On Mon, May 18, 2026 at 11:53:37AM +0200, David Hildenbrand (Arm) wrote: > On 5/17/26 10:45, Barry Song wrote: > > On Sat, May 2, 2026 at 1:58 AM Matthew Wilcox <[email protected]> wrote: > >> > >> On Sat, May 02, 2026 at 01:44:34AM +0800, Barry Song wrote: > >>> > >>> It doesn’t have to involve unmapping or applying mprotect to > >>> the entire VMA—just a portion of it is sufficient. > >> > >> Yes, but that still fails to answer "does this actually happen". How much > >> performance is all this complexity in the page fault handler buying us? > >> If you don't answer this question, I'm just going to go in and rip it > >> all out. > >> > > > > Hi Matthew (and Lorenzo, Jan, and anyone else who may be > > waiting for answers), > > > > As promised during LSF/MM/BPF, we conducted thorough > > testing on Android phones to determine whether performing > > I/O in `filemap_fault()` can block `vma_start_write()`. > > I wanted to give a quick update on this question. > > > > Nanzhe at Xiaomi created tracing scripts and ran various > > applications on Android devices with I/O performed under > > the VMA lock in `filemap_fault()`. We found that: > > > > 1. There are very few cases where unmap() is blocked by > > page faults. I assume this is due to buggy user code > > or poor synchronization between reads and unmap(). > > So I assume it is not a problem. > > > > 2. We observed many cases where `vma_start_write()` > > is blocked by page-fault I/O in some applications. > > The blocking occurs in the `dup_mmap()` path during > > fork(). > > > > With Suren's commit fb49c455323ff ("fork: lock VMAs of > > the parent process when forking"), we now always hold > > `vma_write_lock()` for each VMA. Note that the > > `mmap_lock` write lock is also held, which could lead to > > chained waiting if page-fault I/O is performed without > > releasing the VMA lock. > > > > My gut feeling is that Suren's commit may be overshooting, > > so my rough idea is that we might want to do something like > > the following (we haven't tested it yet and it might be > > wrong): > > > > diff --git a/mm/mmap.c b/mm/mmap.c > > index 2311ae7c2ff4..5ddaf297f31a 100644 > > --- a/mm/mmap.c > > +++ b/mm/mmap.c > > @@ -1762,7 +1762,13 @@ __latent_entropy int dup_mmap(struct mm_struct > > *mm, struct mm_struct *oldmm) > > for_each_vma(vmi, mpnt) { > > struct file *file; > > > > - retval = vma_start_write_killable(mpnt); > > + /* > > + * For anonymous or writable private VMAs, prevent > > + * concurrent CoW faults. > > + */ > > + if (!mpnt->vm_file || (!(mpnt->vm_flags & VM_SHARED) && > > + (mpnt->vm_flags & VM_WRITE))) > > + retval = vma_start_write_killable(mpnt); > > Likely is_cow_mapping() is what you would want to check to handle VMAs that > could have anonymous pages in them.
Yes :) I made pretty much the same comment though I forgot the correct helper :P > > -- > Cheers, > > David Cheers, Lorenzo
