Hi All,
This patchset adds support for lazyfreeing multi-size THP (mTHP) without
needing to first split the large folio via split_folio(). However, we
still need to split a large folio that is not fully mapped within the
target range.
If a large folio is locked or shared, or if we fail to split it, we just
leave it in place and advance to the next PTE in the range. But note that
the behavior is changed; previously, any failure of this sort would cause
the entire operation to give up. As large folios become more common,
sticking to the old way could result in wasted opportunities.
Performance Testing
===================
On an Intel I5 CPU, lazyfreeing a 1GiB VMA backed by PTE-mapped folios of
the same size results in the following runtimes for madvise(MADV_FREE)
in seconds (shorter is better):
Folio Size | Old | New | Change
------------------------------------------
4KiB | 0.590251 | 0.590259 | 0%
16KiB | 2.990447 | 0.185655 | -94%
32KiB | 2.547831 | 0.104870 | -95%
64KiB | 2.457796 | 0.052812 | -97%
128KiB | 2.281034 | 0.032777 | -99%
256KiB | 2.230387 | 0.017496 | -99%
512KiB | 2.189106 | 0.010781 | -99%
1024KiB | 2.183949 | 0.007753 | -99%
2048KiB | 0.002799 | 0.002804 | 0%
---
This patchset applies against mm-unstable (f52bcd4a9f60).
The performance numbers are from v2. I did a quick benchmark run of v10 and
nothing significantly changed.
Changes since v9 [9]
====================
- mm/madvise: optimize lazyfreeing with mTHP in madvise_free
- Pass any_dirty to madvise_folio_pte_batch() (Thanks to David Hildenbrand)
- Pick up AB's, Thanks to David!
Changes since v8 [8]
====================
- mm/madvise: optimize lazyfreeing with mTHP in madvise_free
- Leave the split folio code as is in the caller (per David Hildenbrand)
- Use cydp_flags here that will make this easier to read (per
David Hildenbrand)
- Pick up RB's, Thanks to Ryan!
Changes since v7 [7]
====================
- mm/madvise: optimize lazyfreeing with mTHP in madvise_free
- Remove the duplicated check for the mapcount (per Ryan Roberts,
David Hildenbrand)
- Pick up AB's and RB's. Thanks to Ryan and David!
Changes since v6 [6]
====================
- Fix a bug with incorrect bitwise operations (Thanks to Ryan Roberts)
- Use a cmpxchg loop to only clear one of the flags to prevent race with
the HW (per Ryan Roberts)
Changes since v5 [5]
====================
- Convert mkold_ptes() to clear_young_dirty_ptes() (per Ryan Roberts)
- Use the __bitwise flags as the input for clear_young_dirty_ptes()
(per David Hildenbrand)
- Follow the pattern already established by the original code
(per Ryan Roberts)
Changes since v4 [4]
====================
- The first patch implements the MADV_FREE change and introduces
mkold_clean_ptes() with a generic implementation. The second patch
specializes mkold_clean_ptes() for arm64, providing a performance boost
specific to arm64 (per Ryan Roberts)
- Drop the full parameter and call ptep_get_and_clear() in mkold_clean_ptes()
(per Ryan Roberts)
- Keep the previous behavior that avoids locking the folio if it wasn't in the
swapcache or if it wasn't dirty (per Ryan Roberts)
Changes since v3 [3]
====================
- Rename refresh_full_ptes -> mkold_clean_ptes (per Ryan Roberts)
- Override mkold_clean_ptes() for arm64 to make it faster (per Ryan Roberts)
- Update the changelog
Changes since v2 [2]
====================
- Only skip all the PTEs for nr_pages when the number of batched PTEs matches
nr_pages (per Barry Song)
- Change folio_pte_batch() to consume an optional *any_dirty and *any_young
function (per David Hildenbrand)
- Move the ptep_get_and_clear_full() loop into refresh_full_ptes() (per
David Hildenbrand)
- Follow a similar pattern for madvise_free_pte_range() (per Ryan Roberts)
Changes since v1 [1]
====================
- Update the performance numbers
- Update the changelog (per Ryan Roberts)
- Check the COW folio (per Yin Fengwei)
- Check if we are mapping all subpages (per Barry Song, David Hildenbrand,
Ryan Roberts)
[1] https://lore.kernel.org/linux-mm/[email protected]
[2] https://lore.kernel.org/linux-mm/[email protected]
[3] https://lore.kernel.org/linux-mm/[email protected]
[4] https://lore.kernel.org/linux-mm/[email protected]
[5] https://lore.kernel.org/linux-mm/[email protected]
[6] https://lore.kernel.org/linux-mm/[email protected]
[7] https://lore.kernel.org/linux-mm/[email protected]
[8] https://lore.kernel.org/linux-mm/[email protected]
[9] https://lore.kernel.org/linux-mm/[email protected]
Thanks,
Lance
Lance Yang (4):
mm/madvise: introduce clear_young_dirty_ptes() batch helper
mm/arm64: override clear_young_dirty_ptes() batch helper
mm/memory: add any_dirty optional pointer to folio_pte_batch()
mm/madvise: optimize lazyfreeing with mTHP in madvise_free
arch/arm64/include/asm/pgtable.h | 55 +++++++++++++++++++++++++++++++++++++++
arch/arm64/mm/contpte.c | 29 +++++++++++++++++++++++
include/linux/mm_types.h | 9 ++++++++
include/linux/pgtable.h | 74 +++++++++++++++++++++------------------
mm/internal.h | 12 ++++++++--
mm/madvise.c | 107 +++++++++++++++++++--------------------
mm/memory.c | 4 ++--
7 files changed, 209 insertions(+), 81 deletions(-)
--
2.33.1
This commit introduces clear_young_dirty_ptes() to replace mkold_ptes().
By doing so, we can use the same function for both use cases
(madvise_pageout and madvise_free), and it also provides the flexibility
to only clear the dirty flag in the future if needed.
Suggested-by: Ryan Roberts <[email protected]>
Acked-by: David Hildenbrand <[email protected]>
Reviewed-by: Ryan Roberts <[email protected]>
Signed-off-by: Lance Yang <[email protected]>
---
include/linux/mm_types.h | 9 +++++
include/linux/pgtable.h | 74 ++++++++++++++++++++++++----------------
mm/madvise.c | 3 +-
3 files changed, 55 insertions(+), 31 deletions(-)
diff --git a/include/linux/mm_types.h b/include/linux/mm_types.h
index db0adf5721cc..24323c7d0bd4 100644
--- a/include/linux/mm_types.h
+++ b/include/linux/mm_types.h
@@ -1368,6 +1368,15 @@ enum fault_flag {
typedef unsigned int __bitwise zap_flags_t;
+/* Flags for clear_young_dirty_ptes(). */
+typedef int __bitwise cydp_t;
+
+/* Clear the access bit */
+#define CYDP_CLEAR_YOUNG ((__force cydp_t)BIT(0))
+
+/* Clear the dirty bit */
+#define CYDP_CLEAR_DIRTY ((__force cydp_t)BIT(1))
+
/*
* FOLL_PIN and FOLL_LONGTERM may be used in various combinations with each
* other. Here is what they mean, and how to use them:
diff --git a/include/linux/pgtable.h b/include/linux/pgtable.h
index e2f45e22a6d1..18019f037bae 100644
--- a/include/linux/pgtable.h
+++ b/include/linux/pgtable.h
@@ -361,36 +361,6 @@ static inline int ptep_test_and_clear_young(struct vm_area_struct *vma,
}
#endif
-#ifndef mkold_ptes
-/**
- * mkold_ptes - Mark PTEs that map consecutive pages of the same folio as old.
- * @vma: VMA the pages are mapped into.
- * @addr: Address the first page is mapped at.
- * @ptep: Page table pointer for the first entry.
- * @nr: Number of entries to mark old.
- *
- * May be overridden by the architecture; otherwise, implemented as a simple
- * loop over ptep_test_and_clear_young().
- *
- * Note that PTE bits in the PTE range besides the PFN can differ. For example,
- * some PTEs might be write-protected.
- *
- * Context: The caller holds the page table lock. The PTEs map consecutive
- * pages that belong to the same folio. The PTEs are all in the same PMD.
- */
-static inline void mkold_ptes(struct vm_area_struct *vma, unsigned long addr,
- pte_t *ptep, unsigned int nr)
-{
- for (;;) {
- ptep_test_and_clear_young(vma, addr, ptep);
- if (--nr == 0)
- break;
- ptep++;
- addr += PAGE_SIZE;
- }
-}
-#endif
-
#ifndef __HAVE_ARCH_PMDP_TEST_AND_CLEAR_YOUNG
#if defined(CONFIG_TRANSPARENT_HUGEPAGE) || defined(CONFIG_ARCH_HAS_NONLEAF_PMD_YOUNG)
static inline int pmdp_test_and_clear_young(struct vm_area_struct *vma,
@@ -489,6 +459,50 @@ static inline pte_t ptep_get_and_clear(struct mm_struct *mm,
}
#endif
+#ifndef clear_young_dirty_ptes
+/**
+ * clear_young_dirty_ptes - Mark PTEs that map consecutive pages of the
+ * same folio as old/clean.
+ * @mm: Address space the pages are mapped into.
+ * @addr: Address the first page is mapped at.
+ * @ptep: Page table pointer for the first entry.
+ * @nr: Number of entries to mark old/clean.
+ * @flags: Flags to modify the PTE batch semantics.
+ *
+ * May be overridden by the architecture; otherwise, implemented by
+ * get_and_clear/modify/set for each pte in the range.
+ *
+ * Note that PTE bits in the PTE range besides the PFN can differ. For example,
+ * some PTEs might be write-protected.
+ *
+ * Context: The caller holds the page table lock. The PTEs map consecutive
+ * pages that belong to the same folio. The PTEs are all in the same PMD.
+ */
+static inline void clear_young_dirty_ptes(struct vm_area_struct *vma,
+ unsigned long addr, pte_t *ptep,
+ unsigned int nr, cydp_t flags)
+{
+ pte_t pte;
+
+ for (;;) {
+ if (flags == CYDP_CLEAR_YOUNG)
+ ptep_test_and_clear_young(vma, addr, ptep);
+ else {
+ pte = ptep_get_and_clear(vma->vm_mm, addr, ptep);
+ if (flags & CYDP_CLEAR_YOUNG)
+ pte = pte_mkold(pte);
+ if (flags & CYDP_CLEAR_DIRTY)
+ pte = pte_mkclean(pte);
+ set_pte_at(vma->vm_mm, addr, ptep, pte);
+ }
+ if (--nr == 0)
+ break;
+ ptep++;
+ addr += PAGE_SIZE;
+ }
+}
+#endif
+
static inline void ptep_clear(struct mm_struct *mm, unsigned long addr,
pte_t *ptep)
{
diff --git a/mm/madvise.c b/mm/madvise.c
index 4b869b682fd5..f5e3699e7b54 100644
--- a/mm/madvise.c
+++ b/mm/madvise.c
@@ -507,7 +507,8 @@ static int madvise_cold_or_pageout_pte_range(pmd_t *pmd,
continue;
if (!pageout && pte_young(ptent)) {
- mkold_ptes(vma, addr, pte, nr);
+ clear_young_dirty_ptes(vma, addr, pte, nr,
+ CYDP_CLEAR_YOUNG);
tlb_remove_tlb_entries(tlb, pte, nr, addr);
}
--
2.33.1
The per-pte get_and_clear/modify/set approach would result in
unfolding/refolding for contpte mappings on arm64. So we need
to override clear_young_dirty_ptes() for arm64 to avoid it.
Suggested-by: Barry Song <[email protected]>
Suggested-by: Ryan Roberts <[email protected]>
Reviewed-by: Ryan Roberts <[email protected]>
Signed-off-by: Lance Yang <[email protected]>
---
arch/arm64/include/asm/pgtable.h | 55 ++++++++++++++++++++++++++++++++
arch/arm64/mm/contpte.c | 29 +++++++++++++++++
2 files changed, 84 insertions(+)
diff --git a/arch/arm64/include/asm/pgtable.h b/arch/arm64/include/asm/pgtable.h
index 9fd8613b2db2..1303d30287dc 100644
--- a/arch/arm64/include/asm/pgtable.h
+++ b/arch/arm64/include/asm/pgtable.h
@@ -1223,6 +1223,46 @@ static inline void __wrprotect_ptes(struct mm_struct *mm, unsigned long address,
__ptep_set_wrprotect(mm, address, ptep);
}
+static inline void __clear_young_dirty_pte(struct vm_area_struct *vma,
+ unsigned long addr, pte_t *ptep,
+ pte_t pte, cydp_t flags)
+{
+ pte_t old_pte;
+
+ do {
+ old_pte = pte;
+
+ if (flags & CYDP_CLEAR_YOUNG)
+ pte = pte_mkold(pte);
+ if (flags & CYDP_CLEAR_DIRTY)
+ pte = pte_mkclean(pte);
+
+ pte_val(pte) = cmpxchg_relaxed(&pte_val(*ptep),
+ pte_val(old_pte), pte_val(pte));
+ } while (pte_val(pte) != pte_val(old_pte));
+}
+
+static inline void __clear_young_dirty_ptes(struct vm_area_struct *vma,
+ unsigned long addr, pte_t *ptep,
+ unsigned int nr, cydp_t flags)
+{
+ pte_t pte;
+
+ for (;;) {
+ pte = __ptep_get(ptep);
+
+ if (flags == (CYDP_CLEAR_YOUNG | CYDP_CLEAR_DIRTY))
+ __set_pte(ptep, pte_mkclean(pte_mkold(pte)));
+ else
+ __clear_young_dirty_pte(vma, addr, ptep, pte, flags);
+
+ if (--nr == 0)
+ break;
+ ptep++;
+ addr += PAGE_SIZE;
+ }
+}
+
#ifdef CONFIG_TRANSPARENT_HUGEPAGE
#define __HAVE_ARCH_PMDP_SET_WRPROTECT
static inline void pmdp_set_wrprotect(struct mm_struct *mm,
@@ -1379,6 +1419,9 @@ extern void contpte_wrprotect_ptes(struct mm_struct *mm, unsigned long addr,
extern int contpte_ptep_set_access_flags(struct vm_area_struct *vma,
unsigned long addr, pte_t *ptep,
pte_t entry, int dirty);
+extern void contpte_clear_young_dirty_ptes(struct vm_area_struct *vma,
+ unsigned long addr, pte_t *ptep,
+ unsigned int nr, cydp_t flags);
static __always_inline void contpte_try_fold(struct mm_struct *mm,
unsigned long addr, pte_t *ptep, pte_t pte)
@@ -1603,6 +1646,17 @@ static inline int ptep_set_access_flags(struct vm_area_struct *vma,
return contpte_ptep_set_access_flags(vma, addr, ptep, entry, dirty);
}
+#define clear_young_dirty_ptes clear_young_dirty_ptes
+static inline void clear_young_dirty_ptes(struct vm_area_struct *vma,
+ unsigned long addr, pte_t *ptep,
+ unsigned int nr, cydp_t flags)
+{
+ if (likely(nr == 1 && !pte_cont(__ptep_get(ptep))))
+ __clear_young_dirty_ptes(vma, addr, ptep, nr, flags);
+ else
+ contpte_clear_young_dirty_ptes(vma, addr, ptep, nr, flags);
+}
+
#else /* CONFIG_ARM64_CONTPTE */
#define ptep_get __ptep_get
@@ -1622,6 +1676,7 @@ static inline int ptep_set_access_flags(struct vm_area_struct *vma,
#define wrprotect_ptes __wrprotect_ptes
#define __HAVE_ARCH_PTEP_SET_ACCESS_FLAGS
#define ptep_set_access_flags __ptep_set_access_flags
+#define clear_young_dirty_ptes __clear_young_dirty_ptes
#endif /* CONFIG_ARM64_CONTPTE */
diff --git a/arch/arm64/mm/contpte.c b/arch/arm64/mm/contpte.c
index 1b64b4c3f8bf..9f9486de0004 100644
--- a/arch/arm64/mm/contpte.c
+++ b/arch/arm64/mm/contpte.c
@@ -361,6 +361,35 @@ void contpte_wrprotect_ptes(struct mm_struct *mm, unsigned long addr,
}
EXPORT_SYMBOL_GPL(contpte_wrprotect_ptes);
+void contpte_clear_young_dirty_ptes(struct vm_area_struct *vma,
+ unsigned long addr, pte_t *ptep,
+ unsigned int nr, cydp_t flags)
+{
+ /*
+ * We can safely clear access/dirty without needing to unfold from
+ * the architectures perspective, even when contpte is set. If the
+ * range starts or ends midway through a contpte block, we can just
+ * expand to include the full contpte block. While this is not
+ * exactly what the core-mm asked for, it tracks access/dirty per
+ * folio, not per page. And since we only create a contpte block
+ * when it is covered by a single folio, we can get away with
+ * clearing access/dirty for the whole block.
+ */
+ unsigned long start = addr;
+ unsigned long end = start + nr;
+
+ if (pte_cont(__ptep_get(ptep + nr - 1)))
+ end = ALIGN(end, CONT_PTE_SIZE);
+
+ if (pte_cont(__ptep_get(ptep))) {
+ start = ALIGN_DOWN(start, CONT_PTE_SIZE);
+ ptep = contpte_align_down(ptep);
+ }
+
+ __clear_young_dirty_ptes(vma, start, ptep, end - start, flags);
+}
+EXPORT_SYMBOL_GPL(contpte_clear_young_dirty_ptes);
+
int contpte_ptep_set_access_flags(struct vm_area_struct *vma,
unsigned long addr, pte_t *ptep,
pte_t entry, int dirty)
--
2.33.1
This commit adds the any_dirty pointer as an optional parameter to
folio_pte_batch() function. By using both the any_young and any_dirty pointers,
madvise_free can make smarter decisions about whether to clear the PTEs when
marking large folios as lazyfree.
Suggested-by: David Hildenbrand <[email protected]>
Acked-by: David Hildenbrand <[email protected]>
Signed-off-by: Lance Yang <[email protected]>
---
mm/internal.h | 12 ++++++++++--
mm/madvise.c | 19 ++++++++++++++-----
mm/memory.c | 4 ++--
3 files changed, 26 insertions(+), 9 deletions(-)
diff --git a/mm/internal.h b/mm/internal.h
index c6483f73ec13..daa59cef85d7 100644
--- a/mm/internal.h
+++ b/mm/internal.h
@@ -134,6 +134,8 @@ static inline pte_t __pte_batch_clear_ignored(pte_t pte, fpb_t flags)
* first one is writable.
* @any_young: Optional pointer to indicate whether any entry except the
* first one is young.
+ * @any_dirty: Optional pointer to indicate whether any entry except the
+ * first one is dirty.
*
* Detect a PTE batch: consecutive (present) PTEs that map consecutive
* pages of the same large folio.
@@ -149,18 +151,20 @@ static inline pte_t __pte_batch_clear_ignored(pte_t pte, fpb_t flags)
*/
static inline int folio_pte_batch(struct folio *folio, unsigned long addr,
pte_t *start_ptep, pte_t pte, int max_nr, fpb_t flags,
- bool *any_writable, bool *any_young)
+ bool *any_writable, bool *any_young, bool *any_dirty)
{
unsigned long folio_end_pfn = folio_pfn(folio) + folio_nr_pages(folio);
const pte_t *end_ptep = start_ptep + max_nr;
pte_t expected_pte, *ptep;
- bool writable, young;
+ bool writable, young, dirty;
int nr;
if (any_writable)
*any_writable = false;
if (any_young)
*any_young = false;
+ if (any_dirty)
+ *any_dirty = false;
VM_WARN_ON_FOLIO(!pte_present(pte), folio);
VM_WARN_ON_FOLIO(!folio_test_large(folio) || max_nr < 1, folio);
@@ -176,6 +180,8 @@ static inline int folio_pte_batch(struct folio *folio, unsigned long addr,
writable = !!pte_write(pte);
if (any_young)
young = !!pte_young(pte);
+ if (any_dirty)
+ dirty = !!pte_dirty(pte);
pte = __pte_batch_clear_ignored(pte, flags);
if (!pte_same(pte, expected_pte))
@@ -193,6 +199,8 @@ static inline int folio_pte_batch(struct folio *folio, unsigned long addr,
*any_writable |= writable;
if (any_young)
*any_young |= young;
+ if (any_dirty)
+ *any_dirty |= dirty;
nr = pte_batch_hint(ptep, pte);
expected_pte = pte_advance_pfn(expected_pte, nr);
diff --git a/mm/madvise.c b/mm/madvise.c
index f5e3699e7b54..4597a3568e7e 100644
--- a/mm/madvise.c
+++ b/mm/madvise.c
@@ -321,6 +321,18 @@ static inline bool can_do_file_pageout(struct vm_area_struct *vma)
file_permission(vma->vm_file, MAY_WRITE) == 0;
}
+static inline int madvise_folio_pte_batch(unsigned long addr, unsigned long end,
+ struct folio *folio, pte_t *ptep,
+ pte_t pte, bool *any_young,
+ bool *any_dirty)
+{
+ const fpb_t fpb_flags = FPB_IGNORE_DIRTY | FPB_IGNORE_SOFT_DIRTY;
+ int max_nr = (end - addr) / PAGE_SIZE;
+
+ return folio_pte_batch(folio, addr, ptep, pte, max_nr, fpb_flags, NULL,
+ any_young, any_dirty);
+}
+
static int madvise_cold_or_pageout_pte_range(pmd_t *pmd,
unsigned long addr, unsigned long end,
struct mm_walk *walk)
@@ -456,13 +468,10 @@ static int madvise_cold_or_pageout_pte_range(pmd_t *pmd,
* next pte in the range.
*/
if (folio_test_large(folio)) {
- const fpb_t fpb_flags = FPB_IGNORE_DIRTY |
- FPB_IGNORE_SOFT_DIRTY;
- int max_nr = (end - addr) / PAGE_SIZE;
bool any_young;
- nr = folio_pte_batch(folio, addr, pte, ptent, max_nr,
- fpb_flags, NULL, &any_young);
+ nr = madvise_folio_pte_batch(addr, end, folio, pte,
+ ptent, &any_young, NULL);
if (any_young)
ptent = pte_mkyoung(ptent);
diff --git a/mm/memory.c b/mm/memory.c
index 33d87b64d15d..9e07d1b9020c 100644
--- a/mm/memory.c
+++ b/mm/memory.c
@@ -989,7 +989,7 @@ copy_present_ptes(struct vm_area_struct *dst_vma, struct vm_area_struct *src_vma
flags |= FPB_IGNORE_SOFT_DIRTY;
nr = folio_pte_batch(folio, addr, src_pte, pte, max_nr, flags,
- &any_writable, NULL);
+ &any_writable, NULL, NULL);
folio_ref_add(folio, nr);
if (folio_test_anon(folio)) {
if (unlikely(folio_try_dup_anon_rmap_ptes(folio, page,
@@ -1558,7 +1558,7 @@ static inline int zap_present_ptes(struct mmu_gather *tlb,
*/
if (unlikely(folio_test_large(folio) && max_nr != 1)) {
nr = folio_pte_batch(folio, addr, pte, ptent, max_nr, fpb_flags,
- NULL, NULL);
+ NULL, NULL, NULL);
zap_present_folio_ptes(tlb, vma, folio, page, pte, ptent, nr,
addr, details, rss, force_flush,
--
2.33.1
This patch optimizes lazyfreeing with PTE-mapped mTHP[1]
(Inspired by David Hildenbrand[2]). We aim to avoid unnecessary folio
splitting if the large folio is fully mapped within the target range.
If a large folio is locked or shared, or if we fail to split it, we just
leave it in place and advance to the next PTE in the range. But note that
the behavior is changed; previously, any failure of this sort would cause
the entire operation to give up. As large folios become more common,
sticking to the old way could result in wasted opportunities.
On an Intel I5 CPU, lazyfreeing a 1GiB VMA backed by PTE-mapped folios of
the same size results in the following runtimes for madvise(MADV_FREE) in
seconds (shorter is better):
Folio Size | Old | New | Change
------------------------------------------
4KiB | 0.590251 | 0.590259 | 0%
16KiB | 2.990447 | 0.185655 | -94%
32KiB | 2.547831 | 0.104870 | -95%
64KiB | 2.457796 | 0.052812 | -97%
128KiB | 2.281034 | 0.032777 | -99%
256KiB | 2.230387 | 0.017496 | -99%
512KiB | 2.189106 | 0.010781 | -99%
1024KiB | 2.183949 | 0.007753 | -99%
2048KiB | 0.002799 | 0.002804 | 0%
[1] https://lkml.kernel.org/r/[email protected]
[2] https://lore.kernel.org/linux-mm/[email protected]
Reviewed-by: Ryan Roberts <[email protected]>
Acked-by: David Hildenbrand <[email protected]>
Signed-off-by: Lance Yang <[email protected]>
---
mm/madvise.c | 85 +++++++++++++++++++++++++++-------------------------
1 file changed, 44 insertions(+), 41 deletions(-)
diff --git a/mm/madvise.c b/mm/madvise.c
index 4597a3568e7e..ed125ad8a21e 100644
--- a/mm/madvise.c
+++ b/mm/madvise.c
@@ -643,6 +643,7 @@ static int madvise_free_pte_range(pmd_t *pmd, unsigned long addr,
unsigned long end, struct mm_walk *walk)
{
+ const cydp_t cydp_flags = CYDP_CLEAR_YOUNG | CYDP_CLEAR_DIRTY;
struct mmu_gather *tlb = walk->private;
struct mm_struct *mm = tlb->mm;
struct vm_area_struct *vma = walk->vma;
@@ -697,44 +698,57 @@ static int madvise_free_pte_range(pmd_t *pmd, unsigned long addr,
continue;
/*
- * If pmd isn't transhuge but the folio is large and
- * is owned by only this process, split it and
- * deactivate all pages.
+ * If we encounter a large folio, only split it if it is not
+ * fully mapped within the range we are operating on. Otherwise
+ * leave it as is so that it can be marked as lazyfree. If we
+ * fail to split a folio, leave it in place and advance to the
+ * next pte in the range.
*/
if (folio_test_large(folio)) {
- int err;
+ bool any_young, any_dirty;
- if (folio_likely_mapped_shared(folio))
- break;
- if (!folio_trylock(folio))
- break;
- folio_get(folio);
- arch_leave_lazy_mmu_mode();
- pte_unmap_unlock(start_pte, ptl);
- start_pte = NULL;
- err = split_folio(folio);
- folio_unlock(folio);
- folio_put(folio);
- if (err)
- break;
- start_pte = pte =
- pte_offset_map_lock(mm, pmd, addr, &ptl);
- if (!start_pte)
- break;
- arch_enter_lazy_mmu_mode();
- pte--;
- addr -= PAGE_SIZE;
- continue;
+ nr = madvise_folio_pte_batch(addr, end, folio, pte,
+ ptent, &any_young, &any_dirty);
+
+ if (nr < folio_nr_pages(folio)) {
+ int err;
+
+ if (folio_likely_mapped_shared(folio))
+ continue;
+ if (!folio_trylock(folio))
+ continue;
+ folio_get(folio);
+ arch_leave_lazy_mmu_mode();
+ pte_unmap_unlock(start_pte, ptl);
+ start_pte = NULL;
+ err = split_folio(folio);
+ folio_unlock(folio);
+ folio_put(folio);
+ pte = pte_offset_map_lock(mm, pmd, addr, &ptl);
+ start_pte = pte;
+ if (!start_pte)
+ break;
+ arch_enter_lazy_mmu_mode();
+ if (!err)
+ nr = 0;
+ continue;
+ }
+
+ if (any_young)
+ ptent = pte_mkyoung(ptent);
+ if (any_dirty)
+ ptent = pte_mkdirty(ptent);
}
if (folio_test_swapcache(folio) || folio_test_dirty(folio)) {
if (!folio_trylock(folio))
continue;
/*
- * If folio is shared with others, we mustn't clear
- * the folio's dirty flag.
+ * If we have a large folio at this point, we know it is
+ * fully mapped so if its mapcount is the same as its
+ * number of pages, it must be exclusive.
*/
- if (folio_mapcount(folio) != 1) {
+ if (folio_mapcount(folio) != folio_nr_pages(folio)) {
folio_unlock(folio);
continue;
}
@@ -750,19 +764,8 @@ static int madvise_free_pte_range(pmd_t *pmd, unsigned long addr,
}
if (pte_young(ptent) || pte_dirty(ptent)) {
- /*
- * Some of architecture(ex, PPC) don't update TLB
- * with set_pte_at and tlb_remove_tlb_entry so for
- * the portability, remap the pte with old|clean
- * after pte clearing.
- */
- ptent = ptep_get_and_clear_full(mm, addr, pte,
- tlb->fullmm);
-
- ptent = pte_mkold(ptent);
- ptent = pte_mkclean(ptent);
- set_pte_at(mm, addr, pte, ptent);
- tlb_remove_tlb_entry(tlb, pte, addr);
+ clear_young_dirty_ptes(vma, addr, pte, nr, cydp_flags);
+ tlb_remove_tlb_entries(tlb, pte, nr, addr);
}
folio_mark_lazyfree(folio);
}
--
2.33.1
On Fri, Apr 19, 2024 at 1:44 AM Lance Yang <[email protected]> wrote:
>
> This patch optimizes lazyfreeing with PTE-mapped mTHP[1]
> (Inspired by David Hildenbrand[2]). We aim to avoid unnecessary folio
> splitting if the large folio is fully mapped within the target range.
>
> If a large folio is locked or shared, or if we fail to split it, we just
> leave it in place and advance to the next PTE in the range. But note that
> the behavior is changed; previously, any failure of this sort would cause
> the entire operation to give up. As large folios become more common,
> sticking to the old way could result in wasted opportunities.
>
> On an Intel I5 CPU, lazyfreeing a 1GiB VMA backed by PTE-mapped folios of
> the same size results in the following runtimes for madvise(MADV_FREE) in
> seconds (shorter is better):
>
> Folio Size | Old | New | Change
> ------------------------------------------
> 4KiB | 0.590251 | 0.590259 | 0%
> 16KiB | 2.990447 | 0.185655 | -94%
> 32KiB | 2.547831 | 0.104870 | -95%
> 64KiB | 2.457796 | 0.052812 | -97%
> 128KiB | 2.281034 | 0.032777 | -99%
> 256KiB | 2.230387 | 0.017496 | -99%
> 512KiB | 2.189106 | 0.010781 | -99%
> 1024KiB | 2.183949 | 0.007753 | -99%
> 2048KiB | 0.002799 | 0.002804 | 0%
>
> [1] https://lkml.kernel.org/r/[email protected]
> [2] https://lore.kernel.org/linux-mm/20240214204435.167852-1-david@redhatcom
>
> Reviewed-by: Ryan Roberts <[email protected]>
> Acked-by: David Hildenbrand <[email protected]>
> Signed-off-by: Lance Yang <[email protected]>
> ---
Hi Lance,
I am getting kernel panic with this patch,
/ # /home/barry/develop/linux/madvfree
[ 78.345305] watchdog: BUG: soft lockup - CPU#3 stuck for 22s! [madvfree:101]
[ 78.345992] Modules linked in:
[ 78.346942] irq event stamp: 0
[ 78.347311] hardirqs last enabled at (0): [<0000000000000000>] 0x0
[ 78.348407] hardirqs last disabled at (0): [<ffff8000800add04>]
copy_process+0x654/0x19a8
[ 78.349291] softirqs last enabled at (0): [<ffff8000800add04>]
copy_process+0x654/0x19a8
[ 78.349851] softirqs last disabled at (0): [<0000000000000000>] 0x0
[ 78.350544] CPU: 3 PID: 101 Comm: madvfree Not tainted
6.9.0-ge51ae633c861 #253
[ 78.351200] Hardware name: linux,dummy-virt (DT)
[ 78.351747] pstate: 01400005 (nzcv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)
[ 78.352314] pc : queued_spin_lock_slowpath+0x5c/0x528
[ 78.352772] lr : do_raw_spin_lock+0xc8/0x120
[ 78.353245] sp : ffff8000863d3720
[ 78.353657] x29: ffff8000863d3720 x28: ffff0000c45a8ff8 x27: 0800000103b24003
[ 78.354632] x26: ffff0000c3b26080 x25: fffffdffc0000000 x24: ffff8000822c2d10
[ 78.355446] x23: ffff80008403018f x22: ffff8000863d38e0 x21: 0000ffff7f000000
[ 78.356259] x20: ffff800082fbe008 x19: ffff0000c3b26080 x18: 0000000000000000
[ 78.357120] x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000
[ 78.357967] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000
[ 78.358878] x11: ff7ffffffffffbff x10: 0040000000000041 x9 : ffff800080143750
[ 78.359818] x8 : ffff8000863d3708 x7 : 0000000000000000 x6 : ffff8000803b34e8
[ 78.360688] x5 : 0000000000000000 x4 : 0000000000000001 x3 : ffff800082fbe008
[ 78.361602] x2 : ffff80012ac1f000 x1 : 0000000000000000 x0 : 0000000000000080
[ 78.362755] Call trace:
[ 78.363132] queued_spin_lock_slowpath+0x5c/0x528
[ 78.363614] do_raw_spin_lock+0xc8/0x120
[ 78.364041] _raw_spin_lock+0x58/0x70
[ 78.364455] __pte_offset_map_lock+0x98/0x210
[ 78.364891] madvise_free_pte_range+0x88/0xa58
[ 78.365406] walk_pgd_range+0x390/0x808
[ 78.365829] __walk_page_range+0x1e0/0x1f0
[ 78.366256] walk_page_range+0x1f0/0x2c8
[ 78.366676] madvise_free_single_vma+0x16c/0x308
[ 78.367115] madvise_vma_behavior+0x504/0xa20
[ 78.367549] madvise_walk_vmas+0xc0/0x128
[ 78.367972] do_madvise.part.0+0x110/0x558
[ 78.368398] __arm64_sys_madvise+0x68/0x88
[ 78.368826] invoke_syscall+0x50/0x128
[ 78.369332] el0_svc_common.constprop.0+0x48/0xf8
[ 78.369778] do_el0_svc+0x28/0x40
[ 78.370184] el0_svc+0x50/0x150
[ 78.370583] el0t_64_sync_handler+0x13c/0x158
[ 78.371017] el0t_64_sync+0x1a4/0x1a8
[ 102.345217] watchdog: BUG: soft lockup - CPU#3 stuck for 45s! [madvfree:101]
[ 102.345835] Modules linked in:
[ 102.346290] irq event stamp: 0
[ 102.346715] hardirqs last enabled at (0): [<0000000000000000>] 0x0
[ 102.347252] hardirqs last disabled at (0): [<ffff8000800add04>]
copy_process+0x654/0x19a8
[ 102.347796] softirqs last enabled at (0): [<ffff8000800add04>]
copy_process+0x654/0x19a8
[ 102.348333] softirqs last disabled at (0): [<0000000000000000>] 0x0
[ 102.348925] CPU: 3 PID: 101 Comm: madvfree Tainted: G L
6.9.0-ge51ae633c861 #253
[ 102.349549] Hardware name: linux,dummy-virt (DT)
[ 102.349988] pstate: 01400005 (nzcv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)
[ 102.350535] pc : queued_spin_lock_slowpath+0x5c/0x528
[ 102.351010] lr : do_raw_spin_lock+0xc8/0x120
[ 102.351508] sp : ffff8000863d3720
[ 102.351939] x29: ffff8000863d3720 x28: ffff0000c45a8ff8 x27: 0800000103b24003
[ 102.352811] x26: ffff0000c3b26080 x25: fffffdffc0000000 x24: ffff8000822c2d10
[ 102.353772] x23: ffff80008403018f x22: ffff8000863d38e0 x21: 0000ffff7f000000
[ 102.354625] x20: ffff800082fbe008 x19: ffff0000c3b26080 x18: 0000000000000000
[ 102.355495] x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000
[ 102.356370] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000
[ 102.357333] x11: ff7ffffffffffbff x10: 0040000000000041 x9 : ffff800080143750
[ 102.358273] x8 : ffff8000863d3708 x7 : 0000000000000000 x6 : ffff8000803b34e8
[ 102.359112] x5 : 0000000000000000 x4 : 0000000000000001 x3 : ffff800082fbe008
[ 102.360001] x2 : ffff80012ac1f000 x1 : 0000000000000000 x0 : 0000000000000080
[ 102.360887] Call trace:
[ 102.361289] queued_spin_lock_slowpath+0x5c/0x528
[ 102.361768] do_raw_spin_lock+0xc8/0x120
[ 102.362294] _raw_spin_lock+0x58/0x70
[ 102.362825] __pte_offset_map_lock+0x98/0x210
[ 102.363299] madvise_free_pte_range+0x88/0xa58
[ 102.363771] walk_pgd_range+0x390/0x808
[ 102.364268] __walk_page_range+0x1e0/0x1f0
[ 102.364729] walk_page_range+0x1f0/0x2c8
[ 102.365263] madvise_free_single_vma+0x16c/0x308
[ 102.365786] madvise_vma_behavior+0x504/0xa20
[ 102.366315] madvise_walk_vmas+0xc0/0x128
[ 102.366779] do_madvise.part.0+0x110/0x558
[ 102.367269] __arm64_sys_madvise+0x68/0x88
[ 102.367714] invoke_syscall+0x50/0x128
[ 102.368110] el0_svc_common.constprop.0+0x48/0xf8
[ 102.368574] do_el0_svc+0x28/0x40
[ 102.369001] el0_svc+0x50/0x150
[ 102.369464] el0t_64_sync_handler+0x13c/0x158
[ 102.369916] el0t_64_sync+0x1a4/0x1a8
[ 126.345236] watchdog: BUG: soft lockup - CPU#3 stuck for 67s! [madvfree:101]
the test code is as belows,
#define MADV_PAGEOUT 21 /* reclaim these pages */
#define DATA_SIZE (128UL * 1024 * 1024)
#define PAGE_SIZE (4UL * 1024)
#define LARGE_FOLIO_SIZE (64UL * 1024)
static void *read_data(void *addr)
{
unsigned long i;
for (i = 0; i < DATA_SIZE * 2; i += PAGE_SIZE) {
if (*((char *)addr + i) != (char)i) {
}
}
}
static void *lazyfree(void *addr)
{
unsigned long i;
madvise(addr, DATA_SIZE * 2, MADV_FREE);
}
int main(int argc, char **argv)
{
void *addr = mmap(NULL, DATA_SIZE * 2, PROT_READ | PROT_WRITE,
MAP_ANONYMOUS | MAP_PRIVATE, -1, 0);
memset(addr, 0x11, DATA_SIZE * 2);
lazyfree(addr);
while(1) {
sleep(1);
read_data(addr);
}
return 0;
}
> mm/madvise.c | 85 +++++++++++++++++++++++++++-------------------------
> 1 file changed, 44 insertions(+), 41 deletions(-)
>
> diff --git a/mm/madvise.c b/mm/madvise.c
> index 4597a3568e7e..ed125ad8a21e 100644
> --- a/mm/madvise.c
> +++ b/mm/madvise.c
> @@ -643,6 +643,7 @@ static int madvise_free_pte_range(pmd_t *pmd, unsigned long addr,
> unsigned long end, struct mm_walk *walk)
>
> {
> + const cydp_t cydp_flags = CYDP_CLEAR_YOUNG | CYDP_CLEAR_DIRTY;
> struct mmu_gather *tlb = walk->private;
> struct mm_struct *mm = tlb->mm;
> struct vm_area_struct *vma = walk->vma;
> @@ -697,44 +698,57 @@ static int madvise_free_pte_range(pmd_t *pmd, unsigned long addr,
> continue;
>
> /*
> - * If pmd isn't transhuge but the folio is large and
> - * is owned by only this process, split it and
> - * deactivate all pages.
> + * If we encounter a large folio, only split it if it is not
> + * fully mapped within the range we are operating on. Otherwise
> + * leave it as is so that it can be marked as lazyfree. If we
> + * fail to split a folio, leave it in place and advance to the
> + * next pte in the range.
> */
> if (folio_test_large(folio)) {
> - int err;
> + bool any_young, any_dirty;
>
> - if (folio_likely_mapped_shared(folio))
> - break;
> - if (!folio_trylock(folio))
> - break;
> - folio_get(folio);
> - arch_leave_lazy_mmu_mode();
> - pte_unmap_unlock(start_pte, ptl);
> - start_pte = NULL;
> - err = split_folio(folio);
> - folio_unlock(folio);
> - folio_put(folio);
> - if (err)
> - break;
> - start_pte = pte =
> - pte_offset_map_lock(mm, pmd, addr, &ptl);
> - if (!start_pte)
> - break;
> - arch_enter_lazy_mmu_mode();
> - pte--;
> - addr -= PAGE_SIZE;
> - continue;
> + nr = madvise_folio_pte_batch(addr, end, folio, pte,
> + ptent, &any_young, &any_dirty);
> +
> + if (nr < folio_nr_pages(folio)) {
> + int err;
> +
> + if (folio_likely_mapped_shared(folio))
> + continue;
> + if (!folio_trylock(folio))
> + continue;
> + folio_get(folio);
> + arch_leave_lazy_mmu_mode();
> + pte_unmap_unlock(start_pte, ptl);
> + start_pte = NULL;
> + err = split_folio(folio);
> + folio_unlock(folio);
> + folio_put(folio);
> + pte = pte_offset_map_lock(mm, pmd, addr, &ptl);
> + start_pte = pte;
> + if (!start_pte)
> + break;
> + arch_enter_lazy_mmu_mode();
> + if (!err)
> + nr = 0;
> + continue;
> + }
> +
> + if (any_young)
> + ptent = pte_mkyoung(ptent);
> + if (any_dirty)
> + ptent = pte_mkdirty(ptent);
> }
>
> if (folio_test_swapcache(folio) || folio_test_dirty(folio)) {
> if (!folio_trylock(folio))
> continue;
> /*
> - * If folio is shared with others, we mustn't clear
> - * the folio's dirty flag.
> + * If we have a large folio at this point, we know it is
> + * fully mapped so if its mapcount is the same as its
> + * number of pages, it must be exclusive.
> */
> - if (folio_mapcount(folio) != 1) {
> + if (folio_mapcount(folio) != folio_nr_pages(folio)) {
> folio_unlock(folio);
> continue;
> }
> @@ -750,19 +764,8 @@ static int madvise_free_pte_range(pmd_t *pmd, unsigned long addr,
> }
>
> if (pte_young(ptent) || pte_dirty(ptent)) {
> - /*
> - * Some of architecture(ex, PPC) don't update TLB
> - * with set_pte_at and tlb_remove_tlb_entry so for
> - * the portability, remap the pte with old|clean
> - * after pte clearing.
> - */
> - ptent = ptep_get_and_clear_full(mm, addr, pte,
> - tlb->fullmm);
> -
> - ptent = pte_mkold(ptent);
> - ptent = pte_mkclean(ptent);
> - set_pte_at(mm, addr, pte, ptent);
> - tlb_remove_tlb_entry(tlb, pte, addr);
> + clear_young_dirty_ptes(vma, addr, pte, nr, cydp_flags);
> + tlb_remove_tlb_entries(tlb, pte, nr, addr);
> }
> folio_mark_lazyfree(folio);
> }
> --
> 2.33.1
>
Hi Barry,
Thanks a lot for reporting!
On Fri, May 24, 2024 at 6:20 AM Barry Song <[email protected]> wrote:
>
> On Fri, Apr 19, 2024 at 1:44 AM Lance Yang <[email protected]> wrote:
> >
> > This patch optimizes lazyfreeing with PTE-mapped mTHP[1]
> > (Inspired by David Hildenbrand[2]). We aim to avoid unnecessary folio
> > splitting if the large folio is fully mapped within the target range.
> >
> > If a large folio is locked or shared, or if we fail to split it, we just
> > leave it in place and advance to the next PTE in the range. But note that
> > the behavior is changed; previously, any failure of this sort would cause
> > the entire operation to give up. As large folios become more common,
> > sticking to the old way could result in wasted opportunities.
> >
> > On an Intel I5 CPU, lazyfreeing a 1GiB VMA backed by PTE-mapped folios of
> > the same size results in the following runtimes for madvise(MADV_FREE) in
> > seconds (shorter is better):
> >
> > Folio Size | Old | New | Change
> > ------------------------------------------
> > 4KiB | 0.590251 | 0.590259 | 0%
> > 16KiB | 2.990447 | 0.185655 | -94%
> > 32KiB | 2.547831 | 0.104870 | -95%
> > 64KiB | 2.457796 | 0.052812 | -97%
> > 128KiB | 2.281034 | 0.032777 | -99%
> > 256KiB | 2.230387 | 0.017496 | -99%
> > 512KiB | 2.189106 | 0.010781 | -99%
> > 1024KiB | 2.183949 | 0.007753 | -99%
> > 2048KiB | 0.002799 | 0.002804 | 0%
> >
> > [1] https://lkml.kernel.org/r/20231207161211.2374093-5-ryan.roberts@armcom
> > [2] https://lore.kernel.org/linux-mm/[email protected]
> >
> > Reviewed-by: Ryan Roberts <[email protected]>
> > Acked-by: David Hildenbrand <[email protected]>
> > Signed-off-by: Lance Yang <[email protected]>
> > ---
>
> Hi Lance,
> I am getting kernel panic with this patch,
Good spot!
I just noticed that you posted a patch[1] to fix the bug introduced by the
commit 89e86854fb0a (mm/arm64: override clear_young_dirty_ptes() batch helper).
Could you please try your patch and see if the kernel panic issue still occurs?
[1] https://lore.kernel.org/all/[email protected]/
>
> / # /home/barry/develop/linux/madvfree
> [ 78.345305] watchdog: BUG: soft lockup - CPU#3 stuck for 22s! [madvfree:101]
> [ 78.345992] Modules linked in:
> [ 78.346942] irq event stamp: 0
> [ 78.347311] hardirqs last enabled at (0): [<0000000000000000>] 0x0
> [ 78.348407] hardirqs last disabled at (0): [<ffff8000800add04>]
> copy_process+0x654/0x19a8
> [ 78.349291] softirqs last enabled at (0): [<ffff8000800add04>]
> copy_process+0x654/0x19a8
> [ 78.349851] softirqs last disabled at (0): [<0000000000000000>] 0x0
> [ 78.350544] CPU: 3 PID: 101 Comm: madvfree Not tainted
> 6.9.0-ge51ae633c861 #253
> [ 78.351200] Hardware name: linux,dummy-virt (DT)
> [ 78.351747] pstate: 01400005 (nzcv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)
> [ 78.352314] pc : queued_spin_lock_slowpath+0x5c/0x528
> [ 78.352772] lr : do_raw_spin_lock+0xc8/0x120
> [ 78.353245] sp : ffff8000863d3720
> [ 78.353657] x29: ffff8000863d3720 x28: ffff0000c45a8ff8 x27: 0800000103b24003
> [ 78.354632] x26: ffff0000c3b26080 x25: fffffdffc0000000 x24: ffff8000822c2d10
> [ 78.355446] x23: ffff80008403018f x22: ffff8000863d38e0 x21: 0000ffff7f000000
> [ 78.356259] x20: ffff800082fbe008 x19: ffff0000c3b26080 x18: 0000000000000000
> [ 78.357120] x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000
> [ 78.357967] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000
> [ 78.358878] x11: ff7ffffffffffbff x10: 0040000000000041 x9 : ffff800080143750
> [ 78.359818] x8 : ffff8000863d3708 x7 : 0000000000000000 x6 : ffff8000803b34e8
> [ 78.360688] x5 : 0000000000000000 x4 : 0000000000000001 x3 : ffff800082fbe008
> [ 78.361602] x2 : ffff80012ac1f000 x1 : 0000000000000000 x0 : 0000000000000080
> [ 78.362755] Call trace:
> [ 78.363132] queued_spin_lock_slowpath+0x5c/0x528
> [ 78.363614] do_raw_spin_lock+0xc8/0x120
> [ 78.364041] _raw_spin_lock+0x58/0x70
> [ 78.364455] __pte_offset_map_lock+0x98/0x210
> [ 78.364891] madvise_free_pte_range+0x88/0xa58
> [ 78.365406] walk_pgd_range+0x390/0x808
> [ 78.365829] __walk_page_range+0x1e0/0x1f0
> [ 78.366256] walk_page_range+0x1f0/0x2c8
> [ 78.366676] madvise_free_single_vma+0x16c/0x308
> [ 78.367115] madvise_vma_behavior+0x504/0xa20
> [ 78.367549] madvise_walk_vmas+0xc0/0x128
> [ 78.367972] do_madvise.part.0+0x110/0x558
> [ 78.368398] __arm64_sys_madvise+0x68/0x88
> [ 78.368826] invoke_syscall+0x50/0x128
> [ 78.369332] el0_svc_common.constprop.0+0x48/0xf8
> [ 78.369778] do_el0_svc+0x28/0x40
> [ 78.370184] el0_svc+0x50/0x150
> [ 78.370583] el0t_64_sync_handler+0x13c/0x158
> [ 78.371017] el0t_64_sync+0x1a4/0x1a8
> [ 102.345217] watchdog: BUG: soft lockup - CPU#3 stuck for 45s! [madvfree:101]
> [ 102.345835] Modules linked in:
> [ 102.346290] irq event stamp: 0
> [ 102.346715] hardirqs last enabled at (0): [<0000000000000000>] 0x0
> [ 102.347252] hardirqs last disabled at (0): [<ffff8000800add04>]
> copy_process+0x654/0x19a8
> [ 102.347796] softirqs last enabled at (0): [<ffff8000800add04>]
> copy_process+0x654/0x19a8
> [ 102.348333] softirqs last disabled at (0): [<0000000000000000>] 0x0
> [ 102.348925] CPU: 3 PID: 101 Comm: madvfree Tainted: G L
> 6.9.0-ge51ae633c861 #253
> [ 102.349549] Hardware name: linux,dummy-virt (DT)
> [ 102.349988] pstate: 01400005 (nzcv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)
> [ 102.350535] pc : queued_spin_lock_slowpath+0x5c/0x528
> [ 102.351010] lr : do_raw_spin_lock+0xc8/0x120
> [ 102.351508] sp : ffff8000863d3720
> [ 102.351939] x29: ffff8000863d3720 x28: ffff0000c45a8ff8 x27: 0800000103b24003
> [ 102.352811] x26: ffff0000c3b26080 x25: fffffdffc0000000 x24: ffff8000822c2d10
> [ 102.353772] x23: ffff80008403018f x22: ffff8000863d38e0 x21: 0000ffff7f000000
> [ 102.354625] x20: ffff800082fbe008 x19: ffff0000c3b26080 x18: 0000000000000000
> [ 102.355495] x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000
> [ 102.356370] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000
> [ 102.357333] x11: ff7ffffffffffbff x10: 0040000000000041 x9 : ffff800080143750
> [ 102.358273] x8 : ffff8000863d3708 x7 : 0000000000000000 x6 : ffff8000803b34e8
> [ 102.359112] x5 : 0000000000000000 x4 : 0000000000000001 x3 : ffff800082fbe008
> [ 102.360001] x2 : ffff80012ac1f000 x1 : 0000000000000000 x0 : 0000000000000080
> [ 102.360887] Call trace:
> [ 102.361289] queued_spin_lock_slowpath+0x5c/0x528
> [ 102.361768] do_raw_spin_lock+0xc8/0x120
> [ 102.362294] _raw_spin_lock+0x58/0x70
> [ 102.362825] __pte_offset_map_lock+0x98/0x210
> [ 102.363299] madvise_free_pte_range+0x88/0xa58
> [ 102.363771] walk_pgd_range+0x390/0x808
> [ 102.364268] __walk_page_range+0x1e0/0x1f0
> [ 102.364729] walk_page_range+0x1f0/0x2c8
> [ 102.365263] madvise_free_single_vma+0x16c/0x308
> [ 102.365786] madvise_vma_behavior+0x504/0xa20
> [ 102.366315] madvise_walk_vmas+0xc0/0x128
> [ 102.366779] do_madvise.part.0+0x110/0x558
> [ 102.367269] __arm64_sys_madvise+0x68/0x88
> [ 102.367714] invoke_syscall+0x50/0x128
> [ 102.368110] el0_svc_common.constprop.0+0x48/0xf8
> [ 102.368574] do_el0_svc+0x28/0x40
> [ 102.369001] el0_svc+0x50/0x150
> [ 102.369464] el0t_64_sync_handler+0x13c/0x158
> [ 102.369916] el0t_64_sync+0x1a4/0x1a8
> [ 126.345236] watchdog: BUG: soft lockup - CPU#3 stuck for 67s! [madvfree:101]
>
> the test code is as belows,
>
> #define MADV_PAGEOUT 21 /* reclaim these pages */
>
> #define DATA_SIZE (128UL * 1024 * 1024)
> #define PAGE_SIZE (4UL * 1024)
> #define LARGE_FOLIO_SIZE (64UL * 1024)
>
> static void *read_data(void *addr)
> {
> unsigned long i;
>
> for (i = 0; i < DATA_SIZE * 2; i += PAGE_SIZE) {
> if (*((char *)addr + i) != (char)i) {
> }
> }
> }
>
> static void *lazyfree(void *addr)
> {
> unsigned long i;
>
> madvise(addr, DATA_SIZE * 2, MADV_FREE);
> }
>
> int main(int argc, char **argv)
> {
> void *addr = mmap(NULL, DATA_SIZE * 2, PROT_READ | PROT_WRITE,
> MAP_ANONYMOUS | MAP_PRIVATE, -1, 0);
Could you please check the /sys/kernel/mm/transparent_hugepage/enabled?
Is it set to 'always'?
Also, what size of mTHP are you using here?
> memset(addr, 0x11, DATA_SIZE * 2);
> lazyfree(addr);
>
> while(1) {
> sleep(1);
> read_data(addr);
> }
> return 0;
> }
Thanks again for reaching out!
Lance
>
> > mm/madvise.c | 85 +++++++++++++++++++++++++++-------------------------
> > 1 file changed, 44 insertions(+), 41 deletions(-)
> >
> > diff --git a/mm/madvise.c b/mm/madvise.c
> > index 4597a3568e7e..ed125ad8a21e 100644
> > --- a/mm/madvise.c
> > +++ b/mm/madvise.c
> > @@ -643,6 +643,7 @@ static int madvise_free_pte_range(pmd_t *pmd, unsigned long addr,
> > unsigned long end, struct mm_walk *walk)
> >
> > {
> > + const cydp_t cydp_flags = CYDP_CLEAR_YOUNG | CYDP_CLEAR_DIRTY;
> > struct mmu_gather *tlb = walk->private;
> > struct mm_struct *mm = tlb->mm;
> > struct vm_area_struct *vma = walk->vma;
> > @@ -697,44 +698,57 @@ static int madvise_free_pte_range(pmd_t *pmd, unsigned long addr,
> > continue;
> >
> > /*
> > - * If pmd isn't transhuge but the folio is large and
> > - * is owned by only this process, split it and
> > - * deactivate all pages.
> > + * If we encounter a large folio, only split it if it is not
> > + * fully mapped within the range we are operating on. Otherwise
> > + * leave it as is so that it can be marked as lazyfree. If we
> > + * fail to split a folio, leave it in place and advance to the
> > + * next pte in the range.
> > */
> > if (folio_test_large(folio)) {
> > - int err;
> > + bool any_young, any_dirty;
> >
> > - if (folio_likely_mapped_shared(folio))
> > - break;
> > - if (!folio_trylock(folio))
> > - break;
> > - folio_get(folio);
> > - arch_leave_lazy_mmu_mode();
> > - pte_unmap_unlock(start_pte, ptl);
> > - start_pte = NULL;
> > - err = split_folio(folio);
> > - folio_unlock(folio);
> > - folio_put(folio);
> > - if (err)
> > - break;
> > - start_pte = pte =
> > - pte_offset_map_lock(mm, pmd, addr, &ptl);
> > - if (!start_pte)
> > - break;
> > - arch_enter_lazy_mmu_mode();
> > - pte--;
> > - addr -= PAGE_SIZE;
> > - continue;
> > + nr = madvise_folio_pte_batch(addr, end, folio, pte,
> > + ptent, &any_young, &any_dirty);
> > +
> > + if (nr < folio_nr_pages(folio)) {
> > + int err;
> > +
> > + if (folio_likely_mapped_shared(folio))
> > + continue;
> > + if (!folio_trylock(folio))
> > + continue;
> > + folio_get(folio);
> > + arch_leave_lazy_mmu_mode();
> > + pte_unmap_unlock(start_pte, ptl);
> > + start_pte = NULL;
> > + err = split_folio(folio);
> > + folio_unlock(folio);
> > + folio_put(folio);
> > + pte = pte_offset_map_lock(mm, pmd, addr, &ptl);
> > + start_pte = pte;
> > + if (!start_pte)
> > + break;
> > + arch_enter_lazy_mmu_mode();
> > + if (!err)
> > + nr = 0;
> > + continue;
> > + }
> > +
> > + if (any_young)
> > + ptent = pte_mkyoung(ptent);
> > + if (any_dirty)
> > + ptent = pte_mkdirty(ptent);
> > }
> >
> > if (folio_test_swapcache(folio) || folio_test_dirty(folio)) {
> > if (!folio_trylock(folio))
> > continue;
> > /*
> > - * If folio is shared with others, we mustn't clear
> > - * the folio's dirty flag.
> > + * If we have a large folio at this point, we know it is
> > + * fully mapped so if its mapcount is the same as its
> > + * number of pages, it must be exclusive.
> > */
> > - if (folio_mapcount(folio) != 1) {
> > + if (folio_mapcount(folio) != folio_nr_pages(folio)) {
> > folio_unlock(folio);
> > continue;
> > }
> > @@ -750,19 +764,8 @@ static int madvise_free_pte_range(pmd_t *pmd, unsigned long addr,
> > }
> >
> > if (pte_young(ptent) || pte_dirty(ptent)) {
> > - /*
> > - * Some of architecture(ex, PPC) don't update TLB
> > - * with set_pte_at and tlb_remove_tlb_entry so for
> > - * the portability, remap the pte with old|clean
> > - * after pte clearing.
> > - */
> > - ptent = ptep_get_and_clear_full(mm, addr, pte,
> > - tlb->fullmm);
> > -
> > - ptent = pte_mkold(ptent);
> > - ptent = pte_mkclean(ptent);
> > - set_pte_at(mm, addr, pte, ptent);
> > - tlb_remove_tlb_entry(tlb, pte, addr);
> > + clear_young_dirty_ptes(vma, addr, pte, nr, cydp_flags);
> > + tlb_remove_tlb_entries(tlb, pte, nr, addr);
> > }
> > folio_mark_lazyfree(folio);
> > }
> > --
> > 2.33.1
> >
On Fri, May 24, 2024 at 2:41 PM Lance Yang <[email protected]> wrote:
>
> Hi Barry,
>
> Thanks a lot for reporting!
>
> On Fri, May 24, 2024 at 6:20 AM Barry Song <[email protected]> wrote:
> >
> > On Fri, Apr 19, 2024 at 1:44 AM Lance Yang <[email protected]> wrote:
> > >
> > > This patch optimizes lazyfreeing with PTE-mapped mTHP[1]
> > > (Inspired by David Hildenbrand[2]). We aim to avoid unnecessary folio
> > > splitting if the large folio is fully mapped within the target range.
> > >
> > > If a large folio is locked or shared, or if we fail to split it, we just
> > > leave it in place and advance to the next PTE in the range. But note that
> > > the behavior is changed; previously, any failure of this sort would cause
> > > the entire operation to give up. As large folios become more common,
> > > sticking to the old way could result in wasted opportunities.
> > >
> > > On an Intel I5 CPU, lazyfreeing a 1GiB VMA backed by PTE-mapped folios of
> > > the same size results in the following runtimes for madvise(MADV_FREE) in
> > > seconds (shorter is better):
> > >
> > > Folio Size | Old | New | Change
> > > ------------------------------------------
> > > 4KiB | 0.590251 | 0.590259 | 0%
> > > 16KiB | 2.990447 | 0.185655 | -94%
> > > 32KiB | 2.547831 | 0.104870 | -95%
> > > 64KiB | 2.457796 | 0.052812 | -97%
> > > 128KiB | 2.281034 | 0.032777 | -99%
> > > 256KiB | 2.230387 | 0.017496 | -99%
> > > 512KiB | 2.189106 | 0.010781 | -99%
> > > 1024KiB | 2.183949 | 0.007753 | -99%
> > > 2048KiB | 0.002799 | 0.002804 | 0%
> > >
> > > [1] https://lkml.kernel.org/r/[email protected]
> > > [2] https://lore.kernel.org/linux-mm/[email protected]
> > >
> > > Reviewed-by: Ryan Roberts <[email protected]>
> > > Acked-by: David Hildenbrand <[email protected]>
> > > Signed-off-by: Lance Yang <[email protected]>
> > > ---
> >
> > Hi Lance,
> > I am getting kernel panic with this patch,
>
> Good spot!
>
> I just noticed that you posted a patch[1] to fix the bug introduced by the
> commit 89e86854fb0a (mm/arm64: override clear_young_dirty_ptes() batch helper).
>
> Could you please try your patch and see if the kernel panic issue still occurs?
>
> [1] https://lore.kernel.org/all/[email protected]/
Indeed, this is all attributed to the overflow in clear_young_dirty_ptes().
I'm reaching out to update you that the issue I reported earlier has been
resolved by the patch.
>
> >
> > / # /home/barry/develop/linux/madvfree
> > [ 78.345305] watchdog: BUG: soft lockup - CPU#3 stuck for 22s! [madvfree:101]
> > [ 78.345992] Modules linked in:
> > [ 78.346942] irq event stamp: 0
> > [ 78.347311] hardirqs last enabled at (0): [<0000000000000000>] 0x0
> > [ 78.348407] hardirqs last disabled at (0): [<ffff8000800add04>]
> > copy_process+0x654/0x19a8
> > [ 78.349291] softirqs last enabled at (0): [<ffff8000800add04>]
> > copy_process+0x654/0x19a8
> > [ 78.349851] softirqs last disabled at (0): [<0000000000000000>] 0x0
> > [ 78.350544] CPU: 3 PID: 101 Comm: madvfree Not tainted
> > 6.9.0-ge51ae633c861 #253
> > [ 78.351200] Hardware name: linux,dummy-virt (DT)
> > [ 78.351747] pstate: 01400005 (nzcv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)
> > [ 78.352314] pc : queued_spin_lock_slowpath+0x5c/0x528
> > [ 78.352772] lr : do_raw_spin_lock+0xc8/0x120
> > [ 78.353245] sp : ffff8000863d3720
> > [ 78.353657] x29: ffff8000863d3720 x28: ffff0000c45a8ff8 x27: 0800000103b24003
> > [ 78.354632] x26: ffff0000c3b26080 x25: fffffdffc0000000 x24: ffff8000822c2d10
> > [ 78.355446] x23: ffff80008403018f x22: ffff8000863d38e0 x21: 0000ffff7f000000
> > [ 78.356259] x20: ffff800082fbe008 x19: ffff0000c3b26080 x18: 0000000000000000
> > [ 78.357120] x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000
> > [ 78.357967] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000
> > [ 78.358878] x11: ff7ffffffffffbff x10: 0040000000000041 x9 : ffff800080143750
> > [ 78.359818] x8 : ffff8000863d3708 x7 : 0000000000000000 x6 : ffff8000803b34e8
> > [ 78.360688] x5 : 0000000000000000 x4 : 0000000000000001 x3 : ffff800082fbe008
> > [ 78.361602] x2 : ffff80012ac1f000 x1 : 0000000000000000 x0 : 0000000000000080
> > [ 78.362755] Call trace:
> > [ 78.363132] queued_spin_lock_slowpath+0x5c/0x528
> > [ 78.363614] do_raw_spin_lock+0xc8/0x120
> > [ 78.364041] _raw_spin_lock+0x58/0x70
> > [ 78.364455] __pte_offset_map_lock+0x98/0x210
> > [ 78.364891] madvise_free_pte_range+0x88/0xa58
> > [ 78.365406] walk_pgd_range+0x390/0x808
> > [ 78.365829] __walk_page_range+0x1e0/0x1f0
> > [ 78.366256] walk_page_range+0x1f0/0x2c8
> > [ 78.366676] madvise_free_single_vma+0x16c/0x308
> > [ 78.367115] madvise_vma_behavior+0x504/0xa20
> > [ 78.367549] madvise_walk_vmas+0xc0/0x128
> > [ 78.367972] do_madvise.part.0+0x110/0x558
> > [ 78.368398] __arm64_sys_madvise+0x68/0x88
> > [ 78.368826] invoke_syscall+0x50/0x128
> > [ 78.369332] el0_svc_common.constprop.0+0x48/0xf8
> > [ 78.369778] do_el0_svc+0x28/0x40
> > [ 78.370184] el0_svc+0x50/0x150
> > [ 78.370583] el0t_64_sync_handler+0x13c/0x158
> > [ 78.371017] el0t_64_sync+0x1a4/0x1a8
> > [ 102.345217] watchdog: BUG: soft lockup - CPU#3 stuck for 45s! [madvfree:101]
> > [ 102.345835] Modules linked in:
> > [ 102.346290] irq event stamp: 0
> > [ 102.346715] hardirqs last enabled at (0): [<0000000000000000>] 0x0
> > [ 102.347252] hardirqs last disabled at (0): [<ffff8000800add04>]
> > copy_process+0x654/0x19a8
> > [ 102.347796] softirqs last enabled at (0): [<ffff8000800add04>]
> > copy_process+0x654/0x19a8
> > [ 102.348333] softirqs last disabled at (0): [<0000000000000000>] 0x0
> > [ 102.348925] CPU: 3 PID: 101 Comm: madvfree Tainted: G L
> > 6.9.0-ge51ae633c861 #253
> > [ 102.349549] Hardware name: linux,dummy-virt (DT)
> > [ 102.349988] pstate: 01400005 (nzcv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)
> > [ 102.350535] pc : queued_spin_lock_slowpath+0x5c/0x528
> > [ 102.351010] lr : do_raw_spin_lock+0xc8/0x120
> > [ 102.351508] sp : ffff8000863d3720
> > [ 102.351939] x29: ffff8000863d3720 x28: ffff0000c45a8ff8 x27: 0800000103b24003
> > [ 102.352811] x26: ffff0000c3b26080 x25: fffffdffc0000000 x24: ffff8000822c2d10
> > [ 102.353772] x23: ffff80008403018f x22: ffff8000863d38e0 x21: 0000ffff7f000000
> > [ 102.354625] x20: ffff800082fbe008 x19: ffff0000c3b26080 x18: 0000000000000000
> > [ 102.355495] x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000
> > [ 102.356370] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000
> > [ 102.357333] x11: ff7ffffffffffbff x10: 0040000000000041 x9 : ffff800080143750
> > [ 102.358273] x8 : ffff8000863d3708 x7 : 0000000000000000 x6 : ffff8000803b34e8
> > [ 102.359112] x5 : 0000000000000000 x4 : 0000000000000001 x3 : ffff800082fbe008
> > [ 102.360001] x2 : ffff80012ac1f000 x1 : 0000000000000000 x0 : 0000000000000080
> > [ 102.360887] Call trace:
> > [ 102.361289] queued_spin_lock_slowpath+0x5c/0x528
> > [ 102.361768] do_raw_spin_lock+0xc8/0x120
> > [ 102.362294] _raw_spin_lock+0x58/0x70
> > [ 102.362825] __pte_offset_map_lock+0x98/0x210
> > [ 102.363299] madvise_free_pte_range+0x88/0xa58
> > [ 102.363771] walk_pgd_range+0x390/0x808
> > [ 102.364268] __walk_page_range+0x1e0/0x1f0
> > [ 102.364729] walk_page_range+0x1f0/0x2c8
> > [ 102.365263] madvise_free_single_vma+0x16c/0x308
> > [ 102.365786] madvise_vma_behavior+0x504/0xa20
> > [ 102.366315] madvise_walk_vmas+0xc0/0x128
> > [ 102.366779] do_madvise.part.0+0x110/0x558
> > [ 102.367269] __arm64_sys_madvise+0x68/0x88
> > [ 102.367714] invoke_syscall+0x50/0x128
> > [ 102.368110] el0_svc_common.constprop.0+0x48/0xf8
> > [ 102.368574] do_el0_svc+0x28/0x40
> > [ 102.369001] el0_svc+0x50/0x150
> > [ 102.369464] el0t_64_sync_handler+0x13c/0x158
> > [ 102.369916] el0t_64_sync+0x1a4/0x1a8
> > [ 126.345236] watchdog: BUG: soft lockup - CPU#3 stuck for 67s! [madvfree:101]
> >
> > the test code is as belows,
> >
> > #define MADV_PAGEOUT 21 /* reclaim these pages */
> >
> > #define DATA_SIZE (128UL * 1024 * 1024)
> > #define PAGE_SIZE (4UL * 1024)
> > #define LARGE_FOLIO_SIZE (64UL * 1024)
> >
> > static void *read_data(void *addr)
> > {
> > unsigned long i;
> >
> > for (i = 0; i < DATA_SIZE * 2; i += PAGE_SIZE) {
> > if (*((char *)addr + i) != (char)i) {
> > }
> > }
> > }
> >
> > static void *lazyfree(void *addr)
> > {
> > unsigned long i;
> >
> > madvise(addr, DATA_SIZE * 2, MADV_FREE);
> > }
> >
> > int main(int argc, char **argv)
> > {
> > void *addr = mmap(NULL, DATA_SIZE * 2, PROT_READ | PROT_WRITE,
> > MAP_ANONYMOUS | MAP_PRIVATE, -1, 0);
>
> Could you please check the /sys/kernel/mm/transparent_hugepage/enabled?
>
> Is it set to 'always'?
>
> Also, what size of mTHP are you using here?
That is 64KiB with "always" policy.
>
> > memset(addr, 0x11, DATA_SIZE * 2);
> > lazyfree(addr);
> >
> > while(1) {
> > sleep(1);
> > read_data(addr);
> > }
> > return 0;
> > }
>
> Thanks again for reaching out!
No worries. please test and ack the patch which fixed clear_young_dirty_ptes()
so that it can be merged as soon as possible.
> Lance
> >
> > > mm/madvise.c | 85 +++++++++++++++++++++++++++-------------------------
> > > 1 file changed, 44 insertions(+), 41 deletions(-)
> > >
> > > diff --git a/mm/madvise.c b/mm/madvise.c
> > > index 4597a3568e7e..ed125ad8a21e 100644
> > > --- a/mm/madvise.c
> > > +++ b/mm/madvise.c
> > > @@ -643,6 +643,7 @@ static int madvise_free_pte_range(pmd_t *pmd, unsigned long addr,
> > > unsigned long end, struct mm_walk *walk)
> > >
> > > {
> > > + const cydp_t cydp_flags = CYDP_CLEAR_YOUNG | CYDP_CLEAR_DIRTY;
> > > struct mmu_gather *tlb = walk->private;
> > > struct mm_struct *mm = tlb->mm;
> > > struct vm_area_struct *vma = walk->vma;
> > > @@ -697,44 +698,57 @@ static int madvise_free_pte_range(pmd_t *pmd, unsigned long addr,
> > > continue;
> > >
> > > /*
> > > - * If pmd isn't transhuge but the folio is large and
> > > - * is owned by only this process, split it and
> > > - * deactivate all pages.
> > > + * If we encounter a large folio, only split it if it is not
> > > + * fully mapped within the range we are operating on. Otherwise
> > > + * leave it as is so that it can be marked as lazyfree. If we
> > > + * fail to split a folio, leave it in place and advance to the
> > > + * next pte in the range.
> > > */
> > > if (folio_test_large(folio)) {
> > > - int err;
> > > + bool any_young, any_dirty;
> > >
> > > - if (folio_likely_mapped_shared(folio))
> > > - break;
> > > - if (!folio_trylock(folio))
> > > - break;
> > > - folio_get(folio);
> > > - arch_leave_lazy_mmu_mode();
> > > - pte_unmap_unlock(start_pte, ptl);
> > > - start_pte = NULL;
> > > - err = split_folio(folio);
> > > - folio_unlock(folio);
> > > - folio_put(folio);
> > > - if (err)
> > > - break;
> > > - start_pte = pte =
> > > - pte_offset_map_lock(mm, pmd, addr, &ptl);
> > > - if (!start_pte)
> > > - break;
> > > - arch_enter_lazy_mmu_mode();
> > > - pte--;
> > > - addr -= PAGE_SIZE;
> > > - continue;
> > > + nr = madvise_folio_pte_batch(addr, end, folio, pte,
> > > + ptent, &any_young, &any_dirty);
> > > +
> > > + if (nr < folio_nr_pages(folio)) {
> > > + int err;
> > > +
> > > + if (folio_likely_mapped_shared(folio))
> > > + continue;
> > > + if (!folio_trylock(folio))
> > > + continue;
> > > + folio_get(folio);
> > > + arch_leave_lazy_mmu_mode();
> > > + pte_unmap_unlock(start_pte, ptl);
> > > + start_pte = NULL;
> > > + err = split_folio(folio);
> > > + folio_unlock(folio);
> > > + folio_put(folio);
> > > + pte = pte_offset_map_lock(mm, pmd, addr, &ptl);
> > > + start_pte = pte;
> > > + if (!start_pte)
> > > + break;
> > > + arch_enter_lazy_mmu_mode();
> > > + if (!err)
> > > + nr = 0;
> > > + continue;
> > > + }
> > > +
> > > + if (any_young)
> > > + ptent = pte_mkyoung(ptent);
> > > + if (any_dirty)
> > > + ptent = pte_mkdirty(ptent);
> > > }
> > >
> > > if (folio_test_swapcache(folio) || folio_test_dirty(folio)) {
> > > if (!folio_trylock(folio))
> > > continue;
> > > /*
> > > - * If folio is shared with others, we mustn't clear
> > > - * the folio's dirty flag.
> > > + * If we have a large folio at this point, we know it is
> > > + * fully mapped so if its mapcount is the same as its
> > > + * number of pages, it must be exclusive.
> > > */
> > > - if (folio_mapcount(folio) != 1) {
> > > + if (folio_mapcount(folio) != folio_nr_pages(folio)) {
> > > folio_unlock(folio);
> > > continue;
> > > }
> > > @@ -750,19 +764,8 @@ static int madvise_free_pte_range(pmd_t *pmd, unsigned long addr,
> > > }
> > >
> > > if (pte_young(ptent) || pte_dirty(ptent)) {
> > > - /*
> > > - * Some of architecture(ex, PPC) don't update TLB
> > > - * with set_pte_at and tlb_remove_tlb_entry so for
> > > - * the portability, remap the pte with old|clean
> > > - * after pte clearing.
> > > - */
> > > - ptent = ptep_get_and_clear_full(mm, addr, pte,
> > > - tlb->fullmm);
> > > -
> > > - ptent = pte_mkold(ptent);
> > > - ptent = pte_mkclean(ptent);
> > > - set_pte_at(mm, addr, pte, ptent);
> > > - tlb_remove_tlb_entry(tlb, pte, addr);
> > > + clear_young_dirty_ptes(vma, addr, pte, nr, cydp_flags);
> > > + tlb_remove_tlb_entries(tlb, pte, nr, addr);
> > > }
> > > folio_mark_lazyfree(folio);
> > > }
> > > --
> > > 2.33.1
> > >
Thanks
Barry