->address = 0;
> slot = &kscand_slot->slot;
>
> spin_lock(&kscand_mm_lock);
> @@ -175,6 +480,12 @@ void __kscand_exit(struct mm_struct *mm)
> hash_del(&slot->hash);
> list_del(&slot->mm_node);
> free = 1;
> + } else if (mm_slot && kscand_scan.mm_slot == mm_slot && !mm_slot->is_scanned) {
> + hash_del(&slot->hash);
> + list_del(&slot->mm_node);
> + free = 1;
> + /* TBD: Set the actual next slot */
> + kscand_scan.mm_slot = NULL;
> }
>
> spin_unlock(&kscand_mm_lock);
> @@ -224,6 +535,12 @@ static int stop_kscand(void)
> return 0;
> }
>
> +static inline void init_list(void)
That's a very generic name that is likely to clash with something in future.
kscand_init_list() Or don't bother as not a lot in here so you could just
put them inline.
> +{
> + INIT_LIST_HEAD(&kscand_scanctrl.scan_list);
> + init_waitqueue_head(&kscand_wait);
> +}
> +
> static int __init kscand_init(void)
> {
> int err;
> @@ -234,6 +551,8 @@ static int __init kscand_init(void)
> pr_err("kscand: kmem_cache error");
> return -ENOMEM;
> }
> +
> + init_list();
> err = start_kscand();
> if (err)
> goto err_kscand;
Powered by blists - more mailing lists