* [RFC PATCH v2 00/10] mm/mremap: introduce more mergeable mremap via MREMAP_RELOCATE_ANON
@ 2025-04-22 8:09 Lorenzo Stoakes
2025-04-22 8:09 ` [RFC PATCH v2 01/10] " Lorenzo Stoakes
` (9 more replies)
0 siblings, 10 replies; 22+ messages in thread
From: Lorenzo Stoakes @ 2025-04-22 8:09 UTC (permalink / raw)
To: Andrew Morton
Cc: Vlastimil Babka, Jann Horn, Liam R . Howlett, Suren Baghdasaryan,
Matthew Wilcox, David Hildenbrand, Pedro Falcato, linux-mm,
linux-kernel
A long standing issue with VMA merging of anonymous VMAs is the requirement
to maintain both vma->vm_pgoff and anon_vma compatibility between merge
candidates.
For anonymous mappings, vma->vm_pgoff (and consequently, folio->index)
refer to virtual page offsets, that is, va >> PAGE_SHIFT.
However upon mremap() of an anonymous mapping that has been faulted (that
is, where vma->anon_vma != NULL), we would then need to walk page tables to
be able to access let alone manipulate folio->index, mapping fields to
permit an update of this virtual page offset.
Therefore in these instances, we do not do so, instead retaining the
virtual page offset the VMA was first faulted in at as it's vma->vm_pgoff
field, and of course consequently folio->index.
On each occasion we use linear_page_index() to determine the appropriate
offset, cleverly offset the vma->vm_pgoff field by the difference between
the virtual address and actual VMA start.
Doing so in effect fragments the virtual address space, meaning that we are
no longer able to merge these VMAs with adjacent ones that could, at least
theoretically, be merged.
This also creates a difference in behaviour, often surprising to users,
between mappings which are faulted and those which are not - as for the
latter we adjust vma->vm_pgoff upon mremap() to aid mergeability.
This is problematic firstly because this proliferates kernel allocations
that are pure memory pressure - unreclaimable and unmovable -
i.e. vm_area_struct, anon_vma, anon_vma_chain objects that need not exist.
Secondly, mremap() exhibits an implicit uAPI in that it does not permit
remaps which span multiple VMAs (though it does permit remaps that
constitute a part of a single VMA).
This means that a user must concern themselves with whether merges succeed
or not should they wish to use mremap() in such a way which causes multiple
mremap() calls to be performed upon mappings.
This series provides users with an option to accept the overhead of
actually updating the VMA and underlying folios via the
MREMAP_RELOCATE_ANON flag.
If MREMAP_RELOCATE_ANON is specified, but an ordinary merge would result in
the mremap() succeeding, then no attempt is made at relocation of folios as
this is not required.
Even if no merge is possible upon moving of the region, vma->vm_pgoff and
folio->index fields are appropriately updated in order that subsequent
mremap() or mprotect() calls will succeed in merging.
This flag falls back to the ordinary means of mremap() should the operation
not be feasible. It also transparently undoes the operation, carefully
holding rmap locks such that no racing rmap operation encounters incorrect
or missing VMAs.
In addition, the MREMAP_MUST_RELOCATE_ANON flag is supplied in case the
user needs to know whether or not the operation succeeded - this flag is
identical to MREMAP_RELOCATE_ANON, only if the operation cannot succeed,
the mremap() fails with -EFAULT.
Note that no-op mremap() operations (such as an unpopulated range, or a
merge that would trivially succeed already) will succeed under
MREMAP_MUST_RELOCATE_ANON.
mremap() already walks page tables, so it isn't an order of magntitude
increase in workload, but constitutes the need to walk to page table leaf
level and manipulate folios.
The operations all succeed under THP and in general are compatible with
underlying large folios of any size. In fact, the larger the folio, the
more efficient the operation is.
Performance testing indicate that time taken using MREMAP_RELOCATE_ANON is
on the same order of magnitude of ordinary mremap() operations, with both
exhibiting time to the proportion of the mapping which is populated.
Of course, mremap() operations that are entirely aligned are significantly
faster as they need only move a VMA and a smaller number of higher order
page tables, but this is unavoidable.
Use-cases:
* ZGC is a concurrent GC shipped with OpenJDK. A prototype is being worked
upon which makes use of extensive mremap() operations to perform
defragmentation of objects, taking advantage of the plentiful available
virtual address space in a 64-bit system.
In instances where one VMA is faulted in and another not, merging is not
possible, which leads to significant, unreclaimable, kernel metadata
overhead and contention on the vm.max_map_count limit.
This series eliminates the issue entirely.
* It was indicated that Android similarly moves memory around and
encounters the very same issues as ZGC.
* SUSE indicate they have encountered similar issues as pertains to an
internal client.
Alternative approaches:
In discussions at LSF/MM/BPF It was suggested that we could make this an
madvise() operation, however at this point it will be too late to correctly
perform the merge, requiring an unmap/remap which would be egregious.
It was further suggested that we simply defer the operation to the point at
which an mremap() is attempted on multiple immediately adjacent VMAs (that
is - to allow VMA fragmentation up until the point where it might cause
perceptible issues with uAPI).
This is problematic in that in the first instance - you accrue
fragmentation, and only if you were to try to move the fragmented objects
again would you resolve it.
Additionally you would not be able to handle the mprotect() case, and you'd
have the same issue as the madvise() approach in that you'd need to
essentially re-map each VMA.
Additionally it would become non-trivial to correctly merge the VMAs - if
there were more than 3, we would need to invent a new merging mechanism
specifically for this, hold locks carefully over each to avoid them
disappearing from beneath us and introduce a great deal of non-optional
complexity.
While imperfect, the mremap flag approach seems the least invasive most
workable solution (until further rework of the anon_vma mechanism can be
achieved!)
Testing:
* Significantly expanded self-tests, all of which are passing.
* Ran all self tests with MREMAP_RELOCATE_ANON forced on for all anonymous
mremap()'s.
* Ran heavy workloads with MREMAP_RELOCATE_ANON forced on on real hardware
(kernel compilation, etc.)
* Ran stress-ng --mremap 32 for an hour with MREMAP_RELOCATE_ANON forced on
on real hardware.
History:
RFC v2:
* Added folio_mapcount() check on relocate anon to assert exclusively
mapped as per Jann.
* Added check for anon_vma->num_children > nr_pages in
should_relocate_anon() as per Jann.
* Separated out vma_had_uncowed_parents() into shared helper function and
added vma_had_uncowed_children() to implement the above.
* Add comment clarifying why we do not require an rmap lock on the old VMA
due to fork requiring an mmap write lock which we hold.
* Corrected error path on __anon_vma_prepare() in copy_vma() as per Jann.
* Checked for folio pinning and abort if in place. We do so, because this
implies the folio is being used by the kernel for a time longer than the
time over which an mmap lock is held (which will not be held at the time
of us manipulating the folio, as we hold the mmap write lock). We are
manipulating mapping, index fields and being conservative (additionally
mirroring what UFFDIO_MOVE does), we cannot assume that whoever holds the
pin isn't somehow relying on these not being manipulated. As per David.
* Propagated mapcount, maybe DMA pinned checks to large folio logic.
* Added folio splitting - on second thoughts, it would be a bit silly to
simply disallow the request because of large folio misalignment, work
around this by splitting the folio in this instance.
* Added very careful handling around rmap lock, making use of
folio_anon_vma(), to ensure we do not deadlock on anon_vma.
* Prefer vm_normal_folio() to vm_normal_page() & page_folio().
* Introduced has_shared_anon_vma() to de-duplicate shared anon_vma check.
* Provided sys_mremap() helper in vm_util.[ch] to be shared among test
callers and de-duplicate. This must be a raw system call, as glibc will
otherwise filter the flags.
* Expanded the mm CoW self-tests to explicitly test with
MREMAP_RELOCATE_ANON for partial THP pages. This is useful as it
exercises split_folio() code paths explicitly. Additionally some cases
cannot succeed, so we also exercise undo paths.
* Added explicit lockdep handling to teach it that we are handling two
distinct anon_vma locks so it doesn't spuriously report a deadlock.
* Updated anon_vma deadlock checks to check anon_vma->root. Shouldn't
strictly be necessary as we explicitly limit ourselves to unforked
anon_vma's, but it is more correct to do so, as this is where the lock is
located.
* Expanded the split_huge_page_test.c test to also test using the
MREMAP_RELOCATE_ANON flag, this is useful as it exercises the undo path.
RFC v1:
https://lore.kernel.org/all/cover.1742478846.git.lorenzo.stoakes@oracle.com/
Lorenzo Stoakes (10):
mm/mremap: introduce more mergeable mremap via MREMAP_RELOCATE_ANON
mm/mremap: add MREMAP_MUST_RELOCATE_ANON
mm/mremap: add MREMAP[_MUST]_RELOCATE_ANON support for large folios
tools UAPI: Update copy of linux/mman.h from the kernel sources
tools/testing/selftests: add sys_mremap() helper to vm_util.h
tools/testing/selftests: add mremap() cases that merge normally
tools/testing/selftests: add MREMAP_RELOCATE_ANON merge test cases
tools/testing/selftests: expand mremap() tests for
MREMAP_RELOCATE_ANON
tools/testing/selftests: have CoW self test use MREMAP_RELOCATE_ANON
tools/testing/selftests: test relocate anon in split huge page test
include/uapi/linux/mman.h | 8 +-
mm/internal.h | 1 +
mm/mremap.c | 726 ++++++++-
mm/vma.c | 78 +-
mm/vma.h | 28 +-
tools/include/uapi/linux/mman.h | 8 +-
tools/testing/selftests/mm/cow.c | 23 +-
tools/testing/selftests/mm/merge.c | 1329 ++++++++++++++++-
tools/testing/selftests/mm/mremap_test.c | 262 ++--
.../selftests/mm/split_huge_page_test.c | 25 +-
tools/testing/selftests/mm/vm_util.c | 8 +
tools/testing/selftests/mm/vm_util.h | 3 +
tools/testing/vma/vma.c | 5 +-
tools/testing/vma/vma_internal.h | 33 +
14 files changed, 2363 insertions(+), 174 deletions(-)
--
2.49.0
^ permalink raw reply [flat|nested] 22+ messages in thread
* [RFC PATCH v2 01/10] mm/mremap: introduce more mergeable mremap via MREMAP_RELOCATE_ANON
2025-04-22 8:09 [RFC PATCH v2 00/10] mm/mremap: introduce more mergeable mremap via MREMAP_RELOCATE_ANON Lorenzo Stoakes
@ 2025-04-22 8:09 ` Lorenzo Stoakes
2025-04-30 0:47 ` Wei Yang
2025-04-22 8:09 ` [RFC PATCH v2 02/10] mm/mremap: add MREMAP_MUST_RELOCATE_ANON Lorenzo Stoakes
` (8 subsequent siblings)
9 siblings, 1 reply; 22+ messages in thread
From: Lorenzo Stoakes @ 2025-04-22 8:09 UTC (permalink / raw)
To: Andrew Morton
Cc: Vlastimil Babka, Jann Horn, Liam R . Howlett, Suren Baghdasaryan,
Matthew Wilcox, David Hildenbrand, Pedro Falcato, linux-mm,
linux-kernel
When mremap() moves a mapping around in memory, it goes to great lengths to
avoid having to walk page tables as this is expensive and
time-consuming.
Rather, if the VMA was faulted (that is vma->anon_vma != NULL), the virtual
page offset stored in the VMA at vma->vm_pgoff will remain the same, as
well all the folio indexes pointed at the associated anon_vma object.
This means the VMA and page tables can simply be moved and this affects the
change (and if we can move page tables at a higher page table level, this
is even faster).
While this is efficient, it does lead to big problems with VMA merging - in
essence it causes faulted anonymous VMAs to not be mergeable under many
circumstances once moved.
This is limiting and leads to both a proliferation of unreclaimable,
unmovable kernel metadata (VMAs, anon_vma's, anon_vma_chain's) and has an
impact on further use of mremap(), which has a requirement that the VMA
moved (which can also be a partial range within a VMA) may span only a
single VMA.
This makes the mergeability or not of VMAs in effect a uAPI concern.
In some use cases, users may wish to accept the overhead of actually going
to the trouble of updating VMAs and folios to affect mremap() moves. Let's
provide them with the choice.
This patch add a new MREMAP_RELOCATE_ANON flag to do just that, which
attempts to perform such an operation. If it is unable to do so, it cleanly
falls back to the usual method.
It carefully takes the rmap locks such that at no time will a racing rmap
user encounter incorrect or missing VMAs.
It is also designed to interact cleanly with the existing mremap() error
fallback mechanism (inverting the remap should the page table move fail).
Also, if we could merge cleanly without such a change, we do so, avoiding
the overhead of the operation if it is not required.
In the instance that no merge may occur when the move is performed, we
still perform the folio and VMA updates to ensure that future mremap() or
mprotect() calls will result in merges.
In this implementation, we simply give up if we encounter large folios. A
subsequent commit will extend the functionality to allow for these cases.
We restrict this flag to purely anonymous memory only.
we separate out the vma_had_uncowed_parents() helper function for checking
in should_relocate_anon() and introduce a vma_had_uncowed_children()
function for the same purpose.
We carefully check for pinned folios in case a caller who holds a pin might
make assumptions about index, mapping fields which we are about to
manipulate.
Signed-off-by: Lorenzo Stoakes <lorenzo.stoakes@oracle.com>
---
include/uapi/linux/mman.h | 1 +
mm/internal.h | 1 +
mm/mremap.c | 410 +++++++++++++++++++++++++++++--
mm/vma.c | 78 ++++--
mm/vma.h | 28 ++-
tools/testing/vma/vma.c | 5 +-
tools/testing/vma/vma_internal.h | 33 +++
7 files changed, 512 insertions(+), 44 deletions(-)
diff --git a/include/uapi/linux/mman.h b/include/uapi/linux/mman.h
index e89d00528f2f..d0542f872e0c 100644
--- a/include/uapi/linux/mman.h
+++ b/include/uapi/linux/mman.h
@@ -9,6 +9,7 @@
#define MREMAP_MAYMOVE 1
#define MREMAP_FIXED 2
#define MREMAP_DONTUNMAP 4
+#define MREMAP_RELOCATE_ANON 8
#define OVERCOMMIT_GUESS 0
#define OVERCOMMIT_ALWAYS 1
diff --git a/mm/internal.h b/mm/internal.h
index 838f840ded83..a08863169bec 100644
--- a/mm/internal.h
+++ b/mm/internal.h
@@ -46,6 +46,7 @@ struct folio_batch;
struct pagetable_move_control {
struct vm_area_struct *old; /* Source VMA. */
struct vm_area_struct *new; /* Destination VMA. */
+ struct vm_area_struct *relocate_locked; /* VMA which is rmap locked. */
unsigned long old_addr; /* Address from which the move begins. */
unsigned long old_end; /* Exclusive address at which old range ends. */
unsigned long new_addr; /* Address to move page tables to. */
diff --git a/mm/mremap.c b/mm/mremap.c
index 7db9da609c84..1d915445026f 100644
--- a/mm/mremap.c
+++ b/mm/mremap.c
@@ -71,6 +71,15 @@ struct vma_remap_struct {
unsigned long charged; /* If VM_ACCOUNT, # pages to account. */
};
+/* Represents local PTE state. */
+struct pte_state {
+ unsigned long old_addr;
+ unsigned long new_addr;
+ unsigned long old_end;
+ pte_t *ptep;
+ spinlock_t *ptl;
+};
+
static pud_t *get_old_pud(struct mm_struct *mm, unsigned long addr)
{
pgd_t *pgd;
@@ -139,18 +148,50 @@ static pmd_t *alloc_new_pmd(struct mm_struct *mm, unsigned long addr)
return pmd;
}
-static void take_rmap_locks(struct vm_area_struct *vma)
+/*
+ * Determine whether the old and new VMAs share the same anon_vma. If so, this
+ * has implications around locking and to avoid deadlock we need to tread
+ * carefully.
+ */
+static bool has_shared_anon_vma(struct pagetable_move_control *pmc)
+{
+ struct vm_area_struct *vma = pmc->old;
+ struct vm_area_struct *locked = pmc->relocate_locked;
+
+ if (!locked)
+ return false;
+
+ return vma->anon_vma->root == locked->anon_vma->root;
+}
+
+static void maybe_take_rmap_locks(struct pagetable_move_control *pmc)
{
+ struct vm_area_struct *vma;
+ struct anon_vma *anon_vma;
+
+ if (!pmc->need_rmap_locks)
+ return;
+
+ vma = pmc->old;
+ anon_vma = vma->anon_vma;
if (vma->vm_file)
i_mmap_lock_write(vma->vm_file->f_mapping);
- if (vma->anon_vma)
- anon_vma_lock_write(vma->anon_vma);
+ if (anon_vma && !has_shared_anon_vma(pmc))
+ anon_vma_lock_write(anon_vma);
}
-static void drop_rmap_locks(struct vm_area_struct *vma)
+static void maybe_drop_rmap_locks(struct pagetable_move_control *pmc)
{
- if (vma->anon_vma)
- anon_vma_unlock_write(vma->anon_vma);
+ struct vm_area_struct *vma;
+ struct anon_vma *anon_vma;
+
+ if (!pmc->need_rmap_locks)
+ return;
+
+ vma = pmc->old;
+ anon_vma = vma->anon_vma;
+ if (anon_vma && !has_shared_anon_vma(pmc))
+ anon_vma_unlock_write(anon_vma);
if (vma->vm_file)
i_mmap_unlock_write(vma->vm_file->f_mapping);
}
@@ -204,8 +245,7 @@ static int move_ptes(struct pagetable_move_control *pmc,
* serialize access to individual ptes, but only rmap traversal
* order guarantees that we won't miss both the old and new ptes).
*/
- if (pmc->need_rmap_locks)
- take_rmap_locks(vma);
+ maybe_take_rmap_locks(pmc);
/*
* We don't have to worry about the ordering of src and dst
@@ -278,8 +318,7 @@ static int move_ptes(struct pagetable_move_control *pmc,
pte_unmap(new_pte - 1);
pte_unmap_unlock(old_pte - 1, old_ptl);
out:
- if (pmc->need_rmap_locks)
- drop_rmap_locks(vma);
+ maybe_drop_rmap_locks(pmc);
return err;
}
@@ -537,15 +576,14 @@ static __always_inline unsigned long get_extent(enum pgt_entry entry,
* Should move_pgt_entry() acquire the rmap locks? This is either expressed in
* the PMC, or overridden in the case of normal, larger page tables.
*/
-static bool should_take_rmap_locks(struct pagetable_move_control *pmc,
- enum pgt_entry entry)
+static bool should_take_rmap_locks(enum pgt_entry entry)
{
switch (entry) {
case NORMAL_PMD:
case NORMAL_PUD:
return true;
default:
- return pmc->need_rmap_locks;
+ return false;
}
}
@@ -557,11 +595,15 @@ static bool move_pgt_entry(struct pagetable_move_control *pmc,
enum pgt_entry entry, void *old_entry, void *new_entry)
{
bool moved = false;
- bool need_rmap_locks = should_take_rmap_locks(pmc, entry);
+ bool override_locks = false;
- /* See comment in move_ptes() */
- if (need_rmap_locks)
- take_rmap_locks(pmc->old);
+ if (!pmc->need_rmap_locks && should_take_rmap_locks(entry)) {
+ override_locks = true;
+
+ pmc->need_rmap_locks = true;
+ /* See comment in move_ptes() */
+ maybe_take_rmap_locks(pmc);
+ }
switch (entry) {
case NORMAL_PMD:
@@ -585,8 +627,9 @@ static bool move_pgt_entry(struct pagetable_move_control *pmc,
break;
}
- if (need_rmap_locks)
- drop_rmap_locks(pmc->old);
+ maybe_drop_rmap_locks(pmc);
+ if (override_locks)
+ pmc->need_rmap_locks = false;
return moved;
}
@@ -752,6 +795,209 @@ static unsigned long pmc_progress(struct pagetable_move_control *pmc)
return old_addr < orig_old_addr ? 0 : old_addr - orig_old_addr;
}
+/*
+ * If the folio mapped at the specified pte entry can have its index and mapping
+ * relocated, then do so.
+ *
+ * Returns the number of pages we have traversed, or 0 if the operation failed.
+ */
+static unsigned long relocate_anon_pte(struct pagetable_move_control *pmc,
+ struct pte_state *state, bool undo)
+{
+ struct folio *folio;
+ struct vm_area_struct *old, *new;
+ pgoff_t new_index;
+ pte_t pte;
+ unsigned long ret = 1;
+ unsigned long old_addr = state->old_addr;
+ unsigned long new_addr = state->new_addr;
+
+ old = pmc->old;
+ new = pmc->new;
+
+ pte = ptep_get(state->ptep);
+
+ /* Ensure we have truly got an anon folio. */
+ folio = vm_normal_folio(old, old_addr, pte);
+ if (!folio)
+ return ret;
+
+ folio_lock(folio);
+
+ /* No-op. */
+ if (!folio_test_anon(folio) || folio_test_ksm(folio))
+ goto out;
+
+ /*
+ * This should never be the case as we have already checked to ensure
+ * that the anon_vma is not forked, and we have just asserted that it is
+ * anonymous.
+ */
+ if (WARN_ON_ONCE(folio_maybe_mapped_shared(folio)))
+ goto out;
+ /* The above check should imply these. */
+ VM_WARN_ON_ONCE(folio_mapcount(folio) > folio_nr_pages(folio));
+ VM_WARN_ON_ONCE(!PageAnonExclusive(folio_page(folio, 0)));
+
+ /*
+ * A pinned folio implies that it will be used for a duration longer
+ * than that over which the mmap_lock is held, meaning that another part
+ * of the kernel may be making use of this folio.
+ *
+ * Since we are about to manipulate index & mapping fields, we cannot
+ * safely proceed because whatever has pinned this folio may then
+ * incorrectly assume these do not change.
+ */
+ if (folio_maybe_dma_pinned(folio))
+ goto out;
+
+ /*
+ * This should not happen as we explicitly disallow this, but check
+ * anyway.
+ */
+ if (folio_test_large(folio)) {
+ ret = 0;
+ goto out;
+ }
+
+ if (!undo)
+ new_index = linear_page_index(new, new_addr);
+ else
+ new_index = linear_page_index(old, old_addr);
+
+ /*
+ * The PTL should keep us safe from unmapping, and the fact the folio is
+ * a PTE keeps the folio referenced.
+ *
+ * The mmap/VMA locks should keep us safe from fork and other processes.
+ *
+ * The rmap locks should keep us safe from anything happening to the
+ * VMA/anon_vma.
+ *
+ * The folio lock should keep us safe from reclaim, migration, etc.
+ */
+ folio_move_anon_rmap(folio, undo ? old : new);
+ WRITE_ONCE(folio->index, new_index);
+
+out:
+ folio_unlock(folio);
+ return ret;
+}
+
+static bool pte_done(struct pte_state *state)
+{
+ return state->old_addr >= state->old_end;
+}
+
+static void pte_next(struct pte_state *state, unsigned long nr_pages)
+{
+ state->old_addr += nr_pages * PAGE_SIZE;
+ state->new_addr += nr_pages * PAGE_SIZE;
+ state->ptep += nr_pages;
+}
+
+static bool relocate_anon_ptes(struct pagetable_move_control *pmc,
+ unsigned long extent, pmd_t *pmdp, bool undo)
+{
+ struct mm_struct *mm = current->mm;
+ struct pte_state state = {
+ .old_addr = pmc->old_addr,
+ .new_addr = pmc->new_addr,
+ .old_end = pmc->old_addr + extent,
+ };
+ pte_t *ptep_start;
+ bool ret;
+ unsigned long nr_pages;
+
+ ptep_start = pte_offset_map_lock(mm, pmdp, pmc->old_addr, &state.ptl);
+ /*
+ * We prevent faults with mmap write lock, hold the rmap lock and should
+ * not fail to obtain this lock. Just give up if we can't.
+ */
+ if (!ptep_start)
+ return false;
+
+ state.ptep = ptep_start;
+ for (; !pte_done(&state); pte_next(&state, nr_pages)) {
+ pte_t pte = ptep_get(state.ptep);
+
+ if (pte_none(pte) || !pte_present(pte)) {
+ nr_pages = 1;
+ continue;
+ }
+
+ nr_pages = relocate_anon_pte(pmc, &state, undo);
+ if (!nr_pages) {
+ ret = false;
+ goto out;
+ }
+ }
+
+ ret = true;
+out:
+ pte_unmap_unlock(ptep_start, state.ptl);
+ return ret;
+}
+
+static bool __relocate_anon_folios(struct pagetable_move_control *pmc, bool undo)
+{
+ pud_t *pudp;
+ pmd_t *pmdp;
+ unsigned long extent;
+ struct mm_struct *mm = current->mm;
+
+ if (!pmc->len_in)
+ return true;
+
+ for (; !pmc_done(pmc); pmc_next(pmc, extent)) {
+ pmd_t pmd;
+ pud_t pud;
+
+ extent = get_extent(NORMAL_PUD, pmc);
+
+ pudp = get_old_pud(mm, pmc->old_addr);
+ if (!pudp)
+ continue;
+ pud = pudp_get(pudp);
+
+ if (pud_trans_huge(pud) || pud_devmap(pud))
+ return false;
+
+ extent = get_extent(NORMAL_PMD, pmc);
+ pmdp = get_old_pmd(mm, pmc->old_addr);
+ if (!pmdp)
+ continue;
+ pmd = pmdp_get(pmdp);
+
+ if (is_swap_pmd(pmd) || pmd_trans_huge(pmd) ||
+ pmd_devmap(pmd))
+ return false;
+
+ if (pmd_none(pmd))
+ continue;
+
+ if (!relocate_anon_ptes(pmc, extent, pmdp, undo))
+ return false;
+ }
+
+ return true;
+}
+
+static bool relocate_anon_folios(struct pagetable_move_control *pmc, bool undo)
+{
+ unsigned long old_addr = pmc->old_addr;
+ unsigned long new_addr = pmc->new_addr;
+ bool ret;
+
+ ret = __relocate_anon_folios(pmc, undo);
+
+ /* Reset state ready for retry. */
+ pmc->old_addr = old_addr;
+ pmc->new_addr = new_addr;
+
+ return ret;
+}
+
unsigned long move_page_tables(struct pagetable_move_control *pmc)
{
unsigned long extent;
@@ -1132,6 +1378,74 @@ static void unmap_source_vma(struct vma_remap_struct *vrm)
}
}
+/*
+ * Should we attempt to relocate anonymous folios to the location that the VMA
+ * is being moved to by updating index and mapping fields accordingly?
+ */
+static bool should_relocate_anon(struct vma_remap_struct *vrm,
+ struct pagetable_move_control *pmc)
+{
+ struct vm_area_struct *old = vrm->vma;
+
+ /* Currently we only do this if requested. */
+ if (!(vrm->flags & MREMAP_RELOCATE_ANON))
+ return false;
+
+ /* We can't deal with special or hugetlb mappings. */
+ if (old->vm_flags & (VM_SPECIAL | VM_HUGETLB))
+ return false;
+
+ /* We only support anonymous mappings. */
+ if (!vma_is_anonymous(old))
+ return false;
+
+ /* If no folios are mapped, then no need to attempt this. */
+ if (!old->anon_vma)
+ return false;
+
+ /*
+ * If the VMA is referenced by a parent process (i.e. is the child of a
+ * fork) or exists in a process which has been forked, then the folio
+ * may be non-exclusively mapped, and thus is non-relocatable.
+ *
+ * Note the uncowed children check is sufficient, because we hold the
+ * mmap lock.
+ */
+ if (vma_had_uncowed_parents(old) || vma_had_uncowed_children(old))
+ return false;
+
+ /* Otherwise, we're good to go! */
+ return true;
+}
+
+static void lock_new_anon_vma(struct vm_area_struct *new_vma)
+{
+ /*
+ * We have a new VMA to reassign folios to. We take a lock on
+ * its anon_vma so reclaim doesn't fail to unmap mappings.
+ *
+ * We have acquired a VMA write lock by now (in vma_link()), so
+ * we do not have to worry about racing faults.
+ *
+ * NOTE: we do NOT need to acquire an rmap lock on the old VMA,
+ * as forks require an mmap write lock, which we hold.
+ */
+ anon_vma_lock_write(new_vma->anon_vma);
+
+ /*
+ * lockdep is unable to differentiate between the anon_vma lock we take
+ * in the old VMA and the one we are taking here in the new VMA.
+ *
+ * In each instance where the old VMA might have its anon_vma
+ * lock taken, we explicitly check to ensure they are not one
+ * and the same, avoiding deadlock.
+ *
+ * Express this to lockdep through a subclass.
+ */
+ lock_set_subclass(&new_vma->anon_vma->root->rwsem.dep_map, 1,
+ _THIS_IP_);
+}
+
/*
* Copy vrm->vma over to vrm->new_addr possibly adjusting size as part of the
* process. Additionally handle an error occurring on moving of page tables,
@@ -1151,9 +1465,11 @@ static int copy_vma_and_data(struct vma_remap_struct *vrm,
struct vm_area_struct *new_vma;
int err = 0;
PAGETABLE_MOVE(pmc, NULL, NULL, vrm->addr, vrm->new_addr, vrm->old_len);
+ bool relocate_anon = should_relocate_anon(vrm, &pmc);
+again:
new_vma = copy_vma(&vma, vrm->new_addr, vrm->new_len, new_pgoff,
- &pmc.need_rmap_locks);
+ &pmc.need_rmap_locks, &relocate_anon);
if (!new_vma) {
vrm_uncharge(vrm);
*new_vma_ptr = NULL;
@@ -1163,12 +1479,59 @@ static int copy_vma_and_data(struct vma_remap_struct *vrm,
pmc.old = vma;
pmc.new = new_vma;
+ if (relocate_anon) {
+ lock_new_anon_vma(new_vma);
+ pmc.relocate_locked = new_vma;
+
+ if (!relocate_anon_folios(&pmc, /* undo= */false)) {
+ unsigned long start = new_vma->vm_start;
+ unsigned long size = new_vma->vm_end - start;
+
+ /* Undo if fails. */
+ relocate_anon_folios(&pmc, /* undo= */true);
+ vrm_stat_account(vrm, vrm->new_len);
+
+ anon_vma_unlock_write(new_vma->anon_vma);
+ pmc.relocate_locked = NULL;
+
+ do_munmap(current->mm, start, size, NULL);
+ relocate_anon = false;
+ goto again;
+ }
+ }
+
moved_len = move_page_tables(&pmc);
if (moved_len < vrm->old_len)
err = -ENOMEM;
else if (vma->vm_ops && vma->vm_ops->mremap)
err = vma->vm_ops->mremap(new_vma);
+ if (unlikely(err && relocate_anon)) {
+ relocate_anon_folios(&pmc, /* undo= */true);
+ anon_vma_unlock_write(new_vma->anon_vma);
+ pmc.relocate_locked = NULL;
+ } else if (relocate_anon /* && !err */) {
+ unsigned long addr = vrm->new_addr;
+ unsigned long end = addr + vrm->new_len;
+ VMA_ITERATOR(vmi, vma->vm_mm, addr);
+ VMG_VMA_STATE(vmg, &vmi, NULL, new_vma, addr, end);
+ struct vm_area_struct *merged;
+
+ /*
+ * Now we have successfully copied page tables and set up
+ * folios, we can safely drop the anon_vma lock.
+ */
+ anon_vma_unlock_write(new_vma->anon_vma);
+ pmc.relocate_locked = NULL;
+
+ /* Let's try merge again... */
+ vmg.prev = vma_prev(&vmi);
+ vma_next(&vmi);
+ merged = vma_merge_existing_range(&vmg);
+ if (merged)
+ new_vma = merged;
+ }
+
if (unlikely(err)) {
PAGETABLE_MOVE(pmc_revert, new_vma, vma, vrm->new_addr,
vrm->addr, moved_len);
@@ -1486,7 +1849,8 @@ static unsigned long check_mremap_params(struct vma_remap_struct *vrm)
unsigned long flags = vrm->flags;
/* Ensure no unexpected flag values. */
- if (flags & ~(MREMAP_FIXED | MREMAP_MAYMOVE | MREMAP_DONTUNMAP))
+ if (flags & ~(MREMAP_FIXED | MREMAP_MAYMOVE | MREMAP_DONTUNMAP |
+ MREMAP_RELOCATE_ANON))
return -EINVAL;
/* Start address must be page-aligned. */
@@ -1501,6 +1865,10 @@ static unsigned long check_mremap_params(struct vma_remap_struct *vrm)
if (!PAGE_ALIGN(vrm->new_len))
return -EINVAL;
+ /* We can't relocate without allowing a move. */
+ if ((flags & MREMAP_RELOCATE_ANON) && !(flags & MREMAP_MAYMOVE))
+ return -EINVAL;
+
/* Remainder of checks are for cases with specific new_addr. */
if (!vrm_implies_new_addr(vrm))
return 0;
diff --git a/mm/vma.c b/mm/vma.c
index 8a6c5e835759..59a7a9273d53 100644
--- a/mm/vma.c
+++ b/mm/vma.c
@@ -57,22 +57,6 @@ struct mmap_state {
.state = VMA_MERGE_START, \
}
-/*
- * If, at any point, the VMA had unCoW'd mappings from parents, it will maintain
- * more than one anon_vma_chain connecting it to more than one anon_vma. A merge
- * would mean a wider range of folios sharing the root anon_vma lock, and thus
- * potential lock contention, we do not wish to encourage merging such that this
- * scales to a problem.
- */
-static bool vma_had_uncowed_parents(struct vm_area_struct *vma)
-{
- /*
- * The list_is_singular() test is to avoid merging VMA cloned from
- * parents. This can improve scalability caused by anon_vma lock.
- */
- return vma && vma->anon_vma && !list_is_singular(&vma->anon_vma_chain);
-}
-
static inline bool is_mergeable_vma(struct vma_merge_struct *vmg, bool merge_next)
{
struct vm_area_struct *vma = merge_next ? vmg->next : vmg->prev;
@@ -783,8 +767,7 @@ static bool can_merge_remove_vma(struct vm_area_struct *vma)
* - The caller must hold a WRITE lock on the mm_struct->mmap_lock.
* - vmi must be positioned within [@vmg->middle->vm_start, @vmg->middle->vm_end).
*/
-static __must_check struct vm_area_struct *vma_merge_existing_range(
- struct vma_merge_struct *vmg)
+struct vm_area_struct *vma_merge_existing_range(struct vma_merge_struct *vmg)
{
struct vm_area_struct *middle = vmg->middle;
struct vm_area_struct *prev = vmg->prev;
@@ -1799,7 +1782,7 @@ int vma_link(struct mm_struct *mm, struct vm_area_struct *vma)
*/
struct vm_area_struct *copy_vma(struct vm_area_struct **vmap,
unsigned long addr, unsigned long len, pgoff_t pgoff,
- bool *need_rmap_locks)
+ bool *need_rmap_locks, bool *relocate_anon)
{
struct vm_area_struct *vma = *vmap;
unsigned long vma_start = vma->vm_start;
@@ -1825,7 +1808,19 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap,
vmg.middle = NULL; /* New VMA range. */
vmg.pgoff = pgoff;
vmg.next = vma_iter_next_rewind(&vmi, NULL);
+
new_vma = vma_merge_new_range(&vmg);
+ if (*relocate_anon) {
+ /*
+ * If merge succeeds, no need to relocate. Otherwise, reset
+ * pgoff for newly established VMA which we will relocate folios
+ * to.
+ */
+ if (new_vma)
+ *relocate_anon = false;
+ else
+ pgoff = addr >> PAGE_SHIFT;
+ }
if (new_vma) {
/*
@@ -1856,7 +1851,9 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap,
vma_set_range(new_vma, addr, addr + len, pgoff);
if (vma_dup_policy(vma, new_vma))
goto out_free_vma;
- if (anon_vma_clone(new_vma, vma))
+ if (*relocate_anon)
+ new_vma->anon_vma = NULL;
+ else if (anon_vma_clone(new_vma, vma))
goto out_free_mempol;
if (new_vma->vm_file)
get_file(new_vma->vm_file);
@@ -1864,6 +1861,21 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap,
new_vma->vm_ops->open(new_vma);
if (vma_link(mm, new_vma))
goto out_vma_link;
+ /*
+ * If we're attempting to relocate anonymous VMAs, we
+ * don't want to reuse an anon_vma as set by
+ * vm_area_dup(), or copy anon_vma_chain or anything
+ * like this.
+ */
+ if (*relocate_anon && __anon_vma_prepare(new_vma)) {
+ /*
+ * We have already linked this VMA, so we must now unmap
+ * it to unwind this. This is best effort.
+ */
+ do_munmap(mm, addr, len, NULL);
+ return NULL;
+ }
+
*need_rmap_locks = false;
}
return new_vma;
@@ -3052,3 +3064,29 @@ int __vm_munmap(unsigned long start, size_t len, bool unlock)
userfaultfd_unmap_complete(mm, &uf);
return ret;
}
+
+bool vma_had_uncowed_children(struct vm_area_struct *vma)
+{
+ struct anon_vma *anon_vma = vma ? vma->anon_vma : NULL;
+ bool ret;
+
+ if (!anon_vma)
+ return false;
+
+ /*
+ * If we're mmap locked then there's no way for this count to change, as
+ * any such change would require this lock not be held.
+ */
+ if (rwsem_is_locked(&vma->vm_mm->mmap_lock))
+ return anon_vma->num_children > 1;
+
+ /*
+ * Any change that would increase the number of children would be
+ * prevented by a read lock.
+ */
+ anon_vma_lock_read(anon_vma);
+ ret = anon_vma->num_children > 1;
+ anon_vma_unlock_read(anon_vma);
+
+ return ret;
+}
diff --git a/mm/vma.h b/mm/vma.h
index 149926e8a6d1..954bacedbb48 100644
--- a/mm/vma.h
+++ b/mm/vma.h
@@ -267,6 +267,9 @@ __must_check struct vm_area_struct
__must_check struct vm_area_struct
*vma_merge_new_range(struct vma_merge_struct *vmg);
+__must_check struct vm_area_struct
+*vma_merge_existing_range(struct vma_merge_struct *vmg);
+
__must_check struct vm_area_struct
*vma_merge_extend(struct vma_iterator *vmi,
struct vm_area_struct *vma,
@@ -287,7 +290,7 @@ int vma_link(struct mm_struct *mm, struct vm_area_struct *vma);
struct vm_area_struct *copy_vma(struct vm_area_struct **vmap,
unsigned long addr, unsigned long len, pgoff_t pgoff,
- bool *need_rmap_locks);
+ bool *need_rmap_locks, bool *relocate_anon);
struct anon_vma *find_mergeable_anon_vma(struct vm_area_struct *vma);
@@ -505,6 +508,29 @@ struct vm_area_struct *vma_iter_next_rewind(struct vma_iterator *vmi,
return next;
}
+/*
+ * If, at any point, the VMA had unCoW'd mappings from parents, it will maintain
+ * more than one anon_vma_chain connecting it to more than one anon_vma. A merge
+ * would mean a wider range of folios sharing the root anon_vma lock, and thus
+ * potential lock contention, we do not wish to encourage merging such that this
+ * scales to a problem.
+ */
+static inline bool vma_had_uncowed_parents(struct vm_area_struct *vma)
+{
+ /*
+ * The list_is_singular() test is to avoid merging VMA cloned from
+ * parents. This can improve scalability caused by anon_vma lock.
+ */
+ return vma && vma->anon_vma && !list_is_singular(&vma->anon_vma_chain);
+}
+
+/*
+ * If, at any point, folios mapped by the VMA had unCoW'd mappings potentially
+ * present in child processes forked from this one, then the underlying mapped
+ * folios may be non-exclusively mapped.
+ */
+bool vma_had_uncowed_children(struct vm_area_struct *vma);
+
#ifdef CONFIG_64BIT
static inline bool vma_is_sealed(struct vm_area_struct *vma)
diff --git a/tools/testing/vma/vma.c b/tools/testing/vma/vma.c
index 7cfd6e31db10..3d19df8fa17b 100644
--- a/tools/testing/vma/vma.c
+++ b/tools/testing/vma/vma.c
@@ -1543,13 +1543,14 @@ static bool test_copy_vma(void)
unsigned long flags = VM_READ | VM_WRITE | VM_MAYREAD | VM_MAYWRITE;
struct mm_struct mm = {};
bool need_locks = false;
+ bool relocate_anon = false;
VMA_ITERATOR(vmi, &mm, 0);
struct vm_area_struct *vma, *vma_new, *vma_next;
/* Move backwards and do not merge. */
vma = alloc_and_link_vma(&mm, 0x3000, 0x5000, 3, flags);
- vma_new = copy_vma(&vma, 0, 0x2000, 0, &need_locks);
+ vma_new = copy_vma(&vma, 0, 0x2000, 0, &need_locks, &relocate_anon);
ASSERT_NE(vma_new, vma);
ASSERT_EQ(vma_new->vm_start, 0);
ASSERT_EQ(vma_new->vm_end, 0x2000);
@@ -1562,7 +1563,7 @@ static bool test_copy_vma(void)
vma = alloc_and_link_vma(&mm, 0, 0x2000, 0, flags);
vma_next = alloc_and_link_vma(&mm, 0x6000, 0x8000, 6, flags);
- vma_new = copy_vma(&vma, 0x4000, 0x2000, 4, &need_locks);
+ vma_new = copy_vma(&vma, 0x4000, 0x2000, 4, &need_locks, &relocate_anon);
vma_assert_attached(vma_new);
ASSERT_EQ(vma_new, vma_next);
diff --git a/tools/testing/vma/vma_internal.h b/tools/testing/vma/vma_internal.h
index 572ab2cea763..3364cd9cabde 100644
--- a/tools/testing/vma/vma_internal.h
+++ b/tools/testing/vma/vma_internal.h
@@ -26,6 +26,7 @@
#include <linux/mm.h>
#include <linux/rbtree.h>
#include <linux/refcount.h>
+#include <linux/rwsem.h>
extern unsigned long stack_guard_gap;
#ifdef CONFIG_MMU
@@ -172,6 +173,8 @@ struct anon_vma {
struct anon_vma *root;
struct rb_root_cached rb_root;
+ unsigned long num_children;
+
/* Test fields. */
bool was_cloned;
bool was_unlinked;
@@ -227,6 +230,8 @@ struct mm_struct {
unsigned long def_flags;
unsigned long flags; /* Must use atomic bitops to access */
+
+ struct rw_semaphore mmap_lock;
};
struct file {
@@ -1240,4 +1245,32 @@ static inline int mapping_map_writable(struct address_space *mapping)
return 0;
}
+static int do_munmap(struct mm_struct *mm, unsigned long start, size_t len,
+ struct list_head *uf)
+{
+ (void)mm;
+ (void)start;
+ (void)len;
+ (void)uf;
+
+ return 0;
+}
+
+static inline int rwsem_is_locked(struct rw_semaphore *sem)
+{
+ (void)sem;
+
+ return 0;
+}
+
+static inline void anon_vma_lock_read(struct anon_vma *anon_vma)
+{
+ (void)anon_vma;
+}
+
+static inline void anon_vma_unlock_read(struct anon_vma *anon_vma)
+{
+ (void)anon_vma;
+}
+
#endif /* __MM_VMA_INTERNAL_H */
--
2.49.0
^ permalink raw reply related [flat|nested] 22+ messages in thread
* [RFC PATCH v2 02/10] mm/mremap: add MREMAP_MUST_RELOCATE_ANON
2025-04-22 8:09 [RFC PATCH v2 00/10] mm/mremap: introduce more mergeable mremap via MREMAP_RELOCATE_ANON Lorenzo Stoakes
2025-04-22 8:09 ` [RFC PATCH v2 01/10] " Lorenzo Stoakes
@ 2025-04-22 8:09 ` Lorenzo Stoakes
2025-04-22 8:09 ` [RFC PATCH v2 03/10] mm/mremap: add MREMAP[_MUST]_RELOCATE_ANON support for large folios Lorenzo Stoakes
` (7 subsequent siblings)
9 siblings, 0 replies; 22+ messages in thread
From: Lorenzo Stoakes @ 2025-04-22 8:09 UTC (permalink / raw)
To: Andrew Morton
Cc: Vlastimil Babka, Jann Horn, Liam R . Howlett, Suren Baghdasaryan,
Matthew Wilcox, David Hildenbrand, Pedro Falcato, linux-mm,
linux-kernel
This flag is the same as MREMAP_RELOCATE_ANON, however it returns an
-EFAULT error should folios not be able to be relocated.
The operation is undone when this occurs so the user can choose to proceed
without setting this flag at this stage.
This is useful for cases where a use case absolutely requires mergeability,
or moreover a user needs to know whether it succeeded or not for internal
bookkeeping purposes.
If the move would be a no-op (could be merged, or folios in range are
unmapped), then the operation proceeds normally.
It is only in instances where we would have fallen back to the usual
mremap() logic if we were using MREMAP_RELOCATE_ANON that we return -EFAULT
for MREMAP_MUST_RELOCATE_ANON.
Signed-off-by: Lorenzo Stoakes <lorenzo.stoakes@oracle.com>
---
include/uapi/linux/mman.h | 9 +++++----
mm/mremap.c | 35 ++++++++++++++++++++++++++---------
2 files changed, 31 insertions(+), 13 deletions(-)
diff --git a/include/uapi/linux/mman.h b/include/uapi/linux/mman.h
index d0542f872e0c..a61dbe1e8b2b 100644
--- a/include/uapi/linux/mman.h
+++ b/include/uapi/linux/mman.h
@@ -6,10 +6,11 @@
#include <asm-generic/hugetlb_encode.h>
#include <linux/types.h>
-#define MREMAP_MAYMOVE 1
-#define MREMAP_FIXED 2
-#define MREMAP_DONTUNMAP 4
-#define MREMAP_RELOCATE_ANON 8
+#define MREMAP_MAYMOVE 1
+#define MREMAP_FIXED 2
+#define MREMAP_DONTUNMAP 4
+#define MREMAP_RELOCATE_ANON 8
+#define MREMAP_MUST_RELOCATE_ANON 16
#define OVERCOMMIT_GUESS 0
#define OVERCOMMIT_ALWAYS 1
diff --git a/mm/mremap.c b/mm/mremap.c
index 1d915445026f..883ff9499e8c 100644
--- a/mm/mremap.c
+++ b/mm/mremap.c
@@ -1383,14 +1383,18 @@ static void unmap_source_vma(struct vma_remap_struct *vrm)
* is being moved to by updating index and mapping fields accordingly?
*/
static bool should_relocate_anon(struct vma_remap_struct *vrm,
- struct pagetable_move_control *pmc)
+ struct pagetable_move_control *pmc, int *errp)
{
struct vm_area_struct *old = vrm->vma;
/* Currently we only do this if requested. */
- if (!(vrm->flags & MREMAP_RELOCATE_ANON))
+ if (!(vrm->flags & (MREMAP_RELOCATE_ANON | MREMAP_MUST_RELOCATE_ANON)))
return false;
+ /* Failures are fatal in the 'must' case. */
+ if (vrm->flags & MREMAP_MUST_RELOCATE_ANON)
+ *errp = -EFAULT;
+
/* We can't deal with special or hugetlb mappings. */
if (old->vm_flags & (VM_SPECIAL | VM_HUGETLB))
return false;
@@ -1399,10 +1403,6 @@ static bool should_relocate_anon(struct vma_remap_struct *vrm,
if (!vma_is_anonymous(old))
return false;
- /* If no folios are mapped, then no need to attempt this. */
- if (!old->anon_vma)
- return false;
-
/*
* If the VMA is referenced by a parent process (i.e. is the child of a
* fork) or exists in a process which has been forked, then the folio
@@ -1414,6 +1414,13 @@ static bool should_relocate_anon(struct vma_remap_struct *vrm,
if (vma_had_uncowed_parents(old) || vma_had_uncowed_children(old))
return false;
+ /* Below issues are non-fatal in 'must' case. */
+ *errp = 0;
+
+ /* If no folios are mapped, then no need to attempt this. */
+ if (!old->anon_vma)
+ return false;
+
/* Otherwise, we're good to go! */
return true;
}
@@ -1465,7 +1472,10 @@ static int copy_vma_and_data(struct vma_remap_struct *vrm,
struct vm_area_struct *new_vma;
int err = 0;
PAGETABLE_MOVE(pmc, NULL, NULL, vrm->addr, vrm->new_addr, vrm->old_len);
- bool relocate_anon = should_relocate_anon(vrm, &pmc);
+ bool relocate_anon = should_relocate_anon(vrm, &pmc, &err);
+
+ if (err)
+ return err;
again:
new_vma = copy_vma(&vma, vrm->new_addr, vrm->new_len, new_pgoff,
@@ -1496,6 +1506,12 @@ static int copy_vma_and_data(struct vma_remap_struct *vrm,
do_munmap(current->mm, start, size, NULL);
relocate_anon = false;
+ if (vrm->flags & MREMAP_MUST_RELOCATE_ANON) {
+ vrm_uncharge(vrm);
+ *new_vma_ptr = NULL;
+ return -EFAULT;
+ }
+
goto again;
}
}
@@ -1850,7 +1866,7 @@ static unsigned long check_mremap_params(struct vma_remap_struct *vrm)
/* Ensure no unexpected flag values. */
if (flags & ~(MREMAP_FIXED | MREMAP_MAYMOVE | MREMAP_DONTUNMAP |
- MREMAP_RELOCATE_ANON))
+ MREMAP_RELOCATE_ANON | MREMAP_MUST_RELOCATE_ANON))
return -EINVAL;
/* Start address must be page-aligned. */
@@ -1866,7 +1882,8 @@ static unsigned long check_mremap_params(struct vma_remap_struct *vrm)
return -EINVAL;
/* We can't relocate without allowing a move. */
- if ((flags & MREMAP_RELOCATE_ANON) && !(flags & MREMAP_MAYMOVE))
+ if ((flags & (MREMAP_RELOCATE_ANON | MREMAP_MUST_RELOCATE_ANON)) &&
+ !(flags & MREMAP_MAYMOVE))
return -EINVAL;
/* Remainder of checks are for cases with specific new_addr. */
--
2.49.0
^ permalink raw reply related [flat|nested] 22+ messages in thread
* [RFC PATCH v2 03/10] mm/mremap: add MREMAP[_MUST]_RELOCATE_ANON support for large folios
2025-04-22 8:09 [RFC PATCH v2 00/10] mm/mremap: introduce more mergeable mremap via MREMAP_RELOCATE_ANON Lorenzo Stoakes
2025-04-22 8:09 ` [RFC PATCH v2 01/10] " Lorenzo Stoakes
2025-04-22 8:09 ` [RFC PATCH v2 02/10] mm/mremap: add MREMAP_MUST_RELOCATE_ANON Lorenzo Stoakes
@ 2025-04-22 8:09 ` Lorenzo Stoakes
2025-04-22 8:09 ` [RFC PATCH v2 04/10] tools UAPI: Update copy of linux/mman.h from the kernel sources Lorenzo Stoakes
` (6 subsequent siblings)
9 siblings, 0 replies; 22+ messages in thread
From: Lorenzo Stoakes @ 2025-04-22 8:09 UTC (permalink / raw)
To: Andrew Morton
Cc: Vlastimil Babka, Jann Horn, Liam R . Howlett, Suren Baghdasaryan,
Matthew Wilcox, David Hildenbrand, Pedro Falcato, linux-mm,
linux-kernel
Larger folios are a challenge, as they might be mapped across multiple
VMAs, and can be mapped at a higher page table level (PUD, PMD) or also at
PTE level.
Handle them correctly by checking whether they are fully spanned by the VMA
we are examining. If so, then we can simply relocate the folio as we would
any other.
If not, then we must split the folio. If there is a higher level page table
level mapping the large folio directly then we must also split this.
This will be the minority of cases, and if the operation is performed on a
large, mapping will only be those folios at the start and end of the
mapping which the mapping is not aligned to.
The net result is that we are able to handle large folios mapped in any
form which might be encountered correctly.
Signed-off-by: Lorenzo Stoakes <lorenzo.stoakes@oracle.com>
---
mm/mremap.c | 327 +++++++++++++++++++++++++++++++++++++++++++++++-----
1 file changed, 297 insertions(+), 30 deletions(-)
diff --git a/mm/mremap.c b/mm/mremap.c
index 883ff9499e8c..48a2fa7e91b0 100644
--- a/mm/mremap.c
+++ b/mm/mremap.c
@@ -77,6 +77,7 @@ struct pte_state {
unsigned long new_addr;
unsigned long old_end;
pte_t *ptep;
+ pmd_t *pmdp;
spinlock_t *ptl;
};
@@ -532,40 +533,67 @@ enum pgt_entry {
HPAGE_PUD,
};
-/*
- * Returns an extent of the corresponding size for the pgt_entry specified if
- * valid. Else returns a smaller extent bounded by the end of the source and
- * destination pgt_entry.
- */
-static __always_inline unsigned long get_extent(enum pgt_entry entry,
- struct pagetable_move_control *pmc)
+static void __get_mask_size(enum pgt_entry entry,
+ unsigned long *mask, unsigned long *size)
{
- unsigned long next, extent, mask, size;
- unsigned long old_addr = pmc->old_addr;
- unsigned long old_end = pmc->old_end;
- unsigned long new_addr = pmc->new_addr;
-
switch (entry) {
case HPAGE_PMD:
case NORMAL_PMD:
- mask = PMD_MASK;
- size = PMD_SIZE;
+ *mask = PMD_MASK;
+ *size = PMD_SIZE;
break;
case HPAGE_PUD:
case NORMAL_PUD:
- mask = PUD_MASK;
- size = PUD_SIZE;
+ *mask = PUD_MASK;
+ *size = PUD_SIZE;
break;
default:
BUILD_BUG();
break;
}
+}
+
+/* Same as get extent, only ignores new address. */
+static unsigned long __get_old_extent(struct pagetable_move_control *pmc,
+ unsigned long mask, unsigned long size)
+{
+ unsigned long next, extent;
+ unsigned long old_addr = pmc->old_addr;
+ unsigned long old_end = pmc->old_end;
next = (old_addr + size) & mask;
/* even if next overflowed, extent below will be ok */
extent = next - old_addr;
if (extent > old_end - old_addr)
extent = old_end - old_addr;
+
+ return extent;
+}
+
+static unsigned long get_old_extent(enum pgt_entry entry,
+ struct pagetable_move_control *pmc)
+{
+ unsigned long mask, size;
+
+ __get_mask_size(entry, &mask, &size);
+ return __get_old_extent(pmc, mask, size);
+}
+
+/*
+ * Returns an extent of the corresponding size for the pgt_entry specified if
+ * valid. Else returns a smaller extent bounded by the end of the source and
+ * destination pgt_entry.
+ */
+static __always_inline unsigned long get_extent(enum pgt_entry entry,
+ struct pagetable_move_control *pmc)
+{
+ unsigned long next, extent, mask, size;
+ unsigned long new_addr = pmc->new_addr;
+
+ __get_mask_size(entry, &mask, &size);
+
+ extent = __get_old_extent(pmc, mask, size);
+
next = (new_addr + size) & mask;
if (extent > next - new_addr)
extent = next - new_addr;
@@ -795,6 +823,165 @@ static unsigned long pmc_progress(struct pagetable_move_control *pmc)
return old_addr < orig_old_addr ? 0 : old_addr - orig_old_addr;
}
+/* Assumes folio lock is held. */
+static bool __relocate_large_folio(struct pagetable_move_control *pmc,
+ unsigned long old_addr, unsigned long new_addr,
+ struct folio *folio, bool undo)
+{
+ pgoff_t new_index;
+ struct vm_area_struct *old = pmc->old;
+ struct vm_area_struct *new = pmc->new;
+
+ VM_WARN_ON_ONCE(!folio_test_locked(folio));
+
+ /* Impermissible. */
+ if (!folio_test_large(folio) || folio_test_ksm(folio) ||
+ folio_test_large_maybe_mapped_shared(folio))
+ return false;
+
+ /* no-op. */
+ if (!folio_test_anon(folio))
+ return true;
+
+ if (!undo)
+ new_index = linear_page_index(new, new_addr);
+ else
+ new_index = linear_page_index(old, old_addr);
+
+ /* See comment in relocate_anon_pte(). */
+ folio_move_anon_rmap(folio, undo ? old : new);
+ WRITE_ONCE(folio->index, new_index);
+ return true;
+}
+
+static bool relocate_large_folio(struct pagetable_move_control *pmc,
+ unsigned long old_addr, unsigned long new_addr,
+ struct folio *folio, bool undo)
+{
+ bool ret;
+
+ folio_lock(folio);
+
+ /* See relocate_anon_pte() for description. */
+ if (WARN_ON_ONCE(folio_maybe_mapped_shared(folio))) {
+ ret = false;
+ goto out;
+ }
+ if (folio_maybe_dma_pinned(folio)) {
+ ret = false;
+ goto out;
+ }
+
+ ret = __relocate_large_folio(pmc, old_addr, new_addr, folio, undo);
+
+out:
+ folio_unlock(folio);
+ return ret;
+}
+
+static bool relocate_anon_pud(struct pagetable_move_control *pmc,
+ pud_t *pudp, bool undo)
+{
+ spinlock_t *ptl;
+ pud_t pud;
+ struct folio *folio;
+ struct page *page;
+ bool ret;
+ unsigned long old_addr = pmc->old_addr;
+ unsigned long new_addr = pmc->new_addr;
+
+ VM_WARN_ON(old_addr & ~HPAGE_PUD_MASK);
+ VM_WARN_ON(new_addr & ~HPAGE_PUD_MASK);
+
+ ptl = pud_trans_huge_lock(pudp, pmc->old);
+ if (!ptl)
+ return false;
+
+ pud = pudp_get(pudp);
+ if (!pud_present(pud)) {
+ ret = true;
+ goto out;
+ }
+ if (!pud_leaf(pud)) {
+ ret = false;
+ goto out;
+ }
+
+ page = pud_page(pud);
+ if (!page) {
+ ret = true;
+ goto out;
+ }
+
+ folio = page_folio(page);
+ ret = relocate_large_folio(pmc, old_addr, new_addr, folio, undo);
+
+out:
+ spin_unlock(ptl);
+ return ret;
+}
+
+static bool relocate_anon_pmd(struct pagetable_move_control *pmc,
+ pmd_t *pmdp, bool undo)
+{
+ spinlock_t *ptl;
+ pmd_t pmd;
+ struct folio *folio;
+ bool ret;
+ unsigned long old_addr = pmc->old_addr;
+ unsigned long new_addr = pmc->new_addr;
+
+ VM_WARN_ON(old_addr & ~HPAGE_PMD_MASK);
+ VM_WARN_ON(new_addr & ~HPAGE_PMD_MASK);
+
+ ptl = pmd_trans_huge_lock(pmdp, pmc->old);
+ if (!ptl)
+ return false;
+
+ pmd = pmdp_get(pmdp);
+ if (!pmd_present(pmd)) {
+ ret = true;
+ goto out;
+ }
+ if (is_huge_zero_pmd(pmd)) {
+ ret = true;
+ goto out;
+ }
+ if (!pmd_leaf(pmd)) {
+ ret = false;
+ goto out;
+ }
+
+ folio = pmd_folio(pmd);
+ if (!folio) {
+ ret = true;
+ goto out;
+ }
+
+ ret = relocate_large_folio(pmc, old_addr, new_addr, folio, undo);
+out:
+ spin_unlock(ptl);
+ return ret;
+}
+
+/*
+ * Is the THP discovered at old_addr fully spanned at both the old and new VMAs?
+ */
+static bool is_thp_fully_spanned(struct pagetable_move_control *pmc,
+ unsigned long old_addr,
+ size_t thp_size)
+{
+ unsigned long old_end = pmc->old_end;
+ unsigned long orig_old_addr = old_end - pmc->len_in;
+ unsigned long aligned_start = old_addr & ~(thp_size - 1);
+ unsigned long aligned_end = aligned_start + thp_size;
+
+ if (aligned_start < orig_old_addr || aligned_end > old_end)
+ return false;
+
+ return true;
+}
+
/*
* If the folio mapped at the specified pte entry can have its index and mapping
* relocated, then do so.
@@ -811,10 +998,12 @@ static unsigned long relocate_anon_pte(struct pagetable_move_control *pmc,
unsigned long ret = 1;
unsigned long old_addr = state->old_addr;
unsigned long new_addr = state->new_addr;
+ struct mm_struct *mm = current->mm;
old = pmc->old;
new = pmc->new;
+retry:
pte = ptep_get(state->ptep);
/* Ensure we have truly got an anon folio. */
@@ -851,13 +1040,55 @@ static unsigned long relocate_anon_pte(struct pagetable_move_control *pmc,
if (folio_maybe_dma_pinned(folio))
goto out;
- /*
- * This should not happen as we explicitly disallow this, but check
- * anyway.
- */
+ /* If a split huge PMD, try to relocate all at once. */
if (folio_test_large(folio)) {
- ret = 0;
- goto out;
+ size_t size = folio_size(folio);
+
+ if (is_thp_fully_spanned(pmc, old_addr, size) &&
+ __relocate_large_folio(pmc, old_addr, new_addr, folio, undo)) {
+ VM_WARN_ON_ONCE(old_addr & (size - 1));
+ ret = folio_nr_pages(folio);
+ goto out;
+ } else {
+ int err;
+ struct anon_vma *anon_vma = folio_anon_vma(folio);
+
+ /*
+ * If the folio has the anon_vma whose lock we hold, we
+ * have a problem, as split_folio() will attempt to lock
+ * the already-locked anon_vma causing a deadlock. In
+ * this case, bail out.
+ */
+ if (anon_vma->root == pmc->relocate_locked->anon_vma->root) {
+ ret = 0;
+ goto out;
+ }
+
+ /* split_folio() expects elevated refcount. */
+ folio_get(folio);
+
+ /*
+ * We must relinquish/reacquire the PTE lock over this
+ * operation. We hold the folio lock and an increased
+ * reference count, so there's no danger of the folio
+ * disappearing beneath us.
+ */
+ pte_unmap_unlock(state->ptep, state->ptl);
+ err = split_folio(folio);
+ state->ptep = pte_offset_map_lock(mm, state->pmdp,
+ old_addr, &state->ptl);
+ folio_unlock(folio);
+ folio_put(folio);
+
+ if (err || !state->ptep)
+ return 0;
+
+ /*
+ * If we split, we need to look up the folio again, so
+ * simply retry the operation.
+ */
+ goto retry;
+ }
}
if (!undo)
@@ -904,6 +1135,7 @@ static bool relocate_anon_ptes(struct pagetable_move_control *pmc,
.old_addr = pmc->old_addr,
.new_addr = pmc->new_addr,
.old_end = pmc->old_addr + extent,
+ .pmdp = pmdp,
};
pte_t *ptep_start;
bool ret;
@@ -953,29 +1185,64 @@ static bool __relocate_anon_folios(struct pagetable_move_control *pmc, bool undo
pmd_t pmd;
pud_t pud;
- extent = get_extent(NORMAL_PUD, pmc);
+ extent = get_old_extent(NORMAL_PUD, pmc);
pudp = get_old_pud(mm, pmc->old_addr);
if (!pudp)
continue;
pud = pudp_get(pudp);
+ if (pud_trans_huge(pud)) {
+ unsigned long old_addr = pmc->old_addr;
+
+ if (extent != HPAGE_PUD_SIZE)
+ return false;
- if (pud_trans_huge(pud) || pud_devmap(pud))
+ VM_WARN_ON_ONCE(old_addr & ~HPAGE_PUD_MASK);
+
+ /* We may relocate iff the new address is aligned. */
+ if (!(pmc->new_addr & ~HPAGE_PUD_MASK) &&
+ is_thp_fully_spanned(pmc, old_addr, HPAGE_PUD_SIZE)) {
+ if (!relocate_anon_pud(pmc, pudp, undo))
+ return false;
+ continue;
+ }
+
+ /* Otherwise, we split so we can do this with PMDs/PTEs. */
+ split_huge_pud(pmc->old, pudp, old_addr);
+ } else if (pud_devmap(pud)) {
return false;
+ }
- extent = get_extent(NORMAL_PMD, pmc);
+ extent = get_old_extent(NORMAL_PMD, pmc);
pmdp = get_old_pmd(mm, pmc->old_addr);
if (!pmdp)
continue;
pmd = pmdp_get(pmdp);
-
- if (is_swap_pmd(pmd) || pmd_trans_huge(pmd) ||
- pmd_devmap(pmd))
- return false;
-
if (pmd_none(pmd))
continue;
+ if (pmd_trans_huge(pmd)) {
+ unsigned long old_addr = pmc->old_addr;
+
+ if (extent != HPAGE_PMD_SIZE)
+ return false;
+
+ VM_WARN_ON_ONCE(old_addr & ~HPAGE_PMD_MASK);
+
+ /* We may relocate iff the new address is aligned. */
+ if (!(pmc->new_addr & ~HPAGE_PMD_MASK) &&
+ is_thp_fully_spanned(pmc, old_addr, HPAGE_PMD_SIZE)) {
+ if (!relocate_anon_pmd(pmc, pmdp, undo))
+ return false;
+ continue;
+ }
+
+ /* Otherwise, we split so we can do this with PTEs. */
+ split_huge_pmd(pmc->old, pmdp, old_addr);
+ } else if (is_swap_pmd(pmd) || pmd_devmap(pmd)) {
+ return false;
+ }
+
if (!relocate_anon_ptes(pmc, extent, pmdp, undo))
return false;
}
--
2.49.0
^ permalink raw reply related [flat|nested] 22+ messages in thread
* [RFC PATCH v2 04/10] tools UAPI: Update copy of linux/mman.h from the kernel sources
2025-04-22 8:09 [RFC PATCH v2 00/10] mm/mremap: introduce more mergeable mremap via MREMAP_RELOCATE_ANON Lorenzo Stoakes
` (2 preceding siblings ...)
2025-04-22 8:09 ` [RFC PATCH v2 03/10] mm/mremap: add MREMAP[_MUST]_RELOCATE_ANON support for large folios Lorenzo Stoakes
@ 2025-04-22 8:09 ` Lorenzo Stoakes
2025-04-22 8:09 ` [RFC PATCH v2 05/10] tools/testing/selftests: add sys_mremap() helper to vm_util.h Lorenzo Stoakes
` (5 subsequent siblings)
9 siblings, 0 replies; 22+ messages in thread
From: Lorenzo Stoakes @ 2025-04-22 8:09 UTC (permalink / raw)
To: Andrew Morton
Cc: Vlastimil Babka, Jann Horn, Liam R . Howlett, Suren Baghdasaryan,
Matthew Wilcox, David Hildenbrand, Pedro Falcato, linux-mm,
linux-kernel
Import newly introduced MREMAP_RELOCATE_ANON_* defines.
Signed-off-by: Lorenzo Stoakes <lorenzo.stoakes@oracle.com>
---
tools/include/uapi/linux/mman.h | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/tools/include/uapi/linux/mman.h b/tools/include/uapi/linux/mman.h
index e89d00528f2f..a61dbe1e8b2b 100644
--- a/tools/include/uapi/linux/mman.h
+++ b/tools/include/uapi/linux/mman.h
@@ -6,9 +6,11 @@
#include <asm-generic/hugetlb_encode.h>
#include <linux/types.h>
-#define MREMAP_MAYMOVE 1
-#define MREMAP_FIXED 2
-#define MREMAP_DONTUNMAP 4
+#define MREMAP_MAYMOVE 1
+#define MREMAP_FIXED 2
+#define MREMAP_DONTUNMAP 4
+#define MREMAP_RELOCATE_ANON 8
+#define MREMAP_MUST_RELOCATE_ANON 16
#define OVERCOMMIT_GUESS 0
#define OVERCOMMIT_ALWAYS 1
--
2.49.0
^ permalink raw reply related [flat|nested] 22+ messages in thread
* [RFC PATCH v2 05/10] tools/testing/selftests: add sys_mremap() helper to vm_util.h
2025-04-22 8:09 [RFC PATCH v2 00/10] mm/mremap: introduce more mergeable mremap via MREMAP_RELOCATE_ANON Lorenzo Stoakes
` (3 preceding siblings ...)
2025-04-22 8:09 ` [RFC PATCH v2 04/10] tools UAPI: Update copy of linux/mman.h from the kernel sources Lorenzo Stoakes
@ 2025-04-22 8:09 ` Lorenzo Stoakes
2025-04-22 8:09 ` [RFC PATCH v2 06/10] tools/testing/selftests: add mremap() cases that merge normally Lorenzo Stoakes
` (4 subsequent siblings)
9 siblings, 0 replies; 22+ messages in thread
From: Lorenzo Stoakes @ 2025-04-22 8:09 UTC (permalink / raw)
To: Andrew Morton
Cc: Vlastimil Babka, Jann Horn, Liam R . Howlett, Suren Baghdasaryan,
Matthew Wilcox, David Hildenbrand, Pedro Falcato, linux-mm,
linux-kernel
Add a helper to invoke the mremap() system call directly using
syscall(). This is useful as otherwise glibc and friends will filter out
newer flags like MREMAP_RELOCATE_ANON and MREMAP_MUST_RELOCATE_ANON thus
making it impossible to test this functionality.
Signed-off-by: Lorenzo Stoakes <lorenzo.stoakes@oracle.com>
---
tools/testing/selftests/mm/vm_util.c | 8 ++++++++
tools/testing/selftests/mm/vm_util.h | 3 +++
2 files changed, 11 insertions(+)
diff --git a/tools/testing/selftests/mm/vm_util.c b/tools/testing/selftests/mm/vm_util.c
index 1357e2d6a7b6..a2f07b10c0e7 100644
--- a/tools/testing/selftests/mm/vm_util.c
+++ b/tools/testing/selftests/mm/vm_util.c
@@ -486,3 +486,11 @@ int close_procmap(struct procmap_fd *procmap)
{
return close(procmap->fd);
}
+
+void *sys_mremap(void *old_address, unsigned long old_size,
+ unsigned long new_size, int flags, void *new_address)
+{
+ return (void *)syscall(__NR_mremap, (unsigned long)old_address,
+ old_size, new_size, flags,
+ (unsigned long)new_address);
+}
diff --git a/tools/testing/selftests/mm/vm_util.h b/tools/testing/selftests/mm/vm_util.h
index 9211ba640d9c..434a96b33738 100644
--- a/tools/testing/selftests/mm/vm_util.h
+++ b/tools/testing/selftests/mm/vm_util.h
@@ -95,6 +95,9 @@ static inline int open_self_procmap(struct procmap_fd *procmap_out)
return open_procmap(pid, procmap_out);
}
+void *sys_mremap(void *old_address, unsigned long old_size,
+ unsigned long new_size, int flags, void *new_address);
+
/*
* On ppc64 this will only work with radix 2M hugepage size
*/
--
2.49.0
^ permalink raw reply related [flat|nested] 22+ messages in thread
* [RFC PATCH v2 06/10] tools/testing/selftests: add mremap() cases that merge normally
2025-04-22 8:09 [RFC PATCH v2 00/10] mm/mremap: introduce more mergeable mremap via MREMAP_RELOCATE_ANON Lorenzo Stoakes
` (4 preceding siblings ...)
2025-04-22 8:09 ` [RFC PATCH v2 05/10] tools/testing/selftests: add sys_mremap() helper to vm_util.h Lorenzo Stoakes
@ 2025-04-22 8:09 ` Lorenzo Stoakes
2025-04-22 8:09 ` [RFC PATCH v2 07/10] tools/testing/selftests: add MREMAP_RELOCATE_ANON merge test cases Lorenzo Stoakes
` (3 subsequent siblings)
9 siblings, 0 replies; 22+ messages in thread
From: Lorenzo Stoakes @ 2025-04-22 8:09 UTC (permalink / raw)
To: Andrew Morton
Cc: Vlastimil Babka, Jann Horn, Liam R . Howlett, Suren Baghdasaryan,
Matthew Wilcox, David Hildenbrand, Pedro Falcato, linux-mm,
linux-kernel
Use a direct system call version of mremap() as, when we move to using
MREMAP_[MUST_]RELOCATE_ANON, the glibc wrapper will disallow this.
Also import linux/mman.h (which will amount to the local tools cache of
mman.h) to enusre these header values are available when later added.
Then, add tests asserting all the mremap() merge cases that function
correctly without MREMAP_[MUST_]RELOCATE_ANON.
This constitutes moving around unfaulted VMAs and moving around faulted
VMAs back into position immediately adjacent to VMAs also faulted in with
that moved VMA.
By doing so we provide a baseline set of expectations on mremap()
operations and VMA merge which we can expand upon for
MREMAP_[MUST_]RELOCATE_ANON cases in a subsequent commit.
Signed-off-by: Lorenzo Stoakes <lorenzo.stoakes@oracle.com>
---
tools/testing/selftests/mm/merge.c | 599 ++++++++++++++++++++++++++++-
1 file changed, 597 insertions(+), 2 deletions(-)
diff --git a/tools/testing/selftests/mm/merge.c b/tools/testing/selftests/mm/merge.c
index c76646cdf6e6..746eacd0fe70 100644
--- a/tools/testing/selftests/mm/merge.c
+++ b/tools/testing/selftests/mm/merge.c
@@ -8,6 +8,7 @@
#include <sys/mman.h>
#include <sys/wait.h>
#include "vm_util.h"
+#include <linux/mman.h>
FIXTURE(merge)
{
@@ -20,7 +21,7 @@ FIXTURE_SETUP(merge)
{
self->page_size = psize();
/* Carve out PROT_NONE region to map over. */
- self->carveout = mmap(NULL, 12 * self->page_size, PROT_NONE,
+ self->carveout = mmap(NULL, 30 * self->page_size, PROT_NONE,
MAP_ANON | MAP_PRIVATE, -1, 0);
ASSERT_NE(self->carveout, MAP_FAILED);
/* Setup PROCMAP_QUERY interface. */
@@ -29,7 +30,7 @@ FIXTURE_SETUP(merge)
FIXTURE_TEARDOWN(merge)
{
- ASSERT_EQ(munmap(self->carveout, 12 * self->page_size), 0);
+ ASSERT_EQ(munmap(self->carveout, 30 * self->page_size), 0);
ASSERT_EQ(close_procmap(&self->procmap), 0);
}
@@ -452,4 +453,598 @@ TEST_F(merge, forked_source_vma)
ASSERT_EQ(procmap->query.vma_end, (unsigned long)ptr2 + 5 * page_size);
}
+TEST_F(merge, mremap_unfaulted_to_faulted)
+{
+ unsigned int page_size = self->page_size;
+ char *carveout = self->carveout;
+ struct procmap_fd *procmap = &self->procmap;
+ char *ptr, *ptr2;
+
+ /*
+ * Map two distinct areas:
+ *
+ * |-----------| |-----------|
+ * | unfaulted | | unfaulted |
+ * |-----------| |-----------|
+ * ptr ptr2
+ */
+ ptr = mmap(&carveout[page_size], 5 * page_size, PROT_READ | PROT_WRITE,
+ MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, 0);
+ ASSERT_NE(ptr, MAP_FAILED);
+ ptr2 = mmap(&carveout[7 * page_size], 5 * page_size, PROT_READ | PROT_WRITE,
+ MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, 0);
+ ASSERT_NE(ptr2, MAP_FAILED);
+
+ /* Offset ptr2 further away. */
+ ptr2 = sys_mremap(ptr2, 5 * page_size, 5 * page_size,
+ MREMAP_MAYMOVE | MREMAP_FIXED, ptr2 + page_size * 1000);
+ ASSERT_NE(ptr2, MAP_FAILED);
+
+ /*
+ * Fault in ptr:
+ * \
+ * |-----------| / |-----------|
+ * | faulted | \ | unfaulted |
+ * |-----------| / |-----------|
+ * ptr \ ptr2
+ */
+ ptr[0] = 'x';
+
+ /*
+ * Now move ptr2 adjacent to ptr:
+ *
+ * |-----------|-----------|
+ * | faulted | unfaulted |
+ * |-----------|-----------|
+ * ptr ptr2
+ *
+ * It should merge:
+ *
+ * |----------------------|
+ * | faulted |
+ * |----------------------|
+ * ptr
+ */
+ ptr2 = sys_mremap(ptr2, 5 * page_size, 5 * page_size,
+ MREMAP_MAYMOVE | MREMAP_FIXED, &ptr[5 * page_size]);
+ ASSERT_NE(ptr2, MAP_FAILED);
+
+ ASSERT_TRUE(find_vma_procmap(procmap, ptr));
+ ASSERT_EQ(procmap->query.vma_start, (unsigned long)ptr);
+ ASSERT_EQ(procmap->query.vma_end, (unsigned long)ptr + 10 * page_size);
+}
+
+TEST_F(merge, mremap_unfaulted_behind_faulted)
+{
+ unsigned int page_size = self->page_size;
+ char *carveout = self->carveout;
+ struct procmap_fd *procmap = &self->procmap;
+ char *ptr, *ptr2;
+
+ /*
+ * Map two distinct areas:
+ *
+ * |-----------| |-----------|
+ * | unfaulted | | unfaulted |
+ * |-----------| |-----------|
+ * ptr ptr2
+ */
+ ptr = mmap(&carveout[6 * page_size], 5 * page_size, PROT_READ | PROT_WRITE,
+ MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, 0);
+ ASSERT_NE(ptr, MAP_FAILED);
+ ptr2 = mmap(&carveout[14 * page_size], 5 * page_size, PROT_READ | PROT_WRITE,
+ MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, 0);
+ ASSERT_NE(ptr2, MAP_FAILED);
+
+ /* Offset ptr2 further away. */
+ ptr2 = sys_mremap(ptr2, 5 * page_size, 5 * page_size,
+ MREMAP_MAYMOVE | MREMAP_FIXED, ptr2 + page_size * 1000);
+ ASSERT_NE(ptr2, MAP_FAILED);
+
+ /*
+ * Fault in ptr:
+ * \
+ * |-----------| / |-----------|
+ * | faulted | \ | unfaulted |
+ * |-----------| / |-----------|
+ * ptr \ ptr2
+ */
+ ptr[0] = 'x';
+
+ /*
+ * Now move ptr2 adjacent, but behind, ptr:
+ *
+ * |-----------|-----------|
+ * | unfaulted | faulted |
+ * |-----------|-----------|
+ * ptr2 ptr
+ *
+ * It should merge:
+ *
+ * |----------------------|
+ * | faulted |
+ * |----------------------|
+ * ptr2
+ */
+ ptr2 = sys_mremap(ptr2, 5 * page_size, 5 * page_size,
+ MREMAP_MAYMOVE | MREMAP_FIXED, &carveout[page_size]);
+ ASSERT_NE(ptr2, MAP_FAILED);
+
+ ASSERT_TRUE(find_vma_procmap(procmap, ptr2));
+ ASSERT_EQ(procmap->query.vma_start, (unsigned long)ptr2);
+ ASSERT_EQ(procmap->query.vma_end, (unsigned long)ptr2 + 10 * page_size);
+}
+
+TEST_F(merge, mremap_unfaulted_between_faulted)
+{
+ unsigned int page_size = self->page_size;
+ char *carveout = self->carveout;
+ struct procmap_fd *procmap = &self->procmap;
+ char *ptr, *ptr2, *ptr3;
+
+ /*
+ * Map three distinct areas:
+ *
+ * |-----------| |-----------| |-----------|
+ * | unfaulted | | unfaulted | | unfaulted |
+ * |-----------| |-----------| |-----------|
+ * ptr ptr2 ptr3
+ */
+ ptr = mmap(&carveout[page_size], 5 * page_size, PROT_READ | PROT_WRITE,
+ MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, 0);
+ ASSERT_NE(ptr, MAP_FAILED);
+ ptr2 = mmap(&carveout[7 * page_size], 5 * page_size, PROT_READ | PROT_WRITE,
+ MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, 0);
+ ASSERT_NE(ptr2, MAP_FAILED);
+ ptr3 = mmap(&carveout[14 * page_size], 5 * page_size, PROT_READ | PROT_WRITE,
+ MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, 0);
+ ASSERT_NE(ptr3, MAP_FAILED);
+
+ /* Offset ptr3 further away. */
+ ptr3 = sys_mremap(ptr3, 5 * page_size, 5 * page_size,
+ MREMAP_MAYMOVE | MREMAP_FIXED, ptr3 + page_size * 2000);
+ ASSERT_NE(ptr3, MAP_FAILED);
+
+ /* Offset ptr2 further away. */
+ ptr2 = sys_mremap(ptr2, 5 * page_size, 5 * page_size,
+ MREMAP_MAYMOVE | MREMAP_FIXED, ptr2 + page_size * 1000);
+ ASSERT_NE(ptr2, MAP_FAILED);
+
+ /*
+ * Fault in ptr, ptr3:
+ * \ \
+ * |-----------| / |-----------| / |-----------|
+ * | faulted | \ | unfaulted | \ | faulted |
+ * |-----------| / |-----------| / |-----------|
+ * ptr \ ptr2 \ ptr3
+ */
+ ptr[0] = 'x';
+ ptr3[0] = 'x';
+
+ /*
+ * Move ptr3 back into place, leaving a place for ptr2:
+ * \
+ * |-----------| |-----------| / |-----------|
+ * | faulted | | faulted | \ | unfaulted |
+ * |-----------| |-----------| / |-----------|
+ * ptr ptr3 \ ptr2
+ */
+ ptr3 = sys_mremap(ptr3, 5 * page_size, 5 * page_size,
+ MREMAP_MAYMOVE | MREMAP_FIXED, &ptr[10 * page_size]);
+ ASSERT_NE(ptr3, MAP_FAILED);
+
+ /*
+ * Finally, move ptr2 into place:
+ *
+ * |-----------|-----------|-----------|
+ * | faulted | unfaulted | faulted |
+ * |-----------|-----------|-----------|
+ * ptr ptr2 ptr3
+ *
+ * It should merge, but only ptr, ptr2:
+ *
+ * |-----------------------|-----------|
+ * | faulted | unfaulted |
+ * |-----------------------|-----------|
+ */
+ ptr2 = sys_mremap(ptr2, 5 * page_size, 5 * page_size,
+ MREMAP_MAYMOVE | MREMAP_FIXED, &ptr[5 * page_size]);
+ ASSERT_NE(ptr2, MAP_FAILED);
+
+ ASSERT_TRUE(find_vma_procmap(procmap, ptr));
+ ASSERT_EQ(procmap->query.vma_start, (unsigned long)ptr);
+ ASSERT_EQ(procmap->query.vma_end, (unsigned long)ptr + 10 * page_size);
+
+ ASSERT_TRUE(find_vma_procmap(procmap, ptr3));
+ ASSERT_EQ(procmap->query.vma_start, (unsigned long)ptr3);
+ ASSERT_EQ(procmap->query.vma_end, (unsigned long)ptr3 + 5 * page_size);
+}
+
+TEST_F(merge, mremap_unfaulted_between_faulted_unfaulted)
+{
+ unsigned int page_size = self->page_size;
+ char *carveout = self->carveout;
+ struct procmap_fd *procmap = &self->procmap;
+ char *ptr, *ptr2, *ptr3;
+
+ /*
+ * Map three distinct areas:
+ *
+ * |-----------| |-----------| |-----------|
+ * | unfaulted | | unfaulted | | unfaulted |
+ * |-----------| |-----------| |-----------|
+ * ptr ptr2 ptr3
+ */
+ ptr = mmap(&carveout[page_size], 5 * page_size, PROT_READ | PROT_WRITE,
+ MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, 0);
+ ASSERT_NE(ptr, MAP_FAILED);
+ ptr2 = mmap(&carveout[7 * page_size], 5 * page_size, PROT_READ | PROT_WRITE,
+ MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, 0);
+ ASSERT_NE(ptr2, MAP_FAILED);
+ ptr3 = mmap(&carveout[14 * page_size], 5 * page_size, PROT_READ | PROT_WRITE,
+ MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, 0);
+ ASSERT_NE(ptr3, MAP_FAILED);
+
+ /* Offset ptr3 further away. */
+ ptr3 = sys_mremap(ptr3, 5 * page_size, 5 * page_size,
+ MREMAP_MAYMOVE | MREMAP_FIXED, ptr3 + page_size * 2000);
+ ASSERT_NE(ptr3, MAP_FAILED);
+
+
+ /* Offset ptr2 further away. */
+ ptr2 = sys_mremap(ptr2, 5 * page_size, 5 * page_size,
+ MREMAP_MAYMOVE | MREMAP_FIXED, ptr2 + page_size * 1000);
+ ASSERT_NE(ptr2, MAP_FAILED);
+
+ /*
+ * Fault in ptr:
+ * \ \
+ * |-----------| / |-----------| / |-----------|
+ * | faulted | \ | unfaulted | \ | unfaulted |
+ * |-----------| / |-----------| / |-----------|
+ * ptr \ ptr2 \ ptr3
+ */
+ ptr[0] = 'x';
+
+ /*
+ * Move ptr3 back into place, leaving a place for ptr2:
+ * \
+ * |-----------| |-----------| / |-----------|
+ * | faulted | | unfaulted | \ | unfaulted |
+ * |-----------| |-----------| / |-----------|
+ * ptr ptr3 \ ptr2
+ */
+ ptr3 = sys_mremap(ptr3, 5 * page_size, 5 * page_size,
+ MREMAP_MAYMOVE | MREMAP_FIXED, &ptr[10 * page_size]);
+ ASSERT_NE(ptr3, MAP_FAILED);
+
+ /*
+ * Finally, move ptr2 into place:
+ *
+ * |-----------|-----------|-----------|
+ * | faulted | unfaulted | unfaulted |
+ * |-----------|-----------|-----------|
+ * ptr ptr2 ptr3
+ *
+ * It should merge:
+ *
+ * |-----------------------------------|
+ * | faulted |
+ * |-----------------------------------|
+ */
+ ptr2 = sys_mremap(ptr2, 5 * page_size, 5 * page_size,
+ MREMAP_MAYMOVE | MREMAP_FIXED, &ptr[5 * page_size]);
+ ASSERT_NE(ptr2, MAP_FAILED);
+
+ ASSERT_TRUE(find_vma_procmap(procmap, ptr));
+ ASSERT_EQ(procmap->query.vma_start, (unsigned long)ptr);
+ ASSERT_EQ(procmap->query.vma_end, (unsigned long)ptr + 15 * page_size);
+}
+
+TEST_F(merge, mremap_unfaulted_between_correctly_placed_faulted)
+{
+ unsigned int page_size = self->page_size;
+ char *carveout = self->carveout;
+ struct procmap_fd *procmap = &self->procmap;
+ char *ptr, *ptr2;
+
+ /*
+ * Map one larger area:
+ *
+ * |-----------------------------------|
+ * | unfaulted |
+ * |-----------------------------------|
+ */
+ ptr = mmap(&carveout[page_size], 15 * page_size, PROT_READ | PROT_WRITE,
+ MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, 0);
+ ASSERT_NE(ptr, MAP_FAILED);
+
+ /*
+ * Fault in ptr:
+ *
+ * |-----------------------------------|
+ * | faulted |
+ * |-----------------------------------|
+ */
+ ptr[0] = 'x';
+
+ /*
+ * Unmap middle:
+ *
+ * |-----------| |-----------|
+ * | faulted | | faulted |
+ * |-----------| |-----------|
+ *
+ * Now the faulted areas are compatible with each other (anon_vma the
+ * same, vma->vm_pgoff equal to virtual page offset).
+ */
+ ASSERT_EQ(munmap(&ptr[5 * page_size], 5 * page_size), 0);
+
+ /*
+ * Map a new area, ptr2:
+ * \
+ * |-----------| |-----------| / |-----------|
+ * | faulted | | faulted | \ | unfaulted |
+ * |-----------| |-----------| / |-----------|
+ * ptr \ ptr2
+ */
+ ptr2 = mmap(&carveout[20 * page_size], 5 * page_size, PROT_READ | PROT_WRITE,
+ MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, 0);
+ ASSERT_NE(ptr2, MAP_FAILED);
+
+ /*
+ * Finally, move ptr2 into place:
+ *
+ * |-----------|-----------|-----------|
+ * | faulted | unfaulted | faulted |
+ * |-----------|-----------|-----------|
+ * ptr ptr2 ptr3
+ *
+ * It should merge:
+ *
+ * |-----------------------------------|
+ * | faulted |
+ * |-----------------------------------|
+ */
+ ptr2 = sys_mremap(ptr2, 5 * page_size, 5 * page_size,
+ MREMAP_MAYMOVE | MREMAP_FIXED, &ptr[5 * page_size]);
+ ASSERT_NE(ptr2, MAP_FAILED);
+
+ ASSERT_TRUE(find_vma_procmap(procmap, ptr));
+ ASSERT_EQ(procmap->query.vma_start, (unsigned long)ptr);
+ ASSERT_EQ(procmap->query.vma_end, (unsigned long)ptr + 15 * page_size);
+}
+
+TEST_F(merge, mremap_correct_placed_faulted)
+{
+ unsigned int page_size = self->page_size;
+ char *carveout = self->carveout;
+ struct procmap_fd *procmap = &self->procmap;
+ char *ptr, *ptr2, *ptr3;
+
+ /*
+ * Map one larger area:
+ *
+ * |-----------------------------------|
+ * | unfaulted |
+ * |-----------------------------------|
+ */
+ ptr = mmap(&carveout[page_size], 15 * page_size, PROT_READ | PROT_WRITE,
+ MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, 0);
+ ASSERT_NE(ptr, MAP_FAILED);
+
+ /*
+ * Fault in ptr:
+ *
+ * |-----------------------------------|
+ * | faulted |
+ * |-----------------------------------|
+ */
+ ptr[0] = 'x';
+
+ /*
+ * Offset the final and middle 5 pages further away:
+ * \ \
+ * |-----------| / |-----------| / |-----------|
+ * | faulted | \ | faulted | \ | faulted |
+ * |-----------| / |-----------| / |-----------|
+ * ptr \ ptr2 \ ptr3
+ */
+ ptr3 = &ptr[10 * page_size];
+ ptr3 = sys_mremap(ptr3, 5 * page_size, 5 * page_size,
+ MREMAP_MAYMOVE | MREMAP_FIXED, ptr3 + page_size * 2000);
+ ASSERT_NE(ptr3, MAP_FAILED);
+ ptr2 = &ptr[5 * page_size];
+ ptr2 = sys_mremap(ptr2, 5 * page_size, 5 * page_size,
+ MREMAP_MAYMOVE | MREMAP_FIXED, ptr2 + page_size * 1000);
+ ASSERT_NE(ptr2, MAP_FAILED);
+
+ /*
+ * Move ptr2 into its correct place:
+ * \
+ * |-----------|-----------| / |-----------|
+ * | faulted | faulted | \ | faulted |
+ * |-----------|-----------| / |-----------|
+ * ptr ptr2 \ ptr3
+ *
+ * It should merge:
+ * \
+ * |-----------------------| / |-----------|
+ * | faulted | \ | faulted |
+ * |-----------------------| / |-----------|
+ * ptr \ ptr3
+ */
+
+ ptr2 = sys_mremap(ptr2, 5 * page_size, 5 * page_size,
+ MREMAP_MAYMOVE | MREMAP_FIXED, &ptr[5 * page_size]);
+ ASSERT_NE(ptr2, MAP_FAILED);
+
+ ASSERT_TRUE(find_vma_procmap(procmap, ptr));
+ ASSERT_EQ(procmap->query.vma_start, (unsigned long)ptr);
+ ASSERT_EQ(procmap->query.vma_end, (unsigned long)ptr + 10 * page_size);
+
+ /*
+ * Now move ptr out of place:
+ * \ \
+ * |-----------| / |-----------| / |-----------|
+ * | faulted | \ | faulted | \ | faulted |
+ * |-----------| / |-----------| / |-----------|
+ * ptr2 \ ptr \ ptr3
+ */
+ ptr = sys_mremap(ptr, 5 * page_size, 5 * page_size,
+ MREMAP_MAYMOVE | MREMAP_FIXED, ptr + page_size * 1000);
+ ASSERT_NE(ptr, MAP_FAILED);
+
+ /*
+ * Now move ptr back into place:
+ * \
+ * |-----------|-----------| / |-----------|
+ * | faulted | faulted | \ | faulted |
+ * |-----------|-----------| / |-----------|
+ * ptr ptr2 \ ptr3
+ *
+ * It should merge:
+ * \
+ * |-----------------------| / |-----------|
+ * | faulted | \ | faulted |
+ * |-----------------------| / |-----------|
+ * ptr \ ptr3
+ */
+ ptr = sys_mremap(ptr, 5 * page_size, 5 * page_size,
+ MREMAP_MAYMOVE | MREMAP_FIXED, &carveout[page_size]);
+ ASSERT_NE(ptr, MAP_FAILED);
+
+ ASSERT_TRUE(find_vma_procmap(procmap, ptr));
+ ASSERT_EQ(procmap->query.vma_start, (unsigned long)ptr);
+ ASSERT_EQ(procmap->query.vma_end, (unsigned long)ptr + 10 * page_size);
+
+ /*
+ * Now move ptr out of place again:
+ * \ \
+ * |-----------| / |-----------| / |-----------|
+ * | faulted | \ | faulted | \ | faulted |
+ * |-----------| / |-----------| / |-----------|
+ * ptr2 \ ptr \ ptr3
+ */
+ ptr = sys_mremap(ptr, 5 * page_size, 5 * page_size,
+ MREMAP_MAYMOVE | MREMAP_FIXED, ptr + page_size * 1000);
+ ASSERT_NE(ptr, MAP_FAILED);
+
+ /*
+ * Now move ptr3 back into place:
+ * \
+ * |-----------|-----------| / |-----------|
+ * | faulted | faulted | \ | faulted |
+ * |-----------|-----------| / |-----------|
+ * ptr2 ptr3 \ ptr
+ *
+ * It should merge:
+ * \
+ * |-----------------------| / |-----------|
+ * | faulted | \ | faulted |
+ * |-----------------------| / |-----------|
+ * ptr2 \ ptr
+ */
+ ptr3 = sys_mremap(ptr3, 5 * page_size, 5 * page_size,
+ MREMAP_MAYMOVE | MREMAP_FIXED, &ptr2[5 * page_size]);
+ ASSERT_NE(ptr3, MAP_FAILED);
+
+ ASSERT_TRUE(find_vma_procmap(procmap, ptr2));
+ ASSERT_EQ(procmap->query.vma_start, (unsigned long)ptr2);
+ ASSERT_EQ(procmap->query.vma_end, (unsigned long)ptr2 + 10 * page_size);
+
+ /*
+ * Now move ptr back into place:
+ *
+ * |-----------|-----------------------|
+ * | faulted | faulted |
+ * |-----------|-----------------------|
+ * ptr ptr2
+ *
+ * It should merge:
+ *
+ * |-----------------------------------|
+ * | faulted |
+ * |-----------------------------------|
+ * ptr
+ */
+ ptr = sys_mremap(ptr, 5 * page_size, 5 * page_size,
+ MREMAP_MAYMOVE | MREMAP_FIXED, &carveout[page_size]);
+ ASSERT_NE(ptr, MAP_FAILED);
+
+ ASSERT_TRUE(find_vma_procmap(procmap, ptr));
+ ASSERT_EQ(procmap->query.vma_start, (unsigned long)ptr);
+ ASSERT_EQ(procmap->query.vma_end, (unsigned long)ptr + 15 * page_size);
+
+ /*
+ * Now move ptr2 out of the way:
+ * \
+ * |-----------| |-----------| / |-----------|
+ * | faulted | | faulted | \ | faulted |
+ * |-----------| |-----------| / |-----------|
+ * ptr ptr3 \ ptr2
+ */
+ ptr2 = sys_mremap(ptr2, 5 * page_size, 5 * page_size,
+ MREMAP_MAYMOVE | MREMAP_FIXED, ptr2 + page_size * 1000);
+ ASSERT_NE(ptr2, MAP_FAILED);
+
+ /*
+ * Now move it back:
+ *
+ * |-----------|-----------|-----------|
+ * | faulted | faulted | faulted |
+ * |-----------|-----------|-----------|
+ * ptr ptr2 ptr3
+ *
+ * It should merge:
+ *
+ * |-----------------------------------|
+ * | faulted |
+ * |-----------------------------------|
+ * ptr
+ */
+ ptr2 = sys_mremap(ptr2, 5 * page_size, 5 * page_size,
+ MREMAP_MAYMOVE | MREMAP_FIXED, &ptr[5 * page_size]);
+ ASSERT_NE(ptr2, MAP_FAILED);
+
+ ASSERT_TRUE(find_vma_procmap(procmap, ptr));
+ ASSERT_EQ(procmap->query.vma_start, (unsigned long)ptr);
+ ASSERT_EQ(procmap->query.vma_end, (unsigned long)ptr + 15 * page_size);
+
+ /*
+ * Move ptr3 out of place:
+ * \
+ * |-----------------------| / |-----------|
+ * | faulted | \ | faulted |
+ * |-----------------------| / |-----------|
+ * ptr \ ptr3
+ */
+ ptr3 = sys_mremap(ptr3, 5 * page_size, 5 * page_size,
+ MREMAP_MAYMOVE | MREMAP_FIXED, ptr3 + page_size * 1000);
+ ASSERT_NE(ptr3, MAP_FAILED);
+
+ /*
+ * Now move it back:
+ *
+ * |-----------|-----------|-----------|
+ * | faulted | faulted | faulted |
+ * |-----------|-----------|-----------|
+ * ptr ptr2 ptr3
+ *
+ * It should merge:
+ *
+ * |-----------------------------------|
+ * | faulted |
+ * |-----------------------------------|
+ * ptr
+ */
+ ptr3 = sys_mremap(ptr3, 5 * page_size, 5 * page_size,
+ MREMAP_MAYMOVE | MREMAP_FIXED, &ptr[10 * page_size]);
+ ASSERT_NE(ptr3, MAP_FAILED);
+
+ ASSERT_TRUE(find_vma_procmap(procmap, ptr));
+ ASSERT_EQ(procmap->query.vma_start, (unsigned long)ptr);
+ ASSERT_EQ(procmap->query.vma_end, (unsigned long)ptr + 15 * page_size);
+}
+
TEST_HARNESS_MAIN
--
2.49.0
^ permalink raw reply related [flat|nested] 22+ messages in thread
* [RFC PATCH v2 07/10] tools/testing/selftests: add MREMAP_RELOCATE_ANON merge test cases
2025-04-22 8:09 [RFC PATCH v2 00/10] mm/mremap: introduce more mergeable mremap via MREMAP_RELOCATE_ANON Lorenzo Stoakes
` (5 preceding siblings ...)
2025-04-22 8:09 ` [RFC PATCH v2 06/10] tools/testing/selftests: add mremap() cases that merge normally Lorenzo Stoakes
@ 2025-04-22 8:09 ` Lorenzo Stoakes
2025-04-22 8:09 ` [RFC PATCH v2 08/10] tools/testing/selftests: expand mremap() tests for MREMAP_RELOCATE_ANON Lorenzo Stoakes
` (2 subsequent siblings)
9 siblings, 0 replies; 22+ messages in thread
From: Lorenzo Stoakes @ 2025-04-22 8:09 UTC (permalink / raw)
To: Andrew Morton
Cc: Vlastimil Babka, Jann Horn, Liam R . Howlett, Suren Baghdasaryan,
Matthew Wilcox, David Hildenbrand, Pedro Falcato, linux-mm,
linux-kernel
Add test cases to the mm self test asserting that the merge cases which the
newly introduced MREMAP[_MUST]_RELOCATE_ANON results in merges occurring as
expected, which otherwise without it would not succeed.
This extends the newly introduced VMA merge self tests for these cases and
exhaustively attempts each merge case, asserting expected behaviour.
We use the MREMAP_MUST_RELOCATE_ANON variant to ensure that, should the
anon relocate fail, we observe an error, as quietly demoting the move to
non-relocate anon would cause unusual test failures.
We carefully document each case to make clear what we are testing.
Signed-off-by: Lorenzo Stoakes <lorenzo.stoakes@oracle.com>
---
tools/testing/selftests/mm/merge.c | 730 +++++++++++++++++++++++++++++
1 file changed, 730 insertions(+)
diff --git a/tools/testing/selftests/mm/merge.c b/tools/testing/selftests/mm/merge.c
index 746eacd0fe70..8d70c24b4303 100644
--- a/tools/testing/selftests/mm/merge.c
+++ b/tools/testing/selftests/mm/merge.c
@@ -1047,4 +1047,734 @@ TEST_F(merge, mremap_correct_placed_faulted)
ASSERT_EQ(procmap->query.vma_end, (unsigned long)ptr + 15 * page_size);
}
+TEST_F(merge, mremap_relocate_anon_faulted_after_unfaulted)
+{
+ unsigned int page_size = self->page_size;
+ char *carveout = self->carveout;
+ struct procmap_fd *procmap = &self->procmap;
+ char *ptr, *ptr2;
+
+ /*
+ * Map two distinct areas:
+ *
+ * |-----------| |-----------|
+ * | unfaulted | | unfaulted |
+ * |-----------| |-----------|
+ * ptr ptr2
+ */
+ ptr = mmap(&carveout[page_size], 5 * page_size, PROT_READ | PROT_WRITE,
+ MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, 0);
+ ASSERT_NE(ptr, MAP_FAILED);
+ ptr2 = mmap(&carveout[7 * page_size], 5 * page_size, PROT_READ | PROT_WRITE,
+ MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, 0);
+ ASSERT_NE(ptr2, MAP_FAILED);
+
+ /*
+ * Offset ptr2 further away. Note we don't have to use
+ * MREMAP_RELOCATE_ANON yet.
+ */
+ ptr2 = sys_mremap(ptr2, 5 * page_size, 5 * page_size,
+ MREMAP_MAYMOVE | MREMAP_FIXED, ptr2 + page_size * 1000);
+ ASSERT_NE(ptr2, MAP_FAILED);
+
+ /*
+ * Fault ptr2 in:
+ * \
+ * |-----------| / |-----------|
+ * | unfaulted | \ | faulted |
+ * |-----------| / |-----------|
+ * ptr \ ptr2
+ */
+ ptr2[0] = 'x';
+
+ /*
+ * Move ptr2 after ptr, using MREMAP_MUST_RELOCATE_ANON:
+ *
+ * |-----------|-----------|
+ * | unfaulted | faulted |
+ * |-----------|-----------|
+ * ptr ptr2
+ *
+ * It should merge:
+ *
+ * |-----------------------|
+ * | faulted |
+ * |-----------------------|
+ */
+ ptr2 = sys_mremap(ptr2, 5 * page_size, 5 * page_size,
+ MREMAP_MAYMOVE | MREMAP_FIXED | MREMAP_MUST_RELOCATE_ANON,
+ &ptr[5 * page_size]);
+ ASSERT_NE(ptr2, MAP_FAILED);
+
+ ASSERT_TRUE(find_vma_procmap(procmap, ptr));
+ ASSERT_EQ(procmap->query.vma_start, (unsigned long)ptr);
+ ASSERT_EQ(procmap->query.vma_end, (unsigned long)ptr + 10 * page_size);
+}
+
+TEST_F(merge, mremap_relocate_anon_faulted_before_unfaulted)
+{
+ unsigned int page_size = self->page_size;
+ char *carveout = self->carveout;
+ struct procmap_fd *procmap = &self->procmap;
+ char *ptr, *ptr2;
+
+ /*
+ * Map two distinct areas:
+ *
+ * |-----------| |-----------|
+ * | unfaulted | | unfaulted |
+ * |-----------| |-----------|
+ * ptr ptr2
+ */
+ ptr = mmap(&carveout[6 * page_size], 5 * page_size, PROT_READ | PROT_WRITE,
+ MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, 0);
+ ASSERT_NE(ptr, MAP_FAILED);
+ ptr2 = mmap(&carveout[12 * page_size], 5 * page_size, PROT_READ | PROT_WRITE,
+ MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, 0);
+ ASSERT_NE(ptr2, MAP_FAILED);
+
+ /*
+ * Offset ptr2 further away. Note we don't have to use
+ * MREMAP_RELOCATE_ANON yet.
+ */
+ ptr2 = sys_mremap(ptr2, 5 * page_size, 5 * page_size,
+ MREMAP_MAYMOVE | MREMAP_FIXED, ptr2 + page_size * 1000);
+ ASSERT_NE(ptr2, MAP_FAILED);
+
+ /*
+ * Fault ptr2 in:
+ * \
+ * |-----------| / |-----------|
+ * | unfaulted | \ | faulted |
+ * |-----------| / |-----------|
+ * ptr \ ptr2
+ */
+ ptr2[0] = 'x';
+
+ /*
+ * Move ptr2 before ptr, using MREMAP_MUST_RELOCATE_ANON:
+ *
+ * |-----------|-----------|
+ * | faulted | unfaulted |
+ * |-----------|-----------|
+ * ptr2 ptr
+ *
+ * It should merge:
+ *
+ * |-----------------------|
+ * | faulted |
+ * |-----------------------|
+ */
+ ptr2 = sys_mremap(ptr2, 5 * page_size, 5 * page_size,
+ MREMAP_MAYMOVE | MREMAP_FIXED | MREMAP_MUST_RELOCATE_ANON,
+ &carveout[page_size]);
+ ASSERT_NE(ptr2, MAP_FAILED);
+
+ ASSERT_TRUE(find_vma_procmap(procmap, ptr2));
+ ASSERT_EQ(procmap->query.vma_start, (unsigned long)ptr2);
+ ASSERT_EQ(procmap->query.vma_end, (unsigned long)ptr2 + 10 * page_size);
+}
+
+TEST_F(merge, mremap_relocate_anon_faulted_between_unfaulted)
+{
+ unsigned int page_size = self->page_size;
+ char *carveout = self->carveout;
+ struct procmap_fd *procmap = &self->procmap;
+ char *ptr, *ptr2, *ptr3;
+
+ /*
+ * Map three distinct areas:
+ *
+ * |-----------| |-----------| |-----------|
+ * | unfaulted | | unfaulted | | unfaulted |
+ * |-----------| |-----------| |-----------|
+ * ptr ptr2 ptr3
+ */
+ ptr = mmap(&carveout[page_size], 5 * page_size, PROT_READ | PROT_WRITE,
+ MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, 0);
+ ASSERT_NE(ptr, MAP_FAILED);
+ ptr2 = mmap(&carveout[7 * page_size], 5 * page_size, PROT_READ | PROT_WRITE,
+ MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, 0);
+ ASSERT_NE(ptr2, MAP_FAILED);
+ ptr3 = mmap(&carveout[14 * page_size], 5 * page_size, PROT_READ | PROT_WRITE,
+ MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, 0);
+ ASSERT_NE(ptr3, MAP_FAILED);
+
+ /*
+ * Offset ptr2 further away, and move ptr3 into position:
+ * \
+ * |-----------| |-----------| / |-----------|
+ * | unfaulted | | unfaulted | \ | unfaulted |
+ * |-----------| |-----------| / |-----------|
+ * ptr ptr3 \ ptr2
+ */
+ ptr2 = sys_mremap(ptr2, 5 * page_size, 5 * page_size,
+ MREMAP_MAYMOVE | MREMAP_FIXED, ptr2 + page_size * 1000);
+ ASSERT_NE(ptr2, MAP_FAILED);
+ ptr3 = sys_mremap(ptr3, 5 * page_size, 5 * page_size,
+ MREMAP_MAYMOVE | MREMAP_FIXED, ptr3 + page_size * 2000);
+ ASSERT_NE(ptr3, MAP_FAILED);
+ ptr3 = sys_mremap(ptr3, 5 * page_size, 5 * page_size,
+ MREMAP_MAYMOVE | MREMAP_FIXED, &ptr[10 * page_size]);
+ ASSERT_NE(ptr3, MAP_FAILED);
+
+ /*
+ * Fault in ptr2:
+ * \
+ * |-----------| |-----------| / |-----------|
+ * | unfaulted | | unfaulted | \ | faulted |
+ * |-----------| |-----------| / |-----------|
+ * ptr ptr3 \ ptr2
+ */
+ ptr2[0] = 'x';
+
+ /*
+ * Move ptr2 between ptr, ptr3, using MREMAP_MUST_RELOCATE_ANON:
+ *
+ * |-----------|-----------|-----------|
+ * | unfaulted | faulted | unfaulted |
+ * |-----------|-----------|-----------|
+ *
+ * It should merge:
+ *
+ * |-----------------------------------|
+ * | faulted |
+ * |-----------------------------------|
+ */
+ ptr2 = sys_mremap(ptr2, 5 * page_size, 5 * page_size,
+ MREMAP_MAYMOVE | MREMAP_FIXED | MREMAP_MUST_RELOCATE_ANON,
+ &ptr[5 * page_size]);
+ ASSERT_NE(ptr2, MAP_FAILED);
+
+ ASSERT_TRUE(find_vma_procmap(procmap, ptr));
+ ASSERT_EQ(procmap->query.vma_start, (unsigned long)ptr);
+ ASSERT_EQ(procmap->query.vma_end, (unsigned long)ptr + 15 * page_size);
+}
+
+TEST_F(merge, mremap_relocate_anon_faulted_after_faulted)
+{
+ unsigned int page_size = self->page_size;
+ char *carveout = self->carveout;
+ struct procmap_fd *procmap = &self->procmap;
+ char *ptr, *ptr2;
+
+ /*
+ * Map two distinct areas:
+ *
+ * |-----------| |-----------|
+ * | unfaulted | | unfaulted |
+ * |-----------| |-----------|
+ * ptr ptr2
+ */
+ ptr = mmap(&carveout[page_size], 5 * page_size, PROT_READ | PROT_WRITE,
+ MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, 0);
+ ASSERT_NE(ptr, MAP_FAILED);
+ ptr2 = mmap(&carveout[7 * page_size], 5 * page_size, PROT_READ | PROT_WRITE,
+ MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, 0);
+ ASSERT_NE(ptr2, MAP_FAILED);
+
+ /*
+ * Offset ptr2 further away. Note we don't have to use
+ * MREMAP_RELOCATE_ANON yet.
+ */
+ ptr2 = sys_mremap(ptr2, 5 * page_size, 5 * page_size,
+ MREMAP_MAYMOVE | MREMAP_FIXED, ptr2 + page_size * 1000);
+ ASSERT_NE(ptr2, MAP_FAILED);
+
+ /*
+ * Fault ptr and ptr2 in:
+ * \
+ * |-----------| / |-----------|
+ * | faulted | \ | faulted |
+ * |-----------| / |-----------|
+ * ptr \ ptr2
+ */
+ ptr[0] = 'x';
+ ptr2[0] = 'x';
+
+ /*
+ * Move ptr2 after ptr, using MREMAP_MUST_RELOCATE_ANON:
+ *
+ * |-----------|-----------|
+ * | faulted | faulted |
+ * |-----------|-----------|
+ * ptr ptr2
+ *
+ * It should merge:
+ *
+ * |-----------------------|
+ * | faulted |
+ * |-----------------------|
+ */
+ ptr2 = sys_mremap(ptr2, 5 * page_size, 5 * page_size,
+ MREMAP_MAYMOVE | MREMAP_FIXED | MREMAP_MUST_RELOCATE_ANON,
+ &ptr[5 * page_size]);
+ ASSERT_NE(ptr2, MAP_FAILED);
+
+ ASSERT_TRUE(find_vma_procmap(procmap, ptr));
+ ASSERT_EQ(procmap->query.vma_start, (unsigned long)ptr);
+ ASSERT_EQ(procmap->query.vma_end, (unsigned long)ptr + 10 * page_size);
+}
+
+TEST_F(merge, mremap_relocate_anon_faulted_before_faulted)
+{
+ unsigned int page_size = self->page_size;
+ char *carveout = self->carveout;
+ struct procmap_fd *procmap = &self->procmap;
+ char *ptr, *ptr2;
+
+ /*
+ * Map two distinct areas:
+ *
+ * |-----------| |-----------|
+ * | unfaulted | | unfaulted |
+ * |-----------| |-----------|
+ * ptr ptr2
+ */
+ ptr = mmap(&carveout[6 * page_size], 5 * page_size, PROT_READ | PROT_WRITE,
+ MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, 0);
+ ASSERT_NE(ptr, MAP_FAILED);
+ ptr2 = mmap(&carveout[12 * page_size], 5 * page_size, PROT_READ | PROT_WRITE,
+ MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, 0);
+ ASSERT_NE(ptr2, MAP_FAILED);
+
+ /*
+ * Offset ptr2 further away. Note we don't have to use
+ * MREMAP_RELOCATE_ANON yet.
+ */
+ ptr2 = sys_mremap(ptr2, 5 * page_size, 5 * page_size,
+ MREMAP_MAYMOVE | MREMAP_FIXED, ptr2 + page_size * 1000);
+ ASSERT_NE(ptr2, MAP_FAILED);
+
+ /*
+ * Fault ptr, ptr2 in:
+ * \
+ * |-----------| / |-----------|
+ * | faulted | \ | faulted |
+ * |-----------| / |-----------|
+ * ptr \ ptr2
+ */
+ ptr[0] = 'x';
+ ptr2[0] = 'x';
+
+ /*
+ * Move ptr2 before ptr, using MREMAP_MUST_RELOCATE_ANON:
+ *
+ * |-----------|-----------|
+ * | faulted | faulted |
+ * |-----------|-----------|
+ * ptr2 ptr
+ *
+ * It should merge:
+ *
+ * |-----------------------|
+ * | faulted |
+ * |-----------------------|
+ */
+ ptr2 = sys_mremap(ptr2, 5 * page_size, 5 * page_size,
+ MREMAP_MAYMOVE | MREMAP_FIXED | MREMAP_MUST_RELOCATE_ANON,
+ &carveout[page_size]);
+ ASSERT_NE(ptr2, MAP_FAILED);
+
+ ASSERT_TRUE(find_vma_procmap(procmap, ptr2));
+ ASSERT_EQ(procmap->query.vma_start, (unsigned long)ptr2);
+ ASSERT_EQ(procmap->query.vma_end, (unsigned long)ptr2 + 10 * page_size);
+}
+
+TEST_F(merge, mremap_relocate_anon_faulted_between_faulted_unfaulted)
+{
+ unsigned int page_size = self->page_size;
+ char *carveout = self->carveout;
+ struct procmap_fd *procmap = &self->procmap;
+ char *ptr, *ptr2, *ptr3;
+
+ /*
+ * Map three distinct areas:
+ *
+ * |-----------| |-----------| |-----------|
+ * | unfaulted | | unfaulted | | unfaulted |
+ * |-----------| |-----------| |-----------|
+ * ptr ptr2 ptr3
+ */
+ ptr = mmap(&carveout[page_size], 5 * page_size, PROT_READ | PROT_WRITE,
+ MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, 0);
+ ASSERT_NE(ptr, MAP_FAILED);
+ ptr2 = mmap(&carveout[7 * page_size], 5 * page_size, PROT_READ | PROT_WRITE,
+ MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, 0);
+ ASSERT_NE(ptr2, MAP_FAILED);
+ ptr3 = mmap(&carveout[14 * page_size], 5 * page_size, PROT_READ | PROT_WRITE,
+ MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, 0);
+ ASSERT_NE(ptr3, MAP_FAILED);
+
+ /*
+ * Offset ptr2 further away, and move ptr3 into position:
+ * \
+ * |-----------| |-----------| / |-----------|
+ * | unfaulted | | unfaulted | \ | unfaulted |
+ * |-----------| |-----------| / |-----------|
+ * ptr ptr3 \ ptr2
+ */
+ ptr2 = sys_mremap(ptr2, 5 * page_size, 5 * page_size,
+ MREMAP_MAYMOVE | MREMAP_FIXED, ptr2 + page_size * 1000);
+ ASSERT_NE(ptr2, MAP_FAILED);
+ ptr3 = sys_mremap(ptr3, 5 * page_size, 5 * page_size,
+ MREMAP_MAYMOVE | MREMAP_FIXED, ptr3 + page_size * 2000);
+ ASSERT_NE(ptr3, MAP_FAILED);
+ ptr3 = sys_mremap(ptr3, 5 * page_size, 5 * page_size,
+ MREMAP_MAYMOVE | MREMAP_FIXED, &ptr[10 * page_size]);
+ ASSERT_NE(ptr3, MAP_FAILED);
+
+ /*
+ * Fault in ptr, ptr2:
+ * \
+ * |-----------| |-----------| / |-----------|
+ * | faulted | | unfaulted | \ | faulted |
+ * |-----------| |-----------| / |-----------|
+ * ptr ptr3 \ ptr2
+ */
+ ptr[0] = 'x';
+ ptr2[0] = 'x';
+
+ /*
+ * Move ptr2 between ptr, ptr3, using MREMAP_MUST_RELOCATE_ANON:
+ *
+ * |-----------|-----------|-----------|
+ * | faulted | faulted | unfaulted |
+ * |-----------|-----------|-----------|
+ *
+ * It should merge:
+ *
+ * |-----------------------------------|
+ * | faulted |
+ * |-----------------------------------|
+ */
+ ptr2 = sys_mremap(ptr2, 5 * page_size, 5 * page_size,
+ MREMAP_MAYMOVE | MREMAP_FIXED | MREMAP_MUST_RELOCATE_ANON,
+ &ptr[5 * page_size]);
+ ASSERT_NE(ptr2, MAP_FAILED);
+
+ ASSERT_TRUE(find_vma_procmap(procmap, ptr));
+ ASSERT_EQ(procmap->query.vma_start, (unsigned long)ptr);
+ ASSERT_EQ(procmap->query.vma_end, (unsigned long)ptr + 15 * page_size);
+}
+
+TEST_F(merge, mremap_relocate_anon_faulted_between_unfaulted_faulted)
+{
+ unsigned int page_size = self->page_size;
+ char *carveout = self->carveout;
+ struct procmap_fd *procmap = &self->procmap;
+ char *ptr, *ptr2, *ptr3;
+
+ /*
+ * Map three distinct areas:
+ *
+ * |-----------| |-----------| |-----------|
+ * | unfaulted | | unfaulted | | unfaulted |
+ * |-----------| |-----------| |-----------|
+ * ptr ptr2 ptr3
+ */
+ ptr = mmap(&carveout[page_size], 5 * page_size, PROT_READ | PROT_WRITE,
+ MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, 0);
+ ASSERT_NE(ptr, MAP_FAILED);
+ ptr2 = mmap(&carveout[7 * page_size], 5 * page_size, PROT_READ | PROT_WRITE,
+ MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, 0);
+ ASSERT_NE(ptr2, MAP_FAILED);
+ ptr3 = mmap(&carveout[14 * page_size], 5 * page_size, PROT_READ | PROT_WRITE,
+ MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, 0);
+ ASSERT_NE(ptr3, MAP_FAILED);
+
+ /*
+ * Offset ptr2 further away, and move ptr3 into position:
+ * \
+ * |-----------| |-----------| / |-----------|
+ * | unfaulted | | unfaulted | \ | unfaulted |
+ * |-----------| |-----------| / |-----------|
+ * ptr ptr3 \ ptr2
+ */
+ ptr2 = sys_mremap(ptr2, 5 * page_size, 5 * page_size,
+ MREMAP_MAYMOVE | MREMAP_FIXED, ptr2 + page_size * 1000);
+ ASSERT_NE(ptr2, MAP_FAILED);
+ ptr3 = sys_mremap(ptr3, 5 * page_size, 5 * page_size,
+ MREMAP_MAYMOVE | MREMAP_FIXED, ptr3 + page_size * 2000);
+ ASSERT_NE(ptr3, MAP_FAILED);
+ ptr3 = sys_mremap(ptr3, 5 * page_size, 5 * page_size,
+ MREMAP_MAYMOVE | MREMAP_FIXED, &ptr[10 * page_size]);
+ ASSERT_NE(ptr3, MAP_FAILED);
+
+ /*
+ * Fault in ptr2, ptr3:
+ * \
+ * |-----------| |-----------| / |-----------|
+ * | unfaulted | | faulted | \ | faulted |
+ * |-----------| |-----------| / |-----------|
+ * ptr ptr3 \ ptr2
+ */
+ ptr2[0] = 'x';
+ ptr3[0] = 'x';
+
+ /*
+ * Move ptr2 between ptr, ptr3, using MREMAP_MUST_RELOCATE_ANON:
+ *
+ * |-----------|-----------|-----------|
+ * | unfaulted | faulted | faulted |
+ * |-----------|-----------|-----------|
+ *
+ * It should merge:
+ *
+ * |-----------------------------------|
+ * | faulted |
+ * |-----------------------------------|
+ */
+ ptr2 = sys_mremap(ptr2, 5 * page_size, 5 * page_size,
+ MREMAP_MAYMOVE | MREMAP_FIXED | MREMAP_MUST_RELOCATE_ANON,
+ &ptr[5 * page_size]);
+ ASSERT_NE(ptr2, MAP_FAILED);
+
+ ASSERT_TRUE(find_vma_procmap(procmap, ptr));
+ ASSERT_EQ(procmap->query.vma_start, (unsigned long)ptr);
+ ASSERT_EQ(procmap->query.vma_end, (unsigned long)ptr + 15 * page_size);
+}
+
+TEST_F(merge, mremap_relocate_anon_faulted_between_faulted)
+{
+ unsigned int page_size = self->page_size;
+ char *carveout = self->carveout;
+ struct procmap_fd *procmap = &self->procmap;
+ char *ptr, *ptr2, *ptr3;
+
+ /*
+ * Map three distinct areas:
+ *
+ * |-----------| |-----------| |-----------|
+ * | unfaulted | | unfaulted | | unfaulted |
+ * |-----------| |-----------| |-----------|
+ * ptr ptr2 ptr3
+ */
+ ptr = mmap(&carveout[page_size], 5 * page_size, PROT_READ | PROT_WRITE,
+ MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, 0);
+ ASSERT_NE(ptr, MAP_FAILED);
+ ptr2 = mmap(&carveout[7 * page_size], 5 * page_size, PROT_READ | PROT_WRITE,
+ MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, 0);
+ ASSERT_NE(ptr2, MAP_FAILED);
+ ptr3 = mmap(&carveout[14 * page_size], 5 * page_size, PROT_READ | PROT_WRITE,
+ MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, 0);
+ ASSERT_NE(ptr3, MAP_FAILED);
+
+ /*
+ * Offset ptr2 further away, and move ptr3 into position:
+ * \
+ * |-----------| |-----------| / |-----------|
+ * | unfaulted | | unfaulted | \ | unfaulted |
+ * |-----------| |-----------| / |-----------|
+ * ptr ptr3 \ ptr2
+ */
+ ptr2 = sys_mremap(ptr2, 5 * page_size, 5 * page_size,
+ MREMAP_MAYMOVE | MREMAP_FIXED, ptr2 + page_size * 1000);
+ ASSERT_NE(ptr2, MAP_FAILED);
+ ptr3 = sys_mremap(ptr3, 5 * page_size, 5 * page_size,
+ MREMAP_MAYMOVE | MREMAP_FIXED, ptr3 + page_size * 2000);
+ ASSERT_NE(ptr3, MAP_FAILED);
+ ptr3 = sys_mremap(ptr3, 5 * page_size, 5 * page_size,
+ MREMAP_MAYMOVE | MREMAP_FIXED, &ptr[10 * page_size]);
+ ASSERT_NE(ptr3, MAP_FAILED);
+
+ /*
+ * Fault in ptr, ptr2, ptr3:
+ * \
+ * |-----------| |-----------| / |-----------|
+ * | faulted | | faulted | \ | faulted |
+ * |-----------| |-----------| / |-----------|
+ * ptr ptr3 \ ptr2
+ */
+ ptr[0] = 'x';
+ ptr2[0] = 'x';
+ ptr3[0] = 'x';
+
+ /*
+ * Move ptr2 between ptr, ptr3, using MREMAP_MUST_RELOCATE_ANON:
+ *
+ * |-----------|-----------|-----------|
+ * | faulted | faulted | faulted |
+ * |-----------|-----------|-----------|
+ *
+ * It should merge, but only the latter two VMAs:
+ *
+ * |-----------|-----------------------|
+ * | faulted | faulted |
+ * |-----------|-----------------------|
+ */
+ ptr2 = sys_mremap(ptr2, 5 * page_size, 5 * page_size,
+ MREMAP_MAYMOVE | MREMAP_FIXED | MREMAP_MUST_RELOCATE_ANON,
+ &ptr[5 * page_size]);
+ ASSERT_NE(ptr2, MAP_FAILED);
+
+ ASSERT_TRUE(find_vma_procmap(procmap, ptr2));
+ ASSERT_EQ(procmap->query.vma_start, (unsigned long)ptr2);
+ ASSERT_EQ(procmap->query.vma_end, (unsigned long)ptr2 + 10 * page_size);
+}
+
+TEST_F(merge, mremap_relocate_anon_faulted_between_correctly_placed_faulted)
+{
+ unsigned int page_size = self->page_size;
+ char *carveout = self->carveout;
+ struct procmap_fd *procmap = &self->procmap;
+ char *ptr, *ptr2;
+
+ /*
+ * Map one larger area:
+ *
+ * |-----------------------------------|
+ * | unfaulted |
+ * |-----------------------------------|
+ */
+ ptr = mmap(&carveout[page_size], 15 * page_size, PROT_READ | PROT_WRITE,
+ MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, 0);
+ ASSERT_NE(ptr, MAP_FAILED);
+
+ /*
+ * Fault in ptr:
+ *
+ * |-----------------------------------|
+ * | faulted |
+ * |-----------------------------------|
+ */
+ ptr[0] = 'x';
+
+ /*
+ * Unmap middle:
+ *
+ * |-----------| |-----------|
+ * | faulted | | faulted |
+ * |-----------| |-----------|
+ *
+ * Now the faulted areas are compatible with each other (anon_vma the
+ * same, vma->vm_pgoff equal to virtual page offset).
+ */
+ ASSERT_EQ(munmap(&ptr[5 * page_size], 5 * page_size), 0);
+
+ /*
+ * Map a new area, ptr2:
+ * \
+ * |-----------| |-----------| / |-----------|
+ * | faulted | | faulted | \ | unfaulted |
+ * |-----------| |-----------| / |-----------|
+ * ptr \ ptr2
+ */
+ ptr2 = mmap(&carveout[20 * page_size], 5 * page_size, PROT_READ | PROT_WRITE,
+ MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, 0);
+ ASSERT_NE(ptr2, MAP_FAILED);
+
+ /*
+ * Fault it in:
+ * \
+ * |-----------| |-----------| / |-----------|
+ * | faulted | | faulted | \ | faulted |
+ * |-----------| |-----------| / |-----------|
+ * ptr \ ptr2
+ */
+ ptr2[0] = 'x';
+
+ /*
+ * Finally, move ptr2 into place, using MREMAP_MUST_RELOCATE_ANON:
+ *
+ * |-----------|-----------|-----------|
+ * | faulted | faulted | faulted |
+ * |-----------|-----------|-----------|
+ * ptr ptr2 ptr3
+ *
+ * It should merge:
+ *
+ * |-----------------------------------|
+ * | faulted |
+ * |-----------------------------------|
+ */
+ ptr2 = sys_mremap(ptr2, 5 * page_size, 5 * page_size,
+ MREMAP_MAYMOVE | MREMAP_FIXED | MREMAP_MUST_RELOCATE_ANON,
+ &ptr[5 * page_size]);
+ ASSERT_NE(ptr2, MAP_FAILED);
+
+ ASSERT_TRUE(find_vma_procmap(procmap, ptr));
+ ASSERT_EQ(procmap->query.vma_start, (unsigned long)ptr);
+ ASSERT_EQ(procmap->query.vma_end, (unsigned long)ptr + 15 * page_size);
+}
+
+TEST_F(merge, mremap_relocate_anon_mprotect_faulted_faulted)
+{
+ unsigned int page_size = self->page_size;
+ char *carveout = self->carveout;
+ struct procmap_fd *procmap = &self->procmap;
+ char *ptr, *ptr2;
+
+
+ /*
+ * Map two distinct areas:
+ *
+ * |-----------| |-----------|
+ * | unfaulted | | unfaulted |
+ * |-----------| |-----------|
+ * ptr ptr2
+ */
+ ptr = mmap(&carveout[page_size], 5 * page_size, PROT_READ | PROT_WRITE,
+ MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, 0);
+ ASSERT_NE(ptr, MAP_FAILED);
+ ptr2 = mmap(&carveout[12 * page_size], 5 * page_size, PROT_READ | PROT_WRITE,
+ MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, 0);
+ ASSERT_NE(ptr2, MAP_FAILED);
+
+ /*
+ * Fault in ptr, ptr2, mprotect() ptr2 read-only:
+ *
+ * RW RO
+ * |-----------| |-----------|
+ * | faulted | | faulted |
+ * |-----------| |-----------|
+ * ptr ptr2
+ */
+ ptr[0] = 'x';
+ ptr2[0] = 'x';
+ ASSERT_EQ(mprotect(ptr2, 5 * page_size, PROT_READ), 0);
+
+ /*
+ * Move ptr2 next to ptr:
+ *
+ * RW RO
+ * |-----------|-----------|
+ * | faulted | faulted |
+ * |-----------|-----------|
+ * ptr ptr2
+ */
+ ptr2 = sys_mremap(ptr2, 5 * page_size, 5 * page_size,
+ MREMAP_MAYMOVE | MREMAP_FIXED | MREMAP_MUST_RELOCATE_ANON,
+ &ptr[5 * page_size]);
+ ASSERT_NE(ptr2, MAP_FAILED);
+
+ /* No merge should happen. */
+ ASSERT_TRUE(find_vma_procmap(procmap, ptr));
+ ASSERT_EQ(procmap->query.vma_start, (unsigned long)ptr);
+ ASSERT_EQ(procmap->query.vma_end, (unsigned long)ptr + 5 * page_size);
+
+ /*
+ * Now mremap ptr2 RW:
+ *
+ * RW RW
+ * |-----------|-----------|
+ * | faulted | faulted |
+ * |-----------|-----------|
+ * ptr ptr2
+ *
+ * This should result in a merge:
+ *
+ * RW
+ * |-----------------------|
+ * | faulted |
+ * |-----------------------|
+ * ptr
+ */
+ ASSERT_EQ(mprotect(ptr2, 5 * page_size, PROT_READ | PROT_WRITE), 0);
+
+ ASSERT_TRUE(find_vma_procmap(procmap, ptr));
+ ASSERT_EQ(procmap->query.vma_start, (unsigned long)ptr);
+ ASSERT_EQ(procmap->query.vma_end, (unsigned long)ptr + 10 * page_size);
+}
+
TEST_HARNESS_MAIN
--
2.49.0
^ permalink raw reply related [flat|nested] 22+ messages in thread
* [RFC PATCH v2 08/10] tools/testing/selftests: expand mremap() tests for MREMAP_RELOCATE_ANON
2025-04-22 8:09 [RFC PATCH v2 00/10] mm/mremap: introduce more mergeable mremap via MREMAP_RELOCATE_ANON Lorenzo Stoakes
` (6 preceding siblings ...)
2025-04-22 8:09 ` [RFC PATCH v2 07/10] tools/testing/selftests: add MREMAP_RELOCATE_ANON merge test cases Lorenzo Stoakes
@ 2025-04-22 8:09 ` Lorenzo Stoakes
2025-04-22 8:09 ` [RFC PATCH v2 09/10] tools/testing/selftests: have CoW self test use MREMAP_RELOCATE_ANON Lorenzo Stoakes
2025-04-22 8:09 ` [RFC PATCH v2 10/10] tools/testing/selftests: test relocate anon in split huge page test Lorenzo Stoakes
9 siblings, 0 replies; 22+ messages in thread
From: Lorenzo Stoakes @ 2025-04-22 8:09 UTC (permalink / raw)
To: Andrew Morton
Cc: Vlastimil Babka, Jann Horn, Liam R . Howlett, Suren Baghdasaryan,
Matthew Wilcox, David Hildenbrand, Pedro Falcato, linux-mm,
linux-kernel
Adjust every relevant test (that is, one that moves memory) to also perform
the same test using MREMAP_MUST_RELOCATE_ANON to assert that it is behaving
as expected.
In order to avoid glibc not being up-to-date, also move to using the
mremap() system call direct, and import the linux/mman.h header, which will
use the tool linux header wrappers, to get the latest mremap defines.
Also take careful precaution in the instance where we might unexpectedly
fail the 'mremap move within range' test due to large folios mapped outside
of the range we are relocating.
In these instances, if we test with MREMAP_MUST_RELOCATE_ANON, we ensure
the folios in question are not huge. If testing with MREMAP_RELOCATE_ANON
we do not - this asserts that this correctly falls back to non-relocate
anon behaviour.
In cases where MREMAP_MUST_RELOCATE_ANON is used, we attempt to immediately
trigger reclaim to also assert that the rmap state is uncorrupted.
Signed-off-by: Lorenzo Stoakes <lorenzo.stoakes@oracle.com>
---
tools/testing/selftests/mm/mremap_test.c | 262 +++++++++++++++--------
1 file changed, 168 insertions(+), 94 deletions(-)
diff --git a/tools/testing/selftests/mm/mremap_test.c b/tools/testing/selftests/mm/mremap_test.c
index bb84476a177f..5d6ff0d1da7d 100644
--- a/tools/testing/selftests/mm/mremap_test.c
+++ b/tools/testing/selftests/mm/mremap_test.c
@@ -8,11 +8,13 @@
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
+#include <linux/mman.h>
#include <sys/mman.h>
#include <time.h>
#include <stdbool.h>
#include "../kselftest.h"
+#include "vm_util.h"
#define EXPECT_SUCCESS 0
#define EXPECT_FAILURE 1
@@ -34,6 +36,7 @@ struct config {
unsigned long long dest_alignment;
unsigned long long region_size;
int overlapping;
+ bool use_relocate_anon;
unsigned int dest_preamble_size;
};
@@ -60,7 +63,8 @@ enum {
#define PTE page_size
#define MAKE_TEST(source_align, destination_align, size, \
- overlaps, should_fail, test_name) \
+ overlaps, use_relocate_anon, should_fail, \
+ test_name) \
(struct test){ \
.name = test_name, \
.config = { \
@@ -68,6 +72,7 @@ enum {
.dest_alignment = destination_align, \
.region_size = size, \
.overlapping = overlaps, \
+ .use_relocate_anon = use_relocate_anon, \
}, \
.expect_failure = should_fail \
}
@@ -184,6 +189,12 @@ static void *get_source_mapping(struct config c)
unsigned long long addr = 0ULL;
void *src_addr = NULL;
unsigned long long mmap_min_addr;
+ int mmap_flags = MAP_FIXED_NOREPLACE | MAP_ANONYMOUS;
+
+ if (c.use_relocate_anon)
+ mmap_flags |= MAP_PRIVATE;
+ else
+ mmap_flags |= MAP_SHARED;
mmap_min_addr = get_mmap_min_addr();
/*
@@ -198,8 +209,7 @@ static void *get_source_mapping(struct config c)
goto retry;
src_addr = mmap((void *) addr, c.region_size, PROT_READ | PROT_WRITE,
- MAP_FIXED_NOREPLACE | MAP_ANONYMOUS | MAP_SHARED,
- -1, 0);
+ mmap_flags, -1, 0);
if (src_addr == MAP_FAILED) {
if (errno == EPERM || errno == EEXIST)
goto retry;
@@ -251,7 +261,7 @@ static void mremap_expand_merge(FILE *maps_fp, unsigned long page_size)
}
munmap(start + page_size, page_size);
- remap = mremap(start, page_size, 2 * page_size, 0);
+ remap = sys_mremap(start, page_size, 2 * page_size, 0, 0);
if (remap == MAP_FAILED) {
ksft_print_msg("mremap failed: %s\n", strerror(errno));
munmap(start, page_size);
@@ -292,7 +302,8 @@ static void mremap_expand_merge_offset(FILE *maps_fp, unsigned long page_size)
/* Unmap final page to ensure we have space to expand. */
munmap(start + 2 * page_size, page_size);
- remap = mremap(start + page_size, page_size, 2 * page_size, 0);
+
+ remap = sys_mremap(start + page_size, page_size, 2 * page_size, 0, 0);
if (remap == MAP_FAILED) {
ksft_print_msg("mremap failed: %s\n", strerror(errno));
munmap(start, 2 * page_size);
@@ -324,20 +335,35 @@ static void mremap_expand_merge_offset(FILE *maps_fp, unsigned long page_size)
*
* |DDDDddddSSSSssss|
*/
-static void mremap_move_within_range(unsigned int pattern_seed, char *rand_addr)
+static void mremap_move_within_range(unsigned int pattern_seed, char *rand_addr,
+ char *test_suffix, int extra_flags)
{
char *test_name = "mremap mremap move within range";
void *src, *dest;
unsigned int i, success = 1;
-
size_t size = SIZE_MB(20);
void *ptr = mmap(NULL, size, PROT_READ | PROT_WRITE,
MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
+ int mremap_flags = MREMAP_MAYMOVE | MREMAP_FIXED;
+
if (ptr == MAP_FAILED) {
perror("mmap");
success = 0;
goto out;
}
+
+ /*
+ * If THP is enabled, we may end up spanning a range which has large
+ * folios not enclosed within the mapping, which will disallow the
+ * relocate.
+ *
+ * In this case, disallow huge pages in the range.
+ */
+ if (extra_flags & MREMAP_MUST_RELOCATE_ANON)
+ madvise(ptr, size, MADV_NOHUGEPAGE);
+
+ mremap_flags |= extra_flags;
+
memset(ptr, 0, size);
src = ptr + SIZE_MB(6);
@@ -348,8 +374,8 @@ static void mremap_move_within_range(unsigned int pattern_seed, char *rand_addr)
dest = src - SIZE_MB(2);
- void *new_ptr = mremap(src + SIZE_MB(1), SIZE_MB(1), SIZE_MB(1),
- MREMAP_MAYMOVE | MREMAP_FIXED, dest + SIZE_MB(1));
+ void *new_ptr = sys_mremap(src + SIZE_MB(1), SIZE_MB(1), SIZE_MB(1),
+ mremap_flags, dest + SIZE_MB(1));
if (new_ptr == MAP_FAILED) {
perror("mremap");
success = 0;
@@ -375,9 +401,9 @@ static void mremap_move_within_range(unsigned int pattern_seed, char *rand_addr)
perror("munmap");
if (success)
- ksft_test_result_pass("%s\n", test_name);
+ ksft_test_result_pass("%s%s\n", test_name, test_suffix);
else
- ksft_test_result_fail("%s\n", test_name);
+ ksft_test_result_fail("%s%s\n", test_name, test_suffix);
}
/* Returns the time taken for the remap on success else returns -1. */
@@ -390,6 +416,10 @@ static long long remap_region(struct config c, unsigned int threshold_mb,
long long start_ns, end_ns, align_mask, ret, offset;
unsigned long long threshold;
unsigned long num_chunks;
+ int mremap_flags = MREMAP_MAYMOVE | MREMAP_FIXED;
+
+ if (c.use_relocate_anon)
+ mremap_flags |= MREMAP_MUST_RELOCATE_ANON;
if (threshold_mb == VALIDATION_NO_THRESHOLD)
threshold = c.region_size;
@@ -431,10 +461,15 @@ static long long remap_region(struct config c, unsigned int threshold_mb,
}
if (c.dest_preamble_size) {
+ int mmap_flags = MAP_FIXED_NOREPLACE | MAP_ANONYMOUS;
+
+ if (c.use_relocate_anon)
+ mmap_flags |= MAP_PRIVATE;
+ else
+ mmap_flags |= MAP_SHARED;
+
dest_preamble_addr = mmap((void *) addr - c.dest_preamble_size, c.dest_preamble_size,
- PROT_READ | PROT_WRITE,
- MAP_FIXED_NOREPLACE | MAP_ANONYMOUS | MAP_SHARED,
- -1, 0);
+ PROT_READ | PROT_WRITE, mmap_flags, -1, 0);
if (dest_preamble_addr == MAP_FAILED) {
ksft_print_msg("Failed to map dest preamble region: %s\n",
strerror(errno));
@@ -447,8 +482,8 @@ static long long remap_region(struct config c, unsigned int threshold_mb,
}
clock_gettime(CLOCK_MONOTONIC, &t_start);
- dest_addr = mremap(src_addr, c.region_size, c.region_size,
- MREMAP_MAYMOVE|MREMAP_FIXED, (char *) addr);
+ dest_addr = sys_mremap(src_addr, c.region_size, c.region_size,
+ mremap_flags, (char *) addr);
clock_gettime(CLOCK_MONOTONIC, &t_end);
if (dest_addr == MAP_FAILED) {
@@ -549,6 +584,10 @@ static long long remap_region(struct config c, unsigned int threshold_mb,
* subsequent tests. So we clean up mappings after each test.
*/
clean_up_dest:
+ /* Trigger reclaim to assert that adjusted rmap state is valid. */
+ if (c.use_relocate_anon)
+ madvise(dest_addr, c.region_size, MADV_PAGEOUT);
+
munmap(dest_addr, c.region_size);
clean_up_dest_preamble:
if (c.dest_preamble_size && dest_preamble_addr)
@@ -565,16 +604,19 @@ static long long remap_region(struct config c, unsigned int threshold_mb,
* down address landed on a mapping that maybe does not exist.
*/
static void mremap_move_1mb_from_start(unsigned int pattern_seed,
- char *rand_addr)
+ char *rand_addr, char *test_suffix,
+ int extra_flags)
{
char *test_name = "mremap move 1mb from start at 1MB+256KB aligned src";
void *src = NULL, *dest = NULL;
unsigned int i, success = 1;
-
+ int mremap_flags = MREMAP_MAYMOVE | MREMAP_FIXED;
/* Config to reuse get_source_mapping() to do an aligned mmap. */
struct config c = {
.src_alignment = SIZE_MB(1) + SIZE_KB(256),
- .region_size = SIZE_MB(6)
+ .region_size = SIZE_MB(6),
+ .use_relocate_anon = extra_flags & (MREMAP_RELOCATE_ANON |
+ MREMAP_MUST_RELOCATE_ANON),
};
src = get_source_mapping(c);
@@ -583,6 +625,12 @@ static void mremap_move_1mb_from_start(unsigned int pattern_seed,
goto out;
}
+ /* See comment in mremap_move_within_range(). */
+ if (extra_flags & MREMAP_MUST_RELOCATE_ANON)
+ madvise(src, c.region_size, MADV_NOHUGEPAGE);
+
+ mremap_flags |= extra_flags;
+
c.src_alignment = SIZE_MB(1) + SIZE_KB(256);
dest = get_source_mapping(c);
if (!dest) {
@@ -599,8 +647,8 @@ static void mremap_move_1mb_from_start(unsigned int pattern_seed,
*/
munmap(dest, SIZE_MB(1));
- void *new_ptr = mremap(src + SIZE_MB(1), SIZE_MB(1), SIZE_MB(1),
- MREMAP_MAYMOVE | MREMAP_FIXED, dest + SIZE_MB(1));
+ void *new_ptr = sys_mremap(src + SIZE_MB(1), SIZE_MB(1), SIZE_MB(1),
+ mremap_flags, dest + SIZE_MB(1));
if (new_ptr == MAP_FAILED) {
perror("mremap");
success = 0;
@@ -629,9 +677,10 @@ static void mremap_move_1mb_from_start(unsigned int pattern_seed,
perror("munmap dest");
if (success)
- ksft_test_result_pass("%s\n", test_name);
+ ksft_test_result_pass("%s%s\n", test_name, test_suffix);
+
else
- ksft_test_result_fail("%s\n", test_name);
+ ksft_test_result_fail("%s%s\n", test_name, test_suffix);
}
static void run_mremap_test_case(struct test test_case, int *failures,
@@ -640,13 +689,17 @@ static void run_mremap_test_case(struct test test_case, int *failures,
{
long long remap_time = remap_region(test_case.config, threshold_mb,
rand_addr);
+ char *relocate_anon_suffix = " [MREMAP_MUST_RELOCATE_ANON]";
+ struct config *c = &test_case.config;
if (remap_time < 0) {
if (test_case.expect_failure)
- ksft_test_result_xfail("%s\n\tExpected mremap failure\n",
- test_case.name);
+ ksft_test_result_xfail("%s%s\n\tExpected mremap failure\n",
+ test_case.name,
+ c->use_relocate_anon ? relocate_anon_suffix : "");
else {
- ksft_test_result_fail("%s\n", test_case.name);
+ ksft_test_result_fail("%s%s\n", test_case.name,
+ c->use_relocate_anon ? relocate_anon_suffix : "");
*failures += 1;
}
} else {
@@ -656,10 +709,13 @@ static void run_mremap_test_case(struct test test_case, int *failures,
*/
if (threshold_mb == VALIDATION_NO_THRESHOLD ||
test_case.config.region_size <= threshold_mb * _1MB)
- ksft_test_result_pass("%s\n\tmremap time: %12lldns\n",
- test_case.name, remap_time);
+ ksft_test_result_pass("%s%s\n\tmremap time: %12lldns\n",
+ test_case.name,
+ c->use_relocate_anon ? relocate_anon_suffix : "",
+ remap_time);
else
- ksft_test_result_pass("%s\n", test_case.name);
+ ksft_test_result_pass("%s%s\n", test_case.name,
+ c->use_relocate_anon ? relocate_anon_suffix : "");
}
}
@@ -703,8 +759,8 @@ static int parse_args(int argc, char **argv, unsigned int *threshold_mb,
return 0;
}
-#define MAX_TEST 15
-#define MAX_PERF_TEST 3
+#define MAX_TEST 30
+#define MAX_PERF_TEST 6
int main(int argc, char **argv)
{
int failures = 0;
@@ -721,12 +777,15 @@ int main(int argc, char **argv)
char *rand_addr;
size_t rand_size;
int num_expand_tests = 2;
- int num_misc_tests = 2;
+ int num_misc_tests = 6;
struct test test_cases[MAX_TEST] = {};
struct test perf_test_cases[MAX_PERF_TEST];
int page_size;
time_t t;
FILE *maps_fp;
+ bool use_relocate_anon = false;
+ struct test *test_case = test_cases;
+ struct test *perf_test_case = perf_test_cases;
pattern_seed = (unsigned int) time(&t);
@@ -763,66 +822,71 @@ int main(int argc, char **argv)
page_size = sysconf(_SC_PAGESIZE);
- /* Expected mremap failures */
- test_cases[0] = MAKE_TEST(page_size, page_size, page_size,
- OVERLAPPING, EXPECT_FAILURE,
- "mremap - Source and Destination Regions Overlapping");
-
- test_cases[1] = MAKE_TEST(page_size, page_size/4, page_size,
- NON_OVERLAPPING, EXPECT_FAILURE,
- "mremap - Destination Address Misaligned (1KB-aligned)");
- test_cases[2] = MAKE_TEST(page_size/4, page_size, page_size,
- NON_OVERLAPPING, EXPECT_FAILURE,
- "mremap - Source Address Misaligned (1KB-aligned)");
-
- /* Src addr PTE aligned */
- test_cases[3] = MAKE_TEST(PTE, PTE, PTE * 2,
- NON_OVERLAPPING, EXPECT_SUCCESS,
- "8KB mremap - Source PTE-aligned, Destination PTE-aligned");
-
- /* Src addr 1MB aligned */
- test_cases[4] = MAKE_TEST(_1MB, PTE, _2MB, NON_OVERLAPPING, EXPECT_SUCCESS,
- "2MB mremap - Source 1MB-aligned, Destination PTE-aligned");
- test_cases[5] = MAKE_TEST(_1MB, _1MB, _2MB, NON_OVERLAPPING, EXPECT_SUCCESS,
- "2MB mremap - Source 1MB-aligned, Destination 1MB-aligned");
-
- /* Src addr PMD aligned */
- test_cases[6] = MAKE_TEST(PMD, PTE, _4MB, NON_OVERLAPPING, EXPECT_SUCCESS,
- "4MB mremap - Source PMD-aligned, Destination PTE-aligned");
- test_cases[7] = MAKE_TEST(PMD, _1MB, _4MB, NON_OVERLAPPING, EXPECT_SUCCESS,
- "4MB mremap - Source PMD-aligned, Destination 1MB-aligned");
- test_cases[8] = MAKE_TEST(PMD, PMD, _4MB, NON_OVERLAPPING, EXPECT_SUCCESS,
- "4MB mremap - Source PMD-aligned, Destination PMD-aligned");
-
- /* Src addr PUD aligned */
- test_cases[9] = MAKE_TEST(PUD, PTE, _2GB, NON_OVERLAPPING, EXPECT_SUCCESS,
- "2GB mremap - Source PUD-aligned, Destination PTE-aligned");
- test_cases[10] = MAKE_TEST(PUD, _1MB, _2GB, NON_OVERLAPPING, EXPECT_SUCCESS,
- "2GB mremap - Source PUD-aligned, Destination 1MB-aligned");
- test_cases[11] = MAKE_TEST(PUD, PMD, _2GB, NON_OVERLAPPING, EXPECT_SUCCESS,
- "2GB mremap - Source PUD-aligned, Destination PMD-aligned");
- test_cases[12] = MAKE_TEST(PUD, PUD, _2GB, NON_OVERLAPPING, EXPECT_SUCCESS,
- "2GB mremap - Source PUD-aligned, Destination PUD-aligned");
-
- /* Src and Dest addr 1MB aligned. 5MB mremap. */
- test_cases[13] = MAKE_TEST(_1MB, _1MB, _5MB, NON_OVERLAPPING, EXPECT_SUCCESS,
- "5MB mremap - Source 1MB-aligned, Destination 1MB-aligned");
-
- /* Src and Dest addr 1MB aligned. 5MB mremap. */
- test_cases[14] = MAKE_TEST(_1MB, _1MB, _5MB, NON_OVERLAPPING, EXPECT_SUCCESS,
- "5MB mremap - Source 1MB-aligned, Dest 1MB-aligned with 40MB Preamble");
- test_cases[14].config.dest_preamble_size = 10 * _4MB;
-
- perf_test_cases[0] = MAKE_TEST(page_size, page_size, _1GB, NON_OVERLAPPING, EXPECT_SUCCESS,
- "1GB mremap - Source PTE-aligned, Destination PTE-aligned");
- /*
- * mremap 1GB region - Page table level aligned time
- * comparison.
- */
- perf_test_cases[1] = MAKE_TEST(PMD, PMD, _1GB, NON_OVERLAPPING, EXPECT_SUCCESS,
- "1GB mremap - Source PMD-aligned, Destination PMD-aligned");
- perf_test_cases[2] = MAKE_TEST(PUD, PUD, _1GB, NON_OVERLAPPING, EXPECT_SUCCESS,
- "1GB mremap - Source PUD-aligned, Destination PUD-aligned");
+ do {
+ /* Expected mremap failures */
+ *test_case++ = MAKE_TEST(page_size, page_size, page_size,
+ OVERLAPPING, use_relocate_anon, EXPECT_FAILURE,
+ "mremap - Source and Destination Regions Overlapping");
+
+ *test_case++ = MAKE_TEST(page_size, page_size/4, page_size,
+ NON_OVERLAPPING, use_relocate_anon, EXPECT_FAILURE,
+ "mremap - Destination Address Misaligned (1KB-aligned)");
+ *test_case++ = MAKE_TEST(page_size/4, page_size, page_size,
+ NON_OVERLAPPING, use_relocate_anon, EXPECT_FAILURE,
+ "mremap - Source Address Misaligned (1KB-aligned)");
+
+ /* Src addr PTE aligned */
+ *test_case++ = MAKE_TEST(PTE, PTE, PTE * 2,
+ NON_OVERLAPPING, use_relocate_anon, EXPECT_SUCCESS,
+ "8KB mremap - Source PTE-aligned, Destination PTE-aligned");
+
+ /* Src addr 1MB aligned */
+ *test_case++ = MAKE_TEST(_1MB, PTE, _2MB, NON_OVERLAPPING, use_relocate_anon, EXPECT_SUCCESS,
+ "2MB mremap - Source 1MB-aligned, Destination PTE-aligned");
+ *test_case++ = MAKE_TEST(_1MB, _1MB, _2MB, NON_OVERLAPPING, use_relocate_anon, EXPECT_SUCCESS,
+ "2MB mremap - Source 1MB-aligned, Destination 1MB-aligned");
+
+ /* Src addr PMD aligned */
+ *test_case++ = MAKE_TEST(PMD, PTE, _4MB, NON_OVERLAPPING, use_relocate_anon, EXPECT_SUCCESS,
+ "4MB mremap - Source PMD-aligned, Destination PTE-aligned");
+ *test_case++ = MAKE_TEST(PMD, _1MB, _4MB, NON_OVERLAPPING, use_relocate_anon, EXPECT_SUCCESS,
+ "4MB mremap - Source PMD-aligned, Destination 1MB-aligned");
+ *test_case++ = MAKE_TEST(PMD, PMD, _4MB, NON_OVERLAPPING, use_relocate_anon, EXPECT_SUCCESS,
+ "4MB mremap - Source PMD-aligned, Destination PMD-aligned");
+
+ /* Src addr PUD aligned */
+ *test_case++ = MAKE_TEST(PUD, PTE, _2GB, NON_OVERLAPPING, use_relocate_anon, EXPECT_SUCCESS,
+ "2GB mremap - Source PUD-aligned, Destination PTE-aligned");
+ *test_case++ = MAKE_TEST(PUD, _1MB, _2GB, NON_OVERLAPPING, use_relocate_anon, EXPECT_SUCCESS,
+ "2GB mremap - Source PUD-aligned, Destination 1MB-aligned");
+ *test_case++ = MAKE_TEST(PUD, PMD, _2GB, NON_OVERLAPPING, use_relocate_anon, EXPECT_SUCCESS,
+ "2GB mremap - Source PUD-aligned, Destination PMD-aligned");
+ *test_case++ = MAKE_TEST(PUD, PUD, _2GB, NON_OVERLAPPING, use_relocate_anon, EXPECT_SUCCESS,
+ "2GB mremap - Source PUD-aligned, Destination PUD-aligned");
+
+ /* Src and Dest addr 1MB aligned. 5MB mremap. */
+ *test_case++ = MAKE_TEST(_1MB, _1MB, _5MB, NON_OVERLAPPING, use_relocate_anon, EXPECT_SUCCESS,
+ "5MB mremap - Source 1MB-aligned, Destination 1MB-aligned");
+
+ /* Src and Dest addr 1MB aligned. 5MB mremap. */
+ *test_case = MAKE_TEST(_1MB, _1MB, _5MB, NON_OVERLAPPING, use_relocate_anon, EXPECT_SUCCESS,
+ "5MB mremap - Source 1MB-aligned, Dest 1MB-aligned with 40MB Preamble");
+ test_case++->config.dest_preamble_size = 10 * _4MB;
+
+ *perf_test_case++ = MAKE_TEST(page_size, page_size, _1GB, NON_OVERLAPPING,
+ use_relocate_anon, EXPECT_SUCCESS,
+ "1GB mremap - Source PTE-aligned, Destination PTE-aligned");
+ /*
+ * mremap 1GB region - Page table level aligned time
+ * comparison.
+ */
+ *perf_test_case++ = MAKE_TEST(PMD, PMD, _1GB, NON_OVERLAPPING, use_relocate_anon, EXPECT_SUCCESS,
+ "1GB mremap - Source PMD-aligned, Destination PMD-aligned");
+ *perf_test_case++ = MAKE_TEST(PUD, PUD, _1GB, NON_OVERLAPPING, use_relocate_anon, EXPECT_SUCCESS,
+ "1GB mremap - Source PUD-aligned, Destination PUD-aligned");
+
+ use_relocate_anon = !use_relocate_anon;
+ } while (use_relocate_anon);
run_perf_tests = (threshold_mb == VALIDATION_NO_THRESHOLD) ||
(threshold_mb * _1MB >= _1GB);
@@ -846,8 +910,18 @@ int main(int argc, char **argv)
fclose(maps_fp);
- mremap_move_within_range(pattern_seed, rand_addr);
- mremap_move_1mb_from_start(pattern_seed, rand_addr);
+ mremap_move_within_range(pattern_seed, rand_addr,
+ "", 0);
+ mremap_move_within_range(pattern_seed, rand_addr,
+ "[MREMAP_RELOCATE_ANON]", MREMAP_RELOCATE_ANON);
+ mremap_move_within_range(pattern_seed, rand_addr,
+ "[MREMAP_MUST_RELOCATE_ANON]", MREMAP_MUST_RELOCATE_ANON);
+ mremap_move_1mb_from_start(pattern_seed, rand_addr,
+ "", 0);
+ mremap_move_1mb_from_start(pattern_seed, rand_addr,
+ "[MREMAP_RELOCATE_ANON]", MREMAP_RELOCATE_ANON);
+ mremap_move_1mb_from_start(pattern_seed, rand_addr,
+ "[MREMAP_MUST_RELOCATE_ANON]", MREMAP_MUST_RELOCATE_ANON);
if (run_perf_tests) {
ksft_print_msg("\n%s\n",
--
2.49.0
^ permalink raw reply related [flat|nested] 22+ messages in thread
* [RFC PATCH v2 09/10] tools/testing/selftests: have CoW self test use MREMAP_RELOCATE_ANON
2025-04-22 8:09 [RFC PATCH v2 00/10] mm/mremap: introduce more mergeable mremap via MREMAP_RELOCATE_ANON Lorenzo Stoakes
` (7 preceding siblings ...)
2025-04-22 8:09 ` [RFC PATCH v2 08/10] tools/testing/selftests: expand mremap() tests for MREMAP_RELOCATE_ANON Lorenzo Stoakes
@ 2025-04-22 8:09 ` Lorenzo Stoakes
2025-04-22 8:09 ` [RFC PATCH v2 10/10] tools/testing/selftests: test relocate anon in split huge page test Lorenzo Stoakes
9 siblings, 0 replies; 22+ messages in thread
From: Lorenzo Stoakes @ 2025-04-22 8:09 UTC (permalink / raw)
To: Andrew Morton
Cc: Vlastimil Babka, Jann Horn, Liam R . Howlett, Suren Baghdasaryan,
Matthew Wilcox, David Hildenbrand, Pedro Falcato, linux-mm,
linux-kernel
It is useful to have the CoW self-test invoke MREMAP_RELOCATE_ANON on
partial THP mappings, as this triggers folio split code paths and asserts
that this behaves correctly.
Add an additional set of tests to explicitly do so.
Signed-off-by: Lorenzo Stoakes <lorenzo.stoakes@oracle.com>
---
tools/testing/selftests/mm/cow.c | 23 +++++++++++++++++++----
1 file changed, 19 insertions(+), 4 deletions(-)
diff --git a/tools/testing/selftests/mm/cow.c b/tools/testing/selftests/mm/cow.c
index b6cfe0a4b7df..1770ebc3aa13 100644
--- a/tools/testing/selftests/mm/cow.c
+++ b/tools/testing/selftests/mm/cow.c
@@ -793,13 +793,14 @@ enum thp_run {
THP_RUN_SINGLE_PTE,
THP_RUN_SINGLE_PTE_SWAPOUT,
THP_RUN_PARTIAL_MREMAP,
+ THP_RUN_PARTIAL_MREMAP_RELOCATE_ANON,
THP_RUN_PARTIAL_SHARED,
};
static void do_run_with_thp(test_fn fn, enum thp_run thp_run, size_t thpsize)
{
char *mem, *mmap_mem, *tmp, *mremap_mem = MAP_FAILED;
- size_t size, mmap_size, mremap_size;
+ size_t size, mmap_size, mremap_size, mremap_flags;
int ret;
/* For alignment purposes, we need twice the thp size. */
@@ -869,6 +870,7 @@ static void do_run_with_thp(test_fn fn, enum thp_run thp_run, size_t thpsize)
size = pagesize;
break;
case THP_RUN_PARTIAL_MREMAP:
+ case THP_RUN_PARTIAL_MREMAP_RELOCATE_ANON:
/*
* Remap half of the THP. We need some new memory location
* for that.
@@ -880,8 +882,13 @@ static void do_run_with_thp(test_fn fn, enum thp_run thp_run, size_t thpsize)
ksft_test_result_fail("mmap() failed\n");
goto munmap;
}
- tmp = mremap(mem + mremap_size, mremap_size, mremap_size,
- MREMAP_MAYMOVE | MREMAP_FIXED, mremap_mem);
+
+ mremap_flags = MREMAP_MAYMOVE | MREMAP_FIXED;
+ if (thp_run == THP_RUN_PARTIAL_MREMAP_RELOCATE_ANON)
+ mremap_flags |= MREMAP_RELOCATE_ANON;
+
+ tmp = sys_mremap(mem + mremap_size, mremap_size, mremap_size,
+ mremap_flags, mremap_mem);
if (tmp != mremap_mem) {
ksft_test_result_fail("mremap() failed\n");
goto munmap;
@@ -988,6 +995,13 @@ static void run_with_partial_mremap_thp(test_fn fn, const char *desc, size_t siz
do_run_with_thp(fn, THP_RUN_PARTIAL_MREMAP, size);
}
+static void run_with_partial_mremap_relocate_anon_thp(test_fn fn, const char *desc, size_t size)
+{
+ ksft_print_msg("[RUN] %s ... with partially mremap(MREMAP_RELOCATE_ANON)'ed THP (%zu kB)\n",
+ desc, size / 1024);
+ do_run_with_thp(fn, THP_RUN_PARTIAL_MREMAP_RELOCATE_ANON, size);
+}
+
static void run_with_partial_shared_thp(test_fn fn, const char *desc, size_t size)
{
ksft_print_msg("[RUN] %s ... with partially shared THP (%zu kB)\n",
@@ -1181,6 +1195,7 @@ static void run_anon_test_case(struct test_case const *test_case)
run_with_single_pte_of_thp(test_case->fn, test_case->desc, size);
run_with_single_pte_of_thp_swap(test_case->fn, test_case->desc, size);
run_with_partial_mremap_thp(test_case->fn, test_case->desc, size);
+ run_with_partial_mremap_relocate_anon_thp(test_case->fn, test_case->desc, size);
run_with_partial_shared_thp(test_case->fn, test_case->desc, size);
thp_pop_settings();
@@ -1204,7 +1219,7 @@ static int tests_per_anon_test_case(void)
{
int tests = 2 + nr_hugetlbsizes;
- tests += 6 * nr_thpsizes;
+ tests += 7 * nr_thpsizes;
if (pmdsize)
tests += 2;
return tests;
--
2.49.0
^ permalink raw reply related [flat|nested] 22+ messages in thread
* [RFC PATCH v2 10/10] tools/testing/selftests: test relocate anon in split huge page test
2025-04-22 8:09 [RFC PATCH v2 00/10] mm/mremap: introduce more mergeable mremap via MREMAP_RELOCATE_ANON Lorenzo Stoakes
` (8 preceding siblings ...)
2025-04-22 8:09 ` [RFC PATCH v2 09/10] tools/testing/selftests: have CoW self test use MREMAP_RELOCATE_ANON Lorenzo Stoakes
@ 2025-04-22 8:09 ` Lorenzo Stoakes
9 siblings, 0 replies; 22+ messages in thread
From: Lorenzo Stoakes @ 2025-04-22 8:09 UTC (permalink / raw)
To: Andrew Morton
Cc: Vlastimil Babka, Jann Horn, Liam R . Howlett, Suren Baghdasaryan,
Matthew Wilcox, David Hildenbrand, Pedro Falcato, linux-mm,
linux-kernel
It's useful to explicitly test splitting of huge pages with
MREMAP_RELOCATE_ANON set, as this exercises the undo logic and ensures that
it functions correctly.
Expand the tests to do so in the instance where anon mremap() occurs, and
utilise the shared sys_mremap() function to allow for specification of the
new mremap flag (which would otherwise be filtered by glibc).
Signed-off-by: Lorenzo Stoakes <lorenzo.stoakes@oracle.com>
---
.../selftests/mm/split_huge_page_test.c | 25 +++++++++++++------
1 file changed, 17 insertions(+), 8 deletions(-)
diff --git a/tools/testing/selftests/mm/split_huge_page_test.c b/tools/testing/selftests/mm/split_huge_page_test.c
index aa7400ed0e99..1fb0c7e0318e 100644
--- a/tools/testing/selftests/mm/split_huge_page_test.c
+++ b/tools/testing/selftests/mm/split_huge_page_test.c
@@ -19,6 +19,7 @@
#include <malloc.h>
#include <stdbool.h>
#include <time.h>
+#include <linux/mman.h>
#include "vm_util.h"
#include "../kselftest.h"
@@ -180,7 +181,7 @@ void split_pmd_thp_to_order(int order)
free(one_page);
}
-void split_pte_mapped_thp(void)
+void split_pte_mapped_thp(bool relocate_anon)
{
char *one_page, *pte_mapped, *pte_mapped2;
size_t len = 4 * pmd_pagesize;
@@ -221,10 +222,14 @@ void split_pte_mapped_thp(void)
/* remap the Nth pagesize of Nth THP */
for (i = 1; i < 4; i++) {
- pte_mapped2 = mremap(one_page + pmd_pagesize * i + pagesize * i,
- pagesize, pagesize,
- MREMAP_MAYMOVE|MREMAP_FIXED,
- pte_mapped + pagesize * i);
+ int mremap_flags = MREMAP_MAYMOVE|MREMAP_FIXED;
+
+ if (relocate_anon)
+ mremap_flags |= MREMAP_RELOCATE_ANON;
+
+ pte_mapped2 = sys_mremap(one_page + pmd_pagesize * i + pagesize * i,
+ pagesize, pagesize, mremap_flags,
+ pte_mapped + pagesize * i);
if (pte_mapped2 == MAP_FAILED)
ksft_exit_fail_msg("mremap failed: %s\n", strerror(errno));
}
@@ -257,7 +262,10 @@ void split_pte_mapped_thp(void)
if (thp_size)
ksft_exit_fail_msg("Still %ld THPs not split\n", thp_size);
- ksft_test_result_pass("Split PTE-mapped huge pages successful\n");
+ if (relocate_anon)
+ ksft_test_result_pass("Split PTE-mapped huge pages w/MREMAP_RELOCATE_ANON successful\n");
+ else
+ ksft_test_result_pass("Split PTE-mapped huge pages successful\n");
munmap(one_page, len);
close(pagemap_fd);
close(kpageflags_fd);
@@ -534,7 +542,7 @@ int main(int argc, char **argv)
if (argc > 1)
optional_xfs_path = argv[1];
- ksft_set_plan(1+8+1+9+9+8*4+2);
+ ksft_set_plan(1+8+1+1+9+9+8*4+2);
pagesize = getpagesize();
pageshift = ffs(pagesize) - 1;
@@ -550,7 +558,8 @@ int main(int argc, char **argv)
if (i != 1)
split_pmd_thp_to_order(i);
- split_pte_mapped_thp();
+ split_pte_mapped_thp(/* relocate_anon= */false);
+ split_pte_mapped_thp(/* relocate_anon= */true);
for (i = 0; i < 9; i++)
split_file_backed_thp(i);
--
2.49.0
^ permalink raw reply related [flat|nested] 22+ messages in thread
* Re: [RFC PATCH v2 01/10] mm/mremap: introduce more mergeable mremap via MREMAP_RELOCATE_ANON
2025-04-22 8:09 ` [RFC PATCH v2 01/10] " Lorenzo Stoakes
@ 2025-04-30 0:47 ` Wei Yang
2025-04-30 12:50 ` Vlastimil Babka
2025-04-30 13:15 ` Lorenzo Stoakes
0 siblings, 2 replies; 22+ messages in thread
From: Wei Yang @ 2025-04-30 0:47 UTC (permalink / raw)
To: Lorenzo Stoakes
Cc: Andrew Morton, Vlastimil Babka, Jann Horn, Liam R . Howlett,
Suren Baghdasaryan, Matthew Wilcox, David Hildenbrand,
Pedro Falcato, linux-mm, linux-kernel
On Tue, Apr 22, 2025 at 09:09:20AM +0100, Lorenzo Stoakes wrote:
[...]
>+bool vma_had_uncowed_children(struct vm_area_struct *vma)
>+{
>+ struct anon_vma *anon_vma = vma ? vma->anon_vma : NULL;
>+ bool ret;
>+
>+ if (!anon_vma)
>+ return false;
>+
>+ /*
>+ * If we're mmap locked then there's no way for this count to change, as
>+ * any such change would require this lock not be held.
>+ */
>+ if (rwsem_is_locked(&vma->vm_mm->mmap_lock))
>+ return anon_vma->num_children > 1;
Hi, Lorenzo
May I have a question here?
>+
>+ /*
>+ * Any change that would increase the number of children would be
>+ * prevented by a read lock.
>+ */
>+ anon_vma_lock_read(anon_vma);
>+ ret = anon_vma->num_children > 1;
>+ anon_vma_unlock_read(anon_vma);
>+
>+ return ret;
>+}
--
Wei Yang
Help you, Help me
^ permalink raw reply [flat|nested] 22+ messages in thread
* Re: [RFC PATCH v2 01/10] mm/mremap: introduce more mergeable mremap via MREMAP_RELOCATE_ANON
2025-04-30 0:47 ` Wei Yang
@ 2025-04-30 12:50 ` Vlastimil Babka
2025-04-30 13:15 ` Lorenzo Stoakes
1 sibling, 0 replies; 22+ messages in thread
From: Vlastimil Babka @ 2025-04-30 12:50 UTC (permalink / raw)
To: Wei Yang, Lorenzo Stoakes
Cc: Andrew Morton, Jann Horn, Liam R . Howlett, Suren Baghdasaryan,
Matthew Wilcox, David Hildenbrand, Pedro Falcato, linux-mm,
linux-kernel
On 4/30/25 02:47, Wei Yang wrote:
> On Tue, Apr 22, 2025 at 09:09:20AM +0100, Lorenzo Stoakes wrote:
> [...]
>>+bool vma_had_uncowed_children(struct vm_area_struct *vma)
>>+{
>>+ struct anon_vma *anon_vma = vma ? vma->anon_vma : NULL;
>>+ bool ret;
>>+
>>+ if (!anon_vma)
>>+ return false;
>>+
>>+ /*
>>+ * If we're mmap locked then there's no way for this count to change, as
>>+ * any such change would require this lock not be held.
>>+ */
>>+ if (rwsem_is_locked(&vma->vm_mm->mmap_lock))
>>+ return anon_vma->num_children > 1;
>
> Hi, Lorenzo
>
> May I have a question here?
You're missing the actual question :)
>>+
>>+ /*
>>+ * Any change that would increase the number of children would be
>>+ * prevented by a read lock.
>>+ */
>>+ anon_vma_lock_read(anon_vma);
>>+ ret = anon_vma->num_children > 1;
>>+ anon_vma_unlock_read(anon_vma);
>>+
>>+ return ret;
>>+}
>
^ permalink raw reply [flat|nested] 22+ messages in thread
* Re: [RFC PATCH v2 01/10] mm/mremap: introduce more mergeable mremap via MREMAP_RELOCATE_ANON
2025-04-30 0:47 ` Wei Yang
2025-04-30 12:50 ` Vlastimil Babka
@ 2025-04-30 13:15 ` Lorenzo Stoakes
2025-04-30 15:41 ` Wei Yang
1 sibling, 1 reply; 22+ messages in thread
From: Lorenzo Stoakes @ 2025-04-30 13:15 UTC (permalink / raw)
To: Wei Yang
Cc: Andrew Morton, Vlastimil Babka, Jann Horn, Liam R . Howlett,
Suren Baghdasaryan, Matthew Wilcox, David Hildenbrand,
Pedro Falcato, linux-mm, linux-kernel
On Wed, Apr 30, 2025 at 12:47:03AM +0000, Wei Yang wrote:
> On Tue, Apr 22, 2025 at 09:09:20AM +0100, Lorenzo Stoakes wrote:
> [...]
> >+bool vma_had_uncowed_children(struct vm_area_struct *vma)
> >+{
> >+ struct anon_vma *anon_vma = vma ? vma->anon_vma : NULL;
> >+ bool ret;
> >+
> >+ if (!anon_vma)
> >+ return false;
> >+
> >+ /*
> >+ * If we're mmap locked then there's no way for this count to change, as
> >+ * any such change would require this lock not be held.
> >+ */
> >+ if (rwsem_is_locked(&vma->vm_mm->mmap_lock))
> >+ return anon_vma->num_children > 1;
>
> Hi, Lorenzo
>
> May I have a question here?
Just ask the question.
However, with respect, the last drive-by review you gave was not helpful,
so I strongly suggest that this is not a great use of your time.
Again, I _strongly_ suggest you focus on bug fixes or the like.
Thanks.
>
> >+
> >+ /*
> >+ * Any change that would increase the number of children would be
> >+ * prevented by a read lock.
> >+ */
> >+ anon_vma_lock_read(anon_vma);
> >+ ret = anon_vma->num_children > 1;
> >+ anon_vma_unlock_read(anon_vma);
> >+
> >+ return ret;
> >+}
>
> --
> Wei Yang
> Help you, Help me
^ permalink raw reply [flat|nested] 22+ messages in thread
* Re: [RFC PATCH v2 01/10] mm/mremap: introduce more mergeable mremap via MREMAP_RELOCATE_ANON
2025-04-30 13:15 ` Lorenzo Stoakes
@ 2025-04-30 15:41 ` Wei Yang
2025-04-30 16:07 ` Lorenzo Stoakes
0 siblings, 1 reply; 22+ messages in thread
From: Wei Yang @ 2025-04-30 15:41 UTC (permalink / raw)
To: Lorenzo Stoakes
Cc: Wei Yang, Andrew Morton, Vlastimil Babka, Jann Horn,
Liam R . Howlett, Suren Baghdasaryan, Matthew Wilcox,
David Hildenbrand, Pedro Falcato, linux-mm, linux-kernel
On Wed, Apr 30, 2025 at 02:15:24PM +0100, Lorenzo Stoakes wrote:
>On Wed, Apr 30, 2025 at 12:47:03AM +0000, Wei Yang wrote:
>> On Tue, Apr 22, 2025 at 09:09:20AM +0100, Lorenzo Stoakes wrote:
>> [...]
>> >+bool vma_had_uncowed_children(struct vm_area_struct *vma)
>> >+{
>> >+ struct anon_vma *anon_vma = vma ? vma->anon_vma : NULL;
>> >+ bool ret;
>> >+
>> >+ if (!anon_vma)
>> >+ return false;
>> >+
>> >+ /*
>> >+ * If we're mmap locked then there's no way for this count to change, as
>> >+ * any such change would require this lock not be held.
>> >+ */
>> >+ if (rwsem_is_locked(&vma->vm_mm->mmap_lock))
>> >+ return anon_vma->num_children > 1;
>>
>> Hi, Lorenzo
>>
>> May I have a question here?
>
>Just ask the question.
>
Thanks.
My question is the function is expected to return true, if we have forked a
vma from this one, right?
IMO there are cases when it has one forked child and anon_vma->num_children == 1,
which means folios are not exclusively mapped. But the function would return
false.
Or maybe I misunderstand the logic here.
>However, with respect, the last drive-by review you gave was not helpful,
>so I strongly suggest that this is not a great use of your time.
>
>Again, I _strongly_ suggest you focus on bug fixes or the like.
Thanks for your suggestion and patience. I would try to focus on bugs and skip
those subtle things.
>
>Thanks.
>
>>
>> >+
>> >+ /*
>> >+ * Any change that would increase the number of children would be
>> >+ * prevented by a read lock.
>> >+ */
>> >+ anon_vma_lock_read(anon_vma);
>> >+ ret = anon_vma->num_children > 1;
>> >+ anon_vma_unlock_read(anon_vma);
>> >+
>> >+ return ret;
>> >+}
>>
>> --
>> Wei Yang
>> Help you, Help me
--
Wei Yang
Help you, Help me
^ permalink raw reply [flat|nested] 22+ messages in thread
* Re: [RFC PATCH v2 01/10] mm/mremap: introduce more mergeable mremap via MREMAP_RELOCATE_ANON
2025-04-30 15:41 ` Wei Yang
@ 2025-04-30 16:07 ` Lorenzo Stoakes
2025-05-01 1:18 ` Wei Yang
0 siblings, 1 reply; 22+ messages in thread
From: Lorenzo Stoakes @ 2025-04-30 16:07 UTC (permalink / raw)
To: Wei Yang
Cc: Andrew Morton, Vlastimil Babka, Jann Horn, Liam R . Howlett,
Suren Baghdasaryan, Matthew Wilcox, David Hildenbrand,
Pedro Falcato, linux-mm, linux-kernel
On Wed, Apr 30, 2025 at 03:41:19PM +0000, Wei Yang wrote:
> On Wed, Apr 30, 2025 at 02:15:24PM +0100, Lorenzo Stoakes wrote:
> >On Wed, Apr 30, 2025 at 12:47:03AM +0000, Wei Yang wrote:
> >> On Tue, Apr 22, 2025 at 09:09:20AM +0100, Lorenzo Stoakes wrote:
> >> [...]
> >> >+bool vma_had_uncowed_children(struct vm_area_struct *vma)
> >> >+{
> >> >+ struct anon_vma *anon_vma = vma ? vma->anon_vma : NULL;
> >> >+ bool ret;
> >> >+
> >> >+ if (!anon_vma)
> >> >+ return false;
> >> >+
> >> >+ /*
> >> >+ * If we're mmap locked then there's no way for this count to change, as
> >> >+ * any such change would require this lock not be held.
> >> >+ */
> >> >+ if (rwsem_is_locked(&vma->vm_mm->mmap_lock))
> >> >+ return anon_vma->num_children > 1;
> >>
> >> Hi, Lorenzo
> >>
> >> May I have a question here?
> >
> >Just ask the question.
> >
>
> Thanks.
>
> My question is the function is expected to return true, if we have forked a
> vma from this one, right?
>
> IMO there are cases when it has one forked child and anon_vma->num_children == 1,
> which means folios are not exclusively mapped. But the function would return
> false.
>
> Or maybe I misunderstand the logic here.
I mean, it'd be helpful if you delineated which cases these were?
Presumably you're thiking of something like:
1. Process 1: VMA A is established. num_children == 1 (self-reference is counted).
2. Process 2: Process 1 forks, VMA B references A, a->num_children++
3. Process 3: Process 2 forks, VMA C is established (maybe you think b->num_children++?)
4. Unmap vma B, oops, a->num_children == 1 but it still has C!
But that won't happen, as VMA C will be referencing a->anon_vma, so in reality
a->anon_vma->num_children == 3, then after unmap == 2.
References to the originally faulted-in anon_vma is propagated through the
forks.
anon_vma logic is tricky, one of many reasons I want to (significantly) rework
it.
Though sadly there is a lot of _essential_ complexity, I do think we can do
better.
>
> >However, with respect, the last drive-by review you gave was not helpful,
> >so I strongly suggest that this is not a great use of your time.
> >
> >Again, I _strongly_ suggest you focus on bug fixes or the like.
>
> Thanks for your suggestion and patience. I would try to focus on bugs and skip
> those subtle things.
Thanks, you've contributed good bug reports in the past, I'm not just
recommending this for no reason! :)
David's suggested tests are also a positive way forward.
Thanks, Lorenzo
>
> >
> >Thanks.
> >
> >>
> >> >+
> >> >+ /*
> >> >+ * Any change that would increase the number of children would be
> >> >+ * prevented by a read lock.
> >> >+ */
> >> >+ anon_vma_lock_read(anon_vma);
> >> >+ ret = anon_vma->num_children > 1;
> >> >+ anon_vma_unlock_read(anon_vma);
> >> >+
> >> >+ return ret;
> >> >+}
> >>
> >> --
> >> Wei Yang
> >> Help you, Help me
>
> --
> Wei Yang
> Help you, Help me
^ permalink raw reply [flat|nested] 22+ messages in thread
* Re: [RFC PATCH v2 01/10] mm/mremap: introduce more mergeable mremap via MREMAP_RELOCATE_ANON
2025-04-30 16:07 ` Lorenzo Stoakes
@ 2025-05-01 1:18 ` Wei Yang
2025-05-01 9:27 ` Lorenzo Stoakes
0 siblings, 1 reply; 22+ messages in thread
From: Wei Yang @ 2025-05-01 1:18 UTC (permalink / raw)
To: Lorenzo Stoakes
Cc: Wei Yang, Andrew Morton, Vlastimil Babka, Jann Horn,
Liam R . Howlett, Suren Baghdasaryan, Matthew Wilcox,
David Hildenbrand, Pedro Falcato, linux-mm, linux-kernel
On Wed, Apr 30, 2025 at 05:07:40PM +0100, Lorenzo Stoakes wrote:
>On Wed, Apr 30, 2025 at 03:41:19PM +0000, Wei Yang wrote:
>> On Wed, Apr 30, 2025 at 02:15:24PM +0100, Lorenzo Stoakes wrote:
>> >On Wed, Apr 30, 2025 at 12:47:03AM +0000, Wei Yang wrote:
>> >> On Tue, Apr 22, 2025 at 09:09:20AM +0100, Lorenzo Stoakes wrote:
>> >> [...]
>> >> >+bool vma_had_uncowed_children(struct vm_area_struct *vma)
>> >> >+{
>> >> >+ struct anon_vma *anon_vma = vma ? vma->anon_vma : NULL;
>> >> >+ bool ret;
>> >> >+
>> >> >+ if (!anon_vma)
>> >> >+ return false;
>> >> >+
>> >> >+ /*
>> >> >+ * If we're mmap locked then there's no way for this count to change, as
>> >> >+ * any such change would require this lock not be held.
>> >> >+ */
>> >> >+ if (rwsem_is_locked(&vma->vm_mm->mmap_lock))
>> >> >+ return anon_vma->num_children > 1;
>> >>
>> >> Hi, Lorenzo
>> >>
>> >> May I have a question here?
>> >
>> >Just ask the question.
>> >
>>
>> Thanks.
>>
>> My question is the function is expected to return true, if we have forked a
>> vma from this one, right?
>>
>> IMO there are cases when it has one forked child and anon_vma->num_children == 1,
>> which means folios are not exclusively mapped. But the function would return
>> false.
>>
>> Or maybe I misunderstand the logic here.
>
>I mean, it'd be helpful if you delineated which cases these were?
>
Sorry, I should be more specific.
>Presumably you're thiking of something like:
>
>1. Process 1: VMA A is established. num_children == 1 (self-reference is counted).
>2. Process 2: Process 1 forks, VMA B references A, a->num_children++
>3. Process 3: Process 2 forks, VMA C is established (maybe you think b->num_children++?)
Maybe this is the key point. Will explain below at ***.
>4. Unmap vma B, oops, a->num_children == 1 but it still has C!
>
>But that won't happen, as VMA C will be referencing a->anon_vma, so in reality
>a->anon_vma->num_children == 3, then after unmap == 2.
>
The case here could be handled well, I am thinking a little different one.
Here is the case I am thinking about. If my understanding is wrong, please
correct me.
a VMA A
+-----------+ +-----------+
| | ---> | av| == a
+-----------+ +-----------+
\
\
|\ VMA B
| \ +-----------+
| > | av| == b
| +-----------+
\
\ VMA C
\ +-----------+
> | av| == c
+-----------+
1. Process 1: VMA A is established, num_children == 1
2. Process 2: Process 1 forks, a->num_children++ and b->num_children == 0
3. Process 3: Process 2 forks, b->num_children++ => b->number_children == 1
If vma_had_uncowed_children(VMA B), we would check b->number_children and
return false since it is not greater than 1. But we do have a child process 3.
***
Come back the b->num_children. After re-read your example, I guess this is the
key point. In anon_vma_fork(), we do anon_vma->parent->num_children++. So when
fork VMA C, we increase b->num_children instead of a->num_children.
To verify this, I did a quick test in my test cases in
test_fork_grand_child[1]. I see b->num_children is increased to 1 after C is
forked. Will reply in that thread and hope that would be helpful to
communicate the case.
Well, if I am not correct, feel free to correct me :-)
[1]: http://lkml.kernel.org/r/20250429090639.784-3-richard.weiyang@gmail.com
>References to the originally faulted-in anon_vma is propagated through the
>forks.
>
>anon_vma logic is tricky, one of many reasons I want to (significantly) rework
>it.
>
>Though sadly there is a lot of _essential_ complexity, I do think we can do
>better.
>
--
Wei Yang
Help you, Help me
^ permalink raw reply [flat|nested] 22+ messages in thread
* Re: [RFC PATCH v2 01/10] mm/mremap: introduce more mergeable mremap via MREMAP_RELOCATE_ANON
2025-05-01 1:18 ` Wei Yang
@ 2025-05-01 9:27 ` Lorenzo Stoakes
2025-05-01 14:35 ` Wei Yang
0 siblings, 1 reply; 22+ messages in thread
From: Lorenzo Stoakes @ 2025-05-01 9:27 UTC (permalink / raw)
To: Wei Yang
Cc: Andrew Morton, Vlastimil Babka, Jann Horn, Liam R . Howlett,
Suren Baghdasaryan, Matthew Wilcox, David Hildenbrand,
Pedro Falcato, linux-mm, linux-kernel
On Thu, May 01, 2025 at 01:18:45AM +0000, Wei Yang wrote:
> On Wed, Apr 30, 2025 at 05:07:40PM +0100, Lorenzo Stoakes wrote:
> >On Wed, Apr 30, 2025 at 03:41:19PM +0000, Wei Yang wrote:
> >> On Wed, Apr 30, 2025 at 02:15:24PM +0100, Lorenzo Stoakes wrote:
> >> >On Wed, Apr 30, 2025 at 12:47:03AM +0000, Wei Yang wrote:
> >> >> On Tue, Apr 22, 2025 at 09:09:20AM +0100, Lorenzo Stoakes wrote:
> >> >> [...]
> >> >> >+bool vma_had_uncowed_children(struct vm_area_struct *vma)
> >> >> >+{
> >> >> >+ struct anon_vma *anon_vma = vma ? vma->anon_vma : NULL;
> >> >> >+ bool ret;
> >> >> >+
> >> >> >+ if (!anon_vma)
> >> >> >+ return false;
> >> >> >+
> >> >> >+ /*
> >> >> >+ * If we're mmap locked then there's no way for this count to change, as
> >> >> >+ * any such change would require this lock not be held.
> >> >> >+ */
> >> >> >+ if (rwsem_is_locked(&vma->vm_mm->mmap_lock))
> >> >> >+ return anon_vma->num_children > 1;
> >> >>
> >> >> Hi, Lorenzo
> >> >>
> >> >> May I have a question here?
> >> >
> >> >Just ask the question.
> >> >
> >>
> >> Thanks.
> >>
> >> My question is the function is expected to return true, if we have forked a
> >> vma from this one, right?
> >>
> >> IMO there are cases when it has one forked child and anon_vma->num_children == 1,
> >> which means folios are not exclusively mapped. But the function would return
> >> false.
> >>
> >> Or maybe I misunderstand the logic here.
> >
> >I mean, it'd be helpful if you delineated which cases these were?
> >
>
> Sorry, I should be more specific.
>
> >Presumably you're thiking of something like:
> >
> >1. Process 1: VMA A is established. num_children == 1 (self-reference is counted).
> >2. Process 2: Process 1 forks, VMA B references A, a->num_children++
> >3. Process 3: Process 2 forks, VMA C is established (maybe you think b->num_children++?)
>
> Maybe this is the key point. Will explain below at ***.
>
> >4. Unmap vma B, oops, a->num_children == 1 but it still has C!
> >
> >But that won't happen, as VMA C will be referencing a->anon_vma, so in reality
> >a->anon_vma->num_children == 3, then after unmap == 2.
> >
>
> The case here could be handled well, I am thinking a little different one.
>
> Here is the case I am thinking about. If my understanding is wrong, please
> correct me.
>
> a VMA A
> +-----------+ +-----------+
> | | ---> | av| == a
> +-----------+ +-----------+
> \
> \
> |\ VMA B
> | \ +-----------+
> | > | av| == b
> | +-----------+
> \
> \ VMA C
> \ +-----------+
> > | av| == c
> +-----------+
>
> 1. Process 1: VMA A is established, num_children == 1
> 2. Process 2: Process 1 forks, a->num_children++ and b->num_children == 0
> 3. Process 3: Process 2 forks, b->num_children++ => b->number_children == 1
>
> If vma_had_uncowed_children(VMA B), we would check b->number_children and
> return false since it is not greater than 1. But we do have a child process 3.
>
> ***
>
> Come back the b->num_children. After re-read your example, I guess this is the
> key point. In anon_vma_fork(), we do anon_vma->parent->num_children++. So when
> fork VMA C, we increase b->num_children instead of a->num_children.
>
> To verify this, I did a quick test in my test cases in
> test_fork_grand_child[1]. I see b->num_children is increased to 1 after C is
> forked. Will reply in that thread and hope that would be helpful to
> communicate the case.
>
> Well, if I am not correct, feel free to correct me :-)
OK so you've expressed this in a very confusing way and the diagram is
wrong but I think I see the point.
Because of anon_vma reuse logic in anon_vma_clone() we might end up in the
situation where num_children (which strictly reports number of anon_vma
objects whose parent pointer points at that anon_vma) does not actually
correctly reflect the fact that there are multiple mappings of a folio.
I think correct approach is to also look at num_active_vmas which accounts
for this, but I think overall we should move these checks to being a 'best
guess' and remove the WARN_ON() around the multiply-mapped folio
logic. It's fine to just back out if we guesstimated wrong.
I'll also add a bunch of tests to assert specific fork scenarios.
>
> [1]: http://lkml.kernel.org/r/20250429090639.784-3-richard.weiyang@gmail.com
>
> >References to the originally faulted-in anon_vma is propagated through the
> >forks.
> >
> >anon_vma logic is tricky, one of many reasons I want to (significantly) rework
> >it.
> >
> >Though sadly there is a lot of _essential_ complexity, I do think we can do
> >better.
> >
>
> --
> Wei Yang
> Help you, Help me
^ permalink raw reply [flat|nested] 22+ messages in thread
* Re: [RFC PATCH v2 01/10] mm/mremap: introduce more mergeable mremap via MREMAP_RELOCATE_ANON
2025-05-01 9:27 ` Lorenzo Stoakes
@ 2025-05-01 14:35 ` Wei Yang
2025-05-01 14:38 ` Lorenzo Stoakes
0 siblings, 1 reply; 22+ messages in thread
From: Wei Yang @ 2025-05-01 14:35 UTC (permalink / raw)
To: Lorenzo Stoakes
Cc: Wei Yang, Andrew Morton, Vlastimil Babka, Jann Horn,
Liam R . Howlett, Suren Baghdasaryan, Matthew Wilcox,
David Hildenbrand, Pedro Falcato, linux-mm, linux-kernel
On Thu, May 01, 2025 at 10:27:47AM +0100, Lorenzo Stoakes wrote:
>On Thu, May 01, 2025 at 01:18:45AM +0000, Wei Yang wrote:
>> On Wed, Apr 30, 2025 at 05:07:40PM +0100, Lorenzo Stoakes wrote:
>> >On Wed, Apr 30, 2025 at 03:41:19PM +0000, Wei Yang wrote:
>> >> On Wed, Apr 30, 2025 at 02:15:24PM +0100, Lorenzo Stoakes wrote:
>> >> >On Wed, Apr 30, 2025 at 12:47:03AM +0000, Wei Yang wrote:
>> >> >> On Tue, Apr 22, 2025 at 09:09:20AM +0100, Lorenzo Stoakes wrote:
>> >> >> [...]
>> >> >> >+bool vma_had_uncowed_children(struct vm_area_struct *vma)
>> >> >> >+{
>> >> >> >+ struct anon_vma *anon_vma = vma ? vma->anon_vma : NULL;
>> >> >> >+ bool ret;
>> >> >> >+
>> >> >> >+ if (!anon_vma)
>> >> >> >+ return false;
>> >> >> >+
>> >> >> >+ /*
>> >> >> >+ * If we're mmap locked then there's no way for this count to change, as
>> >> >> >+ * any such change would require this lock not be held.
>> >> >> >+ */
>> >> >> >+ if (rwsem_is_locked(&vma->vm_mm->mmap_lock))
>> >> >> >+ return anon_vma->num_children > 1;
>> >> >>
>> >> >> Hi, Lorenzo
>> >> >>
>> >> >> May I have a question here?
>> >> >
>> >> >Just ask the question.
>> >> >
>> >>
>> >> Thanks.
>> >>
>> >> My question is the function is expected to return true, if we have forked a
>> >> vma from this one, right?
>> >>
>> >> IMO there are cases when it has one forked child and anon_vma->num_children == 1,
>> >> which means folios are not exclusively mapped. But the function would return
>> >> false.
>> >>
>> >> Or maybe I misunderstand the logic here.
>> >
>> >I mean, it'd be helpful if you delineated which cases these were?
>> >
>>
>> Sorry, I should be more specific.
>>
>> >Presumably you're thiking of something like:
>> >
>> >1. Process 1: VMA A is established. num_children == 1 (self-reference is counted).
>> >2. Process 2: Process 1 forks, VMA B references A, a->num_children++
>> >3. Process 3: Process 2 forks, VMA C is established (maybe you think b->num_children++?)
>>
>> Maybe this is the key point. Will explain below at ***.
>>
>> >4. Unmap vma B, oops, a->num_children == 1 but it still has C!
>> >
>> >But that won't happen, as VMA C will be referencing a->anon_vma, so in reality
>> >a->anon_vma->num_children == 3, then after unmap == 2.
>> >
>>
>> The case here could be handled well, I am thinking a little different one.
>>
>> Here is the case I am thinking about. If my understanding is wrong, please
>> correct me.
>>
>> a VMA A
>> +-----------+ +-----------+
>> | | ---> | av| == a
>> +-----------+ +-----------+
>> \
>> \
>> |\ VMA B
>> | \ +-----------+
>> | > | av| == b
>> | +-----------+
>> \
>> \ VMA C
>> \ +-----------+
>> > | av| == c
>> +-----------+
>>
>> 1. Process 1: VMA A is established, num_children == 1
>> 2. Process 2: Process 1 forks, a->num_children++ and b->num_children == 0
>> 3. Process 3: Process 2 forks, b->num_children++ => b->number_children == 1
>>
>> If vma_had_uncowed_children(VMA B), we would check b->number_children and
>> return false since it is not greater than 1. But we do have a child process 3.
>>
>> ***
>>
>> Come back the b->num_children. After re-read your example, I guess this is the
>> key point. In anon_vma_fork(), we do anon_vma->parent->num_children++. So when
>> fork VMA C, we increase b->num_children instead of a->num_children.
>>
>> To verify this, I did a quick test in my test cases in
>> test_fork_grand_child[1]. I see b->num_children is increased to 1 after C is
>> forked. Will reply in that thread and hope that would be helpful to
>> communicate the case.
>>
>> Well, if I am not correct, feel free to correct me :-)
>
>OK so you've expressed this in a very confusing way and the diagram is
>wrong but I think I see the point.
>
Sorry for my poor expression, while fortunately you get it :-)
>Because of anon_vma reuse logic in anon_vma_clone() we might end up in the
>situation where num_children (which strictly reports number of anon_vma
>objects whose parent pointer points at that anon_vma) does not actually
>correctly reflect the fact that there are multiple mappings of a folio.
>
>I think correct approach is to also look at num_active_vmas which accounts
>for this, but I think overall we should move these checks to being a 'best
>guess' and remove the WARN_ON() around the multiply-mapped folio
>logic. It's fine to just back out if we guesstimated wrong.
>
Would you mind cc me if you would spin another round? I would like to learn
more from your work.
>I'll also add a bunch of tests to assert specific fork scenarios.
>
>>
>> [1]: http://lkml.kernel.org/r/20250429090639.784-3-richard.weiyang@gmail.com
>>
>> >References to the originally faulted-in anon_vma is propagated through the
>> >forks.
>> >
>> >anon_vma logic is tricky, one of many reasons I want to (significantly) rework
>> >it.
>> >
>> >Though sadly there is a lot of _essential_ complexity, I do think we can do
>> >better.
>> >
>>
>> --
>> Wei Yang
>> Help you, Help me
--
Wei Yang
Help you, Help me
^ permalink raw reply [flat|nested] 22+ messages in thread
* Re: [RFC PATCH v2 01/10] mm/mremap: introduce more mergeable mremap via MREMAP_RELOCATE_ANON
2025-05-01 14:35 ` Wei Yang
@ 2025-05-01 14:38 ` Lorenzo Stoakes
2025-05-03 14:29 ` Lorenzo Stoakes
0 siblings, 1 reply; 22+ messages in thread
From: Lorenzo Stoakes @ 2025-05-01 14:38 UTC (permalink / raw)
To: Wei Yang
Cc: Andrew Morton, Vlastimil Babka, Jann Horn, Liam R . Howlett,
Suren Baghdasaryan, Matthew Wilcox, David Hildenbrand,
Pedro Falcato, linux-mm, linux-kernel
On Thu, May 01, 2025 at 02:35:01PM +0000, Wei Yang wrote:
> On Thu, May 01, 2025 at 10:27:47AM +0100, Lorenzo Stoakes wrote:
> >On Thu, May 01, 2025 at 01:18:45AM +0000, Wei Yang wrote:
> >> On Wed, Apr 30, 2025 at 05:07:40PM +0100, Lorenzo Stoakes wrote:
> >> >On Wed, Apr 30, 2025 at 03:41:19PM +0000, Wei Yang wrote:
> >> >> On Wed, Apr 30, 2025 at 02:15:24PM +0100, Lorenzo Stoakes wrote:
> >> >> >On Wed, Apr 30, 2025 at 12:47:03AM +0000, Wei Yang wrote:
> >> >> >> On Tue, Apr 22, 2025 at 09:09:20AM +0100, Lorenzo Stoakes wrote:
> >> >> >> [...]
> >> >> >> >+bool vma_had_uncowed_children(struct vm_area_struct *vma)
> >> >> >> >+{
> >> >> >> >+ struct anon_vma *anon_vma = vma ? vma->anon_vma : NULL;
> >> >> >> >+ bool ret;
> >> >> >> >+
> >> >> >> >+ if (!anon_vma)
> >> >> >> >+ return false;
> >> >> >> >+
> >> >> >> >+ /*
> >> >> >> >+ * If we're mmap locked then there's no way for this count to change, as
> >> >> >> >+ * any such change would require this lock not be held.
> >> >> >> >+ */
> >> >> >> >+ if (rwsem_is_locked(&vma->vm_mm->mmap_lock))
> >> >> >> >+ return anon_vma->num_children > 1;
> >> >> >>
> >> >> >> Hi, Lorenzo
> >> >> >>
> >> >> >> May I have a question here?
> >> >> >
> >> >> >Just ask the question.
> >> >> >
> >> >>
> >> >> Thanks.
> >> >>
> >> >> My question is the function is expected to return true, if we have forked a
> >> >> vma from this one, right?
> >> >>
> >> >> IMO there are cases when it has one forked child and anon_vma->num_children == 1,
> >> >> which means folios are not exclusively mapped. But the function would return
> >> >> false.
> >> >>
> >> >> Or maybe I misunderstand the logic here.
> >> >
> >> >I mean, it'd be helpful if you delineated which cases these were?
> >> >
> >>
> >> Sorry, I should be more specific.
> >>
> >> >Presumably you're thiking of something like:
> >> >
> >> >1. Process 1: VMA A is established. num_children == 1 (self-reference is counted).
> >> >2. Process 2: Process 1 forks, VMA B references A, a->num_children++
> >> >3. Process 3: Process 2 forks, VMA C is established (maybe you think b->num_children++?)
> >>
> >> Maybe this is the key point. Will explain below at ***.
> >>
> >> >4. Unmap vma B, oops, a->num_children == 1 but it still has C!
> >> >
> >> >But that won't happen, as VMA C will be referencing a->anon_vma, so in reality
> >> >a->anon_vma->num_children == 3, then after unmap == 2.
> >> >
> >>
> >> The case here could be handled well, I am thinking a little different one.
> >>
> >> Here is the case I am thinking about. If my understanding is wrong, please
> >> correct me.
> >>
> >> a VMA A
> >> +-----------+ +-----------+
> >> | | ---> | av| == a
> >> +-----------+ +-----------+
> >> \
> >> \
> >> |\ VMA B
> >> | \ +-----------+
> >> | > | av| == b
> >> | +-----------+
> >> \
> >> \ VMA C
> >> \ +-----------+
> >> > | av| == c
> >> +-----------+
> >>
> >> 1. Process 1: VMA A is established, num_children == 1
> >> 2. Process 2: Process 1 forks, a->num_children++ and b->num_children == 0
> >> 3. Process 3: Process 2 forks, b->num_children++ => b->number_children == 1
> >>
> >> If vma_had_uncowed_children(VMA B), we would check b->number_children and
> >> return false since it is not greater than 1. But we do have a child process 3.
> >>
> >> ***
> >>
> >> Come back the b->num_children. After re-read your example, I guess this is the
> >> key point. In anon_vma_fork(), we do anon_vma->parent->num_children++. So when
> >> fork VMA C, we increase b->num_children instead of a->num_children.
> >>
> >> To verify this, I did a quick test in my test cases in
> >> test_fork_grand_child[1]. I see b->num_children is increased to 1 after C is
> >> forked. Will reply in that thread and hope that would be helpful to
> >> communicate the case.
> >>
> >> Well, if I am not correct, feel free to correct me :-)
> >
> >OK so you've expressed this in a very confusing way and the diagram is
> >wrong but I think I see the point.
> >
>
> Sorry for my poor expression, while fortunately you get it :-)
No need to apologise haha, thanks for reporting this. This kind of thing is
useful, we always want reports of problems (in this case, ahead of time...).
>
> >Because of anon_vma reuse logic in anon_vma_clone() we might end up in the
> >situation where num_children (which strictly reports number of anon_vma
> >objects whose parent pointer points at that anon_vma) does not actually
> >correctly reflect the fact that there are multiple mappings of a folio.
> >
> >I think correct approach is to also look at num_active_vmas which accounts
> >for this, but I think overall we should move these checks to being a 'best
> >guess' and remove the WARN_ON() around the multiply-mapped folio
> >logic. It's fine to just back out if we guesstimated wrong.
> >
>
> Would you mind cc me if you would spin another round? I would like to learn
> more from your work.
Of course dude, if I reference somebody in a change log I always cc as a matter
of principle :)
Cheers, Lorenzo
>
> >I'll also add a bunch of tests to assert specific fork scenarios.
> >
> >>
> >> [1]: http://lkml.kernel.org/r/20250429090639.784-3-richard.weiyang@gmail.com
> >>
> >> >References to the originally faulted-in anon_vma is propagated through the
> >> >forks.
> >> >
> >> >anon_vma logic is tricky, one of many reasons I want to (significantly) rework
> >> >it.
> >> >
> >> >Though sadly there is a lot of _essential_ complexity, I do think we can do
> >> >better.
> >> >
> >>
> >> --
> >> Wei Yang
> >> Help you, Help me
>
> --
> Wei Yang
> Help you, Help me
^ permalink raw reply [flat|nested] 22+ messages in thread
* Re: [RFC PATCH v2 01/10] mm/mremap: introduce more mergeable mremap via MREMAP_RELOCATE_ANON
2025-05-01 14:38 ` Lorenzo Stoakes
@ 2025-05-03 14:29 ` Lorenzo Stoakes
2025-05-03 17:50 ` Lorenzo Stoakes
0 siblings, 1 reply; 22+ messages in thread
From: Lorenzo Stoakes @ 2025-05-03 14:29 UTC (permalink / raw)
To: Wei Yang
Cc: Andrew Morton, Vlastimil Babka, Jann Horn, Liam R . Howlett,
Suren Baghdasaryan, Matthew Wilcox, David Hildenbrand,
Pedro Falcato, linux-mm, linux-kernel
OK have dug into this some more with a drgn script to read actual kernel
metadata state and it's simpler than I thought - the root anon_vma is
self-childed, but descendent anon_vma's are not.
We can correct this with a anon_vma->root == anon_vma check. I believe
we're probably safe with anon_vma reuse, because in that instance the
anon_vma would not be mapped a shared folio.
However, to be safe, I will check this, and I as I said previously, I will
add a number of tests explicitly tested forking scenarios.
The respin should have this fully addressed.
Thanks, Lorenzo
^ permalink raw reply [flat|nested] 22+ messages in thread
* Re: [RFC PATCH v2 01/10] mm/mremap: introduce more mergeable mremap via MREMAP_RELOCATE_ANON
2025-05-03 14:29 ` Lorenzo Stoakes
@ 2025-05-03 17:50 ` Lorenzo Stoakes
0 siblings, 0 replies; 22+ messages in thread
From: Lorenzo Stoakes @ 2025-05-03 17:50 UTC (permalink / raw)
To: Wei Yang
Cc: Andrew Morton, Vlastimil Babka, Jann Horn, Liam R . Howlett,
Suren Baghdasaryan, Matthew Wilcox, David Hildenbrand,
Pedro Falcato, linux-mm, linux-kernel
On Sat, May 03, 2025 at 03:29:08PM +0100, Lorenzo Stoakes wrote:
> OK have dug into this some more with a drgn script to read actual kernel
> metadata state and it's simpler than I thought - the root anon_vma is
> self-childed, but descendent anon_vma's are not.
>
> We can correct this with a anon_vma->root == anon_vma check. I believe
> we're probably safe with anon_vma reuse, because in that instance the
> anon_vma would not be mapped a shared folio.
>
> However, to be safe, I will check this, and I as I said previously, I will
> add a number of tests explicitly tested forking scenarios.
>
> The respin should have this fully addressed.
>
> Thanks, Lorenzo
Note that in practice, this wouldn't have broken anything, as in this case you
would _have_ to have parent anon_vma's.
The root will hang around even if all VMA's unmapped also, we only clear down
anon_vma's once no references from the anon_vma exist, and by nature everything
below the root must reference it.
But the function is misleading as-is so needs fixing.
As for anon_vma re-use - this is not permitted for root anon_vma's so naturally
it requires a parented anon_vma, which again implies AVC's which the uncowed
parent check would pick up.
Additionally, the reuse implies that the folio is not mapped within the process
that first created the anon_vma, and thus the num_children counts remain correct
across the board.
See https://pastebin.com/raw/q6wzUMLi for a detailed diagram of both scenarios
with anon_vma parameters and linking derived from real-world kernel values
obtained via drgn.
These will form part of the added tests.
Cheers, Lorenzo
^ permalink raw reply [flat|nested] 22+ messages in thread
end of thread, other threads:[~2025-05-03 17:51 UTC | newest]
Thread overview: 22+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-04-22 8:09 [RFC PATCH v2 00/10] mm/mremap: introduce more mergeable mremap via MREMAP_RELOCATE_ANON Lorenzo Stoakes
2025-04-22 8:09 ` [RFC PATCH v2 01/10] " Lorenzo Stoakes
2025-04-30 0:47 ` Wei Yang
2025-04-30 12:50 ` Vlastimil Babka
2025-04-30 13:15 ` Lorenzo Stoakes
2025-04-30 15:41 ` Wei Yang
2025-04-30 16:07 ` Lorenzo Stoakes
2025-05-01 1:18 ` Wei Yang
2025-05-01 9:27 ` Lorenzo Stoakes
2025-05-01 14:35 ` Wei Yang
2025-05-01 14:38 ` Lorenzo Stoakes
2025-05-03 14:29 ` Lorenzo Stoakes
2025-05-03 17:50 ` Lorenzo Stoakes
2025-04-22 8:09 ` [RFC PATCH v2 02/10] mm/mremap: add MREMAP_MUST_RELOCATE_ANON Lorenzo Stoakes
2025-04-22 8:09 ` [RFC PATCH v2 03/10] mm/mremap: add MREMAP[_MUST]_RELOCATE_ANON support for large folios Lorenzo Stoakes
2025-04-22 8:09 ` [RFC PATCH v2 04/10] tools UAPI: Update copy of linux/mman.h from the kernel sources Lorenzo Stoakes
2025-04-22 8:09 ` [RFC PATCH v2 05/10] tools/testing/selftests: add sys_mremap() helper to vm_util.h Lorenzo Stoakes
2025-04-22 8:09 ` [RFC PATCH v2 06/10] tools/testing/selftests: add mremap() cases that merge normally Lorenzo Stoakes
2025-04-22 8:09 ` [RFC PATCH v2 07/10] tools/testing/selftests: add MREMAP_RELOCATE_ANON merge test cases Lorenzo Stoakes
2025-04-22 8:09 ` [RFC PATCH v2 08/10] tools/testing/selftests: expand mremap() tests for MREMAP_RELOCATE_ANON Lorenzo Stoakes
2025-04-22 8:09 ` [RFC PATCH v2 09/10] tools/testing/selftests: have CoW self test use MREMAP_RELOCATE_ANON Lorenzo Stoakes
2025-04-22 8:09 ` [RFC PATCH v2 10/10] tools/testing/selftests: test relocate anon in split huge page test Lorenzo Stoakes
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).