Message ID | 92aba2b319a734913f18ba41e7d86a265f0b84e2.1733305182.git.zhengqi.arch@bytedance.com (mailing list archive) |
---|---|
State | New |
Headers | show |
Series | synchronously scan and reclaim empty user PTE pages | expand |
On Wed, 4 Dec 2024 19:09:49 +0800 Qi Zheng <zhengqi.arch@bytedance.com> wrote: > Now in order to pursue high performance, applications mostly use some > high-performance user-mode memory allocators, such as jemalloc or > tcmalloc. These memory allocators use madvise(MADV_DONTNEED or MADV_FREE) > to release physical memory, but neither MADV_DONTNEED nor MADV_FREE will > release page table memory, which may cause huge page table memory usage. > > The following are a memory usage snapshot of one process which actually > happened on our server: > > VIRT: 55t > RES: 590g > VmPTE: 110g > > In this case, most of the page table entries are empty. For such a PTE > page where all entries are empty, we can actually free it back to the > system for others to use. > > As a first step, this commit aims to synchronously free the empty PTE > pages in madvise(MADV_DONTNEED) case. We will detect and free empty PTE > pages in zap_pte_range(), and will add zap_details.reclaim_pt to exclude > cases other than madvise(MADV_DONTNEED). > > Once an empty PTE is detected, we first try to hold the pmd lock within > the pte lock. If successful, we clear the pmd entry directly (fast path). > Otherwise, we wait until the pte lock is released, then re-hold the pmd > and pte locks and loop PTRS_PER_PTE times to check pte_none() to re-detect > whether the PTE page is empty and free it (slow path). "wait until the pte lock is released" sounds nasty. I'm not immediately seeing the code which does this. PLease provide more description? > For other cases such as madvise(MADV_FREE), consider scanning and freeing > empty PTE pages asynchronously in the future. > > The following code snippet can show the effect of optimization: > > mmap 50G > while (1) { > for (; i < 1024 * 25; i++) { > touch 2M memory > madvise MADV_DONTNEED 2M > } > } > > As we can see, the memory usage of VmPTE is reduced: > > before after > VIRT 50.0 GB 50.0 GB > RES 3.1 MB 3.1 MB > VmPTE 102640 KB 240 KB > > ... > > --- a/mm/Kconfig > +++ b/mm/Kconfig > @@ -1301,6 +1301,21 @@ config ARCH_HAS_USER_SHADOW_STACK > The architecture has hardware support for userspace shadow call > stacks (eg, x86 CET, arm64 GCS or RISC-V Zicfiss). > > +config ARCH_SUPPORTS_PT_RECLAIM > + def_bool n > + > +config PT_RECLAIM > + bool "reclaim empty user page table pages" > + default y > + depends on ARCH_SUPPORTS_PT_RECLAIM && MMU && SMP > + select MMU_GATHER_RCU_TABLE_FREE > + help > + Try to reclaim empty user page table pages in paths other than munmap > + and exit_mmap path. > + > + Note: now only empty user PTE page table pages will be reclaimed. > + Why is this optional? What is the case for permitting PT_RECLAIM to e disabled? > source "mm/damon/Kconfig" > > endmenu > > ... > > +void try_to_free_pte(struct mm_struct *mm, pmd_t *pmd, unsigned long addr, > + struct mmu_gather *tlb) > +{ > + pmd_t pmdval; > + spinlock_t *pml, *ptl; > + pte_t *start_pte, *pte; > + int i; > + > + pml = pmd_lock(mm, pmd); > + start_pte = pte_offset_map_rw_nolock(mm, pmd, addr, &pmdval, &ptl); > + if (!start_pte) > + goto out_ptl; > + if (ptl != pml) > + spin_lock_nested(ptl, SINGLE_DEPTH_NESTING); > + > + /* Check if it is empty PTE page */ > + for (i = 0, pte = start_pte; i < PTRS_PER_PTE; i++, pte++) { > + if (!pte_none(ptep_get(pte))) > + goto out_ptl; > + } Are there any worst-case situations in which we'll spend uncceptable mounts of time running this loop? > + pte_unmap(start_pte); > + > + pmd_clear(pmd); > + > + if (ptl != pml) > + spin_unlock(ptl); > + spin_unlock(pml); > + > + free_pte(mm, addr, tlb, pmdval); > + > + return; > +out_ptl: > + if (start_pte) > + pte_unmap_unlock(start_pte, ptl); > + if (ptl != pml) > + spin_unlock(pml); > +} > -- > 2.20.1
On Wed, Dec 4, 2024 at 11:36 PM Andrew Morton <akpm@linux-foundation.org> wrote: > > On Wed, 4 Dec 2024 19:09:49 +0800 Qi Zheng <zhengqi.arch@bytedance.com> wrote: > > As a first step, this commit aims to synchronously free the empty PTE > > pages in madvise(MADV_DONTNEED) case. We will detect and free empty PTE > > pages in zap_pte_range(), and will add zap_details.reclaim_pt to exclude > > cases other than madvise(MADV_DONTNEED). > > > > Once an empty PTE is detected, we first try to hold the pmd lock within > > the pte lock. If successful, we clear the pmd entry directly (fast path). > > Otherwise, we wait until the pte lock is released, then re-hold the pmd > > and pte locks and loop PTRS_PER_PTE times to check pte_none() to re-detect > > whether the PTE page is empty and free it (slow path). > > "wait until the pte lock is released" sounds nasty. I'm not > immediately seeing the code which does this. PLease provide more > description? It's worded a bit confusingly, but it's fine; a better description might be "if try_get_and_clear_pmd() fails to trylock the PMD lock (against lock order), then later, after we have dropped the PTE lock, try_to_free_pte() takes the PMD and PTE locks in the proper lock order". The "wait until the pte lock is released" part is just supposed to mean that the try_to_free_pte() call is placed after the point where the PTE lock has been dropped (which makes it possible to take the PMD lock). It does not refer to waiting for other threads. > > +void try_to_free_pte(struct mm_struct *mm, pmd_t *pmd, unsigned long addr, > > + struct mmu_gather *tlb) > > +{ > > + pmd_t pmdval; > > + spinlock_t *pml, *ptl; > > + pte_t *start_pte, *pte; > > + int i; > > + > > + pml = pmd_lock(mm, pmd); > > + start_pte = pte_offset_map_rw_nolock(mm, pmd, addr, &pmdval, &ptl); > > + if (!start_pte) > > + goto out_ptl; > > + if (ptl != pml) > > + spin_lock_nested(ptl, SINGLE_DEPTH_NESTING); > > + > > + /* Check if it is empty PTE page */ > > + for (i = 0, pte = start_pte; i < PTRS_PER_PTE; i++, pte++) { > > + if (!pte_none(ptep_get(pte))) > > + goto out_ptl; > > + } > > Are there any worst-case situations in which we'll spend uncceptable > mounts of time running this loop? This loop is just over a single page table, that should be no more expensive than what we already do in other common paths like zap_pte_range().
On 2024/12/5 06:47, Jann Horn wrote: > On Wed, Dec 4, 2024 at 11:36 PM Andrew Morton <akpm@linux-foundation.org> wrote: >> >> On Wed, 4 Dec 2024 19:09:49 +0800 Qi Zheng <zhengqi.arch@bytedance.com> wrote: >>> As a first step, this commit aims to synchronously free the empty PTE >>> pages in madvise(MADV_DONTNEED) case. We will detect and free empty PTE >>> pages in zap_pte_range(), and will add zap_details.reclaim_pt to exclude >>> cases other than madvise(MADV_DONTNEED). >>> >>> Once an empty PTE is detected, we first try to hold the pmd lock within >>> the pte lock. If successful, we clear the pmd entry directly (fast path). >>> Otherwise, we wait until the pte lock is released, then re-hold the pmd >>> and pte locks and loop PTRS_PER_PTE times to check pte_none() to re-detect >>> whether the PTE page is empty and free it (slow path). >> >> "wait until the pte lock is released" sounds nasty. I'm not >> immediately seeing the code which does this. PLease provide more >> description? > > It's worded a bit confusingly, but it's fine; a better description > might be "if try_get_and_clear_pmd() fails to trylock the PMD lock > (against lock order), then later, after we have dropped the PTE lock, > try_to_free_pte() takes the PMD and PTE locks in the proper lock > order". > > The "wait until the pte lock is released" part is just supposed to > mean that the try_to_free_pte() call is placed after the point where > the PTE lock has been dropped (which makes it possible to take the PMD > lock). It does not refer to waiting for other threads. Yes. Thanks for helping to clarify my vague statement! > >>> +void try_to_free_pte(struct mm_struct *mm, pmd_t *pmd, unsigned long addr, >>> + struct mmu_gather *tlb) >>> +{ >>> + pmd_t pmdval; >>> + spinlock_t *pml, *ptl; >>> + pte_t *start_pte, *pte; >>> + int i; >>> + >>> + pml = pmd_lock(mm, pmd); >>> + start_pte = pte_offset_map_rw_nolock(mm, pmd, addr, &pmdval, &ptl); >>> + if (!start_pte) >>> + goto out_ptl; >>> + if (ptl != pml) >>> + spin_lock_nested(ptl, SINGLE_DEPTH_NESTING); >>> + >>> + /* Check if it is empty PTE page */ >>> + for (i = 0, pte = start_pte; i < PTRS_PER_PTE; i++, pte++) { >>> + if (!pte_none(ptep_get(pte))) >>> + goto out_ptl; >>> + } >> >> Are there any worst-case situations in which we'll spend uncceptable >> mounts of time running this loop? > > This loop is just over a single page table, that should be no more > expensive than what we already do in other common paths like > zap_pte_range(). Agree.
On 2024/12/5 06:36, Andrew Morton wrote: > On Wed, 4 Dec 2024 19:09:49 +0800 Qi Zheng <zhengqi.arch@bytedance.com> wrote: > [...] >> >> --- a/mm/Kconfig >> +++ b/mm/Kconfig >> @@ -1301,6 +1301,21 @@ config ARCH_HAS_USER_SHADOW_STACK >> The architecture has hardware support for userspace shadow call >> stacks (eg, x86 CET, arm64 GCS or RISC-V Zicfiss). >> >> +config ARCH_SUPPORTS_PT_RECLAIM >> + def_bool n >> + >> +config PT_RECLAIM >> + bool "reclaim empty user page table pages" >> + default y >> + depends on ARCH_SUPPORTS_PT_RECLAIM && MMU && SMP >> + select MMU_GATHER_RCU_TABLE_FREE >> + help >> + Try to reclaim empty user page table pages in paths other than munmap >> + and exit_mmap path. >> + >> + Note: now only empty user PTE page table pages will be reclaimed. >> + > > Why is this optional? What is the case for permitting PT_RECLAIM to e > disabled? > To reclaim the empty PTE pages, we need to free the PTE page through RCU, which requires modifying the implementation in each architecture. Making it an option will make it easier to gradually add support for each architecture. And for now, we have only added support for x86.
diff --git a/include/linux/mm.h b/include/linux/mm.h index 12fb3b9334269..8f3c824ee5a77 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -2319,6 +2319,7 @@ extern void pagefault_out_of_memory(void); struct zap_details { struct folio *single_folio; /* Locked folio to be unmapped */ bool even_cows; /* Zap COWed private pages too? */ + bool reclaim_pt; /* Need reclaim page tables? */ zap_flags_t zap_flags; /* Extra flags for zapping */ }; diff --git a/mm/Kconfig b/mm/Kconfig index 84000b0168086..7949ab121070f 100644 --- a/mm/Kconfig +++ b/mm/Kconfig @@ -1301,6 +1301,21 @@ config ARCH_HAS_USER_SHADOW_STACK The architecture has hardware support for userspace shadow call stacks (eg, x86 CET, arm64 GCS or RISC-V Zicfiss). +config ARCH_SUPPORTS_PT_RECLAIM + def_bool n + +config PT_RECLAIM + bool "reclaim empty user page table pages" + default y + depends on ARCH_SUPPORTS_PT_RECLAIM && MMU && SMP + select MMU_GATHER_RCU_TABLE_FREE + help + Try to reclaim empty user page table pages in paths other than munmap + and exit_mmap path. + + Note: now only empty user PTE page table pages will be reclaimed. + + source "mm/damon/Kconfig" endmenu diff --git a/mm/Makefile b/mm/Makefile index dba52bb0da8ab..850386a67b3e0 100644 --- a/mm/Makefile +++ b/mm/Makefile @@ -146,3 +146,4 @@ obj-$(CONFIG_GENERIC_IOREMAP) += ioremap.o obj-$(CONFIG_SHRINKER_DEBUG) += shrinker_debug.o obj-$(CONFIG_EXECMEM) += execmem.o obj-$(CONFIG_TMPFS_QUOTA) += shmem_quota.o +obj-$(CONFIG_PT_RECLAIM) += pt_reclaim.o diff --git a/mm/internal.h b/mm/internal.h index 74713b44bedb6..3958a965e56e1 100644 --- a/mm/internal.h +++ b/mm/internal.h @@ -1545,4 +1545,23 @@ int walk_page_range_mm(struct mm_struct *mm, unsigned long start, unsigned long end, const struct mm_walk_ops *ops, void *private); +/* pt_reclaim.c */ +bool try_get_and_clear_pmd(struct mm_struct *mm, pmd_t *pmd, pmd_t *pmdval); +void free_pte(struct mm_struct *mm, unsigned long addr, struct mmu_gather *tlb, + pmd_t pmdval); +void try_to_free_pte(struct mm_struct *mm, pmd_t *pmd, unsigned long addr, + struct mmu_gather *tlb); + +#ifdef CONFIG_PT_RECLAIM +bool reclaim_pt_is_enabled(unsigned long start, unsigned long end, + struct zap_details *details); +#else +static inline bool reclaim_pt_is_enabled(unsigned long start, unsigned long end, + struct zap_details *details) +{ + return false; +} +#endif /* CONFIG_PT_RECLAIM */ + + #endif /* __MM_INTERNAL_H */ diff --git a/mm/madvise.c b/mm/madvise.c index 0ceae57da7dad..49f3a75046f63 100644 --- a/mm/madvise.c +++ b/mm/madvise.c @@ -851,7 +851,12 @@ static int madvise_free_single_vma(struct vm_area_struct *vma, static long madvise_dontneed_single_vma(struct vm_area_struct *vma, unsigned long start, unsigned long end) { - zap_page_range_single(vma, start, end - start, NULL); + struct zap_details details = { + .reclaim_pt = true, + .even_cows = true, + }; + + zap_page_range_single(vma, start, end - start, &details); return 0; } diff --git a/mm/memory.c b/mm/memory.c index 36a59bea289d1..1fc1f14839916 100644 --- a/mm/memory.c +++ b/mm/memory.c @@ -1436,7 +1436,7 @@ copy_page_range(struct vm_area_struct *dst_vma, struct vm_area_struct *src_vma) static inline bool should_zap_cows(struct zap_details *details) { /* By default, zap all pages */ - if (!details) + if (!details || details->reclaim_pt) return true; /* Or, we zap COWed pages only if the caller wants to */ @@ -1710,12 +1710,15 @@ static unsigned long zap_pte_range(struct mmu_gather *tlb, struct zap_details *details) { bool force_flush = false, force_break = false; - bool any_skipped = false; struct mm_struct *mm = tlb->mm; int rss[NR_MM_COUNTERS]; spinlock_t *ptl; pte_t *start_pte; pte_t *pte; + pmd_t pmdval; + unsigned long start = addr; + bool can_reclaim_pt = reclaim_pt_is_enabled(start, end, details); + bool direct_reclaim = false; int nr; retry: @@ -1728,17 +1731,24 @@ static unsigned long zap_pte_range(struct mmu_gather *tlb, flush_tlb_batched_pending(mm); arch_enter_lazy_mmu_mode(); do { + bool any_skipped = false; + if (need_resched()) break; nr = do_zap_pte_range(tlb, vma, pte, addr, end, details, rss, &force_flush, &force_break, &any_skipped); + if (any_skipped) + can_reclaim_pt = false; if (unlikely(force_break)) { addr += nr * PAGE_SIZE; break; } } while (pte += nr, addr += PAGE_SIZE * nr, addr != end); + if (can_reclaim_pt && addr == end) + direct_reclaim = try_get_and_clear_pmd(mm, pmd, &pmdval); + add_mm_rss_vec(mm, rss); arch_leave_lazy_mmu_mode(); @@ -1765,6 +1775,13 @@ static unsigned long zap_pte_range(struct mmu_gather *tlb, goto retry; } + if (can_reclaim_pt) { + if (direct_reclaim) + free_pte(mm, start, tlb, pmdval); + else + try_to_free_pte(mm, pmd, start, tlb); + } + return addr; } diff --git a/mm/pt_reclaim.c b/mm/pt_reclaim.c new file mode 100644 index 0000000000000..6540a3115dde8 --- /dev/null +++ b/mm/pt_reclaim.c @@ -0,0 +1,71 @@ +// SPDX-License-Identifier: GPL-2.0 +#include <linux/hugetlb.h> +#include <asm-generic/tlb.h> +#include <asm/pgalloc.h> + +#include "internal.h" + +bool reclaim_pt_is_enabled(unsigned long start, unsigned long end, + struct zap_details *details) +{ + return details && details->reclaim_pt && (end - start >= PMD_SIZE); +} + +bool try_get_and_clear_pmd(struct mm_struct *mm, pmd_t *pmd, pmd_t *pmdval) +{ + spinlock_t *pml = pmd_lockptr(mm, pmd); + + if (!spin_trylock(pml)) + return false; + + *pmdval = pmdp_get_lockless(pmd); + pmd_clear(pmd); + spin_unlock(pml); + + return true; +} + +void free_pte(struct mm_struct *mm, unsigned long addr, struct mmu_gather *tlb, + pmd_t pmdval) +{ + pte_free_tlb(tlb, pmd_pgtable(pmdval), addr); + mm_dec_nr_ptes(mm); +} + +void try_to_free_pte(struct mm_struct *mm, pmd_t *pmd, unsigned long addr, + struct mmu_gather *tlb) +{ + pmd_t pmdval; + spinlock_t *pml, *ptl; + pte_t *start_pte, *pte; + int i; + + pml = pmd_lock(mm, pmd); + start_pte = pte_offset_map_rw_nolock(mm, pmd, addr, &pmdval, &ptl); + if (!start_pte) + goto out_ptl; + if (ptl != pml) + spin_lock_nested(ptl, SINGLE_DEPTH_NESTING); + + /* Check if it is empty PTE page */ + for (i = 0, pte = start_pte; i < PTRS_PER_PTE; i++, pte++) { + if (!pte_none(ptep_get(pte))) + goto out_ptl; + } + pte_unmap(start_pte); + + pmd_clear(pmd); + + if (ptl != pml) + spin_unlock(ptl); + spin_unlock(pml); + + free_pte(mm, addr, tlb, pmdval); + + return; +out_ptl: + if (start_pte) + pte_unmap_unlock(start_pte, ptl); + if (ptl != pml) + spin_unlock(pml); +}
Now in order to pursue high performance, applications mostly use some high-performance user-mode memory allocators, such as jemalloc or tcmalloc. These memory allocators use madvise(MADV_DONTNEED or MADV_FREE) to release physical memory, but neither MADV_DONTNEED nor MADV_FREE will release page table memory, which may cause huge page table memory usage. The following are a memory usage snapshot of one process which actually happened on our server: VIRT: 55t RES: 590g VmPTE: 110g In this case, most of the page table entries are empty. For such a PTE page where all entries are empty, we can actually free it back to the system for others to use. As a first step, this commit aims to synchronously free the empty PTE pages in madvise(MADV_DONTNEED) case. We will detect and free empty PTE pages in zap_pte_range(), and will add zap_details.reclaim_pt to exclude cases other than madvise(MADV_DONTNEED). Once an empty PTE is detected, we first try to hold the pmd lock within the pte lock. If successful, we clear the pmd entry directly (fast path). Otherwise, we wait until the pte lock is released, then re-hold the pmd and pte locks and loop PTRS_PER_PTE times to check pte_none() to re-detect whether the PTE page is empty and free it (slow path). For other cases such as madvise(MADV_FREE), consider scanning and freeing empty PTE pages asynchronously in the future. The following code snippet can show the effect of optimization: mmap 50G while (1) { for (; i < 1024 * 25; i++) { touch 2M memory madvise MADV_DONTNEED 2M } } As we can see, the memory usage of VmPTE is reduced: before after VIRT 50.0 GB 50.0 GB RES 3.1 MB 3.1 MB VmPTE 102640 KB 240 KB Signed-off-by: Qi Zheng <zhengqi.arch@bytedance.com> --- include/linux/mm.h | 1 + mm/Kconfig | 15 ++++++++++ mm/Makefile | 1 + mm/internal.h | 19 +++++++++++++ mm/madvise.c | 7 ++++- mm/memory.c | 21 ++++++++++++-- mm/pt_reclaim.c | 71 ++++++++++++++++++++++++++++++++++++++++++++++ 7 files changed, 132 insertions(+), 3 deletions(-) create mode 100644 mm/pt_reclaim.c