Kernel Samepage Merging

KSM is a memory-saving de-duplication feature, enabled by CONFIG_KSM=y, added to the Linux kernel in 2.6.32. See mm/ksm.c for its implementation, and http://lwn.net/Articles/306704/ and https://lwn.net/Articles/330589/

The userspace interface of KSM is described in Kernel Samepage Merging

Design

Overview

A few notes about the KSM scanning process, to make it easier to understand the data structures below:

In order to reduce excessive scanning, KSM sorts the memory pages by their contents into a data structure that holds pointers to the pages’ locations.

Since the contents of the pages may change at any moment, KSM cannot just insert the pages into a normal sorted tree and expect it to find anything. Therefore KSM uses two data structures - the stable and the unstable tree.

The stable tree holds pointers to all the merged pages (ksm pages), sorted by their contents. Because each such page is write-protected, searching on this tree is fully assured to be working (except when pages are unmapped), and therefore this tree is called the stable tree.

The stable tree node includes information required for reverse mapping from a KSM page to virtual addresses that map this page.

In order to avoid large latencies of the rmap walks on KSM pages, KSM maintains two types of nodes in the stable tree:

  • the regular nodes that keep the reverse mapping structures in a linked list
  • the “chains” that link nodes (“dups”) that represent the same write protected memory content, but each “dup” corresponds to a different KSM page copy of that content

Internally, the regular nodes, “dups” and “chains” are represented using the same struct stable_node structure.

In addition to the stable tree, KSM uses a second data structure called the unstable tree: this tree holds pointers to pages which have been found to be “unchanged for a period of time”. The unstable tree sorts these pages by their contents, but since they are not write-protected, KSM cannot rely upon the unstable tree to work correctly - the unstable tree is liable to be corrupted as its contents are modified, and so it is called unstable.

KSM solves this problem by several techniques:

  1. The unstable tree is flushed every time KSM completes scanning all memory areas, and then the tree is rebuilt again from the beginning.
  2. KSM will only insert into the unstable tree, pages whose hash value has not changed since the previous scan of all memory areas.
  3. The unstable tree is a RedBlack Tree - so its balancing is based on the colors of the nodes and not on their contents, assuring that even when the tree gets “corrupted” it won’t get out of balance, so scanning time remains the same (also, searching and inserting nodes in an rbtree uses the same algorithm, so we have no overhead when we flush and rebuild).
  4. KSM never flushes the stable tree, which means that even if it were to take 10 attempts to find a page in the unstable tree, once it is found, it is secured in the stable tree. (When we scan a new page, we first compare it against the stable tree, and then against the unstable tree.)

If the merge_across_nodes tunable is unset, then KSM maintains multiple stable trees and multiple unstable trees: one of each for each NUMA node.

Reverse mapping

KSM maintains reverse mapping information for KSM pages in the stable tree.

If a KSM page is shared between less than max_page_sharing VMAs, the node of the stable tree that represents such KSM page points to a list of struct rmap_item and the page->mapping of the KSM page points to the stable tree node.

When the sharing passes this threshold, KSM adds a second dimension to the stable tree. The tree node becomes a “chain” that links one or more “dups”. Each “dup” keeps reverse mapping information for a KSM page with page->mapping pointing to that “dup”.

Every “chain” and all “dups” linked into a “chain” enforce the invariant that they represent the same write protected memory content, even if each “dup” will be pointed by a different KSM page copy of that content.

This way the stable tree lookup computational complexity is unaffected if compared to an unlimited list of reverse mappings. It is still enforced that there cannot be KSM page content duplicates in the stable tree itself.

The deduplication limit enforced by max_page_sharing is required to avoid the virtual memory rmap lists to grow too large. The rmap walk has O(N) complexity where N is the number of rmap_items (i.e. virtual mappings) that are sharing the page, which is in turn capped by max_page_sharing. So this effectively spreads the linear O(N) computational complexity from rmap walk context over different KSM pages. The ksmd walk over the stable_node “chains” is also O(N), but N is the number of stable_node “dups”, not the number of rmap_items, so it has not a significant impact on ksmd performance. In practice the best stable_node “dup” candidate will be kept and found at the head of the “dups” list.

High values of max_page_sharing result in faster memory merging (because there will be fewer stable_node dups queued into the stable_node chain->hlist to check for pruning) and higher deduplication factor at the expense of slower worst case for rmap walks for any KSM page which can happen during swapping, compaction, NUMA balancing and page migration.

The stable_node_dups/stable_node_chains ratio is also affected by the max_page_sharing tunable, and an high ratio may indicate fragmentation in the stable_node dups, which could be solved by introducing fragmentation algorithms in ksmd which would refile rmap_items from one stable_node dup to another stable_node dup, in order to free up stable_node “dups” with few rmap_items in them, but that may increase the ksmd CPU usage and possibly slowdown the readonly computations on the KSM pages of the applications.

The whole list of stable_node “dups” linked in the stable_node “chains” is scanned periodically in order to prune stale stable_nodes. The frequency of such scans is defined by stable_node_chains_prune_millisecs sysfs tunable.

Reference

struct mm_slot

ksm information per mm that is being scanned

Definition

struct mm_slot {
  struct hlist_node link;
  struct list_head mm_list;
  struct rmap_item *rmap_list;
  struct mm_struct *mm;
};

Members

link
link to the mm_slots hash list
mm_list
link into the mm_slots list, rooted in ksm_mm_head
rmap_list
head for this mm_slot’s singly-linked list of rmap_items
mm
the mm that this information is valid for
struct ksm_scan

cursor for scanning

Definition

struct ksm_scan {
  struct mm_slot *mm_slot;
  unsigned long address;
  struct rmap_item **rmap_list;
  unsigned long seqnr;
};

Members

mm_slot
the current mm_slot we are scanning
address
the next address inside that to be scanned
rmap_list
link to the next rmap to be scanned in the rmap_list
seqnr
count of completed full scans (needed when removing unstable node)

Description

There is only the one ksm_scan instance of this cursor structure.

struct stable_node

node of the stable rbtree

Definition

struct stable_node {
  union {
    struct rb_node node;
    struct {
      struct list_head *head;
      struct {
        struct hlist_node hlist_dup;
        struct list_head list;
      };
    };
  };
  struct hlist_head hlist;
  union {
    unsigned long kpfn;
    unsigned long chain_prune_time;
  };
#define STABLE_NODE_CHAIN -1024;
  int rmap_hlist_len;
#ifdef CONFIG_NUMA;
  int nid;
#endif;
};

Members

{unnamed_union}
anonymous
node
rb node of this ksm page in the stable tree
{unnamed_struct}
anonymous
head
(overlaying parent) migrate_nodes indicates temporarily on that list
{unnamed_struct}
anonymous
hlist_dup
linked into the stable_node->hlist with a stable_node chain
list
linked into migrate_nodes, pending placement in the proper node tree
hlist
hlist head of rmap_items using this ksm page
{unnamed_union}
anonymous
kpfn
page frame number of this ksm page (perhaps temporarily on wrong nid)
chain_prune_time
time of the last full garbage collection
rmap_hlist_len
number of rmap_item entries in hlist or STABLE_NODE_CHAIN
nid
NUMA node id of stable tree in which linked (may not match kpfn)
struct rmap_item

reverse mapping item for virtual addresses

Definition

struct rmap_item {
  struct rmap_item *rmap_list;
  union {
    struct anon_vma *anon_vma;
#ifdef CONFIG_NUMA;
    int nid;
#endif;
  };
  struct mm_struct *mm;
  unsigned long address;
  unsigned int oldchecksum;
  union {
    struct rb_node node;
    struct {
      struct stable_node *head;
      struct hlist_node hlist;
    };
  };
};

Members

rmap_list
next rmap_item in mm_slot’s singly-linked rmap_list
{unnamed_union}
anonymous
anon_vma
pointer to anon_vma for this mm,address, when in stable tree
nid
NUMA node id of unstable tree in which linked (may not match page)
mm
the memory structure this rmap_item is pointing into
address
the virtual address this rmap_item tracks (+ flags in low bits)
oldchecksum
previous checksum of the page at that virtual address
{unnamed_union}
anonymous
node
rb node of this rmap_item in the unstable tree
{unnamed_struct}
anonymous
head
pointer to stable_node heading this list in the stable tree
hlist
link into hlist of rmap_items hanging off that stable_node

– Izik Eidus, Hugh Dickins, 17 Nov 2009