On Mon, Aug 3, 2020 at 5:01 AM Catalin Marinas [off-list ref] wrote:

On Mon, Aug 03, 2020 at 12:32:59PM +0300, Kirill A. Shutemov wrote:

quoted

On Fri, Jul 31, 2020 at 01:32:41PM -0700, Peter Collingbourne wrote:

quoted

Introduce a new mmap flag, MAP_REFPAGE, that creates a mapping similar
to an anonymous mapping, but instead of clean pages being backed by the
zero page, they are instead backed by a so-called reference page, whose
address is specified using the offset argument to mmap. Loads from
the mapping will load directly from the reference page, and initial
stores to the mapping will copy-on-write from the reference page.

Reference pages are useful in circumstances where anonymous mappings
combined with manual stores to memory would impose undesirable costs,
either in terms of performance or RSS. Use cases are focused on heap
allocators and include:

- Pattern initialization for the heap. This is where malloc(3) gives
  you memory whose contents are filled with a non-zero pattern
  byte, in order to help detect and mitigate bugs involving use
  of uninitialized memory. Typically this is implemented by having
  the allocator memset the allocation with the pattern byte before
  returning it to the user, but for large allocations this can result
  in a significant increase in RSS, especially for allocations that
  are used sparsely. Even for dense allocations there is a needless
  impact to startup performance when it may be better to amortize it
  throughout the program. By creating allocations using a reference
  page filled with the pattern byte, we can avoid these costs.

- Pre-tagged heap memory. Memory tagging [1] is an upcoming ARMv8.5
  feature which allows for memory to be tagged in order to detect
  certain kinds of memory errors with low overhead. In order to set
  up an allocation to allow memory errors to be detected, the entire
  allocation needs to have the same tag. The issue here is similar to
  pattern initialization in the sense that large tagged allocations
  will be expensive if the tagging is done up front. The idea is that
  the allocator would create reference pages with each of the possible
  memory tags, and use those reference pages for the large allocations.

Looks like it's wrong layer to implement the functionality. Just have a
special fd that would return the same page for all vm_ops->fault and map
the fd with normal mmap(MAP_PRIVATE, fd). It will get you what you want
without touching core-mm.

Thanks, I like this idea. I will try to implement it.

I think this would work even for the arm64 MTE (though I haven't tried):
use memfd_create() to get such file descriptor, mmap() it as MAP_SHARED
to populate the initial pattern, mmap() it as MAP_PRIVATE for any
subsequent mapping that needs to be copied-on-write.

That would require a separate mmap() (i.e. separate VMA) for each
page, no? That sounds like it could be expensive both in terms of VMAs
and the number of mmap syscalls required (i.e. N/PAGE_SIZE). You could
decrease these costs by increasing the size of the memfd files to more
than a page, but that would also increase the amount of memory
required for the reference pages.

Peter

_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel