d92725256b
I observed that for each of the shared file-backed page faults, we're very likely to retry one more time for the 1st write fault upon no page. It's because we'll need to release the mmap lock for dirty rate limit purpose with balance_dirty_pages_ratelimited() (in fault_dirty_shared_page()). Then after that throttling we return VM_FAULT_RETRY. We did that probably because VM_FAULT_RETRY is the only way we can return to the fault handler at that time telling it we've released the mmap lock. However that's not ideal because it's very likely the fault does not need to be retried at all since the pgtable was well installed before the throttling, so the next continuous fault (including taking mmap read lock, walk the pgtable, etc.) could be in most cases unnecessary. It's not only slowing down page faults for shared file-backed, but also add more mmap lock contention which is in most cases not needed at all. To observe this, one could try to write to some shmem page and look at "pgfault" value in /proc/vmstat, then we should expect 2 counts for each shmem write simply because we retried, and vm event "pgfault" will capture that. To make it more efficient, add a new VM_FAULT_COMPLETED return code just to show that we've completed the whole fault and released the lock. It's also a hint that we should very possibly not need another fault immediately on this page because we've just completed it. This patch provides a ~12% perf boost on my aarch64 test VM with a simple program sequentially dirtying 400MB shmem file being mmap()ed and these are the time it needs: Before: 650.980 ms (+-1.94%) After: 569.396 ms (+-1.38%) I believe it could help more than that. We need some special care on GUP and the s390 pgfault handler (for gmap code before returning from pgfault), the rest changes in the page fault handlers should be relatively straightforward. Another thing to mention is that mm_account_fault() does take this new fault as a generic fault to be accounted, unlike VM_FAULT_RETRY. I explicitly didn't touch hmm_vma_fault() and break_ksm() because they do not handle VM_FAULT_RETRY even with existing code, so I'm literally keeping them as-is. Link: https://lkml.kernel.org/r/20220530183450.42886-1-peterx@redhat.com Signed-off-by: Peter Xu <peterx@redhat.com> Acked-by: Geert Uytterhoeven <geert@linux-m68k.org> Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org> Acked-by: Johannes Weiner <hannes@cmpxchg.org> Acked-by: Vineet Gupta <vgupta@kernel.org> Acked-by: Guo Ren <guoren@kernel.org> Acked-by: Max Filippov <jcmvbkbc@gmail.com> Acked-by: Christian Borntraeger <borntraeger@linux.ibm.com> Acked-by: Michael Ellerman <mpe@ellerman.id.au> (powerpc) Acked-by: Catalin Marinas <catalin.marinas@arm.com> Reviewed-by: Alistair Popple <apopple@nvidia.com> Reviewed-by: Ingo Molnar <mingo@kernel.org> Acked-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk> [arm part] Acked-by: Heiko Carstens <hca@linux.ibm.com> Cc: Vasily Gorbik <gor@linux.ibm.com> Cc: Stafford Horne <shorne@gmail.com> Cc: David S. Miller <davem@davemloft.net> Cc: Johannes Berg <johannes@sipsolutions.net> Cc: Brian Cain <bcain@quicinc.com> Cc: Richard Henderson <rth@twiddle.net> Cc: Richard Weinberger <richard@nod.at> Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: Janosch Frank <frankja@linux.ibm.com> Cc: Albert Ou <aou@eecs.berkeley.edu> Cc: Anton Ivanov <anton.ivanov@cambridgegreys.com> Cc: Dave Hansen <dave.hansen@linux.intel.com> Cc: Borislav Petkov <bp@alien8.de> Cc: Sven Schnelle <svens@linux.ibm.com> Cc: Andrea Arcangeli <aarcange@redhat.com> Cc: James Bottomley <James.Bottomley@HansenPartnership.com> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: Alexander Gordeev <agordeev@linux.ibm.com> Cc: Jonas Bonn <jonas@southpole.se> Cc: Will Deacon <will@kernel.org> Cc: Vlastimil Babka <vbabka@suse.cz> Cc: Michal Simek <monstr@monstr.eu> Cc: Matt Turner <mattst88@gmail.com> Cc: Paul Mackerras <paulus@samba.org> Cc: David Hildenbrand <david@redhat.com> Cc: Nicholas Piggin <npiggin@gmail.com> Cc: Palmer Dabbelt <palmer@dabbelt.com> Cc: Stefan Kristiansson <stefan.kristiansson@saunalahti.fi> Cc: Paul Walmsley <paul.walmsley@sifive.com> Cc: Ivan Kokshaysky <ink@jurassic.park.msu.ru> Cc: Chris Zankel <chris@zankel.net> Cc: Hugh Dickins <hughd@google.com> Cc: Dinh Nguyen <dinguyen@kernel.org> Cc: Rich Felker <dalias@libc.org> Cc: H. Peter Anvin <hpa@zytor.com> Cc: Andy Lutomirski <luto@kernel.org> Cc: Thomas Bogendoerfer <tsbogend@alpha.franken.de> Cc: Helge Deller <deller@gmx.de> Cc: Yoshinori Sato <ysato@users.osdn.me> Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
315 lines
7.9 KiB
C
315 lines
7.9 KiB
C
// SPDX-License-Identifier: GPL-2.0
|
|
/*
|
|
* Copyright (C) 2000 - 2007 Jeff Dike (jdike@{addtoit,linux.intel}.com)
|
|
*/
|
|
|
|
#include <linux/mm.h>
|
|
#include <linux/sched/signal.h>
|
|
#include <linux/hardirq.h>
|
|
#include <linux/module.h>
|
|
#include <linux/uaccess.h>
|
|
#include <linux/sched/debug.h>
|
|
#include <asm/current.h>
|
|
#include <asm/tlbflush.h>
|
|
#include <arch.h>
|
|
#include <as-layout.h>
|
|
#include <kern_util.h>
|
|
#include <os.h>
|
|
#include <skas.h>
|
|
|
|
/*
|
|
* Note this is constrained to return 0, -EFAULT, -EACCES, -ENOMEM by
|
|
* segv().
|
|
*/
|
|
int handle_page_fault(unsigned long address, unsigned long ip,
|
|
int is_write, int is_user, int *code_out)
|
|
{
|
|
struct mm_struct *mm = current->mm;
|
|
struct vm_area_struct *vma;
|
|
pmd_t *pmd;
|
|
pte_t *pte;
|
|
int err = -EFAULT;
|
|
unsigned int flags = FAULT_FLAG_DEFAULT;
|
|
|
|
*code_out = SEGV_MAPERR;
|
|
|
|
/*
|
|
* If the fault was with pagefaults disabled, don't take the fault, just
|
|
* fail.
|
|
*/
|
|
if (faulthandler_disabled())
|
|
goto out_nosemaphore;
|
|
|
|
if (is_user)
|
|
flags |= FAULT_FLAG_USER;
|
|
retry:
|
|
mmap_read_lock(mm);
|
|
vma = find_vma(mm, address);
|
|
if (!vma)
|
|
goto out;
|
|
else if (vma->vm_start <= address)
|
|
goto good_area;
|
|
else if (!(vma->vm_flags & VM_GROWSDOWN))
|
|
goto out;
|
|
else if (is_user && !ARCH_IS_STACKGROW(address))
|
|
goto out;
|
|
else if (expand_stack(vma, address))
|
|
goto out;
|
|
|
|
good_area:
|
|
*code_out = SEGV_ACCERR;
|
|
if (is_write) {
|
|
if (!(vma->vm_flags & VM_WRITE))
|
|
goto out;
|
|
flags |= FAULT_FLAG_WRITE;
|
|
} else {
|
|
/* Don't require VM_READ|VM_EXEC for write faults! */
|
|
if (!(vma->vm_flags & (VM_READ | VM_EXEC)))
|
|
goto out;
|
|
}
|
|
|
|
do {
|
|
vm_fault_t fault;
|
|
|
|
fault = handle_mm_fault(vma, address, flags, NULL);
|
|
|
|
if ((fault & VM_FAULT_RETRY) && fatal_signal_pending(current))
|
|
goto out_nosemaphore;
|
|
|
|
/* The fault is fully completed (including releasing mmap lock) */
|
|
if (fault & VM_FAULT_COMPLETED)
|
|
return 0;
|
|
|
|
if (unlikely(fault & VM_FAULT_ERROR)) {
|
|
if (fault & VM_FAULT_OOM) {
|
|
goto out_of_memory;
|
|
} else if (fault & VM_FAULT_SIGSEGV) {
|
|
goto out;
|
|
} else if (fault & VM_FAULT_SIGBUS) {
|
|
err = -EACCES;
|
|
goto out;
|
|
}
|
|
BUG();
|
|
}
|
|
if (fault & VM_FAULT_RETRY) {
|
|
flags |= FAULT_FLAG_TRIED;
|
|
|
|
goto retry;
|
|
}
|
|
|
|
pmd = pmd_off(mm, address);
|
|
pte = pte_offset_kernel(pmd, address);
|
|
} while (!pte_present(*pte));
|
|
err = 0;
|
|
/*
|
|
* The below warning was added in place of
|
|
* pte_mkyoung(); if (is_write) pte_mkdirty();
|
|
* If it's triggered, we'd see normally a hang here (a clean pte is
|
|
* marked read-only to emulate the dirty bit).
|
|
* However, the generic code can mark a PTE writable but clean on a
|
|
* concurrent read fault, triggering this harmlessly. So comment it out.
|
|
*/
|
|
#if 0
|
|
WARN_ON(!pte_young(*pte) || (is_write && !pte_dirty(*pte)));
|
|
#endif
|
|
flush_tlb_page(vma, address);
|
|
out:
|
|
mmap_read_unlock(mm);
|
|
out_nosemaphore:
|
|
return err;
|
|
|
|
out_of_memory:
|
|
/*
|
|
* We ran out of memory, call the OOM killer, and return the userspace
|
|
* (which will retry the fault, or kill us if we got oom-killed).
|
|
*/
|
|
mmap_read_unlock(mm);
|
|
if (!is_user)
|
|
goto out_nosemaphore;
|
|
pagefault_out_of_memory();
|
|
return 0;
|
|
}
|
|
|
|
static void show_segv_info(struct uml_pt_regs *regs)
|
|
{
|
|
struct task_struct *tsk = current;
|
|
struct faultinfo *fi = UPT_FAULTINFO(regs);
|
|
|
|
if (!unhandled_signal(tsk, SIGSEGV))
|
|
return;
|
|
|
|
if (!printk_ratelimit())
|
|
return;
|
|
|
|
printk("%s%s[%d]: segfault at %lx ip %px sp %px error %x",
|
|
task_pid_nr(tsk) > 1 ? KERN_INFO : KERN_EMERG,
|
|
tsk->comm, task_pid_nr(tsk), FAULT_ADDRESS(*fi),
|
|
(void *)UPT_IP(regs), (void *)UPT_SP(regs),
|
|
fi->error_code);
|
|
|
|
print_vma_addr(KERN_CONT " in ", UPT_IP(regs));
|
|
printk(KERN_CONT "\n");
|
|
}
|
|
|
|
static void bad_segv(struct faultinfo fi, unsigned long ip)
|
|
{
|
|
current->thread.arch.faultinfo = fi;
|
|
force_sig_fault(SIGSEGV, SEGV_ACCERR, (void __user *) FAULT_ADDRESS(fi));
|
|
}
|
|
|
|
void fatal_sigsegv(void)
|
|
{
|
|
force_fatal_sig(SIGSEGV);
|
|
do_signal(¤t->thread.regs);
|
|
/*
|
|
* This is to tell gcc that we're not returning - do_signal
|
|
* can, in general, return, but in this case, it's not, since
|
|
* we just got a fatal SIGSEGV queued.
|
|
*/
|
|
os_dump_core();
|
|
}
|
|
|
|
/**
|
|
* segv_handler() - the SIGSEGV handler
|
|
* @sig: the signal number
|
|
* @unused_si: the signal info struct; unused in this handler
|
|
* @regs: the ptrace register information
|
|
*
|
|
* The handler first extracts the faultinfo from the UML ptrace regs struct.
|
|
* If the userfault did not happen in an UML userspace process, bad_segv is called.
|
|
* Otherwise the signal did happen in a cloned userspace process, handle it.
|
|
*/
|
|
void segv_handler(int sig, struct siginfo *unused_si, struct uml_pt_regs *regs)
|
|
{
|
|
struct faultinfo * fi = UPT_FAULTINFO(regs);
|
|
|
|
if (UPT_IS_USER(regs) && !SEGV_IS_FIXABLE(fi)) {
|
|
show_segv_info(regs);
|
|
bad_segv(*fi, UPT_IP(regs));
|
|
return;
|
|
}
|
|
segv(*fi, UPT_IP(regs), UPT_IS_USER(regs), regs);
|
|
}
|
|
|
|
/*
|
|
* We give a *copy* of the faultinfo in the regs to segv.
|
|
* This must be done, since nesting SEGVs could overwrite
|
|
* the info in the regs. A pointer to the info then would
|
|
* give us bad data!
|
|
*/
|
|
unsigned long segv(struct faultinfo fi, unsigned long ip, int is_user,
|
|
struct uml_pt_regs *regs)
|
|
{
|
|
jmp_buf *catcher;
|
|
int si_code;
|
|
int err;
|
|
int is_write = FAULT_WRITE(fi);
|
|
unsigned long address = FAULT_ADDRESS(fi);
|
|
|
|
if (!is_user && regs)
|
|
current->thread.segv_regs = container_of(regs, struct pt_regs, regs);
|
|
|
|
if (!is_user && (address >= start_vm) && (address < end_vm)) {
|
|
flush_tlb_kernel_vm();
|
|
goto out;
|
|
}
|
|
else if (current->mm == NULL) {
|
|
show_regs(container_of(regs, struct pt_regs, regs));
|
|
panic("Segfault with no mm");
|
|
}
|
|
else if (!is_user && address > PAGE_SIZE && address < TASK_SIZE) {
|
|
show_regs(container_of(regs, struct pt_regs, regs));
|
|
panic("Kernel tried to access user memory at addr 0x%lx, ip 0x%lx",
|
|
address, ip);
|
|
}
|
|
|
|
if (SEGV_IS_FIXABLE(&fi))
|
|
err = handle_page_fault(address, ip, is_write, is_user,
|
|
&si_code);
|
|
else {
|
|
err = -EFAULT;
|
|
/*
|
|
* A thread accessed NULL, we get a fault, but CR2 is invalid.
|
|
* This code is used in __do_copy_from_user() of TT mode.
|
|
* XXX tt mode is gone, so maybe this isn't needed any more
|
|
*/
|
|
address = 0;
|
|
}
|
|
|
|
catcher = current->thread.fault_catcher;
|
|
if (!err)
|
|
goto out;
|
|
else if (catcher != NULL) {
|
|
current->thread.fault_addr = (void *) address;
|
|
UML_LONGJMP(catcher, 1);
|
|
}
|
|
else if (current->thread.fault_addr != NULL)
|
|
panic("fault_addr set but no fault catcher");
|
|
else if (!is_user && arch_fixup(ip, regs))
|
|
goto out;
|
|
|
|
if (!is_user) {
|
|
show_regs(container_of(regs, struct pt_regs, regs));
|
|
panic("Kernel mode fault at addr 0x%lx, ip 0x%lx",
|
|
address, ip);
|
|
}
|
|
|
|
show_segv_info(regs);
|
|
|
|
if (err == -EACCES) {
|
|
current->thread.arch.faultinfo = fi;
|
|
force_sig_fault(SIGBUS, BUS_ADRERR, (void __user *)address);
|
|
} else {
|
|
BUG_ON(err != -EFAULT);
|
|
current->thread.arch.faultinfo = fi;
|
|
force_sig_fault(SIGSEGV, si_code, (void __user *) address);
|
|
}
|
|
|
|
out:
|
|
if (regs)
|
|
current->thread.segv_regs = NULL;
|
|
|
|
return 0;
|
|
}
|
|
|
|
void relay_signal(int sig, struct siginfo *si, struct uml_pt_regs *regs)
|
|
{
|
|
int code, err;
|
|
if (!UPT_IS_USER(regs)) {
|
|
if (sig == SIGBUS)
|
|
printk(KERN_ERR "Bus error - the host /dev/shm or /tmp "
|
|
"mount likely just ran out of space\n");
|
|
panic("Kernel mode signal %d", sig);
|
|
}
|
|
|
|
arch_examine_signal(sig, regs);
|
|
|
|
/* Is the signal layout for the signal known?
|
|
* Signal data must be scrubbed to prevent information leaks.
|
|
*/
|
|
code = si->si_code;
|
|
err = si->si_errno;
|
|
if ((err == 0) && (siginfo_layout(sig, code) == SIL_FAULT)) {
|
|
struct faultinfo *fi = UPT_FAULTINFO(regs);
|
|
current->thread.arch.faultinfo = *fi;
|
|
force_sig_fault(sig, code, (void __user *)FAULT_ADDRESS(*fi));
|
|
} else {
|
|
printk(KERN_ERR "Attempted to relay unknown signal %d (si_code = %d) with errno %d\n",
|
|
sig, code, err);
|
|
force_sig(sig);
|
|
}
|
|
}
|
|
|
|
void bus_handler(int sig, struct siginfo *si, struct uml_pt_regs *regs)
|
|
{
|
|
if (current->thread.fault_catcher != NULL)
|
|
UML_LONGJMP(current->thread.fault_catcher, 1);
|
|
else
|
|
relay_signal(sig, si, regs);
|
|
}
|
|
|
|
void winch(int sig, struct siginfo *unused_si, struct uml_pt_regs *regs)
|
|
{
|
|
do_IRQ(WINCH_IRQ, regs);
|
|
}
|