diff for duplicates of <20151201212636.GA137439@black.fi.intel.com> diff --git a/a/1.txt b/N1/1.txt index 6991b99..75578a6 100644 --- a/a/1.txt +++ b/N1/1.txt @@ -9,3 +9,83 @@ On Mon, Nov 30, 2015 at 09:37:33AM -0500, Sasha Levin wrote: > [ 321.455353] page->mem_cgroup:ffff880286620000 I think this should help: + +>From aadc911f047b094c68b350550556dafabf05af13 Mon Sep 17 00:00:00 2001 +From: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com> +Date: Fri, 20 Nov 2015 12:20:00 +0200 +Subject: [PATCH] thp: fix split_huge_page vs. deferred_split_scan race + +Minchan[1] and Sasha[2] had reported crash in split_huge_page_to_list() +called from deferred_split_scan() due VM_BUG_ON_PAGE(!PageLocked(page)). + +This can happen because race between deferred_split_scan() and +split_huge_page(). The result of the race is that the page can be split +under deferred_split_scan(). + +The patch prevents this by taking split_queue_lock in +split_huge_page_to_list() when we check if the page can be split. +If the page is suitable for splitting, we remove page from splitting +queue under the same lock, before splitting starts. + +[1] http://lkml.kernel.org/g/20151117073539.GB32578@bbox +[2] http://lkml.kernel.org/g/565C5F2D.5060003@oracle.com + +Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com> +Reported-by: Minchan Kim <minchan@kernel.org> +Reported-by: Sasha Levin <sasha.levin@oracle.com> +--- + mm/huge_memory.c | 16 +++++++++------- + 1 file changed, 9 insertions(+), 7 deletions(-) + +diff --git a/mm/huge_memory.c b/mm/huge_memory.c +index dc2b947d4f85..7c0ad4d9110b 100644 +--- a/mm/huge_memory.c ++++ b/mm/huge_memory.c +@@ -3186,13 +3186,6 @@ static void __split_huge_page(struct page *page, struct list_head *list) + spin_lock_irq(&zone->lru_lock); + lruvec = mem_cgroup_page_lruvec(head, zone); + +- spin_lock(&split_queue_lock); +- if (!list_empty(page_deferred_list(head))) { +- split_queue_len--; +- list_del(page_deferred_list(head)); +- } +- spin_unlock(&split_queue_lock); +- + /* complete memcg works before add pages to LRU */ + mem_cgroup_split_huge_fixup(head); + +@@ -3299,12 +3292,20 @@ int split_huge_page_to_list(struct page *page, struct list_head *list) + freeze_page(anon_vma, head); + VM_BUG_ON_PAGE(compound_mapcount(head), head); + ++ /* Prevent deferred_split_scan() touching ->_count */ ++ spin_lock(&split_queue_lock); + count = page_count(head); + mapcount = total_mapcount(head); + if (mapcount == count - 1) { ++ if (!list_empty(page_deferred_list(head))) { ++ split_queue_len--; ++ list_del(page_deferred_list(head)); ++ } ++ spin_unlock(&split_queue_lock); + __split_huge_page(page, list); + ret = 0; + } else if (IS_ENABLED(CONFIG_DEBUG_VM) && mapcount > count - 1) { ++ spin_unlock(&split_queue_lock); + pr_alert("total_mapcount: %u, page_count(): %u\n", + mapcount, count); + if (PageTail(page)) +@@ -3312,6 +3313,7 @@ int split_huge_page_to_list(struct page *page, struct list_head *list) + dump_page(page, "total_mapcount(head) > page_count(head) - 1"); + BUG(); + } else { ++ spin_unlock(&split_queue_lock); + unfreeze_page(anon_vma, head); + ret = -EBUSY; + } +-- +2.6.2 + +-- + Kirill A. Shutemov diff --git a/a/content_digest b/N1/content_digest index b0c7980..9ce6ea5 100644 --- a/a/content_digest +++ b/N1/content_digest @@ -19,6 +19,86 @@ "> [ 321.453706] page dumped because: VM_BUG_ON_PAGE(!PageLocked(page))\n" "> [ 321.455353] page->mem_cgroup:ffff880286620000\n" "\n" - I think this should help: + "I think this should help:\n" + "\n" + ">From aadc911f047b094c68b350550556dafabf05af13 Mon Sep 17 00:00:00 2001\n" + "From: \"Kirill A. Shutemov\" <kirill.shutemov@linux.intel.com>\n" + "Date: Fri, 20 Nov 2015 12:20:00 +0200\n" + "Subject: [PATCH] thp: fix split_huge_page vs. deferred_split_scan race\n" + "\n" + "Minchan[1] and Sasha[2] had reported crash in split_huge_page_to_list()\n" + "called from deferred_split_scan() due VM_BUG_ON_PAGE(!PageLocked(page)).\n" + "\n" + "This can happen because race between deferred_split_scan() and\n" + "split_huge_page(). The result of the race is that the page can be split\n" + "under deferred_split_scan().\n" + "\n" + "The patch prevents this by taking split_queue_lock in\n" + "split_huge_page_to_list() when we check if the page can be split.\n" + "If the page is suitable for splitting, we remove page from splitting\n" + "queue under the same lock, before splitting starts.\n" + "\n" + "[1] http://lkml.kernel.org/g/20151117073539.GB32578@bbox\n" + "[2] http://lkml.kernel.org/g/565C5F2D.5060003@oracle.com\n" + "\n" + "Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>\n" + "Reported-by: Minchan Kim <minchan@kernel.org>\n" + "Reported-by: Sasha Levin <sasha.levin@oracle.com>\n" + "---\n" + " mm/huge_memory.c | 16 +++++++++-------\n" + " 1 file changed, 9 insertions(+), 7 deletions(-)\n" + "\n" + "diff --git a/mm/huge_memory.c b/mm/huge_memory.c\n" + "index dc2b947d4f85..7c0ad4d9110b 100644\n" + "--- a/mm/huge_memory.c\n" + "+++ b/mm/huge_memory.c\n" + "@@ -3186,13 +3186,6 @@ static void __split_huge_page(struct page *page, struct list_head *list)\n" + " \tspin_lock_irq(&zone->lru_lock);\n" + " \tlruvec = mem_cgroup_page_lruvec(head, zone);\n" + " \n" + "-\tspin_lock(&split_queue_lock);\n" + "-\tif (!list_empty(page_deferred_list(head))) {\n" + "-\t\tsplit_queue_len--;\n" + "-\t\tlist_del(page_deferred_list(head));\n" + "-\t}\n" + "-\tspin_unlock(&split_queue_lock);\n" + "-\n" + " \t/* complete memcg works before add pages to LRU */\n" + " \tmem_cgroup_split_huge_fixup(head);\n" + " \n" + "@@ -3299,12 +3292,20 @@ int split_huge_page_to_list(struct page *page, struct list_head *list)\n" + " \tfreeze_page(anon_vma, head);\n" + " \tVM_BUG_ON_PAGE(compound_mapcount(head), head);\n" + " \n" + "+\t/* Prevent deferred_split_scan() touching ->_count */\n" + "+\tspin_lock(&split_queue_lock);\n" + " \tcount = page_count(head);\n" + " \tmapcount = total_mapcount(head);\n" + " \tif (mapcount == count - 1) {\n" + "+\t\tif (!list_empty(page_deferred_list(head))) {\n" + "+\t\t\tsplit_queue_len--;\n" + "+\t\t\tlist_del(page_deferred_list(head));\n" + "+\t\t}\n" + "+\t\tspin_unlock(&split_queue_lock);\n" + " \t\t__split_huge_page(page, list);\n" + " \t\tret = 0;\n" + " \t} else if (IS_ENABLED(CONFIG_DEBUG_VM) && mapcount > count - 1) {\n" + "+\t\tspin_unlock(&split_queue_lock);\n" + " \t\tpr_alert(\"total_mapcount: %u, page_count(): %u\\n\",\n" + " \t\t\t\tmapcount, count);\n" + " \t\tif (PageTail(page))\n" + "@@ -3312,6 +3313,7 @@ int split_huge_page_to_list(struct page *page, struct list_head *list)\n" + " \t\tdump_page(page, \"total_mapcount(head) > page_count(head) - 1\");\n" + " \t\tBUG();\n" + " \t} else {\n" + "+\t\tspin_unlock(&split_queue_lock);\n" + " \t\tunfreeze_page(anon_vma, head);\n" + " \t\tret = -EBUSY;\n" + " \t}\n" + "-- \n" + "2.6.2\n" + "\n" + "-- \n" + Kirill A. Shutemov -482fe66d0ea76be65d4688a183af90e88c2fd66ba2771b2a0fba8757b8d85e32 +0a9bc9520ac7bd656306d40a5a57f4300a3f684bccfc231540bde8c07006225f
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.