Re: [PATCH v4 10/10] thp: implement refcounting for huge zero page

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Oct 22, 2012 at 11:43:49PM -0700, Andrew Morton wrote:
> On Tue, 23 Oct 2012 09:35:32 +0300 "Kirill A. Shutemov" <kirill@xxxxxxxxxxxxx> wrote:
> 
> > On Fri, Oct 19, 2012 at 02:59:41AM +0300, Kirill A. Shutemov wrote:
> > > On Thu, Oct 18, 2012 at 04:45:02PM -0700, Andrew Morton wrote:
> > > > On Mon, 15 Oct 2012 09:00:59 +0300
> > > > "Kirill A. Shutemov" <kirill.shutemov@xxxxxxxxxxxxxxx> wrote:
> > > > 
> > > > > H. Peter Anvin doesn't like huge zero page which sticks in memory forever
> > > > > after the first allocation. Here's implementation of lockless refcounting
> > > > > for huge zero page.
> > > > > 
> > > > > We have two basic primitives: {get,put}_huge_zero_page(). They
> > > > > manipulate reference counter.
> > > > > 
> > > > > If counter is 0, get_huge_zero_page() allocates a new huge page and
> > > > > takes two references: one for caller and one for shrinker. We free the
> > > > > page only in shrinker callback if counter is 1 (only shrinker has the
> > > > > reference).
> > > > > 
> > > > > put_huge_zero_page() only decrements counter. Counter is never zero
> > > > > in put_huge_zero_page() since shrinker holds on reference.
> > > > > 
> > > > > Freeing huge zero page in shrinker callback helps to avoid frequent
> > > > > allocate-free.
> > > > 
> > > > I'd like more details on this please.  The cost of freeing then
> > > > reinstantiating that page is tremendous, because it has to be zeroed
> > > > out again.  If there is any way at all in which the kernel can be made
> > > > to enter a high-frequency free/reinstantiate pattern then I expect the
> > > > effects would be quite bad.
> > > > 
> > > > Do we have sufficient mechanisms in there to prevent this from
> > > > happening in all cases?  If so, what are they, because I'm not seeing
> > > > them?
> > > 
> > > We only free huge zero page in shrinker callback if nobody in the system
> > > uses it. Never on put_huge_zero_page(). Shrinker runs only under memory
> > > pressure or if user asks (drop_caches).
> > > Do you think we need an additional protection mechanism?
> > 
> > Andrew?
> > 
> 
> Well, how hard is it to trigger the bad behavior?  One can easily
> create a situation in which that page's refcount frequently switches
> from 0 to 1 and back again.  And one can easily create a situation in
> which the shrinkers are being called frequently.  Run both at the same
> time and what happens?

If the goal is to trigger bad behavior then:

1. read from an area where a huge page can be mapped to get huge zero page
   mapped. hzp is allocated here. refcounter == 2.
2. write to the same page. refcounter == 1.
3. echo 3 > /proc/sys/vm/drop_caches. refcounter == 0 -> free the hzp.
4. goto 1.

But it's unrealistic. /proc/sys/vm/drop_caches is only root-accessible.
We can trigger shrinker only under memory pressure. But in this, most
likely we will get -ENOMEM on hzp allocation and will go to fallback path
(4k zero page).

I don't see a problem here.

-- 
 Kirill A. Shutemov

Attachment: signature.asc
Description: Digital signature


[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]