On Tue 18-05-21 14:03:52, David Hildenbrand wrote:
[...]

quoted

quoted

I expect that use case might vanish over
time (eventually with new kernels and updated user space), but it might
stick for a bit.

Could you elaborate some more please?

After I raised that the current behavior of userfaultfd-wp is suboptimal,
Peter started working on a userfaultfd-wp mode that doesn't require to
prefault all pages just to have it working reliably -- getting notified when
any page changes, including ones that haven't been populated yet and would
have been populated with the shared zeropage on first access. Not sure what
the state of that is and when we might see it.

OK, thanks for the clarification. This suggests that inventing a new
interface to cover this usecase doesn't sound like the strongest
justification to me. But this doesn't mean this disqualifies it either.

quoted

quoted

Apart from that, populating the shared zeropage might be relevant in some
corner cases: I remember there are sparse matrix algorithms that operate
heavily on the shared zeropage.

I am not sure I see why this would be a useful interface for those? Zero
page read fault is really low cost. Or are you worried about cummulative
overhead by entering the kernel many times?

Yes, cumulative overhead when dealing with large, sparse matrices. Just an
example where I think it could be applied in the future -- but not that I
consider populating the shared zeropage a really important use case in
general (besides for userfaultfd-wp right now).

OK.
 
[...]

Anyhow, please suggest a way to handle it via a single flag in the kernel --
which would be some kind of heuristic as we know from MAP_POPULATE. Having
an alternative at hand would make it easier to discuss this topic further. I
certainly *don't* want MAP_POPULATE semantics when it comes to
MADV_POPULATE, especially when it comes to shared mappings. Not useful in
QEMU now and in the future.

OK, this point is still not entirely clear to me. Elsewhere you are
saying that QEMU cannot use MAP_POPULATE because it ignores errors
and also it doesn't support sparse mappings because they apply to the
whole mmap. These are all clear but it is less clear to me why the same
semantic is not applicable for QEMU when used through madvise interface
which can handle both of those.
Do I get it right that you really want to emulate the full fledged write
fault to a) limit another write fault when the content is actually
modified and b) prevent from potential errors during the write fault
(e.g. mkwrite failing on the fs data)?

We could make MADV_POPULATE act depending on the readability/writability of
a mapping. Use MADV_POPULATE_WRITE on writable mappings, use
MADV_POPULATE_READ on readable mappings. Certainly not perfect for use cases
where you have writable mappings that are mostly read only (as in the
example with fake-NVDIMMs I gave ...), but if it makes people happy, fine
with me. I mostly care about MADV_POPULATE_WRITE.

Yes, this is where my thinking was going as well. Essentially define
MADV_POPULATE as "Populate the mapping with the memory based on the
mapping access." This looks like a straightforward semantic to me and it
doesn't really require any deep knowledge of internals.

Now, I was trying to compare which of those would be more tricky to
understand and use and TBH I am not really convinced any of the two is
much better. Separate READ/WRITE modes are explicit which can be good
but it will require quite an advanced knowledge of the #PF behavior.
On the other hand MADV_POPULATE would require some tricks like mmap,
madvise and mprotect(to change to writable) when the data is really
written to. I am not sure how much of a deal this would be for QEMU for
example.

So, all that being said, I am not really sure. I am not really happy
about READ/WRITE split but if a simpler interface is going to be a bad
fit for existing usecases then I believe a proper way to go is the
document the more complex interface thoroughly.
-- 
Michal Hocko
SUSE Labs