On Mon, Oct 22, 2012 at 11:43:49PM -0700, Andrew Morton wrote:
> On Tue, 23 Oct 2012 09:35:32 +0300 "Kirill A. Shutemov" <kirill@xxxxxxxxxxxxx> wrote:
>
> > On Fri, Oct 19, 2012 at 02:59:41AM +0300, Kirill A. Shutemov wrote:
> > > On Thu, Oct 18, 2012 at 04:45:02PM -0700, Andrew Morton wrote:
> > > > On Mon, 15 Oct 2012 09:00:59 +0300
> > > > "Kirill A. Shutemov" <kirill.shutemov@xxxxxxxxxxxxxxx> wrote:
> > > >
> > > > > H. Peter Anvin doesn't like huge zero page which sticks in memory forever
> > > > > after the first allocation. Here's implementation of lockless refcounting
> > > > > for huge zero page.
> > > > >
> > > > > We have two basic primitives: {get,put}_huge_zero_page(). They
> > > > > manipulate reference counter.
> > > > >
> > > > > If counter is 0, get_huge_zero_page() allocates a new huge page and
> > > > > takes two references: one for caller and one for shrinker. We free the
> > > > > page only in shrinker callback if counter is 1 (only shrinker has the
> > > > > reference).
> > > > >
> > > > > put_huge_zero_page() only decrements counter. Counter is never zero
> > > > > in put_huge_zero_page() since shrinker holds on reference.
> > > > >
> > > > > Freeing huge zero page in shrinker callback helps to avoid frequent
> > > > > allocate-free.
> > > >
> > > > I'd like more details on this please. The cost of freeing then
> > > > reinstantiating that page is tremendous, because it has to be zeroed
> > > > out again. If there is any way at all in which the kernel can be made
> > > > to enter a high-frequency free/reinstantiate pattern then I expect the
> > > > effects would be quite bad.
> > > >
> > > > Do we have sufficient mechanisms in there to prevent this from
> > > > happening in all cases? If so, what are they, because I'm not seeing
> > > > them?
> > >
> > > We only free huge zero page in shrinker callback if nobody in the system
> > > uses it. Never on put_huge_zero_page(). Shrinker runs only under memory
> > > pressure or if user asks (drop_caches).
> > > Do you think we need an additional protection mechanism?
> >
> > Andrew?
> >
>
> Well, how hard is it to trigger the bad behavior? One can easily
> create a situation in which that page's refcount frequently switches
> from 0 to 1 and back again. And one can easily create a situation in
> which the shrinkers are being called frequently. Run both at the same
> time and what happens?
If the goal is to trigger bad behavior then:
1. read from an area where a huge page can be mapped to get huge zero page
mapped. hzp is allocated here. refcounter == 2.
2. write to the same page. refcounter == 1.
3. echo 3 > /proc/sys/vm/drop_caches. refcounter == 0 -> free the hzp.
4. goto 1.
But it's unrealistic. /proc/sys/vm/drop_caches is only root-accessible.
We can trigger shrinker only under memory pressure. But in this, most
likely we will get -ENOMEM on hzp allocation and will go to fallback path
(4k zero page).
I don't see a problem here.
--
Kirill A. Shutemov
Attachment:
signature.asc
Description: Digital signature