[PATCH V3] mm:add VM_BUG_ON_PAGE() for page_mapcount()

All of lore.kernel.org
 help / color / mirror / Atom feed

From: vbabka@suse.cz (Vlastimil Babka)
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH V3] mm:add VM_BUG_ON_PAGE() for page_mapcount()
Date: Tue, 09 Jun 2015 18:14:25 +0200	[thread overview]
Message-ID: <557710E1.6060103@suse.cz> (raw)
In-Reply-To: <35FD53F367049845BC99AC72306C23D103E688B313FA@CNBJMBX05.corpusers.net>

On 12/08/2014 10:59 AM, Wang, Yalin wrote:
> This patch add VM_BUG_ON_PAGE() for slab page,
> because _mapcount is an union with slab struct in struct page,
> avoid access _mapcount if this page is a slab page.
> Also remove the unneeded bracket.
>
> Signed-off-by: Yalin Wang <yalin.wang@sonymobile.com>
> ---
>   include/linux/mm.h | 3 ++-
>   1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/include/linux/mm.h b/include/linux/mm.h
> index b464611..a117527 100644
> --- a/include/linux/mm.h
> +++ b/include/linux/mm.h
> @@ -449,7 +449,8 @@ static inline void page_mapcount_reset(struct page *page)
>
>   static inline int page_mapcount(struct page *page)
>   {
> -	return atomic_read(&(page)->_mapcount) + 1;
> +	VM_BUG_ON_PAGE(PageSlab(page), page);
> +	return atomic_read(&page->_mapcount) + 1;
>   }
>

I think this might theoretically trigger on the following code in 
compaction's isolate_migratepages_block():

/*
   * Migration will fail if an anonymous page is pinned in memory,
   * so avoid taking lru_lock and isolating it unnecessarily in an
   * admittedly racy check.
   */
if (!page_mapping(page) &&
     page_count(page) > page_mapcount(page))
	continue;

This is done after PageLRU() was positive, but the lru_lock might be not 
taken yet. So, there's some time window during which the page might have 
been reclaimed from LRU and become a PageSlab(page). !page_mapping(page) 
will be true in that case so it will proceed with page_mapcount(page) 
test and trigger the VM_BUG_ON.

(That test was added by DavidR year ago in commit 
119d6d59dcc0980dcd581fdadb6b2033b512a473)

Vlastimil





>   static inline int page_count(struct page *page)
>

WARNING: multiple messages have this Message-ID (diff)

From: Vlastimil Babka <vbabka@suse.cz>
To: "Wang, Yalin" <Yalin.Wang@sonymobile.com>,
	'Hillf Danton' <hillf.zj@alibaba-inc.com>,
	'linux-kernel' <linux-kernel@vger.kernel.org>,
	"'linux-mm@kvack.org'" <linux-mm@kvack.org>,
	"'linux-arm-kernel@lists.infradead.org'"
	<linux-arm-kernel@lists.infradead.org>,
	'Andrew Morton' <akpm@linux-foundation.org>
Cc: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>,
	David Rientjes <rientjes@google.com>
Subject: Re: [PATCH V3] mm:add VM_BUG_ON_PAGE() for page_mapcount()
Date: Tue, 09 Jun 2015 18:14:25 +0200	[thread overview]
Message-ID: <557710E1.6060103@suse.cz> (raw)
In-Reply-To: <35FD53F367049845BC99AC72306C23D103E688B313FA@CNBJMBX05.corpusers.net>

On 12/08/2014 10:59 AM, Wang, Yalin wrote:
> This patch add VM_BUG_ON_PAGE() for slab page,
> because _mapcount is an union with slab struct in struct page,
> avoid access _mapcount if this page is a slab page.
> Also remove the unneeded bracket.
>
> Signed-off-by: Yalin Wang <yalin.wang@sonymobile.com>
> ---
>   include/linux/mm.h | 3 ++-
>   1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/include/linux/mm.h b/include/linux/mm.h
> index b464611..a117527 100644
> --- a/include/linux/mm.h
> +++ b/include/linux/mm.h
> @@ -449,7 +449,8 @@ static inline void page_mapcount_reset(struct page *page)
>
>   static inline int page_mapcount(struct page *page)
>   {
> -	return atomic_read(&(page)->_mapcount) + 1;
> +	VM_BUG_ON_PAGE(PageSlab(page), page);
> +	return atomic_read(&page->_mapcount) + 1;
>   }
>

I think this might theoretically trigger on the following code in 
compaction's isolate_migratepages_block():

/*
   * Migration will fail if an anonymous page is pinned in memory,
   * so avoid taking lru_lock and isolating it unnecessarily in an
   * admittedly racy check.
   */
if (!page_mapping(page) &&
     page_count(page) > page_mapcount(page))
	continue;

This is done after PageLRU() was positive, but the lru_lock might be not 
taken yet. So, there's some time window during which the page might have 
been reclaimed from LRU and become a PageSlab(page). !page_mapping(page) 
will be true in that case so it will proceed with page_mapcount(page) 
test and trigger the VM_BUG_ON.

(That test was added by DavidR year ago in commit 
119d6d59dcc0980dcd581fdadb6b2033b512a473)

Vlastimil





>   static inline int page_count(struct page *page)
>

--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org.  For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>

WARNING: multiple messages have this Message-ID (diff)

From: Vlastimil Babka <vbabka@suse.cz>
To: "Wang, Yalin" <Yalin.Wang@sonymobile.com>,
	"'Hillf Danton'" <hillf.zj@alibaba-inc.com>,
	"'linux-kernel'" <linux-kernel@vger.kernel.org>,
	"'linux-mm@kvack.org'" <linux-mm@kvack.org>,
	"'linux-arm-kernel@lists.infradead.org'" 
	<linux-arm-kernel@lists.infradead.org>,
	"'Andrew Morton'" <akpm@linux-foundation.org>
Cc: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>,
	David Rientjes <rientjes@google.com>
Subject: Re: [PATCH V3] mm:add VM_BUG_ON_PAGE() for page_mapcount()
Date: Tue, 09 Jun 2015 18:14:25 +0200	[thread overview]
Message-ID: <557710E1.6060103@suse.cz> (raw)
In-Reply-To: <35FD53F367049845BC99AC72306C23D103E688B313FA@CNBJMBX05.corpusers.net>

On 12/08/2014 10:59 AM, Wang, Yalin wrote:
> This patch add VM_BUG_ON_PAGE() for slab page,
> because _mapcount is an union with slab struct in struct page,
> avoid access _mapcount if this page is a slab page.
> Also remove the unneeded bracket.
>
> Signed-off-by: Yalin Wang <yalin.wang@sonymobile.com>
> ---
>   include/linux/mm.h | 3 ++-
>   1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/include/linux/mm.h b/include/linux/mm.h
> index b464611..a117527 100644
> --- a/include/linux/mm.h
> +++ b/include/linux/mm.h
> @@ -449,7 +449,8 @@ static inline void page_mapcount_reset(struct page *page)
>
>   static inline int page_mapcount(struct page *page)
>   {
> -	return atomic_read(&(page)->_mapcount) + 1;
> +	VM_BUG_ON_PAGE(PageSlab(page), page);
> +	return atomic_read(&page->_mapcount) + 1;
>   }
>

I think this might theoretically trigger on the following code in 
compaction's isolate_migratepages_block():

/*
   * Migration will fail if an anonymous page is pinned in memory,
   * so avoid taking lru_lock and isolating it unnecessarily in an
   * admittedly racy check.
   */
if (!page_mapping(page) &&
     page_count(page) > page_mapcount(page))
	continue;

This is done after PageLRU() was positive, but the lru_lock might be not 
taken yet. So, there's some time window during which the page might have 
been reclaimed from LRU and become a PageSlab(page). !page_mapping(page) 
will be true in that case so it will proceed with page_mapcount(page) 
test and trigger the VM_BUG_ON.

(That test was added by DavidR year ago in commit 
119d6d59dcc0980dcd581fdadb6b2033b512a473)

Vlastimil





>   static inline int page_count(struct page *page)
>

next prev parent reply	other threads:[~2015-06-09 16:14 UTC|newest]

Thread overview: 20+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-12-08  9:33 [PATCH] mm:add VM_BUG_ON() for page_mapcount() Hillf Danton
2014-12-08  9:33 ` Hillf Danton
2014-12-08  9:51 ` Wang, Yalin
2014-12-08  9:51   ` Wang, Yalin
2014-12-08  9:51   ` Wang, Yalin
2014-12-08  9:58 ` [PATCH V2] " Wang, Yalin
2014-12-08  9:58   ` Wang, Yalin
2014-12-08  9:58   ` Wang, Yalin
2014-12-08  9:59   ` [PATCH V3] mm:add VM_BUG_ON_PAGE() " Wang, Yalin
2014-12-08  9:59     ` Wang, Yalin
2014-12-08  9:59     ` Wang, Yalin
2014-12-08 11:54     ` Kirill A. Shutemov
2014-12-08 11:54       ` Kirill A. Shutemov
2014-12-08 11:54       ` Kirill A. Shutemov
2014-12-09  3:18     ` Hillf Danton
2014-12-09  3:18       ` Hillf Danton
2014-12-09  3:18       ` Hillf Danton
2015-06-09 16:14     ` Vlastimil Babka [this message]
2015-06-09 16:14       ` Vlastimil Babka
2015-06-09 16:14       ` Vlastimil Babka

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=557710E1.6060103@suse.cz \
    --to=vbabka@suse.cz \
    --cc=linux-arm-kernel@lists.infradead.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.