| Message ID | 1517935810-31177-1-git-send-email-ldufour@linux.vnet.ibm.com (mailing list archive) |
|---|---|
| Headers | show |
| Series | Speculative page faults | expand |
On Tue, 6 Feb 2018 17:49:46 +0100 Laurent Dufour <ldufour@linux.vnet.ibm.com> wrote: > This is a port on kernel 4.15 of the work done by Peter Zijlstra to > handle page fault without holding the mm semaphore [1]. > > The idea is to try to handle user space page faults without holding the > mmap_sem. This should allow better concurrency for massively threaded > process since the page fault handler will not wait for other threads memory > layout change to be done, assuming that this change is done in another part > of the process's memory space. This type page fault is named speculative > page fault. If the speculative page fault fails because of a concurrency is > detected or because underlying PMD or PTE tables are not yet allocating, it > is failing its processing and a classic page fault is then tried. > > The speculative page fault (SPF) has to look for the VMA matching the fault > address without holding the mmap_sem, this is done by introducing a rwlock > which protects the access to the mm_rb tree. Previously this was done using > SRCU but it was introducing a lot of scheduling to process the VMA's > freeing > operation which was hitting the performance by 20% as reported by Kemi Wang > [2].Using a rwlock to protect access to the mm_rb tree is limiting the > locking contention to these operations which are expected to be in a O(log > n) > order. In addition to ensure that the VMA is not freed in our back a > reference count is added and 2 services (get_vma() and put_vma()) are > introduced to handle the reference count. When a VMA is fetch from the RB > tree using get_vma() is must be later freeed using put_vma(). Furthermore, > to allow the VMA to be used again by the classic page fault handler a > service is introduced can_reuse_spf_vma(). This service is expected to be > called with the mmap_sem hold. It checked that the VMA is still matching > the specified address and is releasing its reference count as the mmap_sem > is hold it is ensure that it will not be freed in our back. In general, the > VMA's reference count could be decremented when holding the mmap_sem but it > should not be increased as holding the mmap_sem is ensuring that the VMA is > stable. I can't see anymore the overhead I got while will-it-scale > benchmark anymore. > > The VMA's attributes checked during the speculative page fault processing > have to be protected against parallel changes. This is done by using a per > VMA sequence lock. This sequence lock allows the speculative page fault > handler to fast check for parallel changes in progress and to abort the > speculative page fault in that case. > > Once the VMA is found, the speculative page fault handler would check for > the VMA's attributes to verify that the page fault has to be handled > correctly or not. Thus the VMA is protected through a sequence lock which > allows fast detection of concurrent VMA changes. If such a change is > detected, the speculative page fault is aborted and a *classic* page fault > is tried. VMA sequence lockings are added when VMA attributes which are > checked during the page fault are modified. > > When the PTE is fetched, the VMA is checked to see if it has been changed, > so once the page table is locked, the VMA is valid, so any other changes > leading to touching this PTE will need to lock the page table, so no > parallel change is possible at this time. > > The locking of the PTE is done with interrupts disabled, this allows to > check for the PMD to ensure that there is not an ongoing collapsing > operation. Since khugepaged is firstly set the PMD to pmd_none and then is > waiting for the other CPU to have catch the IPI interrupt, if the pmd is > valid at the time the PTE is locked, we have the guarantee that the > collapsing opertion will have to wait on the PTE lock to move foward. This > allows the SPF handler to map the PTE safely. If the PMD value is different > than the one recorded at the beginning of the SPF operation, the classic > page fault handler will be called to handle the operation while holding the > mmap_sem. As the PTE lock is done with the interrupts disabled, the lock is > done using spin_trylock() to avoid dead lock when handling a page fault > while a TLB invalidate is requested by an other CPU holding the PTE. > > Support for THP is not done because when checking for the PMD, we can be > confused by an in progress collapsing operation done by khugepaged. The > issue is that pmd_none() could be true either if the PMD is not already > populate or if the underlying PTE are in the way to be collapsed. So we > cannot safely allocate a PMD if pmd_none() is true. > > This series builds on top of v4.15-mmotm-2018-01-31-16-51 and is > functional on x86 and PowerPC. One question which people will want to answer is "is this thing working". ie, how frequently does the code fall back to the regular heavyweight fault path. I see that trace events have been added for this, but the overall changelog doesn't describe them. I think this material is important enough to justify including it here. Also, a few words to help people figure out how to gather these stats would be nice. And maybe helper scripts if appropriate? I'm wondering if this info should even be presented via /proc/self/something, dunno. And it would be interesting to present the fallback frequency in the benchmark results. > ------------------ > Benchmarks results > > There is no functional change compared to the v6 so benchmark results are > the same. > Please see https://lkml.org/lkml/2018/1/12/515 for details. Please include this vitally important info in the [0/n], don't make people chase links. And I'd really like to see some quantitative testing results for real workloads, not just a bunch of microbenchmarks. Help us understand how useful this patchset is to our users.
On 08/02/2018 21:53, Andrew Morton wrote: > On Tue, 6 Feb 2018 17:49:46 +0100 Laurent Dufour <ldufour@linux.vnet.ibm.com> wrote: > >> This is a port on kernel 4.15 of the work done by Peter Zijlstra to >> handle page fault without holding the mm semaphore [1]. >> >> The idea is to try to handle user space page faults without holding the >> mmap_sem. This should allow better concurrency for massively threaded >> process since the page fault handler will not wait for other threads memory >> layout change to be done, assuming that this change is done in another part >> of the process's memory space. This type page fault is named speculative >> page fault. If the speculative page fault fails because of a concurrency is >> detected or because underlying PMD or PTE tables are not yet allocating, it >> is failing its processing and a classic page fault is then tried. >> >> The speculative page fault (SPF) has to look for the VMA matching the fault >> address without holding the mmap_sem, this is done by introducing a rwlock >> which protects the access to the mm_rb tree. Previously this was done using >> SRCU but it was introducing a lot of scheduling to process the VMA's >> freeing >> operation which was hitting the performance by 20% as reported by Kemi Wang >> [2].Using a rwlock to protect access to the mm_rb tree is limiting the >> locking contention to these operations which are expected to be in a O(log >> n) >> order. In addition to ensure that the VMA is not freed in our back a >> reference count is added and 2 services (get_vma() and put_vma()) are >> introduced to handle the reference count. When a VMA is fetch from the RB >> tree using get_vma() is must be later freeed using put_vma(). Furthermore, >> to allow the VMA to be used again by the classic page fault handler a >> service is introduced can_reuse_spf_vma(). This service is expected to be >> called with the mmap_sem hold. It checked that the VMA is still matching >> the specified address and is releasing its reference count as the mmap_sem >> is hold it is ensure that it will not be freed in our back. In general, the >> VMA's reference count could be decremented when holding the mmap_sem but it >> should not be increased as holding the mmap_sem is ensuring that the VMA is >> stable. I can't see anymore the overhead I got while will-it-scale >> benchmark anymore. >> >> The VMA's attributes checked during the speculative page fault processing >> have to be protected against parallel changes. This is done by using a per >> VMA sequence lock. This sequence lock allows the speculative page fault >> handler to fast check for parallel changes in progress and to abort the >> speculative page fault in that case. >> >> Once the VMA is found, the speculative page fault handler would check for >> the VMA's attributes to verify that the page fault has to be handled >> correctly or not. Thus the VMA is protected through a sequence lock which >> allows fast detection of concurrent VMA changes. If such a change is >> detected, the speculative page fault is aborted and a *classic* page fault >> is tried. VMA sequence lockings are added when VMA attributes which are >> checked during the page fault are modified. >> >> When the PTE is fetched, the VMA is checked to see if it has been changed, >> so once the page table is locked, the VMA is valid, so any other changes >> leading to touching this PTE will need to lock the page table, so no >> parallel change is possible at this time. >> >> The locking of the PTE is done with interrupts disabled, this allows to >> check for the PMD to ensure that there is not an ongoing collapsing >> operation. Since khugepaged is firstly set the PMD to pmd_none and then is >> waiting for the other CPU to have catch the IPI interrupt, if the pmd is >> valid at the time the PTE is locked, we have the guarantee that the >> collapsing opertion will have to wait on the PTE lock to move foward. This >> allows the SPF handler to map the PTE safely. If the PMD value is different >> than the one recorded at the beginning of the SPF operation, the classic >> page fault handler will be called to handle the operation while holding the >> mmap_sem. As the PTE lock is done with the interrupts disabled, the lock is >> done using spin_trylock() to avoid dead lock when handling a page fault >> while a TLB invalidate is requested by an other CPU holding the PTE. >> >> Support for THP is not done because when checking for the PMD, we can be >> confused by an in progress collapsing operation done by khugepaged. The >> issue is that pmd_none() could be true either if the PMD is not already >> populate or if the underlying PTE are in the way to be collapsed. So we >> cannot safely allocate a PMD if pmd_none() is true. >> >> This series builds on top of v4.15-mmotm-2018-01-31-16-51 and is >> functional on x86 and PowerPC. > > One question which people will want to answer is "is this thing > working". ie, how frequently does the code fall back to the regular > heavyweight fault path. > > I see that trace events have been added for this, but the overall > changelog doesn't describe them. I think this material is important > enough to justify including it here. Got it, I'll detail the new perf and trace events here. > Also, a few words to help people figure out how to gather these stats > would be nice. And maybe helper scripts if appropriate? I'll provide some command line examples detailing how to capture those events. > I'm wondering if this info should even be presented via > /proc/self/something, dunno. My understanding is that this is part of the kernel ABI, so I was not comfortable to touch it but if needed I could probably put some numbers there. > And it would be interesting to present the fallback frequency in the > benchmark results. Yes these numbers are missing. Here are numbers I captured during a kernbench run on a 80 CPUs Power node: 87549520 faults 0 spf Which is expected as the kernbench's processes are not multithreaded. When running ebizzy on the same node: 711589 faults 692649 spf 10579 pagefault:spf_pte_lock 7815 pagefault:spf_vma_changed 0 pagefault:spf_vma_noanon 417 pagefault:spf_vma_notsup 0 pagefault:spf_vma_access 0 pagefault:spf_pmd_changed Here about 98% of the page faults where managed in a speculative way. > >> ------------------ >> Benchmarks results >> >> There is no functional change compared to the v6 so benchmark results are >> the same. >> Please see https://lkml.org/lkml/2018/1/12/515 for details. > > Please include this vitally important info in the [0/n], don't make > people chase links. Sorry, will do next time. > > And I'd really like to see some quantitative testing results for real > workloads, not just a bunch of microbenchmarks. Help us understand how > useful this patchset is to our users. We did non official runs using a "popular in memory multithreaded database product" on 176 cores SMT8 Power system which showed a 30% improvements in the number of transaction processed per second. Here are the perf data captured during 2 of these runs : vanilla spf faults 89.418 101.364 spf n/a 97.989 With the SPF kernel, most of the page fault were processed in a speculative way. Laurent.
This is a port on kernel 4.15 of the work done by Peter Zijlstra to handle page fault without holding the mm semaphore [1]. The idea is to try to handle user space page faults without holding the mmap_sem. This should allow better concurrency for massively threaded process since the page fault handler will not wait for other threads memory layout change to be done, assuming that this change is done in another part of the process's memory space. This type page fault is named speculative page fault. If the speculative page fault fails because of a concurrency is detected or because underlying PMD or PTE tables are not yet allocating, it is failing its processing and a classic page fault is then tried. The speculative page fault (SPF) has to look for the VMA matching the fault address without holding the mmap_sem, this is done by introducing a rwlock which protects the access to the mm_rb tree. Previously this was done using SRCU but it was introducing a lot of scheduling to process the VMA's freeing operation which was hitting the performance by 20% as reported by Kemi Wang [2].Using a rwlock to protect access to the mm_rb tree is limiting the locking contention to these operations which are expected to be in a O(log n) order. In addition to ensure that the VMA is not freed in our back a reference count is added and 2 services (get_vma() and put_vma()) are introduced to handle the reference count. When a VMA is fetch from the RB tree using get_vma() is must be later freeed using put_vma(). Furthermore, to allow the VMA to be used again by the classic page fault handler a service is introduced can_reuse_spf_vma(). This service is expected to be called with the mmap_sem hold. It checked that the VMA is still matching the specified address and is releasing its reference count as the mmap_sem is hold it is ensure that it will not be freed in our back. In general, the VMA's reference count could be decremented when holding the mmap_sem but it should not be increased as holding the mmap_sem is ensuring that the VMA is stable. I can't see anymore the overhead I got while will-it-scale benchmark anymore. The VMA's attributes checked during the speculative page fault processing have to be protected against parallel changes. This is done by using a per VMA sequence lock. This sequence lock allows the speculative page fault handler to fast check for parallel changes in progress and to abort the speculative page fault in that case. Once the VMA is found, the speculative page fault handler would check for the VMA's attributes to verify that the page fault has to be handled correctly or not. Thus the VMA is protected through a sequence lock which allows fast detection of concurrent VMA changes. If such a change is detected, the speculative page fault is aborted and a *classic* page fault is tried. VMA sequence lockings are added when VMA attributes which are checked during the page fault are modified. When the PTE is fetched, the VMA is checked to see if it has been changed, so once the page table is locked, the VMA is valid, so any other changes leading to touching this PTE will need to lock the page table, so no parallel change is possible at this time. The locking of the PTE is done with interrupts disabled, this allows to check for the PMD to ensure that there is not an ongoing collapsing operation. Since khugepaged is firstly set the PMD to pmd_none and then is waiting for the other CPU to have catch the IPI interrupt, if the pmd is valid at the time the PTE is locked, we have the guarantee that the collapsing opertion will have to wait on the PTE lock to move foward. This allows the SPF handler to map the PTE safely. If the PMD value is different than the one recorded at the beginning of the SPF operation, the classic page fault handler will be called to handle the operation while holding the mmap_sem. As the PTE lock is done with the interrupts disabled, the lock is done using spin_trylock() to avoid dead lock when handling a page fault while a TLB invalidate is requested by an other CPU holding the PTE. Support for THP is not done because when checking for the PMD, we can be confused by an in progress collapsing operation done by khugepaged. The issue is that pmd_none() could be true either if the PMD is not already populate or if the underlying PTE are in the way to be collapsed. So we cannot safely allocate a PMD if pmd_none() is true. This series builds on top of v4.15-mmotm-2018-01-31-16-51 and is functional on x86 and PowerPC. ------------------ Benchmarks results There is no functional change compared to the v6 so benchmark results are the same. Please see https://lkml.org/lkml/2018/1/12/515 for details. ------------------ Changes since v6: - Rename config variable to CONFIG_SPECULATIVE_PAGE_FAULT (patch 1) - Review the way the config variable is set (patch 1 to 3) - Introduce mm_rb_write_*lock() in mm/mmap.c (patch 18) - Merge patch introducing pte try locking in the patch 18. Changes since v5: - use rwlock agains the mm RB tree in place of SRCU - add a VMA's reference count to protect VMA while using it without holding the mmap_sem. - check PMD value to detect collapsing operation - don't try speculative page fault for mono threaded processes - try to reuse the fetched VMA if VM_RETRY is returned - go directly to the error path if an error is detected during the SPF path - fix race window when moving VMA in move_vma() Changes since v4: - As requested by Andrew Morton, use CONFIG_SPF and define it earlier in the series to ease bisection. Changes since v3: - Don't build when CONFIG_SMP is not set - Fixed a lock dependency warning in __vma_adjust() - Use READ_ONCE to access p*d values in handle_speculative_fault() - Call memcp_oom() service in handle_speculative_fault() Changes since v2: - Perf event is renamed in PERF_COUNT_SW_SPF - On Power handle do_page_fault()'s cleaning - On Power if the VM_FAULT_ERROR is returned by handle_speculative_fault(), do not retry but jump to the error path - If VMA's flags are not matching the fault, directly returns VM_FAULT_SIGSEGV and not VM_FAULT_RETRY - Check for pud_trans_huge() to avoid speculative path - Handles _vm_normal_page()'s introduced by 6f16211df3bf ("mm/device-public-memory: device memory cache coherent with CPU") - add and review few comments in the code Changes since v1: - Remove PERF_COUNT_SW_SPF_FAILED perf event. - Add tracing events to details speculative page fault failures. - Cache VMA fields values which are used once the PTE is unlocked at the end of the page fault events. - Ensure that fields read during the speculative path are written and read using WRITE_ONCE and READ_ONCE. - Add checks at the beginning of the speculative path to abort it if the VMA is known to not be supported. Changes since RFC V5 [5] - Port to 4.13 kernel - Merging patch fixing lock dependency into the original patch - Replace the 2 parameters of vma_has_changed() with the vmf pointer - In patch 7, don't call __do_fault() in the speculative path as it may want to unlock the mmap_sem. - In patch 11-12, don't check for vma boundaries when page_add_new_anon_rmap() is called during the spf path and protect against anon_vma pointer's update. - In patch 13-16, add performance events to report number of successful and failed speculative events. [1] http://linux-kernel.2935.n7.nabble.com/RFC-PATCH-0-6-Another-go-at-speculative-page-faults-tt965642.html#none [2] https://patchwork.kernel.org/patch/9999687/ Laurent Dufour (19): mm: Introduce CONFIG_SPECULATIVE_PAGE_FAULT x86/mm: Define CONFIG_SPECULATIVE_PAGE_FAULT powerpc/mm: Define CONFIG_SPECULATIVE_PAGE_FAULT mm: Introduce pte_spinlock for FAULT_FLAG_SPECULATIVE mm: Protect VMA modifications using VMA sequence count mm: protect mremap() against SPF hanlder mm: Protect SPF handler against anon_vma changes mm: Cache some VMA fields in the vm_fault structure mm/migrate: Pass vm_fault pointer to migrate_misplaced_page() mm: Introduce __lru_cache_add_active_or_unevictable mm: Introduce __maybe_mkwrite() mm: Introduce __vm_normal_page() mm: Introduce __page_add_new_anon_rmap() mm: Protect mm_rb tree with a rwlock mm: Adding speculative page fault failure trace events perf: Add a speculative page fault sw event perf tools: Add support for the SPF perf event mm: Speculative page fault handler return VMA powerpc/mm: Add speculative page fault Peter Zijlstra (5): mm: Dont assume page-table invariance during faults mm: Prepare for FAULT_FLAG_SPECULATIVE mm: VMA sequence count mm: Provide speculative fault infrastructure x86/mm: Add speculative pagefault handling arch/powerpc/Kconfig | 1 + arch/powerpc/mm/fault.c | 31 +- arch/x86/Kconfig | 1 + arch/x86/mm/fault.c | 38 ++- fs/proc/task_mmu.c | 5 +- fs/userfaultfd.c | 17 +- include/linux/hugetlb_inline.h | 2 +- include/linux/migrate.h | 4 +- include/linux/mm.h | 91 +++++- include/linux/mm_types.h | 7 + include/linux/pagemap.h | 4 +- include/linux/rmap.h | 12 +- include/linux/swap.h | 10 +- include/trace/events/pagefault.h | 87 ++++++ include/uapi/linux/perf_event.h | 1 + kernel/fork.c | 3 + mm/Kconfig | 3 + mm/hugetlb.c | 2 + mm/init-mm.c | 3 + mm/internal.h | 20 ++ mm/khugepaged.c | 5 + mm/madvise.c | 6 +- mm/memory.c | 563 ++++++++++++++++++++++++++++++---- mm/mempolicy.c | 51 ++- mm/migrate.c | 4 +- mm/mlock.c | 13 +- mm/mmap.c | 211 ++++++++++--- mm/mprotect.c | 4 +- mm/mremap.c | 13 + mm/rmap.c | 5 +- mm/swap.c | 6 +- mm/swap_state.c | 8 +- tools/include/uapi/linux/perf_event.h | 1 + tools/perf/util/evsel.c | 1 + tools/perf/util/parse-events.c | 4 + tools/perf/util/parse-events.l | 1 + tools/perf/util/python.c | 1 + 37 files changed, 1075 insertions(+), 164 deletions(-) create mode 100644 include/trace/events/pagefault.h