On Mon 23-03-20 11:02:59, Rafael Aquini wrote:
On Mon, Mar 23, 2020 at 03:51:06PM +0100, Michal Hocko wrote:
On Mon 23-03-20 10:42:40, Rafael Aquini wrote:
On Mon, Mar 23, 2020 at 08:52:08AM +0100, Michal Hocko wrote:
On Sun 22-03-20 09:36:49, Shakeel Butt wrote:
On Sat, Mar 21, 2020 at 9:31 PM Andrew Morton akpm@linux-foundation.org wrote:
On Sat, 21 Mar 2020 22:03:26 -0400 Rafael Aquini aquini@redhat.com wrote:
> > > + * In order to sort out that race, and get the after fault checks consistent, > > > + * the "quick and dirty" trick below is required in order to force a call to > > > + * lru_add_drain_all() to get the recently MLOCK_ONFAULT pages moved to > > > + * the unevictable LRU, as expected by the checks in this selftest. > > > + */ > > > +static void force_lru_add_drain_all(void) > > > +{ > > > + sched_yield(); > > > + system("echo 1 > /proc/sys/vm/compact_memory"); > > > +} > > > > What is the sched_yield() for? > > > > Mostly it's there to provide a sleeping gap after the fault, whithout > actually adding an arbitrary value with usleep(). > > It's not a hard requirement, but, in some of the tests I performed > (whithout that sleeping gap) I would still see around 1% chance > of hitting the false-negative. After adding it I could not hit > the issue anymore.
It's concerning that such deep machinery as pagevec draining is visible to userspace.
We already have other examples like memcg stats where the optimizations like batching per-cpu stats collection exposes differences to the userspace. I would not be that worried here.
Agreed! Tests should be more tolerant for counters imprecision. Unevictable LRU is an optimization and transition to that list is a matter of an internal implementation detail.
I suppose that for consistency and correctness we should perform a drain prior to each read from /proc/*/pagemap. Presumably this would be far too expensive.
Is there any other way? One such might be to make the MLOCK_ONFAULT pages bypass the lru_add_pvecs?
I would rather prefer to have something similar to /proc/sys/vm/stat_refresh which drains the pagevecs.
No, please don't. Pagevecs draining is by far not the only batching scheme we use and an interface like this would promise users to effectivelly force flushing all of them.
Can we simply update the test to be more tolerant to imprecisions instead?
I don't think, thouhg, that this particular test case can be entirely reduced as "counter imprecison".
The reason I think this is a different beast, is that having the page being flagged as PG_unevictable is expected part of the aftermath of a mlock* call. This selftest is, IMO, correctly verifying that fact, as it checks the functionality correctness.
The problem boils down to the fact that the page would immediately be flagged as PG_unevictable after the mlock (under MCL_FUTURE|MCL_ONFAULT semantics) call, and the test was expecting it, and commit 9c4e6b1a7027f changed that by "delaying" that flag setting.
As I've tried to explain in other email in this email thread. The test was exploiting a certain user visible side effect. The unevictable flag or the placement on the unevictable LRU list is are not really needed for the user contract correctness. That means that the test is not really correct. Working around that by trying to enforce kernel to comply with the test expectations is just plain wrong at least for two reasons 1) you cannot expect or event do not want userspace to do the same because the behavior might change in the future 2) the test is not really testing for correctness in the first place.
Sorry, Michal, it seems we keep going back and forth (I just replied to your comment on the other thread)
The selftest also checks the kernel visible effect, via /proc/kpageflags, and that's where it fails after 9c4e6b1a7027f.
I really fail to see your point. Even if you are right that the self test is somehow evaluating the kernel implementation which I am not sure is the scope of the selft thest but anyway. The mere fact that the kernel test fails on a perfectly valid change should just suggest that the test is leading to false positives and therefore should be fixed. Your proposed fix is simply suboptimal because it relies on yet another side effect which might change anytime in the future and still lead to a correctly behaving kernel. See my point?