Received: by 2002:a05:7412:419a:b0:f3:1519:9f41 with SMTP id i26csp3782608rdh; Tue, 28 Nov 2023 03:58:42 -0800 (PST) X-Google-Smtp-Source: AGHT+IEqCiaA1+Q3KClzH3XzRRy0nO5Ze/kBiMzKhuaGLHQtjgJcJlFtLKpnar6dNt+NfgHjdWwQ X-Received: by 2002:a17:903:4284:b0:1cf:a7f9:1e7a with SMTP id ju4-20020a170903428400b001cfa7f91e7amr10972912plb.45.1701172721861; Tue, 28 Nov 2023 03:58:41 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1701172721; cv=none; d=google.com; s=arc-20160816; b=C5OHVVEWdopOvyYRH0+ozOABuhdMnbPmBhhU1DrrFWlBwQNkDBlQ2m1a2MzFaoKTdm 0HSvn501iZP38pyzw+JRZwDB0XGc3uAj/ntmtxQulAICGjTxXXsNw9Dbz45WgqQmRXmM wDUf/f6ah/gnMkHb6Z88ijy9KEl8svDgIJu2kMAADWD+7Csp79edHoAlEcpacoZwfRdT c6B8De+sN7VeFeuhXhtktLid6hISXb7GeizbMUOOQdPOsfbnoL/kZUjajo+7qUgptkiO wOiHExV/QyJ4PaKS3vLvUl+p9EK0FrvNTJ5ruafml4dGKaXINMwhqnGWqsvwm0sgmvGH rrOg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:content-language:subject:user-agent:mime-version :date:message-id; bh=XKZ41Ulz/G3hxjLP2RRCgQqcvwQl4KBW6Y2zmScpfBs=; fh=r16t8PoJoYk5wo2DW0GiwH/SMt8k6yep6QO4hvF9Yw4=; b=PscVDcCGjvEx7OMWEvEO+X3ij1caCikV5DK8IvaEM31YrO2rCo+AbUbfC6w+IBeDDF j10Vs0EvCk55Ka3SfMXDnBu7Eq2M+oJ318Hap3hWRwBZl8mMuQfPgY8ZlYoTIoIMcLKh qQjjKyZhU4GDZrdGav6Ujnf57h7ypjKMDhX5ZofXzOBFI27woUaeTcfcVvtlyqy/hZ7U 2T3TQRLMksrdBUkJRGe/dadqv7Ys+UZK06atTsy+c/oAQVJ9WEAVv1lkotnOzA5hrj21 CitaBofZannr09/U8tnrI2wpCCEfbzPoTX4QHEbUTepqYHDHH0PmJSG+0MmizvYci+XE lnIQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=arm.com Return-Path: Received: from snail.vger.email (snail.vger.email. [2620:137:e000::3:7]) by mx.google.com with ESMTPS id n15-20020a170903110f00b001cfb14a09a2si8572916plh.457.2023.11.28.03.58.41 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 28 Nov 2023 03:58:41 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) client-ip=2620:137:e000::3:7; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=arm.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by snail.vger.email (Postfix) with ESMTP id 6166080ABFDC; Tue, 28 Nov 2023 03:58:40 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at snail.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1344542AbjK1L6a (ORCPT + 99 others); Tue, 28 Nov 2023 06:58:30 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42960 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1344263AbjK1L62 (ORCPT ); Tue, 28 Nov 2023 06:58:28 -0500 Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id B900892 for ; Tue, 28 Nov 2023 03:58:34 -0800 (PST) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 59460C15; Tue, 28 Nov 2023 03:59:21 -0800 (PST) Received: from [10.1.33.188] (XHFQ2J9959.cambridge.arm.com [10.1.33.188]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id B28993F73F; Tue, 28 Nov 2023 03:58:27 -0800 (PST) Message-ID: <15c68452-cc8e-45a5-bcaf-79b040afc746@arm.com> Date: Tue, 28 Nov 2023 11:58:25 +0000 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH v2 00/14] Transparent Contiguous PTEs for User Mappings Content-Language: en-GB To: Yang Shi Cc: Barry Song <21cnbao@gmail.com>, akpm@linux-foundation.org, andreyknvl@gmail.com, anshuman.khandual@arm.com, ardb@kernel.org, catalin.marinas@arm.com, david@redhat.com, dvyukov@google.com, glider@google.com, james.morse@arm.com, jhubbard@nvidia.com, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, mark.rutland@arm.com, maz@kernel.org, oliver.upton@linux.dev, ryabinin.a.a@gmail.com, suzuki.poulose@arm.com, vincenzo.frascino@arm.com, wangkefeng.wang@huawei.com, will@kernel.org, willy@infradead.org, yuzenghui@huawei.com, yuzhao@google.com, ziy@nvidia.com References: <20231115163018.1303287-1-ryan.roberts@arm.com> <20231127031813.5576-1-v-songbaohua@oppo.com> <234021ba-73c2-474a-82f9-91e1604d5bb5@arm.com> From: Ryan Roberts In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED, SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (snail.vger.email [0.0.0.0]); Tue, 28 Nov 2023 03:58:40 -0800 (PST) On 28/11/2023 03:13, Yang Shi wrote: > On Mon, Nov 27, 2023 at 1:15 AM Ryan Roberts wrote: >> >> On 27/11/2023 03:18, Barry Song wrote: >>>> Ryan Roberts (14): >>>> mm: Batch-copy PTE ranges during fork() >>>> arm64/mm: set_pte(): New layer to manage contig bit >>>> arm64/mm: set_ptes()/set_pte_at(): New layer to manage contig bit >>>> arm64/mm: pte_clear(): New layer to manage contig bit >>>> arm64/mm: ptep_get_and_clear(): New layer to manage contig bit >>>> arm64/mm: ptep_test_and_clear_young(): New layer to manage contig bit >>>> arm64/mm: ptep_clear_flush_young(): New layer to manage contig bit >>>> arm64/mm: ptep_set_wrprotect(): New layer to manage contig bit >>>> arm64/mm: ptep_set_access_flags(): New layer to manage contig bit >>>> arm64/mm: ptep_get(): New layer to manage contig bit >>>> arm64/mm: Split __flush_tlb_range() to elide trailing DSB >>>> arm64/mm: Wire up PTE_CONT for user mappings >>>> arm64/mm: Implement ptep_set_wrprotects() to optimize fork() >>>> arm64/mm: Add ptep_get_and_clear_full() to optimize process teardown >>> >>> Hi Ryan, >>> Not quite sure if I missed something, are we splitting/unfolding CONTPTES >>> in the below cases >> >> The general idea is that the core-mm sets the individual ptes (one at a time if >> it likes with set_pte_at(), or in a block with set_ptes()), modifies its >> permissions (ptep_set_wrprotect(), ptep_set_access_flags()) and clears them >> (ptep_clear(), etc); This is exactly the same interface as previously. >> >> BUT, the arm64 implementation of those interfaces will now detect when a set of >> adjacent PTEs (a contpte block - so 16 naturally aligned entries when using 4K >> base pages) are all appropriate for having the CONT_PTE bit set; in this case >> the block is "folded". And it will detect when the first PTE in the block >> changes such that the CONT_PTE bit must now be unset ("unfolded"). One of the >> requirements for folding a contpte block is that all the pages must belong to >> the *same* folio (that means its safe to only track access/dirty for thecontpte >> block as a whole rather than for each individual pte). >> >> (there are a couple of optimizations that make the reality slightly more >> complicated than what I've just explained, but you get the idea). >> >> On that basis, I believe all the specific cases you describe below are all >> covered and safe - please let me know if you think there is a hole here! >> >>> >>> 1. madvise(MADV_DONTNEED) on a part of basepages on a CONTPTE large folio >> >> The page will first be unmapped (e.g. ptep_clear() or ptep_get_and_clear(), or >> whatever). The implementation of that will cause an unfold and the CONT_PTE bit >> is removed from the whole contpte block. If there is then a subsequent >> set_pte_at() to set a swap entry, the implementation will see that its not >> appropriate to re-fold, so the range will remain unfolded. >> >>> >>> 2. vma split in a large folio due to various reasons such as mprotect, >>> munmap, mlock etc. >> >> I'm not sure if PTEs are explicitly unmapped/remapped when splitting a VMA? I >> suspect not, so if the VMA is split in the middle of a currently folded contpte >> block, it will remain folded. But this is safe and continues to work correctly. >> The VMA arrangement is not important; it is just important that a single folio >> is mapped contiguously across the whole block. > > Even with different permissions, for example, read-only vs read-write? > The mprotect() may change the permission. It should be misprogramming > per ARM ARM. If the permissions are changed, then mprotect() must have called the pgtable helpers to modify the page table (e.g. ptep_set_wrprotect(), ptep_set_access_flags() or whatever). These functions will notice that the contpte block is currently folded and unfold it before apply the permissions change. The unfolding process is done in a way that intentionally avoids misprogramming as defined by the Arm ARM. See contpte_fold() in contpte.c. > >> >>> >>> 3. try_to_unmap_one() to reclaim a folio, ptes are scanned one by one >>> rather than being as a whole. >> >> Yes, as per 1; the arm64 implementation will notice when the first entry is >> cleared and unfold the contpte block. >> >>> >>> In hardware, we need to make sure CONTPTE follow the rule - always 16 >>> contiguous physical address with CONTPTE set. if one of them run away >>> from the 16 ptes group and PTEs become unconsistent, some terrible >>> errors/faults can happen in HW. for example >> >> Yes, the implementation obeys all these rules; see contpte_try_fold() and >> contpte_try_unfold(). the fold/unfold operation is only done when all >> requirements are met, and we perform it in a manner that is conformant to the >> architecture requirements (see contpte_fold() - being renamed to >> contpte_convert() in the next version). >> >> Thanks for the review! >> >> Thanks, >> Ryan >> >>> >>> case0: >>> addr0 PTE - has no CONTPE >>> addr0+4kb PTE - has CONTPTE >>> .... >>> addr0+60kb PTE - has CONTPTE >>> >>> case 1: >>> addr0 PTE - has no CONTPE >>> addr0+4kb PTE - has CONTPTE >>> .... >>> addr0+60kb PTE - has swap >>> >>> Unconsistent 16 PTEs will lead to crash even in the firmware based on >>> our observation. >>> >>> Thanks >>> Barry >>> >>> >> >>