Re: [PATCH 0/9] Avoid populating unbounded num of ptes with mmap_sem held

Andy Lutomirski · 2012-12-21T16:36:21-0800

On Thu, Dec 20, 2012 at 4:49 PM, Michel Lespinasse wrote: > We have many vma manipulation functions that are fast in the typical case, > but can optionally be instructed to populate an unbounded number of ptes > within the region they work on: > - mmap with MAP_POPULATE or MAP_LOCKED flags; > - remap_file_pages() with MAP_NONBLOCK not set or when working on a > VM_LOCKED vma; > - mmap_region() and all its wrappers when mlock(MCL_FUTURE) is in effect; > - brk() when mlock(MCL_FUTURE) is in effect. > Something's buggy here. My evil test case is stuck with lots of threads spinning at 100% system time. Stack traces look like: [ ] __mlock_vma_pages_range+0x66/0x70 [ ] __mm_populate+0xf9/0x150 [ ] vm_mmap_pgoff+0x9f/0xc0 [ ] sys_mmap_pgoff+0x7e/0x150 [ ] sys_mmap+0x22/0x30 [ ] system_call_fastpath+0x16/0x1b [ ] 0xffffffffffffffff perf top says: 38.45% [kernel] [k] __mlock_vma_pages_range 33.04% [kernel] [k] __get_user_pages 28.18% [kernel] [k] __mm_populate The tasks in question use MCL_FUTURE but not MAP_POPULATE. These tasks are immune to SIGKILL. --Andy -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@kvack.org. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: email@kvack.org

[PATCH 0/9] Avoid populating unbounded num of ptes with mmap_sem held · Michel Lespinasse <hidden> · 2012-12-21
[PATCH 1/9] mm: make mlockall preserve flags other than VM_LOCKED in def_flags · Michel Lespinasse <hidden> · 2012-12-21
Re: [PATCH 1/9] mm: make mlockall preserve flags other than VM_LOCKED in def_flags · Rik van Riel <hidden> · 2012-12-22
[PATCH 4/9] mm: use mm_populate() for blocking remap_file_pages() · Michel Lespinasse <hidden> · 2012-12-21
Re: [PATCH 4/9] mm: use mm_populate() for blocking remap_file_pages() · Rik van Riel <hidden> · 2013-01-03
Re: [PATCH 4/9] mm: use mm_populate() for blocking remap_file_pages() · Tommi Rantala <hidden> · 2013-03-10
Re: [PATCH 4/9] mm: use mm_populate() for blocking remap_file_pages() · Andrew Morton <akpm@linux-foundation.org> · 2013-03-11
Re: [PATCH 4/9] mm: use mm_populate() for blocking remap_file_pages() · Michel Lespinasse <hidden> · 2013-03-12
Re: [PATCH 4/9] mm: use mm_populate() for blocking remap_file_pages() · Hillf Danton <hidden> · 2013-03-12
Re: [PATCH 4/9] mm: use mm_populate() for blocking remap_file_pages() · Michel Lespinasse <hidden> · 2013-03-12
Re: [PATCH 4/9] mm: use mm_populate() for blocking remap_file_pages() · Andrew Morton <akpm@linux-foundation.org> · 2013-03-12
[PATCH 3/9] mm: introduce mm_populate() for populating new vmas · Michel Lespinasse <hidden> · 2012-12-21
Re: [PATCH 3/9] mm: introduce mm_populate() for populating new vmas · Rik van Riel <hidden> · 2013-01-03
[PATCH 5/9] mm: use mm_populate() when adjusting brk with MCL_FUTURE in effect. · Michel Lespinasse <hidden> · 2012-12-21
Re: [PATCH 5/9] mm: use mm_populate() when adjusting brk with MCL_FUTURE in effect. · Rik van Riel <hidden> · 2013-01-03
[PATCH 6/9] mm: use mm_populate() for mremap() of VM_LOCKED vmas · Michel Lespinasse <hidden> · 2012-12-21
Re: [PATCH 6/9] mm: use mm_populate() for mremap() of VM_LOCKED vmas · Rik van Riel <hidden> · 2013-01-03
[PATCH 7/9] mm: remove flags argument to mmap_region · Michel Lespinasse <hidden> · 2012-12-21
Re: [PATCH 7/9] mm: remove flags argument to mmap_region · Rik van Riel <hidden> · 2013-01-03
[PATCH 8/9] mm: directly use __mlock_vma_pages_range() in find_extend_vma() · Michel Lespinasse <hidden> · 2012-12-21
Re: [PATCH 8/9] mm: directly use __mlock_vma_pages_range() in find_extend_vma() · Rik van Riel <hidden> · 2013-01-03
[PATCH 2/9] mm: remap_file_pages() fixes · Michel Lespinasse <hidden> · 2012-12-21
Re: [PATCH 2/9] mm: remap_file_pages() fixes · Rik van Riel <hidden> · 2013-01-03
[PATCH 9/9] mm: introduce VM_POPULATE flag to better deal with racy userspace programs · Michel Lespinasse <hidden> · 2012-12-21
Re: [PATCH 9/9] mm: introduce VM_POPULATE flag to better deal with racy userspace programs · Rik van Riel <hidden> · 2013-01-03
Re: [PATCH 0/9] Avoid populating unbounded num of ptes with mmap_sem held · Michel Lespinasse <hidden> · 2012-12-21
Re: [PATCH 0/9] Avoid populating unbounded num of ptes with mmap_sem held · Greg Ungerer <hidden> · 2012-12-22
Re: [PATCH 0/9] Avoid populating unbounded num of ptes with mmap_sem held · Greg Ungerer <hidden> · 2013-01-23
Re: [PATCH 0/9] Avoid populating unbounded num of ptes with mmap_sem held · Andy Lutomirski <luto@amacapital.net> · 2012-12-22
Re: [PATCH 0/9] Avoid populating unbounded num of ptes with mmap_sem held · Michel Lespinasse <hidden> · 2012-12-22
Re: [PATCH 0/9] Avoid populating unbounded num of ptes with mmap_sem held · Andy Lutomirski <luto@amacapital.net> · 2012-12-22
Re: [PATCH 0/9] Avoid populating unbounded num of ptes with mmap_sem held · Michel Lespinasse <hidden> · 2012-12-22
Re: [PATCH 0/9] Avoid populating unbounded num of ptes with mmap_sem held · Andy Lutomirski <luto@amacapital.net> · 2012-12-22
Re: [PATCH 0/9] Avoid populating unbounded num of ptes with mmap_sem held · Michel Lespinasse <hidden> · 2012-12-22
[PATCH 10/9] mm: make do_mmap_pgoff return populate as a size in bytes, not as a bool · Michel Lespinasse <hidden> · 2012-12-22
Re: [PATCH 10/9] mm: make do_mmap_pgoff return populate as a size in bytes, not as a bool · Rik van Riel <hidden> · 2013-01-03
Re: [PATCH 10/9] mm: make do_mmap_pgoff return populate as a size in bytes, not as a bool · Andy Lutomirski <luto@amacapital.net> · 2013-01-03
Re: [PATCH 0/9] Avoid populating unbounded num of ptes with mmap_sem held · Andy Lutomirski <luto@amacapital.net> · 2013-01-03
Re: [PATCH 0/9] Avoid populating unbounded num of ptes with mmap_sem held · Andy Lutomirski <luto@amacapital.net> · 2013-01-04
Re: [PATCH 0/9] Avoid populating unbounded num of ptes with mmap_sem held · Michel Lespinasse <hidden> · 2013-01-04

From: Andy Lutomirski <luto@amacapital.net>
Date: 2012-12-22 00:36:46
Also in: lkml

On Thu, Dec 20, 2012 at 4:49 PM, Michel Lespinasse [off-list ref] wrote:

We have many vma manipulation functions that are fast in the typical case,
but can optionally be instructed to populate an unbounded number of ptes
within the region they work on:
- mmap with MAP_POPULATE or MAP_LOCKED flags;
- remap_file_pages() with MAP_NONBLOCK not set or when working on a
  VM_LOCKED vma;
- mmap_region() and all its wrappers when mlock(MCL_FUTURE) is in effect;
- brk() when mlock(MCL_FUTURE) is in effect.

Something's buggy here.  My evil test case is stuck with lots of
threads spinning at 100% system time.  Stack traces look like:

[<0000000000000000>] __mlock_vma_pages_range+0x66/0x70
[<0000000000000000>] __mm_populate+0xf9/0x150
[<0000000000000000>] vm_mmap_pgoff+0x9f/0xc0
[<0000000000000000>] sys_mmap_pgoff+0x7e/0x150
[<0000000000000000>] sys_mmap+0x22/0x30
[<0000000000000000>] system_call_fastpath+0x16/0x1b
[<0000000000000000>] 0xffffffffffffffff

perf top says:

 38.45%  [kernel]            [k] __mlock_vma_pages_range
 33.04%  [kernel]            [k] __get_user_pages
 28.18%  [kernel]            [k] __mm_populate

The tasks in question use MCL_FUTURE but not MAP_POPULATE.  These
tasks are immune to SIGKILL.

--Andy

--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org.  For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help