From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-pj1-f74.google.com (mail-pj1-f74.google.com [209.85.216.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C52231B1410 for ; Thu, 20 Jun 2024 16:04:31 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.74 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1718899473; cv=none; b=etEYfRseCrf9ovqvN/zoi+ojhfDADQcajnMjGHEKsVztsVc69HbSzBxP4rn+h0NkNgIF2X2MAKlgZEARGS3jehjW1CkeA7qHofcUKZGA/1g2DYhg63OHnR/NL5TYktEXsRvtDIPgNB682WBygowx49IykMb7bFaAPJi29JVC5Dc= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1718899473; c=relaxed/simple; bh=L+sRaUROFLiedBrG2sWDIkuJ5o3pE63VZuzrZpIf2Fc=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=smtovBT55Hfmnpq6xuvhgEwmqPiMshSk2+LeGfZ0C4St2Oux017To6Mrfg5dC8ups3MJ8LjhI0HkuG/MKyG7FqaFuvpc6byH1wFMWB90PyMCglkGD3vlyj9HuNBdIJQkZyHuYjwF+j1PnBVEp+74sDcWLMpf2RHlLy9q4bj8w2M= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=H5PjkJ7x; arc=none smtp.client-ip=209.85.216.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="H5PjkJ7x" Received: by mail-pj1-f74.google.com with SMTP id 98e67ed59e1d1-2c7a68c3a85so1183954a91.2 for ; Thu, 20 Jun 2024 09:04:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1718899471; x=1719504271; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=GM34BWwCNXiLOvG2mLkdqlEK4NIZT0q6djBzomdsWyE=; b=H5PjkJ7xfs83q10hkyTRCTnHarYxN6jsat87cynb3dCvPgi97F1+2vVjd+mGIZCJ+/ 3vbj6W/DaEKbIvMf3gz5vWKIMC5pHHEcOPDq3JfrUtsW1mUEGxD4P5LFLpTmdVQ430jA ipeL2Y5xYBNg67xC5Y08wZufdFWCPJL5Yy3fQNCCellnWrU20Cvu5aYoI9KYeQ/16YhW DbmvY9D0LUs4ano+MrVwYvKYfXKdvs2e+hAN2WvwKsYF4cXcdEeUDE/m34dLYkQ/HzVw UsINpLhKM6cNRPgntd0qVsDFXrrlw04ULYcx3k74Z1JWPtlwGY/T9csxZmLAFXaRMIVi B68A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1718899471; x=1719504271; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=GM34BWwCNXiLOvG2mLkdqlEK4NIZT0q6djBzomdsWyE=; b=dzjxmizCLxoOKrsvmb9zqANKxrZPJmYP8ndBsBPArJslL0t0r6TmXFAmSDJ9ImGh74 LaEsHQF8evL+zDA+PywuekQjYa10MXxbo7P4G0tPsbAY6qJQFIxIrZboFcJNpZvCHiBd YnOqoemFi5HXoArZghpFgA52+CAy+F1til8UbmK+VlrCQiejKOADsBW6c2gHeiNT6wLs mi/chCsJ8T+p09UlTAluhosCKZSxxJQHMSW+MDXA3QIPDdC/cqdmATc36qG9d7ix2fIU OzZWBc/oU8zlBDLa0PlWY2zIBQwUB4soXcgQhZuCXTlS4nlcUDwNURc7PXLFo4S0ji7E Z5cA== X-Forwarded-Encrypted: i=1; AJvYcCUI9/LQSgHeFBp7SL2jFl2hzzQFF0+j4Kg2GrWtbEVc9JLhGHCfn9OOPXnN47UUcRUAVQr2NaGG0zCgWBE2OLvUVSS79hXvKtc6LOQe X-Gm-Message-State: AOJu0Yw7bpEv8E31YJ0r2rL0vLIfIpbNHeCEpY5ifZSHAjKjm8L4JjuL d8luVk3/sWye1N9vEHpukPkP3a61XDF3jyAbmCTz68Etg3OvBuGnQA9Pb8U/2AJrDVJbhTIolEb GZg== X-Google-Smtp-Source: AGHT+IEQboNcvlNMXMXTQphakoihDkY0lsVfoV/sk/4m49kyvfsdiCALpaLxGs2jQVK54zSq5Uy3vdD10AI= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a17:90a:fa8d:b0:2c2:ff46:312a with SMTP id 98e67ed59e1d1-2c7b5d647d3mr16281a91.4.1718899470904; Thu, 20 Jun 2024 09:04:30 -0700 (PDT) Date: Thu, 20 Jun 2024 09:04:29 -0700 In-Reply-To: <385a5692-ffc8-455e-b371-0449b828b637@redhat.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <7fb8cc2c-916a-43e1-9edf-23ed35e42f51@nvidia.com> <14bd145a-039f-4fb9-8598-384d6a051737@redhat.com> <20240619115135.GE2494510@nvidia.com> <20240620135540.GG2494510@nvidia.com> <6d7b180a-9f80-43a4-a4cc-fd79a45d7571@redhat.com> <20240620142956.GI2494510@nvidia.com> <385a5692-ffc8-455e-b371-0449b828b637@redhat.com> Message-ID: Subject: Re: [PATCH RFC 0/5] mm/gup: Introduce exclusive GUP pinning From: Sean Christopherson To: David Hildenbrand Cc: Jason Gunthorpe , Fuad Tabba , Christoph Hellwig , John Hubbard , Elliot Berman , Andrew Morton , Shuah Khan , Matthew Wilcox , maz@kernel.org, kvm@vger.kernel.org, linux-arm-msm@vger.kernel.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, pbonzini@redhat.com Content-Type: text/plain; charset="us-ascii" On Thu, Jun 20, 2024, David Hildenbrand wrote: > On 20.06.24 16:29, Jason Gunthorpe wrote: > > On Thu, Jun 20, 2024 at 04:01:08PM +0200, David Hildenbrand wrote: > > > On 20.06.24 15:55, Jason Gunthorpe wrote: > > > > On Thu, Jun 20, 2024 at 09:32:11AM +0100, Fuad Tabba wrote: > > > Regarding huge pages: assume the huge page (e.g., 1 GiB hugetlb) is shared, > > > now the VM requests to make one subpage private. > > > > I think the general CC model has the shared/private setup earlier on > > the VM lifecycle with large runs of contiguous pages. It would only > > become a problem if you intend to to high rate fine granual > > shared/private switching. Which is why I am asking what the actual > > "why" is here. > > I am not an expert on that, but I remember that the way memory > shared<->private conversion happens can heavily depend on the VM use case, Yeah, I forget the details, but there are scenarios where the guest will share (and unshare) memory at 4KiB (give or take) granularity, at runtime. There's an RFC[*] for making SWIOTLB operate at 2MiB is driven by the same underlying problems. But even if Linux-as-a-guest were better behaved, we (the host) can't prevent the guest from doing suboptimal conversions. In practice, killing the guest or refusing to convert memory isn't an option, i.e. we can't completely push the problem into the guest https://lore.kernel.org/all/20240112055251.36101-1-vannapurve@google.com > and that under pKVM we might see more frequent conversion, without even > going to user space. > > > > > > How to handle that without eventually running into a double > > > memory-allocation? (in the worst case, allocating a 1GiB huge page > > > for shared and for private memory). > > > > I expect you'd take the linear range of 1G of PFNs and fragment it > > into three ranges private/shared/private that span the same 1G. > > > > When you construct a page table (ie a S2) that holds these three > > ranges and has permission to access all the memory you want the page > > table to automatically join them back together into 1GB entry. > > > > When you construct a page table that has only access to the shared, > > then you'd only install the shared hole at its natural best size. > > > > So, I think there are two challenges - how to build an allocator and > > uAPI to manage this sort of stuff so you can keep track of any > > fractured pfns and ensure things remain in physical order. > > > > Then how to re-consolidate this for the KVM side of the world. > > Exactly! > > > > > guest_memfd, or something like it, is just really a good answer. You > > have it obtain the huge folio, and keep track on its own which sub > > pages can be mapped to a VMA because they are shared. KVM will obtain > > the PFNs directly from the fd and KVM will not see the shared > > holes. This means your S2's can be trivially constructed correctly. > > > > No need to double allocate.. > > Yes, that's why my thinking so far was: > > Let guest_memfd (or something like that) consume huge pages (somehow, let it > access the hugetlb reserves). Preallocate that memory once, as the VM starts > up: just like we do with hugetlb in VMs. > > Let KVM track which parts are shared/private, and if required, let it map > only the shared parts to user space. KVM has all information to make these > decisions. > > If we could disallow pinning any shared pages, that would make life a lot > easier, but I think there were reasons for why we might require it. To > convert shared->private, simply unmap that folio (only the shared parts > could possibly be mapped) from all user page tables. > > Of course, there might be alternatives, and I'll be happy to learn about > them. The allcoator part would be fairly easy, and the uAPI part would > similarly be comparably easy. So far the theory :) > > > > > I'm kind of surprised the CC folks don't want the same thing for > > exactly the same reason. It is much easier to recover the huge > > mappings for the S2 in the presence of shared holes if you track it > > this way. Even CC will have this problem, to some degree, too. > > Precisely! RH (and therefore, me) is primarily interested in existing > guest_memfd users at this point ("CC"), and I don't see an easy way to get > that running with huge pages in the existing model reasonably well ... This is the general direction guest_memfd is headed, but getting there is easier said than done. E.g. as alluded to above, "simply unmap that folio" is quite difficult, bordering on infeasible if the kernel is allowed to gup() shared guest_memfd memory.