[Feature] Optimize huge page clear/copy cache behavior

Bug #1730836 reported by Alice Liu on 2017-11-08
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
intel
Medium
Unassigned
linux (Ubuntu)
Medium
Joseph Salisbury

Bug Description

Description

Huge page helps to reduce TLB miss rate, but it has higher cache footprint, sometimes this may cause some issue. For example, when clearing huge page on x86_64 platform, the cache footprint is 2M. But on a Xeon E5 v3 2699 CPU, there are 18 cores, 36 threads, and only 45M LLC (last level cache). That is, in average, there are 2.5M LLC for each core and 1.25M LLC for each thread. If the cache pressure is heavy when clearing the huge page, and we clear the huge page from the begin to the end, it is possible that the begin of huge page is evicted from the cache after we finishing clearing the end of the huge page. And it is possible for the application to access the begin of the huge page after clearing the huge page.

To help the above situation, when we clear or copy a huge page, the order to clear or copy the sub-pages can be changed to clear or copy the sub-page to access last.

Target Kernel: 4,19
Target Release: 18.10

CVE References

Alice Liu (dxliu) on 2017-11-08
information type: Proprietary → Private

Is there a list of commits we should confirm for 18.04?

tags: added: kernel
Changed in intel:
status: New → Incomplete
quanxian (quanxian-wang) on 2018-05-01
description: updated
tags: added: intel-kernel-18.10
Joseph Salisbury (jsalisbury) wrote :

Can we move this bug to the "Linux" package and make it public?

Changed in intel:
importance: Undecided → Medium
status: Incomplete → Triaged
quanxian (quanxian-wang) on 2018-08-07
description: updated
quanxian (quanxian-wang) wrote :

There are two sub-tasks for this feature.

1) Clear to access sub-page last when clearing huge page(no need backporting)
c79b57e462b5d2f47afa5f175cf1828f16e18612

###
git tag --contains c79b57e462b5d2f47afa5f175cf1828f16e18612
v4.14
###

2) Copy to access sub-page last when copying huge page (need backporting)
5b7a1d406062449a4d51aea1df37a73285ced1dc 974e6d66b6b5c6e2d6a3ccc18b2f9a0b472be5b4 c6ddfb6c58903262d2d77042c41dba58cf775d88 c9f4cd71383576a916e7fca99c490fc92a289f5a

v4.19-rcx

quanxian (quanxian-wang) wrote :

NOTE:
need backporting 2nd sub-task

2) Copy to access sub-page last when copying huge page (need backporting)
5b7a1d406062449a4d51aea1df37a73285ced1dc 974e6d66b6b5c6e2d6a3ccc18b2f9a0b472be5b4 c6ddfb6c58903262d2d77042c41dba58cf775d88 c9f4cd71383576a916e7fca99c490fc92a289f5a

v4.19-rcx

Can we make this bug public?

Thanks.
Cascardo.

Changed in linux (Ubuntu):
status: New → Triaged
importance: Undecided → Medium
Changed in linux (Ubuntu):
status: Triaged → In Progress
assignee: nobody → Joseph Salisbury (jsalisbury)
Joseph Salisbury (jsalisbury) wrote :

I built a test kernel with commits c6ddfb6, c9f4cd7, 5b7a1d4 and 974e6d6. The test kernel can be downloaded from:
http://kernel.ubuntu.com/~jsalisbury/lp1730836

Can you test this kernel and see if it resolves this bug?

Note about installing test kernels:
• If the test kernel is prior to 4.15(Bionic) you need to install the linux-image and linux-image-extra .deb packages.
• If the test kernel is 4.15(Bionic) or newer, you need to install the linux-modules, linux-modules-extra and linux-image-unsigned .deb packages.

Thanks in advance!

information type: Private → Public
Changed in linux (Ubuntu):
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :
Download full text (60.2 KiB)

This bug was fixed in the package linux - 4.18.0-9.10

---------------
linux (4.18.0-9.10) cosmic; urgency=medium

  * linux: 4.18.0-9.10 -proposed tracker (LP: #1796346)

  * Cosmic update: v4.18.12 upstream stable release (LP: #1796139)
    - crypto: skcipher - Fix -Wstringop-truncation warnings
    - iio: adc: ina2xx: avoid kthread_stop() with stale task_struct
    - tsl2550: fix lux1_input error in low light
    - misc: ibmvmc: Use GFP_ATOMIC under spin lock
    - vmci: type promotion bug in qp_host_get_user_memory()
    - siox: don't create a thread without starting it
    - x86/numa_emulation: Fix emulated-to-physical node mapping
    - staging: rts5208: fix missing error check on call to rtsx_write_register
    - power: supply: axp288_charger: Fix initial constant_charge_current value
    - misc: sram: enable clock before registering regions
    - serial: sh-sci: Stop RX FIFO timer during port shutdown
    - uwb: hwa-rc: fix memory leak at probe
    - power: vexpress: fix corruption in notifier registration
    - iommu/amd: make sure TLB to be flushed before IOVA freed
    - Bluetooth: Add a new Realtek 8723DE ID 0bda:b009
    - USB: serial: kobil_sct: fix modem-status error handling
    - 6lowpan: iphc: reset mac_header after decompress to fix panic
    - iommu/msm: Don't call iommu_device_{,un}link from atomic context
    - s390/mm: correct allocate_pgste proc_handler callback
    - power: remove possible deadlock when unregistering power_supply
    - drm/amd/display/dc/dce: Fix multiple potential integer overflows
    - drm/amd/display: fix use of uninitialized memory
    - md-cluster: clear another node's suspend_area after the copy is finished
    - cxgb4: Fix the condition to check if the card is T5
    - RDMA/bnxt_re: Fix a couple off by one bugs
    - RDMA/i40w: Hold read semaphore while looking after VMA
    - RDMA/bnxt_re: Fix a bunch of off by one bugs in qplib_fp.c
    - IB/core: type promotion bug in rdma_rw_init_one_mr()
    - media: exynos4-is: Prevent NULL pointer dereference in __isp_video_try_fmt()
    - IB/mlx4: Test port number before querying type.
    - powerpc/kdump: Handle crashkernel memory reservation failure
    - media: fsl-viu: fix error handling in viu_of_probe()
    - vhost_net: Avoid tx vring kicks during busyloop
    - media: staging/imx: fill vb2_v4l2_buffer field entry
    - IB/mlx5: Fix GRE flow specification
    - include/rdma/opa_addr.h: Fix an endianness issue
    - x86/tsc: Add missing header to tsc_msr.c
    - ARM: hwmod: RTC: Don't assume lock/unlock will be called with irq enabled
    - x86/entry/64: Add two more instruction suffixes
    - ARM: dts: ls1021a: Add missing cooling device properties for CPUs
    - scsi: target/iscsi: Make iscsit_ta_authentication() respect the output
      buffer size
    - thermal: i.MX: Allow thermal probe to fail gracefully in case of bad
      calibration.
    - scsi: klist: Make it safe to use klists in atomic context
    - scsi: ibmvscsi: Improve strings handling
    - scsi: target: Avoid that EXTENDED COPY commands trigger lock inversion
    - usb: wusbcore: security: cast sizeof to int for comparison
    - ath10k: sdio: use same endpoint id for all packets...

Changed in linux (Ubuntu):
status: Fix Committed → Fix Released
quanxian (quanxian-wang) on 2018-10-26
Changed in intel:
status: Triaged → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers