Re: mm,tlb: revert 4647706ebeee?

From: Nicholas Piggin
Date: Tue Jul 10 2018 - 01:33:32 EST

Next message: Leon Romanovsky: "Re: [PATCH] ib_srpt: use kvmalloc to allocate ring pointers"
Previous message: kemi: "Re: [LKP] [lkp-robot] [brd] 316ba5736c: aim7.jobs-per-min -11.2% regression"
In reply to: Andrew Morton: "Re: mm,tlb: revert 4647706ebeee?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 9 Jul 2018 17:13:56 -0700
Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> wrote:

> On Sun, 8 Jul 2018 01:25:38 +1000 Nicholas Piggin <npiggin@xxxxxxxxx> wrote:
>
> > On Fri, 06 Jul 2018 13:03:55 -0400
> > Rik van Riel <riel@xxxxxxxxxxx> wrote:
> >
> > > Hello,
> > >
> > > It looks like last summer, there were 2 sets of patches
> > > in flight to fix the issue of simultaneous mprotect/madvise
> > > calls unmapping PTEs, and some pages not being flushed from
> > > the TLB before returning to userspace.
> > >
> > > Minchan posted these patches:
> > > 56236a59556c ("mm: refactor TLB gathering API")
> > > 99baac21e458 ("mm: fix MADV_[FREE|DONTNEED] TLB flush miss problem")
> > >
> > > Around the same time, Mel posted:
> > > 4647706ebeee ("mm: always flush VMA ranges affected by zap_page_range")
> > >
> > > They both appear to solve the same bug.
> > >
> > > Only one of the two solutions is needed.
> > >
> > > However, 4647706ebeee appears to introduce extra TLB
> > > flushes - one per VMA, instead of one over the entire
> > > range unmapped, and also extra flushes when there are
> > > no simultaneous unmappers of the same mm.
> > >
> > > For that reason, it seems like we should revert
> > > 4647706ebeee and keep only Minchan's solution in
> > > the kernel.
> > >
> > > Am I overlooking any reason why we should not revert
> > > 4647706ebeee?
> >
> > Yes I think so. Discussed here recently:
> >
> > https://marc.info/?l=linux-mm&m=152878780528037&w=2
>
> Unclear if that was an ack ;)
>

Sure, I'm thinking Rik's mail is a ack for my patch :)

No actually I think it's okay, but was in the middle of testing
my series when Aneesh pointed out a bit was missing from powerpc,
so I had to go off and fix that, I think that's upstream now. So
need to go back and re-test this revert.

Wouldn't hurt for other arch maintainers to have a look I guess
(cc linux-arch):

The problem powerpc had is that mmu_gather flushing will flush a
single page size based on the ptes it encounters when we zap. If
we hit a different page size, it flushes and switches to the new
size. If we have concurrent zaps on the same range, the other
thread may have cleared a large page pte so we won't see that and
will only do a small page flush for that range. Which means we can
return before the other thread invalidated our TLB for the large
pages in the range we wanted to flush.

I suspect most arches are probably okay, but if you make any TLB
flush choices based on the pte contents, then you could be exposed.
Except in the case of archs like sparc and powerpc/hash which do
the flushing in arch_leave_lazy_mmu_mode(), because that is called
under the same page table lock, so there can't be concurrent zap.

A quick look through the archs doesn't show anything obvious, but
please take a look at your arch.

And I'll try to do a bit more testing.

Thanks,
Nick

Next message: Leon Romanovsky: "Re: [PATCH] ib_srpt: use kvmalloc to allocate ring pointers"
Previous message: kemi: "Re: [LKP] [lkp-robot] [brd] 316ba5736c: aim7.jobs-per-min -11.2% regression"
In reply to: Andrew Morton: "Re: mm,tlb: revert 4647706ebeee?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]