| Message ID | 20210303175235.3308220-1-bgeffon@google.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | mm: Allow shmem mappings with MREMAP_DONTUNMAP | expand |
I apologize, this patch didn't include my signed off by, here it is: Signed-off-by: Brian Geffon <bgeffon@google.com> On Wed, Mar 3, 2021 at 9:53 AM Brian Geffon <bgeffon@google.com> wrote: > > Currently MREMAP_DONTUNMAP only accepts private anonymous mappings. This change > will widen the support to include shmem mappings. The primary use case > is to support MREMAP_DONTUNMAP on mappings which may have been created from > a memfd. > > Lokesh Gidra who works on the Android JVM, provided an explanation of how such > a feature will improve Android JVM garbage collection: > "Android is developing a new garbage collector (GC), based on userfaultfd. The > garbage collector will use userfaultfd (uffd) on the java heap during compaction. > On accessing any uncompacted page, the application threads will find it missing, > at which point the thread will create the compacted page and then use UFFDIO_COPY > ioctl to get it mapped and then resume execution. Before starting this compaction, > in a stop-the-world pause the heap will be mremap(MREMAP_DONTUNMAP) so that the > java heap is ready to receive UFFD_EVENT_PAGEFAULT events after resuming execution. > > To speedup mremap operations, pagetable movement was optimized by moving PUD entries > instead of PTE entries [1]. It was necessary as mremap of even modest sized memory > ranges also took several milliseconds, and stopping the application for that long > isn't acceptable in response-time sensitive cases. With UFFDIO_CONTINUE feature [2], > it will be even more efficient to implement this GC, particularly the 'non-moveable' > portions of the heap. It will also help in reducing the need to copy (UFFDIO_COPY) > the pages. However, for this to work, the java heap has to be on a 'shared' vma. > Currently MREMAP_DONTUNMAP only supports private anonymous mappings, this patch will > enable using UFFDIO_CONTINUE for the new userfaultfd-based heap compaction." > > [1] https://lore.kernel.org/linux-mm/20201215030730.NC3CU98e4%25akpm@linux-foundation.org/ > [2] https://lore.kernel.org/linux-mm/20210302000133.272579-1-axelrasmussen@google.com/ > --- > mm/mremap.c | 3 +-- > 1 file changed, 1 insertion(+), 2 deletions(-) > > diff --git a/mm/mremap.c b/mm/mremap.c > index ec8f840399ed..6934d199da54 100644 > --- a/mm/mremap.c > +++ b/mm/mremap.c > @@ -653,8 +653,7 @@ static struct vm_area_struct *vma_to_resize(unsigned long addr, > return ERR_PTR(-EINVAL); > } > > - if (flags & MREMAP_DONTUNMAP && (!vma_is_anonymous(vma) || > - vma->vm_flags & VM_SHARED)) > + if (flags & MREMAP_DONTUNMAP && !(vma_is_anonymous(vma) || vma_is_shmem(vma))) > return ERR_PTR(-EINVAL); > > if (is_vm_hugetlb_page(vma)) > -- > 2.31.0.rc0.254.gbdcc3b1a9d-goog >
On Wed, Mar 3, 2021 at 10:13 AM Brian Geffon <bgeffon@google.com> wrote: > > I apologize, this patch didn't include my signed off by, here it is: > > Signed-off-by: Brian Geffon <bgeffon@google.com> > > > On Wed, Mar 3, 2021 at 9:53 AM Brian Geffon <bgeffon@google.com> wrote: > > > > Currently MREMAP_DONTUNMAP only accepts private anonymous mappings. This change > > will widen the support to include shmem mappings. The primary use case > > is to support MREMAP_DONTUNMAP on mappings which may have been created from > > a memfd. > > > > Lokesh Gidra who works on the Android JVM, provided an explanation of how such > > a feature will improve Android JVM garbage collection: > > "Android is developing a new garbage collector (GC), based on userfaultfd. The > > garbage collector will use userfaultfd (uffd) on the java heap during compaction. > > On accessing any uncompacted page, the application threads will find it missing, > > at which point the thread will create the compacted page and then use UFFDIO_COPY > > ioctl to get it mapped and then resume execution. Before starting this compaction, > > in a stop-the-world pause the heap will be mremap(MREMAP_DONTUNMAP) so that the > > java heap is ready to receive UFFD_EVENT_PAGEFAULT events after resuming execution. > > > > To speedup mremap operations, pagetable movement was optimized by moving PUD entries > > instead of PTE entries [1]. It was necessary as mremap of even modest sized memory > > ranges also took several milliseconds, and stopping the application for that long > > isn't acceptable in response-time sensitive cases. With UFFDIO_CONTINUE feature [2], > > it will be even more efficient to implement this GC, particularly the 'non-moveable' > > portions of the heap. It will also help in reducing the need to copy (UFFDIO_COPY) > > the pages. However, for this to work, the java heap has to be on a 'shared' vma. > > Currently MREMAP_DONTUNMAP only supports private anonymous mappings, this patch will > > enable using UFFDIO_CONTINUE for the new userfaultfd-based heap compaction." > > > > [1] https://lore.kernel.org/linux-mm/20201215030730.NC3CU98e4%25akpm@linux-foundation.org/ > > [2] https://lore.kernel.org/linux-mm/20210302000133.272579-1-axelrasmussen@google.com/ Thanks for the patch, Brian. I've tested mremap(MREMAP_DONTUNMAP) on a memfd memory range. Tested-by: Lokesh Gidra <lokeshgidra@google.com> > > --- > > mm/mremap.c | 3 +-- > > 1 file changed, 1 insertion(+), 2 deletions(-) > > > > diff --git a/mm/mremap.c b/mm/mremap.c > > index ec8f840399ed..6934d199da54 100644 > > --- a/mm/mremap.c > > +++ b/mm/mremap.c > > @@ -653,8 +653,7 @@ static struct vm_area_struct *vma_to_resize(unsigned long addr, > > return ERR_PTR(-EINVAL); > > } > > > > - if (flags & MREMAP_DONTUNMAP && (!vma_is_anonymous(vma) || > > - vma->vm_flags & VM_SHARED)) > > + if (flags & MREMAP_DONTUNMAP && !(vma_is_anonymous(vma) || vma_is_shmem(vma))) > > return ERR_PTR(-EINVAL); > > > > if (is_vm_hugetlb_page(vma)) > > -- > > 2.31.0.rc0.254.gbdcc3b1a9d-goog > >
On Wed, 3 Mar 2021, Brian Geffon wrote: > Currently MREMAP_DONTUNMAP only accepts private anonymous mappings. This change > will widen the support to include shmem mappings. The primary use case > is to support MREMAP_DONTUNMAP on mappings which may have been created from > a memfd. > > Lokesh Gidra who works on the Android JVM, provided an explanation of how such > a feature will improve Android JVM garbage collection: > "Android is developing a new garbage collector (GC), based on userfaultfd. The > garbage collector will use userfaultfd (uffd) on the java heap during compaction. > On accessing any uncompacted page, the application threads will find it missing, > at which point the thread will create the compacted page and then use UFFDIO_COPY > ioctl to get it mapped and then resume execution. Before starting this compaction, > in a stop-the-world pause the heap will be mremap(MREMAP_DONTUNMAP) so that the > java heap is ready to receive UFFD_EVENT_PAGEFAULT events after resuming execution. > > To speedup mremap operations, pagetable movement was optimized by moving PUD entries > instead of PTE entries [1]. It was necessary as mremap of even modest sized memory > ranges also took several milliseconds, and stopping the application for that long > isn't acceptable in response-time sensitive cases. With UFFDIO_CONTINUE feature [2], > it will be even more efficient to implement this GC, particularly the 'non-moveable' > portions of the heap. It will also help in reducing the need to copy (UFFDIO_COPY) > the pages. However, for this to work, the java heap has to be on a 'shared' vma. > Currently MREMAP_DONTUNMAP only supports private anonymous mappings, this patch will > enable using UFFDIO_CONTINUE for the new userfaultfd-based heap compaction." > > [1] https://lore.kernel.org/linux-mm/20201215030730.NC3CU98e4%25akpm@linux-foundation.org/ > [2] https://lore.kernel.org/linux-mm/20210302000133.272579-1-axelrasmussen@google.com/ > --- > mm/mremap.c | 3 +-- > 1 file changed, 1 insertion(+), 2 deletions(-) > > diff --git a/mm/mremap.c b/mm/mremap.c > index ec8f840399ed..6934d199da54 100644 > --- a/mm/mremap.c > +++ b/mm/mremap.c > @@ -653,8 +653,7 @@ static struct vm_area_struct *vma_to_resize(unsigned long addr, > return ERR_PTR(-EINVAL); > } > > - if (flags & MREMAP_DONTUNMAP && (!vma_is_anonymous(vma) || > - vma->vm_flags & VM_SHARED)) > + if (flags & MREMAP_DONTUNMAP && !(vma_is_anonymous(vma) || vma_is_shmem(vma))) > return ERR_PTR(-EINVAL); > > if (is_vm_hugetlb_page(vma)) > -- Yet something to improve... Thanks for extending MREMAP_DONTUNMAP to shmem, but I think this patch goes in the wrong direction, complicating when it should be generalizing: the mremap syscall is about rearranging the user's virtual address space, and is not specific to the underlying anonymous or shmem or file object (though so far you have only been interested in anonymous, and now shmem). A better patch would say: - if (flags & MREMAP_DONTUNMAP && (!vma_is_anonymous(vma) || - vma->vm_flags & VM_SHARED)) + if ((flags & MREMAP_DONTUNMAP) && + (vma->vm_flags & (VM_DONTEXPAND | VM_PFNMAP))) return ERR_PTR(-EINVAL); VM_DONTEXPAND is what has long been used on special mappings, to prevent surprises from mremap changing the size of the mapping: MREMAP_DONTUNMAP introduced a different way of expanding the mapping, so VM_DONTEXPAND still seems a reasonable name (I've thrown in VM_PFNMAP there because it's in the VM_DONTEXPAND test lower down: for safety I guess, and best if both behave the same - though one says -EINVAL and the other -EFAULT). With that VM_DONTEXPAND check in, Dmitry's commit cd544fd1dc92 ("mremap: don't allow MREMAP_DONTUNMAP on special_mappings and aio") can still be reverted (as you agreed on 28th December), even though vma_is_anonymous() will no longer protect it. Was there an mremap(2) man page update for MREMAP_DONTUNMAP? Whether or not there was before, it ought to get one now. Thanks, Hugh
Hi Hugh, Thanks for this suggestion, responses in line. > A better patch would say: > > - if (flags & MREMAP_DONTUNMAP && (!vma_is_anonymous(vma) || > - vma->vm_flags & VM_SHARED)) > + if ((flags & MREMAP_DONTUNMAP) && > + (vma->vm_flags & (VM_DONTEXPAND | VM_PFNMAP))) > return ERR_PTR(-EINVAL); > > VM_DONTEXPAND is what has long been used on special mappings, to prevent > surprises from mremap changing the size of the mapping: MREMAP_DONTUNMAP > introduced a different way of expanding the mapping, so VM_DONTEXPAND > still seems a reasonable name (I've thrown in VM_PFNMAP there because > it's in the VM_DONTEXPAND test lower down: for safety I guess, and best > if both behave the same - though one says -EINVAL and the other -EFAULT). I like this idea and am happy to mail a new patch. I think it may make sense to bring the lower block up here so that it becomes more clear that it's not duplicate code and that the MREMAP_DONTUNMAP case returns -EINVAL and other cases return -EFAULT. I wonder if the -EFAULT error code would have made more sense from the start for both cases, do you have any thoughts on changing the error code at this point? > With that VM_DONTEXPAND check in, Dmitry's commit cd544fd1dc92 > ("mremap: don't allow MREMAP_DONTUNMAP on special_mappings and aio") > can still be reverted (as you agreed on 28th December), even though > vma_is_anonymous() will no longer protect it. I agree and if Dmitry does not have time I would be happy to mail a revert to cd544fd1dc92 as we discussed in [1]. Dmitry, would you like me to do that? > Was there an mremap(2) man page update for MREMAP_DONTUNMAP? > Whether or not there was before, it ought to get one now. Yes, the mremap(2) man page was updated when this flag was added and it will require a further update to reflect this expanded mapping support. Thanks Brian 1. https://lkml.org/lkml/2020/12/28/2340
Hi Brian, Hugh, On 3/16/21 7:18 PM, Brian Geffon wrote: > Hi Hugh, > Thanks for this suggestion, responses in line. > >> A better patch would say: >> >> - if (flags & MREMAP_DONTUNMAP && (!vma_is_anonymous(vma) || >> - vma->vm_flags & VM_SHARED)) >> + if ((flags & MREMAP_DONTUNMAP) && >> + (vma->vm_flags & (VM_DONTEXPAND | VM_PFNMAP))) >> return ERR_PTR(-EINVAL); >> >> VM_DONTEXPAND is what has long been used on special mappings, to prevent >> surprises from mremap changing the size of the mapping: MREMAP_DONTUNMAP >> introduced a different way of expanding the mapping, so VM_DONTEXPAND >> still seems a reasonable name (I've thrown in VM_PFNMAP there because >> it's in the VM_DONTEXPAND test lower down: for safety I guess, and best >> if both behave the same - though one says -EINVAL and the other -EFAULT). > > I like this idea and am happy to mail a new patch. I think it may make > sense to bring the lower block up here so that it becomes more clear > that it's not duplicate code and that the MREMAP_DONTUNMAP case > returns -EINVAL and other cases return -EFAULT. I wonder if the > -EFAULT error code would have made more sense from the start for both > cases, do you have any thoughts on changing the error code at this > point? > >> With that VM_DONTEXPAND check in, Dmitry's commit cd544fd1dc92 >> ("mremap: don't allow MREMAP_DONTUNMAP on special_mappings and aio") >> can still be reverted (as you agreed on 28th December), even though >> vma_is_anonymous() will no longer protect it. > > I agree and if Dmitry does not have time I would be happy to mail a > revert to cd544fd1dc92 as we discussed in [1]. Dmitry, would you like > me to do that? Ack. I was planning to send a patches set that includes the revert, but that's stalled a bit. As the patch just adds excessive checks, but doesn't introduce an issue, I haven't sent it separately. Feel free to revert it :-) Thanks, Dmitry
On Sat, Mar 13, 2021 at 08:19:38PM -0800, Hugh Dickins wrote: > On Wed, 3 Mar 2021, Brian Geffon wrote: > > > Currently MREMAP_DONTUNMAP only accepts private anonymous mappings. This change > > will widen the support to include shmem mappings. The primary use case > > is to support MREMAP_DONTUNMAP on mappings which may have been created from > > a memfd. > > > > Lokesh Gidra who works on the Android JVM, provided an explanation of how such > > a feature will improve Android JVM garbage collection: > > "Android is developing a new garbage collector (GC), based on userfaultfd. The > > garbage collector will use userfaultfd (uffd) on the java heap during compaction. > > On accessing any uncompacted page, the application threads will find it missing, > > at which point the thread will create the compacted page and then use UFFDIO_COPY > > ioctl to get it mapped and then resume execution. Before starting this compaction, > > in a stop-the-world pause the heap will be mremap(MREMAP_DONTUNMAP) so that the > > java heap is ready to receive UFFD_EVENT_PAGEFAULT events after resuming execution. > > > > To speedup mremap operations, pagetable movement was optimized by moving PUD entries > > instead of PTE entries [1]. It was necessary as mremap of even modest sized memory > > ranges also took several milliseconds, and stopping the application for that long > > isn't acceptable in response-time sensitive cases. With UFFDIO_CONTINUE feature [2], > > it will be even more efficient to implement this GC, particularly the 'non-moveable' > > portions of the heap. It will also help in reducing the need to copy (UFFDIO_COPY) > > the pages. However, for this to work, the java heap has to be on a 'shared' vma. > > Currently MREMAP_DONTUNMAP only supports private anonymous mappings, this patch will > > enable using UFFDIO_CONTINUE for the new userfaultfd-based heap compaction." > > > > [1] https://lore.kernel.org/linux-mm/20201215030730.NC3CU98e4%25akpm@linux-foundation.org/ > > [2] https://lore.kernel.org/linux-mm/20210302000133.272579-1-axelrasmussen@google.com/ > > --- > > mm/mremap.c | 3 +-- > > 1 file changed, 1 insertion(+), 2 deletions(-) > > > > diff --git a/mm/mremap.c b/mm/mremap.c > > index ec8f840399ed..6934d199da54 100644 > > --- a/mm/mremap.c > > +++ b/mm/mremap.c > > @@ -653,8 +653,7 @@ static struct vm_area_struct *vma_to_resize(unsigned long addr, > > return ERR_PTR(-EINVAL); > > } > > > > - if (flags & MREMAP_DONTUNMAP && (!vma_is_anonymous(vma) || > > - vma->vm_flags & VM_SHARED)) > > + if (flags & MREMAP_DONTUNMAP && !(vma_is_anonymous(vma) || vma_is_shmem(vma))) > > return ERR_PTR(-EINVAL); > > > > if (is_vm_hugetlb_page(vma)) > > -- > > Yet something to improve... > > Thanks for extending MREMAP_DONTUNMAP to shmem, but I think this patch > goes in the wrong direction, complicating when it should be generalizing: > the mremap syscall is about rearranging the user's virtual address space, > and is not specific to the underlying anonymous or shmem or file object > (though so far you have only been interested in anonymous, and now shmem). > > A better patch would say: > > - if (flags & MREMAP_DONTUNMAP && (!vma_is_anonymous(vma) || > - vma->vm_flags & VM_SHARED)) > + if ((flags & MREMAP_DONTUNMAP) && > + (vma->vm_flags & (VM_DONTEXPAND | VM_PFNMAP))) > return ERR_PTR(-EINVAL); > > VM_DONTEXPAND is what has long been used on special mappings, to prevent > surprises from mremap changing the size of the mapping: MREMAP_DONTUNMAP > introduced a different way of expanding the mapping, so VM_DONTEXPAND > still seems a reasonable name (I've thrown in VM_PFNMAP there because > it's in the VM_DONTEXPAND test lower down: for safety I guess, and best > if both behave the same - though one says -EINVAL and the other -EFAULT). > > With that VM_DONTEXPAND check in, Dmitry's commit cd544fd1dc92 > ("mremap: don't allow MREMAP_DONTUNMAP on special_mappings and aio") > can still be reverted (as you agreed on 28th December), even though > vma_is_anonymous() will no longer protect it. > > Was there an mremap(2) man page update for MREMAP_DONTUNMAP? > Whether or not there was before, it ought to get one now. I'm curious whether it's okay to expand MREMAP_DONTUNMAP to PFNMAP too.. E.g. vfio maps device MMIO regions with both VM_DONTEXPAND|VM_PFNMAP, to me it makes sense to allow the userspace to get such MMIO region remapped/duplicated somewhere else as long as the size won't change. With the strict check as above we kill all those possibilities. Though in that case we'll still need commits like cd544fd1dc92 to protect any customized ->mremap() when they're not supported. Thanks,
On Tue, 16 Mar 2021, Peter Xu wrote: > > I'm curious whether it's okay to expand MREMAP_DONTUNMAP to PFNMAP too.. > E.g. vfio maps device MMIO regions with both VM_DONTEXPAND|VM_PFNMAP, to me it > makes sense to allow the userspace to get such MMIO region remapped/duplicated > somewhere else as long as the size won't change. With the strict check as > above we kill all those possibilities. > > Though in that case we'll still need commits like cd544fd1dc92 to protect any > customized ->mremap() when they're not supported. It would take me many hours to arrive at a conclusion on that: I'm going to spend the time differently, and let whoever ends up wanting MREMAP_DONTUNMAP on a VM_PFNMAP area research the safety of that for existing users. I did look to see what added VM_PFNMAP to the original VM_DONTEXPAND: v2.6.15 commit 4d7672b46244abffea1953e55688c0ea143dd617 Author: Linus Torvalds <torvalds@g5.osdl.org> Date: Fri Dec 16 10:21:23 2005 -0800 Make sure we copy pages inserted with "vm_insert_page()" on fork The logic that decides that a fork() might be able to avoid copying a VM area when it can be re-created by page faults didn't know about the new vm_insert_page() case. Also make some things a bit more anal wrt VM_PFNMAP. Pointed out by Hugh Dickins <hugh@veritas.com> Signed-off-by: Linus Torvalds <torvalds@osdl.org> So apparently I do bear some anal responsibility. My concern seems to have been that in those days an unexpected page fault in a special driver area would end up allocating an anonymous page, which would never get freed later. Nowadays it looks like there's a SIGBUS for the equivalent situation. So probably VM_DONTEXPAND is less important than it was, and the additional VM_PFNMAP safety net no longer necessary, and you could strip it out of the old size check and Brian's new dontunmap check. But I give no guarantee: I don't know VM_PFNMAP users at all well. Hugh
diff --git a/mm/mremap.c b/mm/mremap.c index ec8f840399ed..6934d199da54 100644 --- a/mm/mremap.c +++ b/mm/mremap.c @@ -653,8 +653,7 @@ static struct vm_area_struct *vma_to_resize(unsigned long addr, return ERR_PTR(-EINVAL); } - if (flags & MREMAP_DONTUNMAP && (!vma_is_anonymous(vma) || - vma->vm_flags & VM_SHARED)) + if (flags & MREMAP_DONTUNMAP && !(vma_is_anonymous(vma) || vma_is_shmem(vma))) return ERR_PTR(-EINVAL); if (is_vm_hugetlb_page(vma))