[2/4] mm/ksm: fix ksm_zero_pages accounting

Message ID	20240508-b4-ksm-counters-v1-2-e2a9b13f70c5@linux.dev (mailing list archive)
State	New
Headers	show Return-Path: <owner-linux-mm@kvack.org> From: Chengming Zhou <chengming.zhou@linux.dev> Date: Wed, 08 May 2024 17:55:39 +0800 Subject: [PATCH 2/4] mm/ksm: fix ksm_zero_pages accounting MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Message-Id: <20240508-b4-ksm-counters-v1-2-e2a9b13f70c5@linux.dev> References: <20240508-b4-ksm-counters-v1-0-e2a9b13f70c5@linux.dev> In-Reply-To: <20240508-b4-ksm-counters-v1-0-e2a9b13f70c5@linux.dev> To: Andrew Morton <akpm@linux-foundation.org>, David Hildenbrand <david@redhat.com>, Stefan Roesch <shr@devkernel.io>, xu xin <xu.xin16@zte.com.cn> Cc: linux-mm@kvack.org, linux-kernel@vger.kernel.org, zhouchengming@bytedance.com, Chengming Zhou <chengming.zhou@linux.dev> Sender: owner-linux-mm@kvack.org Precedence: bulk
Series	mm/ksm: fix some accounting problems \| expand [0/4] mm/ksm: fix some accounting problems [1/4] mm/ksm: fix ksm_pages_scanned accounting [2/4] mm/ksm: fix ksm_zero_pages accounting [3/4] mm/ksm: union hlist_node with list_head in struct ksm_stable_node [4/4] mm/ksm: calculate general_profit more accurately

Message ID

20240508-b4-ksm-counters-v1-2-e2a9b13f70c5@linux.dev (mailing list archive)

State

New

Headers

From: Chengming Zhou <chengming.zhou@linux.dev>
Date: Wed, 08 May 2024 17:55:39 +0800
Subject: [PATCH 2/4] mm/ksm: fix ksm_zero_pages accounting
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Message-Id: <20240508-b4-ksm-counters-v1-2-e2a9b13f70c5@linux.dev>
References: <20240508-b4-ksm-counters-v1-0-e2a9b13f70c5@linux.dev>
In-Reply-To: <20240508-b4-ksm-counters-v1-0-e2a9b13f70c5@linux.dev>
To: Andrew Morton <akpm@linux-foundation.org>,
 David Hildenbrand <david@redhat.com>, Stefan Roesch <shr@devkernel.io>,
 xu xin <xu.xin16@zte.com.cn>
Cc: linux-mm@kvack.org, linux-kernel@vger.kernel.org,
 zhouchengming@bytedance.com, Chengming Zhou <chengming.zhou@linux.dev>
Sender: owner-linux-mm@kvack.org
Precedence: bulk

Series

mm/ksm: fix some accounting problems | expand

Commit Message

Chengming Zhou May 8, 2024, 9:55 a.m. UTC

We normally ksm_zero_pages++ in ksmd when page is merged with zero page,
but ksm_zero_pages-- is done from page tables side, which can't protected
by the ksmd mutex.

So we can read very exceptional value of ksm_zero_pages in rare cases,
such as -1, which is very confusing to users.

Fix it by changing to use atomic_long_t, and the same case with the
mm->ksm_zero_pages.

Signed-off-by: Chengming Zhou <chengming.zhou@linux.dev>
---
 fs/proc/base.c           |  2 +-
 include/linux/ksm.h      | 22 +++++++++++++++++++---
 include/linux/mm_types.h |  2 +-
 mm/ksm.c                 | 11 +++++------
 4 files changed, 26 insertions(+), 11 deletions(-)

Comments

Chengming Zhou May 8, 2024, 10:37 a.m. UTC | #1

On 2024/5/8 17:55, Chengming Zhou wrote:
> We normally ksm_zero_pages++ in ksmd when page is merged with zero page,
> but ksm_zero_pages-- is done from page tables side, which can't protected
> by the ksmd mutex.
> 
> So we can read very exceptional value of ksm_zero_pages in rare cases,
> such as -1, which is very confusing to users.
> 
> Fix it by changing to use atomic_long_t, and the same case with the
> mm->ksm_zero_pages.
> 

Fixes: e2942062e01d ("ksm: count all zero pages placed by KSM")
Fixes: 6080d19f0704 ("ksm: add ksm zero pages for each process")

> Signed-off-by: Chengming Zhou <chengming.zhou@linux.dev>
> ---
>  fs/proc/base.c           |  2 +-
>  include/linux/ksm.h      | 22 +++++++++++++++++++---
>  include/linux/mm_types.h |  2 +-
>  mm/ksm.c                 | 11 +++++------
>  4 files changed, 26 insertions(+), 11 deletions(-)
> 
> diff --git a/fs/proc/base.c b/fs/proc/base.c
> index 18550c071d71..72a1acd03675 100644
> --- a/fs/proc/base.c
> +++ b/fs/proc/base.c
> @@ -3214,7 +3214,7 @@ static int proc_pid_ksm_stat(struct seq_file *m, struct pid_namespace *ns,
>  	mm = get_task_mm(task);
>  	if (mm) {
>  		seq_printf(m, "ksm_rmap_items %lu\n", mm->ksm_rmap_items);
> -		seq_printf(m, "ksm_zero_pages %lu\n", mm->ksm_zero_pages);
> +		seq_printf(m, "ksm_zero_pages %ld\n", mm_ksm_zero_pages(mm));
>  		seq_printf(m, "ksm_merging_pages %lu\n", mm->ksm_merging_pages);
>  		seq_printf(m, "ksm_process_profit %ld\n", ksm_process_profit(mm));
>  		mmput(mm);
> diff --git a/include/linux/ksm.h b/include/linux/ksm.h
> index 52c63a9c5a9c..bfc2cf756b0d 100644
> --- a/include/linux/ksm.h
> +++ b/include/linux/ksm.h
> @@ -33,16 +33,32 @@ void __ksm_exit(struct mm_struct *mm);
>   */
>  #define is_ksm_zero_pte(pte)	(is_zero_pfn(pte_pfn(pte)) && pte_dirty(pte))
>  
> -extern unsigned long ksm_zero_pages;
> +extern atomic_long_t ksm_zero_pages;
> +
> +static inline void ksm_map_zero_page(struct mm_struct *mm)
> +{
> +	atomic_long_inc(&ksm_zero_pages);
> +	atomic_long_inc(&mm->ksm_zero_pages);
> +}
>  
>  static inline void ksm_might_unmap_zero_page(struct mm_struct *mm, pte_t pte)
>  {
>  	if (is_ksm_zero_pte(pte)) {
> -		ksm_zero_pages--;
> -		mm->ksm_zero_pages--;
> +		atomic_long_dec(&ksm_zero_pages);
> +		atomic_long_dec(&mm->ksm_zero_pages);
>  	}
>  }
>  
> +static inline long get_ksm_zero_pages(void)
> +{
> +	return atomic_long_read(&ksm_zero_pages);
> +}
> +
> +static inline long mm_ksm_zero_pages(struct mm_struct *mm)
> +{
> +	return atomic_long_read(&mm->ksm_zero_pages);
> +}
> +
>  static inline int ksm_fork(struct mm_struct *mm, struct mm_struct *oldmm)
>  {
>  	if (test_bit(MMF_VM_MERGEABLE, &oldmm->flags))
> diff --git a/include/linux/mm_types.h b/include/linux/mm_types.h
> index 24323c7d0bd4..af3a0256fa93 100644
> --- a/include/linux/mm_types.h
> +++ b/include/linux/mm_types.h
> @@ -985,7 +985,7 @@ struct mm_struct {
>  		 * Represent how many empty pages are merged with kernel zero
>  		 * pages when enabling KSM use_zero_pages.
>  		 */
> -		unsigned long ksm_zero_pages;
> +		atomic_long_t ksm_zero_pages;
>  #endif /* CONFIG_KSM */
>  #ifdef CONFIG_LRU_GEN_WALKS_MMU
>  		struct {
> diff --git a/mm/ksm.c b/mm/ksm.c
> index 0f9c491552ff..6e0dca3cecf3 100644
> --- a/mm/ksm.c
> +++ b/mm/ksm.c
> @@ -296,7 +296,7 @@ static bool ksm_use_zero_pages __read_mostly;
>  static bool ksm_smart_scan = true;
>  
>  /* The number of zero pages which is placed by KSM */
> -unsigned long ksm_zero_pages;
> +atomic_long_t ksm_zero_pages = ATOMIC_LONG_INIT(0);
>  
>  /* The number of pages that have been skipped due to "smart scanning" */
>  static unsigned long ksm_pages_skipped;
> @@ -1429,8 +1429,7 @@ static int replace_page(struct vm_area_struct *vma, struct page *page,
>  		 * the dirty bit in zero page's PTE is set.
>  		 */
>  		newpte = pte_mkdirty(pte_mkspecial(pfn_pte(page_to_pfn(kpage), vma->vm_page_prot)));
> -		ksm_zero_pages++;
> -		mm->ksm_zero_pages++;
> +		ksm_map_zero_page(mm);
>  		/*
>  		 * We're replacing an anonymous page with a zero page, which is
>  		 * not anonymous. We need to do proper accounting otherwise we
> @@ -3373,7 +3372,7 @@ static void wait_while_offlining(void)
>  #ifdef CONFIG_PROC_FS
>  long ksm_process_profit(struct mm_struct *mm)
>  {
> -	return (long)(mm->ksm_merging_pages + mm->ksm_zero_pages) * PAGE_SIZE -
> +	return (long)(mm->ksm_merging_pages + mm_ksm_zero_pages(mm)) * PAGE_SIZE -
>  		mm->ksm_rmap_items * sizeof(struct ksm_rmap_item);
>  }
>  #endif /* CONFIG_PROC_FS */
> @@ -3662,7 +3661,7 @@ KSM_ATTR_RO(pages_skipped);
>  static ssize_t ksm_zero_pages_show(struct kobject *kobj,
>  				struct kobj_attribute *attr, char *buf)
>  {
> -	return sysfs_emit(buf, "%ld\n", ksm_zero_pages);
> +	return sysfs_emit(buf, "%ld\n", get_ksm_zero_pages());
>  }
>  KSM_ATTR_RO(ksm_zero_pages);
>  
> @@ -3671,7 +3670,7 @@ static ssize_t general_profit_show(struct kobject *kobj,
>  {
>  	long general_profit;
>  
> -	general_profit = (ksm_pages_sharing + ksm_zero_pages) * PAGE_SIZE -
> +	general_profit = (ksm_pages_sharing + get_ksm_zero_pages()) * PAGE_SIZE -
>  				ksm_rmap_items * sizeof(struct ksm_rmap_item);
>  
>  	return sysfs_emit(buf, "%ld\n", general_profit);
>

David Hildenbrand May 8, 2024, 12:36 p.m. UTC | #2

On 08.05.24 11:55, Chengming Zhou wrote:
> We normally ksm_zero_pages++ in ksmd when page is merged with zero page,
> but ksm_zero_pages-- is done from page tables side, which can't protected
> by the ksmd mutex.
> 
> So we can read very exceptional value of ksm_zero_pages in rare cases,
> such as -1, which is very confusing to users.
> 
> Fix it by changing to use atomic_long_t, and the same case with the
> mm->ksm_zero_pages.
> 
> Signed-off-by: Chengming Zhou <chengming.zhou@linux.dev>
> ---
>   fs/proc/base.c           |  2 +-
>   include/linux/ksm.h      | 22 +++++++++++++++++++---
>   include/linux/mm_types.h |  2 +-
>   mm/ksm.c                 | 11 +++++------
>   4 files changed, 26 insertions(+), 11 deletions(-)
> 
> diff --git a/fs/proc/base.c b/fs/proc/base.c
> index 18550c071d71..72a1acd03675 100644
> --- a/fs/proc/base.c
> +++ b/fs/proc/base.c
> @@ -3214,7 +3214,7 @@ static int proc_pid_ksm_stat(struct seq_file *m, struct pid_namespace *ns,
>   	mm = get_task_mm(task);
>   	if (mm) {
>   		seq_printf(m, "ksm_rmap_items %lu\n", mm->ksm_rmap_items);
> -		seq_printf(m, "ksm_zero_pages %lu\n", mm->ksm_zero_pages);
> +		seq_printf(m, "ksm_zero_pages %ld\n", mm_ksm_zero_pages(mm));
>   		seq_printf(m, "ksm_merging_pages %lu\n", mm->ksm_merging_pages);
>   		seq_printf(m, "ksm_process_profit %ld\n", ksm_process_profit(mm));
>   		mmput(mm);
> diff --git a/include/linux/ksm.h b/include/linux/ksm.h
> index 52c63a9c5a9c..bfc2cf756b0d 100644
> --- a/include/linux/ksm.h
> +++ b/include/linux/ksm.h
> @@ -33,16 +33,32 @@ void __ksm_exit(struct mm_struct *mm);
>    */
>   #define is_ksm_zero_pte(pte)	(is_zero_pfn(pte_pfn(pte)) && pte_dirty(pte))
>   
> -extern unsigned long ksm_zero_pages;
> +extern atomic_long_t ksm_zero_pages;
> +
> +static inline void ksm_map_zero_page(struct mm_struct *mm)
> +{
> +	atomic_long_inc(&ksm_zero_pages);
> +	atomic_long_inc(&mm->ksm_zero_pages);
> +}
>   
>   static inline void ksm_might_unmap_zero_page(struct mm_struct *mm, pte_t pte)
>   {
>   	if (is_ksm_zero_pte(pte)) {
> -		ksm_zero_pages--;
> -		mm->ksm_zero_pages--;
> +		atomic_long_dec(&ksm_zero_pages);
> +		atomic_long_dec(&mm->ksm_zero_pages);
>   	}
>   }
>   
> +static inline long get_ksm_zero_pages(void)
> +{
> +	return atomic_long_read(&ksm_zero_pages);
> +}

I suggest inlining that one. The naming of the function also is a bit 
inconsistent staring at the others.

> +
> +static inline long mm_ksm_zero_pages(struct mm_struct *mm)
> +{
> +	return atomic_long_read(&mm->ksm_zero_pages);
> +}
> +

Apart from that LGTM

Acked-by: David Hildenbrand <david@redhat.com>

Chengming Zhou May 8, 2024, 1:52 p.m. UTC | #3

On 2024/5/8 20:36, David Hildenbrand wrote:
> On 08.05.24 11:55, Chengming Zhou wrote:
>> We normally ksm_zero_pages++ in ksmd when page is merged with zero page,
>> but ksm_zero_pages-- is done from page tables side, which can't protected
>> by the ksmd mutex.
>>
>> So we can read very exceptional value of ksm_zero_pages in rare cases,
>> such as -1, which is very confusing to users.
>>
>> Fix it by changing to use atomic_long_t, and the same case with the
>> mm->ksm_zero_pages.
>>
>> Signed-off-by: Chengming Zhou <chengming.zhou@linux.dev>
>> ---
>>   fs/proc/base.c           |  2 +-
>>   include/linux/ksm.h      | 22 +++++++++++++++++++---
>>   include/linux/mm_types.h |  2 +-
>>   mm/ksm.c                 | 11 +++++------
>>   4 files changed, 26 insertions(+), 11 deletions(-)
>>
>> diff --git a/fs/proc/base.c b/fs/proc/base.c
>> index 18550c071d71..72a1acd03675 100644
>> --- a/fs/proc/base.c
>> +++ b/fs/proc/base.c
>> @@ -3214,7 +3214,7 @@ static int proc_pid_ksm_stat(struct seq_file *m, struct pid_namespace *ns,
>>       mm = get_task_mm(task);
>>       if (mm) {
>>           seq_printf(m, "ksm_rmap_items %lu\n", mm->ksm_rmap_items);
>> -        seq_printf(m, "ksm_zero_pages %lu\n", mm->ksm_zero_pages);
>> +        seq_printf(m, "ksm_zero_pages %ld\n", mm_ksm_zero_pages(mm));
>>           seq_printf(m, "ksm_merging_pages %lu\n", mm->ksm_merging_pages);
>>           seq_printf(m, "ksm_process_profit %ld\n", ksm_process_profit(mm));
>>           mmput(mm);
>> diff --git a/include/linux/ksm.h b/include/linux/ksm.h
>> index 52c63a9c5a9c..bfc2cf756b0d 100644
>> --- a/include/linux/ksm.h
>> +++ b/include/linux/ksm.h
>> @@ -33,16 +33,32 @@ void __ksm_exit(struct mm_struct *mm);
>>    */
>>   #define is_ksm_zero_pte(pte)    (is_zero_pfn(pte_pfn(pte)) && pte_dirty(pte))
>>   -extern unsigned long ksm_zero_pages;
>> +extern atomic_long_t ksm_zero_pages;
>> +
>> +static inline void ksm_map_zero_page(struct mm_struct *mm)
>> +{
>> +    atomic_long_inc(&ksm_zero_pages);
>> +    atomic_long_inc(&mm->ksm_zero_pages);
>> +}
>>     static inline void ksm_might_unmap_zero_page(struct mm_struct *mm, pte_t pte)
>>   {
>>       if (is_ksm_zero_pte(pte)) {
>> -        ksm_zero_pages--;
>> -        mm->ksm_zero_pages--;
>> +        atomic_long_dec(&ksm_zero_pages);
>> +        atomic_long_dec(&mm->ksm_zero_pages);
>>       }
>>   }
>>   +static inline long get_ksm_zero_pages(void)
>> +{
>> +    return atomic_long_read(&ksm_zero_pages);
>> +}
> 
> I suggest inlining that one. The naming of the function also is a bit inconsistent staring at the others.

Good point, I will inline it.

> 
>> +
>> +static inline long mm_ksm_zero_pages(struct mm_struct *mm)
>> +{
>> +    return atomic_long_read(&mm->ksm_zero_pages);
>> +}
>> +
> 
> Apart from that LGTM
> 
> Acked-by: David Hildenbrand <david@redhat.com>
> 

Thanks!

diff --git a/fs/proc/base.c b/fs/proc/base.c
index 18550c071d71..72a1acd03675 100644
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -3214,7 +3214,7 @@  static int proc_pid_ksm_stat(struct seq_file *m, struct pid_namespace *ns,
 	mm = get_task_mm(task);
 	if (mm) {
 		seq_printf(m, "ksm_rmap_items %lu\n", mm->ksm_rmap_items);
-		seq_printf(m, "ksm_zero_pages %lu\n", mm->ksm_zero_pages);
+		seq_printf(m, "ksm_zero_pages %ld\n", mm_ksm_zero_pages(mm));
 		seq_printf(m, "ksm_merging_pages %lu\n", mm->ksm_merging_pages);
 		seq_printf(m, "ksm_process_profit %ld\n", ksm_process_profit(mm));
 		mmput(mm);
diff --git a/include/linux/ksm.h b/include/linux/ksm.h
index 52c63a9c5a9c..bfc2cf756b0d 100644
--- a/include/linux/ksm.h
+++ b/include/linux/ksm.h
@@ -33,16 +33,32 @@  void __ksm_exit(struct mm_struct *mm);
  */
 #define is_ksm_zero_pte(pte)	(is_zero_pfn(pte_pfn(pte)) && pte_dirty(pte))
 
-extern unsigned long ksm_zero_pages;
+extern atomic_long_t ksm_zero_pages;
+
+static inline void ksm_map_zero_page(struct mm_struct *mm)
+{
+	atomic_long_inc(&ksm_zero_pages);
+	atomic_long_inc(&mm->ksm_zero_pages);
+}
 
 static inline void ksm_might_unmap_zero_page(struct mm_struct *mm, pte_t pte)
 {
 	if (is_ksm_zero_pte(pte)) {
-		ksm_zero_pages--;
-		mm->ksm_zero_pages--;
+		atomic_long_dec(&ksm_zero_pages);
+		atomic_long_dec(&mm->ksm_zero_pages);
 	}
 }
 
+static inline long get_ksm_zero_pages(void)
+{
+	return atomic_long_read(&ksm_zero_pages);
+}
+
+static inline long mm_ksm_zero_pages(struct mm_struct *mm)
+{
+	return atomic_long_read(&mm->ksm_zero_pages);
+}
+
 static inline int ksm_fork(struct mm_struct *mm, struct mm_struct *oldmm)
 {
 	if (test_bit(MMF_VM_MERGEABLE, &oldmm->flags))
diff --git a/include/linux/mm_types.h b/include/linux/mm_types.h
index 24323c7d0bd4..af3a0256fa93 100644
--- a/include/linux/mm_types.h
+++ b/include/linux/mm_types.h
@@ -985,7 +985,7 @@  struct mm_struct {
 		 * Represent how many empty pages are merged with kernel zero
 		 * pages when enabling KSM use_zero_pages.
 		 */
-		unsigned long ksm_zero_pages;
+		atomic_long_t ksm_zero_pages;
 #endif /* CONFIG_KSM */
 #ifdef CONFIG_LRU_GEN_WALKS_MMU
 		struct {
diff --git a/mm/ksm.c b/mm/ksm.c
index 0f9c491552ff..6e0dca3cecf3 100644
--- a/mm/ksm.c
+++ b/mm/ksm.c
@@ -296,7 +296,7 @@  static bool ksm_use_zero_pages __read_mostly;
 static bool ksm_smart_scan = true;
 
 /* The number of zero pages which is placed by KSM */
-unsigned long ksm_zero_pages;
+atomic_long_t ksm_zero_pages = ATOMIC_LONG_INIT(0);
 
 /* The number of pages that have been skipped due to "smart scanning" */
 static unsigned long ksm_pages_skipped;
@@ -1429,8 +1429,7 @@  static int replace_page(struct vm_area_struct *vma, struct page *page,
 		 * the dirty bit in zero page's PTE is set.
 		 */
 		newpte = pte_mkdirty(pte_mkspecial(pfn_pte(page_to_pfn(kpage), vma->vm_page_prot)));
-		ksm_zero_pages++;
-		mm->ksm_zero_pages++;
+		ksm_map_zero_page(mm);
 		/*
 		 * We're replacing an anonymous page with a zero page, which is
 		 * not anonymous. We need to do proper accounting otherwise we
@@ -3373,7 +3372,7 @@  static void wait_while_offlining(void)
 #ifdef CONFIG_PROC_FS
 long ksm_process_profit(struct mm_struct *mm)
 {
-	return (long)(mm->ksm_merging_pages + mm->ksm_zero_pages) * PAGE_SIZE -
+	return (long)(mm->ksm_merging_pages + mm_ksm_zero_pages(mm)) * PAGE_SIZE -
 		mm->ksm_rmap_items * sizeof(struct ksm_rmap_item);
 }
 #endif /* CONFIG_PROC_FS */
@@ -3662,7 +3661,7 @@  KSM_ATTR_RO(pages_skipped);
 static ssize_t ksm_zero_pages_show(struct kobject *kobj,
 				struct kobj_attribute *attr, char *buf)
 {
-	return sysfs_emit(buf, "%ld\n", ksm_zero_pages);
+	return sysfs_emit(buf, "%ld\n", get_ksm_zero_pages());
 }
 KSM_ATTR_RO(ksm_zero_pages);
 
@@ -3671,7 +3670,7 @@  static ssize_t general_profit_show(struct kobject *kobj,
 {
 	long general_profit;
 
-	general_profit = (ksm_pages_sharing + ksm_zero_pages) * PAGE_SIZE -
+	general_profit = (ksm_pages_sharing + get_ksm_zero_pages()) * PAGE_SIZE -
 				ksm_rmap_items * sizeof(struct ksm_rmap_item);
 
 	return sysfs_emit(buf, "%ld\n", general_profit);

[2/4] mm/ksm: fix ksm_zero_pages accounting

Commit Message

Comments

Patch