Re: [RFC PATCH] madvise: make madvise_cold_or_pageout_pte_range() support large folio

[David Hildenbrand]

On 14.07.23 10:34, Yin, Fengwei wrote:
[...]

> > > Sounds good?
> >
> > Adding to the discussion, currently the COW selftest always skips a PTE-mapped THP.
> You always have very good summary of the situation. Thanks a lot for
> adding the following information.
>
> Add Zi Yan as this is still about mapcount of the folio.

Thanks, I thought he would have already been CCed!

> > For example:
> >
> > # [INFO] Anonymous memory tests in private mappings
> > # [RUN] Basic COW after fork() ... with base page
> > ok 1 No leak from parent into child
> > # [RUN] Basic COW after fork() ... with swapped out base page
> > ok 2 No leak from parent into child
> > # [RUN] Basic COW after fork() ... with THP
> > ok 3 No leak from parent into child
> > # [RUN] Basic COW after fork() ... with swapped-out THP
> > ok 4 No leak from parent into child
> > # [RUN] Basic COW after fork() ... with PTE-mapped THP
> > ok 5 No leak from parent into child
> > # [RUN] Basic COW after fork() ... with swapped-out, PTE-mapped THP
> > ok 6 # SKIP MADV_PAGEOUT did not work, is swap enabled?
> > ...
> >
> >
> > The commit that introduced that change is:
> >
> > commit 07e8c82b5eff8ef34b74210eacb8d9c4a2886b82
> > Author: Vishal Moola (Oracle) <vishal.moola@xxxxxxxxx>
> > Date:   Wed Dec 21 10:08:46 2022 -0800
> >
> >      madvise: convert madvise_cold_or_pageout_pte_range() to use folios
> >
> >      This change removes a number of calls to compound_head(), and saves
> >      1729 bytes of kernel text.
> >
> >
> >
> > folio_mapcount(folio) is wrong, because that never works on a PTE-mapped THP (well, unless only a single subpage is still mapped ...).
> >
> > page_mapcount(folio) was wrong, because it ignored all other subpages, but at least it worked in some cases.
> >
> > folio_estimated_sharers(folio) is similarly wrong like page_mapcount(), as it's essentially a page_mapcount() of the first subpage.
> >
> > (ignoring that a lockless mapcount-based check is always kind-of unreliable, but that's msotly acceptable for these kind of things)
> >
> >
> > So, unfortunately, page_mapcount() / folio_estimated_sharers() is best we can do for now, but they miss to detect some cases of sharing of the folio -- false negatives to detect sharing.
> >
> >
> > Ideally we want something like folio_maybe_mapped_shared(), and get rid of folio_estimated_sharers(), we better to guess the exact number, simply works towards an answer that tells us "yep, this may be mapped by multiple sharers" vs. "no, this is definitely not mapped by multiple sharers".
> So you want to accurate number. My understanding is that it's required for COW case.

For COW we have to take a look at the mapcount vs. the refcount:

With an order-0 page that's straight forward:
  (a) Has that page never been shared (PageAnonExclusive?), then I am
      the exclusive owner and can reuse.
  (a) I am mapping the page and it cannot get unmapped concurrently due
      to the PT lock (which implies mapcount > 0, refcount > 0). Is this
      reference I am holding is in fact the only reference to
      the page (refcount == 1, implying mapcount == 1)? Then I am
      the exclusive owner and can reuse.

Note that we don't have to perform any mapcount checks, because it's 
implied by pur page table mapping and the refcount.

What I want to achieve is the same for PTE-mapped THP, without scanning 
page tables to detect if I am holding all references to the folio. That is:

(1) total_mapcount() == refcount AND
(2) I am responsible for all these mappings AND
(3) Subpages cannot get unmapped / shared concurrently

To make that work reliable, we might need some synchronization, 
especially when multiple page tables are involved.

I previously raised tracking the "creator" of the anon page. I think we 
can do better, but still have to prototype it.

[...]

> > While it's better than what we have right now:
> >
> > (a) It's racy. Well, it's always been racy with concurrent (un)mapping
> >      and splitting. But maybe we can do better.
> >
> > (b) folio_total_mapcount() is currently expensive.
> >
> > (c) there are still false negatives even without races.
> >
> >
> > For anon pages, we could scan all subpages and test if they are PageAnonExclusive, but it's also not really what we want to do here.
> I was wondering whether we could identify the cases as:
>    - bold estimated mapcount is enough. In this case, we can use
>      current folio_estimated_sharers() for now. For long term, I
>      am with Zi Yan's proposal:  maintain total_mapcount and just use
>      total_mapcount > folio_nr_pages() as estimated number.
>
>      The madvise/migration cases are identified as this type.
>
>    - Need some level accurate. Use estimated mapcount to filter out obvious
>      shared case first as estimated mapcount is correct for shared case.
>      Then use some heavy operations (check anon folio if pages are
>      PageAnonExclusive or use pvmw) to get more accurate number.
>
>      Cow is identified as this type.

I want to tackle both (at least for anon pages) using the same 
mechanism. Especially, to cover the case "total_mapcount <= 
folio_nr_pages()". For total_mapcount > folio_nr_pages(), it's easy.

In any case, we want an atomic total mapcount I think.

> > I have some idea to handle anon pages better to avoid any page table walk or subpage scan, improving (a), (b) and (c). It might work for pagecache pages with some more work, but it's a bit more complicated with the scheme I have in mind).
> Great.
>
> > First step would be replacing folio->_nr_pages_mapped by folio->_total_mapcount. While we could eventually have folio->_total_mapcount in addition to folio->_nr_pages_mapped, I'm, not sure if we want to go down that path
> I saw Zi Yan shared same proposal.
>
> > That would make folio_total_mapcount() extremely fast (I'm working on a prototype). The downsides are that
> >
> > (a) We have to make NR_ANON_MAPPED/NR_FILE_MAPPED accounting less precise. Easiest way to handle it: as soon as a single subpage is mapped, account the whole folio as mapped. After all, it's consuming memory, so who cares?
> >
> > (b) We have to find a different way to decide when to put an anonymous folio on the deferred split queue in page_remove_rmap(). Some cases are nasty to handle: PTE-mapped THP that are shared between a parent and a child.
> It's nasty because partial mapped to parent and partial mapped to child? Thanks.

I thought about this a lot already, but let me dedicate some time here 
to write it down. There are two scenarios to consider: do we still want 
to use the subpage mapcount or not.

When still considering the subpage mapcount, it gets easier.


(1) We're unmapping a single subpage, the compound_mapcount == 0
    and the total_mapcount > 0. If the subpage mapcount is now 0, add it
    to the deferred split queue.

(2) We're unmapping a complete folio (PMD mapping / compound), the
    compound_mapcount is 0 and the total_mapcount > 0.

 (a) If total mapcount < folio_nr_pages, add it
     to the deferred split queue.

 (b) If total mapcount >= folio_nr_pages , we have to scan all subpage
     mapcounts. If any subpage mapcount == 0, add it to the deferred
     split queue.


(b) is a bit nasty. It would happen when we fork() with a PMD-mapped 
THP, the parent splits the THP due to COW, and then our child unmaps or 
splits the PMD-mapped THP (unmap easily happening during exec()). 
Fortunately, we'd only scan once when unmapping the PMD.


Getting rid of the subpage mapcount usage in (1) would mean that we have 
to do exactly what we do in (2). But then we'd need to ha handle (2) (B) 
differently as well.

So, for 2 (b) we would either need some other heuristic, or we add it to 
the deferred split queue more frequently and let that one detect using 
an rmap walk "well, every subpage is still mapped, let's abort the split".

--
Cheers,

David / dhildenb