From: Jaegeuk Hanse <jaegeuk.hanse@gmail.com>
To: Hugh Dickins <hughd@google.com>
Cc: Dave Jones <davej@redhat.com>,
Andrew Morton <akpm@linux-foundation.org>,
Johannes Weiner <hannes@cmpxchg.org>,
linux-mm@kvack.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] tmpfs: fix shmem_getpage_gfp VM_BUG_ON
Date: Wed, 14 Nov 2012 11:07:09 +0800 [thread overview]
Message-ID: <50A30ADD.9000209@gmail.com> (raw)
In-Reply-To: <alpine.LNX.2.00.1211061521230.6954@eggly.anvils>
On 11/07/2012 07:48 AM, Hugh Dickins wrote:
> On Tue, 6 Nov 2012, Dave Jones wrote:
>> On Mon, Nov 05, 2012 at 05:32:41PM -0800, Hugh Dickins wrote:
>>
>> > - /* We already confirmed swap, and make no allocation */
>> > - VM_BUG_ON(error);
>> > + /*
>> > + * We already confirmed swap under page lock, and make
>> > + * no memory allocation here, so usually no possibility
>> > + * of error; but free_swap_and_cache() only trylocks a
>> > + * page, so it is just possible that the entry has been
>> > + * truncated or holepunched since swap was confirmed.
>> > + * shmem_undo_range() will have done some of the
>> > + * unaccounting, now delete_from_swap_cache() will do
>> > + * the rest (including mem_cgroup_uncharge_swapcache).
>> > + * Reset swap.val? No, leave it so "failed" goes back to
>> > + * "repeat": reading a hole and writing should succeed.
>> > + */
>> > + if (error) {
>> > + VM_BUG_ON(error != -ENOENT);
>> > + delete_from_swap_cache(page);
>> > + }
>> > }
>>
>> I ran with this overnight,
> Thanks a lot...
>
>> and still hit the (new!) VM_BUG_ON
> ... but that's even more surprising than your original report.
>
>> Perhaps we should print out what 'error' was too ? I'll rebuild with that..
> Thanks; though I thought the error was going to turn out too boring,
> and was preparing a debug patch for you to show the expected and found
> values too. But then got very puzzled...
>
>> ------------[ cut here ]------------
>> WARNING: at mm/shmem.c:1151 shmem_getpage_gfp+0xa5c/0xa70()
>> Hardware name: 2012 Client Platform
>> Pid: 21798, comm: trinity-child4 Not tainted 3.7.0-rc4+ #54
> That's the very same line number as in your original report, despite
> the long comment which the patch adds. Are you sure that kernel was
> built with the patch in?
>
> I wouldn't usually question you, but I'm going mad trying to understand
> how the VM_BUG_ON(error != -ENOENT) fires. At the time I wrote that
> line, and when I was preparing the debug patch, I was thinking that an
> error from shmem_radix_tree_replace could also be -EEXIST, for when a
> different something rather than nothing is found [*]. But that's not
> the case, shmem_radix_tree_replace returns either 0 or -ENOENT.
>
> So if error != -ENOENT, that means shmem_add_to_page_cache went the
> radix_tree_insert route instead of the shmem_radix_tree_replace route;
> which means that its 'expected' is NULL, so swp_to_radix_entry(swap)
> is NULL; but swp_to_radix_entry() does an "| 2", so however corrupt
> the radix_tree might be, I do not understand the new VM_BUG_ON firing.
>
> Please tell me it was the wrong kernel!
> Hugh
>
> [*] But in thinking it over, I realize that if shmem_radix_tree_replace
> had returned -EEXIST for the "wrong something" case, I would have been
> wrong to BUG on that; because just as truncation could remove an entry,
> something else could immediately after instantiate a new page there.
Hi Hugh,
As you said, swp_to_radix_entry() does an "| 2", so even if truncation
could remove an entry and something else could immediately after
instantiate a new page there, but the expected parameter will not be
NULL, the result is radix_tree_insert will not be called and
shmem_add_to_page_cache will not return -EEXIST, then why trigger BUG_ON ?
Regards,
Jaegeuk
> So although I believe my VM_BUG_ON(error != -ENOENT) is safe, it's
> not saying what I had intended to say with it, and would have been
> wrong to say that anyway. It just looks stupid to me now, rather
> like inserting a VM_BUG_ON(false) - but that does become interesting
> when you report that you've hit it.
>
> --
> To unsubscribe, send a message with 'unsubscribe linux-mm' in
> the body to majordomo@kvack.org. For more info on Linux MM,
> see: http://www.linux-mm.org/ .
> Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
WARNING: multiple messages have this Message-ID (diff)
From: Jaegeuk Hanse <jaegeuk.hanse@gmail.com>
To: Hugh Dickins <hughd@google.com>
Cc: Dave Jones <davej@redhat.com>,
Andrew Morton <akpm@linux-foundation.org>,
Johannes Weiner <hannes@cmpxchg.org>,
linux-mm@kvack.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] tmpfs: fix shmem_getpage_gfp VM_BUG_ON
Date: Wed, 14 Nov 2012 11:07:09 +0800 [thread overview]
Message-ID: <50A30ADD.9000209@gmail.com> (raw)
In-Reply-To: <alpine.LNX.2.00.1211061521230.6954@eggly.anvils>
On 11/07/2012 07:48 AM, Hugh Dickins wrote:
> On Tue, 6 Nov 2012, Dave Jones wrote:
>> On Mon, Nov 05, 2012 at 05:32:41PM -0800, Hugh Dickins wrote:
>>
>> > - /* We already confirmed swap, and make no allocation */
>> > - VM_BUG_ON(error);
>> > + /*
>> > + * We already confirmed swap under page lock, and make
>> > + * no memory allocation here, so usually no possibility
>> > + * of error; but free_swap_and_cache() only trylocks a
>> > + * page, so it is just possible that the entry has been
>> > + * truncated or holepunched since swap was confirmed.
>> > + * shmem_undo_range() will have done some of the
>> > + * unaccounting, now delete_from_swap_cache() will do
>> > + * the rest (including mem_cgroup_uncharge_swapcache).
>> > + * Reset swap.val? No, leave it so "failed" goes back to
>> > + * "repeat": reading a hole and writing should succeed.
>> > + */
>> > + if (error) {
>> > + VM_BUG_ON(error != -ENOENT);
>> > + delete_from_swap_cache(page);
>> > + }
>> > }
>>
>> I ran with this overnight,
> Thanks a lot...
>
>> and still hit the (new!) VM_BUG_ON
> ... but that's even more surprising than your original report.
>
>> Perhaps we should print out what 'error' was too ? I'll rebuild with that..
> Thanks; though I thought the error was going to turn out too boring,
> and was preparing a debug patch for you to show the expected and found
> values too. But then got very puzzled...
>
>> ------------[ cut here ]------------
>> WARNING: at mm/shmem.c:1151 shmem_getpage_gfp+0xa5c/0xa70()
>> Hardware name: 2012 Client Platform
>> Pid: 21798, comm: trinity-child4 Not tainted 3.7.0-rc4+ #54
> That's the very same line number as in your original report, despite
> the long comment which the patch adds. Are you sure that kernel was
> built with the patch in?
>
> I wouldn't usually question you, but I'm going mad trying to understand
> how the VM_BUG_ON(error != -ENOENT) fires. At the time I wrote that
> line, and when I was preparing the debug patch, I was thinking that an
> error from shmem_radix_tree_replace could also be -EEXIST, for when a
> different something rather than nothing is found [*]. But that's not
> the case, shmem_radix_tree_replace returns either 0 or -ENOENT.
>
> So if error != -ENOENT, that means shmem_add_to_page_cache went the
> radix_tree_insert route instead of the shmem_radix_tree_replace route;
> which means that its 'expected' is NULL, so swp_to_radix_entry(swap)
> is NULL; but swp_to_radix_entry() does an "| 2", so however corrupt
> the radix_tree might be, I do not understand the new VM_BUG_ON firing.
>
> Please tell me it was the wrong kernel!
> Hugh
>
> [*] But in thinking it over, I realize that if shmem_radix_tree_replace
> had returned -EEXIST for the "wrong something" case, I would have been
> wrong to BUG on that; because just as truncation could remove an entry,
> something else could immediately after instantiate a new page there.
Hi Hugh,
As you said, swp_to_radix_entry() does an "| 2", so even if truncation
could remove an entry and something else could immediately after
instantiate a new page there, but the expected parameter will not be
NULL, the result is radix_tree_insert will not be called and
shmem_add_to_page_cache will not return -EEXIST, then why trigger BUG_ON ?
Regards,
Jaegeuk
> So although I believe my VM_BUG_ON(error != -ENOENT) is safe, it's
> not saying what I had intended to say with it, and would have been
> wrong to say that anyway. It just looks stupid to me now, rather
> like inserting a VM_BUG_ON(false) - but that does become interesting
> when you report that you've hit it.
>
> --
> To unsubscribe, send a message with 'unsubscribe linux-mm' in
> the body to majordomo@kvack.org. For more info on Linux MM,
> see: http://www.linux-mm.org/ .
> Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
next prev parent reply other threads:[~2012-11-14 3:07 UTC|newest]
Thread overview: 69+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-10-25 2:37 shmem_getpage_gfp VM_BUG_ON triggered. [3.7rc2] Dave Jones
2012-10-25 2:37 ` Dave Jones
2012-10-25 4:36 ` Hugh Dickins
2012-10-25 4:36 ` Hugh Dickins
2012-10-25 4:50 ` Ni zhan Chen
2012-10-25 4:50 ` Ni zhan Chen
2012-10-25 6:59 ` Hugh Dickins
2012-10-25 6:59 ` Hugh Dickins
2012-10-25 9:53 ` Ni zhan Chen
2012-10-25 10:21 ` Ni zhan Chen
2012-10-25 10:21 ` Ni zhan Chen
2012-10-25 21:27 ` Hugh Dickins
2012-10-25 21:27 ` Hugh Dickins
2012-10-26 1:48 ` Ni zhan Chen
2012-10-26 1:48 ` Ni zhan Chen
2012-10-25 11:14 ` Dave Jones
2012-10-25 11:14 ` Dave Jones
2012-10-25 21:28 ` Hugh Dickins
2012-10-25 21:28 ` Hugh Dickins
2012-10-25 20:52 ` Johannes Weiner
2012-10-25 20:52 ` Johannes Weiner
2012-10-25 21:48 ` Hugh Dickins
2012-10-25 21:48 ` Hugh Dickins
2012-10-26 2:15 ` Ni zhan Chen
2012-10-26 2:15 ` Ni zhan Chen
2012-11-01 19:10 ` Dave Jones
2012-11-01 19:10 ` Dave Jones
2012-11-01 23:03 ` Hugh Dickins
2012-11-01 23:03 ` Hugh Dickins
2012-11-01 23:20 ` Dave Jones
2012-11-01 23:20 ` Dave Jones
2012-11-01 23:48 ` Hugh Dickins
2012-11-01 23:48 ` Hugh Dickins
2012-11-02 1:43 ` Dave Jones
2012-11-02 1:43 ` Dave Jones
2012-11-02 23:26 ` Hugh Dickins
2012-11-02 23:26 ` Hugh Dickins
2012-11-06 1:32 ` [PATCH] tmpfs: fix shmem_getpage_gfp VM_BUG_ON Hugh Dickins
2012-11-06 1:32 ` Hugh Dickins
2012-11-06 13:54 ` Dave Jones
2012-11-06 13:54 ` Dave Jones
2012-11-06 23:48 ` Hugh Dickins
2012-11-06 23:48 ` Hugh Dickins
2012-11-07 22:38 ` Dave Jones
2012-11-07 22:38 ` Dave Jones
2012-11-14 1:36 ` [PATCH] tmpfs: fix shmem_getpage_gfp VM_BUG_ON fix Hugh Dickins
2012-11-14 1:36 ` Hugh Dickins
2012-11-14 3:07 ` Jaegeuk Hanse [this message]
2012-11-14 3:07 ` [PATCH] tmpfs: fix shmem_getpage_gfp VM_BUG_ON Jaegeuk Hanse
2012-11-14 3:50 ` Hugh Dickins
2012-11-14 3:50 ` Hugh Dickins
2012-11-14 6:14 ` Dave Jones
2012-11-14 6:14 ` Dave Jones
2012-11-14 10:06 ` Hugh Dickins
2012-11-14 10:06 ` Hugh Dickins
2012-11-15 7:39 ` Jaegeuk Hanse
2012-11-15 7:39 ` Jaegeuk Hanse
2012-11-15 19:56 ` Hugh Dickins
2012-11-15 19:56 ` Hugh Dickins
2012-11-16 0:40 ` Jaegeuk Hanse
2012-11-16 0:40 ` Jaegeuk Hanse
2012-11-16 9:34 ` Jaegeuk Hanse
2012-11-16 9:34 ` Jaegeuk Hanse
2012-11-17 4:48 ` Hugh Dickins
2012-11-17 4:48 ` Hugh Dickins
2012-11-18 0:57 ` Jaegeuk Hanse
2012-11-18 0:57 ` Jaegeuk Hanse
2012-11-18 1:48 ` Jaegeuk Hanse
2012-11-18 1:48 ` Jaegeuk Hanse
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=50A30ADD.9000209@gmail.com \
--to=jaegeuk.hanse@gmail.com \
--cc=akpm@linux-foundation.org \
--cc=davej@redhat.com \
--cc=hannes@cmpxchg.org \
--cc=hughd@google.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.