Thread: [MASSMAIL]Identify huge pages accessibility using madvise

Hi,

I would like to propose a small patch to address an annoying issue with
the way how PostgreSQL does fallback in case if "huge_pages = try" is
set. Here is how the problem looks like:

* PostgreSQL is starting on a machine with some huge pages available

* It tries to identify that fact and does mmap with MAP_HUGETLB, which
  succeeds

* But it has a pleasure to run inside a cgroup with a hugetlb
  controller and limits set to 0 (or anything less than PostgreSQL
  needs)

* Under this circumstances PostgreSQL will proceed allocating huge
  pages, but the first page fault will trigger SIGBUS

I've sketched out how to reproduce it with cgroup v1 and v2 in the
attached scripts.

This sounds like quite a rare combination of factors, but apparently
it's fairly easy to face this on K8s/OpenShift. There was a bug reported
some time ago [1] about this behaviour, and back then I was under the
impression it's a solved matter with nothing to do. Yet I still observe
this type of issues, the latest one not longer than a week ago.

After some research I found what looks to me like a relatively simple
way to address the problem. In Linux kernel 5.14 a new flag to madvise
was introduced that might be just what we need here. It's called
MADV_POPULATE_READ [2] and it tells kernel to populate page tables by
triggering read faults if required. One by-design feature of this flag
is to fail the madvise call in the situations like one above, giving an
opportunity to avoid SIGBUS.

I've outlined a patch to implement this approach and tested it on a
newish Linux kernel I've got lying around (6.9.0-rc1) -- no SIGBUS,
PostgreSQL does fallback to not use huge pages. The resulting change
seems to be small enough to justify addressing this small but annoying
issue. Any thoughts or commentaries about the proposal?

[1]:
https://www.postgresql.org/message-id/flat/HE1PR0701MB256920EEAA3B2A9C06249F339E110%40HE1PR0701MB2569.eurprd07.prod.outlook.com
[2]:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4ca9b3859dac14bbef0c27d00667bb5b10917adb

> On Thu, Sep 26, 2024 at 07:57:12AM GMT, Gabriele Bartolini wrote:
> Hi Dmitry,
>
> I've been attempting to replicate this issue directly in Kubernetes, but I
> haven't been successful so far. I've been using EKS nodes, and it seems
> that they all run cgroup v2 now. Do you have anything that could help me
> get started on this more quickly?
>
> Thanks,
> Gabriele

Hi Gabriele,

Thanks for testing. I can check if I can get some EKS clusters to
experiment with. In the meantime, what about the reproducing script for
cgroup v2 (the plain one that I've attached with the patch, that doesn't
require any k8s cluster), doesn't it work for you?

> On Thu, Sep 26, 2024 at 08:46:17AM GMT, Dmitry Dolgov wrote:
> > On Thu, Sep 26, 2024 at 07:57:12AM GMT, Gabriele Bartolini wrote:
> > Hi Dmitry,
> >
> > I've been attempting to replicate this issue directly in Kubernetes, but I
> > haven't been successful so far. I've been using EKS nodes, and it seems
> > that they all run cgroup v2 now. Do you have anything that could help me
> > get started on this more quickly?
>
> Thanks for testing. I can check if I can get some EKS clusters to
> experiment with. In the meantime, what about the reproducing script for
> cgroup v2 (the plain one that I've attached with the patch, that doesn't
> require any k8s cluster), doesn't it work for you?

Looks like there is a plot twist. After talking to Gabriele off list and
testing on an EKS, I've discovered that since 5.7 Linux kernel supports
hugetlb reservation via hugetlbfs [1]. That means that together with the
original limitation at page fault time there is one at reservation time,
which has a separate knob in cgroupfs:

    # cgroup v2, hugetlb controller
    #
    # original limit, page fault level
    hugetlb.2MB.limit_in_bytes
    #
    # new one, reservation level
    hugetlb.2MB.rsvd.limit_in_bytes

This means that there still could be people facing the original issue patch is
trying to address: for that one needs to either run older kernel, or have a
container orchestration tool that do not set rsvd value (looks like there are
such examples). But in the long term perspective I would expect everyone
converging to use reservation limits correctly, so maybe the patch is not
needed after all.

[1]:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cdc2fcfea79b9873bb63159f8ed973f4046018c8

On 08.11.24 09:54, Dmitry Dolgov wrote:
> Looks like there is a plot twist. After talking to Gabriele off list and
> testing on an EKS, I've discovered that since 5.7 Linux kernel supports
> hugetlb reservation via hugetlbfs [1]. That means that together with the
> original limitation at page fault time there is one at reservation time,
> which has a separate knob in cgroupfs:
> 
>      # cgroup v2, hugetlb controller
>      #
>      # original limit, page fault level
>      hugetlb.2MB.limit_in_bytes
>      #
>      # new one, reservation level
>      hugetlb.2MB.rsvd.limit_in_bytes
> 
> This means that there still could be people facing the original issue patch is
> trying to address: for that one needs to either run older kernel, or have a
> container orchestration tool that do not set rsvd value (looks like there are
> such examples). But in the long term perspective I would expect everyone
> converging to use reservation limits correctly, so maybe the patch is not
> needed after all.

Ah good, it looks like the issue was addressed properly in the kernel 
then, and we don't need the workaround your patch proposes anymore.

So, I think we don't need to proceed with your patch.  The issue will 
hopefully go away over time (or has already), and those who are still 
affected by it for some reason can refer to this thread for discussion 
and maybe choose to apply the patch on their own.