• Stefan Roesch's avatar
    mm: add new api to enable ksm per process · d7597f59
    Stefan Roesch authored
    Patch series "mm: process/cgroup ksm support", v9.
    
    So far KSM can only be enabled by calling madvise for memory regions.  To
    be able to use KSM for more workloads, KSM needs to have the ability to be
    enabled / disabled at the process / cgroup level.
    
    Use case 1:
      The madvise call is not available in the programming language.  An
      example for this are programs with forked workloads using a garbage
      collected language without pointers.  In such a language madvise cannot
      be made available.
    
      In addition the addresses of objects get moved around as they are
      garbage collected.  KSM sharing needs to be enabled "from the outside"
      for these type of workloads.
    
    Use case 2:
      The same interpreter can also be used for workloads where KSM brings
      no benefit or even has overhead.  We'd like to be able to enable KSM on
      a workload by workload basis.
    
    Use case 3:
      With the madvise call sharing opportunities are only enabled for the
      current process: it is a workload-local decision.  A considerable number
      of sharing opportunities may exist across multiple workloads or jobs (if
      they are part of the same security domain).  Only a higler level entity
      like a job scheduler or container can know for certain if its running
      one or more instances of a job.  That job scheduler however doesn't have
      the necessary internal workload knowledge to make targeted madvise
      calls.
    
    Security concerns:
    
      In previous discussions security concerns have been brought up.  The
      problem is that an individual workload does not have the knowledge about
      what else is running on a machine.  Therefore it has to be very
      conservative in what memory areas can be shared or not.  However, if the
      system is dedicated to running multiple jobs within the same security
      domain, its the job scheduler that has the knowledge that sharing can be
      safely enabled and is even desirable.
    
    Performance:
    
      Experiments with using UKSM have shown a capacity increase of around 20%.
    
      Here are the metrics from an instagram workload (taken from a machine
      with 64GB main memory):
    
       full_scans: 445
       general_profit: 20158298048
       max_page_sharing: 256
       merge_across_nodes: 1
       pages_shared: 129547
       pages_sharing: 5119146
       pages_to_scan: 4000
       pages_unshared: 1760924
       pages_volatile: 10761341
       run: 1
       sleep_millisecs: 20
       stable_node_chains: 167
       stable_node_chains_prune_millisecs: 2000
       stable_node_dups: 2751
       use_zero_pages: 0
       zero_pages_sharing: 0
    
    After the service is running for 30 minutes to an hour, 4 to 5 million
    shared pages are common for this workload when using KSM.
    
    
    Detailed changes:
    
    1. New options for prctl system command
       This patch series adds two new options to the prctl system call. 
       The first one allows to enable KSM at the process level and the second
       one to query the setting.
    
    The setting will be inherited by child processes.
    
    With the above setting, KSM can be enabled for the seed process of a cgroup
    and all processes in the cgroup will inherit the setting.
    
    2. Changes to KSM processing
       When KSM is enabled at the process level, the KSM code will iterate
       over all the VMA's and enable KSM for the eligible VMA's.
    
       When forking a process that has KSM enabled, the setting will be
       inherited by the new child process.
    
    3. Add general_profit metric
       The general_profit metric of KSM is specified in the documentation,
       but not calculated.  This adds the general profit metric to
       /sys/kernel/debug/mm/ksm.
    
    4. Add more metrics to ksm_stat
       This adds the process profit metric to /proc/<pid>/ksm_stat.
    
    5. Add more tests to ksm_tests and ksm_functional_tests
       This adds an option to specify the merge type to the ksm_tests. 
       This allows to test madvise and prctl KSM.
    
       It also adds a two new tests to ksm_functional_tests: one to test
       the new prctl options and the other one is a fork test to verify that
       the KSM process setting is inherited by client processes.
    
    
    This patch (of 3):
    
    So far KSM can only be enabled by calling madvise for memory regions.  To
    be able to use KSM for more workloads, KSM needs to have the ability to be
    enabled / disabled at the process / cgroup level.
    
    1. New options for prctl system command
    
       This patch series adds two new options to the prctl system call.
       The first one allows to enable KSM at the process level and the second
       one to query the setting.
    
       The setting will be inherited by child processes.
    
       With the above setting, KSM can be enabled for the seed process of a
       cgroup and all processes in the cgroup will inherit the setting.
    
    2. Changes to KSM processing
    
       When KSM is enabled at the process level, the KSM code will iterate
       over all the VMA's and enable KSM for the eligible VMA's.
    
       When forking a process that has KSM enabled, the setting will be
       inherited by the new child process.
    
      1) Introduce new MMF_VM_MERGE_ANY flag
    
         This introduces the new flag MMF_VM_MERGE_ANY flag.  When this flag
         is set, kernel samepage merging (ksm) gets enabled for all vma's of a
         process.
    
      2) Setting VM_MERGEABLE on VMA creation
    
         When a VMA is created, if the MMF_VM_MERGE_ANY flag is set, the
         VM_MERGEABLE flag will be set for this VMA.
    
      3) support disabling of ksm for a process
    
         This adds the ability to disable ksm for a process if ksm has been
         enabled for the process with prctl.
    
      4) add new prctl option to get and set ksm for a process
    
         This adds two new options to the prctl system call
         - enable ksm for all vmas of a process (if the vmas support it).
         - query if ksm has been enabled for a process.
    
    3. Disabling MMF_VM_MERGE_ANY for storage keys in s390
    
       In the s390 architecture when storage keys are used, the
       MMF_VM_MERGE_ANY will be disabled.
    
    Link: https://lkml.kernel.org/r/20230418051342.1919757-1-shr@devkernel.io
    Link: https://lkml.kernel.org/r/20230418051342.1919757-2-shr@devkernel.ioSigned-off-by: default avatarStefan Roesch <shr@devkernel.io>
    Acked-by: default avatarDavid Hildenbrand <david@redhat.com>
    Cc: David Hildenbrand <david@redhat.com>
    Cc: Johannes Weiner <hannes@cmpxchg.org>
    Cc: Michal Hocko <mhocko@suse.com>
    Cc: Rik van Riel <riel@surriel.com>
    Cc: Bagas Sanjaya <bagasdotme@gmail.com>
    Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
    d7597f59
sys.c 67.7 KB