On 24.08.2020 17:30, Jan Kara wrote:
> On Mon 24-08-20 11:36:22, Kirill Tkhai wrote:
>> On 22.08.2020 02:49, Peter Xu wrote:
>>> From: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>
>>>
>>> How about we just make sure we're the only possible valid user fo the
>>> page before we bother to reuse it?
>>>
>>> Simplify, simplify, simplify.
>>>
>>> And get rid of the nasty serialization on the page lock at the same time.
>>>
>>> Signed-off-by: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>
>>> [peterx: add subject prefix]
>>> Signed-off-by: Peter Xu <peterx@xxxxxxxxxx>
>>> ---
>>> mm/memory.c | 59 +++++++++++++++--------------------------------------
>>> 1 file changed, 17 insertions(+), 42 deletions(-)
>>>
>>> diff --git a/mm/memory.c b/mm/memory.c
>>> index 602f4283122f..cb9006189d22 100644
>>> --- a/mm/memory.c
>>> +++ b/mm/memory.c
>>> @@ -2927,50 +2927,25 @@ static vm_fault_t do_wp_page(struct vm_fault *vmf)
>>> * not dirty accountable.
>>> */
>>> if (PageAnon(vmf->page)) {
>>> - int total_map_swapcount;
>>> - if (PageKsm(vmf->page) && (PageSwapCache(vmf->page) ||
>>> - page_count(vmf->page) != 1))
>>> + struct page *page = vmf->page;
>>> +
>>> + /* PageKsm() doesn't necessarily raise the page refcount */
>>
>> No, this is wrong. PageKSM() always raises refcount.
>
> OK, then I'm confused. The comment before get_ksm_page() states:
>
> * get_ksm_page: checks if the page indicated by the stable node
> * is still its ksm page, despite having held no reference to it.
> * In which case we can trust the content of the page, and it
> * returns the gotten page; but if the page has now been zapped,
> * remove the stale node from the stable tree and return NULL.
> ...
> * You would expect the stable_node to hold a reference to the ksm page.
> * But if it increments the page's count, swapping out has to wait for
> * ksmd to come around again before it can free the page, which may take
> * seconds or even minutes: much too unresponsive. So instead we use a
> * "keyhole reference": access to the ksm page from the stable node peeps
> * out through its keyhole to see if that page still holds the right key,
> * pointing back to this stable node.
>
> So this all seems to indicate that KSM doesn't hold a proper page reference
> and relies on anyone making page writeable to change page->mapping so that
> KSM notices this and doesn't use the page anymore... Am I missing
> something?
Sure, KSM does not increment page counter, when a page becomes PageKsm().
Is patch comment about that? Even if so, I don't understand what this
comment is about. "PageKsm() does not take additional counter" is not
a reason the page can't be reused there. The reason is that readers
of this page may increase a counter without taking the lock, so
this page_count() == 1 under the lock does not guarantee anything.
>> There was another
>> problem: KSM may raise refcount without lock_page(), and only then it
>> takes the lock. See get_ksm_page(GET_KSM_PAGE_NOLOCK) for the details.
>>
>> So, reliable protection against parallel access requires to freeze page
>> counter, which is made in reuse_ksm_page().
>
> OK, this as well.
>
> Honza
>
>>
>>> + if (PageKsm(page) || page_count(page) != 1)
>>> + goto copy;
>>> + if (!trylock_page(page))
>>> + goto copy;
>>> + if (PageKsm(page) || page_mapcount(page) != 1 || page_count(page) != 1) {
>>> + unlock_page(page);
>>> goto copy;
>>> - if (!trylock_page(vmf->page)) {
>>> - get_page(vmf->page);
>>> - pte_unmap_unlock(vmf->pte, vmf->ptl);
>>> - lock_page(vmf->page);
>>> - vmf->pte = pte_offset_map_lock(vma->vm_mm, vmf->pmd,
>>> - vmf->address, &vmf->ptl);
>>> - if (!pte_same(*vmf->pte, vmf->orig_pte)) {
>>> - update_mmu_tlb(vma, vmf->address, vmf->pte);
>>> - unlock_page(vmf->page);
>>> - pte_unmap_unlock(vmf->pte, vmf->ptl);
>>> - put_page(vmf->page);
>>> - return 0;
>>> - }
>>> - put_page(vmf->page);
>>> - }
>>> - if (PageKsm(vmf->page)) {
>>> - bool reused = reuse_ksm_page(vmf->page, vmf->vma,
>>> - vmf->address);
>>> - unlock_page(vmf->page);
>>> - if (!reused)
>>> - goto copy;
>>> - wp_page_reuse(vmf);
>>> - return VM_FAULT_WRITE;
>>> - }
>>> - if (reuse_swap_page(vmf->page, &total_map_swapcount)) {
>>> - if (total_map_swapcount == 1) {
>>> - /*
>>> - * The page is all ours. Move it to
>>> - * our anon_vma so the rmap code will
>>> - * not search our parent or siblings.
>>> - * Protected against the rmap code by
>>> - * the page lock.
>>> - */
>>> - page_move_anon_rmap(vmf->page, vma);
>>> - }
>>> - unlock_page(vmf->page);
>>> - wp_page_reuse(vmf);
>>> - return VM_FAULT_WRITE;
>>> }
>>> - unlock_page(vmf->page);
>>> + /*
>>> + * Ok, we've got the only map reference, and the only
>>> + * page count reference, and the page is locked,
>>> + * it's dark out, and we're wearing sunglasses. Hit it.
>>> + */
>>> + wp_page_reuse(vmf);
>>> + unlock_page(page);
>>> + return VM_FAULT_WRITE;
>>> } else if (unlikely((vma->vm_flags & (VM_WRITE|VM_SHARED)) ==
>>> (VM_WRITE|VM_SHARED))) {
>>> return wp_page_shared(vmf);
>>>
>>
