[v2,0/3] RISC-V: mm: do not treat hint addr on mmap as the upper bound to search

Message ID	tencent_B2D0435BC011135736262764B511994F4805@qq.com (mailing list archive)
Headers	show Return-Path: <owner-linux-mm@kvack.org> Message-ID: <tencent_B2D0435BC011135736262764B511994F4805@qq.com> From: Yangyu Chen <cyy@cyyself.name> To: linux-riscv@lists.infradead.org Cc: Charlie Jenkins <charlie@rivosinc.com>, Paul Walmsley <paul.walmsley@sifive.com>, Palmer Dabbelt <palmer@dabbelt.com>, Guo Ren <guoren@kernel.org>, Andy Chiu <andy.chiu@sifive.com>, Conor Dooley <conor.dooley@microchip.com>, Jisheng Zhang <jszhang@kernel.org>, Alexandre Ghiti <alexghiti@rivosinc.com>, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, Yangyu Chen <cyy@cyyself.name> Subject: [PATCH v2 0/3] RISC-V: mm: do not treat hint addr on mmap as the upper bound to search Date: Sun, 21 Jan 2024 05:48:09 +0800 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: owner-linux-mm@kvack.org Precedence: bulk
Series	RISC-V: mm: do not treat hint addr on mmap as the upper bound to search \| expand [v2,0/3] RISC-V: mm: do not treat hint addr on mmap as the upper bound to search [v2,1/3] RISC-V: mm: do not treat hint addr on mmap as the upper bound to search [v2,2/3] RISC-V: mm: only test mmap without hint [v2,3/3] Documentation: riscv: correct sv57 kernel behavior

Message ID

tencent_B2D0435BC011135736262764B511994F4805@qq.com (mailing list archive)

Headers

Message-ID: <tencent_B2D0435BC011135736262764B511994F4805@qq.com>
From: Yangyu Chen <cyy@cyyself.name>
To: linux-riscv@lists.infradead.org
Cc: Charlie Jenkins <charlie@rivosinc.com>,
	Paul Walmsley <paul.walmsley@sifive.com>,
	Palmer Dabbelt <palmer@dabbelt.com>,
	Guo Ren <guoren@kernel.org>,
	Andy Chiu <andy.chiu@sifive.com>,
	Conor Dooley <conor.dooley@microchip.com>,
	Jisheng Zhang <jszhang@kernel.org>,
	Alexandre Ghiti <alexghiti@rivosinc.com>,
	linux-mm@kvack.org,
	linux-kselftest@vger.kernel.org,
	linux-doc@vger.kernel.org,
	linux-kernel@vger.kernel.org,
	Yangyu Chen <cyy@cyyself.name>
Subject: [PATCH v2 0/3] RISC-V: mm: do not treat hint addr on mmap as the
 upper bound to search
Date: Sun, 21 Jan 2024 05:48:09 +0800
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Sender: owner-linux-mm@kvack.org
Precedence: bulk

Series

RISC-V: mm: do not treat hint addr on mmap as the upper bound to search | expand

Message

Yangyu Chen Jan. 20, 2024, 9:48 p.m. UTC

Previous patch series[1] changes a mmap behavior that treats the hint
address as the upper bound of the mmap address range. The motivation of the
previous patch series is that some user space software may assume 48-bit
address space and use higher bits to encode some information, which may
collide with large virtual address space mmap may return. However, to make
sv48 by default, we don't need to change the meaning of the hint address on
mmap as the upper bound of the mmap address range, especially when this
behavior only shows up on the RISC-V. This behavior also breaks some user
space software which assumes mmap should try to create mapping on the hint
address if possible.  As the mmap manpage said: 

> If addr is not NULL, then the kernel takes it as a hint about where to
> place the mapping; on Linux, the kernel will pick a nearby page boundary
> (but always above or equal to the value  specified by 
> /proc/sys/vm/mmap_min_addr) and attempt to create the mapping there.

Unfortunately, what mmap said is not true on RISC-V since kernel v6.6.

Other ISAs with larger than 48-bit virtual address space like x86, arm64,
and powerpc do not have this special mmap behavior on hint address. They
all just make 48-bit / 47-bit virtual address space by default, and if a
user space software wants to large virtual address space, it only need to
specify a hint address larger than 48-bit / 47-bit.

Thus, this patch series keeps the change of mmap to use sv48 by default but
does not treat the hint address as the upper bound of the mmap address
range. After this patch, the behavior of mmap will align with existing
behavior on other ISAs with larger than 48-bit virtual address space like
x86, arm64, and powerpc. The user space software will no longer need to
rewrite their code to fit with this special mmap behavior only on RISC-V.

My concern is that the change of mmap behavior on the hint address is
already in the upstream kernel since v6.6, and it might be hard to revert
it although it already brings some regression on some user space software.
And it will be harder than adding it since v6.6 because mmap not creating
mapping on the hint address is very common, especially when running on a
machine without sv57 / sv48. However, if some user space software already
adopted this special mmap behavior on RISC-V, we should not return a mmap
address larger than the hint if the address is larger than BIT(38). My
opinion is that revert this change on the next kernel release might be a
good choice as only a few of hardware support sv57 / sv48 now, these
changes will have no impact on sv39 systems.

Moreover, previous patch series said it make sv48 by default, which is
in the cover letter, kernel documentation and MMAP_VA_BITS defination.
However, the code on arch_get_mmap_end and arch_get_mmap_base marco still
use sv39 by default, which makes me confused, and I still use sv48 by
default in this patch series including arch_get_mmap_end and
arch_get_mmap_base.

Changes in v2:
- correct arch_get_mmap_end and arch_get_mmap_base
- Add description in documentation about mmap behavior on kernel v6.6-6.7.
- Improve commit message and cover letter
- Rebase to newest riscv/for-next branch
- Link to v1: https://lore.kernel.org/linux-riscv/tencent_F3B3B5AB1C9D704763CA423E1A41F8BE0509@qq.com/

[1]. https://lore.kernel.org/linux-riscv/20230809232218.849726-1-charlie@rivosinc.com/

Yangyu Chen (3):
  RISC-V: mm: do not treat hint addr on mmap as the upper bound to
    search
  RISC-V: mm: only test mmap without hint
  Documentation: riscv: correct sv57 kernel behavior

 Documentation/arch/riscv/vm-layout.rst        | 54 ++++++++++++-------
 arch/riscv/include/asm/processor.h            | 38 +++----------
 .../selftests/riscv/mm/mmap_bottomup.c        | 12 -----
 .../testing/selftests/riscv/mm/mmap_default.c | 12 -----
 tools/testing/selftests/riscv/mm/mmap_test.h  | 30 -----------
 5 files changed, 41 insertions(+), 105 deletions(-)

Comments

Yangyu Chen Feb. 29, 2024, 12:10 p.m. UTC | #1

This patch has not been reviewed for more than a month. There is another patch that did the same fix but in another way and still has not been reviewed like this. I'm here to do a comparison of some choices briefly to let the maintainer understand the issues and the solutions. I think it's time to make a decision before the next Linux LTS v6.9. As a number of sv48 chips will be released this year.

Issues:

Since commit add2cc6b6515 ("RISC-V: mm: Restrict address space for sv39,sv48,sv57") from patch [1], userspace software cannot create virtual address memory mapping on the hint address if the address larger than (1<<38) on sv48, sv57 capable CPU using mmap without MAP_FIXED set.

This is because since that commit, the hint address is treated as the upper bound to create the mapping when the hint address is larger than (1<<38).

Existing regression for userspace software since that commit:
- box64 [2]

Some choices are:

1. Do not change it

Con:

This behavior is not the same as x86, arm64, and powerpc when treating memory address space larger than 48-bit. On x86, arm64, and powerpc, if the hint address is larger than 48-bit, mmap will not limit the upper bound to use.

Also, these ISAs limit the mmap to 48-bit by default. However, RISC-V currently uses sv39 by default, which is not the same as the document and commit message.

2. Use my patch

which limits the upper bound of mmap to 47-bit by default, if the hint address is larger than (1<<47), then no limit.

Pros: Let the behavior of mmap align with x86, arm64, powerpc

Cons: A new regression for software that assumes mmap will not return an address larger than the hint address if the hint address is larger than (1<<38) as it has been documented on RISC-V since v6.6. However, there is no change in the widespread sv39 systems we use now.

3. Use Charlie's patch [3]

which adjusts the upper bound to hint address + size.

Pros: Still has upper-bound limit using hint address but allows userspace to create mapping on the hint address without MAP_FIXED set.

Cons: That patch will introduce a new regression even for the sv39 system when creating mmap with the same hint address more than one time if the hint address is less than round-gap.

4. Some new ideas currently are not on the mailing list

Hope this issue can be fixed before the Linux v6.9 release.

Thanks,
Yangyu Chen

[1] https://lore.kernel.org/linux-riscv/20230809232218.849726-2-charlie@rivosinc.com/
[2] https://github.com/ptitSeb/box64/commit/5b700cb6e6f397d2074c49659f7f9915f4a33c5f
[3] https://lore.kernel.org/linux-riscv/20240130-use_mmap_hint_address-v3-0-8a655cfa8bcb@rivosinc.com/

Palmer Dabbelt Feb. 29, 2024, 7:21 p.m. UTC | #2

On Thu, 29 Feb 2024 04:10:03 PST (-0800), cyy@cyyself.name wrote:
> This patch has not been reviewed for more than a month. There is another patch that did the same fix but in another way and still has not been reviewed like this. I'm here to do a comparison of some choices briefly to let the maintainer understand the issues and the solutions. I think it's time to make a decision before the next Linux LTS v6.9. As a number of sv48 chips will be released this year.
>
> Issues:
>
> Since commit add2cc6b6515 ("RISC-V: mm: Restrict address space for sv39,sv48,sv57") from patch [1], userspace software cannot create virtual address memory mapping on the hint address if the address larger than (1<<38) on sv48, sv57 capable CPU using mmap without MAP_FIXED set.
>
> This is because since that commit, the hint address is treated as the upper bound to create the mapping when the hint address is larger than (1<<38).
>
> Existing regression for userspace software since that commit:
> - box64 [2]

Is this the same regression as before?  IIUC the real issue there is 
that userspace wasn't passing MAP_FIXED and expecting a fixed address to 
be mapped.  That's just a bug in userspace.

Is there any software that uses mmap() in a legal way that the flags 
patch caused a regression in?  If that's the case then we'll need to 
figure out what it's doing so we can avoid the regression.

The only thing I can think of are realloc-type schemes, where rounding 
the hint address down would result in performance problems.  I don't 
know of anything like that specifically, but I think Charlie's patch 
would fix it.

> Some choices are:
>
> 1. Do not change it
>
> Con:
>
> This behavior is not the same as x86, arm64, and powerpc when treating memory address space larger than 48-bit. On x86, arm64, and powerpc, if the hint address is larger than 48-bit, mmap will not limit the upper bound to use.
>
> Also, these ISAs limit the mmap to 48-bit by default. However, RISC-V currently uses sv39 by default, which is not the same as the document and commit message.

IIUC arm64/amd64 started with 48-bit-capable hardware and kernels, and 
thus the only regression was when moving to the larger VA spaces.  We 
started with sv39-based VA space, 

> 2. Use my patch
>
> which limits the upper bound of mmap to 47-bit by default, if the hint address is larger than (1<<47), then no limit.
>
> Pros: Let the behavior of mmap align with x86, arm64, powerpc
>
> Cons: A new regression for software that assumes mmap will not return an address larger than the hint address if the hint address is larger than (1<<38) as it has been documented on RISC-V since v6.6. However, there is no change in the widespread sv39 systems we use now.

The OpenJDK and Go people have at least talked about using the interface 
as it is currently defined.  I'm trying to chase down some of the folks 
around here who understand that stuff, but it might take a bit...

> 3. Use Charlie's patch [3]
>
> which adjusts the upper bound to hint address + size.

IMO we can call that compatible with the docs.  There's sort of a grey 
area in "A hint address passed to mmap will cause the largest
address space that fits entirely into the hint to be used" as to how 
that hint address is used, but I think interpreting it as the base 
address is sane and we can just update the docs.

This also should fix the realloc-type cases I can think of, though those 
are sort of theoretical right now.

> Pros: Still has upper-bound limit using hint address but allows userspace to create mapping on the hint address without MAP_FIXED set.
>
> Cons: That patch will introduce a new regression even for the sv39 system when creating mmap with the same hint address more than one time if the hint address is less than round-gap.

I'm not quite sure what you're trying to say there.  If users are 
passing a hint that's already allocated then they're not going to get 
that address allocated, so as long as we give them something else we're 
OK.

We might want to take more advantage of the clause in the docs that 
allows larger addresses to be allocated under memory pressure to avoid 
too many allocation failures, but that applies to any of these schemes.

> 4. Some new ideas currently are not on the mailing list
>
> Hope this issue can be fixed before the Linux v6.9 release.
>
> Thanks,
> Yangyu Chen
>
> [1] https://lore.kernel.org/linux-riscv/20230809232218.849726-2-charlie@rivosinc.com/
> [2] https://github.com/ptitSeb/box64/commit/5b700cb6e6f397d2074c49659f7f9915f4a33c5f
> [3] https://lore.kernel.org/linux-riscv/20240130-use_mmap_hint_address-v3-0-8a655cfa8bcb@rivosinc.com/

Yangyu Chen Feb. 29, 2024, 8:54 p.m. UTC | #3

On 2024/3/1 03:21, Palmer Dabbelt wrote:
> On Thu, 29 Feb 2024 04:10:03 PST (-0800), cyy@cyyself.name wrote:
>> This patch has not been reviewed for more than a month. There is 
>> another patch that did the same fix but in another way and still has 
>> not been reviewed like this. I'm here to do a comparison of some 
>> choices briefly to let the maintainer understand the issues and the 
>> solutions. I think it's time to make a decision before the next Linux 
>> LTS v6.9. As a number of sv48 chips will be released this year.
>>
>> Issues:
>>
>> Since commit add2cc6b6515 ("RISC-V: mm: Restrict address space for 
>> sv39,sv48,sv57") from patch [1], userspace software cannot create 
>> virtual address memory mapping on the hint address if the address 
>> larger than (1<<38) on sv48, sv57 capable CPU using mmap without 
>> MAP_FIXED set.
>>
>> This is because since that commit, the hint address is treated as the 
>> upper bound to create the mapping when the hint address is larger than 
>> (1<<38).
>>
>> Existing regression for userspace software since that commit:
>> - box64 [2]
> 
> Is this the same regression as before?  IIUC the real issue there is 
> that userspace wasn't passing MAP_FIXED and expecting a fixed address to 
> be mapped.  That's just a bug in userspace.
> 
> Is there any software that uses mmap() in a legal way that the flags 
> patch caused a regression in?  If that's the case then we'll need to 
> figure out what it's doing so we can avoid the regression.
> 
> The only thing I can think of are realloc-type schemes, where rounding 
> the hint address down would result in performance problems.  I don't 
> know of anything like that specifically, but I think Charlie's patch 
> would fix it.
> 

Yes. The regression for a legal mmap is only on performance for 
userspace software, not on functionality.

>> Some choices are:
>>
>> 1. Do not change it
>>
>> Con:
>>
>> This behavior is not the same as x86, arm64, and powerpc when treating 
>> memory address space larger than 48-bit. On x86, arm64, and powerpc, 
>> if the hint address is larger than 48-bit, mmap will not limit the 
>> upper bound to use.
>>
>> Also, these ISAs limit the mmap to 48-bit by default. However, RISC-V 
>> currently uses sv39 by default, which is not the same as the document 
>> and commit message.
> 
> IIUC arm64/amd64 started with 48-bit-capable hardware and kernels, and 
> thus the only regression was when moving to the larger VA spaces.  We 
> started with sv39-based VA space,

It's about the document and the commit message says it uses sv48 by 
default. However, the code in the kernel uses sv39 by default. The 
reasons for using sv48 by default has been talked about in that patch 
review previously. [4]

Whatever, the document or the code can be simply fixed if we decide not 
to change it.

Another concern is that if we can't make this decision in time to catch 
up with v6.9 we don't want some bad things to happen as a large number 
of sv48 machines might appear this year and they may run on the next 
v6.9 LTS kernel, Shall we change the code in the kernel to use sv48 by 
default right now?

[4] https://lore.kernel.org/linux-riscv/ZJzgi8RyqG3Mjt0R@ghost/

>> 2. Use my patch
>>
>> which limits the upper bound of mmap to 47-bit by default, if the hint 
>> address is larger than (1<<47), then no limit.
>>
>> Pros: Let the behavior of mmap align with x86, arm64, powerpc
>>
>> Cons: A new regression for software that assumes mmap will not return 
>> an address larger than the hint address if the hint address is larger 
>> than (1<<38) as it has been documented on RISC-V since v6.6. However, 
>> there is no change in the widespread sv39 systems we use now.
> 
> The OpenJDK and Go people have at least talked about using the interface 
> as it is currently defined.  I'm trying to chase down some of the folks 
> around here who understand that stuff, but it might take a bit...
> 
Roger that.

>> 3. Use Charlie's patch [3]
>>
>> which adjusts the upper bound to hint address + size.
> 
> IMO we can call that compatible with the docs.  There's sort of a grey 
> area in "A hint address passed to mmap will cause the largest
> address space that fits entirely into the hint to be used" as to how 
> that hint address is used, but I think interpreting it as the base 
> address is sane and we can just update the docs.
> 
> This also should fix the realloc-type cases I can think of, though those 
> are sort of theoretical right now.
> 
>> Pros: Still has upper-bound limit using hint address but allows 
>> userspace to create mapping on the hint address without MAP_FIXED set.
>>
>> Cons: That patch will introduce a new regression even for the sv39 
>> system when creating mmap with the same hint address more than one 
>> time if the hint address is less than round-gap.
> 
> I'm not quite sure what you're trying to say there.  If users are 
> passing a hint that's already allocated then they're not going to get 
> that address allocated, so as long as we give them something else we're OK.
> 

In this case, mmap will return MAP_FAILED in the second time. But on 
arm64, x86, it will pick an address in 48-bit space to use. However, 
after reviewing the code, I think it's not easy to make Charlie's patch 
search for another space to create the mapping without any changes 
outside of arch/riscv.

> We might want to take more advantage of the clause in the docs that 
> allows larger addresses to be allocated under memory pressure to avoid 
> too many allocation failures, but that applies to any of these schemes.
> 

Indeed. After thinking about it for a while, especially for the OpenJDK 
and Go people have at least talked about using the interface. If it is 
not used now, I have an idea is that to port Charlie's patch to Linux-mm 
not only for RISC-V, and pick a flag like MAP_UPPERBOUND to use it. And 
then change the mmap behavior on RISC-V to align with x86, arm64, and 
powerpc. So we have all ISAs take advantage to use Charlie's idea and 
all ISAs will treat mmap in the same way, which makes userspace 
developers happy as they don't need to care about the ISA-specific behavior.

>> 4. Some new ideas currently are not on the mailing list
>>
>> Hope this issue can be fixed before the Linux v6.9 release.
>>
>> Thanks,
>> Yangyu Chen
>>
>> [1] 
>> https://lore.kernel.org/linux-riscv/20230809232218.849726-2-charlie@rivosinc.com/
>> [2] 
>> https://github.com/ptitSeb/box64/commit/5b700cb6e6f397d2074c49659f7f9915f4a33c5f
>> [3] 
>> https://lore.kernel.org/linux-riscv/20240130-use_mmap_hint_address-v3-0-8a655cfa8bcb@rivosinc.com/

Conor Dooley March 1, 2024, 1:02 p.m. UTC | #4

On Fri, Mar 01, 2024 at 04:54:05AM +0800, Yangyu Chen wrote:

> Another concern is that if we can't make this decision in time to catch up
> with v6.9 we don't want some bad things to happen as a large number of sv48
> machines might appear this year and they may run on the next v6.9 LTS
> kernel, Shall we change the code in the kernel to use sv48 by default right
> now?

Just pointing out that v6.9 is highly unlikely to be the next lts
kernel, depending on whether or not Linus delays some releases, it'll
most likely be either v6.11 or v6.12.