Message ID | 20200723223004.9586-7-rcampbell@nvidia.com (mailing list archive) |
---|---|
State | Rejected |
Delegated to: | Jason Gunthorpe |
Headers | show |
Series | mm/migrate: avoid device private invalidations | expand |
On Thu, Jul 23, 2020 at 03:30:04PM -0700, Ralph Campbell wrote: > When migrating the special zero page, migrate_vma_pages() calls > mmu_notifier_invalidate_range_start() before replacing the zero page > PFN in the CPU page tables. This is unnecessary since the range was > invalidated in migrate_vma_setup() and the page table entry is checked > to be sure it hasn't changed between migrate_vma_setup() and > migrate_vma_pages(). Therefore, remove the redundant invalidation. I don't follow this logic, the purpose of the invalidation is also to clear out anything that may be mirroring this VA, and "the page hasn't changed" doesn't seem to rule out that case? I'm also not sure I follow where the zero page came from? Jason
On 7/28/20 12:19 PM, Jason Gunthorpe wrote: > On Thu, Jul 23, 2020 at 03:30:04PM -0700, Ralph Campbell wrote: >> When migrating the special zero page, migrate_vma_pages() calls >> mmu_notifier_invalidate_range_start() before replacing the zero page >> PFN in the CPU page tables. This is unnecessary since the range was >> invalidated in migrate_vma_setup() and the page table entry is checked >> to be sure it hasn't changed between migrate_vma_setup() and >> migrate_vma_pages(). Therefore, remove the redundant invalidation. > > I don't follow this logic, the purpose of the invalidation is also to > clear out anything that may be mirroring this VA, and "the page hasn't > changed" doesn't seem to rule out that case? > > I'm also not sure I follow where the zero page came from? The zero page comes from an anonymous private VMA that is read-only and the user level CPU process tries to read the page data (or any other read page fault). > Jason > The overall migration process is: mmap_read_lock() migrate_vma_setup() // invalidates range, locks/isolates pages, puts migration entry in page table <driver allocates destination pages and copies source to dest> migrate_vma_pages() // moves source struct page info to destination struct page info. // clears migration flag for pages that can't be migrated. <driver updates device page tables for pages still migrating, rollback pages not migrating> migrate_vma_finalize() // replaces migration page table entry with destination page PFN. mmap_read_unlock() Since the address range is invalidated in the migrate_vma_setup() stage, and the page is isolated from the LRU cache, locked, unmapped, and the page table holds a migration entry (so the page can't be faulted and the CPU page table set valid again), and there are no extra page references (pins), the page "should not be modified". For pte_none()/is_zero_pfn() entries, migrate_vma_setup() leaves the pte_none()/is_zero_pfn() entry in place but does still call mmu_notifier_invalidate_range_start() for the whole range being migrated. In the migrate_vma_pages() step, the pte page table is locked and the pte entry checked to be sure it is still pte_none/is_zero_pfn(). If not, the new page isn't inserted. If it is still none/zero, the new device private struct page is inserted into the page table, replacing the pte_none()/is_zero_pfn() page table entry. The secondary MMUs were already invalidated in the migrate_vma_setup() step and a pte_none() or zero page can't be modified so the only invalidation needed is the CPU TLB(s) for clearing the special zero page PTE entry. Two devices could both try to do the migrate_vma_*() sequence and proceed in parallel up to the migrate_vma_pages() step and try to install a new page for the hole/zero PTE but only one will win and the other fail.
On Tue, Jul 28, 2020 at 03:04:07PM -0700, Ralph Campbell wrote: > > On 7/28/20 12:19 PM, Jason Gunthorpe wrote: > > On Thu, Jul 23, 2020 at 03:30:04PM -0700, Ralph Campbell wrote: > > > When migrating the special zero page, migrate_vma_pages() calls > > > mmu_notifier_invalidate_range_start() before replacing the zero page > > > PFN in the CPU page tables. This is unnecessary since the range was > > > invalidated in migrate_vma_setup() and the page table entry is checked > > > to be sure it hasn't changed between migrate_vma_setup() and > > > migrate_vma_pages(). Therefore, remove the redundant invalidation. > > > > I don't follow this logic, the purpose of the invalidation is also to > > clear out anything that may be mirroring this VA, and "the page hasn't > > changed" doesn't seem to rule out that case? > > > > I'm also not sure I follow where the zero page came from? > > The zero page comes from an anonymous private VMA that is read-only > and the user level CPU process tries to read the page data (or any > other read page fault). > > > Jason > > > > The overall migration process is: > > mmap_read_lock() > > migrate_vma_setup() > // invalidates range, locks/isolates pages, puts migration entry in page table > > <driver allocates destination pages and copies source to dest> > > migrate_vma_pages() > // moves source struct page info to destination struct page info. > // clears migration flag for pages that can't be migrated. > > <driver updates device page tables for pages still migrating, rollback pages not migrating> > > migrate_vma_finalize() > // replaces migration page table entry with destination page PFN. > > mmap_read_unlock() > > Since the address range is invalidated in the migrate_vma_setup() stage, > and the page is isolated from the LRU cache, locked, unmapped, and the page table > holds a migration entry (so the page can't be faulted and the CPU page table set > valid again), and there are no extra page references (pins), the page > "should not be modified". That is the physical page though, it doesn't prove nobody else is reading the PTE. > For pte_none()/is_zero_pfn() entries, migrate_vma_setup() leaves the > pte_none()/is_zero_pfn() entry in place but does still call > mmu_notifier_invalidate_range_start() for the whole range being migrated. Ok.. > In the migrate_vma_pages() step, the pte page table is locked and the > pte entry checked to be sure it is still pte_none/is_zero_pfn(). If not, > the new page isn't inserted. If it is still none/zero, the new device private > struct page is inserted into the page table, replacing the pte_none()/is_zero_pfn() > page table entry. The secondary MMUs were already invalidated in the migrate_vma_setup() > step and a pte_none() or zero page can't be modified so the only invalidation needed > is the CPU TLB(s) for clearing the special zero page PTE entry. No, the secondary MMU was invalidated but the invalidation start/end range was exited. That means a secondary MMU is immeidately able to reload the zero page into its MMU cache. When this code replaces the PTE that has a zero page it also has to invalidate again so that secondary MMU's are guaranteed to pick up the new PTE value. So, I still don't understand how this is safe? Jason
On 7/31/20 12:15 PM, Jason Gunthorpe wrote: > On Tue, Jul 28, 2020 at 03:04:07PM -0700, Ralph Campbell wrote: >> >> On 7/28/20 12:19 PM, Jason Gunthorpe wrote: >>> On Thu, Jul 23, 2020 at 03:30:04PM -0700, Ralph Campbell wrote: >>>> When migrating the special zero page, migrate_vma_pages() calls >>>> mmu_notifier_invalidate_range_start() before replacing the zero page >>>> PFN in the CPU page tables. This is unnecessary since the range was >>>> invalidated in migrate_vma_setup() and the page table entry is checked >>>> to be sure it hasn't changed between migrate_vma_setup() and >>>> migrate_vma_pages(). Therefore, remove the redundant invalidation. >>> >>> I don't follow this logic, the purpose of the invalidation is also to >>> clear out anything that may be mirroring this VA, and "the page hasn't >>> changed" doesn't seem to rule out that case? >>> >>> I'm also not sure I follow where the zero page came from? >> >> The zero page comes from an anonymous private VMA that is read-only >> and the user level CPU process tries to read the page data (or any >> other read page fault). >> >>> Jason >>> >> >> The overall migration process is: >> >> mmap_read_lock() >> >> migrate_vma_setup() >> // invalidates range, locks/isolates pages, puts migration entry in page table >> >> <driver allocates destination pages and copies source to dest> >> >> migrate_vma_pages() >> // moves source struct page info to destination struct page info. >> // clears migration flag for pages that can't be migrated. >> >> <driver updates device page tables for pages still migrating, rollback pages not migrating> >> >> migrate_vma_finalize() >> // replaces migration page table entry with destination page PFN. >> >> mmap_read_unlock() >> >> Since the address range is invalidated in the migrate_vma_setup() stage, >> and the page is isolated from the LRU cache, locked, unmapped, and the page table >> holds a migration entry (so the page can't be faulted and the CPU page table set >> valid again), and there are no extra page references (pins), the page >> "should not be modified". > > That is the physical page though, it doesn't prove nobody else is > reading the PTE. > >> For pte_none()/is_zero_pfn() entries, migrate_vma_setup() leaves the >> pte_none()/is_zero_pfn() entry in place but does still call >> mmu_notifier_invalidate_range_start() for the whole range being migrated. > > Ok.. > >> In the migrate_vma_pages() step, the pte page table is locked and the >> pte entry checked to be sure it is still pte_none/is_zero_pfn(). If not, >> the new page isn't inserted. If it is still none/zero, the new device private >> struct page is inserted into the page table, replacing the pte_none()/is_zero_pfn() >> page table entry. The secondary MMUs were already invalidated in the migrate_vma_setup() >> step and a pte_none() or zero page can't be modified so the only invalidation needed >> is the CPU TLB(s) for clearing the special zero page PTE entry. > > No, the secondary MMU was invalidated but the invalidation start/end > range was exited. That means a secondary MMU is immeidately able to > reload the zero page into its MMU cache. > > When this code replaces the PTE that has a zero page it also has to > invalidate again so that secondary MMU's are guaranteed to pick up the > new PTE value. > > So, I still don't understand how this is safe? > > Jason Oops, you are right of course. I was only thinking of the device doing the migration and forgetting about a second device faulting on the same page. You can drop patch from the series.
diff --git a/mm/migrate.c b/mm/migrate.c index 96e1f41a991e..36076ba2f51a 100644 --- a/mm/migrate.c +++ b/mm/migrate.c @@ -2877,9 +2877,7 @@ void migrate_vma_pages(struct migrate_vma *migrate) { const unsigned long npages = migrate->npages; const unsigned long start = migrate->start; - struct mmu_notifier_range range; unsigned long addr, i; - bool notified = false; for (i = 0, addr = start; i < npages; addr += PAGE_SIZE, i++) { struct page *newpage = migrate_pfn_to_page(migrate->dst[i]); @@ -2895,16 +2893,6 @@ void migrate_vma_pages(struct migrate_vma *migrate) if (!page) { if (!(migrate->src[i] & MIGRATE_PFN_MIGRATE)) continue; - if (!notified) { - notified = true; - - mmu_notifier_range_init(&range, - MMU_NOTIFY_CLEAR, 0, - NULL, - migrate->vma->vm_mm, - addr, migrate->end); - mmu_notifier_invalidate_range_start(&range); - } migrate_vma_insert_page(migrate, addr, newpage, &migrate->src[i], &migrate->dst[i]); @@ -2937,14 +2925,6 @@ void migrate_vma_pages(struct migrate_vma *migrate) if (r != MIGRATEPAGE_SUCCESS) migrate->src[i] &= ~MIGRATE_PFN_MIGRATE; } - - /* - * No need to double call mmu_notifier->invalidate_range() callback as - * the above ptep_clear_flush_notify() inside migrate_vma_insert_page() - * did already call it. - */ - if (notified) - mmu_notifier_invalidate_range_only_end(&range); } EXPORT_SYMBOL(migrate_vma_pages);
When migrating the special zero page, migrate_vma_pages() calls mmu_notifier_invalidate_range_start() before replacing the zero page PFN in the CPU page tables. This is unnecessary since the range was invalidated in migrate_vma_setup() and the page table entry is checked to be sure it hasn't changed between migrate_vma_setup() and migrate_vma_pages(). Therefore, remove the redundant invalidation. DKIM-Signature: v a a-sha256; claxed/relaxed; d idia.com; s; t95543388; bhqnSzc0udfc4m+P6cziRmRJk5XEGcgDU5ImloLrCuE h PGP-Universal:From:To:CC:Subject:Date:Message-ID:X-Mailer: In-Reply-To:References:MIME-Version:X-NVConfidentiality: Content-Transfer-Encoding:Content-Type; b yLVqKU1Kxf67Qz9TIZ2f1lAaP7YxvFgCZR8v0Vw1fwq7aUbMbgfzcF0bd6+XzG6 ZHtBRMp/Zu/ZLGRxP6lBqZo4wHMHbuW3fXOvPCrYTD5YsCCLv+Ao4RmreWyec2wBTk uBo3ZylCHJ0ckD85BcjQQxpXyY99cBsvIomZw9wzg6QGm7Ksbq6d+UKSkb0L04d6v8 fiRvvLNq3kCbPzrifaBTj3klQcVcKXz34km0XUoRQlSaftlq4BJWopBPX8U7gQtstO OvA7Al9t87sCpKjSnqjE7N1jThU0KzjPrCxJiEHq/0Vf4sqeUA42bOkc+bk/CV1ZSF n9jm36j4kRTUg Signed-off-by: Ralph Campbell <rcampbell@nvidia.com> --- mm/migrate.c | 20 -------------------- 1 file changed, 20 deletions(-)