Re: [PATCH RFC v2 0/4] Add support for sharing page tables across processes (Previously mshare)
From: Khalid Aziz
Date: Thu Apr 27 2023 - 12:41:49 EST
On 4/26/23 15:27, Mike Kravetz wrote:
On 04/26/23 10:49, Khalid Aziz wrote:
Memory pages shared between processes require a page table entry
(PTE) for each process. Each of these PTE consumes some of the
memory and as long as number of mappings being maintained is small
enough, this space consumed by page tables is not objectionable.
When very few memory pages are shared between processes, the number
of page table entries (PTEs) to maintain is mostly constrained by
the number of pages of memory on the system. As the number of
shared pages and the number of times pages are shared goes up,
amount of memory consumed by page tables starts to become
significant. This issue does not apply to threads. Any number of
threads can share the same pages inside a process while sharing the
same PTEs. Extending this same model to sharing pages across
processes can eliminate this issue for sharing across processes as
well.
Some of the field deployments commonly see memory pages shared
across 1000s of processes. On x86_64, each page requires a PTE that
is only 8 bytes long which is very small compared to the 4K page
size. When 2000 processes map the same page in their address space,
each one of them requires 8 bytes for its PTE and together that adds
up to 8K of memory just to hold the PTEs for one 4K page. On a
database server with 300GB SGA, a system crash was seen with
out-of-memory condition when 1500+ clients tried to share this SGA
even though the system had 512GB of memory. On this server, in the
worst case scenario of all 1500 processes mapping every page from
SGA would have required 878GB+ for just the PTEs. If these PTEs
could be shared, amount of memory saved is very significant.
When hugetlb pmd sharing was introduced the motivating factor was performance
as much as memory savings. See commit,
39dde65c9940 [PATCH] shared page table for hugetlb page
I have not verified the claims in that commit message, but it does sound
reasonable. My assumption is that the same would apply here.
Hi Mike,
Thanks for the feedback. I looked up the commit log for 39dde65c9940. You are right, same does apply here.
This patch series adds a new flag to mmap() call - MAP_SHARED_PT.
This flag can be specified along with MAP_SHARED by a process to
hint to kernel that it wishes to share page table entries for this
file mapping mmap region with other processes. Any other process
that mmaps the same file with MAP_SHARED_PT flag can then share the
same page table entries. Besides specifying MAP_SHARED_PT flag, the
processes must map the files at a PMD aligned address with a size
that is a multiple of PMD size and at the same virtual addresses.
This last requirement of same virtual addresses can possibly be
relaxed if that is the consensus.
I would think the same virtual address requirement is problematic in the
case of ASLR. hugetlb pmd sharing does not have the 'same virtual
addresses' requirement. My guess is that requiring the same virtual
address does not make code simpler.
Same virtual address requirement make pevious mshare implementation quite a bit simpler, but this reimplementation in
this RFC does not rely upon virtual addresses being same as much. This does open up the possibility of removing this
requirement. I just haven't looked through any potential complications enough.
When mmap() is called with MAP_SHARED_PT flag, a new host mm struct
is created to hold the shared page tables. Host mm struct is not
attached to a process. Start and size of host mm are set to the
start and size of the mmap region and a VMA covering this range is
also added to host mm struct. Existing page table entries from the
process that creates the mapping are copied over to the host mm
struct.
It seems there is one host mm struct per shared mapping. Is that
correct? And, the host mm is the size of that single mapping?
There is one host mm per shared file. This was done to allow for multiple VMAs to exist in this mm for a file that can
potentially represent multiple shared regions of the file. In the RFC, I am creating only one shared region per file for
now.
Suppose the following:
- process A maps shared file offset 0 to 2xPMD_SIZE
- process B maps shared file offset 0 to 2xPMD_SIZE
It then makes sense A and B would use the same host mm. Now,
Yes, that is correct.
- process C maps shared file offset 0 to 4xPMD_SIZE
Does C share anything with A and B? Are there multiple host mm structs?
In the RFC implementation, C does not share anything with A. The code is written to allow for expansion to support this
sharing as well as sharing multiple non-contiguous regions of the file. My goal is to debug and finalize sharing
infrastructure for the simple case and then start expanding it. In this specific case, implementation would expand the
existing shared VMAs to cover offset 0 to 4xPMD.
Just wondering at a high level how this would work without looking at
the code.
All processes mapping this shared region are considered
guest processes. When a guest process mmap's the shared region, a vm
flag VM_SHARED_PT is added to the VMAs in guest process. Upon a page
fault, VMA is checked for the presence of VM_SHARED_PT flag. If the
flag is found, its corresponding PMD is updated with the PMD from
host mm struct so the PMD will point to the page tables in host mm
struct. vm_mm pointer of the VMA is also updated to point to host mm
struct for the duration of fault handling to ensure fault handling
happens in the context of host mm struct. When a new PTE is
created, it is created in the host mm struct page tables and the PMD
in guest mm points to the same PTEs.
This is a basic working implementation. It will need to go through
more testing and refinements. Some notes and questions:
- PMD size alignment and size requirement is currently hard coded
in. Is there a need or desire to make this more flexible and work
with other alignments/sizes? PMD size allows for adapting this
infrastructure to form the basis for hugetlbfs page table sharing
as well. More work will be needed to make that happen.
- Is there a reason to allow a userspace app to query this size and
alignment requirement for MAP_SHARED_PT in some way?
- Shared PTEs means mprotect() call made by one process affects all
processes sharing the same mapping and that behavior will need to
be documented clearly. Effect of mprotect call being different for
processes using shared page tables is the primary reason to
require an explicit opt-in from userspace processes to share page
tables. With a transparent sharing derived from MAP_SHARED alone,
changed effect of mprotect can break significant number of
userspace apps. One could work around that by unsharing whenever
mprotect changes modes on shared mapping but that introduces
complexity and the capability to execute a single mprotect to
change modes across 1000's of processes sharing a mapped database
is a feature explicitly asked for by database folks. This
capability has significant performance advantage when compared to
mechanism of sending messages to every process using shared
mapping to call mprotect and change modes in each process, or
using traps on permissions mismatch in each process.
I would guess this is more than just mprotect, and anything that impacts
page tables. Correct? For example MADV_DONTNEED, MADV_HUGEPAGE,
MADV_NOHUGEPAGE.
Yes. For instance, the RFC implementation allows one process to set MADV_DONTNEED and remove PTEs which removes them for
all other processes sharing the mapping. That behavior does not quite sound right. A more robust implementation would
possibly remove PTEs only if all sharing processes have set MADV_DONTNEED. Other flags might need different treatment,
for instance MADV_WILLNEED should trigger read-ahead even if set by just one process.
- This implementation does not allow unmapping page table shared
mappings partially. Should that be supported in future?
Some concerns in this RFC:
- When page tables for a process are freed upon process exit,
pmd_free_tlb() gets called at one point to free all PMDs allocated
by the process. For a shared page table, shared PMDs can not be
released when a guest process exits. These shared PMDs are
released when host mm struct is released upon end of last
reference to page table shared region hosted by this mm. For now
to stop PMDs being released, this RFC introduces following change
in mm/memory.c which works but does not feel like the right
approach. Any suggestions for a better long term approach will be
very appreciated:
@@ -210,13 +221,19 @@ static inline void free_pmd_range(struct mmu_gather *tlb,
pud_t *pud,
pmd = pmd_offset(pud, start);
pud_clear(pud);
- pmd_free_tlb(tlb, pmd, start);
- mm_dec_nr_pmds(tlb->mm);
+ if (shared_pte) {
+ tlb_flush_pud_range(tlb, start, PAGE_SIZE);
+ tlb->freed_tables = 1;
+ } else {
+ pmd_free_tlb(tlb, pmd, start);
+ mm_dec_nr_pmds(tlb->mm);
+ }
}
static inline void free_pud_range(struct mmu_gather *tlb, p4d_t *p4d,
- This implementation requires an additional VM flag. Since all lower
32 bits are currently in use, the new VM flag must come from upper
32 bits which restricts this feature to 64-bit processors.
- This feature is implemented for file mappings only. Is there a
need to support it for anonymous memory as well?
I have not looked at the implementation, are 'file mappings' only
mappings using the page cache? Or, do you just need a file descriptor?
Would a file descriptor created via memfd_create work for anonymous
memory?
I look for just a file pointer, so an fd created by memfd would work for anonymous memory.
Thanks,
Khalid