Proposal to change page allocation to zero on free in the -virtual kernel

Thu Jan 31 10:41:41 UTC 2013

On 31.01.2013 09:53, Andy Whitcroft wrote:
> On Mon, Jan 28, 2013 at 09:45:46AM +0100, Peter Lieven wrote:
>> Hi,
>>
>> I would like to know if it would be a good idea to change the page allocator zeroing
>> policy from zero on allocate (for GFP_USER) to zero on free for the -virtual kernel builds.
>>
>> This has been initally proposed in grsecurity for security reasons, but it is extremely
>> beneficial in virtual environments for 2 additional reasons:
>>
>> a) live migration
>> b) ksm
>>
>> What is your opinion on this?
> I would point out that changing the time of the page clear has some
> significant effects on performance.  Some time ago admittedly, we did some
> work to pre-clear pages and the practical upshot of this was to reduce
> not improve performance.  This occured because the act of clearing the
> page necessarily either cycles the entire page into cache or (if you
> use uncached writes) flushes the entire page from cache at the time of
> the clear.  It was shown to be highly beneficial for this to occur when
> the page was about to be used (and preferabally with an already cache hot
> page) as placing the page in cache was generally beneficial for whoever was
> about to use it.  Your proposal here would clear the page at essentially
> the worst time for cache performance.
I understand. The original grsecurity patches state 3% performance no
clue how they got to these numbers.
>
> The KSM mergability does seem like a win, the live migration benefits I
> would of thought were much less visible and this is a much rarer event in
> the life of a VM.  These would benefits would be traded for the likely
> execution performance hit.  Overall I would expect you to be trading
> off memory size against runtime performance, you would definatly need
> some comparitive numbers on the benefits and costs before you could even
> consider such a change.
I think the impact depends heavily on the particular workload. Is there
any test suite that you would consider running as a starting point?
>
> I would also reiterate Stefan's point here that currently it is not
> possible to trivially have different policies in this regard for the main
> kernels and the -virtual kernel as they are the same bits.  It might
> be possible to make this parameterisable if the benefits were proven,
> but I suspect you are going to find a significant throughput penalty.
> I guess that would make this something you would want to be able to opt
> into depending on your environment, on your cost performance balance as a
> "cloud" operator.
>
> Finally, for very sensitive VMs there may be some value in at least
> scrubbing the pages before returning them to hypervisorpenalties.
What do you mean by that?

Thanks for your detailed answers,
Peter
>
> -apw
>