Re: [v2 PATCH] mm: thp: fix false negative of shmem vma's THP eligibility

[Yang Shi]

On 6/7/19 8:58 PM, Hugh Dickins wrote:
> On Wed, 24 Apr 2019, Yang Shi wrote:
>
> > The commit 7635d9cbe832 ("mm, thp, proc: report THP eligibility for each
> > vma") introduced THPeligible bit for processes' smaps. But, when checking
> > the eligibility for shmem vma, __transparent_hugepage_enabled() is
> > called to override the result from shmem_huge_enabled().  It may result
> > in the anonymous vma's THP flag override shmem's.  For example, running a
> > simple test which create THP for shmem, but with anonymous THP disabled,
> > when reading the process's smaps, it may show:
> >
> > 7fc92ec00000-7fc92f000000 rw-s 00000000 00:14 27764 /dev/shm/test
> > Size:               4096 kB
> > ...
> > [snip]
> > ...
> > ShmemPmdMapped:     4096 kB
> > ...
> > [snip]
> > ...
> > THPeligible:    0
> >
> > And, /proc/meminfo does show THP allocated and PMD mapped too:
> >
> > ShmemHugePages:     4096 kB
> > ShmemPmdMapped:     4096 kB
> >
> > This doesn't make too much sense.  The anonymous THP flag should not
> > intervene shmem THP.  Calling shmem_huge_enabled() with checking
> > MMF_DISABLE_THP sounds good enough.  And, we could skip stack and
> > dax vma check since we already checked if the vma is shmem already.
> >
> > Fixes: 7635d9cbe832 ("mm, thp, proc: report THP eligibility for each vma")
> > Cc: Michal Hocko <mhocko@xxxxxxxx>
> > Cc: Vlastimil Babka <vbabka@xxxxxxx>
> > Cc: David Rientjes <rientjes@xxxxxxxxxx>
> > Cc: Kirill A. Shutemov <kirill@xxxxxxxxxxxxx>
> > Signed-off-by: Yang Shi <yang.shi@xxxxxxxxxxxxxxxxx>
> > ---
> > v2: Check VM_NOHUGEPAGE per Michal Hocko
> >
> >   mm/huge_memory.c | 4 ++--
> >   mm/shmem.c       | 3 +++
> >   2 files changed, 5 insertions(+), 2 deletions(-)
> >
> > diff --git a/mm/huge_memory.c b/mm/huge_memory.c
> > index 165ea46..5881e82 100644
> > --- a/mm/huge_memory.c
> > +++ b/mm/huge_memory.c
> > @@ -67,8 +67,8 @@ bool transparent_hugepage_enabled(struct vm_area_struct *vma)
> >   {
> >   	if (vma_is_anonymous(vma))
> >   		return __transparent_hugepage_enabled(vma);
> > -	if (vma_is_shmem(vma) && shmem_huge_enabled(vma))
> > -		return __transparent_hugepage_enabled(vma);
> > +	if (vma_is_shmem(vma))
> > +		return shmem_huge_enabled(vma);
> >   
> >   	return false;
> >   }
> > diff --git a/mm/shmem.c b/mm/shmem.c
> > index 2275a0f..6f09a31 100644
> > --- a/mm/shmem.c
> > +++ b/mm/shmem.c
> > @@ -3873,6 +3873,9 @@ bool shmem_huge_enabled(struct vm_area_struct *vma)
> >   	loff_t i_size;
> >   	pgoff_t off;
> >   
> > +	if ((vma->vm_flags & VM_NOHUGEPAGE) ||
> > +	    test_bit(MMF_DISABLE_THP, &vma->vm_mm->flags))
> > +		return false;
> Yes, that is correct; and correctly placed. But a little more is needed:
> see how mm/memory.c's transhuge_vma_suitable() will only allow a pmd to
> be used instead of a pte if the vma offset and size permit. smaps should
> not report a shmem vma as THPeligible if its offset or size prevent it.
>
> And I see that should also be fixed on anon vmas: at present smaps
> reports even a 4kB anon vma as THPeligible, which is not right.
> Maybe a test like transhuge_vma_suitable() can be added into
> transparent_hugepage_enabled(), to handle anon and shmem together.
> I say "like transhuge_vma_suitable()", because that function needs
> an address, which here you don't have.

Thanks for the remind. Since we don't have an address I'm supposed we 
just need check if the vma's size is big enough or not other than other 
alignment check.

And, I'm wondering whether we could reuse transhuge_vma_suitable() by 
passing in an impossible address, i.e. -1 since it is not a valid 
userspace address. It can be used as and indicator that this call is 
from THPeligible context.

> The anon offset situation is interesting: usually anon vm_pgoff is
> initialized to fit with its vm_start, so the anon offset check passes;
> but I wonder what happens after mremap to a different address - does
> transhuge_vma_suitable() then prevent the use of pmds where they could
> actually be used? Not a Number#1 priority to investigate or fix here!
> but a curiosity someone might want to look into.

Will mark on my TODO list.

> >   	if (shmem_huge == SHMEM_HUGE_FORCE)
> >   		return true;
> >   	if (shmem_huge == SHMEM_HUGE_DENY)
> > --
> > 1.8.3.1
>
> Even with your changes
> ShmemPmdMapped:     4096 kB
> THPeligible:    0
> will easily be seen: THPeligible reflects whether a huge page can be
> allocated and mapped by pmd in that vma; but if something else already
> allocated the huge page earlier, it will be mapped by pmd in this vma
> if offset and size allow, whatever THPeligible says. We could change
> transhuge_vma_suitable() to force ptes in that case, but it would be
> a silly change, just to make what smaps shows easier to explain.

Where did this come from? From the commit log? If so it is the example 
for the wrong smap output. If that case really happens, I think we could 
document it since THPeligible should just show the current status.

> Hugh