* [PATCH] mm: check the return value of lookup_page_ext for all call sites
@ 2016-05-23 17:16 ` Yang Shi
0 siblings, 0 replies; 57+ messages in thread
From: Yang Shi @ 2016-05-23 17:16 UTC (permalink / raw)
To: akpm, iamjoonsoo.kim; +Cc: linux-kernel, linux-mm, linaro-kernel, yang.shi
Per the discussion with Joonsoo Kim [1], we need check the return value of
lookup_page_ext() for all call sites since it might return NULL in some cases,
although it is unlikely, i.e. memory hotplug.
Tested with ltp with "page_owner=0".
[1] http://lkml.kernel.org/r/20160519002809.GA10245@js1304-P5Q-DELUXE
Signed-off-by: Yang Shi <yang.shi@linaro.org>
---
include/linux/page_idle.h | 43 ++++++++++++++++++++++++++++++++++++-------
mm/page_alloc.c | 6 ++++++
mm/page_owner.c | 27 +++++++++++++++++++++++++++
mm/page_poison.c | 8 +++++++-
mm/vmstat.c | 2 ++
5 files changed, 78 insertions(+), 8 deletions(-)
diff --git a/include/linux/page_idle.h b/include/linux/page_idle.h
index bf268fa..8f5d4ad 100644
--- a/include/linux/page_idle.h
+++ b/include/linux/page_idle.h
@@ -46,33 +46,62 @@ extern struct page_ext_operations page_idle_ops;
static inline bool page_is_young(struct page *page)
{
- return test_bit(PAGE_EXT_YOUNG, &lookup_page_ext(page)->flags);
+ struct page_ext *page_ext;
+ page_ext = lookup_page_ext(page);
+ if (unlikely(!page_ext)
+ return false;
+
+ return test_bit(PAGE_EXT_YOUNG, &page_ext->flags);
}
static inline void set_page_young(struct page *page)
{
- set_bit(PAGE_EXT_YOUNG, &lookup_page_ext(page)->flags);
+ struct page_ext *page_ext;
+ page_ext = lookup_page_ext(page);
+ if (unlikely(!page_ext)
+ return;
+
+ set_bit(PAGE_EXT_YOUNG, &page_ext->flags);
}
static inline bool test_and_clear_page_young(struct page *page)
{
- return test_and_clear_bit(PAGE_EXT_YOUNG,
- &lookup_page_ext(page)->flags);
+ struct page_ext *page_ext;
+ page_ext = lookup_page_ext(page);
+ if (unlikely(!page_ext)
+ return false;
+
+ return test_and_clear_bit(PAGE_EXT_YOUNG, &page_ext->flags);
}
static inline bool page_is_idle(struct page *page)
{
- return test_bit(PAGE_EXT_IDLE, &lookup_page_ext(page)->flags);
+ struct page_ext *page_ext;
+ page_ext = lookup_page_ext(page);
+ if (unlikely(!page_ext)
+ return false;
+
+ return test_bit(PAGE_EXT_IDLE, &page_ext->flags);
}
static inline void set_page_idle(struct page *page)
{
- set_bit(PAGE_EXT_IDLE, &lookup_page_ext(page)->flags);
+ struct page_ext *page_ext;
+ page_ext = lookup_page_ext(page);
+ if (unlikely(!page_ext)
+ return;
+
+ set_bit(PAGE_EXT_IDLE, &page_ext->flags);
}
static inline void clear_page_idle(struct page *page)
{
- clear_bit(PAGE_EXT_IDLE, &lookup_page_ext(page)->flags);
+ struct page_ext *page_ext;
+ page_ext = lookup_page_ext(page);
+ if (unlikely(!page_ext)
+ return;
+
+ clear_bit(PAGE_EXT_IDLE, &page_ext->flags);
}
#endif /* CONFIG_64BIT */
diff --git a/mm/page_alloc.c b/mm/page_alloc.c
index f8f3bfc..d27e8b9 100644
--- a/mm/page_alloc.c
+++ b/mm/page_alloc.c
@@ -656,6 +656,9 @@ static inline void set_page_guard(struct zone *zone, struct page *page,
return;
page_ext = lookup_page_ext(page);
+ if (unlikely(!page_ext))
+ return;
+
__set_bit(PAGE_EXT_DEBUG_GUARD, &page_ext->flags);
INIT_LIST_HEAD(&page->lru);
@@ -673,6 +676,9 @@ static inline void clear_page_guard(struct zone *zone, struct page *page,
return;
page_ext = lookup_page_ext(page);
+ if (unlikely(!page_ext))
+ return;
+
__clear_bit(PAGE_EXT_DEBUG_GUARD, &page_ext->flags);
set_page_private(page, 0);
diff --git a/mm/page_owner.c b/mm/page_owner.c
index 792b56d..902e398 100644
--- a/mm/page_owner.c
+++ b/mm/page_owner.c
@@ -55,6 +55,8 @@ void __reset_page_owner(struct page *page, unsigned int order)
for (i = 0; i < (1 << order); i++) {
page_ext = lookup_page_ext(page + i);
+ if (unlikely(!page_ext))
+ continue;
__clear_bit(PAGE_EXT_OWNER, &page_ext->flags);
}
}
@@ -62,6 +64,10 @@ void __reset_page_owner(struct page *page, unsigned int order)
void __set_page_owner(struct page *page, unsigned int order, gfp_t gfp_mask)
{
struct page_ext *page_ext = lookup_page_ext(page);
+
+ if (unlikely(!page_ext))
+ return;
+
struct stack_trace trace = {
.nr_entries = 0,
.max_entries = ARRAY_SIZE(page_ext->trace_entries),
@@ -82,6 +88,8 @@ void __set_page_owner(struct page *page, unsigned int order, gfp_t gfp_mask)
void __set_page_owner_migrate_reason(struct page *page, int reason)
{
struct page_ext *page_ext = lookup_page_ext(page);
+ if (unlikely(!page_ext))
+ return;
page_ext->last_migrate_reason = reason;
}
@@ -89,6 +97,12 @@ void __set_page_owner_migrate_reason(struct page *page, int reason)
gfp_t __get_page_owner_gfp(struct page *page)
{
struct page_ext *page_ext = lookup_page_ext(page);
+ if (unlikely(!page_ext))
+ /*
+ * The caller just returns 0 if no valid gfp
+ * So return 0 here too.
+ */
+ return 0;
return page_ext->gfp_mask;
}
@@ -97,6 +111,10 @@ void __copy_page_owner(struct page *oldpage, struct page *newpage)
{
struct page_ext *old_ext = lookup_page_ext(oldpage);
struct page_ext *new_ext = lookup_page_ext(newpage);
+
+ if (unlikely(!old_ext || !new_ext))
+ return;
+
int i;
new_ext->order = old_ext->order;
@@ -186,6 +204,11 @@ err:
void __dump_page_owner(struct page *page)
{
struct page_ext *page_ext = lookup_page_ext(page);
+ if (unlikely(!page_ext)) {
+ pr_alert("There is not page extension available.\n");
+ return;
+ }
+
struct stack_trace trace = {
.nr_entries = page_ext->nr_entries,
.entries = &page_ext->trace_entries[0],
@@ -251,6 +274,8 @@ read_page_owner(struct file *file, char __user *buf, size_t count, loff_t *ppos)
}
page_ext = lookup_page_ext(page);
+ if (unlikely(!page_ext))
+ continue;
/*
* Some pages could be missed by concurrent allocation or free,
@@ -317,6 +342,8 @@ static void init_pages_in_zone(pg_data_t *pgdat, struct zone *zone)
continue;
page_ext = lookup_page_ext(page);
+ if (unlikely(!page_ext))
+ continue;
/* Maybe overraping zone */
if (test_bit(PAGE_EXT_OWNER, &page_ext->flags))
diff --git a/mm/page_poison.c b/mm/page_poison.c
index 1eae5fa..2e647c6 100644
--- a/mm/page_poison.c
+++ b/mm/page_poison.c
@@ -54,6 +54,9 @@ static inline void set_page_poison(struct page *page)
struct page_ext *page_ext;
page_ext = lookup_page_ext(page);
+ if (unlikely(!page_ext))
+ return;
+
__set_bit(PAGE_EXT_DEBUG_POISON, &page_ext->flags);
}
@@ -62,6 +65,9 @@ static inline void clear_page_poison(struct page *page)
struct page_ext *page_ext;
page_ext = lookup_page_ext(page);
+ if (unlikely(!page_ext))
+ return;
+
__clear_bit(PAGE_EXT_DEBUG_POISON, &page_ext->flags);
}
@@ -70,7 +76,7 @@ bool page_is_poisoned(struct page *page)
struct page_ext *page_ext;
page_ext = lookup_page_ext(page);
- if (!page_ext)
+ if (unlikely(!page_ext))
return false;
return test_bit(PAGE_EXT_DEBUG_POISON, &page_ext->flags);
diff --git a/mm/vmstat.c b/mm/vmstat.c
index 77e42ef..cb2a67b 100644
--- a/mm/vmstat.c
+++ b/mm/vmstat.c
@@ -1061,6 +1061,8 @@ static void pagetypeinfo_showmixedcount_print(struct seq_file *m,
continue;
page_ext = lookup_page_ext(page);
+ if (unlikely(!page_ext))
+ continue;
if (!test_bit(PAGE_EXT_OWNER, &page_ext->flags))
continue;
--
2.0.2
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
^ permalink raw reply related [flat|nested] 57+ messages in thread
* [PATCH] mm: check the return value of lookup_page_ext for all call sites
@ 2016-05-23 17:16 ` Yang Shi
0 siblings, 0 replies; 57+ messages in thread
From: Yang Shi @ 2016-05-23 17:16 UTC (permalink / raw)
To: akpm, iamjoonsoo.kim; +Cc: linux-kernel, linux-mm, linaro-kernel, yang.shi
Per the discussion with Joonsoo Kim [1], we need check the return value of
lookup_page_ext() for all call sites since it might return NULL in some cases,
although it is unlikely, i.e. memory hotplug.
Tested with ltp with "page_owner=0".
[1] http://lkml.kernel.org/r/20160519002809.GA10245@js1304-P5Q-DELUXE
Signed-off-by: Yang Shi <yang.shi@linaro.org>
---
include/linux/page_idle.h | 43 ++++++++++++++++++++++++++++++++++++-------
mm/page_alloc.c | 6 ++++++
mm/page_owner.c | 27 +++++++++++++++++++++++++++
mm/page_poison.c | 8 +++++++-
mm/vmstat.c | 2 ++
5 files changed, 78 insertions(+), 8 deletions(-)
diff --git a/include/linux/page_idle.h b/include/linux/page_idle.h
index bf268fa..8f5d4ad 100644
--- a/include/linux/page_idle.h
+++ b/include/linux/page_idle.h
@@ -46,33 +46,62 @@ extern struct page_ext_operations page_idle_ops;
static inline bool page_is_young(struct page *page)
{
- return test_bit(PAGE_EXT_YOUNG, &lookup_page_ext(page)->flags);
+ struct page_ext *page_ext;
+ page_ext = lookup_page_ext(page);
+ if (unlikely(!page_ext)
+ return false;
+
+ return test_bit(PAGE_EXT_YOUNG, &page_ext->flags);
}
static inline void set_page_young(struct page *page)
{
- set_bit(PAGE_EXT_YOUNG, &lookup_page_ext(page)->flags);
+ struct page_ext *page_ext;
+ page_ext = lookup_page_ext(page);
+ if (unlikely(!page_ext)
+ return;
+
+ set_bit(PAGE_EXT_YOUNG, &page_ext->flags);
}
static inline bool test_and_clear_page_young(struct page *page)
{
- return test_and_clear_bit(PAGE_EXT_YOUNG,
- &lookup_page_ext(page)->flags);
+ struct page_ext *page_ext;
+ page_ext = lookup_page_ext(page);
+ if (unlikely(!page_ext)
+ return false;
+
+ return test_and_clear_bit(PAGE_EXT_YOUNG, &page_ext->flags);
}
static inline bool page_is_idle(struct page *page)
{
- return test_bit(PAGE_EXT_IDLE, &lookup_page_ext(page)->flags);
+ struct page_ext *page_ext;
+ page_ext = lookup_page_ext(page);
+ if (unlikely(!page_ext)
+ return false;
+
+ return test_bit(PAGE_EXT_IDLE, &page_ext->flags);
}
static inline void set_page_idle(struct page *page)
{
- set_bit(PAGE_EXT_IDLE, &lookup_page_ext(page)->flags);
+ struct page_ext *page_ext;
+ page_ext = lookup_page_ext(page);
+ if (unlikely(!page_ext)
+ return;
+
+ set_bit(PAGE_EXT_IDLE, &page_ext->flags);
}
static inline void clear_page_idle(struct page *page)
{
- clear_bit(PAGE_EXT_IDLE, &lookup_page_ext(page)->flags);
+ struct page_ext *page_ext;
+ page_ext = lookup_page_ext(page);
+ if (unlikely(!page_ext)
+ return;
+
+ clear_bit(PAGE_EXT_IDLE, &page_ext->flags);
}
#endif /* CONFIG_64BIT */
diff --git a/mm/page_alloc.c b/mm/page_alloc.c
index f8f3bfc..d27e8b9 100644
--- a/mm/page_alloc.c
+++ b/mm/page_alloc.c
@@ -656,6 +656,9 @@ static inline void set_page_guard(struct zone *zone, struct page *page,
return;
page_ext = lookup_page_ext(page);
+ if (unlikely(!page_ext))
+ return;
+
__set_bit(PAGE_EXT_DEBUG_GUARD, &page_ext->flags);
INIT_LIST_HEAD(&page->lru);
@@ -673,6 +676,9 @@ static inline void clear_page_guard(struct zone *zone, struct page *page,
return;
page_ext = lookup_page_ext(page);
+ if (unlikely(!page_ext))
+ return;
+
__clear_bit(PAGE_EXT_DEBUG_GUARD, &page_ext->flags);
set_page_private(page, 0);
diff --git a/mm/page_owner.c b/mm/page_owner.c
index 792b56d..902e398 100644
--- a/mm/page_owner.c
+++ b/mm/page_owner.c
@@ -55,6 +55,8 @@ void __reset_page_owner(struct page *page, unsigned int order)
for (i = 0; i < (1 << order); i++) {
page_ext = lookup_page_ext(page + i);
+ if (unlikely(!page_ext))
+ continue;
__clear_bit(PAGE_EXT_OWNER, &page_ext->flags);
}
}
@@ -62,6 +64,10 @@ void __reset_page_owner(struct page *page, unsigned int order)
void __set_page_owner(struct page *page, unsigned int order, gfp_t gfp_mask)
{
struct page_ext *page_ext = lookup_page_ext(page);
+
+ if (unlikely(!page_ext))
+ return;
+
struct stack_trace trace = {
.nr_entries = 0,
.max_entries = ARRAY_SIZE(page_ext->trace_entries),
@@ -82,6 +88,8 @@ void __set_page_owner(struct page *page, unsigned int order, gfp_t gfp_mask)
void __set_page_owner_migrate_reason(struct page *page, int reason)
{
struct page_ext *page_ext = lookup_page_ext(page);
+ if (unlikely(!page_ext))
+ return;
page_ext->last_migrate_reason = reason;
}
@@ -89,6 +97,12 @@ void __set_page_owner_migrate_reason(struct page *page, int reason)
gfp_t __get_page_owner_gfp(struct page *page)
{
struct page_ext *page_ext = lookup_page_ext(page);
+ if (unlikely(!page_ext))
+ /*
+ * The caller just returns 0 if no valid gfp
+ * So return 0 here too.
+ */
+ return 0;
return page_ext->gfp_mask;
}
@@ -97,6 +111,10 @@ void __copy_page_owner(struct page *oldpage, struct page *newpage)
{
struct page_ext *old_ext = lookup_page_ext(oldpage);
struct page_ext *new_ext = lookup_page_ext(newpage);
+
+ if (unlikely(!old_ext || !new_ext))
+ return;
+
int i;
new_ext->order = old_ext->order;
@@ -186,6 +204,11 @@ err:
void __dump_page_owner(struct page *page)
{
struct page_ext *page_ext = lookup_page_ext(page);
+ if (unlikely(!page_ext)) {
+ pr_alert("There is not page extension available.\n");
+ return;
+ }
+
struct stack_trace trace = {
.nr_entries = page_ext->nr_entries,
.entries = &page_ext->trace_entries[0],
@@ -251,6 +274,8 @@ read_page_owner(struct file *file, char __user *buf, size_t count, loff_t *ppos)
}
page_ext = lookup_page_ext(page);
+ if (unlikely(!page_ext))
+ continue;
/*
* Some pages could be missed by concurrent allocation or free,
@@ -317,6 +342,8 @@ static void init_pages_in_zone(pg_data_t *pgdat, struct zone *zone)
continue;
page_ext = lookup_page_ext(page);
+ if (unlikely(!page_ext))
+ continue;
/* Maybe overraping zone */
if (test_bit(PAGE_EXT_OWNER, &page_ext->flags))
diff --git a/mm/page_poison.c b/mm/page_poison.c
index 1eae5fa..2e647c6 100644
--- a/mm/page_poison.c
+++ b/mm/page_poison.c
@@ -54,6 +54,9 @@ static inline void set_page_poison(struct page *page)
struct page_ext *page_ext;
page_ext = lookup_page_ext(page);
+ if (unlikely(!page_ext))
+ return;
+
__set_bit(PAGE_EXT_DEBUG_POISON, &page_ext->flags);
}
@@ -62,6 +65,9 @@ static inline void clear_page_poison(struct page *page)
struct page_ext *page_ext;
page_ext = lookup_page_ext(page);
+ if (unlikely(!page_ext))
+ return;
+
__clear_bit(PAGE_EXT_DEBUG_POISON, &page_ext->flags);
}
@@ -70,7 +76,7 @@ bool page_is_poisoned(struct page *page)
struct page_ext *page_ext;
page_ext = lookup_page_ext(page);
- if (!page_ext)
+ if (unlikely(!page_ext))
return false;
return test_bit(PAGE_EXT_DEBUG_POISON, &page_ext->flags);
diff --git a/mm/vmstat.c b/mm/vmstat.c
index 77e42ef..cb2a67b 100644
--- a/mm/vmstat.c
+++ b/mm/vmstat.c
@@ -1061,6 +1061,8 @@ static void pagetypeinfo_showmixedcount_print(struct seq_file *m,
continue;
page_ext = lookup_page_ext(page);
+ if (unlikely(!page_ext))
+ continue;
if (!test_bit(PAGE_EXT_OWNER, &page_ext->flags))
continue;
--
2.0.2
^ permalink raw reply related [flat|nested] 57+ messages in thread
* Re: [PATCH] mm: check the return value of lookup_page_ext for all call sites
2016-05-23 17:16 ` Yang Shi
@ 2016-05-24 2:58 ` Minchan Kim
-1 siblings, 0 replies; 57+ messages in thread
From: Minchan Kim @ 2016-05-24 2:58 UTC (permalink / raw)
To: Yang Shi; +Cc: akpm, iamjoonsoo.kim, linux-kernel, linux-mm, linaro-kernel
On Mon, May 23, 2016 at 10:16:08AM -0700, Yang Shi wrote:
> Per the discussion with Joonsoo Kim [1], we need check the return value of
> lookup_page_ext() for all call sites since it might return NULL in some cases,
> although it is unlikely, i.e. memory hotplug.
>
> Tested with ltp with "page_owner=0".
>
> [1] http://lkml.kernel.org/r/20160519002809.GA10245@js1304-P5Q-DELUXE
>
> Signed-off-by: Yang Shi <yang.shi@linaro.org>
I didn't read code code in detail to see how page_ext memory space
allocated in boot code and memory hotplug but to me, it's not good
to check NULL whenever we calls lookup_page_ext.
More dangerous thing is now page_ext is used by optionable feature(ie, not
critical for system stability) but if we want to use page_ext as
another important tool for the system in future,
it could be a serious problem.
Can we put some hooks of page_ext into memory-hotplug so guarantee
that page_ext memory space is allocated with memmap space at the
same time? IOW, once every PFN wakers find a page is valid, page_ext
is valid, too so lookup_page_ext never returns NULL on valid page
by design.
I hope we consider this direction, too.
Thanks.
> ---
> include/linux/page_idle.h | 43 ++++++++++++++++++++++++++++++++++++-------
> mm/page_alloc.c | 6 ++++++
> mm/page_owner.c | 27 +++++++++++++++++++++++++++
> mm/page_poison.c | 8 +++++++-
> mm/vmstat.c | 2 ++
> 5 files changed, 78 insertions(+), 8 deletions(-)
>
> diff --git a/include/linux/page_idle.h b/include/linux/page_idle.h
> index bf268fa..8f5d4ad 100644
> --- a/include/linux/page_idle.h
> +++ b/include/linux/page_idle.h
> @@ -46,33 +46,62 @@ extern struct page_ext_operations page_idle_ops;
>
> static inline bool page_is_young(struct page *page)
> {
> - return test_bit(PAGE_EXT_YOUNG, &lookup_page_ext(page)->flags);
> + struct page_ext *page_ext;
> + page_ext = lookup_page_ext(page);
> + if (unlikely(!page_ext)
> + return false;
> +
> + return test_bit(PAGE_EXT_YOUNG, &page_ext->flags);
> }
>
> static inline void set_page_young(struct page *page)
> {
> - set_bit(PAGE_EXT_YOUNG, &lookup_page_ext(page)->flags);
> + struct page_ext *page_ext;
> + page_ext = lookup_page_ext(page);
> + if (unlikely(!page_ext)
> + return;
> +
> + set_bit(PAGE_EXT_YOUNG, &page_ext->flags);
> }
>
> static inline bool test_and_clear_page_young(struct page *page)
> {
> - return test_and_clear_bit(PAGE_EXT_YOUNG,
> - &lookup_page_ext(page)->flags);
> + struct page_ext *page_ext;
> + page_ext = lookup_page_ext(page);
> + if (unlikely(!page_ext)
> + return false;
> +
> + return test_and_clear_bit(PAGE_EXT_YOUNG, &page_ext->flags);
> }
>
> static inline bool page_is_idle(struct page *page)
> {
> - return test_bit(PAGE_EXT_IDLE, &lookup_page_ext(page)->flags);
> + struct page_ext *page_ext;
> + page_ext = lookup_page_ext(page);
> + if (unlikely(!page_ext)
> + return false;
> +
> + return test_bit(PAGE_EXT_IDLE, &page_ext->flags);
> }
>
> static inline void set_page_idle(struct page *page)
> {
> - set_bit(PAGE_EXT_IDLE, &lookup_page_ext(page)->flags);
> + struct page_ext *page_ext;
> + page_ext = lookup_page_ext(page);
> + if (unlikely(!page_ext)
> + return;
> +
> + set_bit(PAGE_EXT_IDLE, &page_ext->flags);
> }
>
> static inline void clear_page_idle(struct page *page)
> {
> - clear_bit(PAGE_EXT_IDLE, &lookup_page_ext(page)->flags);
> + struct page_ext *page_ext;
> + page_ext = lookup_page_ext(page);
> + if (unlikely(!page_ext)
> + return;
> +
> + clear_bit(PAGE_EXT_IDLE, &page_ext->flags);
> }
> #endif /* CONFIG_64BIT */
>
> diff --git a/mm/page_alloc.c b/mm/page_alloc.c
> index f8f3bfc..d27e8b9 100644
> --- a/mm/page_alloc.c
> +++ b/mm/page_alloc.c
> @@ -656,6 +656,9 @@ static inline void set_page_guard(struct zone *zone, struct page *page,
> return;
>
> page_ext = lookup_page_ext(page);
> + if (unlikely(!page_ext))
> + return;
> +
> __set_bit(PAGE_EXT_DEBUG_GUARD, &page_ext->flags);
>
> INIT_LIST_HEAD(&page->lru);
> @@ -673,6 +676,9 @@ static inline void clear_page_guard(struct zone *zone, struct page *page,
> return;
>
> page_ext = lookup_page_ext(page);
> + if (unlikely(!page_ext))
> + return;
> +
> __clear_bit(PAGE_EXT_DEBUG_GUARD, &page_ext->flags);
>
> set_page_private(page, 0);
> diff --git a/mm/page_owner.c b/mm/page_owner.c
> index 792b56d..902e398 100644
> --- a/mm/page_owner.c
> +++ b/mm/page_owner.c
> @@ -55,6 +55,8 @@ void __reset_page_owner(struct page *page, unsigned int order)
>
> for (i = 0; i < (1 << order); i++) {
> page_ext = lookup_page_ext(page + i);
> + if (unlikely(!page_ext))
> + continue;
> __clear_bit(PAGE_EXT_OWNER, &page_ext->flags);
> }
> }
> @@ -62,6 +64,10 @@ void __reset_page_owner(struct page *page, unsigned int order)
> void __set_page_owner(struct page *page, unsigned int order, gfp_t gfp_mask)
> {
> struct page_ext *page_ext = lookup_page_ext(page);
> +
> + if (unlikely(!page_ext))
> + return;
> +
> struct stack_trace trace = {
> .nr_entries = 0,
> .max_entries = ARRAY_SIZE(page_ext->trace_entries),
> @@ -82,6 +88,8 @@ void __set_page_owner(struct page *page, unsigned int order, gfp_t gfp_mask)
> void __set_page_owner_migrate_reason(struct page *page, int reason)
> {
> struct page_ext *page_ext = lookup_page_ext(page);
> + if (unlikely(!page_ext))
> + return;
>
> page_ext->last_migrate_reason = reason;
> }
> @@ -89,6 +97,12 @@ void __set_page_owner_migrate_reason(struct page *page, int reason)
> gfp_t __get_page_owner_gfp(struct page *page)
> {
> struct page_ext *page_ext = lookup_page_ext(page);
> + if (unlikely(!page_ext))
> + /*
> + * The caller just returns 0 if no valid gfp
> + * So return 0 here too.
> + */
> + return 0;
>
> return page_ext->gfp_mask;
> }
> @@ -97,6 +111,10 @@ void __copy_page_owner(struct page *oldpage, struct page *newpage)
> {
> struct page_ext *old_ext = lookup_page_ext(oldpage);
> struct page_ext *new_ext = lookup_page_ext(newpage);
> +
> + if (unlikely(!old_ext || !new_ext))
> + return;
> +
> int i;
>
> new_ext->order = old_ext->order;
> @@ -186,6 +204,11 @@ err:
> void __dump_page_owner(struct page *page)
> {
> struct page_ext *page_ext = lookup_page_ext(page);
> + if (unlikely(!page_ext)) {
> + pr_alert("There is not page extension available.\n");
> + return;
> + }
> +
> struct stack_trace trace = {
> .nr_entries = page_ext->nr_entries,
> .entries = &page_ext->trace_entries[0],
> @@ -251,6 +274,8 @@ read_page_owner(struct file *file, char __user *buf, size_t count, loff_t *ppos)
> }
>
> page_ext = lookup_page_ext(page);
> + if (unlikely(!page_ext))
> + continue;
>
> /*
> * Some pages could be missed by concurrent allocation or free,
> @@ -317,6 +342,8 @@ static void init_pages_in_zone(pg_data_t *pgdat, struct zone *zone)
> continue;
>
> page_ext = lookup_page_ext(page);
> + if (unlikely(!page_ext))
> + continue;
>
> /* Maybe overraping zone */
> if (test_bit(PAGE_EXT_OWNER, &page_ext->flags))
> diff --git a/mm/page_poison.c b/mm/page_poison.c
> index 1eae5fa..2e647c6 100644
> --- a/mm/page_poison.c
> +++ b/mm/page_poison.c
> @@ -54,6 +54,9 @@ static inline void set_page_poison(struct page *page)
> struct page_ext *page_ext;
>
> page_ext = lookup_page_ext(page);
> + if (unlikely(!page_ext))
> + return;
> +
> __set_bit(PAGE_EXT_DEBUG_POISON, &page_ext->flags);
> }
>
> @@ -62,6 +65,9 @@ static inline void clear_page_poison(struct page *page)
> struct page_ext *page_ext;
>
> page_ext = lookup_page_ext(page);
> + if (unlikely(!page_ext))
> + return;
> +
> __clear_bit(PAGE_EXT_DEBUG_POISON, &page_ext->flags);
> }
>
> @@ -70,7 +76,7 @@ bool page_is_poisoned(struct page *page)
> struct page_ext *page_ext;
>
> page_ext = lookup_page_ext(page);
> - if (!page_ext)
> + if (unlikely(!page_ext))
> return false;
>
> return test_bit(PAGE_EXT_DEBUG_POISON, &page_ext->flags);
> diff --git a/mm/vmstat.c b/mm/vmstat.c
> index 77e42ef..cb2a67b 100644
> --- a/mm/vmstat.c
> +++ b/mm/vmstat.c
> @@ -1061,6 +1061,8 @@ static void pagetypeinfo_showmixedcount_print(struct seq_file *m,
> continue;
>
> page_ext = lookup_page_ext(page);
> + if (unlikely(!page_ext))
> + continue;
>
> if (!test_bit(PAGE_EXT_OWNER, &page_ext->flags))
> continue;
> --
> 2.0.2
>
> --
> To unsubscribe, send a message with 'unsubscribe linux-mm' in
> the body to majordomo@kvack.org. For more info on Linux MM,
> see: http://www.linux-mm.org/ .
> Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
^ permalink raw reply [flat|nested] 57+ messages in thread
* Re: [PATCH] mm: check the return value of lookup_page_ext for all call sites
@ 2016-05-24 2:58 ` Minchan Kim
0 siblings, 0 replies; 57+ messages in thread
From: Minchan Kim @ 2016-05-24 2:58 UTC (permalink / raw)
To: Yang Shi; +Cc: akpm, iamjoonsoo.kim, linux-kernel, linux-mm, linaro-kernel
On Mon, May 23, 2016 at 10:16:08AM -0700, Yang Shi wrote:
> Per the discussion with Joonsoo Kim [1], we need check the return value of
> lookup_page_ext() for all call sites since it might return NULL in some cases,
> although it is unlikely, i.e. memory hotplug.
>
> Tested with ltp with "page_owner=0".
>
> [1] http://lkml.kernel.org/r/20160519002809.GA10245@js1304-P5Q-DELUXE
>
> Signed-off-by: Yang Shi <yang.shi@linaro.org>
I didn't read code code in detail to see how page_ext memory space
allocated in boot code and memory hotplug but to me, it's not good
to check NULL whenever we calls lookup_page_ext.
More dangerous thing is now page_ext is used by optionable feature(ie, not
critical for system stability) but if we want to use page_ext as
another important tool for the system in future,
it could be a serious problem.
Can we put some hooks of page_ext into memory-hotplug so guarantee
that page_ext memory space is allocated with memmap space at the
same time? IOW, once every PFN wakers find a page is valid, page_ext
is valid, too so lookup_page_ext never returns NULL on valid page
by design.
I hope we consider this direction, too.
Thanks.
> ---
> include/linux/page_idle.h | 43 ++++++++++++++++++++++++++++++++++++-------
> mm/page_alloc.c | 6 ++++++
> mm/page_owner.c | 27 +++++++++++++++++++++++++++
> mm/page_poison.c | 8 +++++++-
> mm/vmstat.c | 2 ++
> 5 files changed, 78 insertions(+), 8 deletions(-)
>
> diff --git a/include/linux/page_idle.h b/include/linux/page_idle.h
> index bf268fa..8f5d4ad 100644
> --- a/include/linux/page_idle.h
> +++ b/include/linux/page_idle.h
> @@ -46,33 +46,62 @@ extern struct page_ext_operations page_idle_ops;
>
> static inline bool page_is_young(struct page *page)
> {
> - return test_bit(PAGE_EXT_YOUNG, &lookup_page_ext(page)->flags);
> + struct page_ext *page_ext;
> + page_ext = lookup_page_ext(page);
> + if (unlikely(!page_ext)
> + return false;
> +
> + return test_bit(PAGE_EXT_YOUNG, &page_ext->flags);
> }
>
> static inline void set_page_young(struct page *page)
> {
> - set_bit(PAGE_EXT_YOUNG, &lookup_page_ext(page)->flags);
> + struct page_ext *page_ext;
> + page_ext = lookup_page_ext(page);
> + if (unlikely(!page_ext)
> + return;
> +
> + set_bit(PAGE_EXT_YOUNG, &page_ext->flags);
> }
>
> static inline bool test_and_clear_page_young(struct page *page)
> {
> - return test_and_clear_bit(PAGE_EXT_YOUNG,
> - &lookup_page_ext(page)->flags);
> + struct page_ext *page_ext;
> + page_ext = lookup_page_ext(page);
> + if (unlikely(!page_ext)
> + return false;
> +
> + return test_and_clear_bit(PAGE_EXT_YOUNG, &page_ext->flags);
> }
>
> static inline bool page_is_idle(struct page *page)
> {
> - return test_bit(PAGE_EXT_IDLE, &lookup_page_ext(page)->flags);
> + struct page_ext *page_ext;
> + page_ext = lookup_page_ext(page);
> + if (unlikely(!page_ext)
> + return false;
> +
> + return test_bit(PAGE_EXT_IDLE, &page_ext->flags);
> }
>
> static inline void set_page_idle(struct page *page)
> {
> - set_bit(PAGE_EXT_IDLE, &lookup_page_ext(page)->flags);
> + struct page_ext *page_ext;
> + page_ext = lookup_page_ext(page);
> + if (unlikely(!page_ext)
> + return;
> +
> + set_bit(PAGE_EXT_IDLE, &page_ext->flags);
> }
>
> static inline void clear_page_idle(struct page *page)
> {
> - clear_bit(PAGE_EXT_IDLE, &lookup_page_ext(page)->flags);
> + struct page_ext *page_ext;
> + page_ext = lookup_page_ext(page);
> + if (unlikely(!page_ext)
> + return;
> +
> + clear_bit(PAGE_EXT_IDLE, &page_ext->flags);
> }
> #endif /* CONFIG_64BIT */
>
> diff --git a/mm/page_alloc.c b/mm/page_alloc.c
> index f8f3bfc..d27e8b9 100644
> --- a/mm/page_alloc.c
> +++ b/mm/page_alloc.c
> @@ -656,6 +656,9 @@ static inline void set_page_guard(struct zone *zone, struct page *page,
> return;
>
> page_ext = lookup_page_ext(page);
> + if (unlikely(!page_ext))
> + return;
> +
> __set_bit(PAGE_EXT_DEBUG_GUARD, &page_ext->flags);
>
> INIT_LIST_HEAD(&page->lru);
> @@ -673,6 +676,9 @@ static inline void clear_page_guard(struct zone *zone, struct page *page,
> return;
>
> page_ext = lookup_page_ext(page);
> + if (unlikely(!page_ext))
> + return;
> +
> __clear_bit(PAGE_EXT_DEBUG_GUARD, &page_ext->flags);
>
> set_page_private(page, 0);
> diff --git a/mm/page_owner.c b/mm/page_owner.c
> index 792b56d..902e398 100644
> --- a/mm/page_owner.c
> +++ b/mm/page_owner.c
> @@ -55,6 +55,8 @@ void __reset_page_owner(struct page *page, unsigned int order)
>
> for (i = 0; i < (1 << order); i++) {
> page_ext = lookup_page_ext(page + i);
> + if (unlikely(!page_ext))
> + continue;
> __clear_bit(PAGE_EXT_OWNER, &page_ext->flags);
> }
> }
> @@ -62,6 +64,10 @@ void __reset_page_owner(struct page *page, unsigned int order)
> void __set_page_owner(struct page *page, unsigned int order, gfp_t gfp_mask)
> {
> struct page_ext *page_ext = lookup_page_ext(page);
> +
> + if (unlikely(!page_ext))
> + return;
> +
> struct stack_trace trace = {
> .nr_entries = 0,
> .max_entries = ARRAY_SIZE(page_ext->trace_entries),
> @@ -82,6 +88,8 @@ void __set_page_owner(struct page *page, unsigned int order, gfp_t gfp_mask)
> void __set_page_owner_migrate_reason(struct page *page, int reason)
> {
> struct page_ext *page_ext = lookup_page_ext(page);
> + if (unlikely(!page_ext))
> + return;
>
> page_ext->last_migrate_reason = reason;
> }
> @@ -89,6 +97,12 @@ void __set_page_owner_migrate_reason(struct page *page, int reason)
> gfp_t __get_page_owner_gfp(struct page *page)
> {
> struct page_ext *page_ext = lookup_page_ext(page);
> + if (unlikely(!page_ext))
> + /*
> + * The caller just returns 0 if no valid gfp
> + * So return 0 here too.
> + */
> + return 0;
>
> return page_ext->gfp_mask;
> }
> @@ -97,6 +111,10 @@ void __copy_page_owner(struct page *oldpage, struct page *newpage)
> {
> struct page_ext *old_ext = lookup_page_ext(oldpage);
> struct page_ext *new_ext = lookup_page_ext(newpage);
> +
> + if (unlikely(!old_ext || !new_ext))
> + return;
> +
> int i;
>
> new_ext->order = old_ext->order;
> @@ -186,6 +204,11 @@ err:
> void __dump_page_owner(struct page *page)
> {
> struct page_ext *page_ext = lookup_page_ext(page);
> + if (unlikely(!page_ext)) {
> + pr_alert("There is not page extension available.\n");
> + return;
> + }
> +
> struct stack_trace trace = {
> .nr_entries = page_ext->nr_entries,
> .entries = &page_ext->trace_entries[0],
> @@ -251,6 +274,8 @@ read_page_owner(struct file *file, char __user *buf, size_t count, loff_t *ppos)
> }
>
> page_ext = lookup_page_ext(page);
> + if (unlikely(!page_ext))
> + continue;
>
> /*
> * Some pages could be missed by concurrent allocation or free,
> @@ -317,6 +342,8 @@ static void init_pages_in_zone(pg_data_t *pgdat, struct zone *zone)
> continue;
>
> page_ext = lookup_page_ext(page);
> + if (unlikely(!page_ext))
> + continue;
>
> /* Maybe overraping zone */
> if (test_bit(PAGE_EXT_OWNER, &page_ext->flags))
> diff --git a/mm/page_poison.c b/mm/page_poison.c
> index 1eae5fa..2e647c6 100644
> --- a/mm/page_poison.c
> +++ b/mm/page_poison.c
> @@ -54,6 +54,9 @@ static inline void set_page_poison(struct page *page)
> struct page_ext *page_ext;
>
> page_ext = lookup_page_ext(page);
> + if (unlikely(!page_ext))
> + return;
> +
> __set_bit(PAGE_EXT_DEBUG_POISON, &page_ext->flags);
> }
>
> @@ -62,6 +65,9 @@ static inline void clear_page_poison(struct page *page)
> struct page_ext *page_ext;
>
> page_ext = lookup_page_ext(page);
> + if (unlikely(!page_ext))
> + return;
> +
> __clear_bit(PAGE_EXT_DEBUG_POISON, &page_ext->flags);
> }
>
> @@ -70,7 +76,7 @@ bool page_is_poisoned(struct page *page)
> struct page_ext *page_ext;
>
> page_ext = lookup_page_ext(page);
> - if (!page_ext)
> + if (unlikely(!page_ext))
> return false;
>
> return test_bit(PAGE_EXT_DEBUG_POISON, &page_ext->flags);
> diff --git a/mm/vmstat.c b/mm/vmstat.c
> index 77e42ef..cb2a67b 100644
> --- a/mm/vmstat.c
> +++ b/mm/vmstat.c
> @@ -1061,6 +1061,8 @@ static void pagetypeinfo_showmixedcount_print(struct seq_file *m,
> continue;
>
> page_ext = lookup_page_ext(page);
> + if (unlikely(!page_ext))
> + continue;
>
> if (!test_bit(PAGE_EXT_OWNER, &page_ext->flags))
> continue;
> --
> 2.0.2
>
> --
> To unsubscribe, send a message with 'unsubscribe linux-mm' in
> the body to majordomo@kvack.org. For more info on Linux MM,
> see: http://www.linux-mm.org/ .
> Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
^ permalink raw reply [flat|nested] 57+ messages in thread
* Re: [PATCH] mm: check the return value of lookup_page_ext for all call sites
2016-05-23 17:16 ` Yang Shi
@ 2016-05-25 7:12 ` shakil
-1 siblings, 0 replies; 57+ messages in thread
From: shakil @ 2016-05-25 7:12 UTC (permalink / raw)
To: Yang Shi, akpm, iamjoonsoo.kim; +Cc: linux-kernel, linux-mm, linaro-kernel
On 5/23/2016 10:16 AM, Yang Shi wrote:
> Per the discussion with Joonsoo Kim [1], we need check the return value of
> lookup_page_ext() for all call sites since it might return NULL in some cases,
> although it is unlikely, i.e. memory hotplug.
>
> Tested with ltp with "page_owner=0".
>
> [1] http://lkml.kernel.org/r/20160519002809.GA10245@js1304-P5Q-DELUXE
>
> Signed-off-by: Yang Shi <yang.shi@linaro.org>
> ---
> include/linux/page_idle.h | 43 ++++++++++++++++++++++++++++++++++++-------
> mm/page_alloc.c | 6 ++++++
> mm/page_owner.c | 27 +++++++++++++++++++++++++++
> mm/page_poison.c | 8 +++++++-
> mm/vmstat.c | 2 ++
> 5 files changed, 78 insertions(+), 8 deletions(-)
>
> diff --git a/include/linux/page_idle.h b/include/linux/page_idle.h
> index bf268fa..8f5d4ad 100644
> --- a/include/linux/page_idle.h
> +++ b/include/linux/page_idle.h
> @@ -46,33 +46,62 @@ extern struct page_ext_operations page_idle_ops;
>
> static inline bool page_is_young(struct page *page)
> {
> - return test_bit(PAGE_EXT_YOUNG, &lookup_page_ext(page)->flags);
> + struct page_ext *page_ext;
> + page_ext = lookup_page_ext(page);
> + if (unlikely(!page_ext)
> + return false;
> +
> + return test_bit(PAGE_EXT_YOUNG, &page_ext->flags);
> }
>
> static inline void set_page_young(struct page *page)
> {
> - set_bit(PAGE_EXT_YOUNG, &lookup_page_ext(page)->flags);
> + struct page_ext *page_ext;
> + page_ext = lookup_page_ext(page);
> + if (unlikely(!page_ext)
> + return;
> +
> + set_bit(PAGE_EXT_YOUNG, &page_ext->flags);
> }
>
> static inline bool test_and_clear_page_young(struct page *page)
> {
> - return test_and_clear_bit(PAGE_EXT_YOUNG,
> - &lookup_page_ext(page)->flags);
> + struct page_ext *page_ext;
> + page_ext = lookup_page_ext(page);
> + if (unlikely(!page_ext)
> + return false;
> +
> + return test_and_clear_bit(PAGE_EXT_YOUNG, &page_ext->flags);
> }
>
> static inline bool page_is_idle(struct page *page)
> {
> - return test_bit(PAGE_EXT_IDLE, &lookup_page_ext(page)->flags);
> + struct page_ext *page_ext;
> + page_ext = lookup_page_ext(page);
> + if (unlikely(!page_ext)
> + return false;
> +
> + return test_bit(PAGE_EXT_IDLE, &page_ext->flags);
> }
>
> static inline void set_page_idle(struct page *page)
> {
> - set_bit(PAGE_EXT_IDLE, &lookup_page_ext(page)->flags);
> + struct page_ext *page_ext;
> + page_ext = lookup_page_ext(page);
> + if (unlikely(!page_ext)
> + return;
> +
> + set_bit(PAGE_EXT_IDLE, &page_ext->flags);
> }
>
> static inline void clear_page_idle(struct page *page)
> {
> - clear_bit(PAGE_EXT_IDLE, &lookup_page_ext(page)->flags);
> + struct page_ext *page_ext;
> + page_ext = lookup_page_ext(page);
> + if (unlikely(!page_ext)
> + return;
> +
> + clear_bit(PAGE_EXT_IDLE, &page_ext->flags);
> }
> #endif /* CONFIG_64BIT */
>
> diff --git a/mm/page_alloc.c b/mm/page_alloc.c
> index f8f3bfc..d27e8b9 100644
> --- a/mm/page_alloc.c
> +++ b/mm/page_alloc.c
> @@ -656,6 +656,9 @@ static inline void set_page_guard(struct zone *zone, struct page *page,
> return;
>
> page_ext = lookup_page_ext(page);
> + if (unlikely(!page_ext))
> + return;
> +
> __set_bit(PAGE_EXT_DEBUG_GUARD, &page_ext->flags);
>
> INIT_LIST_HEAD(&page->lru);
> @@ -673,6 +676,9 @@ static inline void clear_page_guard(struct zone *zone, struct page *page,
> return;
>
> page_ext = lookup_page_ext(page);
> + if (unlikely(!page_ext))
> + return;
> +
> __clear_bit(PAGE_EXT_DEBUG_GUARD, &page_ext->flags);
>
> set_page_private(page, 0);
> diff --git a/mm/page_owner.c b/mm/page_owner.c
> index 792b56d..902e398 100644
> --- a/mm/page_owner.c
> +++ b/mm/page_owner.c
> @@ -55,6 +55,8 @@ void __reset_page_owner(struct page *page, unsigned int order)
>
> for (i = 0; i < (1 << order); i++) {
> page_ext = lookup_page_ext(page + i);
> + if (unlikely(!page_ext))
> + continue;
> __clear_bit(PAGE_EXT_OWNER, &page_ext->flags);
> }
> }
> @@ -62,6 +64,10 @@ void __reset_page_owner(struct page *page, unsigned int order)
> void __set_page_owner(struct page *page, unsigned int order, gfp_t gfp_mask)
> {
> struct page_ext *page_ext = lookup_page_ext(page);
> +
> + if (unlikely(!page_ext))
> + return;
> +
> struct stack_trace trace = {
> .nr_entries = 0,
> .max_entries = ARRAY_SIZE(page_ext->trace_entries),
> @@ -82,6 +88,8 @@ void __set_page_owner(struct page *page, unsigned int order, gfp_t gfp_mask)
> void __set_page_owner_migrate_reason(struct page *page, int reason)
> {
> struct page_ext *page_ext = lookup_page_ext(page);
> + if (unlikely(!page_ext))
> + return;
>
> page_ext->last_migrate_reason = reason;
> }
> @@ -89,6 +97,12 @@ void __set_page_owner_migrate_reason(struct page *page, int reason)
> gfp_t __get_page_owner_gfp(struct page *page)
> {
> struct page_ext *page_ext = lookup_page_ext(page);
> + if (unlikely(!page_ext))
> + /*
> + * The caller just returns 0 if no valid gfp
> + * So return 0 here too.
> + */
> + return 0;
>
> return page_ext->gfp_mask;
> }
> @@ -97,6 +111,10 @@ void __copy_page_owner(struct page *oldpage, struct page *newpage)
> {
> struct page_ext *old_ext = lookup_page_ext(oldpage);
> struct page_ext *new_ext = lookup_page_ext(newpage);
> +
> + if (unlikely(!old_ext || !new_ext))
> + return;
> +
> int i;
>
> new_ext->order = old_ext->order;
> @@ -186,6 +204,11 @@ err:
> void __dump_page_owner(struct page *page)
> {
> struct page_ext *page_ext = lookup_page_ext(page);
> + if (unlikely(!page_ext)) {
> + pr_alert("There is not page extension available.\n");
> + return;
> + }
> +
> struct stack_trace trace = {
> .nr_entries = page_ext->nr_entries,
> .entries = &page_ext->trace_entries[0],
> @@ -251,6 +274,8 @@ read_page_owner(struct file *file, char __user *buf, size_t count, loff_t *ppos)
> }
>
> page_ext = lookup_page_ext(page);
> + if (unlikely(!page_ext))
> + continue;
>
> /*
> * Some pages could be missed by concurrent allocation or free,
> @@ -317,6 +342,8 @@ static void init_pages_in_zone(pg_data_t *pgdat, struct zone *zone)
> continue;
>
> page_ext = lookup_page_ext(page);
> + if (unlikely(!page_ext))
> + continue;
>
> /* Maybe overraping zone */
> if (test_bit(PAGE_EXT_OWNER, &page_ext->flags))
> diff --git a/mm/page_poison.c b/mm/page_poison.c
> index 1eae5fa..2e647c6 100644
> --- a/mm/page_poison.c
> +++ b/mm/page_poison.c
> @@ -54,6 +54,9 @@ static inline void set_page_poison(struct page *page)
> struct page_ext *page_ext;
>
> page_ext = lookup_page_ext(page);
> + if (unlikely(!page_ext))
> + return;
> +
> __set_bit(PAGE_EXT_DEBUG_POISON, &page_ext->flags);
> }
>
> @@ -62,6 +65,9 @@ static inline void clear_page_poison(struct page *page)
> struct page_ext *page_ext;
>
> page_ext = lookup_page_ext(page);
> + if (unlikely(!page_ext))
> + return;
> +
> __clear_bit(PAGE_EXT_DEBUG_POISON, &page_ext->flags);
> }
>
> @@ -70,7 +76,7 @@ bool page_is_poisoned(struct page *page)
> struct page_ext *page_ext;
>
> page_ext = lookup_page_ext(page);
> - if (!page_ext)
> + if (unlikely(!page_ext))
> return false;
>
> return test_bit(PAGE_EXT_DEBUG_POISON, &page_ext->flags);
> diff --git a/mm/vmstat.c b/mm/vmstat.c
> index 77e42ef..cb2a67b 100644
> --- a/mm/vmstat.c
> +++ b/mm/vmstat.c
> @@ -1061,6 +1061,8 @@ static void pagetypeinfo_showmixedcount_print(struct seq_file *m,
> continue;
>
> page_ext = lookup_page_ext(page);
> + if (unlikely(!page_ext))
> + continue;
>
> if (!test_bit(PAGE_EXT_OWNER, &page_ext->flags))
> continue;
if (unlikely(!page_ext) /* Breaks the build */
static inline bool page_is_young(struct page *page)
{
- return test_bit(PAGE_EXT_YOUNG, &lookup_page_ext(page)->flags);
+ struct page_ext *page_ext;
+ page_ext = lookup_page_ext(page);
+ if (unlikely(!page_ext)
+ return false;
+
+ return test_bit(PAGE_EXT_YOUNG, &page_ext->flags);
}
Thanks
Shakil
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
^ permalink raw reply [flat|nested] 57+ messages in thread
* Re: [PATCH] mm: check the return value of lookup_page_ext for all call sites
@ 2016-05-25 7:12 ` shakil
0 siblings, 0 replies; 57+ messages in thread
From: shakil @ 2016-05-25 7:12 UTC (permalink / raw)
To: Yang Shi, akpm, iamjoonsoo.kim; +Cc: linux-kernel, linux-mm, linaro-kernel
On 5/23/2016 10:16 AM, Yang Shi wrote:
> Per the discussion with Joonsoo Kim [1], we need check the return value of
> lookup_page_ext() for all call sites since it might return NULL in some cases,
> although it is unlikely, i.e. memory hotplug.
>
> Tested with ltp with "page_owner=0".
>
> [1] http://lkml.kernel.org/r/20160519002809.GA10245@js1304-P5Q-DELUXE
>
> Signed-off-by: Yang Shi <yang.shi@linaro.org>
> ---
> include/linux/page_idle.h | 43 ++++++++++++++++++++++++++++++++++++-------
> mm/page_alloc.c | 6 ++++++
> mm/page_owner.c | 27 +++++++++++++++++++++++++++
> mm/page_poison.c | 8 +++++++-
> mm/vmstat.c | 2 ++
> 5 files changed, 78 insertions(+), 8 deletions(-)
>
> diff --git a/include/linux/page_idle.h b/include/linux/page_idle.h
> index bf268fa..8f5d4ad 100644
> --- a/include/linux/page_idle.h
> +++ b/include/linux/page_idle.h
> @@ -46,33 +46,62 @@ extern struct page_ext_operations page_idle_ops;
>
> static inline bool page_is_young(struct page *page)
> {
> - return test_bit(PAGE_EXT_YOUNG, &lookup_page_ext(page)->flags);
> + struct page_ext *page_ext;
> + page_ext = lookup_page_ext(page);
> + if (unlikely(!page_ext)
> + return false;
> +
> + return test_bit(PAGE_EXT_YOUNG, &page_ext->flags);
> }
>
> static inline void set_page_young(struct page *page)
> {
> - set_bit(PAGE_EXT_YOUNG, &lookup_page_ext(page)->flags);
> + struct page_ext *page_ext;
> + page_ext = lookup_page_ext(page);
> + if (unlikely(!page_ext)
> + return;
> +
> + set_bit(PAGE_EXT_YOUNG, &page_ext->flags);
> }
>
> static inline bool test_and_clear_page_young(struct page *page)
> {
> - return test_and_clear_bit(PAGE_EXT_YOUNG,
> - &lookup_page_ext(page)->flags);
> + struct page_ext *page_ext;
> + page_ext = lookup_page_ext(page);
> + if (unlikely(!page_ext)
> + return false;
> +
> + return test_and_clear_bit(PAGE_EXT_YOUNG, &page_ext->flags);
> }
>
> static inline bool page_is_idle(struct page *page)
> {
> - return test_bit(PAGE_EXT_IDLE, &lookup_page_ext(page)->flags);
> + struct page_ext *page_ext;
> + page_ext = lookup_page_ext(page);
> + if (unlikely(!page_ext)
> + return false;
> +
> + return test_bit(PAGE_EXT_IDLE, &page_ext->flags);
> }
>
> static inline void set_page_idle(struct page *page)
> {
> - set_bit(PAGE_EXT_IDLE, &lookup_page_ext(page)->flags);
> + struct page_ext *page_ext;
> + page_ext = lookup_page_ext(page);
> + if (unlikely(!page_ext)
> + return;
> +
> + set_bit(PAGE_EXT_IDLE, &page_ext->flags);
> }
>
> static inline void clear_page_idle(struct page *page)
> {
> - clear_bit(PAGE_EXT_IDLE, &lookup_page_ext(page)->flags);
> + struct page_ext *page_ext;
> + page_ext = lookup_page_ext(page);
> + if (unlikely(!page_ext)
> + return;
> +
> + clear_bit(PAGE_EXT_IDLE, &page_ext->flags);
> }
> #endif /* CONFIG_64BIT */
>
> diff --git a/mm/page_alloc.c b/mm/page_alloc.c
> index f8f3bfc..d27e8b9 100644
> --- a/mm/page_alloc.c
> +++ b/mm/page_alloc.c
> @@ -656,6 +656,9 @@ static inline void set_page_guard(struct zone *zone, struct page *page,
> return;
>
> page_ext = lookup_page_ext(page);
> + if (unlikely(!page_ext))
> + return;
> +
> __set_bit(PAGE_EXT_DEBUG_GUARD, &page_ext->flags);
>
> INIT_LIST_HEAD(&page->lru);
> @@ -673,6 +676,9 @@ static inline void clear_page_guard(struct zone *zone, struct page *page,
> return;
>
> page_ext = lookup_page_ext(page);
> + if (unlikely(!page_ext))
> + return;
> +
> __clear_bit(PAGE_EXT_DEBUG_GUARD, &page_ext->flags);
>
> set_page_private(page, 0);
> diff --git a/mm/page_owner.c b/mm/page_owner.c
> index 792b56d..902e398 100644
> --- a/mm/page_owner.c
> +++ b/mm/page_owner.c
> @@ -55,6 +55,8 @@ void __reset_page_owner(struct page *page, unsigned int order)
>
> for (i = 0; i < (1 << order); i++) {
> page_ext = lookup_page_ext(page + i);
> + if (unlikely(!page_ext))
> + continue;
> __clear_bit(PAGE_EXT_OWNER, &page_ext->flags);
> }
> }
> @@ -62,6 +64,10 @@ void __reset_page_owner(struct page *page, unsigned int order)
> void __set_page_owner(struct page *page, unsigned int order, gfp_t gfp_mask)
> {
> struct page_ext *page_ext = lookup_page_ext(page);
> +
> + if (unlikely(!page_ext))
> + return;
> +
> struct stack_trace trace = {
> .nr_entries = 0,
> .max_entries = ARRAY_SIZE(page_ext->trace_entries),
> @@ -82,6 +88,8 @@ void __set_page_owner(struct page *page, unsigned int order, gfp_t gfp_mask)
> void __set_page_owner_migrate_reason(struct page *page, int reason)
> {
> struct page_ext *page_ext = lookup_page_ext(page);
> + if (unlikely(!page_ext))
> + return;
>
> page_ext->last_migrate_reason = reason;
> }
> @@ -89,6 +97,12 @@ void __set_page_owner_migrate_reason(struct page *page, int reason)
> gfp_t __get_page_owner_gfp(struct page *page)
> {
> struct page_ext *page_ext = lookup_page_ext(page);
> + if (unlikely(!page_ext))
> + /*
> + * The caller just returns 0 if no valid gfp
> + * So return 0 here too.
> + */
> + return 0;
>
> return page_ext->gfp_mask;
> }
> @@ -97,6 +111,10 @@ void __copy_page_owner(struct page *oldpage, struct page *newpage)
> {
> struct page_ext *old_ext = lookup_page_ext(oldpage);
> struct page_ext *new_ext = lookup_page_ext(newpage);
> +
> + if (unlikely(!old_ext || !new_ext))
> + return;
> +
> int i;
>
> new_ext->order = old_ext->order;
> @@ -186,6 +204,11 @@ err:
> void __dump_page_owner(struct page *page)
> {
> struct page_ext *page_ext = lookup_page_ext(page);
> + if (unlikely(!page_ext)) {
> + pr_alert("There is not page extension available.\n");
> + return;
> + }
> +
> struct stack_trace trace = {
> .nr_entries = page_ext->nr_entries,
> .entries = &page_ext->trace_entries[0],
> @@ -251,6 +274,8 @@ read_page_owner(struct file *file, char __user *buf, size_t count, loff_t *ppos)
> }
>
> page_ext = lookup_page_ext(page);
> + if (unlikely(!page_ext))
> + continue;
>
> /*
> * Some pages could be missed by concurrent allocation or free,
> @@ -317,6 +342,8 @@ static void init_pages_in_zone(pg_data_t *pgdat, struct zone *zone)
> continue;
>
> page_ext = lookup_page_ext(page);
> + if (unlikely(!page_ext))
> + continue;
>
> /* Maybe overraping zone */
> if (test_bit(PAGE_EXT_OWNER, &page_ext->flags))
> diff --git a/mm/page_poison.c b/mm/page_poison.c
> index 1eae5fa..2e647c6 100644
> --- a/mm/page_poison.c
> +++ b/mm/page_poison.c
> @@ -54,6 +54,9 @@ static inline void set_page_poison(struct page *page)
> struct page_ext *page_ext;
>
> page_ext = lookup_page_ext(page);
> + if (unlikely(!page_ext))
> + return;
> +
> __set_bit(PAGE_EXT_DEBUG_POISON, &page_ext->flags);
> }
>
> @@ -62,6 +65,9 @@ static inline void clear_page_poison(struct page *page)
> struct page_ext *page_ext;
>
> page_ext = lookup_page_ext(page);
> + if (unlikely(!page_ext))
> + return;
> +
> __clear_bit(PAGE_EXT_DEBUG_POISON, &page_ext->flags);
> }
>
> @@ -70,7 +76,7 @@ bool page_is_poisoned(struct page *page)
> struct page_ext *page_ext;
>
> page_ext = lookup_page_ext(page);
> - if (!page_ext)
> + if (unlikely(!page_ext))
> return false;
>
> return test_bit(PAGE_EXT_DEBUG_POISON, &page_ext->flags);
> diff --git a/mm/vmstat.c b/mm/vmstat.c
> index 77e42ef..cb2a67b 100644
> --- a/mm/vmstat.c
> +++ b/mm/vmstat.c
> @@ -1061,6 +1061,8 @@ static void pagetypeinfo_showmixedcount_print(struct seq_file *m,
> continue;
>
> page_ext = lookup_page_ext(page);
> + if (unlikely(!page_ext))
> + continue;
>
> if (!test_bit(PAGE_EXT_OWNER, &page_ext->flags))
> continue;
if (unlikely(!page_ext) /* Breaks the build */
static inline bool page_is_young(struct page *page)
{
- return test_bit(PAGE_EXT_YOUNG, &lookup_page_ext(page)->flags);
+ struct page_ext *page_ext;
+ page_ext = lookup_page_ext(page);
+ if (unlikely(!page_ext)
+ return false;
+
+ return test_bit(PAGE_EXT_YOUNG, &page_ext->flags);
}
Thanks
Shakil
^ permalink raw reply [flat|nested] 57+ messages in thread
* Re: [PATCH] mm: check the return value of lookup_page_ext for all call sites
2016-05-24 2:58 ` Minchan Kim
@ 2016-05-26 0:37 ` Minchan Kim
-1 siblings, 0 replies; 57+ messages in thread
From: Minchan Kim @ 2016-05-26 0:37 UTC (permalink / raw)
To: Yang Shi; +Cc: akpm, iamjoonsoo.kim, linux-kernel, linux-mm, linaro-kernel
On Tue, May 24, 2016 at 11:58:11AM +0900, Minchan Kim wrote:
> On Mon, May 23, 2016 at 10:16:08AM -0700, Yang Shi wrote:
> > Per the discussion with Joonsoo Kim [1], we need check the return value of
> > lookup_page_ext() for all call sites since it might return NULL in some cases,
> > although it is unlikely, i.e. memory hotplug.
> >
> > Tested with ltp with "page_owner=0".
> >
> > [1] http://lkml.kernel.org/r/20160519002809.GA10245@js1304-P5Q-DELUXE
> >
> > Signed-off-by: Yang Shi <yang.shi@linaro.org>
>
> I didn't read code code in detail to see how page_ext memory space
> allocated in boot code and memory hotplug but to me, it's not good
> to check NULL whenever we calls lookup_page_ext.
>
> More dangerous thing is now page_ext is used by optionable feature(ie, not
> critical for system stability) but if we want to use page_ext as
> another important tool for the system in future,
> it could be a serious problem.
>
> Can we put some hooks of page_ext into memory-hotplug so guarantee
> that page_ext memory space is allocated with memmap space at the
> same time? IOW, once every PFN wakers find a page is valid, page_ext
> is valid, too so lookup_page_ext never returns NULL on valid page
> by design.
>
> I hope we consider this direction, too.
Yang, Could you think about this?
Even, your patch was broken, I think.
It doesn't work with !CONFIG_DEBUG_VM && !CONFIG_PAGE_POISONING because
lookup_page_ext doesn't return NULL in that case.
>
> Thanks.
>
> > ---
> > include/linux/page_idle.h | 43 ++++++++++++++++++++++++++++++++++++-------
> > mm/page_alloc.c | 6 ++++++
> > mm/page_owner.c | 27 +++++++++++++++++++++++++++
> > mm/page_poison.c | 8 +++++++-
> > mm/vmstat.c | 2 ++
> > 5 files changed, 78 insertions(+), 8 deletions(-)
> >
> > diff --git a/include/linux/page_idle.h b/include/linux/page_idle.h
> > index bf268fa..8f5d4ad 100644
> > --- a/include/linux/page_idle.h
> > +++ b/include/linux/page_idle.h
> > @@ -46,33 +46,62 @@ extern struct page_ext_operations page_idle_ops;
> >
> > static inline bool page_is_young(struct page *page)
> > {
> > - return test_bit(PAGE_EXT_YOUNG, &lookup_page_ext(page)->flags);
> > + struct page_ext *page_ext;
> > + page_ext = lookup_page_ext(page);
> > + if (unlikely(!page_ext)
> > + return false;
> > +
> > + return test_bit(PAGE_EXT_YOUNG, &page_ext->flags);
> > }
> >
> > static inline void set_page_young(struct page *page)
> > {
> > - set_bit(PAGE_EXT_YOUNG, &lookup_page_ext(page)->flags);
> > + struct page_ext *page_ext;
> > + page_ext = lookup_page_ext(page);
> > + if (unlikely(!page_ext)
> > + return;
> > +
> > + set_bit(PAGE_EXT_YOUNG, &page_ext->flags);
> > }
> >
> > static inline bool test_and_clear_page_young(struct page *page)
> > {
> > - return test_and_clear_bit(PAGE_EXT_YOUNG,
> > - &lookup_page_ext(page)->flags);
> > + struct page_ext *page_ext;
> > + page_ext = lookup_page_ext(page);
> > + if (unlikely(!page_ext)
> > + return false;
> > +
> > + return test_and_clear_bit(PAGE_EXT_YOUNG, &page_ext->flags);
> > }
> >
> > static inline bool page_is_idle(struct page *page)
> > {
> > - return test_bit(PAGE_EXT_IDLE, &lookup_page_ext(page)->flags);
> > + struct page_ext *page_ext;
> > + page_ext = lookup_page_ext(page);
> > + if (unlikely(!page_ext)
> > + return false;
> > +
> > + return test_bit(PAGE_EXT_IDLE, &page_ext->flags);
> > }
> >
> > static inline void set_page_idle(struct page *page)
> > {
> > - set_bit(PAGE_EXT_IDLE, &lookup_page_ext(page)->flags);
> > + struct page_ext *page_ext;
> > + page_ext = lookup_page_ext(page);
> > + if (unlikely(!page_ext)
> > + return;
> > +
> > + set_bit(PAGE_EXT_IDLE, &page_ext->flags);
> > }
> >
> > static inline void clear_page_idle(struct page *page)
> > {
> > - clear_bit(PAGE_EXT_IDLE, &lookup_page_ext(page)->flags);
> > + struct page_ext *page_ext;
> > + page_ext = lookup_page_ext(page);
> > + if (unlikely(!page_ext)
> > + return;
> > +
> > + clear_bit(PAGE_EXT_IDLE, &page_ext->flags);
> > }
> > #endif /* CONFIG_64BIT */
> >
> > diff --git a/mm/page_alloc.c b/mm/page_alloc.c
> > index f8f3bfc..d27e8b9 100644
> > --- a/mm/page_alloc.c
> > +++ b/mm/page_alloc.c
> > @@ -656,6 +656,9 @@ static inline void set_page_guard(struct zone *zone, struct page *page,
> > return;
> >
> > page_ext = lookup_page_ext(page);
> > + if (unlikely(!page_ext))
> > + return;
> > +
> > __set_bit(PAGE_EXT_DEBUG_GUARD, &page_ext->flags);
> >
> > INIT_LIST_HEAD(&page->lru);
> > @@ -673,6 +676,9 @@ static inline void clear_page_guard(struct zone *zone, struct page *page,
> > return;
> >
> > page_ext = lookup_page_ext(page);
> > + if (unlikely(!page_ext))
> > + return;
> > +
> > __clear_bit(PAGE_EXT_DEBUG_GUARD, &page_ext->flags);
> >
> > set_page_private(page, 0);
> > diff --git a/mm/page_owner.c b/mm/page_owner.c
> > index 792b56d..902e398 100644
> > --- a/mm/page_owner.c
> > +++ b/mm/page_owner.c
> > @@ -55,6 +55,8 @@ void __reset_page_owner(struct page *page, unsigned int order)
> >
> > for (i = 0; i < (1 << order); i++) {
> > page_ext = lookup_page_ext(page + i);
> > + if (unlikely(!page_ext))
> > + continue;
> > __clear_bit(PAGE_EXT_OWNER, &page_ext->flags);
> > }
> > }
> > @@ -62,6 +64,10 @@ void __reset_page_owner(struct page *page, unsigned int order)
> > void __set_page_owner(struct page *page, unsigned int order, gfp_t gfp_mask)
> > {
> > struct page_ext *page_ext = lookup_page_ext(page);
> > +
> > + if (unlikely(!page_ext))
> > + return;
> > +
> > struct stack_trace trace = {
> > .nr_entries = 0,
> > .max_entries = ARRAY_SIZE(page_ext->trace_entries),
> > @@ -82,6 +88,8 @@ void __set_page_owner(struct page *page, unsigned int order, gfp_t gfp_mask)
> > void __set_page_owner_migrate_reason(struct page *page, int reason)
> > {
> > struct page_ext *page_ext = lookup_page_ext(page);
> > + if (unlikely(!page_ext))
> > + return;
> >
> > page_ext->last_migrate_reason = reason;
> > }
> > @@ -89,6 +97,12 @@ void __set_page_owner_migrate_reason(struct page *page, int reason)
> > gfp_t __get_page_owner_gfp(struct page *page)
> > {
> > struct page_ext *page_ext = lookup_page_ext(page);
> > + if (unlikely(!page_ext))
> > + /*
> > + * The caller just returns 0 if no valid gfp
> > + * So return 0 here too.
> > + */
> > + return 0;
> >
> > return page_ext->gfp_mask;
> > }
> > @@ -97,6 +111,10 @@ void __copy_page_owner(struct page *oldpage, struct page *newpage)
> > {
> > struct page_ext *old_ext = lookup_page_ext(oldpage);
> > struct page_ext *new_ext = lookup_page_ext(newpage);
> > +
> > + if (unlikely(!old_ext || !new_ext))
> > + return;
> > +
> > int i;
> >
> > new_ext->order = old_ext->order;
> > @@ -186,6 +204,11 @@ err:
> > void __dump_page_owner(struct page *page)
> > {
> > struct page_ext *page_ext = lookup_page_ext(page);
> > + if (unlikely(!page_ext)) {
> > + pr_alert("There is not page extension available.\n");
> > + return;
> > + }
> > +
> > struct stack_trace trace = {
> > .nr_entries = page_ext->nr_entries,
> > .entries = &page_ext->trace_entries[0],
> > @@ -251,6 +274,8 @@ read_page_owner(struct file *file, char __user *buf, size_t count, loff_t *ppos)
> > }
> >
> > page_ext = lookup_page_ext(page);
> > + if (unlikely(!page_ext))
> > + continue;
> >
> > /*
> > * Some pages could be missed by concurrent allocation or free,
> > @@ -317,6 +342,8 @@ static void init_pages_in_zone(pg_data_t *pgdat, struct zone *zone)
> > continue;
> >
> > page_ext = lookup_page_ext(page);
> > + if (unlikely(!page_ext))
> > + continue;
> >
> > /* Maybe overraping zone */
> > if (test_bit(PAGE_EXT_OWNER, &page_ext->flags))
> > diff --git a/mm/page_poison.c b/mm/page_poison.c
> > index 1eae5fa..2e647c6 100644
> > --- a/mm/page_poison.c
> > +++ b/mm/page_poison.c
> > @@ -54,6 +54,9 @@ static inline void set_page_poison(struct page *page)
> > struct page_ext *page_ext;
> >
> > page_ext = lookup_page_ext(page);
> > + if (unlikely(!page_ext))
> > + return;
> > +
> > __set_bit(PAGE_EXT_DEBUG_POISON, &page_ext->flags);
> > }
> >
> > @@ -62,6 +65,9 @@ static inline void clear_page_poison(struct page *page)
> > struct page_ext *page_ext;
> >
> > page_ext = lookup_page_ext(page);
> > + if (unlikely(!page_ext))
> > + return;
> > +
> > __clear_bit(PAGE_EXT_DEBUG_POISON, &page_ext->flags);
> > }
> >
> > @@ -70,7 +76,7 @@ bool page_is_poisoned(struct page *page)
> > struct page_ext *page_ext;
> >
> > page_ext = lookup_page_ext(page);
> > - if (!page_ext)
> > + if (unlikely(!page_ext))
> > return false;
> >
> > return test_bit(PAGE_EXT_DEBUG_POISON, &page_ext->flags);
> > diff --git a/mm/vmstat.c b/mm/vmstat.c
> > index 77e42ef..cb2a67b 100644
> > --- a/mm/vmstat.c
> > +++ b/mm/vmstat.c
> > @@ -1061,6 +1061,8 @@ static void pagetypeinfo_showmixedcount_print(struct seq_file *m,
> > continue;
> >
> > page_ext = lookup_page_ext(page);
> > + if (unlikely(!page_ext))
> > + continue;
> >
> > if (!test_bit(PAGE_EXT_OWNER, &page_ext->flags))
> > continue;
> > --
> > 2.0.2
> >
> > --
> > To unsubscribe, send a message with 'unsubscribe linux-mm' in
> > the body to majordomo@kvack.org. For more info on Linux MM,
> > see: http://www.linux-mm.org/ .
> > Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
>
> --
> To unsubscribe, send a message with 'unsubscribe linux-mm' in
> the body to majordomo@kvack.org. For more info on Linux MM,
> see: http://www.linux-mm.org/ .
> Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
^ permalink raw reply [flat|nested] 57+ messages in thread
* Re: [PATCH] mm: check the return value of lookup_page_ext for all call sites
@ 2016-05-26 0:37 ` Minchan Kim
0 siblings, 0 replies; 57+ messages in thread
From: Minchan Kim @ 2016-05-26 0:37 UTC (permalink / raw)
To: Yang Shi; +Cc: akpm, iamjoonsoo.kim, linux-kernel, linux-mm, linaro-kernel
On Tue, May 24, 2016 at 11:58:11AM +0900, Minchan Kim wrote:
> On Mon, May 23, 2016 at 10:16:08AM -0700, Yang Shi wrote:
> > Per the discussion with Joonsoo Kim [1], we need check the return value of
> > lookup_page_ext() for all call sites since it might return NULL in some cases,
> > although it is unlikely, i.e. memory hotplug.
> >
> > Tested with ltp with "page_owner=0".
> >
> > [1] http://lkml.kernel.org/r/20160519002809.GA10245@js1304-P5Q-DELUXE
> >
> > Signed-off-by: Yang Shi <yang.shi@linaro.org>
>
> I didn't read code code in detail to see how page_ext memory space
> allocated in boot code and memory hotplug but to me, it's not good
> to check NULL whenever we calls lookup_page_ext.
>
> More dangerous thing is now page_ext is used by optionable feature(ie, not
> critical for system stability) but if we want to use page_ext as
> another important tool for the system in future,
> it could be a serious problem.
>
> Can we put some hooks of page_ext into memory-hotplug so guarantee
> that page_ext memory space is allocated with memmap space at the
> same time? IOW, once every PFN wakers find a page is valid, page_ext
> is valid, too so lookup_page_ext never returns NULL on valid page
> by design.
>
> I hope we consider this direction, too.
Yang, Could you think about this?
Even, your patch was broken, I think.
It doesn't work with !CONFIG_DEBUG_VM && !CONFIG_PAGE_POISONING because
lookup_page_ext doesn't return NULL in that case.
>
> Thanks.
>
> > ---
> > include/linux/page_idle.h | 43 ++++++++++++++++++++++++++++++++++++-------
> > mm/page_alloc.c | 6 ++++++
> > mm/page_owner.c | 27 +++++++++++++++++++++++++++
> > mm/page_poison.c | 8 +++++++-
> > mm/vmstat.c | 2 ++
> > 5 files changed, 78 insertions(+), 8 deletions(-)
> >
> > diff --git a/include/linux/page_idle.h b/include/linux/page_idle.h
> > index bf268fa..8f5d4ad 100644
> > --- a/include/linux/page_idle.h
> > +++ b/include/linux/page_idle.h
> > @@ -46,33 +46,62 @@ extern struct page_ext_operations page_idle_ops;
> >
> > static inline bool page_is_young(struct page *page)
> > {
> > - return test_bit(PAGE_EXT_YOUNG, &lookup_page_ext(page)->flags);
> > + struct page_ext *page_ext;
> > + page_ext = lookup_page_ext(page);
> > + if (unlikely(!page_ext)
> > + return false;
> > +
> > + return test_bit(PAGE_EXT_YOUNG, &page_ext->flags);
> > }
> >
> > static inline void set_page_young(struct page *page)
> > {
> > - set_bit(PAGE_EXT_YOUNG, &lookup_page_ext(page)->flags);
> > + struct page_ext *page_ext;
> > + page_ext = lookup_page_ext(page);
> > + if (unlikely(!page_ext)
> > + return;
> > +
> > + set_bit(PAGE_EXT_YOUNG, &page_ext->flags);
> > }
> >
> > static inline bool test_and_clear_page_young(struct page *page)
> > {
> > - return test_and_clear_bit(PAGE_EXT_YOUNG,
> > - &lookup_page_ext(page)->flags);
> > + struct page_ext *page_ext;
> > + page_ext = lookup_page_ext(page);
> > + if (unlikely(!page_ext)
> > + return false;
> > +
> > + return test_and_clear_bit(PAGE_EXT_YOUNG, &page_ext->flags);
> > }
> >
> > static inline bool page_is_idle(struct page *page)
> > {
> > - return test_bit(PAGE_EXT_IDLE, &lookup_page_ext(page)->flags);
> > + struct page_ext *page_ext;
> > + page_ext = lookup_page_ext(page);
> > + if (unlikely(!page_ext)
> > + return false;
> > +
> > + return test_bit(PAGE_EXT_IDLE, &page_ext->flags);
> > }
> >
> > static inline void set_page_idle(struct page *page)
> > {
> > - set_bit(PAGE_EXT_IDLE, &lookup_page_ext(page)->flags);
> > + struct page_ext *page_ext;
> > + page_ext = lookup_page_ext(page);
> > + if (unlikely(!page_ext)
> > + return;
> > +
> > + set_bit(PAGE_EXT_IDLE, &page_ext->flags);
> > }
> >
> > static inline void clear_page_idle(struct page *page)
> > {
> > - clear_bit(PAGE_EXT_IDLE, &lookup_page_ext(page)->flags);
> > + struct page_ext *page_ext;
> > + page_ext = lookup_page_ext(page);
> > + if (unlikely(!page_ext)
> > + return;
> > +
> > + clear_bit(PAGE_EXT_IDLE, &page_ext->flags);
> > }
> > #endif /* CONFIG_64BIT */
> >
> > diff --git a/mm/page_alloc.c b/mm/page_alloc.c
> > index f8f3bfc..d27e8b9 100644
> > --- a/mm/page_alloc.c
> > +++ b/mm/page_alloc.c
> > @@ -656,6 +656,9 @@ static inline void set_page_guard(struct zone *zone, struct page *page,
> > return;
> >
> > page_ext = lookup_page_ext(page);
> > + if (unlikely(!page_ext))
> > + return;
> > +
> > __set_bit(PAGE_EXT_DEBUG_GUARD, &page_ext->flags);
> >
> > INIT_LIST_HEAD(&page->lru);
> > @@ -673,6 +676,9 @@ static inline void clear_page_guard(struct zone *zone, struct page *page,
> > return;
> >
> > page_ext = lookup_page_ext(page);
> > + if (unlikely(!page_ext))
> > + return;
> > +
> > __clear_bit(PAGE_EXT_DEBUG_GUARD, &page_ext->flags);
> >
> > set_page_private(page, 0);
> > diff --git a/mm/page_owner.c b/mm/page_owner.c
> > index 792b56d..902e398 100644
> > --- a/mm/page_owner.c
> > +++ b/mm/page_owner.c
> > @@ -55,6 +55,8 @@ void __reset_page_owner(struct page *page, unsigned int order)
> >
> > for (i = 0; i < (1 << order); i++) {
> > page_ext = lookup_page_ext(page + i);
> > + if (unlikely(!page_ext))
> > + continue;
> > __clear_bit(PAGE_EXT_OWNER, &page_ext->flags);
> > }
> > }
> > @@ -62,6 +64,10 @@ void __reset_page_owner(struct page *page, unsigned int order)
> > void __set_page_owner(struct page *page, unsigned int order, gfp_t gfp_mask)
> > {
> > struct page_ext *page_ext = lookup_page_ext(page);
> > +
> > + if (unlikely(!page_ext))
> > + return;
> > +
> > struct stack_trace trace = {
> > .nr_entries = 0,
> > .max_entries = ARRAY_SIZE(page_ext->trace_entries),
> > @@ -82,6 +88,8 @@ void __set_page_owner(struct page *page, unsigned int order, gfp_t gfp_mask)
> > void __set_page_owner_migrate_reason(struct page *page, int reason)
> > {
> > struct page_ext *page_ext = lookup_page_ext(page);
> > + if (unlikely(!page_ext))
> > + return;
> >
> > page_ext->last_migrate_reason = reason;
> > }
> > @@ -89,6 +97,12 @@ void __set_page_owner_migrate_reason(struct page *page, int reason)
> > gfp_t __get_page_owner_gfp(struct page *page)
> > {
> > struct page_ext *page_ext = lookup_page_ext(page);
> > + if (unlikely(!page_ext))
> > + /*
> > + * The caller just returns 0 if no valid gfp
> > + * So return 0 here too.
> > + */
> > + return 0;
> >
> > return page_ext->gfp_mask;
> > }
> > @@ -97,6 +111,10 @@ void __copy_page_owner(struct page *oldpage, struct page *newpage)
> > {
> > struct page_ext *old_ext = lookup_page_ext(oldpage);
> > struct page_ext *new_ext = lookup_page_ext(newpage);
> > +
> > + if (unlikely(!old_ext || !new_ext))
> > + return;
> > +
> > int i;
> >
> > new_ext->order = old_ext->order;
> > @@ -186,6 +204,11 @@ err:
> > void __dump_page_owner(struct page *page)
> > {
> > struct page_ext *page_ext = lookup_page_ext(page);
> > + if (unlikely(!page_ext)) {
> > + pr_alert("There is not page extension available.\n");
> > + return;
> > + }
> > +
> > struct stack_trace trace = {
> > .nr_entries = page_ext->nr_entries,
> > .entries = &page_ext->trace_entries[0],
> > @@ -251,6 +274,8 @@ read_page_owner(struct file *file, char __user *buf, size_t count, loff_t *ppos)
> > }
> >
> > page_ext = lookup_page_ext(page);
> > + if (unlikely(!page_ext))
> > + continue;
> >
> > /*
> > * Some pages could be missed by concurrent allocation or free,
> > @@ -317,6 +342,8 @@ static void init_pages_in_zone(pg_data_t *pgdat, struct zone *zone)
> > continue;
> >
> > page_ext = lookup_page_ext(page);
> > + if (unlikely(!page_ext))
> > + continue;
> >
> > /* Maybe overraping zone */
> > if (test_bit(PAGE_EXT_OWNER, &page_ext->flags))
> > diff --git a/mm/page_poison.c b/mm/page_poison.c
> > index 1eae5fa..2e647c6 100644
> > --- a/mm/page_poison.c
> > +++ b/mm/page_poison.c
> > @@ -54,6 +54,9 @@ static inline void set_page_poison(struct page *page)
> > struct page_ext *page_ext;
> >
> > page_ext = lookup_page_ext(page);
> > + if (unlikely(!page_ext))
> > + return;
> > +
> > __set_bit(PAGE_EXT_DEBUG_POISON, &page_ext->flags);
> > }
> >
> > @@ -62,6 +65,9 @@ static inline void clear_page_poison(struct page *page)
> > struct page_ext *page_ext;
> >
> > page_ext = lookup_page_ext(page);
> > + if (unlikely(!page_ext))
> > + return;
> > +
> > __clear_bit(PAGE_EXT_DEBUG_POISON, &page_ext->flags);
> > }
> >
> > @@ -70,7 +76,7 @@ bool page_is_poisoned(struct page *page)
> > struct page_ext *page_ext;
> >
> > page_ext = lookup_page_ext(page);
> > - if (!page_ext)
> > + if (unlikely(!page_ext))
> > return false;
> >
> > return test_bit(PAGE_EXT_DEBUG_POISON, &page_ext->flags);
> > diff --git a/mm/vmstat.c b/mm/vmstat.c
> > index 77e42ef..cb2a67b 100644
> > --- a/mm/vmstat.c
> > +++ b/mm/vmstat.c
> > @@ -1061,6 +1061,8 @@ static void pagetypeinfo_showmixedcount_print(struct seq_file *m,
> > continue;
> >
> > page_ext = lookup_page_ext(page);
> > + if (unlikely(!page_ext))
> > + continue;
> >
> > if (!test_bit(PAGE_EXT_OWNER, &page_ext->flags))
> > continue;
> > --
> > 2.0.2
> >
> > --
> > To unsubscribe, send a message with 'unsubscribe linux-mm' in
> > the body to majordomo@kvack.org. For more info on Linux MM,
> > see: http://www.linux-mm.org/ .
> > Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
>
> --
> To unsubscribe, send a message with 'unsubscribe linux-mm' in
> the body to majordomo@kvack.org. For more info on Linux MM,
> see: http://www.linux-mm.org/ .
> Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
^ permalink raw reply [flat|nested] 57+ messages in thread
* Re: [PATCH] mm: check the return value of lookup_page_ext for all call sites
2016-05-26 0:37 ` Minchan Kim
@ 2016-05-26 23:15 ` Shi, Yang
-1 siblings, 0 replies; 57+ messages in thread
From: Shi, Yang @ 2016-05-26 23:15 UTC (permalink / raw)
To: Minchan Kim; +Cc: akpm, iamjoonsoo.kim, linux-kernel, linux-mm, linaro-kernel
On 5/25/2016 5:37 PM, Minchan Kim wrote:
> On Tue, May 24, 2016 at 11:58:11AM +0900, Minchan Kim wrote:
>> On Mon, May 23, 2016 at 10:16:08AM -0700, Yang Shi wrote:
>>> Per the discussion with Joonsoo Kim [1], we need check the return value of
>>> lookup_page_ext() for all call sites since it might return NULL in some cases,
>>> although it is unlikely, i.e. memory hotplug.
>>>
>>> Tested with ltp with "page_owner=0".
>>>
>>> [1] http://lkml.kernel.org/r/20160519002809.GA10245@js1304-P5Q-DELUXE
>>>
>>> Signed-off-by: Yang Shi <yang.shi@linaro.org>
>>
>> I didn't read code code in detail to see how page_ext memory space
>> allocated in boot code and memory hotplug but to me, it's not good
>> to check NULL whenever we calls lookup_page_ext.
>>
>> More dangerous thing is now page_ext is used by optionable feature(ie, not
>> critical for system stability) but if we want to use page_ext as
>> another important tool for the system in future,
>> it could be a serious problem.
>>
>> Can we put some hooks of page_ext into memory-hotplug so guarantee
>> that page_ext memory space is allocated with memmap space at the
>> same time? IOW, once every PFN wakers find a page is valid, page_ext
>> is valid, too so lookup_page_ext never returns NULL on valid page
>> by design.
>>
>> I hope we consider this direction, too.
>
> Yang, Could you think about this?
Thanks a lot for the suggestion. Sorry for the late reply, I was busy on
preparing patches. I do agree this is a direction we should look into,
but I haven't got time to think about it deeper. I hope Joonsoo could
chime in too since he is the original author for page extension.
>
> Even, your patch was broken, I think.
> It doesn't work with !CONFIG_DEBUG_VM && !CONFIG_PAGE_POISONING because
> lookup_page_ext doesn't return NULL in that case.
Actually, I think the #ifdef should be removed if lookup_page_ext() is
possible to return NULL. It sounds not make sense returning NULL only
when DEBUG_VM is enabled. It should return NULL no matter what debug
config is selected. If Joonsoo agrees with me I'm going to come up with
a patch to fix it.
Regards,
Yang
>
>>
>> Thanks.
>>
>>> ---
>>> include/linux/page_idle.h | 43 ++++++++++++++++++++++++++++++++++++-------
>>> mm/page_alloc.c | 6 ++++++
>>> mm/page_owner.c | 27 +++++++++++++++++++++++++++
>>> mm/page_poison.c | 8 +++++++-
>>> mm/vmstat.c | 2 ++
>>> 5 files changed, 78 insertions(+), 8 deletions(-)
>>>
>>> diff --git a/include/linux/page_idle.h b/include/linux/page_idle.h
>>> index bf268fa..8f5d4ad 100644
>>> --- a/include/linux/page_idle.h
>>> +++ b/include/linux/page_idle.h
>>> @@ -46,33 +46,62 @@ extern struct page_ext_operations page_idle_ops;
>>>
>>> static inline bool page_is_young(struct page *page)
>>> {
>>> - return test_bit(PAGE_EXT_YOUNG, &lookup_page_ext(page)->flags);
>>> + struct page_ext *page_ext;
>>> + page_ext = lookup_page_ext(page);
>>> + if (unlikely(!page_ext)
>>> + return false;
>>> +
>>> + return test_bit(PAGE_EXT_YOUNG, &page_ext->flags);
>>> }
>>>
>>> static inline void set_page_young(struct page *page)
>>> {
>>> - set_bit(PAGE_EXT_YOUNG, &lookup_page_ext(page)->flags);
>>> + struct page_ext *page_ext;
>>> + page_ext = lookup_page_ext(page);
>>> + if (unlikely(!page_ext)
>>> + return;
>>> +
>>> + set_bit(PAGE_EXT_YOUNG, &page_ext->flags);
>>> }
>>>
>>> static inline bool test_and_clear_page_young(struct page *page)
>>> {
>>> - return test_and_clear_bit(PAGE_EXT_YOUNG,
>>> - &lookup_page_ext(page)->flags);
>>> + struct page_ext *page_ext;
>>> + page_ext = lookup_page_ext(page);
>>> + if (unlikely(!page_ext)
>>> + return false;
>>> +
>>> + return test_and_clear_bit(PAGE_EXT_YOUNG, &page_ext->flags);
>>> }
>>>
>>> static inline bool page_is_idle(struct page *page)
>>> {
>>> - return test_bit(PAGE_EXT_IDLE, &lookup_page_ext(page)->flags);
>>> + struct page_ext *page_ext;
>>> + page_ext = lookup_page_ext(page);
>>> + if (unlikely(!page_ext)
>>> + return false;
>>> +
>>> + return test_bit(PAGE_EXT_IDLE, &page_ext->flags);
>>> }
>>>
>>> static inline void set_page_idle(struct page *page)
>>> {
>>> - set_bit(PAGE_EXT_IDLE, &lookup_page_ext(page)->flags);
>>> + struct page_ext *page_ext;
>>> + page_ext = lookup_page_ext(page);
>>> + if (unlikely(!page_ext)
>>> + return;
>>> +
>>> + set_bit(PAGE_EXT_IDLE, &page_ext->flags);
>>> }
>>>
>>> static inline void clear_page_idle(struct page *page)
>>> {
>>> - clear_bit(PAGE_EXT_IDLE, &lookup_page_ext(page)->flags);
>>> + struct page_ext *page_ext;
>>> + page_ext = lookup_page_ext(page);
>>> + if (unlikely(!page_ext)
>>> + return;
>>> +
>>> + clear_bit(PAGE_EXT_IDLE, &page_ext->flags);
>>> }
>>> #endif /* CONFIG_64BIT */
>>>
>>> diff --git a/mm/page_alloc.c b/mm/page_alloc.c
>>> index f8f3bfc..d27e8b9 100644
>>> --- a/mm/page_alloc.c
>>> +++ b/mm/page_alloc.c
>>> @@ -656,6 +656,9 @@ static inline void set_page_guard(struct zone *zone, struct page *page,
>>> return;
>>>
>>> page_ext = lookup_page_ext(page);
>>> + if (unlikely(!page_ext))
>>> + return;
>>> +
>>> __set_bit(PAGE_EXT_DEBUG_GUARD, &page_ext->flags);
>>>
>>> INIT_LIST_HEAD(&page->lru);
>>> @@ -673,6 +676,9 @@ static inline void clear_page_guard(struct zone *zone, struct page *page,
>>> return;
>>>
>>> page_ext = lookup_page_ext(page);
>>> + if (unlikely(!page_ext))
>>> + return;
>>> +
>>> __clear_bit(PAGE_EXT_DEBUG_GUARD, &page_ext->flags);
>>>
>>> set_page_private(page, 0);
>>> diff --git a/mm/page_owner.c b/mm/page_owner.c
>>> index 792b56d..902e398 100644
>>> --- a/mm/page_owner.c
>>> +++ b/mm/page_owner.c
>>> @@ -55,6 +55,8 @@ void __reset_page_owner(struct page *page, unsigned int order)
>>>
>>> for (i = 0; i < (1 << order); i++) {
>>> page_ext = lookup_page_ext(page + i);
>>> + if (unlikely(!page_ext))
>>> + continue;
>>> __clear_bit(PAGE_EXT_OWNER, &page_ext->flags);
>>> }
>>> }
>>> @@ -62,6 +64,10 @@ void __reset_page_owner(struct page *page, unsigned int order)
>>> void __set_page_owner(struct page *page, unsigned int order, gfp_t gfp_mask)
>>> {
>>> struct page_ext *page_ext = lookup_page_ext(page);
>>> +
>>> + if (unlikely(!page_ext))
>>> + return;
>>> +
>>> struct stack_trace trace = {
>>> .nr_entries = 0,
>>> .max_entries = ARRAY_SIZE(page_ext->trace_entries),
>>> @@ -82,6 +88,8 @@ void __set_page_owner(struct page *page, unsigned int order, gfp_t gfp_mask)
>>> void __set_page_owner_migrate_reason(struct page *page, int reason)
>>> {
>>> struct page_ext *page_ext = lookup_page_ext(page);
>>> + if (unlikely(!page_ext))
>>> + return;
>>>
>>> page_ext->last_migrate_reason = reason;
>>> }
>>> @@ -89,6 +97,12 @@ void __set_page_owner_migrate_reason(struct page *page, int reason)
>>> gfp_t __get_page_owner_gfp(struct page *page)
>>> {
>>> struct page_ext *page_ext = lookup_page_ext(page);
>>> + if (unlikely(!page_ext))
>>> + /*
>>> + * The caller just returns 0 if no valid gfp
>>> + * So return 0 here too.
>>> + */
>>> + return 0;
>>>
>>> return page_ext->gfp_mask;
>>> }
>>> @@ -97,6 +111,10 @@ void __copy_page_owner(struct page *oldpage, struct page *newpage)
>>> {
>>> struct page_ext *old_ext = lookup_page_ext(oldpage);
>>> struct page_ext *new_ext = lookup_page_ext(newpage);
>>> +
>>> + if (unlikely(!old_ext || !new_ext))
>>> + return;
>>> +
>>> int i;
>>>
>>> new_ext->order = old_ext->order;
>>> @@ -186,6 +204,11 @@ err:
>>> void __dump_page_owner(struct page *page)
>>> {
>>> struct page_ext *page_ext = lookup_page_ext(page);
>>> + if (unlikely(!page_ext)) {
>>> + pr_alert("There is not page extension available.\n");
>>> + return;
>>> + }
>>> +
>>> struct stack_trace trace = {
>>> .nr_entries = page_ext->nr_entries,
>>> .entries = &page_ext->trace_entries[0],
>>> @@ -251,6 +274,8 @@ read_page_owner(struct file *file, char __user *buf, size_t count, loff_t *ppos)
>>> }
>>>
>>> page_ext = lookup_page_ext(page);
>>> + if (unlikely(!page_ext))
>>> + continue;
>>>
>>> /*
>>> * Some pages could be missed by concurrent allocation or free,
>>> @@ -317,6 +342,8 @@ static void init_pages_in_zone(pg_data_t *pgdat, struct zone *zone)
>>> continue;
>>>
>>> page_ext = lookup_page_ext(page);
>>> + if (unlikely(!page_ext))
>>> + continue;
>>>
>>> /* Maybe overraping zone */
>>> if (test_bit(PAGE_EXT_OWNER, &page_ext->flags))
>>> diff --git a/mm/page_poison.c b/mm/page_poison.c
>>> index 1eae5fa..2e647c6 100644
>>> --- a/mm/page_poison.c
>>> +++ b/mm/page_poison.c
>>> @@ -54,6 +54,9 @@ static inline void set_page_poison(struct page *page)
>>> struct page_ext *page_ext;
>>>
>>> page_ext = lookup_page_ext(page);
>>> + if (unlikely(!page_ext))
>>> + return;
>>> +
>>> __set_bit(PAGE_EXT_DEBUG_POISON, &page_ext->flags);
>>> }
>>>
>>> @@ -62,6 +65,9 @@ static inline void clear_page_poison(struct page *page)
>>> struct page_ext *page_ext;
>>>
>>> page_ext = lookup_page_ext(page);
>>> + if (unlikely(!page_ext))
>>> + return;
>>> +
>>> __clear_bit(PAGE_EXT_DEBUG_POISON, &page_ext->flags);
>>> }
>>>
>>> @@ -70,7 +76,7 @@ bool page_is_poisoned(struct page *page)
>>> struct page_ext *page_ext;
>>>
>>> page_ext = lookup_page_ext(page);
>>> - if (!page_ext)
>>> + if (unlikely(!page_ext))
>>> return false;
>>>
>>> return test_bit(PAGE_EXT_DEBUG_POISON, &page_ext->flags);
>>> diff --git a/mm/vmstat.c b/mm/vmstat.c
>>> index 77e42ef..cb2a67b 100644
>>> --- a/mm/vmstat.c
>>> +++ b/mm/vmstat.c
>>> @@ -1061,6 +1061,8 @@ static void pagetypeinfo_showmixedcount_print(struct seq_file *m,
>>> continue;
>>>
>>> page_ext = lookup_page_ext(page);
>>> + if (unlikely(!page_ext))
>>> + continue;
>>>
>>> if (!test_bit(PAGE_EXT_OWNER, &page_ext->flags))
>>> continue;
>>> --
>>> 2.0.2
>>>
>>> --
>>> To unsubscribe, send a message with 'unsubscribe linux-mm' in
>>> the body to majordomo@kvack.org. For more info on Linux MM,
>>> see: http://www.linux-mm.org/ .
>>> Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
>>
>> --
>> To unsubscribe, send a message with 'unsubscribe linux-mm' in
>> the body to majordomo@kvack.org. For more info on Linux MM,
>> see: http://www.linux-mm.org/ .
>> Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
^ permalink raw reply [flat|nested] 57+ messages in thread
* Re: [PATCH] mm: check the return value of lookup_page_ext for all call sites
@ 2016-05-26 23:15 ` Shi, Yang
0 siblings, 0 replies; 57+ messages in thread
From: Shi, Yang @ 2016-05-26 23:15 UTC (permalink / raw)
To: Minchan Kim; +Cc: akpm, iamjoonsoo.kim, linux-kernel, linux-mm, linaro-kernel
On 5/25/2016 5:37 PM, Minchan Kim wrote:
> On Tue, May 24, 2016 at 11:58:11AM +0900, Minchan Kim wrote:
>> On Mon, May 23, 2016 at 10:16:08AM -0700, Yang Shi wrote:
>>> Per the discussion with Joonsoo Kim [1], we need check the return value of
>>> lookup_page_ext() for all call sites since it might return NULL in some cases,
>>> although it is unlikely, i.e. memory hotplug.
>>>
>>> Tested with ltp with "page_owner=0".
>>>
>>> [1] http://lkml.kernel.org/r/20160519002809.GA10245@js1304-P5Q-DELUXE
>>>
>>> Signed-off-by: Yang Shi <yang.shi@linaro.org>
>>
>> I didn't read code code in detail to see how page_ext memory space
>> allocated in boot code and memory hotplug but to me, it's not good
>> to check NULL whenever we calls lookup_page_ext.
>>
>> More dangerous thing is now page_ext is used by optionable feature(ie, not
>> critical for system stability) but if we want to use page_ext as
>> another important tool for the system in future,
>> it could be a serious problem.
>>
>> Can we put some hooks of page_ext into memory-hotplug so guarantee
>> that page_ext memory space is allocated with memmap space at the
>> same time? IOW, once every PFN wakers find a page is valid, page_ext
>> is valid, too so lookup_page_ext never returns NULL on valid page
>> by design.
>>
>> I hope we consider this direction, too.
>
> Yang, Could you think about this?
Thanks a lot for the suggestion. Sorry for the late reply, I was busy on
preparing patches. I do agree this is a direction we should look into,
but I haven't got time to think about it deeper. I hope Joonsoo could
chime in too since he is the original author for page extension.
>
> Even, your patch was broken, I think.
> It doesn't work with !CONFIG_DEBUG_VM && !CONFIG_PAGE_POISONING because
> lookup_page_ext doesn't return NULL in that case.
Actually, I think the #ifdef should be removed if lookup_page_ext() is
possible to return NULL. It sounds not make sense returning NULL only
when DEBUG_VM is enabled. It should return NULL no matter what debug
config is selected. If Joonsoo agrees with me I'm going to come up with
a patch to fix it.
Regards,
Yang
>
>>
>> Thanks.
>>
>>> ---
>>> include/linux/page_idle.h | 43 ++++++++++++++++++++++++++++++++++++-------
>>> mm/page_alloc.c | 6 ++++++
>>> mm/page_owner.c | 27 +++++++++++++++++++++++++++
>>> mm/page_poison.c | 8 +++++++-
>>> mm/vmstat.c | 2 ++
>>> 5 files changed, 78 insertions(+), 8 deletions(-)
>>>
>>> diff --git a/include/linux/page_idle.h b/include/linux/page_idle.h
>>> index bf268fa..8f5d4ad 100644
>>> --- a/include/linux/page_idle.h
>>> +++ b/include/linux/page_idle.h
>>> @@ -46,33 +46,62 @@ extern struct page_ext_operations page_idle_ops;
>>>
>>> static inline bool page_is_young(struct page *page)
>>> {
>>> - return test_bit(PAGE_EXT_YOUNG, &lookup_page_ext(page)->flags);
>>> + struct page_ext *page_ext;
>>> + page_ext = lookup_page_ext(page);
>>> + if (unlikely(!page_ext)
>>> + return false;
>>> +
>>> + return test_bit(PAGE_EXT_YOUNG, &page_ext->flags);
>>> }
>>>
>>> static inline void set_page_young(struct page *page)
>>> {
>>> - set_bit(PAGE_EXT_YOUNG, &lookup_page_ext(page)->flags);
>>> + struct page_ext *page_ext;
>>> + page_ext = lookup_page_ext(page);
>>> + if (unlikely(!page_ext)
>>> + return;
>>> +
>>> + set_bit(PAGE_EXT_YOUNG, &page_ext->flags);
>>> }
>>>
>>> static inline bool test_and_clear_page_young(struct page *page)
>>> {
>>> - return test_and_clear_bit(PAGE_EXT_YOUNG,
>>> - &lookup_page_ext(page)->flags);
>>> + struct page_ext *page_ext;
>>> + page_ext = lookup_page_ext(page);
>>> + if (unlikely(!page_ext)
>>> + return false;
>>> +
>>> + return test_and_clear_bit(PAGE_EXT_YOUNG, &page_ext->flags);
>>> }
>>>
>>> static inline bool page_is_idle(struct page *page)
>>> {
>>> - return test_bit(PAGE_EXT_IDLE, &lookup_page_ext(page)->flags);
>>> + struct page_ext *page_ext;
>>> + page_ext = lookup_page_ext(page);
>>> + if (unlikely(!page_ext)
>>> + return false;
>>> +
>>> + return test_bit(PAGE_EXT_IDLE, &page_ext->flags);
>>> }
>>>
>>> static inline void set_page_idle(struct page *page)
>>> {
>>> - set_bit(PAGE_EXT_IDLE, &lookup_page_ext(page)->flags);
>>> + struct page_ext *page_ext;
>>> + page_ext = lookup_page_ext(page);
>>> + if (unlikely(!page_ext)
>>> + return;
>>> +
>>> + set_bit(PAGE_EXT_IDLE, &page_ext->flags);
>>> }
>>>
>>> static inline void clear_page_idle(struct page *page)
>>> {
>>> - clear_bit(PAGE_EXT_IDLE, &lookup_page_ext(page)->flags);
>>> + struct page_ext *page_ext;
>>> + page_ext = lookup_page_ext(page);
>>> + if (unlikely(!page_ext)
>>> + return;
>>> +
>>> + clear_bit(PAGE_EXT_IDLE, &page_ext->flags);
>>> }
>>> #endif /* CONFIG_64BIT */
>>>
>>> diff --git a/mm/page_alloc.c b/mm/page_alloc.c
>>> index f8f3bfc..d27e8b9 100644
>>> --- a/mm/page_alloc.c
>>> +++ b/mm/page_alloc.c
>>> @@ -656,6 +656,9 @@ static inline void set_page_guard(struct zone *zone, struct page *page,
>>> return;
>>>
>>> page_ext = lookup_page_ext(page);
>>> + if (unlikely(!page_ext))
>>> + return;
>>> +
>>> __set_bit(PAGE_EXT_DEBUG_GUARD, &page_ext->flags);
>>>
>>> INIT_LIST_HEAD(&page->lru);
>>> @@ -673,6 +676,9 @@ static inline void clear_page_guard(struct zone *zone, struct page *page,
>>> return;
>>>
>>> page_ext = lookup_page_ext(page);
>>> + if (unlikely(!page_ext))
>>> + return;
>>> +
>>> __clear_bit(PAGE_EXT_DEBUG_GUARD, &page_ext->flags);
>>>
>>> set_page_private(page, 0);
>>> diff --git a/mm/page_owner.c b/mm/page_owner.c
>>> index 792b56d..902e398 100644
>>> --- a/mm/page_owner.c
>>> +++ b/mm/page_owner.c
>>> @@ -55,6 +55,8 @@ void __reset_page_owner(struct page *page, unsigned int order)
>>>
>>> for (i = 0; i < (1 << order); i++) {
>>> page_ext = lookup_page_ext(page + i);
>>> + if (unlikely(!page_ext))
>>> + continue;
>>> __clear_bit(PAGE_EXT_OWNER, &page_ext->flags);
>>> }
>>> }
>>> @@ -62,6 +64,10 @@ void __reset_page_owner(struct page *page, unsigned int order)
>>> void __set_page_owner(struct page *page, unsigned int order, gfp_t gfp_mask)
>>> {
>>> struct page_ext *page_ext = lookup_page_ext(page);
>>> +
>>> + if (unlikely(!page_ext))
>>> + return;
>>> +
>>> struct stack_trace trace = {
>>> .nr_entries = 0,
>>> .max_entries = ARRAY_SIZE(page_ext->trace_entries),
>>> @@ -82,6 +88,8 @@ void __set_page_owner(struct page *page, unsigned int order, gfp_t gfp_mask)
>>> void __set_page_owner_migrate_reason(struct page *page, int reason)
>>> {
>>> struct page_ext *page_ext = lookup_page_ext(page);
>>> + if (unlikely(!page_ext))
>>> + return;
>>>
>>> page_ext->last_migrate_reason = reason;
>>> }
>>> @@ -89,6 +97,12 @@ void __set_page_owner_migrate_reason(struct page *page, int reason)
>>> gfp_t __get_page_owner_gfp(struct page *page)
>>> {
>>> struct page_ext *page_ext = lookup_page_ext(page);
>>> + if (unlikely(!page_ext))
>>> + /*
>>> + * The caller just returns 0 if no valid gfp
>>> + * So return 0 here too.
>>> + */
>>> + return 0;
>>>
>>> return page_ext->gfp_mask;
>>> }
>>> @@ -97,6 +111,10 @@ void __copy_page_owner(struct page *oldpage, struct page *newpage)
>>> {
>>> struct page_ext *old_ext = lookup_page_ext(oldpage);
>>> struct page_ext *new_ext = lookup_page_ext(newpage);
>>> +
>>> + if (unlikely(!old_ext || !new_ext))
>>> + return;
>>> +
>>> int i;
>>>
>>> new_ext->order = old_ext->order;
>>> @@ -186,6 +204,11 @@ err:
>>> void __dump_page_owner(struct page *page)
>>> {
>>> struct page_ext *page_ext = lookup_page_ext(page);
>>> + if (unlikely(!page_ext)) {
>>> + pr_alert("There is not page extension available.\n");
>>> + return;
>>> + }
>>> +
>>> struct stack_trace trace = {
>>> .nr_entries = page_ext->nr_entries,
>>> .entries = &page_ext->trace_entries[0],
>>> @@ -251,6 +274,8 @@ read_page_owner(struct file *file, char __user *buf, size_t count, loff_t *ppos)
>>> }
>>>
>>> page_ext = lookup_page_ext(page);
>>> + if (unlikely(!page_ext))
>>> + continue;
>>>
>>> /*
>>> * Some pages could be missed by concurrent allocation or free,
>>> @@ -317,6 +342,8 @@ static void init_pages_in_zone(pg_data_t *pgdat, struct zone *zone)
>>> continue;
>>>
>>> page_ext = lookup_page_ext(page);
>>> + if (unlikely(!page_ext))
>>> + continue;
>>>
>>> /* Maybe overraping zone */
>>> if (test_bit(PAGE_EXT_OWNER, &page_ext->flags))
>>> diff --git a/mm/page_poison.c b/mm/page_poison.c
>>> index 1eae5fa..2e647c6 100644
>>> --- a/mm/page_poison.c
>>> +++ b/mm/page_poison.c
>>> @@ -54,6 +54,9 @@ static inline void set_page_poison(struct page *page)
>>> struct page_ext *page_ext;
>>>
>>> page_ext = lookup_page_ext(page);
>>> + if (unlikely(!page_ext))
>>> + return;
>>> +
>>> __set_bit(PAGE_EXT_DEBUG_POISON, &page_ext->flags);
>>> }
>>>
>>> @@ -62,6 +65,9 @@ static inline void clear_page_poison(struct page *page)
>>> struct page_ext *page_ext;
>>>
>>> page_ext = lookup_page_ext(page);
>>> + if (unlikely(!page_ext))
>>> + return;
>>> +
>>> __clear_bit(PAGE_EXT_DEBUG_POISON, &page_ext->flags);
>>> }
>>>
>>> @@ -70,7 +76,7 @@ bool page_is_poisoned(struct page *page)
>>> struct page_ext *page_ext;
>>>
>>> page_ext = lookup_page_ext(page);
>>> - if (!page_ext)
>>> + if (unlikely(!page_ext))
>>> return false;
>>>
>>> return test_bit(PAGE_EXT_DEBUG_POISON, &page_ext->flags);
>>> diff --git a/mm/vmstat.c b/mm/vmstat.c
>>> index 77e42ef..cb2a67b 100644
>>> --- a/mm/vmstat.c
>>> +++ b/mm/vmstat.c
>>> @@ -1061,6 +1061,8 @@ static void pagetypeinfo_showmixedcount_print(struct seq_file *m,
>>> continue;
>>>
>>> page_ext = lookup_page_ext(page);
>>> + if (unlikely(!page_ext))
>>> + continue;
>>>
>>> if (!test_bit(PAGE_EXT_OWNER, &page_ext->flags))
>>> continue;
>>> --
>>> 2.0.2
>>>
>>> --
>>> To unsubscribe, send a message with 'unsubscribe linux-mm' in
>>> the body to majordomo@kvack.org. For more info on Linux MM,
>>> see: http://www.linux-mm.org/ .
>>> Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
>>
>> --
>> To unsubscribe, send a message with 'unsubscribe linux-mm' in
>> the body to majordomo@kvack.org. For more info on Linux MM,
>> see: http://www.linux-mm.org/ .
>> Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
^ permalink raw reply [flat|nested] 57+ messages in thread
* Re: [PATCH] mm: check the return value of lookup_page_ext for all call sites
2016-05-26 23:15 ` Shi, Yang
@ 2016-05-27 5:14 ` Minchan Kim
-1 siblings, 0 replies; 57+ messages in thread
From: Minchan Kim @ 2016-05-27 5:14 UTC (permalink / raw)
To: Shi, Yang; +Cc: akpm, iamjoonsoo.kim, linux-kernel, linux-mm, linaro-kernel
On Thu, May 26, 2016 at 04:15:28PM -0700, Shi, Yang wrote:
> On 5/25/2016 5:37 PM, Minchan Kim wrote:
> >On Tue, May 24, 2016 at 11:58:11AM +0900, Minchan Kim wrote:
> >>On Mon, May 23, 2016 at 10:16:08AM -0700, Yang Shi wrote:
> >>>Per the discussion with Joonsoo Kim [1], we need check the return value of
> >>>lookup_page_ext() for all call sites since it might return NULL in some cases,
> >>>although it is unlikely, i.e. memory hotplug.
> >>>
> >>>Tested with ltp with "page_owner=0".
> >>>
> >>>[1] http://lkml.kernel.org/r/20160519002809.GA10245@js1304-P5Q-DELUXE
> >>>
> >>>Signed-off-by: Yang Shi <yang.shi@linaro.org>
> >>
> >>I didn't read code code in detail to see how page_ext memory space
> >>allocated in boot code and memory hotplug but to me, it's not good
> >>to check NULL whenever we calls lookup_page_ext.
> >>
> >>More dangerous thing is now page_ext is used by optionable feature(ie, not
> >>critical for system stability) but if we want to use page_ext as
> >>another important tool for the system in future,
> >>it could be a serious problem.
> >>
> >>Can we put some hooks of page_ext into memory-hotplug so guarantee
> >>that page_ext memory space is allocated with memmap space at the
> >>same time? IOW, once every PFN wakers find a page is valid, page_ext
> >>is valid, too so lookup_page_ext never returns NULL on valid page
> >>by design.
> >>
> >>I hope we consider this direction, too.
> >
> >Yang, Could you think about this?
>
> Thanks a lot for the suggestion. Sorry for the late reply, I was
> busy on preparing patches. I do agree this is a direction we should
> look into, but I haven't got time to think about it deeper. I hope
> Joonsoo could chime in too since he is the original author for page
> extension.
>
> >
> >Even, your patch was broken, I think.
> >It doesn't work with !CONFIG_DEBUG_VM && !CONFIG_PAGE_POISONING because
> >lookup_page_ext doesn't return NULL in that case.
>
> Actually, I think the #ifdef should be removed if lookup_page_ext()
> is possible to return NULL. It sounds not make sense returning NULL
> only when DEBUG_VM is enabled. It should return NULL no matter what
> debug config is selected. If Joonsoo agrees with me I'm going to
> come up with a patch to fix it.
I don't know what lock protects race section->page_ext storing/tearing
during memory hotplug while random thread accesses pege_ext,
for example, kpageflags->page_is_idle.
Please consider that, too if you want to go with this approach.
>
> Regards,
> Yang
>
> >
> >>
> >>Thanks.
> >>
> >>>---
> >>> include/linux/page_idle.h | 43 ++++++++++++++++++++++++++++++++++++-------
> >>> mm/page_alloc.c | 6 ++++++
> >>> mm/page_owner.c | 27 +++++++++++++++++++++++++++
> >>> mm/page_poison.c | 8 +++++++-
> >>> mm/vmstat.c | 2 ++
> >>> 5 files changed, 78 insertions(+), 8 deletions(-)
> >>>
> >>>diff --git a/include/linux/page_idle.h b/include/linux/page_idle.h
> >>>index bf268fa..8f5d4ad 100644
> >>>--- a/include/linux/page_idle.h
> >>>+++ b/include/linux/page_idle.h
> >>>@@ -46,33 +46,62 @@ extern struct page_ext_operations page_idle_ops;
> >>>
> >>> static inline bool page_is_young(struct page *page)
> >>> {
> >>>- return test_bit(PAGE_EXT_YOUNG, &lookup_page_ext(page)->flags);
> >>>+ struct page_ext *page_ext;
> >>>+ page_ext = lookup_page_ext(page);
> >>>+ if (unlikely(!page_ext)
> >>>+ return false;
> >>>+
> >>>+ return test_bit(PAGE_EXT_YOUNG, &page_ext->flags);
> >>> }
> >>>
> >>> static inline void set_page_young(struct page *page)
> >>> {
> >>>- set_bit(PAGE_EXT_YOUNG, &lookup_page_ext(page)->flags);
> >>>+ struct page_ext *page_ext;
> >>>+ page_ext = lookup_page_ext(page);
> >>>+ if (unlikely(!page_ext)
> >>>+ return;
> >>>+
> >>>+ set_bit(PAGE_EXT_YOUNG, &page_ext->flags);
> >>> }
> >>>
> >>> static inline bool test_and_clear_page_young(struct page *page)
> >>> {
> >>>- return test_and_clear_bit(PAGE_EXT_YOUNG,
> >>>- &lookup_page_ext(page)->flags);
> >>>+ struct page_ext *page_ext;
> >>>+ page_ext = lookup_page_ext(page);
> >>>+ if (unlikely(!page_ext)
> >>>+ return false;
> >>>+
> >>>+ return test_and_clear_bit(PAGE_EXT_YOUNG, &page_ext->flags);
> >>> }
> >>>
> >>> static inline bool page_is_idle(struct page *page)
> >>> {
> >>>- return test_bit(PAGE_EXT_IDLE, &lookup_page_ext(page)->flags);
> >>>+ struct page_ext *page_ext;
> >>>+ page_ext = lookup_page_ext(page);
> >>>+ if (unlikely(!page_ext)
> >>>+ return false;
> >>>+
> >>>+ return test_bit(PAGE_EXT_IDLE, &page_ext->flags);
> >>> }
> >>>
> >>> static inline void set_page_idle(struct page *page)
> >>> {
> >>>- set_bit(PAGE_EXT_IDLE, &lookup_page_ext(page)->flags);
> >>>+ struct page_ext *page_ext;
> >>>+ page_ext = lookup_page_ext(page);
> >>>+ if (unlikely(!page_ext)
> >>>+ return;
> >>>+
> >>>+ set_bit(PAGE_EXT_IDLE, &page_ext->flags);
> >>> }
> >>>
> >>> static inline void clear_page_idle(struct page *page)
> >>> {
> >>>- clear_bit(PAGE_EXT_IDLE, &lookup_page_ext(page)->flags);
> >>>+ struct page_ext *page_ext;
> >>>+ page_ext = lookup_page_ext(page);
> >>>+ if (unlikely(!page_ext)
> >>>+ return;
> >>>+
> >>>+ clear_bit(PAGE_EXT_IDLE, &page_ext->flags);
> >>> }
> >>> #endif /* CONFIG_64BIT */
> >>>
> >>>diff --git a/mm/page_alloc.c b/mm/page_alloc.c
> >>>index f8f3bfc..d27e8b9 100644
> >>>--- a/mm/page_alloc.c
> >>>+++ b/mm/page_alloc.c
> >>>@@ -656,6 +656,9 @@ static inline void set_page_guard(struct zone *zone, struct page *page,
> >>> return;
> >>>
> >>> page_ext = lookup_page_ext(page);
> >>>+ if (unlikely(!page_ext))
> >>>+ return;
> >>>+
> >>> __set_bit(PAGE_EXT_DEBUG_GUARD, &page_ext->flags);
> >>>
> >>> INIT_LIST_HEAD(&page->lru);
> >>>@@ -673,6 +676,9 @@ static inline void clear_page_guard(struct zone *zone, struct page *page,
> >>> return;
> >>>
> >>> page_ext = lookup_page_ext(page);
> >>>+ if (unlikely(!page_ext))
> >>>+ return;
> >>>+
> >>> __clear_bit(PAGE_EXT_DEBUG_GUARD, &page_ext->flags);
> >>>
> >>> set_page_private(page, 0);
> >>>diff --git a/mm/page_owner.c b/mm/page_owner.c
> >>>index 792b56d..902e398 100644
> >>>--- a/mm/page_owner.c
> >>>+++ b/mm/page_owner.c
> >>>@@ -55,6 +55,8 @@ void __reset_page_owner(struct page *page, unsigned int order)
> >>>
> >>> for (i = 0; i < (1 << order); i++) {
> >>> page_ext = lookup_page_ext(page + i);
> >>>+ if (unlikely(!page_ext))
> >>>+ continue;
> >>> __clear_bit(PAGE_EXT_OWNER, &page_ext->flags);
> >>> }
> >>> }
> >>>@@ -62,6 +64,10 @@ void __reset_page_owner(struct page *page, unsigned int order)
> >>> void __set_page_owner(struct page *page, unsigned int order, gfp_t gfp_mask)
> >>> {
> >>> struct page_ext *page_ext = lookup_page_ext(page);
> >>>+
> >>>+ if (unlikely(!page_ext))
> >>>+ return;
> >>>+
> >>> struct stack_trace trace = {
> >>> .nr_entries = 0,
> >>> .max_entries = ARRAY_SIZE(page_ext->trace_entries),
> >>>@@ -82,6 +88,8 @@ void __set_page_owner(struct page *page, unsigned int order, gfp_t gfp_mask)
> >>> void __set_page_owner_migrate_reason(struct page *page, int reason)
> >>> {
> >>> struct page_ext *page_ext = lookup_page_ext(page);
> >>>+ if (unlikely(!page_ext))
> >>>+ return;
> >>>
> >>> page_ext->last_migrate_reason = reason;
> >>> }
> >>>@@ -89,6 +97,12 @@ void __set_page_owner_migrate_reason(struct page *page, int reason)
> >>> gfp_t __get_page_owner_gfp(struct page *page)
> >>> {
> >>> struct page_ext *page_ext = lookup_page_ext(page);
> >>>+ if (unlikely(!page_ext))
> >>>+ /*
> >>>+ * The caller just returns 0 if no valid gfp
> >>>+ * So return 0 here too.
> >>>+ */
> >>>+ return 0;
> >>>
> >>> return page_ext->gfp_mask;
> >>> }
> >>>@@ -97,6 +111,10 @@ void __copy_page_owner(struct page *oldpage, struct page *newpage)
> >>> {
> >>> struct page_ext *old_ext = lookup_page_ext(oldpage);
> >>> struct page_ext *new_ext = lookup_page_ext(newpage);
> >>>+
> >>>+ if (unlikely(!old_ext || !new_ext))
> >>>+ return;
> >>>+
> >>> int i;
> >>>
> >>> new_ext->order = old_ext->order;
> >>>@@ -186,6 +204,11 @@ err:
> >>> void __dump_page_owner(struct page *page)
> >>> {
> >>> struct page_ext *page_ext = lookup_page_ext(page);
> >>>+ if (unlikely(!page_ext)) {
> >>>+ pr_alert("There is not page extension available.\n");
> >>>+ return;
> >>>+ }
> >>>+
> >>> struct stack_trace trace = {
> >>> .nr_entries = page_ext->nr_entries,
> >>> .entries = &page_ext->trace_entries[0],
> >>>@@ -251,6 +274,8 @@ read_page_owner(struct file *file, char __user *buf, size_t count, loff_t *ppos)
> >>> }
> >>>
> >>> page_ext = lookup_page_ext(page);
> >>>+ if (unlikely(!page_ext))
> >>>+ continue;
> >>>
> >>> /*
> >>> * Some pages could be missed by concurrent allocation or free,
> >>>@@ -317,6 +342,8 @@ static void init_pages_in_zone(pg_data_t *pgdat, struct zone *zone)
> >>> continue;
> >>>
> >>> page_ext = lookup_page_ext(page);
> >>>+ if (unlikely(!page_ext))
> >>>+ continue;
> >>>
> >>> /* Maybe overraping zone */
> >>> if (test_bit(PAGE_EXT_OWNER, &page_ext->flags))
> >>>diff --git a/mm/page_poison.c b/mm/page_poison.c
> >>>index 1eae5fa..2e647c6 100644
> >>>--- a/mm/page_poison.c
> >>>+++ b/mm/page_poison.c
> >>>@@ -54,6 +54,9 @@ static inline void set_page_poison(struct page *page)
> >>> struct page_ext *page_ext;
> >>>
> >>> page_ext = lookup_page_ext(page);
> >>>+ if (unlikely(!page_ext))
> >>>+ return;
> >>>+
> >>> __set_bit(PAGE_EXT_DEBUG_POISON, &page_ext->flags);
> >>> }
> >>>
> >>>@@ -62,6 +65,9 @@ static inline void clear_page_poison(struct page *page)
> >>> struct page_ext *page_ext;
> >>>
> >>> page_ext = lookup_page_ext(page);
> >>>+ if (unlikely(!page_ext))
> >>>+ return;
> >>>+
> >>> __clear_bit(PAGE_EXT_DEBUG_POISON, &page_ext->flags);
> >>> }
> >>>
> >>>@@ -70,7 +76,7 @@ bool page_is_poisoned(struct page *page)
> >>> struct page_ext *page_ext;
> >>>
> >>> page_ext = lookup_page_ext(page);
> >>>- if (!page_ext)
> >>>+ if (unlikely(!page_ext))
> >>> return false;
> >>>
> >>> return test_bit(PAGE_EXT_DEBUG_POISON, &page_ext->flags);
> >>>diff --git a/mm/vmstat.c b/mm/vmstat.c
> >>>index 77e42ef..cb2a67b 100644
> >>>--- a/mm/vmstat.c
> >>>+++ b/mm/vmstat.c
> >>>@@ -1061,6 +1061,8 @@ static void pagetypeinfo_showmixedcount_print(struct seq_file *m,
> >>> continue;
> >>>
> >>> page_ext = lookup_page_ext(page);
> >>>+ if (unlikely(!page_ext))
> >>>+ continue;
> >>>
> >>> if (!test_bit(PAGE_EXT_OWNER, &page_ext->flags))
> >>> continue;
> >>>--
> >>>2.0.2
> >>>
> >>>--
> >>>To unsubscribe, send a message with 'unsubscribe linux-mm' in
> >>>the body to majordomo@kvack.org. For more info on Linux MM,
> >>>see: http://www.linux-mm.org/ .
> >>>Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
> >>
> >>--
> >>To unsubscribe, send a message with 'unsubscribe linux-mm' in
> >>the body to majordomo@kvack.org. For more info on Linux MM,
> >>see: http://www.linux-mm.org/ .
> >>Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
>
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
^ permalink raw reply [flat|nested] 57+ messages in thread
* Re: [PATCH] mm: check the return value of lookup_page_ext for all call sites
@ 2016-05-27 5:14 ` Minchan Kim
0 siblings, 0 replies; 57+ messages in thread
From: Minchan Kim @ 2016-05-27 5:14 UTC (permalink / raw)
To: Shi, Yang; +Cc: akpm, iamjoonsoo.kim, linux-kernel, linux-mm, linaro-kernel
On Thu, May 26, 2016 at 04:15:28PM -0700, Shi, Yang wrote:
> On 5/25/2016 5:37 PM, Minchan Kim wrote:
> >On Tue, May 24, 2016 at 11:58:11AM +0900, Minchan Kim wrote:
> >>On Mon, May 23, 2016 at 10:16:08AM -0700, Yang Shi wrote:
> >>>Per the discussion with Joonsoo Kim [1], we need check the return value of
> >>>lookup_page_ext() for all call sites since it might return NULL in some cases,
> >>>although it is unlikely, i.e. memory hotplug.
> >>>
> >>>Tested with ltp with "page_owner=0".
> >>>
> >>>[1] http://lkml.kernel.org/r/20160519002809.GA10245@js1304-P5Q-DELUXE
> >>>
> >>>Signed-off-by: Yang Shi <yang.shi@linaro.org>
> >>
> >>I didn't read code code in detail to see how page_ext memory space
> >>allocated in boot code and memory hotplug but to me, it's not good
> >>to check NULL whenever we calls lookup_page_ext.
> >>
> >>More dangerous thing is now page_ext is used by optionable feature(ie, not
> >>critical for system stability) but if we want to use page_ext as
> >>another important tool for the system in future,
> >>it could be a serious problem.
> >>
> >>Can we put some hooks of page_ext into memory-hotplug so guarantee
> >>that page_ext memory space is allocated with memmap space at the
> >>same time? IOW, once every PFN wakers find a page is valid, page_ext
> >>is valid, too so lookup_page_ext never returns NULL on valid page
> >>by design.
> >>
> >>I hope we consider this direction, too.
> >
> >Yang, Could you think about this?
>
> Thanks a lot for the suggestion. Sorry for the late reply, I was
> busy on preparing patches. I do agree this is a direction we should
> look into, but I haven't got time to think about it deeper. I hope
> Joonsoo could chime in too since he is the original author for page
> extension.
>
> >
> >Even, your patch was broken, I think.
> >It doesn't work with !CONFIG_DEBUG_VM && !CONFIG_PAGE_POISONING because
> >lookup_page_ext doesn't return NULL in that case.
>
> Actually, I think the #ifdef should be removed if lookup_page_ext()
> is possible to return NULL. It sounds not make sense returning NULL
> only when DEBUG_VM is enabled. It should return NULL no matter what
> debug config is selected. If Joonsoo agrees with me I'm going to
> come up with a patch to fix it.
I don't know what lock protects race section->page_ext storing/tearing
during memory hotplug while random thread accesses pege_ext,
for example, kpageflags->page_is_idle.
Please consider that, too if you want to go with this approach.
>
> Regards,
> Yang
>
> >
> >>
> >>Thanks.
> >>
> >>>---
> >>> include/linux/page_idle.h | 43 ++++++++++++++++++++++++++++++++++++-------
> >>> mm/page_alloc.c | 6 ++++++
> >>> mm/page_owner.c | 27 +++++++++++++++++++++++++++
> >>> mm/page_poison.c | 8 +++++++-
> >>> mm/vmstat.c | 2 ++
> >>> 5 files changed, 78 insertions(+), 8 deletions(-)
> >>>
> >>>diff --git a/include/linux/page_idle.h b/include/linux/page_idle.h
> >>>index bf268fa..8f5d4ad 100644
> >>>--- a/include/linux/page_idle.h
> >>>+++ b/include/linux/page_idle.h
> >>>@@ -46,33 +46,62 @@ extern struct page_ext_operations page_idle_ops;
> >>>
> >>> static inline bool page_is_young(struct page *page)
> >>> {
> >>>- return test_bit(PAGE_EXT_YOUNG, &lookup_page_ext(page)->flags);
> >>>+ struct page_ext *page_ext;
> >>>+ page_ext = lookup_page_ext(page);
> >>>+ if (unlikely(!page_ext)
> >>>+ return false;
> >>>+
> >>>+ return test_bit(PAGE_EXT_YOUNG, &page_ext->flags);
> >>> }
> >>>
> >>> static inline void set_page_young(struct page *page)
> >>> {
> >>>- set_bit(PAGE_EXT_YOUNG, &lookup_page_ext(page)->flags);
> >>>+ struct page_ext *page_ext;
> >>>+ page_ext = lookup_page_ext(page);
> >>>+ if (unlikely(!page_ext)
> >>>+ return;
> >>>+
> >>>+ set_bit(PAGE_EXT_YOUNG, &page_ext->flags);
> >>> }
> >>>
> >>> static inline bool test_and_clear_page_young(struct page *page)
> >>> {
> >>>- return test_and_clear_bit(PAGE_EXT_YOUNG,
> >>>- &lookup_page_ext(page)->flags);
> >>>+ struct page_ext *page_ext;
> >>>+ page_ext = lookup_page_ext(page);
> >>>+ if (unlikely(!page_ext)
> >>>+ return false;
> >>>+
> >>>+ return test_and_clear_bit(PAGE_EXT_YOUNG, &page_ext->flags);
> >>> }
> >>>
> >>> static inline bool page_is_idle(struct page *page)
> >>> {
> >>>- return test_bit(PAGE_EXT_IDLE, &lookup_page_ext(page)->flags);
> >>>+ struct page_ext *page_ext;
> >>>+ page_ext = lookup_page_ext(page);
> >>>+ if (unlikely(!page_ext)
> >>>+ return false;
> >>>+
> >>>+ return test_bit(PAGE_EXT_IDLE, &page_ext->flags);
> >>> }
> >>>
> >>> static inline void set_page_idle(struct page *page)
> >>> {
> >>>- set_bit(PAGE_EXT_IDLE, &lookup_page_ext(page)->flags);
> >>>+ struct page_ext *page_ext;
> >>>+ page_ext = lookup_page_ext(page);
> >>>+ if (unlikely(!page_ext)
> >>>+ return;
> >>>+
> >>>+ set_bit(PAGE_EXT_IDLE, &page_ext->flags);
> >>> }
> >>>
> >>> static inline void clear_page_idle(struct page *page)
> >>> {
> >>>- clear_bit(PAGE_EXT_IDLE, &lookup_page_ext(page)->flags);
> >>>+ struct page_ext *page_ext;
> >>>+ page_ext = lookup_page_ext(page);
> >>>+ if (unlikely(!page_ext)
> >>>+ return;
> >>>+
> >>>+ clear_bit(PAGE_EXT_IDLE, &page_ext->flags);
> >>> }
> >>> #endif /* CONFIG_64BIT */
> >>>
> >>>diff --git a/mm/page_alloc.c b/mm/page_alloc.c
> >>>index f8f3bfc..d27e8b9 100644
> >>>--- a/mm/page_alloc.c
> >>>+++ b/mm/page_alloc.c
> >>>@@ -656,6 +656,9 @@ static inline void set_page_guard(struct zone *zone, struct page *page,
> >>> return;
> >>>
> >>> page_ext = lookup_page_ext(page);
> >>>+ if (unlikely(!page_ext))
> >>>+ return;
> >>>+
> >>> __set_bit(PAGE_EXT_DEBUG_GUARD, &page_ext->flags);
> >>>
> >>> INIT_LIST_HEAD(&page->lru);
> >>>@@ -673,6 +676,9 @@ static inline void clear_page_guard(struct zone *zone, struct page *page,
> >>> return;
> >>>
> >>> page_ext = lookup_page_ext(page);
> >>>+ if (unlikely(!page_ext))
> >>>+ return;
> >>>+
> >>> __clear_bit(PAGE_EXT_DEBUG_GUARD, &page_ext->flags);
> >>>
> >>> set_page_private(page, 0);
> >>>diff --git a/mm/page_owner.c b/mm/page_owner.c
> >>>index 792b56d..902e398 100644
> >>>--- a/mm/page_owner.c
> >>>+++ b/mm/page_owner.c
> >>>@@ -55,6 +55,8 @@ void __reset_page_owner(struct page *page, unsigned int order)
> >>>
> >>> for (i = 0; i < (1 << order); i++) {
> >>> page_ext = lookup_page_ext(page + i);
> >>>+ if (unlikely(!page_ext))
> >>>+ continue;
> >>> __clear_bit(PAGE_EXT_OWNER, &page_ext->flags);
> >>> }
> >>> }
> >>>@@ -62,6 +64,10 @@ void __reset_page_owner(struct page *page, unsigned int order)
> >>> void __set_page_owner(struct page *page, unsigned int order, gfp_t gfp_mask)
> >>> {
> >>> struct page_ext *page_ext = lookup_page_ext(page);
> >>>+
> >>>+ if (unlikely(!page_ext))
> >>>+ return;
> >>>+
> >>> struct stack_trace trace = {
> >>> .nr_entries = 0,
> >>> .max_entries = ARRAY_SIZE(page_ext->trace_entries),
> >>>@@ -82,6 +88,8 @@ void __set_page_owner(struct page *page, unsigned int order, gfp_t gfp_mask)
> >>> void __set_page_owner_migrate_reason(struct page *page, int reason)
> >>> {
> >>> struct page_ext *page_ext = lookup_page_ext(page);
> >>>+ if (unlikely(!page_ext))
> >>>+ return;
> >>>
> >>> page_ext->last_migrate_reason = reason;
> >>> }
> >>>@@ -89,6 +97,12 @@ void __set_page_owner_migrate_reason(struct page *page, int reason)
> >>> gfp_t __get_page_owner_gfp(struct page *page)
> >>> {
> >>> struct page_ext *page_ext = lookup_page_ext(page);
> >>>+ if (unlikely(!page_ext))
> >>>+ /*
> >>>+ * The caller just returns 0 if no valid gfp
> >>>+ * So return 0 here too.
> >>>+ */
> >>>+ return 0;
> >>>
> >>> return page_ext->gfp_mask;
> >>> }
> >>>@@ -97,6 +111,10 @@ void __copy_page_owner(struct page *oldpage, struct page *newpage)
> >>> {
> >>> struct page_ext *old_ext = lookup_page_ext(oldpage);
> >>> struct page_ext *new_ext = lookup_page_ext(newpage);
> >>>+
> >>>+ if (unlikely(!old_ext || !new_ext))
> >>>+ return;
> >>>+
> >>> int i;
> >>>
> >>> new_ext->order = old_ext->order;
> >>>@@ -186,6 +204,11 @@ err:
> >>> void __dump_page_owner(struct page *page)
> >>> {
> >>> struct page_ext *page_ext = lookup_page_ext(page);
> >>>+ if (unlikely(!page_ext)) {
> >>>+ pr_alert("There is not page extension available.\n");
> >>>+ return;
> >>>+ }
> >>>+
> >>> struct stack_trace trace = {
> >>> .nr_entries = page_ext->nr_entries,
> >>> .entries = &page_ext->trace_entries[0],
> >>>@@ -251,6 +274,8 @@ read_page_owner(struct file *file, char __user *buf, size_t count, loff_t *ppos)
> >>> }
> >>>
> >>> page_ext = lookup_page_ext(page);
> >>>+ if (unlikely(!page_ext))
> >>>+ continue;
> >>>
> >>> /*
> >>> * Some pages could be missed by concurrent allocation or free,
> >>>@@ -317,6 +342,8 @@ static void init_pages_in_zone(pg_data_t *pgdat, struct zone *zone)
> >>> continue;
> >>>
> >>> page_ext = lookup_page_ext(page);
> >>>+ if (unlikely(!page_ext))
> >>>+ continue;
> >>>
> >>> /* Maybe overraping zone */
> >>> if (test_bit(PAGE_EXT_OWNER, &page_ext->flags))
> >>>diff --git a/mm/page_poison.c b/mm/page_poison.c
> >>>index 1eae5fa..2e647c6 100644
> >>>--- a/mm/page_poison.c
> >>>+++ b/mm/page_poison.c
> >>>@@ -54,6 +54,9 @@ static inline void set_page_poison(struct page *page)
> >>> struct page_ext *page_ext;
> >>>
> >>> page_ext = lookup_page_ext(page);
> >>>+ if (unlikely(!page_ext))
> >>>+ return;
> >>>+
> >>> __set_bit(PAGE_EXT_DEBUG_POISON, &page_ext->flags);
> >>> }
> >>>
> >>>@@ -62,6 +65,9 @@ static inline void clear_page_poison(struct page *page)
> >>> struct page_ext *page_ext;
> >>>
> >>> page_ext = lookup_page_ext(page);
> >>>+ if (unlikely(!page_ext))
> >>>+ return;
> >>>+
> >>> __clear_bit(PAGE_EXT_DEBUG_POISON, &page_ext->flags);
> >>> }
> >>>
> >>>@@ -70,7 +76,7 @@ bool page_is_poisoned(struct page *page)
> >>> struct page_ext *page_ext;
> >>>
> >>> page_ext = lookup_page_ext(page);
> >>>- if (!page_ext)
> >>>+ if (unlikely(!page_ext))
> >>> return false;
> >>>
> >>> return test_bit(PAGE_EXT_DEBUG_POISON, &page_ext->flags);
> >>>diff --git a/mm/vmstat.c b/mm/vmstat.c
> >>>index 77e42ef..cb2a67b 100644
> >>>--- a/mm/vmstat.c
> >>>+++ b/mm/vmstat.c
> >>>@@ -1061,6 +1061,8 @@ static void pagetypeinfo_showmixedcount_print(struct seq_file *m,
> >>> continue;
> >>>
> >>> page_ext = lookup_page_ext(page);
> >>>+ if (unlikely(!page_ext))
> >>>+ continue;
> >>>
> >>> if (!test_bit(PAGE_EXT_OWNER, &page_ext->flags))
> >>> continue;
> >>>--
> >>>2.0.2
> >>>
> >>>--
> >>>To unsubscribe, send a message with 'unsubscribe linux-mm' in
> >>>the body to majordomo@kvack.org. For more info on Linux MM,
> >>>see: http://www.linux-mm.org/ .
> >>>Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
> >>
> >>--
> >>To unsubscribe, send a message with 'unsubscribe linux-mm' in
> >>the body to majordomo@kvack.org. For more info on Linux MM,
> >>see: http://www.linux-mm.org/ .
> >>Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
>
^ permalink raw reply [flat|nested] 57+ messages in thread
* Re: [PATCH] mm: check the return value of lookup_page_ext for all call sites
2016-05-27 5:14 ` Minchan Kim
@ 2016-05-27 6:08 ` Joonsoo Kim
-1 siblings, 0 replies; 57+ messages in thread
From: Joonsoo Kim @ 2016-05-27 6:08 UTC (permalink / raw)
To: Minchan Kim; +Cc: Shi, Yang, akpm, linux-kernel, linux-mm, linaro-kernel
On Fri, May 27, 2016 at 02:14:32PM +0900, Minchan Kim wrote:
> On Thu, May 26, 2016 at 04:15:28PM -0700, Shi, Yang wrote:
> > On 5/25/2016 5:37 PM, Minchan Kim wrote:
> > >On Tue, May 24, 2016 at 11:58:11AM +0900, Minchan Kim wrote:
> > >>On Mon, May 23, 2016 at 10:16:08AM -0700, Yang Shi wrote:
> > >>>Per the discussion with Joonsoo Kim [1], we need check the return value of
> > >>>lookup_page_ext() for all call sites since it might return NULL in some cases,
> > >>>although it is unlikely, i.e. memory hotplug.
> > >>>
> > >>>Tested with ltp with "page_owner=0".
> > >>>
> > >>>[1] http://lkml.kernel.org/r/20160519002809.GA10245@js1304-P5Q-DELUXE
> > >>>
> > >>>Signed-off-by: Yang Shi <yang.shi@linaro.org>
> > >>
> > >>I didn't read code code in detail to see how page_ext memory space
> > >>allocated in boot code and memory hotplug but to me, it's not good
> > >>to check NULL whenever we calls lookup_page_ext.
> > >>
> > >>More dangerous thing is now page_ext is used by optionable feature(ie, not
> > >>critical for system stability) but if we want to use page_ext as
> > >>another important tool for the system in future,
> > >>it could be a serious problem.
Hello, Minchan.
I wonder how pages that isn't managed by kernel yet will cause serious
problem. Until onlining, these pages are out of our scope. Any
information about them would be useless until it is actually
activated. I guess that returning NULL for those pages will not hurt
any functionality. Do you have any possible scenario that this causes the
serious problem?
And, allocation such memory space doesn't come from free. If someone
just add the memory device and don't online it, these memory will be
wasted. I don't know if there is such a usecase but it's possible
scenario.
> > >>
> > >>Can we put some hooks of page_ext into memory-hotplug so guarantee
> > >>that page_ext memory space is allocated with memmap space at the
> > >>same time? IOW, once every PFN wakers find a page is valid, page_ext
> > >>is valid, too so lookup_page_ext never returns NULL on valid page
> > >>by design.
> > >>
> > >>I hope we consider this direction, too.
> > >
> > >Yang, Could you think about this?
> >
> > Thanks a lot for the suggestion. Sorry for the late reply, I was
> > busy on preparing patches. I do agree this is a direction we should
> > look into, but I haven't got time to think about it deeper. I hope
> > Joonsoo could chime in too since he is the original author for page
> > extension.
> >
> > >
> > >Even, your patch was broken, I think.
> > >It doesn't work with !CONFIG_DEBUG_VM && !CONFIG_PAGE_POISONING because
> > >lookup_page_ext doesn't return NULL in that case.
> >
> > Actually, I think the #ifdef should be removed if lookup_page_ext()
> > is possible to return NULL. It sounds not make sense returning NULL
> > only when DEBUG_VM is enabled. It should return NULL no matter what
> > debug config is selected. If Joonsoo agrees with me I'm going to
> > come up with a patch to fix it.
Agreed but let's wait for Minchan's response.
Thanks.
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
^ permalink raw reply [flat|nested] 57+ messages in thread
* Re: [PATCH] mm: check the return value of lookup_page_ext for all call sites
@ 2016-05-27 6:08 ` Joonsoo Kim
0 siblings, 0 replies; 57+ messages in thread
From: Joonsoo Kim @ 2016-05-27 6:08 UTC (permalink / raw)
To: Minchan Kim; +Cc: Shi, Yang, akpm, linux-kernel, linux-mm, linaro-kernel
On Fri, May 27, 2016 at 02:14:32PM +0900, Minchan Kim wrote:
> On Thu, May 26, 2016 at 04:15:28PM -0700, Shi, Yang wrote:
> > On 5/25/2016 5:37 PM, Minchan Kim wrote:
> > >On Tue, May 24, 2016 at 11:58:11AM +0900, Minchan Kim wrote:
> > >>On Mon, May 23, 2016 at 10:16:08AM -0700, Yang Shi wrote:
> > >>>Per the discussion with Joonsoo Kim [1], we need check the return value of
> > >>>lookup_page_ext() for all call sites since it might return NULL in some cases,
> > >>>although it is unlikely, i.e. memory hotplug.
> > >>>
> > >>>Tested with ltp with "page_owner=0".
> > >>>
> > >>>[1] http://lkml.kernel.org/r/20160519002809.GA10245@js1304-P5Q-DELUXE
> > >>>
> > >>>Signed-off-by: Yang Shi <yang.shi@linaro.org>
> > >>
> > >>I didn't read code code in detail to see how page_ext memory space
> > >>allocated in boot code and memory hotplug but to me, it's not good
> > >>to check NULL whenever we calls lookup_page_ext.
> > >>
> > >>More dangerous thing is now page_ext is used by optionable feature(ie, not
> > >>critical for system stability) but if we want to use page_ext as
> > >>another important tool for the system in future,
> > >>it could be a serious problem.
Hello, Minchan.
I wonder how pages that isn't managed by kernel yet will cause serious
problem. Until onlining, these pages are out of our scope. Any
information about them would be useless until it is actually
activated. I guess that returning NULL for those pages will not hurt
any functionality. Do you have any possible scenario that this causes the
serious problem?
And, allocation such memory space doesn't come from free. If someone
just add the memory device and don't online it, these memory will be
wasted. I don't know if there is such a usecase but it's possible
scenario.
> > >>
> > >>Can we put some hooks of page_ext into memory-hotplug so guarantee
> > >>that page_ext memory space is allocated with memmap space at the
> > >>same time? IOW, once every PFN wakers find a page is valid, page_ext
> > >>is valid, too so lookup_page_ext never returns NULL on valid page
> > >>by design.
> > >>
> > >>I hope we consider this direction, too.
> > >
> > >Yang, Could you think about this?
> >
> > Thanks a lot for the suggestion. Sorry for the late reply, I was
> > busy on preparing patches. I do agree this is a direction we should
> > look into, but I haven't got time to think about it deeper. I hope
> > Joonsoo could chime in too since he is the original author for page
> > extension.
> >
> > >
> > >Even, your patch was broken, I think.
> > >It doesn't work with !CONFIG_DEBUG_VM && !CONFIG_PAGE_POISONING because
> > >lookup_page_ext doesn't return NULL in that case.
> >
> > Actually, I think the #ifdef should be removed if lookup_page_ext()
> > is possible to return NULL. It sounds not make sense returning NULL
> > only when DEBUG_VM is enabled. It should return NULL no matter what
> > debug config is selected. If Joonsoo agrees with me I'm going to
> > come up with a patch to fix it.
Agreed but let's wait for Minchan's response.
Thanks.
^ permalink raw reply [flat|nested] 57+ messages in thread
* Re: [PATCH] mm: check the return value of lookup_page_ext for all call sites
2016-05-27 6:08 ` Joonsoo Kim
@ 2016-05-27 8:11 ` Minchan Kim
-1 siblings, 0 replies; 57+ messages in thread
From: Minchan Kim @ 2016-05-27 8:11 UTC (permalink / raw)
To: Joonsoo Kim
Cc: Shi, Yang, akpm, linux-kernel, linux-mm, linaro-kernel, Tang Chen,
Yasuaki Ishimatsu, Kamezawa Hiroyuki
On Fri, May 27, 2016 at 03:08:39PM +0900, Joonsoo Kim wrote:
> On Fri, May 27, 2016 at 02:14:32PM +0900, Minchan Kim wrote:
> > On Thu, May 26, 2016 at 04:15:28PM -0700, Shi, Yang wrote:
> > > On 5/25/2016 5:37 PM, Minchan Kim wrote:
> > > >On Tue, May 24, 2016 at 11:58:11AM +0900, Minchan Kim wrote:
> > > >>On Mon, May 23, 2016 at 10:16:08AM -0700, Yang Shi wrote:
> > > >>>Per the discussion with Joonsoo Kim [1], we need check the return value of
> > > >>>lookup_page_ext() for all call sites since it might return NULL in some cases,
> > > >>>although it is unlikely, i.e. memory hotplug.
> > > >>>
> > > >>>Tested with ltp with "page_owner=0".
> > > >>>
> > > >>>[1] http://lkml.kernel.org/r/20160519002809.GA10245@js1304-P5Q-DELUXE
> > > >>>
> > > >>>Signed-off-by: Yang Shi <yang.shi@linaro.org>
> > > >>
> > > >>I didn't read code code in detail to see how page_ext memory space
> > > >>allocated in boot code and memory hotplug but to me, it's not good
> > > >>to check NULL whenever we calls lookup_page_ext.
> > > >>
> > > >>More dangerous thing is now page_ext is used by optionable feature(ie, not
> > > >>critical for system stability) but if we want to use page_ext as
> > > >>another important tool for the system in future,
> > > >>it could be a serious problem.
>
> Hello, Minchan.
Hi Joonsoo,
>
> I wonder how pages that isn't managed by kernel yet will cause serious
> problem. Until onlining, these pages are out of our scope. Any
> information about them would be useless until it is actually
> activated. I guess that returning NULL for those pages will not hurt
> any functionality. Do you have any possible scenario that this causes the
> serious problem?
I don't have any specific usecase now. That's why I said "in future".
And I don't want to argue whether there is possible scenario or not
to make the feature useful but if you want, I should write novel.
One of example, pop up my mind, xen, hv and even memory_hotplug itself
might want to use page_ext for their functionality extension to hook
guest pages.
My opinion is that page_ext is extension of struct page so it would
be better to allow any operation on struct page without any limitation
if we can do it. Whether it's useful or useless depend on random
usecase and we don't need to limit that way from the beginning.
However, current design allows deferred page_ext population so any user
of page_ext should keep it in mind and should either make fallback plan
or don't use page_ext for those cases. If we decide go this way through
discussion, at least, we should make such limitation more clear to
somewhere in this chance, maybe around page_ext_operation->need comment.
My comment's point is that we should consider that way at least. It's
worth to discuss pros and cons, what's the best and what makes that way
hesitate if we can't.
>
> And, allocation such memory space doesn't come from free. If someone
> just add the memory device and don't online it, these memory will be
Here goes several questions.
Cced hotplug guys
1.
If someone just add the memory device without onlining, kernel code
can return pfn_valid == true on the offlined page?
2.
If so, it means memmap on offline memory is already populated somewhere.
Where is the memmap allocated? part of offlined memory space or other memory?
3. Could we allocate page_ext in part of offline memory space so that
it doesn't consume online memory.
> wasted. I don't know if there is such a usecase but it's possible
> scenario.
>
> > > >>
> > > >>Can we put some hooks of page_ext into memory-hotplug so guarantee
> > > >>that page_ext memory space is allocated with memmap space at the
> > > >>same time? IOW, once every PFN wakers find a page is valid, page_ext
> > > >>is valid, too so lookup_page_ext never returns NULL on valid page
> > > >>by design.
> > > >>
> > > >>I hope we consider this direction, too.
> > > >
> > > >Yang, Could you think about this?
> > >
> > > Thanks a lot for the suggestion. Sorry for the late reply, I was
> > > busy on preparing patches. I do agree this is a direction we should
> > > look into, but I haven't got time to think about it deeper. I hope
> > > Joonsoo could chime in too since he is the original author for page
> > > extension.
> > >
> > > >
> > > >Even, your patch was broken, I think.
> > > >It doesn't work with !CONFIG_DEBUG_VM && !CONFIG_PAGE_POISONING because
> > > >lookup_page_ext doesn't return NULL in that case.
> > >
> > > Actually, I think the #ifdef should be removed if lookup_page_ext()
> > > is possible to return NULL. It sounds not make sense returning NULL
> > > only when DEBUG_VM is enabled. It should return NULL no matter what
> > > debug config is selected. If Joonsoo agrees with me I'm going to
> > > come up with a patch to fix it.
>
> Agreed but let's wait for Minchan's response.
If we goes this way, how to guarantee this race?
kpageflags_read
stable_page_flags
page_is_idle
lookup_page_ext
section = __pfn_to_section(pfn)
offline_pages
memory_notify(MEM_OFFLINE)
offline_page_ext
ms->page_ext = NULL
section->page_ext + pfn
>
> Thanks.
>
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
^ permalink raw reply [flat|nested] 57+ messages in thread
* Re: [PATCH] mm: check the return value of lookup_page_ext for all call sites
@ 2016-05-27 8:11 ` Minchan Kim
0 siblings, 0 replies; 57+ messages in thread
From: Minchan Kim @ 2016-05-27 8:11 UTC (permalink / raw)
To: Joonsoo Kim
Cc: Shi, Yang, akpm, linux-kernel, linux-mm, linaro-kernel, Tang Chen,
Yasuaki Ishimatsu, Kamezawa Hiroyuki
On Fri, May 27, 2016 at 03:08:39PM +0900, Joonsoo Kim wrote:
> On Fri, May 27, 2016 at 02:14:32PM +0900, Minchan Kim wrote:
> > On Thu, May 26, 2016 at 04:15:28PM -0700, Shi, Yang wrote:
> > > On 5/25/2016 5:37 PM, Minchan Kim wrote:
> > > >On Tue, May 24, 2016 at 11:58:11AM +0900, Minchan Kim wrote:
> > > >>On Mon, May 23, 2016 at 10:16:08AM -0700, Yang Shi wrote:
> > > >>>Per the discussion with Joonsoo Kim [1], we need check the return value of
> > > >>>lookup_page_ext() for all call sites since it might return NULL in some cases,
> > > >>>although it is unlikely, i.e. memory hotplug.
> > > >>>
> > > >>>Tested with ltp with "page_owner=0".
> > > >>>
> > > >>>[1] http://lkml.kernel.org/r/20160519002809.GA10245@js1304-P5Q-DELUXE
> > > >>>
> > > >>>Signed-off-by: Yang Shi <yang.shi@linaro.org>
> > > >>
> > > >>I didn't read code code in detail to see how page_ext memory space
> > > >>allocated in boot code and memory hotplug but to me, it's not good
> > > >>to check NULL whenever we calls lookup_page_ext.
> > > >>
> > > >>More dangerous thing is now page_ext is used by optionable feature(ie, not
> > > >>critical for system stability) but if we want to use page_ext as
> > > >>another important tool for the system in future,
> > > >>it could be a serious problem.
>
> Hello, Minchan.
Hi Joonsoo,
>
> I wonder how pages that isn't managed by kernel yet will cause serious
> problem. Until onlining, these pages are out of our scope. Any
> information about them would be useless until it is actually
> activated. I guess that returning NULL for those pages will not hurt
> any functionality. Do you have any possible scenario that this causes the
> serious problem?
I don't have any specific usecase now. That's why I said "in future".
And I don't want to argue whether there is possible scenario or not
to make the feature useful but if you want, I should write novel.
One of example, pop up my mind, xen, hv and even memory_hotplug itself
might want to use page_ext for their functionality extension to hook
guest pages.
My opinion is that page_ext is extension of struct page so it would
be better to allow any operation on struct page without any limitation
if we can do it. Whether it's useful or useless depend on random
usecase and we don't need to limit that way from the beginning.
However, current design allows deferred page_ext population so any user
of page_ext should keep it in mind and should either make fallback plan
or don't use page_ext for those cases. If we decide go this way through
discussion, at least, we should make such limitation more clear to
somewhere in this chance, maybe around page_ext_operation->need comment.
My comment's point is that we should consider that way at least. It's
worth to discuss pros and cons, what's the best and what makes that way
hesitate if we can't.
>
> And, allocation such memory space doesn't come from free. If someone
> just add the memory device and don't online it, these memory will be
Here goes several questions.
Cced hotplug guys
1.
If someone just add the memory device without onlining, kernel code
can return pfn_valid == true on the offlined page?
2.
If so, it means memmap on offline memory is already populated somewhere.
Where is the memmap allocated? part of offlined memory space or other memory?
3. Could we allocate page_ext in part of offline memory space so that
it doesn't consume online memory.
> wasted. I don't know if there is such a usecase but it's possible
> scenario.
>
> > > >>
> > > >>Can we put some hooks of page_ext into memory-hotplug so guarantee
> > > >>that page_ext memory space is allocated with memmap space at the
> > > >>same time? IOW, once every PFN wakers find a page is valid, page_ext
> > > >>is valid, too so lookup_page_ext never returns NULL on valid page
> > > >>by design.
> > > >>
> > > >>I hope we consider this direction, too.
> > > >
> > > >Yang, Could you think about this?
> > >
> > > Thanks a lot for the suggestion. Sorry for the late reply, I was
> > > busy on preparing patches. I do agree this is a direction we should
> > > look into, but I haven't got time to think about it deeper. I hope
> > > Joonsoo could chime in too since he is the original author for page
> > > extension.
> > >
> > > >
> > > >Even, your patch was broken, I think.
> > > >It doesn't work with !CONFIG_DEBUG_VM && !CONFIG_PAGE_POISONING because
> > > >lookup_page_ext doesn't return NULL in that case.
> > >
> > > Actually, I think the #ifdef should be removed if lookup_page_ext()
> > > is possible to return NULL. It sounds not make sense returning NULL
> > > only when DEBUG_VM is enabled. It should return NULL no matter what
> > > debug config is selected. If Joonsoo agrees with me I'm going to
> > > come up with a patch to fix it.
>
> Agreed but let's wait for Minchan's response.
If we goes this way, how to guarantee this race?
kpageflags_read
stable_page_flags
page_is_idle
lookup_page_ext
section = __pfn_to_section(pfn)
offline_pages
memory_notify(MEM_OFFLINE)
offline_page_ext
ms->page_ext = NULL
section->page_ext + pfn
>
> Thanks.
>
^ permalink raw reply [flat|nested] 57+ messages in thread
* Re: [PATCH] mm: check the return value of lookup_page_ext for all call sites
2016-05-27 8:11 ` Minchan Kim
@ 2016-05-27 18:16 ` Shi, Yang
-1 siblings, 0 replies; 57+ messages in thread
From: Shi, Yang @ 2016-05-27 18:16 UTC (permalink / raw)
To: Minchan Kim, Joonsoo Kim
Cc: akpm, linux-kernel, linux-mm, linaro-kernel, Tang Chen,
Yasuaki Ishimatsu, Kamezawa Hiroyuki
On 5/27/2016 1:11 AM, Minchan Kim wrote:
> On Fri, May 27, 2016 at 03:08:39PM +0900, Joonsoo Kim wrote:
>> On Fri, May 27, 2016 at 02:14:32PM +0900, Minchan Kim wrote:
>>> On Thu, May 26, 2016 at 04:15:28PM -0700, Shi, Yang wrote:
>>>> On 5/25/2016 5:37 PM, Minchan Kim wrote:
>>>>> On Tue, May 24, 2016 at 11:58:11AM +0900, Minchan Kim wrote:
>>>>>> On Mon, May 23, 2016 at 10:16:08AM -0700, Yang Shi wrote:
>>>>>>> Per the discussion with Joonsoo Kim [1], we need check the return value of
>>>>>>> lookup_page_ext() for all call sites since it might return NULL in some cases,
>>>>>>> although it is unlikely, i.e. memory hotplug.
>>>>>>>
>>>>>>> Tested with ltp with "page_owner=0".
>>>>>>>
>>>>>>> [1] http://lkml.kernel.org/r/20160519002809.GA10245@js1304-P5Q-DELUXE
>>>>>>>
>>>>>>> Signed-off-by: Yang Shi <yang.shi@linaro.org>
>>>>>>
>>>>>> I didn't read code code in detail to see how page_ext memory space
>>>>>> allocated in boot code and memory hotplug but to me, it's not good
>>>>>> to check NULL whenever we calls lookup_page_ext.
>>>>>>
>>>>>> More dangerous thing is now page_ext is used by optionable feature(ie, not
>>>>>> critical for system stability) but if we want to use page_ext as
>>>>>> another important tool for the system in future,
>>>>>> it could be a serious problem.
>>
>> Hello, Minchan.
>
> Hi Joonsoo,
>
>>
>> I wonder how pages that isn't managed by kernel yet will cause serious
>> problem. Until onlining, these pages are out of our scope. Any
>> information about them would be useless until it is actually
>> activated. I guess that returning NULL for those pages will not hurt
>> any functionality. Do you have any possible scenario that this causes the
>> serious problem?
>
> I don't have any specific usecase now. That's why I said "in future".
> And I don't want to argue whether there is possible scenario or not
> to make the feature useful but if you want, I should write novel.
> One of example, pop up my mind, xen, hv and even memory_hotplug itself
> might want to use page_ext for their functionality extension to hook
> guest pages.
>
> My opinion is that page_ext is extension of struct page so it would
> be better to allow any operation on struct page without any limitation
> if we can do it. Whether it's useful or useless depend on random
> usecase and we don't need to limit that way from the beginning.
>
> However, current design allows deferred page_ext population so any user
> of page_ext should keep it in mind and should either make fallback plan
> or don't use page_ext for those cases. If we decide go this way through
> discussion, at least, we should make such limitation more clear to
> somewhere in this chance, maybe around page_ext_operation->need comment.
>
> My comment's point is that we should consider that way at least. It's
> worth to discuss pros and cons, what's the best and what makes that way
> hesitate if we can't.
>
>>
>> And, allocation such memory space doesn't come from free. If someone
>> just add the memory device and don't online it, these memory will be
>
> Here goes several questions.
> Cced hotplug guys
>
> 1.
> If someone just add the memory device without onlining, kernel code
> can return pfn_valid == true on the offlined page?
>
> 2.
> If so, it means memmap on offline memory is already populated somewhere.
> Where is the memmap allocated? part of offlined memory space or other memory?
>
> 3. Could we allocate page_ext in part of offline memory space so that
> it doesn't consume online memory.
>
>> wasted. I don't know if there is such a usecase but it's possible
>> scenario.
>
>>
>>>>>>
>>>>>> Can we put some hooks of page_ext into memory-hotplug so guarantee
>>>>>> that page_ext memory space is allocated with memmap space at the
>>>>>> same time? IOW, once every PFN wakers find a page is valid, page_ext
>>>>>> is valid, too so lookup_page_ext never returns NULL on valid page
>>>>>> by design.
>>>>>>
>>>>>> I hope we consider this direction, too.
>>>>>
>>>>> Yang, Could you think about this?
>>>>
>>>> Thanks a lot for the suggestion. Sorry for the late reply, I was
>>>> busy on preparing patches. I do agree this is a direction we should
>>>> look into, but I haven't got time to think about it deeper. I hope
>>>> Joonsoo could chime in too since he is the original author for page
>>>> extension.
>>>>
>>>>>
>>>>> Even, your patch was broken, I think.
>>>>> It doesn't work with !CONFIG_DEBUG_VM && !CONFIG_PAGE_POISONING because
>>>>> lookup_page_ext doesn't return NULL in that case.
>>>>
>>>> Actually, I think the #ifdef should be removed if lookup_page_ext()
>>>> is possible to return NULL. It sounds not make sense returning NULL
>>>> only when DEBUG_VM is enabled. It should return NULL no matter what
>>>> debug config is selected. If Joonsoo agrees with me I'm going to
>>>> come up with a patch to fix it.
>>
>> Agreed but let's wait for Minchan's response.
>
> If we goes this way, how to guarantee this race?
Thanks for pointing out this. It sounds reasonable. However, this should
be only possible to happen on 32 bit since just 32 bit version
page_is_idle() calls lookup_page_ext(), it doesn't do it on 64 bit.
And, such race condition should exist regardless of whether DEBUG_VM is
enabled or not, right?
rcu might be good enough to protect it.
A quick fix may look like:
diff --git a/include/linux/page_idle.h b/include/linux/page_idle.h
index 8f5d4ad..bf0cd6a 100644
--- a/include/linux/page_idle.h
+++ b/include/linux/page_idle.h
@@ -77,8 +77,12 @@ static inline bool test_and_clear_page_young(struct
page *page)
static inline bool page_is_idle(struct page *page)
{
struct page_ext *page_ext;
+
+ rcu_read_lock();
page_ext = lookup_page_ext(page);
+ rcu_read_unlock();
+
if (unlikely(!page_ext))
return false;
diff --git a/mm/page_ext.c b/mm/page_ext.c
index 56b160f..94927c9 100644
--- a/mm/page_ext.c
+++ b/mm/page_ext.c
@@ -183,7 +183,6 @@ struct page_ext *lookup_page_ext(struct page *page)
{
unsigned long pfn = page_to_pfn(page);
struct mem_section *section = __pfn_to_section(pfn);
-#if defined(CONFIG_DEBUG_VM) || defined(CONFIG_PAGE_POISONING)
/*
* The sanity checks the page allocator does upon freeing a
* page can reach here before the page_ext arrays are
@@ -195,7 +194,7 @@ struct page_ext *lookup_page_ext(struct page *page)
*/
if (!section->page_ext)
return NULL;
-#endif
+
return section->page_ext + pfn;
}
@@ -279,7 +278,8 @@ static void __free_page_ext(unsigned long pfn)
return;
base = ms->page_ext + pfn;
free_page_ext(base);
- ms->page_ext = NULL;
+ rcu_assign_pointer(ms->page_ext, NULL);
+ synchronize_rcu();
}
static int __meminit online_page_ext(unsigned long start_pfn,
Thanks,
Yang
>
> kpageflags_read
> stable_page_flags
> page_is_idle
> lookup_page_ext
> section = __pfn_to_section(pfn)
> offline_pages
> memory_notify(MEM_OFFLINE)
> offline_page_ext
> ms->page_ext = NULL
> section->page_ext + pfn
>
>>
>> Thanks.
>>
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
^ permalink raw reply related [flat|nested] 57+ messages in thread
* Re: [PATCH] mm: check the return value of lookup_page_ext for all call sites
@ 2016-05-27 18:16 ` Shi, Yang
0 siblings, 0 replies; 57+ messages in thread
From: Shi, Yang @ 2016-05-27 18:16 UTC (permalink / raw)
To: Minchan Kim, Joonsoo Kim
Cc: akpm, linux-kernel, linux-mm, linaro-kernel, Tang Chen,
Yasuaki Ishimatsu, Kamezawa Hiroyuki
On 5/27/2016 1:11 AM, Minchan Kim wrote:
> On Fri, May 27, 2016 at 03:08:39PM +0900, Joonsoo Kim wrote:
>> On Fri, May 27, 2016 at 02:14:32PM +0900, Minchan Kim wrote:
>>> On Thu, May 26, 2016 at 04:15:28PM -0700, Shi, Yang wrote:
>>>> On 5/25/2016 5:37 PM, Minchan Kim wrote:
>>>>> On Tue, May 24, 2016 at 11:58:11AM +0900, Minchan Kim wrote:
>>>>>> On Mon, May 23, 2016 at 10:16:08AM -0700, Yang Shi wrote:
>>>>>>> Per the discussion with Joonsoo Kim [1], we need check the return value of
>>>>>>> lookup_page_ext() for all call sites since it might return NULL in some cases,
>>>>>>> although it is unlikely, i.e. memory hotplug.
>>>>>>>
>>>>>>> Tested with ltp with "page_owner=0".
>>>>>>>
>>>>>>> [1] http://lkml.kernel.org/r/20160519002809.GA10245@js1304-P5Q-DELUXE
>>>>>>>
>>>>>>> Signed-off-by: Yang Shi <yang.shi@linaro.org>
>>>>>>
>>>>>> I didn't read code code in detail to see how page_ext memory space
>>>>>> allocated in boot code and memory hotplug but to me, it's not good
>>>>>> to check NULL whenever we calls lookup_page_ext.
>>>>>>
>>>>>> More dangerous thing is now page_ext is used by optionable feature(ie, not
>>>>>> critical for system stability) but if we want to use page_ext as
>>>>>> another important tool for the system in future,
>>>>>> it could be a serious problem.
>>
>> Hello, Minchan.
>
> Hi Joonsoo,
>
>>
>> I wonder how pages that isn't managed by kernel yet will cause serious
>> problem. Until onlining, these pages are out of our scope. Any
>> information about them would be useless until it is actually
>> activated. I guess that returning NULL for those pages will not hurt
>> any functionality. Do you have any possible scenario that this causes the
>> serious problem?
>
> I don't have any specific usecase now. That's why I said "in future".
> And I don't want to argue whether there is possible scenario or not
> to make the feature useful but if you want, I should write novel.
> One of example, pop up my mind, xen, hv and even memory_hotplug itself
> might want to use page_ext for their functionality extension to hook
> guest pages.
>
> My opinion is that page_ext is extension of struct page so it would
> be better to allow any operation on struct page without any limitation
> if we can do it. Whether it's useful or useless depend on random
> usecase and we don't need to limit that way from the beginning.
>
> However, current design allows deferred page_ext population so any user
> of page_ext should keep it in mind and should either make fallback plan
> or don't use page_ext for those cases. If we decide go this way through
> discussion, at least, we should make such limitation more clear to
> somewhere in this chance, maybe around page_ext_operation->need comment.
>
> My comment's point is that we should consider that way at least. It's
> worth to discuss pros and cons, what's the best and what makes that way
> hesitate if we can't.
>
>>
>> And, allocation such memory space doesn't come from free. If someone
>> just add the memory device and don't online it, these memory will be
>
> Here goes several questions.
> Cced hotplug guys
>
> 1.
> If someone just add the memory device without onlining, kernel code
> can return pfn_valid == true on the offlined page?
>
> 2.
> If so, it means memmap on offline memory is already populated somewhere.
> Where is the memmap allocated? part of offlined memory space or other memory?
>
> 3. Could we allocate page_ext in part of offline memory space so that
> it doesn't consume online memory.
>
>> wasted. I don't know if there is such a usecase but it's possible
>> scenario.
>
>>
>>>>>>
>>>>>> Can we put some hooks of page_ext into memory-hotplug so guarantee
>>>>>> that page_ext memory space is allocated with memmap space at the
>>>>>> same time? IOW, once every PFN wakers find a page is valid, page_ext
>>>>>> is valid, too so lookup_page_ext never returns NULL on valid page
>>>>>> by design.
>>>>>>
>>>>>> I hope we consider this direction, too.
>>>>>
>>>>> Yang, Could you think about this?
>>>>
>>>> Thanks a lot for the suggestion. Sorry for the late reply, I was
>>>> busy on preparing patches. I do agree this is a direction we should
>>>> look into, but I haven't got time to think about it deeper. I hope
>>>> Joonsoo could chime in too since he is the original author for page
>>>> extension.
>>>>
>>>>>
>>>>> Even, your patch was broken, I think.
>>>>> It doesn't work with !CONFIG_DEBUG_VM && !CONFIG_PAGE_POISONING because
>>>>> lookup_page_ext doesn't return NULL in that case.
>>>>
>>>> Actually, I think the #ifdef should be removed if lookup_page_ext()
>>>> is possible to return NULL. It sounds not make sense returning NULL
>>>> only when DEBUG_VM is enabled. It should return NULL no matter what
>>>> debug config is selected. If Joonsoo agrees with me I'm going to
>>>> come up with a patch to fix it.
>>
>> Agreed but let's wait for Minchan's response.
>
> If we goes this way, how to guarantee this race?
Thanks for pointing out this. It sounds reasonable. However, this should
be only possible to happen on 32 bit since just 32 bit version
page_is_idle() calls lookup_page_ext(), it doesn't do it on 64 bit.
And, such race condition should exist regardless of whether DEBUG_VM is
enabled or not, right?
rcu might be good enough to protect it.
A quick fix may look like:
diff --git a/include/linux/page_idle.h b/include/linux/page_idle.h
index 8f5d4ad..bf0cd6a 100644
--- a/include/linux/page_idle.h
+++ b/include/linux/page_idle.h
@@ -77,8 +77,12 @@ static inline bool test_and_clear_page_young(struct
page *page)
static inline bool page_is_idle(struct page *page)
{
struct page_ext *page_ext;
+
+ rcu_read_lock();
page_ext = lookup_page_ext(page);
+ rcu_read_unlock();
+
if (unlikely(!page_ext))
return false;
diff --git a/mm/page_ext.c b/mm/page_ext.c
index 56b160f..94927c9 100644
--- a/mm/page_ext.c
+++ b/mm/page_ext.c
@@ -183,7 +183,6 @@ struct page_ext *lookup_page_ext(struct page *page)
{
unsigned long pfn = page_to_pfn(page);
struct mem_section *section = __pfn_to_section(pfn);
-#if defined(CONFIG_DEBUG_VM) || defined(CONFIG_PAGE_POISONING)
/*
* The sanity checks the page allocator does upon freeing a
* page can reach here before the page_ext arrays are
@@ -195,7 +194,7 @@ struct page_ext *lookup_page_ext(struct page *page)
*/
if (!section->page_ext)
return NULL;
-#endif
+
return section->page_ext + pfn;
}
@@ -279,7 +278,8 @@ static void __free_page_ext(unsigned long pfn)
return;
base = ms->page_ext + pfn;
free_page_ext(base);
- ms->page_ext = NULL;
+ rcu_assign_pointer(ms->page_ext, NULL);
+ synchronize_rcu();
}
static int __meminit online_page_ext(unsigned long start_pfn,
Thanks,
Yang
>
> kpageflags_read
> stable_page_flags
> page_is_idle
> lookup_page_ext
> section = __pfn_to_section(pfn)
> offline_pages
> memory_notify(MEM_OFFLINE)
> offline_page_ext
> ms->page_ext = NULL
> section->page_ext + pfn
>
>>
>> Thanks.
>>
^ permalink raw reply related [flat|nested] 57+ messages in thread
* Re: [PATCH] mm: check the return value of lookup_page_ext for all call sites
2016-05-26 23:15 ` Shi, Yang
@ 2016-05-27 20:02 ` Andrew Morton
-1 siblings, 0 replies; 57+ messages in thread
From: Andrew Morton @ 2016-05-27 20:02 UTC (permalink / raw)
To: Shi, Yang
Cc: Minchan Kim, iamjoonsoo.kim, linux-kernel, linux-mm,
linaro-kernel
On Thu, 26 May 2016 16:15:28 -0700 "Shi, Yang" <yang.shi@linaro.org> wrote:
> >>
> >> I hope we consider this direction, too.
> >
> > Yang, Could you think about this?
>
> Thanks a lot for the suggestion. Sorry for the late reply, I was busy on
> preparing patches. I do agree this is a direction we should look into,
> but I haven't got time to think about it deeper. I hope Joonsoo could
> chime in too since he is the original author for page extension.
>
> >
> > Even, your patch was broken, I think.
> > It doesn't work with !CONFIG_DEBUG_VM && !CONFIG_PAGE_POISONING because
> > lookup_page_ext doesn't return NULL in that case.
>
> Actually, I think the #ifdef should be removed if lookup_page_ext() is
> possible to return NULL. It sounds not make sense returning NULL only
> when DEBUG_VM is enabled. It should return NULL no matter what debug
> config is selected. If Joonsoo agrees with me I'm going to come up with
> a patch to fix it.
>
I've lost the plot here. What is the status of this patch?
Latest version:
From: Yang Shi <yang.shi@linaro.org>
Subject: mm: check the return value of lookup_page_ext for all call sites
Per the discussion with Joonsoo Kim [1], we need check the return value of
lookup_page_ext() for all call sites since it might return NULL in some
cases, although it is unlikely, i.e. memory hotplug.
Tested with ltp with "page_owner=0".
[1] http://lkml.kernel.org/r/20160519002809.GA10245@js1304-P5Q-DELUXE
[akpm@linux-foundation.org: fix build-breaking typos]
[arnd@arndb.de: fix build problems from lookup_page_ext]
Link: http://lkml.kernel.org/r/6285269.2CksypHdYp@wuerfel
[akpm@linux-foundation.org: coding-style fixes]
Link: http://lkml.kernel.org/r/1464023768-31025-1-git-send-email-yang.shi@linaro.org
Signed-off-by: Yang Shi <yang.shi@linaro.org>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---
include/linux/page_idle.h | 43 ++++++++++++++++++++++++++++++------
mm/page_alloc.c | 6 +++++
mm/page_owner.c | 26 +++++++++++++++++++++
mm/page_poison.c | 8 +++++-
mm/vmstat.c | 2 +
5 files changed, 77 insertions(+), 8 deletions(-)
diff -puN include/linux/page_idle.h~mm-check-the-return-value-of-lookup_page_ext-for-all-call-sites include/linux/page_idle.h
--- a/include/linux/page_idle.h~mm-check-the-return-value-of-lookup_page_ext-for-all-call-sites
+++ a/include/linux/page_idle.h
@@ -46,33 +46,62 @@ extern struct page_ext_operations page_i
static inline bool page_is_young(struct page *page)
{
- return test_bit(PAGE_EXT_YOUNG, &lookup_page_ext(page)->flags);
+ struct page_ext *page_ext = lookup_page_ext(page);
+
+ if (unlikely(!page_ext))
+ return false;
+
+ return test_bit(PAGE_EXT_YOUNG, &page_ext->flags);
}
static inline void set_page_young(struct page *page)
{
- set_bit(PAGE_EXT_YOUNG, &lookup_page_ext(page)->flags);
+ struct page_ext *page_ext = lookup_page_ext(page);
+
+ if (unlikely(!page_ext))
+ return;
+
+ set_bit(PAGE_EXT_YOUNG, &page_ext->flags);
}
static inline bool test_and_clear_page_young(struct page *page)
{
- return test_and_clear_bit(PAGE_EXT_YOUNG,
- &lookup_page_ext(page)->flags);
+ struct page_ext *page_ext = lookup_page_ext(page);
+
+ if (unlikely(!page_ext))
+ return false;
+
+ return test_and_clear_bit(PAGE_EXT_YOUNG, &page_ext->flags);
}
static inline bool page_is_idle(struct page *page)
{
- return test_bit(PAGE_EXT_IDLE, &lookup_page_ext(page)->flags);
+ struct page_ext *page_ext = lookup_page_ext(page);
+
+ if (unlikely(!page_ext))
+ return false;
+
+ return test_bit(PAGE_EXT_IDLE, &page_ext->flags);
}
static inline void set_page_idle(struct page *page)
{
- set_bit(PAGE_EXT_IDLE, &lookup_page_ext(page)->flags);
+ struct page_ext *page_ext = lookup_page_ext(page);
+
+ if (unlikely(!page_ext))
+ return;
+
+ set_bit(PAGE_EXT_IDLE, &page_ext->flags);
}
static inline void clear_page_idle(struct page *page)
{
- clear_bit(PAGE_EXT_IDLE, &lookup_page_ext(page)->flags);
+ struct page_ext *page_ext = lookup_page_ext(page);
+
+ if (unlikely(!page_ext))
+ return;
+
+ clear_bit(PAGE_EXT_IDLE, &page_ext->flags);
}
#endif /* CONFIG_64BIT */
diff -puN mm/page_alloc.c~mm-check-the-return-value-of-lookup_page_ext-for-all-call-sites mm/page_alloc.c
--- a/mm/page_alloc.c~mm-check-the-return-value-of-lookup_page_ext-for-all-call-sites
+++ a/mm/page_alloc.c
@@ -656,6 +656,9 @@ static inline void set_page_guard(struct
return;
page_ext = lookup_page_ext(page);
+ if (unlikely(!page_ext))
+ return;
+
__set_bit(PAGE_EXT_DEBUG_GUARD, &page_ext->flags);
INIT_LIST_HEAD(&page->lru);
@@ -673,6 +676,9 @@ static inline void clear_page_guard(stru
return;
page_ext = lookup_page_ext(page);
+ if (unlikely(!page_ext))
+ return;
+
__clear_bit(PAGE_EXT_DEBUG_GUARD, &page_ext->flags);
set_page_private(page, 0);
diff -puN mm/page_owner.c~mm-check-the-return-value-of-lookup_page_ext-for-all-call-sites mm/page_owner.c
--- a/mm/page_owner.c~mm-check-the-return-value-of-lookup_page_ext-for-all-call-sites
+++ a/mm/page_owner.c
@@ -55,6 +55,8 @@ void __reset_page_owner(struct page *pag
for (i = 0; i < (1 << order); i++) {
page_ext = lookup_page_ext(page + i);
+ if (unlikely(!page_ext))
+ continue;
__clear_bit(PAGE_EXT_OWNER, &page_ext->flags);
}
}
@@ -62,6 +64,7 @@ void __reset_page_owner(struct page *pag
void __set_page_owner(struct page *page, unsigned int order, gfp_t gfp_mask)
{
struct page_ext *page_ext = lookup_page_ext(page);
+
struct stack_trace trace = {
.nr_entries = 0,
.max_entries = ARRAY_SIZE(page_ext->trace_entries),
@@ -69,6 +72,9 @@ void __set_page_owner(struct page *page,
.skip = 3,
};
+ if (unlikely(!page_ext))
+ return;
+
save_stack_trace(&trace);
page_ext->order = order;
@@ -82,6 +88,8 @@ void __set_page_owner(struct page *page,
void __set_page_owner_migrate_reason(struct page *page, int reason)
{
struct page_ext *page_ext = lookup_page_ext(page);
+ if (unlikely(!page_ext))
+ return;
page_ext->last_migrate_reason = reason;
}
@@ -89,6 +97,12 @@ void __set_page_owner_migrate_reason(str
gfp_t __get_page_owner_gfp(struct page *page)
{
struct page_ext *page_ext = lookup_page_ext(page);
+ if (unlikely(!page_ext))
+ /*
+ * The caller just returns 0 if no valid gfp
+ * So return 0 here too.
+ */
+ return 0;
return page_ext->gfp_mask;
}
@@ -99,6 +113,9 @@ void __copy_page_owner(struct page *oldp
struct page_ext *new_ext = lookup_page_ext(newpage);
int i;
+ if (unlikely(!old_ext || !new_ext))
+ return;
+
new_ext->order = old_ext->order;
new_ext->gfp_mask = old_ext->gfp_mask;
new_ext->nr_entries = old_ext->nr_entries;
@@ -193,6 +210,11 @@ void __dump_page_owner(struct page *page
gfp_t gfp_mask = page_ext->gfp_mask;
int mt = gfpflags_to_migratetype(gfp_mask);
+ if (unlikely(!page_ext)) {
+ pr_alert("There is not page extension available.\n");
+ return;
+ }
+
if (!test_bit(PAGE_EXT_OWNER, &page_ext->flags)) {
pr_alert("page_owner info is not active (free page?)\n");
return;
@@ -251,6 +273,8 @@ read_page_owner(struct file *file, char
}
page_ext = lookup_page_ext(page);
+ if (unlikely(!page_ext))
+ continue;
/*
* Some pages could be missed by concurrent allocation or free,
@@ -317,6 +341,8 @@ static void init_pages_in_zone(pg_data_t
continue;
page_ext = lookup_page_ext(page);
+ if (unlikely(!page_ext))
+ continue;
/* Maybe overraping zone */
if (test_bit(PAGE_EXT_OWNER, &page_ext->flags))
diff -puN mm/page_poison.c~mm-check-the-return-value-of-lookup_page_ext-for-all-call-sites mm/page_poison.c
--- a/mm/page_poison.c~mm-check-the-return-value-of-lookup_page_ext-for-all-call-sites
+++ a/mm/page_poison.c
@@ -54,6 +54,9 @@ static inline void set_page_poison(struc
struct page_ext *page_ext;
page_ext = lookup_page_ext(page);
+ if (unlikely(!page_ext))
+ return;
+
__set_bit(PAGE_EXT_DEBUG_POISON, &page_ext->flags);
}
@@ -62,6 +65,9 @@ static inline void clear_page_poison(str
struct page_ext *page_ext;
page_ext = lookup_page_ext(page);
+ if (unlikely(!page_ext))
+ return;
+
__clear_bit(PAGE_EXT_DEBUG_POISON, &page_ext->flags);
}
@@ -70,7 +76,7 @@ bool page_is_poisoned(struct page *page)
struct page_ext *page_ext;
page_ext = lookup_page_ext(page);
- if (!page_ext)
+ if (unlikely(!page_ext))
return false;
return test_bit(PAGE_EXT_DEBUG_POISON, &page_ext->flags);
diff -puN mm/vmstat.c~mm-check-the-return-value-of-lookup_page_ext-for-all-call-sites mm/vmstat.c
--- a/mm/vmstat.c~mm-check-the-return-value-of-lookup_page_ext-for-all-call-sites
+++ a/mm/vmstat.c
@@ -1061,6 +1061,8 @@ static void pagetypeinfo_showmixedcount_
continue;
page_ext = lookup_page_ext(page);
+ if (unlikely(!page_ext))
+ continue;
if (!test_bit(PAGE_EXT_OWNER, &page_ext->flags))
continue;
_
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
^ permalink raw reply [flat|nested] 57+ messages in thread
* Re: [PATCH] mm: check the return value of lookup_page_ext for all call sites
@ 2016-05-27 20:02 ` Andrew Morton
0 siblings, 0 replies; 57+ messages in thread
From: Andrew Morton @ 2016-05-27 20:02 UTC (permalink / raw)
To: Shi, Yang
Cc: Minchan Kim, iamjoonsoo.kim, linux-kernel, linux-mm,
linaro-kernel
On Thu, 26 May 2016 16:15:28 -0700 "Shi, Yang" <yang.shi@linaro.org> wrote:
> >>
> >> I hope we consider this direction, too.
> >
> > Yang, Could you think about this?
>
> Thanks a lot for the suggestion. Sorry for the late reply, I was busy on
> preparing patches. I do agree this is a direction we should look into,
> but I haven't got time to think about it deeper. I hope Joonsoo could
> chime in too since he is the original author for page extension.
>
> >
> > Even, your patch was broken, I think.
> > It doesn't work with !CONFIG_DEBUG_VM && !CONFIG_PAGE_POISONING because
> > lookup_page_ext doesn't return NULL in that case.
>
> Actually, I think the #ifdef should be removed if lookup_page_ext() is
> possible to return NULL. It sounds not make sense returning NULL only
> when DEBUG_VM is enabled. It should return NULL no matter what debug
> config is selected. If Joonsoo agrees with me I'm going to come up with
> a patch to fix it.
>
I've lost the plot here. What is the status of this patch?
Latest version:
From: Yang Shi <yang.shi@linaro.org>
Subject: mm: check the return value of lookup_page_ext for all call sites
Per the discussion with Joonsoo Kim [1], we need check the return value of
lookup_page_ext() for all call sites since it might return NULL in some
cases, although it is unlikely, i.e. memory hotplug.
Tested with ltp with "page_owner=0".
[1] http://lkml.kernel.org/r/20160519002809.GA10245@js1304-P5Q-DELUXE
[akpm@linux-foundation.org: fix build-breaking typos]
[arnd@arndb.de: fix build problems from lookup_page_ext]
Link: http://lkml.kernel.org/r/6285269.2CksypHdYp@wuerfel
[akpm@linux-foundation.org: coding-style fixes]
Link: http://lkml.kernel.org/r/1464023768-31025-1-git-send-email-yang.shi@linaro.org
Signed-off-by: Yang Shi <yang.shi@linaro.org>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---
include/linux/page_idle.h | 43 ++++++++++++++++++++++++++++++------
mm/page_alloc.c | 6 +++++
mm/page_owner.c | 26 +++++++++++++++++++++
mm/page_poison.c | 8 +++++-
mm/vmstat.c | 2 +
5 files changed, 77 insertions(+), 8 deletions(-)
diff -puN include/linux/page_idle.h~mm-check-the-return-value-of-lookup_page_ext-for-all-call-sites include/linux/page_idle.h
--- a/include/linux/page_idle.h~mm-check-the-return-value-of-lookup_page_ext-for-all-call-sites
+++ a/include/linux/page_idle.h
@@ -46,33 +46,62 @@ extern struct page_ext_operations page_i
static inline bool page_is_young(struct page *page)
{
- return test_bit(PAGE_EXT_YOUNG, &lookup_page_ext(page)->flags);
+ struct page_ext *page_ext = lookup_page_ext(page);
+
+ if (unlikely(!page_ext))
+ return false;
+
+ return test_bit(PAGE_EXT_YOUNG, &page_ext->flags);
}
static inline void set_page_young(struct page *page)
{
- set_bit(PAGE_EXT_YOUNG, &lookup_page_ext(page)->flags);
+ struct page_ext *page_ext = lookup_page_ext(page);
+
+ if (unlikely(!page_ext))
+ return;
+
+ set_bit(PAGE_EXT_YOUNG, &page_ext->flags);
}
static inline bool test_and_clear_page_young(struct page *page)
{
- return test_and_clear_bit(PAGE_EXT_YOUNG,
- &lookup_page_ext(page)->flags);
+ struct page_ext *page_ext = lookup_page_ext(page);
+
+ if (unlikely(!page_ext))
+ return false;
+
+ return test_and_clear_bit(PAGE_EXT_YOUNG, &page_ext->flags);
}
static inline bool page_is_idle(struct page *page)
{
- return test_bit(PAGE_EXT_IDLE, &lookup_page_ext(page)->flags);
+ struct page_ext *page_ext = lookup_page_ext(page);
+
+ if (unlikely(!page_ext))
+ return false;
+
+ return test_bit(PAGE_EXT_IDLE, &page_ext->flags);
}
static inline void set_page_idle(struct page *page)
{
- set_bit(PAGE_EXT_IDLE, &lookup_page_ext(page)->flags);
+ struct page_ext *page_ext = lookup_page_ext(page);
+
+ if (unlikely(!page_ext))
+ return;
+
+ set_bit(PAGE_EXT_IDLE, &page_ext->flags);
}
static inline void clear_page_idle(struct page *page)
{
- clear_bit(PAGE_EXT_IDLE, &lookup_page_ext(page)->flags);
+ struct page_ext *page_ext = lookup_page_ext(page);
+
+ if (unlikely(!page_ext))
+ return;
+
+ clear_bit(PAGE_EXT_IDLE, &page_ext->flags);
}
#endif /* CONFIG_64BIT */
diff -puN mm/page_alloc.c~mm-check-the-return-value-of-lookup_page_ext-for-all-call-sites mm/page_alloc.c
--- a/mm/page_alloc.c~mm-check-the-return-value-of-lookup_page_ext-for-all-call-sites
+++ a/mm/page_alloc.c
@@ -656,6 +656,9 @@ static inline void set_page_guard(struct
return;
page_ext = lookup_page_ext(page);
+ if (unlikely(!page_ext))
+ return;
+
__set_bit(PAGE_EXT_DEBUG_GUARD, &page_ext->flags);
INIT_LIST_HEAD(&page->lru);
@@ -673,6 +676,9 @@ static inline void clear_page_guard(stru
return;
page_ext = lookup_page_ext(page);
+ if (unlikely(!page_ext))
+ return;
+
__clear_bit(PAGE_EXT_DEBUG_GUARD, &page_ext->flags);
set_page_private(page, 0);
diff -puN mm/page_owner.c~mm-check-the-return-value-of-lookup_page_ext-for-all-call-sites mm/page_owner.c
--- a/mm/page_owner.c~mm-check-the-return-value-of-lookup_page_ext-for-all-call-sites
+++ a/mm/page_owner.c
@@ -55,6 +55,8 @@ void __reset_page_owner(struct page *pag
for (i = 0; i < (1 << order); i++) {
page_ext = lookup_page_ext(page + i);
+ if (unlikely(!page_ext))
+ continue;
__clear_bit(PAGE_EXT_OWNER, &page_ext->flags);
}
}
@@ -62,6 +64,7 @@ void __reset_page_owner(struct page *pag
void __set_page_owner(struct page *page, unsigned int order, gfp_t gfp_mask)
{
struct page_ext *page_ext = lookup_page_ext(page);
+
struct stack_trace trace = {
.nr_entries = 0,
.max_entries = ARRAY_SIZE(page_ext->trace_entries),
@@ -69,6 +72,9 @@ void __set_page_owner(struct page *page,
.skip = 3,
};
+ if (unlikely(!page_ext))
+ return;
+
save_stack_trace(&trace);
page_ext->order = order;
@@ -82,6 +88,8 @@ void __set_page_owner(struct page *page,
void __set_page_owner_migrate_reason(struct page *page, int reason)
{
struct page_ext *page_ext = lookup_page_ext(page);
+ if (unlikely(!page_ext))
+ return;
page_ext->last_migrate_reason = reason;
}
@@ -89,6 +97,12 @@ void __set_page_owner_migrate_reason(str
gfp_t __get_page_owner_gfp(struct page *page)
{
struct page_ext *page_ext = lookup_page_ext(page);
+ if (unlikely(!page_ext))
+ /*
+ * The caller just returns 0 if no valid gfp
+ * So return 0 here too.
+ */
+ return 0;
return page_ext->gfp_mask;
}
@@ -99,6 +113,9 @@ void __copy_page_owner(struct page *oldp
struct page_ext *new_ext = lookup_page_ext(newpage);
int i;
+ if (unlikely(!old_ext || !new_ext))
+ return;
+
new_ext->order = old_ext->order;
new_ext->gfp_mask = old_ext->gfp_mask;
new_ext->nr_entries = old_ext->nr_entries;
@@ -193,6 +210,11 @@ void __dump_page_owner(struct page *page
gfp_t gfp_mask = page_ext->gfp_mask;
int mt = gfpflags_to_migratetype(gfp_mask);
+ if (unlikely(!page_ext)) {
+ pr_alert("There is not page extension available.\n");
+ return;
+ }
+
if (!test_bit(PAGE_EXT_OWNER, &page_ext->flags)) {
pr_alert("page_owner info is not active (free page?)\n");
return;
@@ -251,6 +273,8 @@ read_page_owner(struct file *file, char
}
page_ext = lookup_page_ext(page);
+ if (unlikely(!page_ext))
+ continue;
/*
* Some pages could be missed by concurrent allocation or free,
@@ -317,6 +341,8 @@ static void init_pages_in_zone(pg_data_t
continue;
page_ext = lookup_page_ext(page);
+ if (unlikely(!page_ext))
+ continue;
/* Maybe overraping zone */
if (test_bit(PAGE_EXT_OWNER, &page_ext->flags))
diff -puN mm/page_poison.c~mm-check-the-return-value-of-lookup_page_ext-for-all-call-sites mm/page_poison.c
--- a/mm/page_poison.c~mm-check-the-return-value-of-lookup_page_ext-for-all-call-sites
+++ a/mm/page_poison.c
@@ -54,6 +54,9 @@ static inline void set_page_poison(struc
struct page_ext *page_ext;
page_ext = lookup_page_ext(page);
+ if (unlikely(!page_ext))
+ return;
+
__set_bit(PAGE_EXT_DEBUG_POISON, &page_ext->flags);
}
@@ -62,6 +65,9 @@ static inline void clear_page_poison(str
struct page_ext *page_ext;
page_ext = lookup_page_ext(page);
+ if (unlikely(!page_ext))
+ return;
+
__clear_bit(PAGE_EXT_DEBUG_POISON, &page_ext->flags);
}
@@ -70,7 +76,7 @@ bool page_is_poisoned(struct page *page)
struct page_ext *page_ext;
page_ext = lookup_page_ext(page);
- if (!page_ext)
+ if (unlikely(!page_ext))
return false;
return test_bit(PAGE_EXT_DEBUG_POISON, &page_ext->flags);
diff -puN mm/vmstat.c~mm-check-the-return-value-of-lookup_page_ext-for-all-call-sites mm/vmstat.c
--- a/mm/vmstat.c~mm-check-the-return-value-of-lookup_page_ext-for-all-call-sites
+++ a/mm/vmstat.c
@@ -1061,6 +1061,8 @@ static void pagetypeinfo_showmixedcount_
continue;
page_ext = lookup_page_ext(page);
+ if (unlikely(!page_ext))
+ continue;
if (!test_bit(PAGE_EXT_OWNER, &page_ext->flags))
continue;
_
^ permalink raw reply [flat|nested] 57+ messages in thread
* Re: [PATCH] mm: check the return value of lookup_page_ext for all call sites
2016-05-27 20:02 ` Andrew Morton
@ 2016-05-27 20:17 ` Shi, Yang
-1 siblings, 0 replies; 57+ messages in thread
From: Shi, Yang @ 2016-05-27 20:17 UTC (permalink / raw)
To: Andrew Morton
Cc: Minchan Kim, iamjoonsoo.kim, linux-kernel, linux-mm,
linaro-kernel
On 5/27/2016 1:02 PM, Andrew Morton wrote:
> On Thu, 26 May 2016 16:15:28 -0700 "Shi, Yang" <yang.shi@linaro.org> wrote:
>
>>>>
>>>> I hope we consider this direction, too.
>>>
>>> Yang, Could you think about this?
>>
>> Thanks a lot for the suggestion. Sorry for the late reply, I was busy on
>> preparing patches. I do agree this is a direction we should look into,
>> but I haven't got time to think about it deeper. I hope Joonsoo could
>> chime in too since he is the original author for page extension.
>>
>>>
>>> Even, your patch was broken, I think.
>>> It doesn't work with !CONFIG_DEBUG_VM && !CONFIG_PAGE_POISONING because
>>> lookup_page_ext doesn't return NULL in that case.
>>
>> Actually, I think the #ifdef should be removed if lookup_page_ext() is
>> possible to return NULL. It sounds not make sense returning NULL only
>> when DEBUG_VM is enabled. It should return NULL no matter what debug
>> config is selected. If Joonsoo agrees with me I'm going to come up with
>> a patch to fix it.
>>
>
> I've lost the plot here. What is the status of this patch?
>
> Latest version:
Yes, this is the latest version. We are discussing about some future
optimization.
And, Minchan Kim pointed out a possible race condition which exists even
before this patch. I proposed a quick fix, as long as they are happy to
the fix, I will post it to the mailing list.
Thanks,
Yang
>
> From: Yang Shi <yang.shi@linaro.org>
> Subject: mm: check the return value of lookup_page_ext for all call sites
>
> Per the discussion with Joonsoo Kim [1], we need check the return value of
> lookup_page_ext() for all call sites since it might return NULL in some
> cases, although it is unlikely, i.e. memory hotplug.
>
> Tested with ltp with "page_owner=0".
>
> [1] http://lkml.kernel.org/r/20160519002809.GA10245@js1304-P5Q-DELUXE
>
> [akpm@linux-foundation.org: fix build-breaking typos]
> [arnd@arndb.de: fix build problems from lookup_page_ext]
> Link: http://lkml.kernel.org/r/6285269.2CksypHdYp@wuerfel
> [akpm@linux-foundation.org: coding-style fixes]
> Link: http://lkml.kernel.org/r/1464023768-31025-1-git-send-email-yang.shi@linaro.org
> Signed-off-by: Yang Shi <yang.shi@linaro.org>
> Signed-off-by: Arnd Bergmann <arnd@arndb.de>
> Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com>
> Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
> ---
>
> include/linux/page_idle.h | 43 ++++++++++++++++++++++++++++++------
> mm/page_alloc.c | 6 +++++
> mm/page_owner.c | 26 +++++++++++++++++++++
> mm/page_poison.c | 8 +++++-
> mm/vmstat.c | 2 +
> 5 files changed, 77 insertions(+), 8 deletions(-)
>
> diff -puN include/linux/page_idle.h~mm-check-the-return-value-of-lookup_page_ext-for-all-call-sites include/linux/page_idle.h
> --- a/include/linux/page_idle.h~mm-check-the-return-value-of-lookup_page_ext-for-all-call-sites
> +++ a/include/linux/page_idle.h
> @@ -46,33 +46,62 @@ extern struct page_ext_operations page_i
>
> static inline bool page_is_young(struct page *page)
> {
> - return test_bit(PAGE_EXT_YOUNG, &lookup_page_ext(page)->flags);
> + struct page_ext *page_ext = lookup_page_ext(page);
> +
> + if (unlikely(!page_ext))
> + return false;
> +
> + return test_bit(PAGE_EXT_YOUNG, &page_ext->flags);
> }
>
> static inline void set_page_young(struct page *page)
> {
> - set_bit(PAGE_EXT_YOUNG, &lookup_page_ext(page)->flags);
> + struct page_ext *page_ext = lookup_page_ext(page);
> +
> + if (unlikely(!page_ext))
> + return;
> +
> + set_bit(PAGE_EXT_YOUNG, &page_ext->flags);
> }
>
> static inline bool test_and_clear_page_young(struct page *page)
> {
> - return test_and_clear_bit(PAGE_EXT_YOUNG,
> - &lookup_page_ext(page)->flags);
> + struct page_ext *page_ext = lookup_page_ext(page);
> +
> + if (unlikely(!page_ext))
> + return false;
> +
> + return test_and_clear_bit(PAGE_EXT_YOUNG, &page_ext->flags);
> }
>
> static inline bool page_is_idle(struct page *page)
> {
> - return test_bit(PAGE_EXT_IDLE, &lookup_page_ext(page)->flags);
> + struct page_ext *page_ext = lookup_page_ext(page);
> +
> + if (unlikely(!page_ext))
> + return false;
> +
> + return test_bit(PAGE_EXT_IDLE, &page_ext->flags);
> }
>
> static inline void set_page_idle(struct page *page)
> {
> - set_bit(PAGE_EXT_IDLE, &lookup_page_ext(page)->flags);
> + struct page_ext *page_ext = lookup_page_ext(page);
> +
> + if (unlikely(!page_ext))
> + return;
> +
> + set_bit(PAGE_EXT_IDLE, &page_ext->flags);
> }
>
> static inline void clear_page_idle(struct page *page)
> {
> - clear_bit(PAGE_EXT_IDLE, &lookup_page_ext(page)->flags);
> + struct page_ext *page_ext = lookup_page_ext(page);
> +
> + if (unlikely(!page_ext))
> + return;
> +
> + clear_bit(PAGE_EXT_IDLE, &page_ext->flags);
> }
> #endif /* CONFIG_64BIT */
>
> diff -puN mm/page_alloc.c~mm-check-the-return-value-of-lookup_page_ext-for-all-call-sites mm/page_alloc.c
> --- a/mm/page_alloc.c~mm-check-the-return-value-of-lookup_page_ext-for-all-call-sites
> +++ a/mm/page_alloc.c
> @@ -656,6 +656,9 @@ static inline void set_page_guard(struct
> return;
>
> page_ext = lookup_page_ext(page);
> + if (unlikely(!page_ext))
> + return;
> +
> __set_bit(PAGE_EXT_DEBUG_GUARD, &page_ext->flags);
>
> INIT_LIST_HEAD(&page->lru);
> @@ -673,6 +676,9 @@ static inline void clear_page_guard(stru
> return;
>
> page_ext = lookup_page_ext(page);
> + if (unlikely(!page_ext))
> + return;
> +
> __clear_bit(PAGE_EXT_DEBUG_GUARD, &page_ext->flags);
>
> set_page_private(page, 0);
> diff -puN mm/page_owner.c~mm-check-the-return-value-of-lookup_page_ext-for-all-call-sites mm/page_owner.c
> --- a/mm/page_owner.c~mm-check-the-return-value-of-lookup_page_ext-for-all-call-sites
> +++ a/mm/page_owner.c
> @@ -55,6 +55,8 @@ void __reset_page_owner(struct page *pag
>
> for (i = 0; i < (1 << order); i++) {
> page_ext = lookup_page_ext(page + i);
> + if (unlikely(!page_ext))
> + continue;
> __clear_bit(PAGE_EXT_OWNER, &page_ext->flags);
> }
> }
> @@ -62,6 +64,7 @@ void __reset_page_owner(struct page *pag
> void __set_page_owner(struct page *page, unsigned int order, gfp_t gfp_mask)
> {
> struct page_ext *page_ext = lookup_page_ext(page);
> +
> struct stack_trace trace = {
> .nr_entries = 0,
> .max_entries = ARRAY_SIZE(page_ext->trace_entries),
> @@ -69,6 +72,9 @@ void __set_page_owner(struct page *page,
> .skip = 3,
> };
>
> + if (unlikely(!page_ext))
> + return;
> +
> save_stack_trace(&trace);
>
> page_ext->order = order;
> @@ -82,6 +88,8 @@ void __set_page_owner(struct page *page,
> void __set_page_owner_migrate_reason(struct page *page, int reason)
> {
> struct page_ext *page_ext = lookup_page_ext(page);
> + if (unlikely(!page_ext))
> + return;
>
> page_ext->last_migrate_reason = reason;
> }
> @@ -89,6 +97,12 @@ void __set_page_owner_migrate_reason(str
> gfp_t __get_page_owner_gfp(struct page *page)
> {
> struct page_ext *page_ext = lookup_page_ext(page);
> + if (unlikely(!page_ext))
> + /*
> + * The caller just returns 0 if no valid gfp
> + * So return 0 here too.
> + */
> + return 0;
>
> return page_ext->gfp_mask;
> }
> @@ -99,6 +113,9 @@ void __copy_page_owner(struct page *oldp
> struct page_ext *new_ext = lookup_page_ext(newpage);
> int i;
>
> + if (unlikely(!old_ext || !new_ext))
> + return;
> +
> new_ext->order = old_ext->order;
> new_ext->gfp_mask = old_ext->gfp_mask;
> new_ext->nr_entries = old_ext->nr_entries;
> @@ -193,6 +210,11 @@ void __dump_page_owner(struct page *page
> gfp_t gfp_mask = page_ext->gfp_mask;
> int mt = gfpflags_to_migratetype(gfp_mask);
>
> + if (unlikely(!page_ext)) {
> + pr_alert("There is not page extension available.\n");
> + return;
> + }
> +
> if (!test_bit(PAGE_EXT_OWNER, &page_ext->flags)) {
> pr_alert("page_owner info is not active (free page?)\n");
> return;
> @@ -251,6 +273,8 @@ read_page_owner(struct file *file, char
> }
>
> page_ext = lookup_page_ext(page);
> + if (unlikely(!page_ext))
> + continue;
>
> /*
> * Some pages could be missed by concurrent allocation or free,
> @@ -317,6 +341,8 @@ static void init_pages_in_zone(pg_data_t
> continue;
>
> page_ext = lookup_page_ext(page);
> + if (unlikely(!page_ext))
> + continue;
>
> /* Maybe overraping zone */
> if (test_bit(PAGE_EXT_OWNER, &page_ext->flags))
> diff -puN mm/page_poison.c~mm-check-the-return-value-of-lookup_page_ext-for-all-call-sites mm/page_poison.c
> --- a/mm/page_poison.c~mm-check-the-return-value-of-lookup_page_ext-for-all-call-sites
> +++ a/mm/page_poison.c
> @@ -54,6 +54,9 @@ static inline void set_page_poison(struc
> struct page_ext *page_ext;
>
> page_ext = lookup_page_ext(page);
> + if (unlikely(!page_ext))
> + return;
> +
> __set_bit(PAGE_EXT_DEBUG_POISON, &page_ext->flags);
> }
>
> @@ -62,6 +65,9 @@ static inline void clear_page_poison(str
> struct page_ext *page_ext;
>
> page_ext = lookup_page_ext(page);
> + if (unlikely(!page_ext))
> + return;
> +
> __clear_bit(PAGE_EXT_DEBUG_POISON, &page_ext->flags);
> }
>
> @@ -70,7 +76,7 @@ bool page_is_poisoned(struct page *page)
> struct page_ext *page_ext;
>
> page_ext = lookup_page_ext(page);
> - if (!page_ext)
> + if (unlikely(!page_ext))
> return false;
>
> return test_bit(PAGE_EXT_DEBUG_POISON, &page_ext->flags);
> diff -puN mm/vmstat.c~mm-check-the-return-value-of-lookup_page_ext-for-all-call-sites mm/vmstat.c
> --- a/mm/vmstat.c~mm-check-the-return-value-of-lookup_page_ext-for-all-call-sites
> +++ a/mm/vmstat.c
> @@ -1061,6 +1061,8 @@ static void pagetypeinfo_showmixedcount_
> continue;
>
> page_ext = lookup_page_ext(page);
> + if (unlikely(!page_ext))
> + continue;
>
> if (!test_bit(PAGE_EXT_OWNER, &page_ext->flags))
> continue;
> _
>
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
^ permalink raw reply [flat|nested] 57+ messages in thread
* Re: [PATCH] mm: check the return value of lookup_page_ext for all call sites
@ 2016-05-27 20:17 ` Shi, Yang
0 siblings, 0 replies; 57+ messages in thread
From: Shi, Yang @ 2016-05-27 20:17 UTC (permalink / raw)
To: Andrew Morton
Cc: Minchan Kim, iamjoonsoo.kim, linux-kernel, linux-mm,
linaro-kernel
On 5/27/2016 1:02 PM, Andrew Morton wrote:
> On Thu, 26 May 2016 16:15:28 -0700 "Shi, Yang" <yang.shi@linaro.org> wrote:
>
>>>>
>>>> I hope we consider this direction, too.
>>>
>>> Yang, Could you think about this?
>>
>> Thanks a lot for the suggestion. Sorry for the late reply, I was busy on
>> preparing patches. I do agree this is a direction we should look into,
>> but I haven't got time to think about it deeper. I hope Joonsoo could
>> chime in too since he is the original author for page extension.
>>
>>>
>>> Even, your patch was broken, I think.
>>> It doesn't work with !CONFIG_DEBUG_VM && !CONFIG_PAGE_POISONING because
>>> lookup_page_ext doesn't return NULL in that case.
>>
>> Actually, I think the #ifdef should be removed if lookup_page_ext() is
>> possible to return NULL. It sounds not make sense returning NULL only
>> when DEBUG_VM is enabled. It should return NULL no matter what debug
>> config is selected. If Joonsoo agrees with me I'm going to come up with
>> a patch to fix it.
>>
>
> I've lost the plot here. What is the status of this patch?
>
> Latest version:
Yes, this is the latest version. We are discussing about some future
optimization.
And, Minchan Kim pointed out a possible race condition which exists even
before this patch. I proposed a quick fix, as long as they are happy to
the fix, I will post it to the mailing list.
Thanks,
Yang
>
> From: Yang Shi <yang.shi@linaro.org>
> Subject: mm: check the return value of lookup_page_ext for all call sites
>
> Per the discussion with Joonsoo Kim [1], we need check the return value of
> lookup_page_ext() for all call sites since it might return NULL in some
> cases, although it is unlikely, i.e. memory hotplug.
>
> Tested with ltp with "page_owner=0".
>
> [1] http://lkml.kernel.org/r/20160519002809.GA10245@js1304-P5Q-DELUXE
>
> [akpm@linux-foundation.org: fix build-breaking typos]
> [arnd@arndb.de: fix build problems from lookup_page_ext]
> Link: http://lkml.kernel.org/r/6285269.2CksypHdYp@wuerfel
> [akpm@linux-foundation.org: coding-style fixes]
> Link: http://lkml.kernel.org/r/1464023768-31025-1-git-send-email-yang.shi@linaro.org
> Signed-off-by: Yang Shi <yang.shi@linaro.org>
> Signed-off-by: Arnd Bergmann <arnd@arndb.de>
> Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com>
> Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
> ---
>
> include/linux/page_idle.h | 43 ++++++++++++++++++++++++++++++------
> mm/page_alloc.c | 6 +++++
> mm/page_owner.c | 26 +++++++++++++++++++++
> mm/page_poison.c | 8 +++++-
> mm/vmstat.c | 2 +
> 5 files changed, 77 insertions(+), 8 deletions(-)
>
> diff -puN include/linux/page_idle.h~mm-check-the-return-value-of-lookup_page_ext-for-all-call-sites include/linux/page_idle.h
> --- a/include/linux/page_idle.h~mm-check-the-return-value-of-lookup_page_ext-for-all-call-sites
> +++ a/include/linux/page_idle.h
> @@ -46,33 +46,62 @@ extern struct page_ext_operations page_i
>
> static inline bool page_is_young(struct page *page)
> {
> - return test_bit(PAGE_EXT_YOUNG, &lookup_page_ext(page)->flags);
> + struct page_ext *page_ext = lookup_page_ext(page);
> +
> + if (unlikely(!page_ext))
> + return false;
> +
> + return test_bit(PAGE_EXT_YOUNG, &page_ext->flags);
> }
>
> static inline void set_page_young(struct page *page)
> {
> - set_bit(PAGE_EXT_YOUNG, &lookup_page_ext(page)->flags);
> + struct page_ext *page_ext = lookup_page_ext(page);
> +
> + if (unlikely(!page_ext))
> + return;
> +
> + set_bit(PAGE_EXT_YOUNG, &page_ext->flags);
> }
>
> static inline bool test_and_clear_page_young(struct page *page)
> {
> - return test_and_clear_bit(PAGE_EXT_YOUNG,
> - &lookup_page_ext(page)->flags);
> + struct page_ext *page_ext = lookup_page_ext(page);
> +
> + if (unlikely(!page_ext))
> + return false;
> +
> + return test_and_clear_bit(PAGE_EXT_YOUNG, &page_ext->flags);
> }
>
> static inline bool page_is_idle(struct page *page)
> {
> - return test_bit(PAGE_EXT_IDLE, &lookup_page_ext(page)->flags);
> + struct page_ext *page_ext = lookup_page_ext(page);
> +
> + if (unlikely(!page_ext))
> + return false;
> +
> + return test_bit(PAGE_EXT_IDLE, &page_ext->flags);
> }
>
> static inline void set_page_idle(struct page *page)
> {
> - set_bit(PAGE_EXT_IDLE, &lookup_page_ext(page)->flags);
> + struct page_ext *page_ext = lookup_page_ext(page);
> +
> + if (unlikely(!page_ext))
> + return;
> +
> + set_bit(PAGE_EXT_IDLE, &page_ext->flags);
> }
>
> static inline void clear_page_idle(struct page *page)
> {
> - clear_bit(PAGE_EXT_IDLE, &lookup_page_ext(page)->flags);
> + struct page_ext *page_ext = lookup_page_ext(page);
> +
> + if (unlikely(!page_ext))
> + return;
> +
> + clear_bit(PAGE_EXT_IDLE, &page_ext->flags);
> }
> #endif /* CONFIG_64BIT */
>
> diff -puN mm/page_alloc.c~mm-check-the-return-value-of-lookup_page_ext-for-all-call-sites mm/page_alloc.c
> --- a/mm/page_alloc.c~mm-check-the-return-value-of-lookup_page_ext-for-all-call-sites
> +++ a/mm/page_alloc.c
> @@ -656,6 +656,9 @@ static inline void set_page_guard(struct
> return;
>
> page_ext = lookup_page_ext(page);
> + if (unlikely(!page_ext))
> + return;
> +
> __set_bit(PAGE_EXT_DEBUG_GUARD, &page_ext->flags);
>
> INIT_LIST_HEAD(&page->lru);
> @@ -673,6 +676,9 @@ static inline void clear_page_guard(stru
> return;
>
> page_ext = lookup_page_ext(page);
> + if (unlikely(!page_ext))
> + return;
> +
> __clear_bit(PAGE_EXT_DEBUG_GUARD, &page_ext->flags);
>
> set_page_private(page, 0);
> diff -puN mm/page_owner.c~mm-check-the-return-value-of-lookup_page_ext-for-all-call-sites mm/page_owner.c
> --- a/mm/page_owner.c~mm-check-the-return-value-of-lookup_page_ext-for-all-call-sites
> +++ a/mm/page_owner.c
> @@ -55,6 +55,8 @@ void __reset_page_owner(struct page *pag
>
> for (i = 0; i < (1 << order); i++) {
> page_ext = lookup_page_ext(page + i);
> + if (unlikely(!page_ext))
> + continue;
> __clear_bit(PAGE_EXT_OWNER, &page_ext->flags);
> }
> }
> @@ -62,6 +64,7 @@ void __reset_page_owner(struct page *pag
> void __set_page_owner(struct page *page, unsigned int order, gfp_t gfp_mask)
> {
> struct page_ext *page_ext = lookup_page_ext(page);
> +
> struct stack_trace trace = {
> .nr_entries = 0,
> .max_entries = ARRAY_SIZE(page_ext->trace_entries),
> @@ -69,6 +72,9 @@ void __set_page_owner(struct page *page,
> .skip = 3,
> };
>
> + if (unlikely(!page_ext))
> + return;
> +
> save_stack_trace(&trace);
>
> page_ext->order = order;
> @@ -82,6 +88,8 @@ void __set_page_owner(struct page *page,
> void __set_page_owner_migrate_reason(struct page *page, int reason)
> {
> struct page_ext *page_ext = lookup_page_ext(page);
> + if (unlikely(!page_ext))
> + return;
>
> page_ext->last_migrate_reason = reason;
> }
> @@ -89,6 +97,12 @@ void __set_page_owner_migrate_reason(str
> gfp_t __get_page_owner_gfp(struct page *page)
> {
> struct page_ext *page_ext = lookup_page_ext(page);
> + if (unlikely(!page_ext))
> + /*
> + * The caller just returns 0 if no valid gfp
> + * So return 0 here too.
> + */
> + return 0;
>
> return page_ext->gfp_mask;
> }
> @@ -99,6 +113,9 @@ void __copy_page_owner(struct page *oldp
> struct page_ext *new_ext = lookup_page_ext(newpage);
> int i;
>
> + if (unlikely(!old_ext || !new_ext))
> + return;
> +
> new_ext->order = old_ext->order;
> new_ext->gfp_mask = old_ext->gfp_mask;
> new_ext->nr_entries = old_ext->nr_entries;
> @@ -193,6 +210,11 @@ void __dump_page_owner(struct page *page
> gfp_t gfp_mask = page_ext->gfp_mask;
> int mt = gfpflags_to_migratetype(gfp_mask);
>
> + if (unlikely(!page_ext)) {
> + pr_alert("There is not page extension available.\n");
> + return;
> + }
> +
> if (!test_bit(PAGE_EXT_OWNER, &page_ext->flags)) {
> pr_alert("page_owner info is not active (free page?)\n");
> return;
> @@ -251,6 +273,8 @@ read_page_owner(struct file *file, char
> }
>
> page_ext = lookup_page_ext(page);
> + if (unlikely(!page_ext))
> + continue;
>
> /*
> * Some pages could be missed by concurrent allocation or free,
> @@ -317,6 +341,8 @@ static void init_pages_in_zone(pg_data_t
> continue;
>
> page_ext = lookup_page_ext(page);
> + if (unlikely(!page_ext))
> + continue;
>
> /* Maybe overraping zone */
> if (test_bit(PAGE_EXT_OWNER, &page_ext->flags))
> diff -puN mm/page_poison.c~mm-check-the-return-value-of-lookup_page_ext-for-all-call-sites mm/page_poison.c
> --- a/mm/page_poison.c~mm-check-the-return-value-of-lookup_page_ext-for-all-call-sites
> +++ a/mm/page_poison.c
> @@ -54,6 +54,9 @@ static inline void set_page_poison(struc
> struct page_ext *page_ext;
>
> page_ext = lookup_page_ext(page);
> + if (unlikely(!page_ext))
> + return;
> +
> __set_bit(PAGE_EXT_DEBUG_POISON, &page_ext->flags);
> }
>
> @@ -62,6 +65,9 @@ static inline void clear_page_poison(str
> struct page_ext *page_ext;
>
> page_ext = lookup_page_ext(page);
> + if (unlikely(!page_ext))
> + return;
> +
> __clear_bit(PAGE_EXT_DEBUG_POISON, &page_ext->flags);
> }
>
> @@ -70,7 +76,7 @@ bool page_is_poisoned(struct page *page)
> struct page_ext *page_ext;
>
> page_ext = lookup_page_ext(page);
> - if (!page_ext)
> + if (unlikely(!page_ext))
> return false;
>
> return test_bit(PAGE_EXT_DEBUG_POISON, &page_ext->flags);
> diff -puN mm/vmstat.c~mm-check-the-return-value-of-lookup_page_ext-for-all-call-sites mm/vmstat.c
> --- a/mm/vmstat.c~mm-check-the-return-value-of-lookup_page_ext-for-all-call-sites
> +++ a/mm/vmstat.c
> @@ -1061,6 +1061,8 @@ static void pagetypeinfo_showmixedcount_
> continue;
>
> page_ext = lookup_page_ext(page);
> + if (unlikely(!page_ext))
> + continue;
>
> if (!test_bit(PAGE_EXT_OWNER, &page_ext->flags))
> continue;
> _
>
^ permalink raw reply [flat|nested] 57+ messages in thread
* Re: [PATCH] mm: check the return value of lookup_page_ext for all call sites
2016-05-27 20:17 ` Shi, Yang
@ 2016-05-27 20:30 ` Andrew Morton
-1 siblings, 0 replies; 57+ messages in thread
From: Andrew Morton @ 2016-05-27 20:30 UTC (permalink / raw)
To: Shi, Yang
Cc: Minchan Kim, iamjoonsoo.kim, linux-kernel, linux-mm,
linaro-kernel
On Fri, 27 May 2016 13:17:19 -0700 "Shi, Yang" <yang.shi@linaro.org> wrote:
> >> Actually, I think the #ifdef should be removed if lookup_page_ext() is
> >> possible to return NULL. It sounds not make sense returning NULL only
> >> when DEBUG_VM is enabled. It should return NULL no matter what debug
> >> config is selected. If Joonsoo agrees with me I'm going to come up with
> >> a patch to fix it.
> >>
> >
> > I've lost the plot here. What is the status of this patch?
> >
> > Latest version:
>
> Yes, this is the latest version. We are discussing about some future
> optimization.
>
> And, Minchan Kim pointed out a possible race condition which exists even
> before this patch. I proposed a quick fix, as long as they are happy to
> the fix, I will post it to the mailing list.
OK, thanks - I've moved it into the for-Linus-next-week queue.
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
^ permalink raw reply [flat|nested] 57+ messages in thread
* Re: [PATCH] mm: check the return value of lookup_page_ext for all call sites
@ 2016-05-27 20:30 ` Andrew Morton
0 siblings, 0 replies; 57+ messages in thread
From: Andrew Morton @ 2016-05-27 20:30 UTC (permalink / raw)
To: Shi, Yang
Cc: Minchan Kim, iamjoonsoo.kim, linux-kernel, linux-mm,
linaro-kernel
On Fri, 27 May 2016 13:17:19 -0700 "Shi, Yang" <yang.shi@linaro.org> wrote:
> >> Actually, I think the #ifdef should be removed if lookup_page_ext() is
> >> possible to return NULL. It sounds not make sense returning NULL only
> >> when DEBUG_VM is enabled. It should return NULL no matter what debug
> >> config is selected. If Joonsoo agrees with me I'm going to come up with
> >> a patch to fix it.
> >>
> >
> > I've lost the plot here. What is the status of this patch?
> >
> > Latest version:
>
> Yes, this is the latest version. We are discussing about some future
> optimization.
>
> And, Minchan Kim pointed out a possible race condition which exists even
> before this patch. I proposed a quick fix, as long as they are happy to
> the fix, I will post it to the mailing list.
OK, thanks - I've moved it into the for-Linus-next-week queue.
^ permalink raw reply [flat|nested] 57+ messages in thread
* Re: [PATCH] mm: check the return value of lookup_page_ext for all call sites
2016-05-27 8:11 ` Minchan Kim
@ 2016-05-30 5:39 ` Joonsoo Kim
-1 siblings, 0 replies; 57+ messages in thread
From: Joonsoo Kim @ 2016-05-30 5:39 UTC (permalink / raw)
To: Minchan Kim
Cc: Shi, Yang, akpm, linux-kernel, linux-mm, linaro-kernel, Tang Chen,
Yasuaki Ishimatsu, Kamezawa Hiroyuki
On Fri, May 27, 2016 at 05:11:08PM +0900, Minchan Kim wrote:
> On Fri, May 27, 2016 at 03:08:39PM +0900, Joonsoo Kim wrote:
> > On Fri, May 27, 2016 at 02:14:32PM +0900, Minchan Kim wrote:
> > > On Thu, May 26, 2016 at 04:15:28PM -0700, Shi, Yang wrote:
> > > > On 5/25/2016 5:37 PM, Minchan Kim wrote:
> > > > >On Tue, May 24, 2016 at 11:58:11AM +0900, Minchan Kim wrote:
> > > > >>On Mon, May 23, 2016 at 10:16:08AM -0700, Yang Shi wrote:
> > > > >>>Per the discussion with Joonsoo Kim [1], we need check the return value of
> > > > >>>lookup_page_ext() for all call sites since it might return NULL in some cases,
> > > > >>>although it is unlikely, i.e. memory hotplug.
> > > > >>>
> > > > >>>Tested with ltp with "page_owner=0".
> > > > >>>
> > > > >>>[1] http://lkml.kernel.org/r/20160519002809.GA10245@js1304-P5Q-DELUXE
> > > > >>>
> > > > >>>Signed-off-by: Yang Shi <yang.shi@linaro.org>
> > > > >>
> > > > >>I didn't read code code in detail to see how page_ext memory space
> > > > >>allocated in boot code and memory hotplug but to me, it's not good
> > > > >>to check NULL whenever we calls lookup_page_ext.
> > > > >>
> > > > >>More dangerous thing is now page_ext is used by optionable feature(ie, not
> > > > >>critical for system stability) but if we want to use page_ext as
> > > > >>another important tool for the system in future,
> > > > >>it could be a serious problem.
> >
> > Hello, Minchan.
>
> Hi Joonsoo,
>
> >
> > I wonder how pages that isn't managed by kernel yet will cause serious
> > problem. Until onlining, these pages are out of our scope. Any
> > information about them would be useless until it is actually
> > activated. I guess that returning NULL for those pages will not hurt
> > any functionality. Do you have any possible scenario that this causes the
> > serious problem?
>
> I don't have any specific usecase now. That's why I said "in future".
> And I don't want to argue whether there is possible scenario or not
> to make the feature useful but if you want, I should write novel.
> One of example, pop up my mind, xen, hv and even memory_hotplug itself
> might want to use page_ext for their functionality extension to hook
> guest pages.
There is no detail so I can't guess how to use it and how it causes
the serious problem. But, we can do it when it is really needed.
>
> My opinion is that page_ext is extension of struct page so it would
> be better to allow any operation on struct page without any limitation
> if we can do it. Whether it's useful or useless depend on random
> usecase and we don't need to limit that way from the beginning.
If there is no drawback, it would be a better design. But, we have
trade-off that for some case that the memory is added but not
onlined, there is memory saving if we allocate page_ext later.
So, in current situation that there is no user to require such
guarantee, I don't think it's worth doing right now.
> However, current design allows deferred page_ext population so any user
> of page_ext should keep it in mind and should either make fallback plan
> or don't use page_ext for those cases. If we decide go this way through
> discussion, at least, we should make such limitation more clear to
> somewhere in this chance, maybe around page_ext_operation->need comment.
Agreed.
> My comment's point is that we should consider that way at least. It's
> worth to discuss pros and cons, what's the best and what makes that way
> hesitate if we can't.
Yes, your suggestion would be good for future direction, but, for now,
I think that inserting NULL to all callers is right fix.
1) Current design that page_ext is allocated when online is design
decision of page_ext to save memory as much as possible. Fixing
possible problem within this design decision looks good to me.
2) Maybe, we need to backport fixes because it would crash older
kernels. In this case, fix with NULL is easy to backport.
> >
> > And, allocation such memory space doesn't come from free. If someone
> > just add the memory device and don't online it, these memory will be
>
> Here goes several questions.
> Cced hotplug guys
>
> 1.
> If someone just add the memory device without onlining, kernel code
> can return pfn_valid == true on the offlined page?
AFAIK, yes.
>
> 2.
> If so, it means memmap on offline memory is already populated somewhere.
> Where is the memmap allocated? part of offlined memory space or other memory?
Other memory.
> 3. Could we allocate page_ext in part of offline memory space so that
> it doesn't consume online memory.
>
> > wasted. I don't know if there is such a usecase but it's possible
> > scenario.
>
> >
> > > > >>
> > > > >>Can we put some hooks of page_ext into memory-hotplug so guarantee
> > > > >>that page_ext memory space is allocated with memmap space at the
> > > > >>same time? IOW, once every PFN wakers find a page is valid, page_ext
> > > > >>is valid, too so lookup_page_ext never returns NULL on valid page
> > > > >>by design.
> > > > >>
> > > > >>I hope we consider this direction, too.
> > > > >
> > > > >Yang, Could you think about this?
> > > >
> > > > Thanks a lot for the suggestion. Sorry for the late reply, I was
> > > > busy on preparing patches. I do agree this is a direction we should
> > > > look into, but I haven't got time to think about it deeper. I hope
> > > > Joonsoo could chime in too since he is the original author for page
> > > > extension.
> > > >
> > > > >
> > > > >Even, your patch was broken, I think.
> > > > >It doesn't work with !CONFIG_DEBUG_VM && !CONFIG_PAGE_POISONING because
> > > > >lookup_page_ext doesn't return NULL in that case.
> > > >
> > > > Actually, I think the #ifdef should be removed if lookup_page_ext()
> > > > is possible to return NULL. It sounds not make sense returning NULL
> > > > only when DEBUG_VM is enabled. It should return NULL no matter what
> > > > debug config is selected. If Joonsoo agrees with me I'm going to
> > > > come up with a patch to fix it.
> >
> > Agreed but let's wait for Minchan's response.
>
> If we goes this way, how to guarantee this race?
>
> kpageflags_read
> stable_page_flags
> page_is_idle
> lookup_page_ext
> section = __pfn_to_section(pfn)
> offline_pages
> memory_notify(MEM_OFFLINE)
> offline_page_ext
> ms->page_ext = NULL
> section->page_ext + pfn
I think that it is a fundamental problem of memory hotplug.
There is similar race with struct page for offlined memory.
kpageflags_read
pfn_valid
remove_memory
stable_page_flags
crash!
I already reported similar race problem to memory hotplug guys but
didn't get any answer.
lkml.kernel.org/r/20151221031501.GA32524@js1304-P5Q-DELUXE
Thanks.
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
^ permalink raw reply [flat|nested] 57+ messages in thread
* Re: [PATCH] mm: check the return value of lookup_page_ext for all call sites
@ 2016-05-30 5:39 ` Joonsoo Kim
0 siblings, 0 replies; 57+ messages in thread
From: Joonsoo Kim @ 2016-05-30 5:39 UTC (permalink / raw)
To: Minchan Kim
Cc: Shi, Yang, akpm, linux-kernel, linux-mm, linaro-kernel, Tang Chen,
Yasuaki Ishimatsu, Kamezawa Hiroyuki
On Fri, May 27, 2016 at 05:11:08PM +0900, Minchan Kim wrote:
> On Fri, May 27, 2016 at 03:08:39PM +0900, Joonsoo Kim wrote:
> > On Fri, May 27, 2016 at 02:14:32PM +0900, Minchan Kim wrote:
> > > On Thu, May 26, 2016 at 04:15:28PM -0700, Shi, Yang wrote:
> > > > On 5/25/2016 5:37 PM, Minchan Kim wrote:
> > > > >On Tue, May 24, 2016 at 11:58:11AM +0900, Minchan Kim wrote:
> > > > >>On Mon, May 23, 2016 at 10:16:08AM -0700, Yang Shi wrote:
> > > > >>>Per the discussion with Joonsoo Kim [1], we need check the return value of
> > > > >>>lookup_page_ext() for all call sites since it might return NULL in some cases,
> > > > >>>although it is unlikely, i.e. memory hotplug.
> > > > >>>
> > > > >>>Tested with ltp with "page_owner=0".
> > > > >>>
> > > > >>>[1] http://lkml.kernel.org/r/20160519002809.GA10245@js1304-P5Q-DELUXE
> > > > >>>
> > > > >>>Signed-off-by: Yang Shi <yang.shi@linaro.org>
> > > > >>
> > > > >>I didn't read code code in detail to see how page_ext memory space
> > > > >>allocated in boot code and memory hotplug but to me, it's not good
> > > > >>to check NULL whenever we calls lookup_page_ext.
> > > > >>
> > > > >>More dangerous thing is now page_ext is used by optionable feature(ie, not
> > > > >>critical for system stability) but if we want to use page_ext as
> > > > >>another important tool for the system in future,
> > > > >>it could be a serious problem.
> >
> > Hello, Minchan.
>
> Hi Joonsoo,
>
> >
> > I wonder how pages that isn't managed by kernel yet will cause serious
> > problem. Until onlining, these pages are out of our scope. Any
> > information about them would be useless until it is actually
> > activated. I guess that returning NULL for those pages will not hurt
> > any functionality. Do you have any possible scenario that this causes the
> > serious problem?
>
> I don't have any specific usecase now. That's why I said "in future".
> And I don't want to argue whether there is possible scenario or not
> to make the feature useful but if you want, I should write novel.
> One of example, pop up my mind, xen, hv and even memory_hotplug itself
> might want to use page_ext for their functionality extension to hook
> guest pages.
There is no detail so I can't guess how to use it and how it causes
the serious problem. But, we can do it when it is really needed.
>
> My opinion is that page_ext is extension of struct page so it would
> be better to allow any operation on struct page without any limitation
> if we can do it. Whether it's useful or useless depend on random
> usecase and we don't need to limit that way from the beginning.
If there is no drawback, it would be a better design. But, we have
trade-off that for some case that the memory is added but not
onlined, there is memory saving if we allocate page_ext later.
So, in current situation that there is no user to require such
guarantee, I don't think it's worth doing right now.
> However, current design allows deferred page_ext population so any user
> of page_ext should keep it in mind and should either make fallback plan
> or don't use page_ext for those cases. If we decide go this way through
> discussion, at least, we should make such limitation more clear to
> somewhere in this chance, maybe around page_ext_operation->need comment.
Agreed.
> My comment's point is that we should consider that way at least. It's
> worth to discuss pros and cons, what's the best and what makes that way
> hesitate if we can't.
Yes, your suggestion would be good for future direction, but, for now,
I think that inserting NULL to all callers is right fix.
1) Current design that page_ext is allocated when online is design
decision of page_ext to save memory as much as possible. Fixing
possible problem within this design decision looks good to me.
2) Maybe, we need to backport fixes because it would crash older
kernels. In this case, fix with NULL is easy to backport.
> >
> > And, allocation such memory space doesn't come from free. If someone
> > just add the memory device and don't online it, these memory will be
>
> Here goes several questions.
> Cced hotplug guys
>
> 1.
> If someone just add the memory device without onlining, kernel code
> can return pfn_valid == true on the offlined page?
AFAIK, yes.
>
> 2.
> If so, it means memmap on offline memory is already populated somewhere.
> Where is the memmap allocated? part of offlined memory space or other memory?
Other memory.
> 3. Could we allocate page_ext in part of offline memory space so that
> it doesn't consume online memory.
>
> > wasted. I don't know if there is such a usecase but it's possible
> > scenario.
>
> >
> > > > >>
> > > > >>Can we put some hooks of page_ext into memory-hotplug so guarantee
> > > > >>that page_ext memory space is allocated with memmap space at the
> > > > >>same time? IOW, once every PFN wakers find a page is valid, page_ext
> > > > >>is valid, too so lookup_page_ext never returns NULL on valid page
> > > > >>by design.
> > > > >>
> > > > >>I hope we consider this direction, too.
> > > > >
> > > > >Yang, Could you think about this?
> > > >
> > > > Thanks a lot for the suggestion. Sorry for the late reply, I was
> > > > busy on preparing patches. I do agree this is a direction we should
> > > > look into, but I haven't got time to think about it deeper. I hope
> > > > Joonsoo could chime in too since he is the original author for page
> > > > extension.
> > > >
> > > > >
> > > > >Even, your patch was broken, I think.
> > > > >It doesn't work with !CONFIG_DEBUG_VM && !CONFIG_PAGE_POISONING because
> > > > >lookup_page_ext doesn't return NULL in that case.
> > > >
> > > > Actually, I think the #ifdef should be removed if lookup_page_ext()
> > > > is possible to return NULL. It sounds not make sense returning NULL
> > > > only when DEBUG_VM is enabled. It should return NULL no matter what
> > > > debug config is selected. If Joonsoo agrees with me I'm going to
> > > > come up with a patch to fix it.
> >
> > Agreed but let's wait for Minchan's response.
>
> If we goes this way, how to guarantee this race?
>
> kpageflags_read
> stable_page_flags
> page_is_idle
> lookup_page_ext
> section = __pfn_to_section(pfn)
> offline_pages
> memory_notify(MEM_OFFLINE)
> offline_page_ext
> ms->page_ext = NULL
> section->page_ext + pfn
I think that it is a fundamental problem of memory hotplug.
There is similar race with struct page for offlined memory.
kpageflags_read
pfn_valid
remove_memory
stable_page_flags
crash!
I already reported similar race problem to memory hotplug guys but
didn't get any answer.
lkml.kernel.org/r/20151221031501.GA32524@js1304-P5Q-DELUXE
Thanks.
^ permalink raw reply [flat|nested] 57+ messages in thread
* Re: [PATCH] mm: check the return value of lookup_page_ext for all call sites
2016-05-30 5:39 ` Joonsoo Kim
@ 2016-05-30 6:08 ` Minchan Kim
-1 siblings, 0 replies; 57+ messages in thread
From: Minchan Kim @ 2016-05-30 6:08 UTC (permalink / raw)
To: Joonsoo Kim, Kamezawa Hiroyuki
Cc: Shi, Yang, akpm, linux-kernel, linux-mm, linaro-kernel, Tang Chen,
Yasuaki Ishimatsu
On Mon, May 30, 2016 at 02:39:06PM +0900, Joonsoo Kim wrote:
> On Fri, May 27, 2016 at 05:11:08PM +0900, Minchan Kim wrote:
> > On Fri, May 27, 2016 at 03:08:39PM +0900, Joonsoo Kim wrote:
> > > On Fri, May 27, 2016 at 02:14:32PM +0900, Minchan Kim wrote:
> > > > On Thu, May 26, 2016 at 04:15:28PM -0700, Shi, Yang wrote:
> > > > > On 5/25/2016 5:37 PM, Minchan Kim wrote:
> > > > > >On Tue, May 24, 2016 at 11:58:11AM +0900, Minchan Kim wrote:
> > > > > >>On Mon, May 23, 2016 at 10:16:08AM -0700, Yang Shi wrote:
> > > > > >>>Per the discussion with Joonsoo Kim [1], we need check the return value of
> > > > > >>>lookup_page_ext() for all call sites since it might return NULL in some cases,
> > > > > >>>although it is unlikely, i.e. memory hotplug.
> > > > > >>>
> > > > > >>>Tested with ltp with "page_owner=0".
> > > > > >>>
> > > > > >>>[1] http://lkml.kernel.org/r/20160519002809.GA10245@js1304-P5Q-DELUXE
> > > > > >>>
> > > > > >>>Signed-off-by: Yang Shi <yang.shi@linaro.org>
> > > > > >>
> > > > > >>I didn't read code code in detail to see how page_ext memory space
> > > > > >>allocated in boot code and memory hotplug but to me, it's not good
> > > > > >>to check NULL whenever we calls lookup_page_ext.
> > > > > >>
> > > > > >>More dangerous thing is now page_ext is used by optionable feature(ie, not
> > > > > >>critical for system stability) but if we want to use page_ext as
> > > > > >>another important tool for the system in future,
> > > > > >>it could be a serious problem.
> > >
> > > Hello, Minchan.
> >
> > Hi Joonsoo,
> >
> > >
> > > I wonder how pages that isn't managed by kernel yet will cause serious
> > > problem. Until onlining, these pages are out of our scope. Any
> > > information about them would be useless until it is actually
> > > activated. I guess that returning NULL for those pages will not hurt
> > > any functionality. Do you have any possible scenario that this causes the
> > > serious problem?
> >
> > I don't have any specific usecase now. That's why I said "in future".
> > And I don't want to argue whether there is possible scenario or not
> > to make the feature useful but if you want, I should write novel.
> > One of example, pop up my mind, xen, hv and even memory_hotplug itself
> > might want to use page_ext for their functionality extension to hook
> > guest pages.
>
> There is no detail so I can't guess how to use it and how it causes
> the serious problem. But, we can do it when it is really needed.
>
> >
> > My opinion is that page_ext is extension of struct page so it would
> > be better to allow any operation on struct page without any limitation
> > if we can do it. Whether it's useful or useless depend on random
> > usecase and we don't need to limit that way from the beginning.
>
> If there is no drawback, it would be a better design. But, we have
> trade-off that for some case that the memory is added but not
> onlined, there is memory saving if we allocate page_ext later.
> So, in current situation that there is no user to require such
> guarantee, I don't think it's worth doing right now.
>
> > However, current design allows deferred page_ext population so any user
> > of page_ext should keep it in mind and should either make fallback plan
> > or don't use page_ext for those cases. If we decide go this way through
> > discussion, at least, we should make such limitation more clear to
> > somewhere in this chance, maybe around page_ext_operation->need comment.
>
> Agreed.
Okay, We realized from this discussion that by design, guest of page_ext
at the meoment should know his page_ext access from the page can be failed
so every caller should prepare for it.
Shi, Yang, Please include some comment about that in your patch to
prevent further reviewer waste his time with repeating same discussion
and client of page_ext can know the limitation.
>
> > My comment's point is that we should consider that way at least. It's
> > worth to discuss pros and cons, what's the best and what makes that way
> > hesitate if we can't.
>
> Yes, your suggestion would be good for future direction, but, for now,
> I think that inserting NULL to all callers is right fix.
>
> 1) Current design that page_ext is allocated when online is design
> decision of page_ext to save memory as much as possible. Fixing
> possible problem within this design decision looks good to me.
Okay. Shi Yang, please include this comment in your patch, too.
>
> 2) Maybe, we need to backport fixes because it would crash older
> kernels. In this case, fix with NULL is easy to backport.
Agreed.
Then, Shi Yang need to mark the page as stable.
Shi, Please resend your patch with hard testing and more better
description with marking it as stable.
And I know another race problem about Shi's patch.
I will reply to the thread.
>
> > >
> > > And, allocation such memory space doesn't come from free. If someone
> > > just add the memory device and don't online it, these memory will be
> >
> > Here goes several questions.
> > Cced hotplug guys
> >
> > 1.
> > If someone just add the memory device without onlining, kernel code
> > can return pfn_valid == true on the offlined page?
>
> AFAIK, yes.
> >
> > 2.
> > If so, it means memmap on offline memory is already populated somewhere.
> > Where is the memmap allocated? part of offlined memory space or other memory?
>
> Other memory.
>
> > 3. Could we allocate page_ext in part of offline memory space so that
> > it doesn't consume online memory.
> >
> > > wasted. I don't know if there is such a usecase but it's possible
> > > scenario.
> >
> > >
> > > > > >>
> > > > > >>Can we put some hooks of page_ext into memory-hotplug so guarantee
> > > > > >>that page_ext memory space is allocated with memmap space at the
> > > > > >>same time? IOW, once every PFN wakers find a page is valid, page_ext
> > > > > >>is valid, too so lookup_page_ext never returns NULL on valid page
> > > > > >>by design.
> > > > > >>
> > > > > >>I hope we consider this direction, too.
> > > > > >
> > > > > >Yang, Could you think about this?
> > > > >
> > > > > Thanks a lot for the suggestion. Sorry for the late reply, I was
> > > > > busy on preparing patches. I do agree this is a direction we should
> > > > > look into, but I haven't got time to think about it deeper. I hope
> > > > > Joonsoo could chime in too since he is the original author for page
> > > > > extension.
> > > > >
> > > > > >
> > > > > >Even, your patch was broken, I think.
> > > > > >It doesn't work with !CONFIG_DEBUG_VM && !CONFIG_PAGE_POISONING because
> > > > > >lookup_page_ext doesn't return NULL in that case.
> > > > >
> > > > > Actually, I think the #ifdef should be removed if lookup_page_ext()
> > > > > is possible to return NULL. It sounds not make sense returning NULL
> > > > > only when DEBUG_VM is enabled. It should return NULL no matter what
> > > > > debug config is selected. If Joonsoo agrees with me I'm going to
> > > > > come up with a patch to fix it.
> > >
> > > Agreed but let's wait for Minchan's response.
> >
> > If we goes this way, how to guarantee this race?
> >
> > kpageflags_read
> > stable_page_flags
> > page_is_idle
> > lookup_page_ext
> > section = __pfn_to_section(pfn)
> > offline_pages
> > memory_notify(MEM_OFFLINE)
> > offline_page_ext
> > ms->page_ext = NULL
> > section->page_ext + pfn
>
> I think that it is a fundamental problem of memory hotplug.
> There is similar race with struct page for offlined memory.
>
>
>
> kpageflags_read
> pfn_valid
> remove_memory
> stable_page_flags
> crash!
>
> I already reported similar race problem to memory hotplug guys but
> didn't get any answer.
>
> lkml.kernel.org/r/20151221031501.GA32524@js1304-P5Q-DELUXE
Who's in charge of memory-hotplug? Kame, Could you nudge him?
>
> Thanks.
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
^ permalink raw reply [flat|nested] 57+ messages in thread
* Re: [PATCH] mm: check the return value of lookup_page_ext for all call sites
@ 2016-05-30 6:08 ` Minchan Kim
0 siblings, 0 replies; 57+ messages in thread
From: Minchan Kim @ 2016-05-30 6:08 UTC (permalink / raw)
To: Joonsoo Kim, Kamezawa Hiroyuki
Cc: Shi, Yang, akpm, linux-kernel, linux-mm, linaro-kernel, Tang Chen,
Yasuaki Ishimatsu, Kamezawa Hiroyuki
On Mon, May 30, 2016 at 02:39:06PM +0900, Joonsoo Kim wrote:
> On Fri, May 27, 2016 at 05:11:08PM +0900, Minchan Kim wrote:
> > On Fri, May 27, 2016 at 03:08:39PM +0900, Joonsoo Kim wrote:
> > > On Fri, May 27, 2016 at 02:14:32PM +0900, Minchan Kim wrote:
> > > > On Thu, May 26, 2016 at 04:15:28PM -0700, Shi, Yang wrote:
> > > > > On 5/25/2016 5:37 PM, Minchan Kim wrote:
> > > > > >On Tue, May 24, 2016 at 11:58:11AM +0900, Minchan Kim wrote:
> > > > > >>On Mon, May 23, 2016 at 10:16:08AM -0700, Yang Shi wrote:
> > > > > >>>Per the discussion with Joonsoo Kim [1], we need check the return value of
> > > > > >>>lookup_page_ext() for all call sites since it might return NULL in some cases,
> > > > > >>>although it is unlikely, i.e. memory hotplug.
> > > > > >>>
> > > > > >>>Tested with ltp with "page_owner=0".
> > > > > >>>
> > > > > >>>[1] http://lkml.kernel.org/r/20160519002809.GA10245@js1304-P5Q-DELUXE
> > > > > >>>
> > > > > >>>Signed-off-by: Yang Shi <yang.shi@linaro.org>
> > > > > >>
> > > > > >>I didn't read code code in detail to see how page_ext memory space
> > > > > >>allocated in boot code and memory hotplug but to me, it's not good
> > > > > >>to check NULL whenever we calls lookup_page_ext.
> > > > > >>
> > > > > >>More dangerous thing is now page_ext is used by optionable feature(ie, not
> > > > > >>critical for system stability) but if we want to use page_ext as
> > > > > >>another important tool for the system in future,
> > > > > >>it could be a serious problem.
> > >
> > > Hello, Minchan.
> >
> > Hi Joonsoo,
> >
> > >
> > > I wonder how pages that isn't managed by kernel yet will cause serious
> > > problem. Until onlining, these pages are out of our scope. Any
> > > information about them would be useless until it is actually
> > > activated. I guess that returning NULL for those pages will not hurt
> > > any functionality. Do you have any possible scenario that this causes the
> > > serious problem?
> >
> > I don't have any specific usecase now. That's why I said "in future".
> > And I don't want to argue whether there is possible scenario or not
> > to make the feature useful but if you want, I should write novel.
> > One of example, pop up my mind, xen, hv and even memory_hotplug itself
> > might want to use page_ext for their functionality extension to hook
> > guest pages.
>
> There is no detail so I can't guess how to use it and how it causes
> the serious problem. But, we can do it when it is really needed.
>
> >
> > My opinion is that page_ext is extension of struct page so it would
> > be better to allow any operation on struct page without any limitation
> > if we can do it. Whether it's useful or useless depend on random
> > usecase and we don't need to limit that way from the beginning.
>
> If there is no drawback, it would be a better design. But, we have
> trade-off that for some case that the memory is added but not
> onlined, there is memory saving if we allocate page_ext later.
> So, in current situation that there is no user to require such
> guarantee, I don't think it's worth doing right now.
>
> > However, current design allows deferred page_ext population so any user
> > of page_ext should keep it in mind and should either make fallback plan
> > or don't use page_ext for those cases. If we decide go this way through
> > discussion, at least, we should make such limitation more clear to
> > somewhere in this chance, maybe around page_ext_operation->need comment.
>
> Agreed.
Okay, We realized from this discussion that by design, guest of page_ext
at the meoment should know his page_ext access from the page can be failed
so every caller should prepare for it.
Shi, Yang, Please include some comment about that in your patch to
prevent further reviewer waste his time with repeating same discussion
and client of page_ext can know the limitation.
>
> > My comment's point is that we should consider that way at least. It's
> > worth to discuss pros and cons, what's the best and what makes that way
> > hesitate if we can't.
>
> Yes, your suggestion would be good for future direction, but, for now,
> I think that inserting NULL to all callers is right fix.
>
> 1) Current design that page_ext is allocated when online is design
> decision of page_ext to save memory as much as possible. Fixing
> possible problem within this design decision looks good to me.
Okay. Shi Yang, please include this comment in your patch, too.
>
> 2) Maybe, we need to backport fixes because it would crash older
> kernels. In this case, fix with NULL is easy to backport.
Agreed.
Then, Shi Yang need to mark the page as stable.
Shi, Please resend your patch with hard testing and more better
description with marking it as stable.
And I know another race problem about Shi's patch.
I will reply to the thread.
>
> > >
> > > And, allocation such memory space doesn't come from free. If someone
> > > just add the memory device and don't online it, these memory will be
> >
> > Here goes several questions.
> > Cced hotplug guys
> >
> > 1.
> > If someone just add the memory device without onlining, kernel code
> > can return pfn_valid == true on the offlined page?
>
> AFAIK, yes.
> >
> > 2.
> > If so, it means memmap on offline memory is already populated somewhere.
> > Where is the memmap allocated? part of offlined memory space or other memory?
>
> Other memory.
>
> > 3. Could we allocate page_ext in part of offline memory space so that
> > it doesn't consume online memory.
> >
> > > wasted. I don't know if there is such a usecase but it's possible
> > > scenario.
> >
> > >
> > > > > >>
> > > > > >>Can we put some hooks of page_ext into memory-hotplug so guarantee
> > > > > >>that page_ext memory space is allocated with memmap space at the
> > > > > >>same time? IOW, once every PFN wakers find a page is valid, page_ext
> > > > > >>is valid, too so lookup_page_ext never returns NULL on valid page
> > > > > >>by design.
> > > > > >>
> > > > > >>I hope we consider this direction, too.
> > > > > >
> > > > > >Yang, Could you think about this?
> > > > >
> > > > > Thanks a lot for the suggestion. Sorry for the late reply, I was
> > > > > busy on preparing patches. I do agree this is a direction we should
> > > > > look into, but I haven't got time to think about it deeper. I hope
> > > > > Joonsoo could chime in too since he is the original author for page
> > > > > extension.
> > > > >
> > > > > >
> > > > > >Even, your patch was broken, I think.
> > > > > >It doesn't work with !CONFIG_DEBUG_VM && !CONFIG_PAGE_POISONING because
> > > > > >lookup_page_ext doesn't return NULL in that case.
> > > > >
> > > > > Actually, I think the #ifdef should be removed if lookup_page_ext()
> > > > > is possible to return NULL. It sounds not make sense returning NULL
> > > > > only when DEBUG_VM is enabled. It should return NULL no matter what
> > > > > debug config is selected. If Joonsoo agrees with me I'm going to
> > > > > come up with a patch to fix it.
> > >
> > > Agreed but let's wait for Minchan's response.
> >
> > If we goes this way, how to guarantee this race?
> >
> > kpageflags_read
> > stable_page_flags
> > page_is_idle
> > lookup_page_ext
> > section = __pfn_to_section(pfn)
> > offline_pages
> > memory_notify(MEM_OFFLINE)
> > offline_page_ext
> > ms->page_ext = NULL
> > section->page_ext + pfn
>
> I think that it is a fundamental problem of memory hotplug.
> There is similar race with struct page for offlined memory.
>
>
>
> kpageflags_read
> pfn_valid
> remove_memory
> stable_page_flags
> crash!
>
> I already reported similar race problem to memory hotplug guys but
> didn't get any answer.
>
> lkml.kernel.org/r/20151221031501.GA32524@js1304-P5Q-DELUXE
Who's in charge of memory-hotplug? Kame, Could you nudge him?
>
> Thanks.
^ permalink raw reply [flat|nested] 57+ messages in thread
* Re: [PATCH] mm: check the return value of lookup_page_ext for all call sites
2016-05-27 18:16 ` Shi, Yang
@ 2016-05-30 6:11 ` Minchan Kim
-1 siblings, 0 replies; 57+ messages in thread
From: Minchan Kim @ 2016-05-30 6:11 UTC (permalink / raw)
To: Shi, Yang
Cc: Joonsoo Kim, akpm, linux-kernel, linux-mm, linaro-kernel,
Tang Chen, Yasuaki Ishimatsu, Kamezawa Hiroyuki
On Fri, May 27, 2016 at 11:16:41AM -0700, Shi, Yang wrote:
<snip>
> >
> >If we goes this way, how to guarantee this race?
>
> Thanks for pointing out this. It sounds reasonable. However, this
> should be only possible to happen on 32 bit since just 32 bit
> version page_is_idle() calls lookup_page_ext(), it doesn't do it on
> 64 bit.
>
> And, such race condition should exist regardless of whether DEBUG_VM
> is enabled or not, right?
>
> rcu might be good enough to protect it.
>
> A quick fix may look like:
>
> diff --git a/include/linux/page_idle.h b/include/linux/page_idle.h
> index 8f5d4ad..bf0cd6a 100644
> --- a/include/linux/page_idle.h
> +++ b/include/linux/page_idle.h
> @@ -77,8 +77,12 @@ static inline bool
> test_and_clear_page_young(struct page *page)
> static inline bool page_is_idle(struct page *page)
> {
> struct page_ext *page_ext;
> +
> + rcu_read_lock();
> page_ext = lookup_page_ext(page);
> + rcu_read_unlock();
> +
> if (unlikely(!page_ext))
> return false;
>
> diff --git a/mm/page_ext.c b/mm/page_ext.c
> index 56b160f..94927c9 100644
> --- a/mm/page_ext.c
> +++ b/mm/page_ext.c
> @@ -183,7 +183,6 @@ struct page_ext *lookup_page_ext(struct page *page)
> {
> unsigned long pfn = page_to_pfn(page);
> struct mem_section *section = __pfn_to_section(pfn);
> -#if defined(CONFIG_DEBUG_VM) || defined(CONFIG_PAGE_POISONING)
> /*
> * The sanity checks the page allocator does upon freeing a
> * page can reach here before the page_ext arrays are
> @@ -195,7 +194,7 @@ struct page_ext *lookup_page_ext(struct page *page)
> */
> if (!section->page_ext)
> return NULL;
> -#endif
> +
> return section->page_ext + pfn;
> }
>
> @@ -279,7 +278,8 @@ static void __free_page_ext(unsigned long pfn)
> return;
> base = ms->page_ext + pfn;
> free_page_ext(base);
> - ms->page_ext = NULL;
> + rcu_assign_pointer(ms->page_ext, NULL);
> + synchronize_rcu();
How does it fix the problem?
I cannot understand your point.
> }
>
> static int __meminit online_page_ext(unsigned long start_pfn,
>
> Thanks,
> Yang
>
> >
> > kpageflags_read
> > stable_page_flags
> > page_is_idle
> > lookup_page_ext
> > section = __pfn_to_section(pfn)
> >offline_pages
> >memory_notify(MEM_OFFLINE)
> > offline_page_ext
> > ms->page_ext = NULL
> > section->page_ext + pfn
> >
> >>
> >>Thanks.
> >>
>
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
^ permalink raw reply [flat|nested] 57+ messages in thread
* Re: [PATCH] mm: check the return value of lookup_page_ext for all call sites
@ 2016-05-30 6:11 ` Minchan Kim
0 siblings, 0 replies; 57+ messages in thread
From: Minchan Kim @ 2016-05-30 6:11 UTC (permalink / raw)
To: Shi, Yang
Cc: Joonsoo Kim, akpm, linux-kernel, linux-mm, linaro-kernel,
Tang Chen, Yasuaki Ishimatsu, Kamezawa Hiroyuki
On Fri, May 27, 2016 at 11:16:41AM -0700, Shi, Yang wrote:
<snip>
> >
> >If we goes this way, how to guarantee this race?
>
> Thanks for pointing out this. It sounds reasonable. However, this
> should be only possible to happen on 32 bit since just 32 bit
> version page_is_idle() calls lookup_page_ext(), it doesn't do it on
> 64 bit.
>
> And, such race condition should exist regardless of whether DEBUG_VM
> is enabled or not, right?
>
> rcu might be good enough to protect it.
>
> A quick fix may look like:
>
> diff --git a/include/linux/page_idle.h b/include/linux/page_idle.h
> index 8f5d4ad..bf0cd6a 100644
> --- a/include/linux/page_idle.h
> +++ b/include/linux/page_idle.h
> @@ -77,8 +77,12 @@ static inline bool
> test_and_clear_page_young(struct page *page)
> static inline bool page_is_idle(struct page *page)
> {
> struct page_ext *page_ext;
> +
> + rcu_read_lock();
> page_ext = lookup_page_ext(page);
> + rcu_read_unlock();
> +
> if (unlikely(!page_ext))
> return false;
>
> diff --git a/mm/page_ext.c b/mm/page_ext.c
> index 56b160f..94927c9 100644
> --- a/mm/page_ext.c
> +++ b/mm/page_ext.c
> @@ -183,7 +183,6 @@ struct page_ext *lookup_page_ext(struct page *page)
> {
> unsigned long pfn = page_to_pfn(page);
> struct mem_section *section = __pfn_to_section(pfn);
> -#if defined(CONFIG_DEBUG_VM) || defined(CONFIG_PAGE_POISONING)
> /*
> * The sanity checks the page allocator does upon freeing a
> * page can reach here before the page_ext arrays are
> @@ -195,7 +194,7 @@ struct page_ext *lookup_page_ext(struct page *page)
> */
> if (!section->page_ext)
> return NULL;
> -#endif
> +
> return section->page_ext + pfn;
> }
>
> @@ -279,7 +278,8 @@ static void __free_page_ext(unsigned long pfn)
> return;
> base = ms->page_ext + pfn;
> free_page_ext(base);
> - ms->page_ext = NULL;
> + rcu_assign_pointer(ms->page_ext, NULL);
> + synchronize_rcu();
How does it fix the problem?
I cannot understand your point.
> }
>
> static int __meminit online_page_ext(unsigned long start_pfn,
>
> Thanks,
> Yang
>
> >
> > kpageflags_read
> > stable_page_flags
> > page_is_idle
> > lookup_page_ext
> > section = __pfn_to_section(pfn)
> >offline_pages
> >memory_notify(MEM_OFFLINE)
> > offline_page_ext
> > ms->page_ext = NULL
> > section->page_ext + pfn
> >
> >>
> >>Thanks.
> >>
>
^ permalink raw reply [flat|nested] 57+ messages in thread
* Re: [PATCH] mm: check the return value of lookup_page_ext for all call sites
2016-05-23 17:16 ` Yang Shi
@ 2016-05-30 6:17 ` Minchan Kim
-1 siblings, 0 replies; 57+ messages in thread
From: Minchan Kim @ 2016-05-30 6:17 UTC (permalink / raw)
To: Yang Shi; +Cc: akpm, iamjoonsoo.kim, linux-kernel, linux-mm, linaro-kernel
On Mon, May 23, 2016 at 10:16:08AM -0700, Yang Shi wrote:
> Per the discussion with Joonsoo Kim [1], we need check the return value of
> lookup_page_ext() for all call sites since it might return NULL in some cases,
> although it is unlikely, i.e. memory hotplug.
>
> Tested with ltp with "page_owner=0".
>
> [1] http://lkml.kernel.org/r/20160519002809.GA10245@js1304-P5Q-DELUXE
>
> Signed-off-by: Yang Shi <yang.shi@linaro.org>
> ---
> include/linux/page_idle.h | 43 ++++++++++++++++++++++++++++++++++++-------
> mm/page_alloc.c | 6 ++++++
> mm/page_owner.c | 27 +++++++++++++++++++++++++++
> mm/page_poison.c | 8 +++++++-
> mm/vmstat.c | 2 ++
> 5 files changed, 78 insertions(+), 8 deletions(-)
>
> diff --git a/include/linux/page_idle.h b/include/linux/page_idle.h
> index bf268fa..8f5d4ad 100644
> --- a/include/linux/page_idle.h
> +++ b/include/linux/page_idle.h
> @@ -46,33 +46,62 @@ extern struct page_ext_operations page_idle_ops;
>
> static inline bool page_is_young(struct page *page)
> {
> - return test_bit(PAGE_EXT_YOUNG, &lookup_page_ext(page)->flags);
> + struct page_ext *page_ext;
> + page_ext = lookup_page_ext(page);
> + if (unlikely(!page_ext)
> + return false;
> +
> + return test_bit(PAGE_EXT_YOUNG, &page_ext->flags);
> }
>
> static inline void set_page_young(struct page *page)
> {
> - set_bit(PAGE_EXT_YOUNG, &lookup_page_ext(page)->flags);
> + struct page_ext *page_ext;
> + page_ext = lookup_page_ext(page);
> + if (unlikely(!page_ext)
> + return;
> +
> + set_bit(PAGE_EXT_YOUNG, &page_ext->flags);
> }
>
> static inline bool test_and_clear_page_young(struct page *page)
> {
> - return test_and_clear_bit(PAGE_EXT_YOUNG,
> - &lookup_page_ext(page)->flags);
> + struct page_ext *page_ext;
> + page_ext = lookup_page_ext(page);
> + if (unlikely(!page_ext)
> + return false;
> +
> + return test_and_clear_bit(PAGE_EXT_YOUNG, &page_ext->flags);
> }
>
> static inline bool page_is_idle(struct page *page)
> {
> - return test_bit(PAGE_EXT_IDLE, &lookup_page_ext(page)->flags);
> + struct page_ext *page_ext;
> + page_ext = lookup_page_ext(page);
> + if (unlikely(!page_ext)
> + return false;
> +
> + return test_bit(PAGE_EXT_IDLE, &page_ext->flags);
> }
>
> static inline void set_page_idle(struct page *page)
> {
> - set_bit(PAGE_EXT_IDLE, &lookup_page_ext(page)->flags);
> + struct page_ext *page_ext;
> + page_ext = lookup_page_ext(page);
> + if (unlikely(!page_ext)
> + return;
> +
> + set_bit(PAGE_EXT_IDLE, &page_ext->flags);
> }
>
> static inline void clear_page_idle(struct page *page)
> {
> - clear_bit(PAGE_EXT_IDLE, &lookup_page_ext(page)->flags);
> + struct page_ext *page_ext;
> + page_ext = lookup_page_ext(page);
> + if (unlikely(!page_ext)
> + return;
> +
> + clear_bit(PAGE_EXT_IDLE, &page_ext->flags);
> }
> #endif /* CONFIG_64BIT */
>
> diff --git a/mm/page_alloc.c b/mm/page_alloc.c
> index f8f3bfc..d27e8b9 100644
> --- a/mm/page_alloc.c
> +++ b/mm/page_alloc.c
> @@ -656,6 +656,9 @@ static inline void set_page_guard(struct zone *zone, struct page *page,
> return;
>
> page_ext = lookup_page_ext(page);
> + if (unlikely(!page_ext))
> + return;
> +
> __set_bit(PAGE_EXT_DEBUG_GUARD, &page_ext->flags);
>
> INIT_LIST_HEAD(&page->lru);
> @@ -673,6 +676,9 @@ static inline void clear_page_guard(struct zone *zone, struct page *page,
> return;
>
> page_ext = lookup_page_ext(page);
> + if (unlikely(!page_ext))
> + return;
> +
> __clear_bit(PAGE_EXT_DEBUG_GUARD, &page_ext->flags);
>
> set_page_private(page, 0);
> diff --git a/mm/page_owner.c b/mm/page_owner.c
> index 792b56d..902e398 100644
> --- a/mm/page_owner.c
> +++ b/mm/page_owner.c
> @@ -55,6 +55,8 @@ void __reset_page_owner(struct page *page, unsigned int order)
>
> for (i = 0; i < (1 << order); i++) {
> page_ext = lookup_page_ext(page + i);
> + if (unlikely(!page_ext))
> + continue;
> __clear_bit(PAGE_EXT_OWNER, &page_ext->flags);
> }
> }
> @@ -62,6 +64,10 @@ void __reset_page_owner(struct page *page, unsigned int order)
> void __set_page_owner(struct page *page, unsigned int order, gfp_t gfp_mask)
> {
> struct page_ext *page_ext = lookup_page_ext(page);
> +
> + if (unlikely(!page_ext))
> + return;
> +
> struct stack_trace trace = {
> .nr_entries = 0,
> .max_entries = ARRAY_SIZE(page_ext->trace_entries),
> @@ -82,6 +88,8 @@ void __set_page_owner(struct page *page, unsigned int order, gfp_t gfp_mask)
> void __set_page_owner_migrate_reason(struct page *page, int reason)
> {
> struct page_ext *page_ext = lookup_page_ext(page);
> + if (unlikely(!page_ext))
> + return;
>
> page_ext->last_migrate_reason = reason;
> }
> @@ -89,6 +97,12 @@ void __set_page_owner_migrate_reason(struct page *page, int reason)
> gfp_t __get_page_owner_gfp(struct page *page)
> {
> struct page_ext *page_ext = lookup_page_ext(page);
> + if (unlikely(!page_ext))
> + /*
> + * The caller just returns 0 if no valid gfp
> + * So return 0 here too.
> + */
> + return 0;
>
> return page_ext->gfp_mask;
> }
> @@ -97,6 +111,10 @@ void __copy_page_owner(struct page *oldpage, struct page *newpage)
> {
> struct page_ext *old_ext = lookup_page_ext(oldpage);
> struct page_ext *new_ext = lookup_page_ext(newpage);
> +
> + if (unlikely(!old_ext || !new_ext))
> + return;
> +
> int i;
>
> new_ext->order = old_ext->order;
> @@ -186,6 +204,11 @@ err:
> void __dump_page_owner(struct page *page)
> {
> struct page_ext *page_ext = lookup_page_ext(page);
> + if (unlikely(!page_ext)) {
> + pr_alert("There is not page extension available.\n");
> + return;
> + }
> +
> struct stack_trace trace = {
> .nr_entries = page_ext->nr_entries,
> .entries = &page_ext->trace_entries[0],
> @@ -251,6 +274,8 @@ read_page_owner(struct file *file, char __user *buf, size_t count, loff_t *ppos)
> }
>
> page_ext = lookup_page_ext(page);
> + if (unlikely(!page_ext))
> + continue;
>
> /*
> * Some pages could be missed by concurrent allocation or free,
> @@ -317,6 +342,8 @@ static void init_pages_in_zone(pg_data_t *pgdat, struct zone *zone)
> continue;
>
> page_ext = lookup_page_ext(page);
> + if (unlikely(!page_ext))
> + continue;
>
> /* Maybe overraping zone */
> if (test_bit(PAGE_EXT_OWNER, &page_ext->flags))
> diff --git a/mm/page_poison.c b/mm/page_poison.c
> index 1eae5fa..2e647c6 100644
> --- a/mm/page_poison.c
> +++ b/mm/page_poison.c
> @@ -54,6 +54,9 @@ static inline void set_page_poison(struct page *page)
> struct page_ext *page_ext;
>
> page_ext = lookup_page_ext(page);
> + if (unlikely(!page_ext))
> + return;
> +
> __set_bit(PAGE_EXT_DEBUG_POISON, &page_ext->flags);
> }
>
> @@ -62,6 +65,9 @@ static inline void clear_page_poison(struct page *page)
> struct page_ext *page_ext;
>
> page_ext = lookup_page_ext(page);
> + if (unlikely(!page_ext))
> + return;
> +
> __clear_bit(PAGE_EXT_DEBUG_POISON, &page_ext->flags);
> }
>
> @@ -70,7 +76,7 @@ bool page_is_poisoned(struct page *page)
> struct page_ext *page_ext;
>
> page_ext = lookup_page_ext(page);
> - if (!page_ext)
> + if (unlikely(!page_ext))
> return false;
>
> return test_bit(PAGE_EXT_DEBUG_POISON, &page_ext->flags);
> diff --git a/mm/vmstat.c b/mm/vmstat.c
> index 77e42ef..cb2a67b 100644
> --- a/mm/vmstat.c
> +++ b/mm/vmstat.c
> @@ -1061,6 +1061,8 @@ static void pagetypeinfo_showmixedcount_print(struct seq_file *m,
> continue;
>
> page_ext = lookup_page_ext(page);
> + if (unlikely(!page_ext))
> + continue;
>
> if (!test_bit(PAGE_EXT_OWNER, &page_ext->flags))
> continue;
> --
There is another race with here.
init_section_page_ext
< reordering >
section->page_ext = base - pfn
lookup_page_ext
if (section->page_ext)
section->page_ext + pfn
base = alloc_page_ext
I guess alloc_page_ext doesn't make sure to prevent such reordering so
caller of memory allocating APIB should provide right memory barrier.
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
^ permalink raw reply [flat|nested] 57+ messages in thread
* Re: [PATCH] mm: check the return value of lookup_page_ext for all call sites
@ 2016-05-30 6:17 ` Minchan Kim
0 siblings, 0 replies; 57+ messages in thread
From: Minchan Kim @ 2016-05-30 6:17 UTC (permalink / raw)
To: Yang Shi; +Cc: akpm, iamjoonsoo.kim, linux-kernel, linux-mm, linaro-kernel
On Mon, May 23, 2016 at 10:16:08AM -0700, Yang Shi wrote:
> Per the discussion with Joonsoo Kim [1], we need check the return value of
> lookup_page_ext() for all call sites since it might return NULL in some cases,
> although it is unlikely, i.e. memory hotplug.
>
> Tested with ltp with "page_owner=0".
>
> [1] http://lkml.kernel.org/r/20160519002809.GA10245@js1304-P5Q-DELUXE
>
> Signed-off-by: Yang Shi <yang.shi@linaro.org>
> ---
> include/linux/page_idle.h | 43 ++++++++++++++++++++++++++++++++++++-------
> mm/page_alloc.c | 6 ++++++
> mm/page_owner.c | 27 +++++++++++++++++++++++++++
> mm/page_poison.c | 8 +++++++-
> mm/vmstat.c | 2 ++
> 5 files changed, 78 insertions(+), 8 deletions(-)
>
> diff --git a/include/linux/page_idle.h b/include/linux/page_idle.h
> index bf268fa..8f5d4ad 100644
> --- a/include/linux/page_idle.h
> +++ b/include/linux/page_idle.h
> @@ -46,33 +46,62 @@ extern struct page_ext_operations page_idle_ops;
>
> static inline bool page_is_young(struct page *page)
> {
> - return test_bit(PAGE_EXT_YOUNG, &lookup_page_ext(page)->flags);
> + struct page_ext *page_ext;
> + page_ext = lookup_page_ext(page);
> + if (unlikely(!page_ext)
> + return false;
> +
> + return test_bit(PAGE_EXT_YOUNG, &page_ext->flags);
> }
>
> static inline void set_page_young(struct page *page)
> {
> - set_bit(PAGE_EXT_YOUNG, &lookup_page_ext(page)->flags);
> + struct page_ext *page_ext;
> + page_ext = lookup_page_ext(page);
> + if (unlikely(!page_ext)
> + return;
> +
> + set_bit(PAGE_EXT_YOUNG, &page_ext->flags);
> }
>
> static inline bool test_and_clear_page_young(struct page *page)
> {
> - return test_and_clear_bit(PAGE_EXT_YOUNG,
> - &lookup_page_ext(page)->flags);
> + struct page_ext *page_ext;
> + page_ext = lookup_page_ext(page);
> + if (unlikely(!page_ext)
> + return false;
> +
> + return test_and_clear_bit(PAGE_EXT_YOUNG, &page_ext->flags);
> }
>
> static inline bool page_is_idle(struct page *page)
> {
> - return test_bit(PAGE_EXT_IDLE, &lookup_page_ext(page)->flags);
> + struct page_ext *page_ext;
> + page_ext = lookup_page_ext(page);
> + if (unlikely(!page_ext)
> + return false;
> +
> + return test_bit(PAGE_EXT_IDLE, &page_ext->flags);
> }
>
> static inline void set_page_idle(struct page *page)
> {
> - set_bit(PAGE_EXT_IDLE, &lookup_page_ext(page)->flags);
> + struct page_ext *page_ext;
> + page_ext = lookup_page_ext(page);
> + if (unlikely(!page_ext)
> + return;
> +
> + set_bit(PAGE_EXT_IDLE, &page_ext->flags);
> }
>
> static inline void clear_page_idle(struct page *page)
> {
> - clear_bit(PAGE_EXT_IDLE, &lookup_page_ext(page)->flags);
> + struct page_ext *page_ext;
> + page_ext = lookup_page_ext(page);
> + if (unlikely(!page_ext)
> + return;
> +
> + clear_bit(PAGE_EXT_IDLE, &page_ext->flags);
> }
> #endif /* CONFIG_64BIT */
>
> diff --git a/mm/page_alloc.c b/mm/page_alloc.c
> index f8f3bfc..d27e8b9 100644
> --- a/mm/page_alloc.c
> +++ b/mm/page_alloc.c
> @@ -656,6 +656,9 @@ static inline void set_page_guard(struct zone *zone, struct page *page,
> return;
>
> page_ext = lookup_page_ext(page);
> + if (unlikely(!page_ext))
> + return;
> +
> __set_bit(PAGE_EXT_DEBUG_GUARD, &page_ext->flags);
>
> INIT_LIST_HEAD(&page->lru);
> @@ -673,6 +676,9 @@ static inline void clear_page_guard(struct zone *zone, struct page *page,
> return;
>
> page_ext = lookup_page_ext(page);
> + if (unlikely(!page_ext))
> + return;
> +
> __clear_bit(PAGE_EXT_DEBUG_GUARD, &page_ext->flags);
>
> set_page_private(page, 0);
> diff --git a/mm/page_owner.c b/mm/page_owner.c
> index 792b56d..902e398 100644
> --- a/mm/page_owner.c
> +++ b/mm/page_owner.c
> @@ -55,6 +55,8 @@ void __reset_page_owner(struct page *page, unsigned int order)
>
> for (i = 0; i < (1 << order); i++) {
> page_ext = lookup_page_ext(page + i);
> + if (unlikely(!page_ext))
> + continue;
> __clear_bit(PAGE_EXT_OWNER, &page_ext->flags);
> }
> }
> @@ -62,6 +64,10 @@ void __reset_page_owner(struct page *page, unsigned int order)
> void __set_page_owner(struct page *page, unsigned int order, gfp_t gfp_mask)
> {
> struct page_ext *page_ext = lookup_page_ext(page);
> +
> + if (unlikely(!page_ext))
> + return;
> +
> struct stack_trace trace = {
> .nr_entries = 0,
> .max_entries = ARRAY_SIZE(page_ext->trace_entries),
> @@ -82,6 +88,8 @@ void __set_page_owner(struct page *page, unsigned int order, gfp_t gfp_mask)
> void __set_page_owner_migrate_reason(struct page *page, int reason)
> {
> struct page_ext *page_ext = lookup_page_ext(page);
> + if (unlikely(!page_ext))
> + return;
>
> page_ext->last_migrate_reason = reason;
> }
> @@ -89,6 +97,12 @@ void __set_page_owner_migrate_reason(struct page *page, int reason)
> gfp_t __get_page_owner_gfp(struct page *page)
> {
> struct page_ext *page_ext = lookup_page_ext(page);
> + if (unlikely(!page_ext))
> + /*
> + * The caller just returns 0 if no valid gfp
> + * So return 0 here too.
> + */
> + return 0;
>
> return page_ext->gfp_mask;
> }
> @@ -97,6 +111,10 @@ void __copy_page_owner(struct page *oldpage, struct page *newpage)
> {
> struct page_ext *old_ext = lookup_page_ext(oldpage);
> struct page_ext *new_ext = lookup_page_ext(newpage);
> +
> + if (unlikely(!old_ext || !new_ext))
> + return;
> +
> int i;
>
> new_ext->order = old_ext->order;
> @@ -186,6 +204,11 @@ err:
> void __dump_page_owner(struct page *page)
> {
> struct page_ext *page_ext = lookup_page_ext(page);
> + if (unlikely(!page_ext)) {
> + pr_alert("There is not page extension available.\n");
> + return;
> + }
> +
> struct stack_trace trace = {
> .nr_entries = page_ext->nr_entries,
> .entries = &page_ext->trace_entries[0],
> @@ -251,6 +274,8 @@ read_page_owner(struct file *file, char __user *buf, size_t count, loff_t *ppos)
> }
>
> page_ext = lookup_page_ext(page);
> + if (unlikely(!page_ext))
> + continue;
>
> /*
> * Some pages could be missed by concurrent allocation or free,
> @@ -317,6 +342,8 @@ static void init_pages_in_zone(pg_data_t *pgdat, struct zone *zone)
> continue;
>
> page_ext = lookup_page_ext(page);
> + if (unlikely(!page_ext))
> + continue;
>
> /* Maybe overraping zone */
> if (test_bit(PAGE_EXT_OWNER, &page_ext->flags))
> diff --git a/mm/page_poison.c b/mm/page_poison.c
> index 1eae5fa..2e647c6 100644
> --- a/mm/page_poison.c
> +++ b/mm/page_poison.c
> @@ -54,6 +54,9 @@ static inline void set_page_poison(struct page *page)
> struct page_ext *page_ext;
>
> page_ext = lookup_page_ext(page);
> + if (unlikely(!page_ext))
> + return;
> +
> __set_bit(PAGE_EXT_DEBUG_POISON, &page_ext->flags);
> }
>
> @@ -62,6 +65,9 @@ static inline void clear_page_poison(struct page *page)
> struct page_ext *page_ext;
>
> page_ext = lookup_page_ext(page);
> + if (unlikely(!page_ext))
> + return;
> +
> __clear_bit(PAGE_EXT_DEBUG_POISON, &page_ext->flags);
> }
>
> @@ -70,7 +76,7 @@ bool page_is_poisoned(struct page *page)
> struct page_ext *page_ext;
>
> page_ext = lookup_page_ext(page);
> - if (!page_ext)
> + if (unlikely(!page_ext))
> return false;
>
> return test_bit(PAGE_EXT_DEBUG_POISON, &page_ext->flags);
> diff --git a/mm/vmstat.c b/mm/vmstat.c
> index 77e42ef..cb2a67b 100644
> --- a/mm/vmstat.c
> +++ b/mm/vmstat.c
> @@ -1061,6 +1061,8 @@ static void pagetypeinfo_showmixedcount_print(struct seq_file *m,
> continue;
>
> page_ext = lookup_page_ext(page);
> + if (unlikely(!page_ext))
> + continue;
>
> if (!test_bit(PAGE_EXT_OWNER, &page_ext->flags))
> continue;
> --
There is another race with here.
init_section_page_ext
< reordering >
section->page_ext = base - pfn
lookup_page_ext
if (section->page_ext)
section->page_ext + pfn
base = alloc_page_ext
I guess alloc_page_ext doesn't make sure to prevent such reordering so
caller of memory allocating APIB should provide right memory barrier.
^ permalink raw reply [flat|nested] 57+ messages in thread
* Re: [PATCH] mm: check the return value of lookup_page_ext for all call sites
2016-05-30 6:11 ` Minchan Kim
@ 2016-06-01 20:40 ` Shi, Yang
-1 siblings, 0 replies; 57+ messages in thread
From: Shi, Yang @ 2016-06-01 20:40 UTC (permalink / raw)
To: Minchan Kim
Cc: Joonsoo Kim, akpm, linux-kernel, linux-mm, linaro-kernel,
Tang Chen, Yasuaki Ishimatsu, Kamezawa Hiroyuki
On 5/29/2016 11:11 PM, Minchan Kim wrote:
> On Fri, May 27, 2016 at 11:16:41AM -0700, Shi, Yang wrote:
>
> <snip>
>
>>>
>>> If we goes this way, how to guarantee this race?
>>
>> Thanks for pointing out this. It sounds reasonable. However, this
>> should be only possible to happen on 32 bit since just 32 bit
>> version page_is_idle() calls lookup_page_ext(), it doesn't do it on
>> 64 bit.
>>
>> And, such race condition should exist regardless of whether DEBUG_VM
>> is enabled or not, right?
>>
>> rcu might be good enough to protect it.
>>
>> A quick fix may look like:
>>
>> diff --git a/include/linux/page_idle.h b/include/linux/page_idle.h
>> index 8f5d4ad..bf0cd6a 100644
>> --- a/include/linux/page_idle.h
>> +++ b/include/linux/page_idle.h
>> @@ -77,8 +77,12 @@ static inline bool
>> test_and_clear_page_young(struct page *page)
>> static inline bool page_is_idle(struct page *page)
>> {
>> struct page_ext *page_ext;
>> +
>> + rcu_read_lock();
>> page_ext = lookup_page_ext(page);
>> + rcu_read_unlock();
>> +
>> if (unlikely(!page_ext))
>> return false;
>>
>> diff --git a/mm/page_ext.c b/mm/page_ext.c
>> index 56b160f..94927c9 100644
>> --- a/mm/page_ext.c
>> +++ b/mm/page_ext.c
>> @@ -183,7 +183,6 @@ struct page_ext *lookup_page_ext(struct page *page)
>> {
>> unsigned long pfn = page_to_pfn(page);
>> struct mem_section *section = __pfn_to_section(pfn);
>> -#if defined(CONFIG_DEBUG_VM) || defined(CONFIG_PAGE_POISONING)
>> /*
>> * The sanity checks the page allocator does upon freeing a
>> * page can reach here before the page_ext arrays are
>> @@ -195,7 +194,7 @@ struct page_ext *lookup_page_ext(struct page *page)
>> */
>> if (!section->page_ext)
>> return NULL;
>> -#endif
>> +
>> return section->page_ext + pfn;
>> }
>>
>> @@ -279,7 +278,8 @@ static void __free_page_ext(unsigned long pfn)
>> return;
>> base = ms->page_ext + pfn;
>> free_page_ext(base);
>> - ms->page_ext = NULL;
>> + rcu_assign_pointer(ms->page_ext, NULL);
>> + synchronize_rcu();
>
> How does it fix the problem?
> I cannot understand your point.
Assigning NULL pointer to page_Ext will be blocked until rcu_read_lock
critical section is done, so the lookup and writing operations will be
serialized. And, rcu_read_lock disables preempt too.
Yang
>
>> }
>>
>> static int __meminit online_page_ext(unsigned long start_pfn,
>>
>> Thanks,
>> Yang
>>
>>>
>>> kpageflags_read
>>> stable_page_flags
>>> page_is_idle
>>> lookup_page_ext
>>> section = __pfn_to_section(pfn)
>>> offline_pages
>>> memory_notify(MEM_OFFLINE)
>>> offline_page_ext
>>> ms->page_ext = NULL
>>> section->page_ext + pfn
>>>
>>>>
>>>> Thanks.
>>>>
>>
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
^ permalink raw reply [flat|nested] 57+ messages in thread
* Re: [PATCH] mm: check the return value of lookup_page_ext for all call sites
@ 2016-06-01 20:40 ` Shi, Yang
0 siblings, 0 replies; 57+ messages in thread
From: Shi, Yang @ 2016-06-01 20:40 UTC (permalink / raw)
To: Minchan Kim
Cc: Joonsoo Kim, akpm, linux-kernel, linux-mm, linaro-kernel,
Tang Chen, Yasuaki Ishimatsu, Kamezawa Hiroyuki
On 5/29/2016 11:11 PM, Minchan Kim wrote:
> On Fri, May 27, 2016 at 11:16:41AM -0700, Shi, Yang wrote:
>
> <snip>
>
>>>
>>> If we goes this way, how to guarantee this race?
>>
>> Thanks for pointing out this. It sounds reasonable. However, this
>> should be only possible to happen on 32 bit since just 32 bit
>> version page_is_idle() calls lookup_page_ext(), it doesn't do it on
>> 64 bit.
>>
>> And, such race condition should exist regardless of whether DEBUG_VM
>> is enabled or not, right?
>>
>> rcu might be good enough to protect it.
>>
>> A quick fix may look like:
>>
>> diff --git a/include/linux/page_idle.h b/include/linux/page_idle.h
>> index 8f5d4ad..bf0cd6a 100644
>> --- a/include/linux/page_idle.h
>> +++ b/include/linux/page_idle.h
>> @@ -77,8 +77,12 @@ static inline bool
>> test_and_clear_page_young(struct page *page)
>> static inline bool page_is_idle(struct page *page)
>> {
>> struct page_ext *page_ext;
>> +
>> + rcu_read_lock();
>> page_ext = lookup_page_ext(page);
>> + rcu_read_unlock();
>> +
>> if (unlikely(!page_ext))
>> return false;
>>
>> diff --git a/mm/page_ext.c b/mm/page_ext.c
>> index 56b160f..94927c9 100644
>> --- a/mm/page_ext.c
>> +++ b/mm/page_ext.c
>> @@ -183,7 +183,6 @@ struct page_ext *lookup_page_ext(struct page *page)
>> {
>> unsigned long pfn = page_to_pfn(page);
>> struct mem_section *section = __pfn_to_section(pfn);
>> -#if defined(CONFIG_DEBUG_VM) || defined(CONFIG_PAGE_POISONING)
>> /*
>> * The sanity checks the page allocator does upon freeing a
>> * page can reach here before the page_ext arrays are
>> @@ -195,7 +194,7 @@ struct page_ext *lookup_page_ext(struct page *page)
>> */
>> if (!section->page_ext)
>> return NULL;
>> -#endif
>> +
>> return section->page_ext + pfn;
>> }
>>
>> @@ -279,7 +278,8 @@ static void __free_page_ext(unsigned long pfn)
>> return;
>> base = ms->page_ext + pfn;
>> free_page_ext(base);
>> - ms->page_ext = NULL;
>> + rcu_assign_pointer(ms->page_ext, NULL);
>> + synchronize_rcu();
>
> How does it fix the problem?
> I cannot understand your point.
Assigning NULL pointer to page_Ext will be blocked until rcu_read_lock
critical section is done, so the lookup and writing operations will be
serialized. And, rcu_read_lock disables preempt too.
Yang
>
>> }
>>
>> static int __meminit online_page_ext(unsigned long start_pfn,
>>
>> Thanks,
>> Yang
>>
>>>
>>> kpageflags_read
>>> stable_page_flags
>>> page_is_idle
>>> lookup_page_ext
>>> section = __pfn_to_section(pfn)
>>> offline_pages
>>> memory_notify(MEM_OFFLINE)
>>> offline_page_ext
>>> ms->page_ext = NULL
>>> section->page_ext + pfn
>>>
>>>>
>>>> Thanks.
>>>>
>>
^ permalink raw reply [flat|nested] 57+ messages in thread
* Re: [PATCH] mm: check the return value of lookup_page_ext for all call sites
2016-05-30 6:08 ` Minchan Kim
@ 2016-06-01 20:52 ` Shi, Yang
-1 siblings, 0 replies; 57+ messages in thread
From: Shi, Yang @ 2016-06-01 20:52 UTC (permalink / raw)
To: Minchan Kim, Joonsoo Kim, Kamezawa Hiroyuki
Cc: akpm, linux-kernel, linux-mm, linaro-kernel, Tang Chen,
Yasuaki Ishimatsu
On 5/29/2016 11:08 PM, Minchan Kim wrote:
> On Mon, May 30, 2016 at 02:39:06PM +0900, Joonsoo Kim wrote:
>> On Fri, May 27, 2016 at 05:11:08PM +0900, Minchan Kim wrote:
>>> On Fri, May 27, 2016 at 03:08:39PM +0900, Joonsoo Kim wrote:
>>>> On Fri, May 27, 2016 at 02:14:32PM +0900, Minchan Kim wrote:
>>>>> On Thu, May 26, 2016 at 04:15:28PM -0700, Shi, Yang wrote:
>>>>>> On 5/25/2016 5:37 PM, Minchan Kim wrote:
>>>>>>> On Tue, May 24, 2016 at 11:58:11AM +0900, Minchan Kim wrote:
>>>>>>>> On Mon, May 23, 2016 at 10:16:08AM -0700, Yang Shi wrote:
>>>>>>>>> Per the discussion with Joonsoo Kim [1], we need check the return value of
>>>>>>>>> lookup_page_ext() for all call sites since it might return NULL in some cases,
>>>>>>>>> although it is unlikely, i.e. memory hotplug.
>>>>>>>>>
>>>>>>>>> Tested with ltp with "page_owner=0".
>>>>>>>>>
>>>>>>>>> [1] http://lkml.kernel.org/r/20160519002809.GA10245@js1304-P5Q-DELUXE
>>>>>>>>>
>>>>>>>>> Signed-off-by: Yang Shi <yang.shi@linaro.org>
>>>>>>>>
>>>>>>>> I didn't read code code in detail to see how page_ext memory space
>>>>>>>> allocated in boot code and memory hotplug but to me, it's not good
>>>>>>>> to check NULL whenever we calls lookup_page_ext.
>>>>>>>>
>>>>>>>> More dangerous thing is now page_ext is used by optionable feature(ie, not
>>>>>>>> critical for system stability) but if we want to use page_ext as
>>>>>>>> another important tool for the system in future,
>>>>>>>> it could be a serious problem.
>>>>
>>>> Hello, Minchan.
>>>
>>> Hi Joonsoo,
>>>
>>>>
>>>> I wonder how pages that isn't managed by kernel yet will cause serious
>>>> problem. Until onlining, these pages are out of our scope. Any
>>>> information about them would be useless until it is actually
>>>> activated. I guess that returning NULL for those pages will not hurt
>>>> any functionality. Do you have any possible scenario that this causes the
>>>> serious problem?
>>>
>>> I don't have any specific usecase now. That's why I said "in future".
>>> And I don't want to argue whether there is possible scenario or not
>>> to make the feature useful but if you want, I should write novel.
>>> One of example, pop up my mind, xen, hv and even memory_hotplug itself
>>> might want to use page_ext for their functionality extension to hook
>>> guest pages.
>>
>> There is no detail so I can't guess how to use it and how it causes
>> the serious problem. But, we can do it when it is really needed.
>>
>>>
>>> My opinion is that page_ext is extension of struct page so it would
>>> be better to allow any operation on struct page without any limitation
>>> if we can do it. Whether it's useful or useless depend on random
>>> usecase and we don't need to limit that way from the beginning.
>>
>> If there is no drawback, it would be a better design. But, we have
>> trade-off that for some case that the memory is added but not
>> onlined, there is memory saving if we allocate page_ext later.
>> So, in current situation that there is no user to require such
>> guarantee, I don't think it's worth doing right now.
>>
>>> However, current design allows deferred page_ext population so any user
>>> of page_ext should keep it in mind and should either make fallback plan
>>> or don't use page_ext for those cases. If we decide go this way through
>>> discussion, at least, we should make such limitation more clear to
>>> somewhere in this chance, maybe around page_ext_operation->need comment.
>>
>> Agreed.
>
> Okay, We realized from this discussion that by design, guest of page_ext
> at the meoment should know his page_ext access from the page can be failed
> so every caller should prepare for it.
>
> Shi, Yang, Please include some comment about that in your patch to
> prevent further reviewer waste his time with repeating same discussion
> and client of page_ext can know the limitation.
>
>>
>>> My comment's point is that we should consider that way at least. It's
>>> worth to discuss pros and cons, what's the best and what makes that way
>>> hesitate if we can't.
>>
>> Yes, your suggestion would be good for future direction, but, for now,
>> I think that inserting NULL to all callers is right fix.
>>
>> 1) Current design that page_ext is allocated when online is design
>> decision of page_ext to save memory as much as possible. Fixing
>> possible problem within this design decision looks good to me.
>
> Okay. Shi Yang, please include this comment in your patch, too.
There is already such comment in lookup_page_ext:
* The sanity checks the page allocator does upon freeing a
* page can reach here before the page_ext arrays are
* allocated when feeding a range of pages to the allocator
* for the first time during bootup or memory hotplug.
I will add more details, i.e. newly added but not onlined memory could
reach here too.
>
>>
>> 2) Maybe, we need to backport fixes because it would crash older
>> kernels. In this case, fix with NULL is easy to backport.
>
> Agreed.
>
> Then, Shi Yang need to mark the page as stable.
Agreed.
> Shi, Please resend your patch with hard testing and more better
> description with marking it as stable.
Will come with an incremental patch to remove CONFIG_DEBUG #ifdef and
fix the improve the comments since the comments are included by it.
Thanks,
Yang
> And I know another race problem about Shi's patch.
> I will reply to the thread.
>
>>
>>>>
>>>> And, allocation such memory space doesn't come from free. If someone
>>>> just add the memory device and don't online it, these memory will be
>>>
>>> Here goes several questions.
>>> Cced hotplug guys
>>>
>>> 1.
>>> If someone just add the memory device without onlining, kernel code
>>> can return pfn_valid == true on the offlined page?
>>
>> AFAIK, yes.
>>>
>>> 2.
>>> If so, it means memmap on offline memory is already populated somewhere.
>>> Where is the memmap allocated? part of offlined memory space or other memory?
>>
>> Other memory.
>>
>>> 3. Could we allocate page_ext in part of offline memory space so that
>>> it doesn't consume online memory.
>>>
>>>> wasted. I don't know if there is such a usecase but it's possible
>>>> scenario.
>>>
>>>>
>>>>>>>>
>>>>>>>> Can we put some hooks of page_ext into memory-hotplug so guarantee
>>>>>>>> that page_ext memory space is allocated with memmap space at the
>>>>>>>> same time? IOW, once every PFN wakers find a page is valid, page_ext
>>>>>>>> is valid, too so lookup_page_ext never returns NULL on valid page
>>>>>>>> by design.
>>>>>>>>
>>>>>>>> I hope we consider this direction, too.
>>>>>>>
>>>>>>> Yang, Could you think about this?
>>>>>>
>>>>>> Thanks a lot for the suggestion. Sorry for the late reply, I was
>>>>>> busy on preparing patches. I do agree this is a direction we should
>>>>>> look into, but I haven't got time to think about it deeper. I hope
>>>>>> Joonsoo could chime in too since he is the original author for page
>>>>>> extension.
>>>>>>
>>>>>>>
>>>>>>> Even, your patch was broken, I think.
>>>>>>> It doesn't work with !CONFIG_DEBUG_VM && !CONFIG_PAGE_POISONING because
>>>>>>> lookup_page_ext doesn't return NULL in that case.
>>>>>>
>>>>>> Actually, I think the #ifdef should be removed if lookup_page_ext()
>>>>>> is possible to return NULL. It sounds not make sense returning NULL
>>>>>> only when DEBUG_VM is enabled. It should return NULL no matter what
>>>>>> debug config is selected. If Joonsoo agrees with me I'm going to
>>>>>> come up with a patch to fix it.
>>>>
>>>> Agreed but let's wait for Minchan's response.
>>>
>>> If we goes this way, how to guarantee this race?
>>>
>>> kpageflags_read
>>> stable_page_flags
>>> page_is_idle
>>> lookup_page_ext
>>> section = __pfn_to_section(pfn)
>>> offline_pages
>>> memory_notify(MEM_OFFLINE)
>>> offline_page_ext
>>> ms->page_ext = NULL
>>> section->page_ext + pfn
>>
>> I think that it is a fundamental problem of memory hotplug.
>> There is similar race with struct page for offlined memory.
>>
>>
>>
>> kpageflags_read
>> pfn_valid
>> remove_memory
>> stable_page_flags
>> crash!
>>
>> I already reported similar race problem to memory hotplug guys but
>> didn't get any answer.
>>
>> lkml.kernel.org/r/20151221031501.GA32524@js1304-P5Q-DELUXE
>
> Who's in charge of memory-hotplug? Kame, Could you nudge him?
>
>>
>> Thanks.
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
^ permalink raw reply [flat|nested] 57+ messages in thread
* Re: [PATCH] mm: check the return value of lookup_page_ext for all call sites
@ 2016-06-01 20:52 ` Shi, Yang
0 siblings, 0 replies; 57+ messages in thread
From: Shi, Yang @ 2016-06-01 20:52 UTC (permalink / raw)
To: Minchan Kim, Joonsoo Kim, Kamezawa Hiroyuki
Cc: akpm, linux-kernel, linux-mm, linaro-kernel, Tang Chen,
Yasuaki Ishimatsu
On 5/29/2016 11:08 PM, Minchan Kim wrote:
> On Mon, May 30, 2016 at 02:39:06PM +0900, Joonsoo Kim wrote:
>> On Fri, May 27, 2016 at 05:11:08PM +0900, Minchan Kim wrote:
>>> On Fri, May 27, 2016 at 03:08:39PM +0900, Joonsoo Kim wrote:
>>>> On Fri, May 27, 2016 at 02:14:32PM +0900, Minchan Kim wrote:
>>>>> On Thu, May 26, 2016 at 04:15:28PM -0700, Shi, Yang wrote:
>>>>>> On 5/25/2016 5:37 PM, Minchan Kim wrote:
>>>>>>> On Tue, May 24, 2016 at 11:58:11AM +0900, Minchan Kim wrote:
>>>>>>>> On Mon, May 23, 2016 at 10:16:08AM -0700, Yang Shi wrote:
>>>>>>>>> Per the discussion with Joonsoo Kim [1], we need check the return value of
>>>>>>>>> lookup_page_ext() for all call sites since it might return NULL in some cases,
>>>>>>>>> although it is unlikely, i.e. memory hotplug.
>>>>>>>>>
>>>>>>>>> Tested with ltp with "page_owner=0".
>>>>>>>>>
>>>>>>>>> [1] http://lkml.kernel.org/r/20160519002809.GA10245@js1304-P5Q-DELUXE
>>>>>>>>>
>>>>>>>>> Signed-off-by: Yang Shi <yang.shi@linaro.org>
>>>>>>>>
>>>>>>>> I didn't read code code in detail to see how page_ext memory space
>>>>>>>> allocated in boot code and memory hotplug but to me, it's not good
>>>>>>>> to check NULL whenever we calls lookup_page_ext.
>>>>>>>>
>>>>>>>> More dangerous thing is now page_ext is used by optionable feature(ie, not
>>>>>>>> critical for system stability) but if we want to use page_ext as
>>>>>>>> another important tool for the system in future,
>>>>>>>> it could be a serious problem.
>>>>
>>>> Hello, Minchan.
>>>
>>> Hi Joonsoo,
>>>
>>>>
>>>> I wonder how pages that isn't managed by kernel yet will cause serious
>>>> problem. Until onlining, these pages are out of our scope. Any
>>>> information about them would be useless until it is actually
>>>> activated. I guess that returning NULL for those pages will not hurt
>>>> any functionality. Do you have any possible scenario that this causes the
>>>> serious problem?
>>>
>>> I don't have any specific usecase now. That's why I said "in future".
>>> And I don't want to argue whether there is possible scenario or not
>>> to make the feature useful but if you want, I should write novel.
>>> One of example, pop up my mind, xen, hv and even memory_hotplug itself
>>> might want to use page_ext for their functionality extension to hook
>>> guest pages.
>>
>> There is no detail so I can't guess how to use it and how it causes
>> the serious problem. But, we can do it when it is really needed.
>>
>>>
>>> My opinion is that page_ext is extension of struct page so it would
>>> be better to allow any operation on struct page without any limitation
>>> if we can do it. Whether it's useful or useless depend on random
>>> usecase and we don't need to limit that way from the beginning.
>>
>> If there is no drawback, it would be a better design. But, we have
>> trade-off that for some case that the memory is added but not
>> onlined, there is memory saving if we allocate page_ext later.
>> So, in current situation that there is no user to require such
>> guarantee, I don't think it's worth doing right now.
>>
>>> However, current design allows deferred page_ext population so any user
>>> of page_ext should keep it in mind and should either make fallback plan
>>> or don't use page_ext for those cases. If we decide go this way through
>>> discussion, at least, we should make such limitation more clear to
>>> somewhere in this chance, maybe around page_ext_operation->need comment.
>>
>> Agreed.
>
> Okay, We realized from this discussion that by design, guest of page_ext
> at the meoment should know his page_ext access from the page can be failed
> so every caller should prepare for it.
>
> Shi, Yang, Please include some comment about that in your patch to
> prevent further reviewer waste his time with repeating same discussion
> and client of page_ext can know the limitation.
>
>>
>>> My comment's point is that we should consider that way at least. It's
>>> worth to discuss pros and cons, what's the best and what makes that way
>>> hesitate if we can't.
>>
>> Yes, your suggestion would be good for future direction, but, for now,
>> I think that inserting NULL to all callers is right fix.
>>
>> 1) Current design that page_ext is allocated when online is design
>> decision of page_ext to save memory as much as possible. Fixing
>> possible problem within this design decision looks good to me.
>
> Okay. Shi Yang, please include this comment in your patch, too.
There is already such comment in lookup_page_ext:
* The sanity checks the page allocator does upon freeing a
* page can reach here before the page_ext arrays are
* allocated when feeding a range of pages to the allocator
* for the first time during bootup or memory hotplug.
I will add more details, i.e. newly added but not onlined memory could
reach here too.
>
>>
>> 2) Maybe, we need to backport fixes because it would crash older
>> kernels. In this case, fix with NULL is easy to backport.
>
> Agreed.
>
> Then, Shi Yang need to mark the page as stable.
Agreed.
> Shi, Please resend your patch with hard testing and more better
> description with marking it as stable.
Will come with an incremental patch to remove CONFIG_DEBUG #ifdef and
fix the improve the comments since the comments are included by it.
Thanks,
Yang
> And I know another race problem about Shi's patch.
> I will reply to the thread.
>
>>
>>>>
>>>> And, allocation such memory space doesn't come from free. If someone
>>>> just add the memory device and don't online it, these memory will be
>>>
>>> Here goes several questions.
>>> Cced hotplug guys
>>>
>>> 1.
>>> If someone just add the memory device without onlining, kernel code
>>> can return pfn_valid == true on the offlined page?
>>
>> AFAIK, yes.
>>>
>>> 2.
>>> If so, it means memmap on offline memory is already populated somewhere.
>>> Where is the memmap allocated? part of offlined memory space or other memory?
>>
>> Other memory.
>>
>>> 3. Could we allocate page_ext in part of offline memory space so that
>>> it doesn't consume online memory.
>>>
>>>> wasted. I don't know if there is such a usecase but it's possible
>>>> scenario.
>>>
>>>>
>>>>>>>>
>>>>>>>> Can we put some hooks of page_ext into memory-hotplug so guarantee
>>>>>>>> that page_ext memory space is allocated with memmap space at the
>>>>>>>> same time? IOW, once every PFN wakers find a page is valid, page_ext
>>>>>>>> is valid, too so lookup_page_ext never returns NULL on valid page
>>>>>>>> by design.
>>>>>>>>
>>>>>>>> I hope we consider this direction, too.
>>>>>>>
>>>>>>> Yang, Could you think about this?
>>>>>>
>>>>>> Thanks a lot for the suggestion. Sorry for the late reply, I was
>>>>>> busy on preparing patches. I do agree this is a direction we should
>>>>>> look into, but I haven't got time to think about it deeper. I hope
>>>>>> Joonsoo could chime in too since he is the original author for page
>>>>>> extension.
>>>>>>
>>>>>>>
>>>>>>> Even, your patch was broken, I think.
>>>>>>> It doesn't work with !CONFIG_DEBUG_VM && !CONFIG_PAGE_POISONING because
>>>>>>> lookup_page_ext doesn't return NULL in that case.
>>>>>>
>>>>>> Actually, I think the #ifdef should be removed if lookup_page_ext()
>>>>>> is possible to return NULL. It sounds not make sense returning NULL
>>>>>> only when DEBUG_VM is enabled. It should return NULL no matter what
>>>>>> debug config is selected. If Joonsoo agrees with me I'm going to
>>>>>> come up with a patch to fix it.
>>>>
>>>> Agreed but let's wait for Minchan's response.
>>>
>>> If we goes this way, how to guarantee this race?
>>>
>>> kpageflags_read
>>> stable_page_flags
>>> page_is_idle
>>> lookup_page_ext
>>> section = __pfn_to_section(pfn)
>>> offline_pages
>>> memory_notify(MEM_OFFLINE)
>>> offline_page_ext
>>> ms->page_ext = NULL
>>> section->page_ext + pfn
>>
>> I think that it is a fundamental problem of memory hotplug.
>> There is similar race with struct page for offlined memory.
>>
>>
>>
>> kpageflags_read
>> pfn_valid
>> remove_memory
>> stable_page_flags
>> crash!
>>
>> I already reported similar race problem to memory hotplug guys but
>> didn't get any answer.
>>
>> lkml.kernel.org/r/20151221031501.GA32524@js1304-P5Q-DELUXE
>
> Who's in charge of memory-hotplug? Kame, Could you nudge him?
>
>>
>> Thanks.
^ permalink raw reply [flat|nested] 57+ messages in thread
* Re: [PATCH] mm: check the return value of lookup_page_ext for all call sites
2016-06-01 20:40 ` Shi, Yang
@ 2016-06-02 5:00 ` Minchan Kim
-1 siblings, 0 replies; 57+ messages in thread
From: Minchan Kim @ 2016-06-02 5:00 UTC (permalink / raw)
To: Shi, Yang
Cc: Joonsoo Kim, akpm, linux-kernel, linux-mm, linaro-kernel,
Tang Chen, Yasuaki Ishimatsu, Kamezawa Hiroyuki
On Wed, Jun 01, 2016 at 01:40:48PM -0700, Shi, Yang wrote:
> On 5/29/2016 11:11 PM, Minchan Kim wrote:
> >On Fri, May 27, 2016 at 11:16:41AM -0700, Shi, Yang wrote:
> >
> ><snip>
> >
> >>>
> >>>If we goes this way, how to guarantee this race?
> >>
> >>Thanks for pointing out this. It sounds reasonable. However, this
> >>should be only possible to happen on 32 bit since just 32 bit
> >>version page_is_idle() calls lookup_page_ext(), it doesn't do it on
> >>64 bit.
> >>
> >>And, such race condition should exist regardless of whether DEBUG_VM
> >>is enabled or not, right?
> >>
> >>rcu might be good enough to protect it.
> >>
> >>A quick fix may look like:
> >>
> >>diff --git a/include/linux/page_idle.h b/include/linux/page_idle.h
> >>index 8f5d4ad..bf0cd6a 100644
> >>--- a/include/linux/page_idle.h
> >>+++ b/include/linux/page_idle.h
> >>@@ -77,8 +77,12 @@ static inline bool
> >>test_and_clear_page_young(struct page *page)
> >> static inline bool page_is_idle(struct page *page)
> >> {
> >> struct page_ext *page_ext;
> >>+
> >>+ rcu_read_lock();
> >> page_ext = lookup_page_ext(page);
> >>+ rcu_read_unlock();
> >>+
> >> if (unlikely(!page_ext))
> >> return false;
> >>
> >>diff --git a/mm/page_ext.c b/mm/page_ext.c
> >>index 56b160f..94927c9 100644
> >>--- a/mm/page_ext.c
> >>+++ b/mm/page_ext.c
> >>@@ -183,7 +183,6 @@ struct page_ext *lookup_page_ext(struct page *page)
> >> {
> >> unsigned long pfn = page_to_pfn(page);
> >> struct mem_section *section = __pfn_to_section(pfn);
> >>-#if defined(CONFIG_DEBUG_VM) || defined(CONFIG_PAGE_POISONING)
> >> /*
> >> * The sanity checks the page allocator does upon freeing a
> >> * page can reach here before the page_ext arrays are
> >>@@ -195,7 +194,7 @@ struct page_ext *lookup_page_ext(struct page *page)
> >> */
> >> if (!section->page_ext)
> >> return NULL;
> >>-#endif
> >>+
> >> return section->page_ext + pfn;
> >> }
> >>
> >>@@ -279,7 +278,8 @@ static void __free_page_ext(unsigned long pfn)
> >> return;
> >> base = ms->page_ext + pfn;
> >> free_page_ext(base);
> >>- ms->page_ext = NULL;
> >>+ rcu_assign_pointer(ms->page_ext, NULL);
> >>+ synchronize_rcu();
> >
> >How does it fix the problem?
> >I cannot understand your point.
>
> Assigning NULL pointer to page_Ext will be blocked until
> rcu_read_lock critical section is done, so the lookup and writing
> operations will be serialized. And, rcu_read_lock disables preempt
> too.
I meant your rcu_read_lock in page_idle should cover test_bit op.
One more thing, you should use rcu_dereference.
As well, please cover memory onlining case I mentioned in another
thread as well as memory offlining.
Anyway, to me, every caller of page_ext should prepare lookup_page_ext
can return NULL anytime and they should use rcu_read_[un]lock, which
is not good. :(
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
^ permalink raw reply [flat|nested] 57+ messages in thread
* Re: [PATCH] mm: check the return value of lookup_page_ext for all call sites
@ 2016-06-02 5:00 ` Minchan Kim
0 siblings, 0 replies; 57+ messages in thread
From: Minchan Kim @ 2016-06-02 5:00 UTC (permalink / raw)
To: Shi, Yang
Cc: Joonsoo Kim, akpm, linux-kernel, linux-mm, linaro-kernel,
Tang Chen, Yasuaki Ishimatsu, Kamezawa Hiroyuki
On Wed, Jun 01, 2016 at 01:40:48PM -0700, Shi, Yang wrote:
> On 5/29/2016 11:11 PM, Minchan Kim wrote:
> >On Fri, May 27, 2016 at 11:16:41AM -0700, Shi, Yang wrote:
> >
> ><snip>
> >
> >>>
> >>>If we goes this way, how to guarantee this race?
> >>
> >>Thanks for pointing out this. It sounds reasonable. However, this
> >>should be only possible to happen on 32 bit since just 32 bit
> >>version page_is_idle() calls lookup_page_ext(), it doesn't do it on
> >>64 bit.
> >>
> >>And, such race condition should exist regardless of whether DEBUG_VM
> >>is enabled or not, right?
> >>
> >>rcu might be good enough to protect it.
> >>
> >>A quick fix may look like:
> >>
> >>diff --git a/include/linux/page_idle.h b/include/linux/page_idle.h
> >>index 8f5d4ad..bf0cd6a 100644
> >>--- a/include/linux/page_idle.h
> >>+++ b/include/linux/page_idle.h
> >>@@ -77,8 +77,12 @@ static inline bool
> >>test_and_clear_page_young(struct page *page)
> >> static inline bool page_is_idle(struct page *page)
> >> {
> >> struct page_ext *page_ext;
> >>+
> >>+ rcu_read_lock();
> >> page_ext = lookup_page_ext(page);
> >>+ rcu_read_unlock();
> >>+
> >> if (unlikely(!page_ext))
> >> return false;
> >>
> >>diff --git a/mm/page_ext.c b/mm/page_ext.c
> >>index 56b160f..94927c9 100644
> >>--- a/mm/page_ext.c
> >>+++ b/mm/page_ext.c
> >>@@ -183,7 +183,6 @@ struct page_ext *lookup_page_ext(struct page *page)
> >> {
> >> unsigned long pfn = page_to_pfn(page);
> >> struct mem_section *section = __pfn_to_section(pfn);
> >>-#if defined(CONFIG_DEBUG_VM) || defined(CONFIG_PAGE_POISONING)
> >> /*
> >> * The sanity checks the page allocator does upon freeing a
> >> * page can reach here before the page_ext arrays are
> >>@@ -195,7 +194,7 @@ struct page_ext *lookup_page_ext(struct page *page)
> >> */
> >> if (!section->page_ext)
> >> return NULL;
> >>-#endif
> >>+
> >> return section->page_ext + pfn;
> >> }
> >>
> >>@@ -279,7 +278,8 @@ static void __free_page_ext(unsigned long pfn)
> >> return;
> >> base = ms->page_ext + pfn;
> >> free_page_ext(base);
> >>- ms->page_ext = NULL;
> >>+ rcu_assign_pointer(ms->page_ext, NULL);
> >>+ synchronize_rcu();
> >
> >How does it fix the problem?
> >I cannot understand your point.
>
> Assigning NULL pointer to page_Ext will be blocked until
> rcu_read_lock critical section is done, so the lookup and writing
> operations will be serialized. And, rcu_read_lock disables preempt
> too.
I meant your rcu_read_lock in page_idle should cover test_bit op.
One more thing, you should use rcu_dereference.
As well, please cover memory onlining case I mentioned in another
thread as well as memory offlining.
Anyway, to me, every caller of page_ext should prepare lookup_page_ext
can return NULL anytime and they should use rcu_read_[un]lock, which
is not good. :(
^ permalink raw reply [flat|nested] 57+ messages in thread
* Re: [PATCH] mm: check the return value of lookup_page_ext for all call sites
2016-06-02 5:00 ` Minchan Kim
@ 2016-06-02 23:15 ` Shi, Yang
-1 siblings, 0 replies; 57+ messages in thread
From: Shi, Yang @ 2016-06-02 23:15 UTC (permalink / raw)
To: Minchan Kim
Cc: Joonsoo Kim, akpm, linux-kernel, linux-mm, linaro-kernel,
Tang Chen, Yasuaki Ishimatsu, Kamezawa Hiroyuki
On 6/1/2016 10:00 PM, Minchan Kim wrote:
> On Wed, Jun 01, 2016 at 01:40:48PM -0700, Shi, Yang wrote:
>> On 5/29/2016 11:11 PM, Minchan Kim wrote:
>>> On Fri, May 27, 2016 at 11:16:41AM -0700, Shi, Yang wrote:
>>>
>>> <snip>
>>>
>>>>>
>>>>> If we goes this way, how to guarantee this race?
>>>>
>>>> Thanks for pointing out this. It sounds reasonable. However, this
>>>> should be only possible to happen on 32 bit since just 32 bit
>>>> version page_is_idle() calls lookup_page_ext(), it doesn't do it on
>>>> 64 bit.
>>>>
>>>> And, such race condition should exist regardless of whether DEBUG_VM
>>>> is enabled or not, right?
>>>>
>>>> rcu might be good enough to protect it.
>>>>
>>>> A quick fix may look like:
>>>>
>>>> diff --git a/include/linux/page_idle.h b/include/linux/page_idle.h
>>>> index 8f5d4ad..bf0cd6a 100644
>>>> --- a/include/linux/page_idle.h
>>>> +++ b/include/linux/page_idle.h
>>>> @@ -77,8 +77,12 @@ static inline bool
>>>> test_and_clear_page_young(struct page *page)
>>>> static inline bool page_is_idle(struct page *page)
>>>> {
>>>> struct page_ext *page_ext;
>>>> +
>>>> + rcu_read_lock();
>>>> page_ext = lookup_page_ext(page);
>>>> + rcu_read_unlock();
>>>> +
>>>> if (unlikely(!page_ext))
>>>> return false;
>>>>
>>>> diff --git a/mm/page_ext.c b/mm/page_ext.c
>>>> index 56b160f..94927c9 100644
>>>> --- a/mm/page_ext.c
>>>> +++ b/mm/page_ext.c
>>>> @@ -183,7 +183,6 @@ struct page_ext *lookup_page_ext(struct page *page)
>>>> {
>>>> unsigned long pfn = page_to_pfn(page);
>>>> struct mem_section *section = __pfn_to_section(pfn);
>>>> -#if defined(CONFIG_DEBUG_VM) || defined(CONFIG_PAGE_POISONING)
>>>> /*
>>>> * The sanity checks the page allocator does upon freeing a
>>>> * page can reach here before the page_ext arrays are
>>>> @@ -195,7 +194,7 @@ struct page_ext *lookup_page_ext(struct page *page)
>>>> */
>>>> if (!section->page_ext)
>>>> return NULL;
>>>> -#endif
>>>> +
>>>> return section->page_ext + pfn;
>>>> }
>>>>
>>>> @@ -279,7 +278,8 @@ static void __free_page_ext(unsigned long pfn)
>>>> return;
>>>> base = ms->page_ext + pfn;
>>>> free_page_ext(base);
>>>> - ms->page_ext = NULL;
>>>> + rcu_assign_pointer(ms->page_ext, NULL);
>>>> + synchronize_rcu();
>>>
>>> How does it fix the problem?
>>> I cannot understand your point.
>>
>> Assigning NULL pointer to page_Ext will be blocked until
>> rcu_read_lock critical section is done, so the lookup and writing
>> operations will be serialized. And, rcu_read_lock disables preempt
>> too.
>
> I meant your rcu_read_lock in page_idle should cover test_bit op.
Yes, definitely. Thanks for catching it.
> One more thing, you should use rcu_dereference.
I will check which one is the best since I saw some use rcu_assign_pointer.
>
> As well, please cover memory onlining case I mentioned in another
> thread as well as memory offlining.
I will look into it too.
Thanks,
Yang
>
> Anyway, to me, every caller of page_ext should prepare lookup_page_ext
> can return NULL anytime and they should use rcu_read_[un]lock, which
> is not good. :(
>
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
^ permalink raw reply [flat|nested] 57+ messages in thread
* Re: [PATCH] mm: check the return value of lookup_page_ext for all call sites
@ 2016-06-02 23:15 ` Shi, Yang
0 siblings, 0 replies; 57+ messages in thread
From: Shi, Yang @ 2016-06-02 23:15 UTC (permalink / raw)
To: Minchan Kim
Cc: Joonsoo Kim, akpm, linux-kernel, linux-mm, linaro-kernel,
Tang Chen, Yasuaki Ishimatsu, Kamezawa Hiroyuki
On 6/1/2016 10:00 PM, Minchan Kim wrote:
> On Wed, Jun 01, 2016 at 01:40:48PM -0700, Shi, Yang wrote:
>> On 5/29/2016 11:11 PM, Minchan Kim wrote:
>>> On Fri, May 27, 2016 at 11:16:41AM -0700, Shi, Yang wrote:
>>>
>>> <snip>
>>>
>>>>>
>>>>> If we goes this way, how to guarantee this race?
>>>>
>>>> Thanks for pointing out this. It sounds reasonable. However, this
>>>> should be only possible to happen on 32 bit since just 32 bit
>>>> version page_is_idle() calls lookup_page_ext(), it doesn't do it on
>>>> 64 bit.
>>>>
>>>> And, such race condition should exist regardless of whether DEBUG_VM
>>>> is enabled or not, right?
>>>>
>>>> rcu might be good enough to protect it.
>>>>
>>>> A quick fix may look like:
>>>>
>>>> diff --git a/include/linux/page_idle.h b/include/linux/page_idle.h
>>>> index 8f5d4ad..bf0cd6a 100644
>>>> --- a/include/linux/page_idle.h
>>>> +++ b/include/linux/page_idle.h
>>>> @@ -77,8 +77,12 @@ static inline bool
>>>> test_and_clear_page_young(struct page *page)
>>>> static inline bool page_is_idle(struct page *page)
>>>> {
>>>> struct page_ext *page_ext;
>>>> +
>>>> + rcu_read_lock();
>>>> page_ext = lookup_page_ext(page);
>>>> + rcu_read_unlock();
>>>> +
>>>> if (unlikely(!page_ext))
>>>> return false;
>>>>
>>>> diff --git a/mm/page_ext.c b/mm/page_ext.c
>>>> index 56b160f..94927c9 100644
>>>> --- a/mm/page_ext.c
>>>> +++ b/mm/page_ext.c
>>>> @@ -183,7 +183,6 @@ struct page_ext *lookup_page_ext(struct page *page)
>>>> {
>>>> unsigned long pfn = page_to_pfn(page);
>>>> struct mem_section *section = __pfn_to_section(pfn);
>>>> -#if defined(CONFIG_DEBUG_VM) || defined(CONFIG_PAGE_POISONING)
>>>> /*
>>>> * The sanity checks the page allocator does upon freeing a
>>>> * page can reach here before the page_ext arrays are
>>>> @@ -195,7 +194,7 @@ struct page_ext *lookup_page_ext(struct page *page)
>>>> */
>>>> if (!section->page_ext)
>>>> return NULL;
>>>> -#endif
>>>> +
>>>> return section->page_ext + pfn;
>>>> }
>>>>
>>>> @@ -279,7 +278,8 @@ static void __free_page_ext(unsigned long pfn)
>>>> return;
>>>> base = ms->page_ext + pfn;
>>>> free_page_ext(base);
>>>> - ms->page_ext = NULL;
>>>> + rcu_assign_pointer(ms->page_ext, NULL);
>>>> + synchronize_rcu();
>>>
>>> How does it fix the problem?
>>> I cannot understand your point.
>>
>> Assigning NULL pointer to page_Ext will be blocked until
>> rcu_read_lock critical section is done, so the lookup and writing
>> operations will be serialized. And, rcu_read_lock disables preempt
>> too.
>
> I meant your rcu_read_lock in page_idle should cover test_bit op.
Yes, definitely. Thanks for catching it.
> One more thing, you should use rcu_dereference.
I will check which one is the best since I saw some use rcu_assign_pointer.
>
> As well, please cover memory onlining case I mentioned in another
> thread as well as memory offlining.
I will look into it too.
Thanks,
Yang
>
> Anyway, to me, every caller of page_ext should prepare lookup_page_ext
> can return NULL anytime and they should use rcu_read_[un]lock, which
> is not good. :(
>
^ permalink raw reply [flat|nested] 57+ messages in thread
* FAILED: patch "[PATCH] mm/page_ext.c: check if page_ext is not prepared" failed to apply to 4.4-stable tree
@ 2017-11-22 8:37 gregkh
2017-11-22 9:47 ` Michal Hocko
2017-11-22 12:09 ` [PATCH stable-4.4 1/2] mm: check the return value of lookup_page_ext for all call sites Michal Hocko
0 siblings, 2 replies; 57+ messages in thread
From: gregkh @ 2017-11-22 8:37 UTC (permalink / raw)
To: jaewon31.kim, akpm, js1304, mhocko, minchan, stable, torvalds,
vbabka
Cc: stable
The patch below does not apply to the 4.4-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable@vger.kernel.org>.
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
>From e492080e640c2d1235ddf3441cae634cfffef7e1 Mon Sep 17 00:00:00 2001
From: Jaewon Kim <jaewon31.kim@samsung.com>
Date: Wed, 15 Nov 2017 17:39:07 -0800
Subject: [PATCH] mm/page_ext.c: check if page_ext is not prepared
online_page_ext() and page_ext_init() allocate page_ext for each
section, but they do not allocate if the first PFN is !pfn_present(pfn)
or !pfn_valid(pfn). Then section->page_ext remains as NULL.
lookup_page_ext checks NULL only if CONFIG_DEBUG_VM is enabled. For a
valid PFN, __set_page_owner will try to get page_ext through
lookup_page_ext. Without CONFIG_DEBUG_VM lookup_page_ext will misuse
NULL pointer as value 0. This incurrs invalid address access.
This is the panic example when PFN 0x100000 is not valid but PFN
0x13FC00 is being used for page_ext. section->page_ext is NULL,
get_entry returned invalid page_ext address as 0x1DFA000 for a PFN
0x13FC00.
To avoid this panic, CONFIG_DEBUG_VM should be removed so that page_ext
will be checked at all times.
Unable to handle kernel paging request at virtual address 01dfa014
------------[ cut here ]------------
Kernel BUG at ffffff80082371e0 [verbose debug info unavailable]
Internal error: Oops: 96000045 [#1] PREEMPT SMP
Modules linked in:
PC is at __set_page_owner+0x48/0x78
LR is at __set_page_owner+0x44/0x78
__set_page_owner+0x48/0x78
get_page_from_freelist+0x880/0x8e8
__alloc_pages_nodemask+0x14c/0xc48
__do_page_cache_readahead+0xdc/0x264
filemap_fault+0x2ac/0x550
ext4_filemap_fault+0x3c/0x58
__do_fault+0x80/0x120
handle_mm_fault+0x704/0xbb0
do_page_fault+0x2e8/0x394
do_mem_abort+0x88/0x124
Pre-4.7 kernels also need commit f86e4271978b ("mm: check the return
value of lookup_page_ext for all call sites").
Link: http://lkml.kernel.org/r/20171107094131.14621-1-jaewon31.kim@samsung.com
Fixes: eefa864b701d ("mm/page_ext: resurrect struct page extending code for debugging")
Signed-off-by: Jaewon Kim <jaewon31.kim@samsung.com>
Acked-by: Michal Hocko <mhocko@suse.com>
Cc: Vlastimil Babka <vbabka@suse.cz>
Cc: Minchan Kim <minchan@kernel.org>
Cc: Joonsoo Kim <js1304@gmail.com>
Cc: <stable@vger.kernel.org> [depends on f86e427197, see above]
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
diff --git a/mm/page_ext.c b/mm/page_ext.c
index 4f0367d472c4..2c16216c29b6 100644
--- a/mm/page_ext.c
+++ b/mm/page_ext.c
@@ -125,7 +125,6 @@ struct page_ext *lookup_page_ext(struct page *page)
struct page_ext *base;
base = NODE_DATA(page_to_nid(page))->node_page_ext;
-#if defined(CONFIG_DEBUG_VM)
/*
* The sanity checks the page allocator does upon freeing a
* page can reach here before the page_ext arrays are
@@ -134,7 +133,6 @@ struct page_ext *lookup_page_ext(struct page *page)
*/
if (unlikely(!base))
return NULL;
-#endif
index = pfn - round_down(node_start_pfn(page_to_nid(page)),
MAX_ORDER_NR_PAGES);
return get_entry(base, index);
@@ -199,7 +197,6 @@ struct page_ext *lookup_page_ext(struct page *page)
{
unsigned long pfn = page_to_pfn(page);
struct mem_section *section = __pfn_to_section(pfn);
-#if defined(CONFIG_DEBUG_VM)
/*
* The sanity checks the page allocator does upon freeing a
* page can reach here before the page_ext arrays are
@@ -208,7 +205,6 @@ struct page_ext *lookup_page_ext(struct page *page)
*/
if (!section->page_ext)
return NULL;
-#endif
return get_entry(section->page_ext, pfn);
}
^ permalink raw reply related [flat|nested] 57+ messages in thread
* Re: FAILED: patch "[PATCH] mm/page_ext.c: check if page_ext is not prepared" failed to apply to 4.4-stable tree
2017-11-22 8:37 FAILED: patch "[PATCH] mm/page_ext.c: check if page_ext is not prepared" failed to apply to 4.4-stable tree gregkh
@ 2017-11-22 9:47 ` Michal Hocko
2017-11-22 9:54 ` Greg KH
2017-11-22 12:09 ` [PATCH stable-4.4 1/2] mm: check the return value of lookup_page_ext for all call sites Michal Hocko
1 sibling, 1 reply; 57+ messages in thread
From: Michal Hocko @ 2017-11-22 9:47 UTC (permalink / raw)
To: gregkh; +Cc: jaewon31.kim, akpm, js1304, minchan, stable, torvalds, vbabka
Greg,
the patch is clear about its dependecy for pre-4.7 kernels. I do not see
f86e4271978b queued for the stable tree though. Is it just me not seeing
it or your automation doesn't check for such dependencies?
On Wed 22-11-17 09:37:57, Greg KH wrote:
> >From e492080e640c2d1235ddf3441cae634cfffef7e1 Mon Sep 17 00:00:00 2001
> From: Jaewon Kim <jaewon31.kim@samsung.com>
> Date: Wed, 15 Nov 2017 17:39:07 -0800
> Subject: [PATCH] mm/page_ext.c: check if page_ext is not prepared
>
> online_page_ext() and page_ext_init() allocate page_ext for each
> section, but they do not allocate if the first PFN is !pfn_present(pfn)
> or !pfn_valid(pfn). Then section->page_ext remains as NULL.
> lookup_page_ext checks NULL only if CONFIG_DEBUG_VM is enabled. For a
> valid PFN, __set_page_owner will try to get page_ext through
> lookup_page_ext. Without CONFIG_DEBUG_VM lookup_page_ext will misuse
> NULL pointer as value 0. This incurrs invalid address access.
>
> This is the panic example when PFN 0x100000 is not valid but PFN
> 0x13FC00 is being used for page_ext. section->page_ext is NULL,
> get_entry returned invalid page_ext address as 0x1DFA000 for a PFN
> 0x13FC00.
>
> To avoid this panic, CONFIG_DEBUG_VM should be removed so that page_ext
> will be checked at all times.
>
> Unable to handle kernel paging request at virtual address 01dfa014
> ------------[ cut here ]------------
> Kernel BUG at ffffff80082371e0 [verbose debug info unavailable]
> Internal error: Oops: 96000045 [#1] PREEMPT SMP
> Modules linked in:
> PC is at __set_page_owner+0x48/0x78
> LR is at __set_page_owner+0x44/0x78
> __set_page_owner+0x48/0x78
> get_page_from_freelist+0x880/0x8e8
> __alloc_pages_nodemask+0x14c/0xc48
> __do_page_cache_readahead+0xdc/0x264
> filemap_fault+0x2ac/0x550
> ext4_filemap_fault+0x3c/0x58
> __do_fault+0x80/0x120
> handle_mm_fault+0x704/0xbb0
> do_page_fault+0x2e8/0x394
> do_mem_abort+0x88/0x124
>
> Pre-4.7 kernels also need commit f86e4271978b ("mm: check the return
> value of lookup_page_ext for all call sites").
>
> Link: http://lkml.kernel.org/r/20171107094131.14621-1-jaewon31.kim@samsung.com
> Fixes: eefa864b701d ("mm/page_ext: resurrect struct page extending code for debugging")
> Signed-off-by: Jaewon Kim <jaewon31.kim@samsung.com>
> Acked-by: Michal Hocko <mhocko@suse.com>
> Cc: Vlastimil Babka <vbabka@suse.cz>
> Cc: Minchan Kim <minchan@kernel.org>
> Cc: Joonsoo Kim <js1304@gmail.com>
> Cc: <stable@vger.kernel.org> [depends on f86e427197, see above]
> Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
>
> diff --git a/mm/page_ext.c b/mm/page_ext.c
> index 4f0367d472c4..2c16216c29b6 100644
> --- a/mm/page_ext.c
> +++ b/mm/page_ext.c
> @@ -125,7 +125,6 @@ struct page_ext *lookup_page_ext(struct page *page)
> struct page_ext *base;
>
> base = NODE_DATA(page_to_nid(page))->node_page_ext;
> -#if defined(CONFIG_DEBUG_VM)
> /*
> * The sanity checks the page allocator does upon freeing a
> * page can reach here before the page_ext arrays are
> @@ -134,7 +133,6 @@ struct page_ext *lookup_page_ext(struct page *page)
> */
> if (unlikely(!base))
> return NULL;
> -#endif
> index = pfn - round_down(node_start_pfn(page_to_nid(page)),
> MAX_ORDER_NR_PAGES);
> return get_entry(base, index);
> @@ -199,7 +197,6 @@ struct page_ext *lookup_page_ext(struct page *page)
> {
> unsigned long pfn = page_to_pfn(page);
> struct mem_section *section = __pfn_to_section(pfn);
> -#if defined(CONFIG_DEBUG_VM)
> /*
> * The sanity checks the page allocator does upon freeing a
> * page can reach here before the page_ext arrays are
> @@ -208,7 +205,6 @@ struct page_ext *lookup_page_ext(struct page *page)
> */
> if (!section->page_ext)
> return NULL;
> -#endif
> return get_entry(section->page_ext, pfn);
> }
>
>
--
Michal Hocko
SUSE Labs
^ permalink raw reply [flat|nested] 57+ messages in thread
* Re: FAILED: patch "[PATCH] mm/page_ext.c: check if page_ext is not prepared" failed to apply to 4.4-stable tree
2017-11-22 9:47 ` Michal Hocko
@ 2017-11-22 9:54 ` Greg KH
2017-11-22 12:08 ` Michal Hocko
0 siblings, 1 reply; 57+ messages in thread
From: Greg KH @ 2017-11-22 9:54 UTC (permalink / raw)
To: Michal Hocko
Cc: jaewon31.kim, akpm, js1304, minchan, stable, torvalds, vbabka
On Wed, Nov 22, 2017 at 10:47:57AM +0100, Michal Hocko wrote:
> Greg,
> the patch is clear about its dependecy for pre-4.7 kernels. I do not see
> f86e4271978b queued for the stable tree though. Is it just me not seeing
> it or your automation doesn't check for such dependencies?
Yes, I tried to apply the dependency, but that too failed, so I gave a
"FAILED" email response for that patch, as well as this one so that
people can help me out :)
thanks,
greg k-h
^ permalink raw reply [flat|nested] 57+ messages in thread
* Re: FAILED: patch "[PATCH] mm/page_ext.c: check if page_ext is not prepared" failed to apply to 4.4-stable tree
2017-11-22 9:54 ` Greg KH
@ 2017-11-22 12:08 ` Michal Hocko
0 siblings, 0 replies; 57+ messages in thread
From: Michal Hocko @ 2017-11-22 12:08 UTC (permalink / raw)
To: Greg KH; +Cc: jaewon31.kim, akpm, js1304, minchan, stable, torvalds, vbabka
On Wed 22-11-17 10:54:49, Greg KH wrote:
> On Wed, Nov 22, 2017 at 10:47:57AM +0100, Michal Hocko wrote:
> > Greg,
> > the patch is clear about its dependecy for pre-4.7 kernels. I do not see
> > f86e4271978b queued for the stable tree though. Is it just me not seeing
> > it or your automation doesn't check for such dependencies?
>
> Yes, I tried to apply the dependency, but that too failed, so I gave a
> "FAILED" email response for that patch, as well as this one so that
> people can help me out :)
Ahh, OK, I didn't see that one as it didn't land neither in lkml nor in
my inbox. Anyway, I will send both patches as a reply to your original
email.
--
Michal Hocko
SUSE Labs
^ permalink raw reply [flat|nested] 57+ messages in thread
* [PATCH stable-4.4 1/2] mm: check the return value of lookup_page_ext for all call sites
2017-11-22 8:37 FAILED: patch "[PATCH] mm/page_ext.c: check if page_ext is not prepared" failed to apply to 4.4-stable tree gregkh
2017-11-22 9:47 ` Michal Hocko
@ 2017-11-22 12:09 ` Michal Hocko
2017-11-22 12:09 ` [PATCH stable-4.4 2/2] mm/page_ext.c: check if page_ext is not prepared Michal Hocko
` (3 more replies)
1 sibling, 4 replies; 57+ messages in thread
From: Michal Hocko @ 2017-11-22 12:09 UTC (permalink / raw)
To: Greg KH
Cc: jaewon31.kim, akpm, js1304, mhocko, minchan, stable, torvalds,
Yang Shi, Arnd Bergmann, Joonsoo Kim
From: Yang Shi <yang.shi@linaro.org>
commit f86e4271978bd93db466d6a95dad4b0fdcdb04f6 upstream.
Per the discussion with Joonsoo Kim [1], we need check the return value
of lookup_page_ext() for all call sites since it might return NULL in
some cases, although it is unlikely, i.e. memory hotplug.
Tested with ltp with "page_owner=0".
[1] http://lkml.kernel.org/r/20160519002809.GA10245@js1304-P5Q-DELUXE
[akpm@linux-foundation.org: fix build-breaking typos]
[arnd@arndb.de: fix build problems from lookup_page_ext]
Link: http://lkml.kernel.org/r/6285269.2CksypHdYp@wuerfel
[akpm@linux-foundation.org: coding-style fixes]
Link: http://lkml.kernel.org/r/1464023768-31025-1-git-send-email-yang.shi@linaro.org
Signed-off-by: Yang Shi <yang.shi@linaro.org>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Michal Hocko <mhocko@suse.com>
---
include/linux/page_idle.h | 43 ++++++++++++++++++++++++++++++++++++-------
mm/debug-pagealloc.c | 6 ++++++
mm/page_alloc.c | 6 ++++++
mm/page_owner.c | 16 ++++++++++++++++
mm/vmstat.c | 2 ++
5 files changed, 66 insertions(+), 7 deletions(-)
diff --git a/include/linux/page_idle.h b/include/linux/page_idle.h
index bf268fa92c5b..fec40271339f 100644
--- a/include/linux/page_idle.h
+++ b/include/linux/page_idle.h
@@ -46,33 +46,62 @@ extern struct page_ext_operations page_idle_ops;
static inline bool page_is_young(struct page *page)
{
- return test_bit(PAGE_EXT_YOUNG, &lookup_page_ext(page)->flags);
+ struct page_ext *page_ext = lookup_page_ext(page);
+
+ if (unlikely(!page_ext))
+ return false;
+
+ return test_bit(PAGE_EXT_YOUNG, &page_ext->flags);
}
static inline void set_page_young(struct page *page)
{
- set_bit(PAGE_EXT_YOUNG, &lookup_page_ext(page)->flags);
+ struct page_ext *page_ext = lookup_page_ext(page);
+
+ if (unlikely(!page_ext))
+ return;
+
+ set_bit(PAGE_EXT_YOUNG, &page_ext->flags);
}
static inline bool test_and_clear_page_young(struct page *page)
{
- return test_and_clear_bit(PAGE_EXT_YOUNG,
- &lookup_page_ext(page)->flags);
+ struct page_ext *page_ext = lookup_page_ext(page);
+
+ if (unlikely(!page_ext))
+ return false;
+
+ return test_and_clear_bit(PAGE_EXT_YOUNG, &page_ext->flags);
}
static inline bool page_is_idle(struct page *page)
{
- return test_bit(PAGE_EXT_IDLE, &lookup_page_ext(page)->flags);
+ struct page_ext *page_ext = lookup_page_ext(page);
+
+ if (unlikely(!page_ext))
+ return false;
+
+ return test_bit(PAGE_EXT_IDLE, &page_ext->flags);
}
static inline void set_page_idle(struct page *page)
{
- set_bit(PAGE_EXT_IDLE, &lookup_page_ext(page)->flags);
+ struct page_ext *page_ext = lookup_page_ext(page);
+
+ if (unlikely(!page_ext))
+ return;
+
+ set_bit(PAGE_EXT_IDLE, &page_ext->flags);
}
static inline void clear_page_idle(struct page *page)
{
- clear_bit(PAGE_EXT_IDLE, &lookup_page_ext(page)->flags);
+ struct page_ext *page_ext = lookup_page_ext(page);
+
+ if (unlikely(!page_ext))
+ return;
+
+ clear_bit(PAGE_EXT_IDLE, &page_ext->flags);
}
#endif /* CONFIG_64BIT */
diff --git a/mm/debug-pagealloc.c b/mm/debug-pagealloc.c
index 5bf5906ce13b..fe1c61f7cf26 100644
--- a/mm/debug-pagealloc.c
+++ b/mm/debug-pagealloc.c
@@ -34,6 +34,8 @@ static inline void set_page_poison(struct page *page)
struct page_ext *page_ext;
page_ext = lookup_page_ext(page);
+ if (page_ext)
+ return;
__set_bit(PAGE_EXT_DEBUG_POISON, &page_ext->flags);
}
@@ -42,6 +44,8 @@ static inline void clear_page_poison(struct page *page)
struct page_ext *page_ext;
page_ext = lookup_page_ext(page);
+ if (page_ext)
+ return;
__clear_bit(PAGE_EXT_DEBUG_POISON, &page_ext->flags);
}
@@ -50,6 +54,8 @@ static inline bool page_poison(struct page *page)
struct page_ext *page_ext;
page_ext = lookup_page_ext(page);
+ if (page_ext)
+ return false;
return test_bit(PAGE_EXT_DEBUG_POISON, &page_ext->flags);
}
diff --git a/mm/page_alloc.c b/mm/page_alloc.c
index 6b5421ae86c6..38aca81deeaf 100644
--- a/mm/page_alloc.c
+++ b/mm/page_alloc.c
@@ -560,6 +560,9 @@ static inline void set_page_guard(struct zone *zone, struct page *page,
return;
page_ext = lookup_page_ext(page);
+ if (unlikely(!page_ext))
+ return;
+
__set_bit(PAGE_EXT_DEBUG_GUARD, &page_ext->flags);
INIT_LIST_HEAD(&page->lru);
@@ -577,6 +580,9 @@ static inline void clear_page_guard(struct zone *zone, struct page *page,
return;
page_ext = lookup_page_ext(page);
+ if (unlikely(!page_ext))
+ return;
+
__clear_bit(PAGE_EXT_DEBUG_GUARD, &page_ext->flags);
set_page_private(page, 0);
diff --git a/mm/page_owner.c b/mm/page_owner.c
index 983c3a10fa07..dd6b9cebf981 100644
--- a/mm/page_owner.c
+++ b/mm/page_owner.c
@@ -53,6 +53,8 @@ void __reset_page_owner(struct page *page, unsigned int order)
for (i = 0; i < (1 << order); i++) {
page_ext = lookup_page_ext(page + i);
+ if (unlikely(!page_ext))
+ continue;
__clear_bit(PAGE_EXT_OWNER, &page_ext->flags);
}
}
@@ -60,6 +62,7 @@ void __reset_page_owner(struct page *page, unsigned int order)
void __set_page_owner(struct page *page, unsigned int order, gfp_t gfp_mask)
{
struct page_ext *page_ext = lookup_page_ext(page);
+
struct stack_trace trace = {
.nr_entries = 0,
.max_entries = ARRAY_SIZE(page_ext->trace_entries),
@@ -67,6 +70,9 @@ void __set_page_owner(struct page *page, unsigned int order, gfp_t gfp_mask)
.skip = 3,
};
+ if (unlikely(!page_ext))
+ return;
+
save_stack_trace(&trace);
page_ext->order = order;
@@ -79,6 +85,12 @@ void __set_page_owner(struct page *page, unsigned int order, gfp_t gfp_mask)
gfp_t __get_page_owner_gfp(struct page *page)
{
struct page_ext *page_ext = lookup_page_ext(page);
+ if (unlikely(!page_ext))
+ /*
+ * The caller just returns 0 if no valid gfp
+ * So return 0 here too.
+ */
+ return 0;
return page_ext->gfp_mask;
}
@@ -194,6 +206,8 @@ read_page_owner(struct file *file, char __user *buf, size_t count, loff_t *ppos)
}
page_ext = lookup_page_ext(page);
+ if (unlikely(!page_ext))
+ continue;
/*
* Some pages could be missed by concurrent allocation or free,
@@ -257,6 +271,8 @@ static void init_pages_in_zone(pg_data_t *pgdat, struct zone *zone)
continue;
page_ext = lookup_page_ext(page);
+ if (unlikely(!page_ext))
+ continue;
/* Maybe overraping zone */
if (test_bit(PAGE_EXT_OWNER, &page_ext->flags))
diff --git a/mm/vmstat.c b/mm/vmstat.c
index c54fd2924f25..c344e3609c53 100644
--- a/mm/vmstat.c
+++ b/mm/vmstat.c
@@ -1091,6 +1091,8 @@ static void pagetypeinfo_showmixedcount_print(struct seq_file *m,
continue;
page_ext = lookup_page_ext(page);
+ if (unlikely(!page_ext))
+ continue;
if (!test_bit(PAGE_EXT_OWNER, &page_ext->flags))
continue;
--
2.15.0
^ permalink raw reply related [flat|nested] 57+ messages in thread
* [PATCH stable-4.4 2/2] mm/page_ext.c: check if page_ext is not prepared
2017-11-22 12:09 ` [PATCH stable-4.4 1/2] mm: check the return value of lookup_page_ext for all call sites Michal Hocko
@ 2017-11-22 12:09 ` Michal Hocko
2017-11-22 14:04 ` [PATCH stable-4.4 1/2] mm: check the return value of lookup_page_ext for all call sites Greg KH
` (2 subsequent siblings)
3 siblings, 0 replies; 57+ messages in thread
From: Michal Hocko @ 2017-11-22 12:09 UTC (permalink / raw)
To: Greg KH
Cc: jaewon31.kim, akpm, js1304, mhocko, minchan, stable, torvalds,
Vlastimil Babka
From: Jaewon Kim <jaewon31.kim@samsung.com>
commit e492080e640c2d1235ddf3441cae634cfffef7e1 upstream.
online_page_ext() and page_ext_init() allocate page_ext for each
section, but they do not allocate if the first PFN is !pfn_present(pfn)
or !pfn_valid(pfn). Then section->page_ext remains as NULL.
lookup_page_ext checks NULL only if CONFIG_DEBUG_VM is enabled. For a
valid PFN, __set_page_owner will try to get page_ext through
lookup_page_ext. Without CONFIG_DEBUG_VM lookup_page_ext will misuse
NULL pointer as value 0. This incurrs invalid address access.
This is the panic example when PFN 0x100000 is not valid but PFN
0x13FC00 is being used for page_ext. section->page_ext is NULL,
get_entry returned invalid page_ext address as 0x1DFA000 for a PFN
0x13FC00.
To avoid this panic, CONFIG_DEBUG_VM should be removed so that page_ext
will be checked at all times.
Unable to handle kernel paging request at virtual address 01dfa014
------------[ cut here ]------------
Kernel BUG at ffffff80082371e0 [verbose debug info unavailable]
Internal error: Oops: 96000045 [#1] PREEMPT SMP
Modules linked in:
PC is at __set_page_owner+0x48/0x78
LR is at __set_page_owner+0x44/0x78
__set_page_owner+0x48/0x78
get_page_from_freelist+0x880/0x8e8
__alloc_pages_nodemask+0x14c/0xc48
__do_page_cache_readahead+0xdc/0x264
filemap_fault+0x2ac/0x550
ext4_filemap_fault+0x3c/0x58
__do_fault+0x80/0x120
handle_mm_fault+0x704/0xbb0
do_page_fault+0x2e8/0x394
do_mem_abort+0x88/0x124
Pre-4.7 kernels also need commit f86e4271978b ("mm: check the return
value of lookup_page_ext for all call sites").
Link: http://lkml.kernel.org/r/20171107094131.14621-1-jaewon31.kim@samsung.com
Fixes: eefa864b701d ("mm/page_ext: resurrect struct page extending code for debugging")
Signed-off-by: Jaewon Kim <jaewon31.kim@samsung.com>
Acked-by: Michal Hocko <mhocko@suse.com>
Cc: Vlastimil Babka <vbabka@suse.cz>
Cc: Minchan Kim <minchan@kernel.org>
Cc: Joonsoo Kim <js1304@gmail.com>
Cc: <stable@vger.kernel.org> [depends on f86e427197, see above]
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Michal Hocko <mhocko@suse.com>
---
mm/page_ext.c | 4 ----
1 file changed, 4 deletions(-)
diff --git a/mm/page_ext.c b/mm/page_ext.c
index 292ca7b8debd..4d1eac0d4fc5 100644
--- a/mm/page_ext.c
+++ b/mm/page_ext.c
@@ -106,7 +106,6 @@ struct page_ext *lookup_page_ext(struct page *page)
struct page_ext *base;
base = NODE_DATA(page_to_nid(page))->node_page_ext;
-#ifdef CONFIG_DEBUG_VM
/*
* The sanity checks the page allocator does upon freeing a
* page can reach here before the page_ext arrays are
@@ -115,7 +114,6 @@ struct page_ext *lookup_page_ext(struct page *page)
*/
if (unlikely(!base))
return NULL;
-#endif
offset = pfn - round_down(node_start_pfn(page_to_nid(page)),
MAX_ORDER_NR_PAGES);
return base + offset;
@@ -180,7 +178,6 @@ struct page_ext *lookup_page_ext(struct page *page)
{
unsigned long pfn = page_to_pfn(page);
struct mem_section *section = __pfn_to_section(pfn);
-#ifdef CONFIG_DEBUG_VM
/*
* The sanity checks the page allocator does upon freeing a
* page can reach here before the page_ext arrays are
@@ -189,7 +186,6 @@ struct page_ext *lookup_page_ext(struct page *page)
*/
if (!section->page_ext)
return NULL;
-#endif
return section->page_ext + pfn;
}
--
2.15.0
^ permalink raw reply related [flat|nested] 57+ messages in thread
* Re: [PATCH stable-4.4 1/2] mm: check the return value of lookup_page_ext for all call sites
2017-11-22 12:09 ` [PATCH stable-4.4 1/2] mm: check the return value of lookup_page_ext for all call sites Michal Hocko
2017-11-22 12:09 ` [PATCH stable-4.4 2/2] mm/page_ext.c: check if page_ext is not prepared Michal Hocko
@ 2017-11-22 14:04 ` Greg KH
2017-11-24 9:17 ` Jiri Slaby
2017-12-05 16:16 ` [PATCH stable-4.4 1/2] " Ben Hutchings
3 siblings, 0 replies; 57+ messages in thread
From: Greg KH @ 2017-11-22 14:04 UTC (permalink / raw)
To: Michal Hocko
Cc: jaewon31.kim, akpm, js1304, mhocko, minchan, stable, torvalds,
Yang Shi, Arnd Bergmann, Joonsoo Kim
On Wed, Nov 22, 2017 at 01:09:36PM +0100, Michal Hocko wrote:
> From: Yang Shi <yang.shi@linaro.org>
>
> commit f86e4271978bd93db466d6a95dad4b0fdcdb04f6 upstream.
>
> Per the discussion with Joonsoo Kim [1], we need check the return value
> of lookup_page_ext() for all call sites since it might return NULL in
> some cases, although it is unlikely, i.e. memory hotplug.
>
> Tested with ltp with "page_owner=0".
>
> [1] http://lkml.kernel.org/r/20160519002809.GA10245@js1304-P5Q-DELUXE
>
> [akpm@linux-foundation.org: fix build-breaking typos]
> [arnd@arndb.de: fix build problems from lookup_page_ext]
> Link: http://lkml.kernel.org/r/6285269.2CksypHdYp@wuerfel
> [akpm@linux-foundation.org: coding-style fixes]
> Link: http://lkml.kernel.org/r/1464023768-31025-1-git-send-email-yang.shi@linaro.org
> Signed-off-by: Yang Shi <yang.shi@linaro.org>
> Signed-off-by: Arnd Bergmann <arnd@arndb.de>
> Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com>
> Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
> Signed-off-by: Michal Hocko <mhocko@suse.com>
Thanks for both of these!
greg k-h
^ permalink raw reply [flat|nested] 57+ messages in thread
* Re: [PATCH stable-4.4 1/2] mm: check the return value of lookup_page_ext for all call sites
2017-11-22 12:09 ` [PATCH stable-4.4 1/2] mm: check the return value of lookup_page_ext for all call sites Michal Hocko
2017-11-22 12:09 ` [PATCH stable-4.4 2/2] mm/page_ext.c: check if page_ext is not prepared Michal Hocko
2017-11-22 14:04 ` [PATCH stable-4.4 1/2] mm: check the return value of lookup_page_ext for all call sites Greg KH
@ 2017-11-24 9:17 ` Jiri Slaby
2017-11-24 9:28 ` Michal Hocko
2017-12-05 16:16 ` [PATCH stable-4.4 1/2] " Ben Hutchings
3 siblings, 1 reply; 57+ messages in thread
From: Jiri Slaby @ 2017-11-24 9:17 UTC (permalink / raw)
To: Michal Hocko, Greg KH
Cc: jaewon31.kim, akpm, js1304, mhocko, minchan, stable, torvalds,
Yang Shi, Arnd Bergmann, Joonsoo Kim
On 11/22/2017, 01:09 PM, Michal Hocko wrote:
> --- a/mm/debug-pagealloc.c
> +++ b/mm/debug-pagealloc.c
> @@ -34,6 +34,8 @@ static inline void set_page_poison(struct page *page)
> struct page_ext *page_ext;
>
> page_ext = lookup_page_ext(page);
> + if (page_ext)
> + return;
> __set_bit(PAGE_EXT_DEBUG_POISON, &page_ext->flags);
> }
>
> @@ -42,6 +44,8 @@ static inline void clear_page_poison(struct page *page)
> struct page_ext *page_ext;
>
> page_ext = lookup_page_ext(page);
> + if (page_ext)
> + return;
> __clear_bit(PAGE_EXT_DEBUG_POISON, &page_ext->flags);
> }
>
> @@ -50,6 +54,8 @@ static inline bool page_poison(struct page *page)
> struct page_ext *page_ext;
>
> page_ext = lookup_page_ext(page);
> + if (page_ext)
> + return false;
> return test_bit(PAGE_EXT_DEBUG_POISON, &page_ext->flags);
Now I am confused, your SLE12-SP2's backport in
patches.fixes/0001-mm-check-the-return-value-of-lookup_page_ext-for-all.patch
does the opposite in all three:
+ if (!page_ext)
+ return;
thanks,
--
js
suse labs
^ permalink raw reply [flat|nested] 57+ messages in thread
* Re: [PATCH stable-4.4 1/2] mm: check the return value of lookup_page_ext for all call sites
2017-11-24 9:17 ` Jiri Slaby
@ 2017-11-24 9:28 ` Michal Hocko
2017-11-24 9:29 ` Jiri Slaby
2017-11-24 9:30 ` [PATCH] " Michal Hocko
0 siblings, 2 replies; 57+ messages in thread
From: Michal Hocko @ 2017-11-24 9:28 UTC (permalink / raw)
To: Jiri Slaby
Cc: Greg KH, jaewon31.kim, akpm, js1304, minchan, stable, torvalds,
Yang Shi, Arnd Bergmann, Joonsoo Kim
On Fri 24-11-17 10:17:58, Jiri Slaby wrote:
> On 11/22/2017, 01:09 PM, Michal Hocko wrote:
> > --- a/mm/debug-pagealloc.c
> > +++ b/mm/debug-pagealloc.c
> > @@ -34,6 +34,8 @@ static inline void set_page_poison(struct page *page)
> > struct page_ext *page_ext;
> >
> > page_ext = lookup_page_ext(page);
> > + if (page_ext)
> > + return;
> > __set_bit(PAGE_EXT_DEBUG_POISON, &page_ext->flags);
> > }
> >
> > @@ -42,6 +44,8 @@ static inline void clear_page_poison(struct page *page)
> > struct page_ext *page_ext;
> >
> > page_ext = lookup_page_ext(page);
> > + if (page_ext)
> > + return;
> > __clear_bit(PAGE_EXT_DEBUG_POISON, &page_ext->flags);
> > }
> >
> > @@ -50,6 +54,8 @@ static inline bool page_poison(struct page *page)
> > struct page_ext *page_ext;
> >
> > page_ext = lookup_page_ext(page);
> > + if (page_ext)
> > + return false;
> > return test_bit(PAGE_EXT_DEBUG_POISON, &page_ext->flags);
>
> Now I am confused, your SLE12-SP2's backport in
> patches.fixes/0001-mm-check-the-return-value-of-lookup_page_ext-for-all.patch
> does the opposite in all three:
> + if (!page_ext)
> + return;
Dohh, because I screwed up! Thanks for catching this. I will repost the
fixed patch as a reply to this email.
--
Michal Hocko
SUSE Labs
^ permalink raw reply [flat|nested] 57+ messages in thread
* Re: [PATCH stable-4.4 1/2] mm: check the return value of lookup_page_ext for all call sites
2017-11-24 9:28 ` Michal Hocko
@ 2017-11-24 9:29 ` Jiri Slaby
2017-11-24 9:39 ` Michal Hocko
2017-11-24 9:30 ` [PATCH] " Michal Hocko
1 sibling, 1 reply; 57+ messages in thread
From: Jiri Slaby @ 2017-11-24 9:29 UTC (permalink / raw)
To: Michal Hocko
Cc: Greg KH, jaewon31.kim, akpm, js1304, minchan, stable, torvalds,
Yang Shi, Arnd Bergmann, Joonsoo Kim
On 11/24/2017, 10:28 AM, Michal Hocko wrote:
> I will repost the fixed patch as a reply to this email.
Since 4.4.101 was already released, you should send a bare fix instead
then :).
--
js
suse labs
^ permalink raw reply [flat|nested] 57+ messages in thread
* [PATCH] mm: check the return value of lookup_page_ext for all call sites
2017-11-24 9:28 ` Michal Hocko
2017-11-24 9:29 ` Jiri Slaby
@ 2017-11-24 9:30 ` Michal Hocko
2017-11-24 9:39 ` Greg KH
1 sibling, 1 reply; 57+ messages in thread
From: Michal Hocko @ 2017-11-24 9:30 UTC (permalink / raw)
To: Greg KH
Cc: Jiri Slaby, jaewon31.kim, akpm, js1304, minchan, stable, torvalds,
Yang Shi, Arnd Bergmann, Joonsoo Kim, Michal Hocko
From: Yang Shi <yang.shi@linaro.org>
commit f86e4271978bd93db466d6a95dad4b0fdcdb04f6 upstream.
Per the discussion with Joonsoo Kim [1], we need check the return value
of lookup_page_ext() for all call sites since it might return NULL in
some cases, although it is unlikely, i.e. memory hotplug.
Tested with ltp with "page_owner=0".
[1] http://lkml.kernel.org/r/20160519002809.GA10245@js1304-P5Q-DELUXE
[akpm@linux-foundation.org: fix build-breaking typos]
[arnd@arndb.de: fix build problems from lookup_page_ext]
Link: http://lkml.kernel.org/r/6285269.2CksypHdYp@wuerfel
[akpm@linux-foundation.org: coding-style fixes]
Link: http://lkml.kernel.org/r/1464023768-31025-1-git-send-email-yang.shi@linaro.org
Signed-off-by: Yang Shi <yang.shi@linaro.org>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Michal Hocko <mhocko@suse.com>
---
include/linux/page_idle.h | 43 ++++++++++++++++++++++++++++++++++++-------
mm/debug-pagealloc.c | 6 ++++++
mm/page_alloc.c | 6 ++++++
mm/page_owner.c | 16 ++++++++++++++++
mm/vmstat.c | 2 ++
5 files changed, 66 insertions(+), 7 deletions(-)
diff --git a/include/linux/page_idle.h b/include/linux/page_idle.h
index bf268fa92c5b..fec40271339f 100644
--- a/include/linux/page_idle.h
+++ b/include/linux/page_idle.h
@@ -46,33 +46,62 @@ extern struct page_ext_operations page_idle_ops;
static inline bool page_is_young(struct page *page)
{
- return test_bit(PAGE_EXT_YOUNG, &lookup_page_ext(page)->flags);
+ struct page_ext *page_ext = lookup_page_ext(page);
+
+ if (unlikely(!page_ext))
+ return false;
+
+ return test_bit(PAGE_EXT_YOUNG, &page_ext->flags);
}
static inline void set_page_young(struct page *page)
{
- set_bit(PAGE_EXT_YOUNG, &lookup_page_ext(page)->flags);
+ struct page_ext *page_ext = lookup_page_ext(page);
+
+ if (unlikely(!page_ext))
+ return;
+
+ set_bit(PAGE_EXT_YOUNG, &page_ext->flags);
}
static inline bool test_and_clear_page_young(struct page *page)
{
- return test_and_clear_bit(PAGE_EXT_YOUNG,
- &lookup_page_ext(page)->flags);
+ struct page_ext *page_ext = lookup_page_ext(page);
+
+ if (unlikely(!page_ext))
+ return false;
+
+ return test_and_clear_bit(PAGE_EXT_YOUNG, &page_ext->flags);
}
static inline bool page_is_idle(struct page *page)
{
- return test_bit(PAGE_EXT_IDLE, &lookup_page_ext(page)->flags);
+ struct page_ext *page_ext = lookup_page_ext(page);
+
+ if (unlikely(!page_ext))
+ return false;
+
+ return test_bit(PAGE_EXT_IDLE, &page_ext->flags);
}
static inline void set_page_idle(struct page *page)
{
- set_bit(PAGE_EXT_IDLE, &lookup_page_ext(page)->flags);
+ struct page_ext *page_ext = lookup_page_ext(page);
+
+ if (unlikely(!page_ext))
+ return;
+
+ set_bit(PAGE_EXT_IDLE, &page_ext->flags);
}
static inline void clear_page_idle(struct page *page)
{
- clear_bit(PAGE_EXT_IDLE, &lookup_page_ext(page)->flags);
+ struct page_ext *page_ext = lookup_page_ext(page);
+
+ if (unlikely(!page_ext))
+ return;
+
+ clear_bit(PAGE_EXT_IDLE, &page_ext->flags);
}
#endif /* CONFIG_64BIT */
diff --git a/mm/debug-pagealloc.c b/mm/debug-pagealloc.c
index 5bf5906ce13b..3b8f1b83610e 100644
--- a/mm/debug-pagealloc.c
+++ b/mm/debug-pagealloc.c
@@ -34,6 +34,8 @@ static inline void set_page_poison(struct page *page)
struct page_ext *page_ext;
page_ext = lookup_page_ext(page);
+ if (!page_ext)
+ return;
__set_bit(PAGE_EXT_DEBUG_POISON, &page_ext->flags);
}
@@ -42,6 +44,8 @@ static inline void clear_page_poison(struct page *page)
struct page_ext *page_ext;
page_ext = lookup_page_ext(page);
+ if (!page_ext)
+ return;
__clear_bit(PAGE_EXT_DEBUG_POISON, &page_ext->flags);
}
@@ -50,6 +54,8 @@ static inline bool page_poison(struct page *page)
struct page_ext *page_ext;
page_ext = lookup_page_ext(page);
+ if (!page_ext)
+ return false;
return test_bit(PAGE_EXT_DEBUG_POISON, &page_ext->flags);
}
diff --git a/mm/page_alloc.c b/mm/page_alloc.c
index 6b5421ae86c6..38aca81deeaf 100644
--- a/mm/page_alloc.c
+++ b/mm/page_alloc.c
@@ -560,6 +560,9 @@ static inline void set_page_guard(struct zone *zone, struct page *page,
return;
page_ext = lookup_page_ext(page);
+ if (unlikely(!page_ext))
+ return;
+
__set_bit(PAGE_EXT_DEBUG_GUARD, &page_ext->flags);
INIT_LIST_HEAD(&page->lru);
@@ -577,6 +580,9 @@ static inline void clear_page_guard(struct zone *zone, struct page *page,
return;
page_ext = lookup_page_ext(page);
+ if (unlikely(!page_ext))
+ return;
+
__clear_bit(PAGE_EXT_DEBUG_GUARD, &page_ext->flags);
set_page_private(page, 0);
diff --git a/mm/page_owner.c b/mm/page_owner.c
index 983c3a10fa07..dd6b9cebf981 100644
--- a/mm/page_owner.c
+++ b/mm/page_owner.c
@@ -53,6 +53,8 @@ void __reset_page_owner(struct page *page, unsigned int order)
for (i = 0; i < (1 << order); i++) {
page_ext = lookup_page_ext(page + i);
+ if (unlikely(!page_ext))
+ continue;
__clear_bit(PAGE_EXT_OWNER, &page_ext->flags);
}
}
@@ -60,6 +62,7 @@ void __reset_page_owner(struct page *page, unsigned int order)
void __set_page_owner(struct page *page, unsigned int order, gfp_t gfp_mask)
{
struct page_ext *page_ext = lookup_page_ext(page);
+
struct stack_trace trace = {
.nr_entries = 0,
.max_entries = ARRAY_SIZE(page_ext->trace_entries),
@@ -67,6 +70,9 @@ void __set_page_owner(struct page *page, unsigned int order, gfp_t gfp_mask)
.skip = 3,
};
+ if (unlikely(!page_ext))
+ return;
+
save_stack_trace(&trace);
page_ext->order = order;
@@ -79,6 +85,12 @@ void __set_page_owner(struct page *page, unsigned int order, gfp_t gfp_mask)
gfp_t __get_page_owner_gfp(struct page *page)
{
struct page_ext *page_ext = lookup_page_ext(page);
+ if (unlikely(!page_ext))
+ /*
+ * The caller just returns 0 if no valid gfp
+ * So return 0 here too.
+ */
+ return 0;
return page_ext->gfp_mask;
}
@@ -194,6 +206,8 @@ read_page_owner(struct file *file, char __user *buf, size_t count, loff_t *ppos)
}
page_ext = lookup_page_ext(page);
+ if (unlikely(!page_ext))
+ continue;
/*
* Some pages could be missed by concurrent allocation or free,
@@ -257,6 +271,8 @@ static void init_pages_in_zone(pg_data_t *pgdat, struct zone *zone)
continue;
page_ext = lookup_page_ext(page);
+ if (unlikely(!page_ext))
+ continue;
/* Maybe overraping zone */
if (test_bit(PAGE_EXT_OWNER, &page_ext->flags))
diff --git a/mm/vmstat.c b/mm/vmstat.c
index c54fd2924f25..c344e3609c53 100644
--- a/mm/vmstat.c
+++ b/mm/vmstat.c
@@ -1091,6 +1091,8 @@ static void pagetypeinfo_showmixedcount_print(struct seq_file *m,
continue;
page_ext = lookup_page_ext(page);
+ if (unlikely(!page_ext))
+ continue;
if (!test_bit(PAGE_EXT_OWNER, &page_ext->flags))
continue;
--
2.15.0
^ permalink raw reply related [flat|nested] 57+ messages in thread
* Re: [PATCH] mm: check the return value of lookup_page_ext for all call sites
2017-11-24 9:30 ` [PATCH] " Michal Hocko
@ 2017-11-24 9:39 ` Greg KH
0 siblings, 0 replies; 57+ messages in thread
From: Greg KH @ 2017-11-24 9:39 UTC (permalink / raw)
To: Michal Hocko
Cc: Jiri Slaby, jaewon31.kim, akpm, js1304, minchan, stable, torvalds,
Yang Shi, Arnd Bergmann, Joonsoo Kim, Michal Hocko
On Fri, Nov 24, 2017 at 10:30:32AM +0100, Michal Hocko wrote:
> From: Yang Shi <yang.shi@linaro.org>
>
> commit f86e4271978bd93db466d6a95dad4b0fdcdb04f6 upstream.
>
> Per the discussion with Joonsoo Kim [1], we need check the return value
> of lookup_page_ext() for all call sites since it might return NULL in
> some cases, although it is unlikely, i.e. memory hotplug.
>
> Tested with ltp with "page_owner=0".
>
> [1] http://lkml.kernel.org/r/20160519002809.GA10245@js1304-P5Q-DELUXE
>
> [akpm@linux-foundation.org: fix build-breaking typos]
> [arnd@arndb.de: fix build problems from lookup_page_ext]
> Link: http://lkml.kernel.org/r/6285269.2CksypHdYp@wuerfel
> [akpm@linux-foundation.org: coding-style fixes]
> Link: http://lkml.kernel.org/r/1464023768-31025-1-git-send-email-yang.shi@linaro.org
> Signed-off-by: Yang Shi <yang.shi@linaro.org>
> Signed-off-by: Arnd Bergmann <arnd@arndb.de>
> Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com>
> Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
> Signed-off-by: Michal Hocko <mhocko@suse.com>
Can you send a patch on top of 4.4.101 to resolve this instead?
thanks,
greg k-h
^ permalink raw reply [flat|nested] 57+ messages in thread
* Re: [PATCH stable-4.4 1/2] mm: check the return value of lookup_page_ext for all call sites
2017-11-24 9:29 ` Jiri Slaby
@ 2017-11-24 9:39 ` Michal Hocko
2017-11-24 10:14 ` Greg KH
0 siblings, 1 reply; 57+ messages in thread
From: Michal Hocko @ 2017-11-24 9:39 UTC (permalink / raw)
To: Jiri Slaby, Greg KH
Cc: jaewon31.kim, akpm, js1304, minchan, stable, torvalds, Yang Shi,
Arnd Bergmann, Joonsoo Kim
On Fri 24-11-17 10:29:41, Jiri Slaby wrote:
> On 11/24/2017, 10:28 AM, Michal Hocko wrote:
> > I will repost the fixed patch as a reply to this email.
>
> Since 4.4.101 was already released, you should send a bare fix instead
> then :).
Sigh... Greg, could you queue this one up then? I am really sorry about
the screw up. The rest of the backport should be ok.
---
commit 5dfbfb99a64d1554eac7e3074af49e39bd104c35
Author: Michal Hocko <mhocko@suse.com>
Date: Fri Nov 24 10:34:07 2017 +0100
mm, hwpoison: fixup "mm: check the return value of lookup_page_ext for all call sites"
Backport of the upstream commit f86e4271978b ("mm: check the return
value of lookup_page_ext for all call sites") is wrong for hwpoison
pages. I have accidentally negated the condition for bailout. This
basically disables hwpoison pages tracking while the code still
might crash on unusual configurations when struct pages do not have
page_ext allocated. The fix is trivial to invert the condition.
Reported-by: Jiri Slaby <jslaby@suse.cz>
Signed-off-by: Michal Hocko <mhocko@suse.com>
diff --git a/mm/debug-pagealloc.c b/mm/debug-pagealloc.c
index fe1c61f7cf26..3b8f1b83610e 100644
--- a/mm/debug-pagealloc.c
+++ b/mm/debug-pagealloc.c
@@ -34,7 +34,7 @@ static inline void set_page_poison(struct page *page)
struct page_ext *page_ext;
page_ext = lookup_page_ext(page);
- if (page_ext)
+ if (!page_ext)
return;
__set_bit(PAGE_EXT_DEBUG_POISON, &page_ext->flags);
}
@@ -44,7 +44,7 @@ static inline void clear_page_poison(struct page *page)
struct page_ext *page_ext;
page_ext = lookup_page_ext(page);
- if (page_ext)
+ if (!page_ext)
return;
__clear_bit(PAGE_EXT_DEBUG_POISON, &page_ext->flags);
}
@@ -54,7 +54,7 @@ static inline bool page_poison(struct page *page)
struct page_ext *page_ext;
page_ext = lookup_page_ext(page);
- if (page_ext)
+ if (!page_ext)
return false;
return test_bit(PAGE_EXT_DEBUG_POISON, &page_ext->flags);
}
--
Michal Hocko
SUSE Labs
^ permalink raw reply related [flat|nested] 57+ messages in thread
* Re: [PATCH stable-4.4 1/2] mm: check the return value of lookup_page_ext for all call sites
2017-11-24 9:39 ` Michal Hocko
@ 2017-11-24 10:14 ` Greg KH
0 siblings, 0 replies; 57+ messages in thread
From: Greg KH @ 2017-11-24 10:14 UTC (permalink / raw)
To: Michal Hocko
Cc: Jiri Slaby, jaewon31.kim, akpm, js1304, minchan, stable, torvalds,
Yang Shi, Arnd Bergmann, Joonsoo Kim
On Fri, Nov 24, 2017 at 10:39:57AM +0100, Michal Hocko wrote:
> On Fri 24-11-17 10:29:41, Jiri Slaby wrote:
> > On 11/24/2017, 10:28 AM, Michal Hocko wrote:
> > > I will repost the fixed patch as a reply to this email.
> >
> > Since 4.4.101 was already released, you should send a bare fix instead
> > then :).
>
> Sigh... Greg, could you queue this one up then? I am really sorry about
> the screw up. The rest of the backport should be ok.
Not a problem, thanks for the fixup, I'll go run it through my build
systems and then release a 4.4.102 with it.
thanks,
greg k-h
^ permalink raw reply [flat|nested] 57+ messages in thread
* Re: [PATCH stable-4.4 1/2] mm: check the return value of lookup_page_ext for all call sites
2017-11-22 12:09 ` [PATCH stable-4.4 1/2] mm: check the return value of lookup_page_ext for all call sites Michal Hocko
` (2 preceding siblings ...)
2017-11-24 9:17 ` Jiri Slaby
@ 2017-12-05 16:16 ` Ben Hutchings
2017-12-05 16:17 ` Ben Hutchings
2017-12-05 19:16 ` Michal Hocko
3 siblings, 2 replies; 57+ messages in thread
From: Ben Hutchings @ 2017-12-05 16:16 UTC (permalink / raw)
To: Michal Hocko, Greg KH
Cc: jaewon31.kim, akpm, js1304, mhocko, minchan, stable, torvalds,
Yang Shi, Arnd Bergmann, Joonsoo Kim
On Wed, 2017-11-22 at 13:09 +0100, Michal Hocko wrote:
> From: Yang Shi <yang.shi@linaro.org>
>
> commit f86e4271978bd93db466d6a95dad4b0fdcdb04f6 upstream.
>
> Per the discussion with Joonsoo Kim [1], we need check the return value
> of lookup_page_ext() for all call sites since it might return NULL in
> some cases, although it is unlikely, i.e. memory hotplug.
>
> Tested with ltp with "page_owner=0".
[...]
> --- a/mm/debug-pagealloc.c
> +++ b/mm/debug-pagealloc.c
> @@ -34,6 +34,8 @@ static inline void set_page_poison(struct page
> *page)
> struct page_ext *page_ext;
>
> page_ext = lookup_page_ext(page);
> + if (page_ext)
> + return;
This, and the other checks added to debug-pagealloc.c, are reversed.
(This is specific to the 4.4 backport - in the upstream version these
functions are in mm/page_poison.c and were patched correctly.)
Ben.
> __set_bit(PAGE_EXT_DEBUG_POISON, &page_ext->flags);
> }
>
> @@ -42,6 +44,8 @@ static inline void clear_page_poison(struct page
> *page)
> struct page_ext *page_ext;
>
> page_ext = lookup_page_ext(page);
> + if (page_ext)
> + return;
> __clear_bit(PAGE_EXT_DEBUG_POISON, &page_ext->flags);
> }
>
> @@ -50,6 +54,8 @@ static inline bool page_poison(struct page *page)
> struct page_ext *page_ext;
>
> page_ext = lookup_page_ext(page);
> + if (page_ext)
> + return false;
> return test_bit(PAGE_EXT_DEBUG_POISON, &page_ext->flags);
> }
>
[...]
--
Ben Hutchings
Software Developer, Codethink Ltd.
^ permalink raw reply [flat|nested] 57+ messages in thread
* Re: [PATCH stable-4.4 1/2] mm: check the return value of lookup_page_ext for all call sites
2017-12-05 16:16 ` [PATCH stable-4.4 1/2] " Ben Hutchings
@ 2017-12-05 16:17 ` Ben Hutchings
2017-12-05 19:16 ` Michal Hocko
1 sibling, 0 replies; 57+ messages in thread
From: Ben Hutchings @ 2017-12-05 16:17 UTC (permalink / raw)
To: Michal Hocko, Greg KH
Cc: jaewon31.kim, akpm, js1304, mhocko, minchan, stable, torvalds,
Yang Shi, Arnd Bergmann, Joonsoo Kim
Sorry, I see this got fixed already.
Ben.
On Tue, 2017-12-05 at 16:16 +0000, Ben Hutchings wrote:
> On Wed, 2017-11-22 at 13:09 +0100, Michal Hocko wrote:
> > From: Yang Shi <yang.shi@linaro.org>
> >
> > commit f86e4271978bd93db466d6a95dad4b0fdcdb04f6 upstream.
> >
> > Per the discussion with Joonsoo Kim [1], we need check the return value
> > of lookup_page_ext() for all call sites since it might return NULL in
> > some cases, although it is unlikely, i.e. memory hotplug.
> >
> > Tested with ltp with "page_owner=0".
>
> [...]
> > --- a/mm/debug-pagealloc.c
> > +++ b/mm/debug-pagealloc.c
> > @@ -34,6 +34,8 @@ static inline void set_page_poison(struct page
> > *page)
> > struct page_ext *page_ext;
> >
> > page_ext = lookup_page_ext(page);
> > + if (page_ext)
> > + return;
>
> This, and the other checks added to debug-pagealloc.c, are reversed.
> (This is specific to the 4.4 backport - in the upstream version these
> functions are in mm/page_poison.c and were patched correctly.)
>
> Ben.
>
> > __set_bit(PAGE_EXT_DEBUG_POISON, &page_ext->flags);
> > }
> >
> > @@ -42,6 +44,8 @@ static inline void clear_page_poison(struct page
> > *page)
> > struct page_ext *page_ext;
> >
> > page_ext = lookup_page_ext(page);
> > + if (page_ext)
> > + return;
> > __clear_bit(PAGE_EXT_DEBUG_POISON, &page_ext->flags);
> > }
> >
> > @@ -50,6 +54,8 @@ static inline bool page_poison(struct page *page)
> > struct page_ext *page_ext;
> >
> > page_ext = lookup_page_ext(page);
> > + if (page_ext)
> > + return false;
> > return test_bit(PAGE_EXT_DEBUG_POISON, &page_ext->flags);
> > }
> >
>
> [...]
>
--
Ben Hutchings
Software Developer, Codethink Ltd.
^ permalink raw reply [flat|nested] 57+ messages in thread
* Re: [PATCH stable-4.4 1/2] mm: check the return value of lookup_page_ext for all call sites
2017-12-05 16:16 ` [PATCH stable-4.4 1/2] " Ben Hutchings
2017-12-05 16:17 ` Ben Hutchings
@ 2017-12-05 19:16 ` Michal Hocko
1 sibling, 0 replies; 57+ messages in thread
From: Michal Hocko @ 2017-12-05 19:16 UTC (permalink / raw)
To: Ben Hutchings
Cc: Greg KH, jaewon31.kim, akpm, js1304, minchan, stable, torvalds,
Yang Shi, Arnd Bergmann, Joonsoo Kim
On Tue 05-12-17 16:16:35, Ben Hutchings wrote:
> On Wed, 2017-11-22 at 13:09 +0100, Michal Hocko wrote:
> > From: Yang Shi <yang.shi@linaro.org>
> >
> > commit f86e4271978bd93db466d6a95dad4b0fdcdb04f6 upstream.
> >
> > Per the discussion with Joonsoo Kim [1], we need check the return value
> > of lookup_page_ext() for all call sites since it might return NULL in
> > some cases, although it is unlikely, i.e.��memory hotplug.
> >
> > Tested with ltp with "page_owner=0".
> [...]
> > --- a/mm/debug-pagealloc.c
> > +++ b/mm/debug-pagealloc.c
> > @@ -34,6 +34,8 @@ static inline void set_page_poison(struct page
> > *page)
> > � struct page_ext *page_ext;
> > �
> > � page_ext = lookup_page_ext(page);
> > + if (page_ext)
> > + return;
>
> This, and the other checks added to debug-pagealloc.c, are reversed.
> (This is specific to the 4.4 backport - in the upstream version these
> functions are in mm/page_poison.c and were patched correctly.)
Yes, I've sent a fixup and Greg has queued it up as 0208fabf7256245125fbabf03207a0da4000ea2d
--
Michal Hocko
SUSE Labs
^ permalink raw reply [flat|nested] 57+ messages in thread
end of thread, other threads:[~2017-12-05 19:17 UTC | newest]
Thread overview: 57+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-11-22 8:37 FAILED: patch "[PATCH] mm/page_ext.c: check if page_ext is not prepared" failed to apply to 4.4-stable tree gregkh
2017-11-22 9:47 ` Michal Hocko
2017-11-22 9:54 ` Greg KH
2017-11-22 12:08 ` Michal Hocko
2017-11-22 12:09 ` [PATCH stable-4.4 1/2] mm: check the return value of lookup_page_ext for all call sites Michal Hocko
2017-11-22 12:09 ` [PATCH stable-4.4 2/2] mm/page_ext.c: check if page_ext is not prepared Michal Hocko
2017-11-22 14:04 ` [PATCH stable-4.4 1/2] mm: check the return value of lookup_page_ext for all call sites Greg KH
2017-11-24 9:17 ` Jiri Slaby
2017-11-24 9:28 ` Michal Hocko
2017-11-24 9:29 ` Jiri Slaby
2017-11-24 9:39 ` Michal Hocko
2017-11-24 10:14 ` Greg KH
2017-11-24 9:30 ` [PATCH] " Michal Hocko
2017-11-24 9:39 ` Greg KH
2017-12-05 16:16 ` [PATCH stable-4.4 1/2] " Ben Hutchings
2017-12-05 16:17 ` Ben Hutchings
2017-12-05 19:16 ` Michal Hocko
-- strict thread matches above, loose matches on Subject: below --
2016-05-23 17:16 [PATCH] " Yang Shi
2016-05-23 17:16 ` Yang Shi
2016-05-24 2:58 ` Minchan Kim
2016-05-24 2:58 ` Minchan Kim
2016-05-26 0:37 ` Minchan Kim
2016-05-26 0:37 ` Minchan Kim
2016-05-26 23:15 ` Shi, Yang
2016-05-26 23:15 ` Shi, Yang
2016-05-27 5:14 ` Minchan Kim
2016-05-27 5:14 ` Minchan Kim
2016-05-27 6:08 ` Joonsoo Kim
2016-05-27 6:08 ` Joonsoo Kim
2016-05-27 8:11 ` Minchan Kim
2016-05-27 8:11 ` Minchan Kim
2016-05-27 18:16 ` Shi, Yang
2016-05-27 18:16 ` Shi, Yang
2016-05-30 6:11 ` Minchan Kim
2016-05-30 6:11 ` Minchan Kim
2016-06-01 20:40 ` Shi, Yang
2016-06-01 20:40 ` Shi, Yang
2016-06-02 5:00 ` Minchan Kim
2016-06-02 5:00 ` Minchan Kim
2016-06-02 23:15 ` Shi, Yang
2016-06-02 23:15 ` Shi, Yang
2016-05-30 5:39 ` Joonsoo Kim
2016-05-30 5:39 ` Joonsoo Kim
2016-05-30 6:08 ` Minchan Kim
2016-05-30 6:08 ` Minchan Kim
2016-06-01 20:52 ` Shi, Yang
2016-06-01 20:52 ` Shi, Yang
2016-05-27 20:02 ` Andrew Morton
2016-05-27 20:02 ` Andrew Morton
2016-05-27 20:17 ` Shi, Yang
2016-05-27 20:17 ` Shi, Yang
2016-05-27 20:30 ` Andrew Morton
2016-05-27 20:30 ` Andrew Morton
2016-05-25 7:12 ` shakil
2016-05-25 7:12 ` shakil
2016-05-30 6:17 ` Minchan Kim
2016-05-30 6:17 ` Minchan Kim
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.