[PATCH] mm: introduce reference pages

[Peter Collingbourne]

On Mon, Aug 3, 2020 at 5:01 AM Catalin Marinas <catalin.marinas at arm.com> wrote:
>
> On Mon, Aug 03, 2020 at 12:32:59PM +0300, Kirill A. Shutemov wrote:
> > On Fri, Jul 31, 2020 at 01:32:41PM -0700, Peter Collingbourne wrote:
> > > Introduce a new mmap flag, MAP_REFPAGE, that creates a mapping similar
> > > to an anonymous mapping, but instead of clean pages being backed by the
> > > zero page, they are instead backed by a so-called reference page, whose
> > > address is specified using the offset argument to mmap. Loads from
> > > the mapping will load directly from the reference page, and initial
> > > stores to the mapping will copy-on-write from the reference page.
> > >
> > > Reference pages are useful in circumstances where anonymous mappings
> > > combined with manual stores to memory would impose undesirable costs,
> > > either in terms of performance or RSS. Use cases are focused on heap
> > > allocators and include:
> > >
> > > - Pattern initialization for the heap. This is where malloc(3) gives
> > >   you memory whose contents are filled with a non-zero pattern
> > >   byte, in order to help detect and mitigate bugs involving use
> > >   of uninitialized memory. Typically this is implemented by having
> > >   the allocator memset the allocation with the pattern byte before
> > >   returning it to the user, but for large allocations this can result
> > >   in a significant increase in RSS, especially for allocations that
> > >   are used sparsely. Even for dense allocations there is a needless
> > >   impact to startup performance when it may be better to amortize it
> > >   throughout the program. By creating allocations using a reference
> > >   page filled with the pattern byte, we can avoid these costs.
> > >
> > > - Pre-tagged heap memory. Memory tagging [1] is an upcoming ARMv8.5
> > >   feature which allows for memory to be tagged in order to detect
> > >   certain kinds of memory errors with low overhead. In order to set
> > >   up an allocation to allow memory errors to be detected, the entire
> > >   allocation needs to have the same tag. The issue here is similar to
> > >   pattern initialization in the sense that large tagged allocations
> > >   will be expensive if the tagging is done up front. The idea is that
> > >   the allocator would create reference pages with each of the possible
> > >   memory tags, and use those reference pages for the large allocations.
> >
> > Looks like it's wrong layer to implement the functionality. Just have a
> > special fd that would return the same page for all vm_ops->fault and map
> > the fd with normal mmap(MAP_PRIVATE, fd). It will get you what you want
> > without touching core-mm.

Thanks, I like this idea. I will try to implement it.

> I think this would work even for the arm64 MTE (though I haven't tried):
> use memfd_create() to get such file descriptor, mmap() it as MAP_SHARED
> to populate the initial pattern, mmap() it as MAP_PRIVATE for any
> subsequent mapping that needs to be copied-on-write.

That would require a separate mmap() (i.e. separate VMA) for each
page, no? That sounds like it could be expensive both in terms of VMAs
and the number of mmap syscalls required (i.e. N/PAGE_SIZE). You could
decrease these costs by increasing the size of the memfd files to more
than a page, but that would also increase the amount of memory
required for the reference pages.

Peter