From: Lance Yang <lance.yang@linux.dev>
To: David Hildenbrand <david@redhat.com>
Cc: ziy@nvidia.com, baolin.wang@linux.alibaba.com,
Liam.Howlett@oracle.com, npache@redhat.com, ryan.roberts@arm.com,
dev.jain@arm.com, baohua@kernel.org, ioworker0@gmail.com,
kirill@shutemov.name, hughd@google.com, mpenttil@redhat.com,
linux-kernel@vger.kernel.org, linux-mm@kvack.org,
akpm@linux-foundation.org, lorenzo.stoakes@oracle.com
Subject: Re: [PATCH mm-new v2 2/2] mm/khugepaged: abort collapse scan on guard PTEs
Date: Fri, 19 Sep 2025 10:41:47 +0800 [thread overview]
Message-ID: <eabd866a-aed3-4e28-a139-13b7c1d4e715@linux.dev> (raw)
In-Reply-To: <a696c734-9f88-4d6f-a852-013071a2dd2a@redhat.com>
On 2025/9/19 02:47, David Hildenbrand wrote:
> On 18.09.25 07:04, Lance Yang wrote:
>> From: Lance Yang <lance.yang@linux.dev>
>>
>> Guard PTE markers are installed via MADV_GUARD_INSTALL to create
>> lightweight guard regions.
>>
>> Currently, any collapse path (khugepaged or MADV_COLLAPSE) will fail when
>> encountering such a range.
>>
>> MADV_COLLAPSE fails deep inside the collapse logic when trying to swap-in
>> the special marker in __collapse_huge_page_swapin().
>>
>> hpage_collapse_scan_pmd()
>> `- collapse_huge_page()
>> `- __collapse_huge_page_swapin() -> fails!
>>
>> khugepaged's behavior is slightly different due to its max_ptes_swap
>> limit
>> (default 64). It won't fail as deep, but it will still needlessly scan up
>> to 64 swap entries before bailing out.
>>
>> IMHO, we can and should detect this much earlier.
>>
>> This patch adds a check directly inside the PTE scan loop. If a guard
>> marker is found, the scan is aborted immediately with
>> SCAN_PTE_NON_PRESENT,
>> avoiding wasted work.
>>
>> Suggested-by: Lorenzo Stoakes <lorenzo.stoakes@oracle.com>
>> Signed-off-by: Lance Yang <lance.yang@linux.dev>
>> ---
>> mm/khugepaged.c | 10 ++++++++++
>> 1 file changed, 10 insertions(+)
>>
>> diff --git a/mm/khugepaged.c b/mm/khugepaged.c
>> index 9ed1af2b5c38..70ebfc7c1f3e 100644
>> --- a/mm/khugepaged.c
>> +++ b/mm/khugepaged.c
>> @@ -1306,6 +1306,16 @@ static int hpage_collapse_scan_pmd(struct
>> mm_struct *mm,
>> result = SCAN_PTE_UFFD_WP;
>> goto out_unmap;
>> }
>> + /*
>> + * Guard PTE markers are installed by
>> + * MADV_GUARD_INSTALL. Any collapse path must
>> + * not touch them, so abort the scan immediately
>> + * if one is found.
>> + */
>> + if (is_guard_pte_marker(pteval)) {
>> + result = SCAN_PTE_NON_PRESENT;
>> + goto out_unmap;
>> + }
>
> Thinking about it, this is interesting.
>
> Essentially we track any non-swap swap entries towards
> khugepaged_max_ptes_swap, which is rather weird.
>
> I think we might also run into migration entries here and hwpoison entries?
>
> So what about just generalizing this:
>
> diff --git a/mm/khugepaged.c b/mm/khugepaged.c
> index af5f5c80fe4ed..28f1f4bf0e0a8 100644
> --- a/mm/khugepaged.c
> +++ b/mm/khugepaged.c
> @@ -1293,7 +1293,24 @@ static int hpage_collapse_scan_pmd(struct
> mm_struct *mm,
> for (_address = address, _pte = pte; _pte < pte + HPAGE_PMD_NR;
> _pte++, _address += PAGE_SIZE) {
> pte_t pteval = ptep_get(_pte);
> - if (is_swap_pte(pteval)) {
> +
> + if (pte_none(pteval) || is_zero_pfn(pte_pfn(pteval))) {
> + ++none_or_zero;
> + if (!userfaultfd_armed(vma) &&
> + (!cc->is_khugepaged ||
> + none_or_zero <= khugepaged_max_ptes_none)) {
> + continue;
> + } else {
> + result = SCAN_EXCEED_NONE_PTE;
> + count_vm_event(THP_SCAN_EXCEED_NONE_PTE);
> + goto out_unmap;
> + }
> + } else if (!pte_present(pteval)) {
> + if (non_swap_entry(pte_to_swp_entry(pteval))) {
> + result = SCAN_PTE_NON_PRESENT;
> + goto out_unmap;
> + }
> +
> ++unmapped;
> if (!cc->is_khugepaged ||
> unmapped <= khugepaged_max_ptes_swap) {
> @@ -1313,18 +1330,7 @@ static int hpage_collapse_scan_pmd(struct
> mm_struct *mm,
> goto out_unmap;
> }
> }
> - if (pte_none(pteval) || is_zero_pfn(pte_pfn(pteval))) {
> - ++none_or_zero;
> - if (!userfaultfd_armed(vma) &&
> - (!cc->is_khugepaged ||
> - none_or_zero <= khugepaged_max_ptes_none)) {
> - continue;
> - } else {
> - result = SCAN_EXCEED_NONE_PTE;
> - count_vm_event(THP_SCAN_EXCEED_NONE_PTE);
> - goto out_unmap;
> - }
> - }
> +
> if (pte_uffd_wp(pteval)) {
> /*
> * Don't collapse the page if any of the small
>
>
> With that, the function flow looks more similar to
> __collapse_huge_page_isolate(),
> except that we handle swap entries in there now.
Ah, indeed. I like this crazy idea ;p
>
>
> And with that in place, couldn't we factor out a huge chunk of both
> scanning
> functions into some helper (passing whether swap entries are allowed or
> not?).
Yes. Factoring out the common scanning logic into a new helper is a
good suggestion. It would clean things up ;)
>
> Yes, I know, refactoring khugepaged, crazy idea.
I'll look into that. But let's do this separately :)
Cheers,
Lance
next prev parent reply other threads:[~2025-09-19 2:42 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-09-18 5:04 [PATCH mm-new v2 0/2] mm/khugepaged: optimize collapse candidate detection Lance Yang
2025-09-18 5:04 ` [PATCH mm-new v2 1/2] mm: make is_guard_pte_marker() available for hugepage collapse Lance Yang
2025-09-18 19:07 ` Zi Yan
2025-09-23 2:29 ` Wei Yang
2025-09-18 5:04 ` [PATCH mm-new v2 2/2] mm/khugepaged: abort collapse scan on guard PTEs Lance Yang
2025-09-18 7:37 ` Dev Jain
2025-09-18 8:11 ` Lance Yang
2025-09-18 10:06 ` Lorenzo Stoakes
2025-09-18 11:10 ` Dev Jain
2025-09-18 10:16 ` Lorenzo Stoakes
2025-09-18 11:11 ` Dev Jain
2025-09-18 18:47 ` David Hildenbrand
2025-09-19 2:41 ` Lance Yang [this message]
2025-09-19 7:57 ` David Hildenbrand
2025-09-19 8:26 ` Lance Yang
2025-09-19 4:11 ` Dev Jain
2025-09-18 19:12 ` Zi Yan
2025-09-19 2:44 ` Lance Yang
2025-09-19 3:18 ` Baolin Wang
2025-09-19 3:34 ` Lance Yang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=eabd866a-aed3-4e28-a139-13b7c1d4e715@linux.dev \
--to=lance.yang@linux.dev \
--cc=Liam.Howlett@oracle.com \
--cc=akpm@linux-foundation.org \
--cc=baohua@kernel.org \
--cc=baolin.wang@linux.alibaba.com \
--cc=david@redhat.com \
--cc=dev.jain@arm.com \
--cc=hughd@google.com \
--cc=ioworker0@gmail.com \
--cc=kirill@shutemov.name \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=lorenzo.stoakes@oracle.com \
--cc=mpenttil@redhat.com \
--cc=npache@redhat.com \
--cc=ryan.roberts@arm.com \
--cc=ziy@nvidia.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.