From: Naoya Horiguchi <naoya.horiguchi@linux.dev>
To: Liu Shixin <liushixin2@huawei.com>
Cc: Naoya Horiguchi <naoya.horiguchi@nec.com>,
Andrew Morton <akpm@linux-foundation.org>,
Oscar Salvador <osalvador@suse.de>,
linux-mm@kvack.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH -next] mm/hwpoison: clear MF_COUNT_INCREASED before retrying get_any_page()
Date: Wed, 22 Dec 2021 11:14:45 +0900 [thread overview]
Message-ID: <20211222021445.GA1534186@u2004> (raw)
In-Reply-To: <d0e572ee-0e32-371d-3f5b-7afdeb4013e4@huawei.com>
On Wed, Dec 22, 2021 at 09:49:18AM +0800, Liu Shixin wrote:
>
>
> On 2021/12/22 8:37, Naoya Horiguchi wrote:
> > On Tue, Dec 21, 2021 at 03:49:08PM +0800, Liu Shixin wrote:
> >> Hulk Robot reported a panic in put_page_testzero() when testing madvise()
> >> with MADV_SOFT_OFFLINE. The BUG() is triggered when retrying get_any_page().
> >> This is because we keep MF_COUNT_INCREASED flag in second try but the refcnt
> >> is not increased.
> > Hi Shixin,
> >
> > Thanks you for the report.
> >
> > I'm not still sure about the logic behind the bug.
> > madvise(MADV_SOFT_OFFLINE) should not work on free pages because
> > madvise_inject_error() pins the target page with get_user_pages_fast()
> > (MF_COUNT_INCREASED means refcount is incremented by the caller).
> > The retry logic can be called when soft_offline_free_page() fails, so
> > the logic assumes that the target page is a free page. So why does
> > clearing MF_COUNT_INCREASED affect and solve the issue?
> >
> > It seems to me that if soft_offline_page() is called on a free page
> > with MF_COUNT_INCREASED set, then it's problematic itself.
> >
> > Thanks,
> > Naoya Horiguchi
>
> The page is not free when soft_offline_page() is called. In get_any_page(),
> if MF_COUNT_INCREASED is set and !HWPoisonHandlable(page), put_page()
> will be called firstly and then goto try_again. The page is freed in this period.
Okay, the logic is clear to me now.
> >>
> >> Fixes: b94e02822deb ("mm,hwpoison: try to narrow window race for free pages")
> >> Reported-by: Hulk Robot <hulkci@huawei.com>
> >> Signed-off-by: Liu Shixin <liushixin2@huawei.com>
Thank you very much.
Acked-by: Naoya Horiguchi <naoya.horiguchi@nec.com>
> >> ---
> >> mm/memory-failure.c | 1 +
> >> 1 file changed, 1 insertion(+)
> >>
> >> diff --git a/mm/memory-failure.c b/mm/memory-failure.c
> >> index 68d9a35f8908..160526f83bcb 100644
> >> --- a/mm/memory-failure.c
> >> +++ b/mm/memory-failure.c
> >> @@ -2288,6 +2288,7 @@ int soft_offline_page(unsigned long pfn, int flags)
> >> } else if (ret == 0) {
> >> if (soft_offline_free_page(page) && try_again) {
> >> try_again = false;
> >> + flags &= ~MF_COUNT_INCREASED;
> >> goto retry;
> >> }
> >> }
> >> --
> >> 2.25.1
> >>
> > .
> >
>
prev parent reply other threads:[~2021-12-22 2:14 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-12-21 7:49 [PATCH -next] mm/hwpoison: clear MF_COUNT_INCREASED before retrying get_any_page() Liu Shixin
2021-12-21 9:37 ` Oscar Salvador
2021-12-22 0:37 ` Naoya Horiguchi
2021-12-22 1:49 ` Liu Shixin
2021-12-22 2:14 ` Naoya Horiguchi [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211222021445.GA1534186@u2004 \
--to=naoya.horiguchi@linux.dev \
--cc=akpm@linux-foundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=liushixin2@huawei.com \
--cc=naoya.horiguchi@nec.com \
--cc=osalvador@suse.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.