[PATCH 6.1 22/86] mm/page_alloc: fix pcp->count race between drain_pages_zone() vs __rmqueue_pcplist()

Archive-only list for patches
 help / color / mirror / Atom feed

From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: stable@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	patches@lists.linux.dev, Li Zhijian <lizhijian@fujitsu.com>,
	Yao Xingtao <yaoxt.fnst@fujitsu.com>,
	Vlastimil Babka <vbabka@suse.cz>,
	David Hildenbrand <david@redhat.com>,
	Andrew Morton <akpm@linux-foundation.org>,
	Sasha Levin <sashal@kernel.org>
Subject: [PATCH 6.1 22/86] mm/page_alloc: fix pcp->count race between drain_pages_zone() vs __rmqueue_pcplist()
Date: Wed,  7 Aug 2024 17:00:01 +0200	[thread overview]
Message-ID: <20240807150039.969311524@linuxfoundation.org> (raw)
In-Reply-To: <20240807150039.247123516@linuxfoundation.org>

6.1-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Li Zhijian <lizhijian@fujitsu.com>

[ Upstream commit 66eca1021a42856d6af2a9802c99e160278aed91 ]

It's expected that no page should be left in pcp_list after calling
zone_pcp_disable() in offline_pages().  Previously, it's observed that
offline_pages() gets stuck [1] due to some pages remaining in pcp_list.

Cause:
There is a race condition between drain_pages_zone() and __rmqueue_pcplist()
involving the pcp->count variable. See below scenario:

         CPU0                              CPU1
    ----------------                    ---------------
                                      spin_lock(&pcp->lock);
                                      __rmqueue_pcplist() {
zone_pcp_disable() {
                                        /* list is empty */
                                        if (list_empty(list)) {
                                          /* add pages to pcp_list */
                                          alloced = rmqueue_bulk()
  mutex_lock(&pcp_batch_high_lock)
  ...
  __drain_all_pages() {
    drain_pages_zone() {
      /* read pcp->count, it's 0 here */
      count = READ_ONCE(pcp->count)
      /* 0 means nothing to drain */
                                          /* update pcp->count */
                                          pcp->count += alloced << order;
      ...
                                      ...
                                      spin_unlock(&pcp->lock);

In this case, after calling zone_pcp_disable() though, there are still some
pages in pcp_list. And these pages in pcp_list are neither movable nor
isolated, offline_pages() gets stuck as a result.

Solution:
Expand the scope of the pcp->lock to also protect pcp->count in
drain_pages_zone(), to ensure no pages are left in the pcp list after
zone_pcp_disable()

[1] https://lore.kernel.org/linux-mm/6a07125f-e720-404c-b2f9-e55f3f166e85@fujitsu.com/

Link: https://lkml.kernel.org/r/20240723064428.1179519-1-lizhijian@fujitsu.com
Fixes: 4b23a68f9536 ("mm/page_alloc: protect PCP lists with a spinlock")
Signed-off-by: Li Zhijian <lizhijian@fujitsu.com>
Reported-by: Yao Xingtao <yaoxt.fnst@fujitsu.com>
Reviewed-by: Vlastimil Babka <vbabka@suse.cz>
Cc: David Hildenbrand <david@redhat.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 mm/page_alloc.c | 18 +++++++++++-------
 1 file changed, 11 insertions(+), 7 deletions(-)

diff --git a/mm/page_alloc.c b/mm/page_alloc.c
index 4029d13636ece..a905b850d31c4 100644
--- a/mm/page_alloc.c
+++ b/mm/page_alloc.c
@@ -3177,16 +3177,20 @@ void drain_zone_pages(struct zone *zone, struct per_cpu_pages *pcp)
 static void drain_pages_zone(unsigned int cpu, struct zone *zone)
 {
 	struct per_cpu_pages *pcp = per_cpu_ptr(zone->per_cpu_pageset, cpu);
-	int count = READ_ONCE(pcp->count);
-
-	while (count) {
-		int to_drain = min(count, pcp->batch << CONFIG_PCP_BATCH_SCALE_MAX);
-		count -= to_drain;
+	int count;
 
+	do {
 		spin_lock(&pcp->lock);
-		free_pcppages_bulk(zone, to_drain, pcp, 0);
+		count = pcp->count;
+		if (count) {
+			int to_drain = min(count,
+				pcp->batch << CONFIG_PCP_BATCH_SCALE_MAX);
+
+			free_pcppages_bulk(zone, to_drain, pcp, 0);
+			count -= to_drain;
+		}
 		spin_unlock(&pcp->lock);
-	}
+	} while (count);
 }
 
 /*
-- 
2.43.0

next prev parent reply	other threads:[~2024-08-07 15:14 UTC|newest]

Thread overview: 98+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-08-07 14:59 [PATCH 6.1 00/86] 6.1.104-rc1 review Greg Kroah-Hartman
2024-08-07 14:59 ` [PATCH 6.1 01/86] arm64: dts: qcom: msm8998: switch USB QMP PHY to new style of bindings Greg Kroah-Hartman
2024-08-07 14:59 ` [PATCH 6.1 02/86] arm64: dts: qcom: msm8998: Disable SS instance in Parkmode for USB Greg Kroah-Hartman
2024-08-07 14:59 ` [PATCH 6.1 03/86] arm64: dts: qcom: ipq8074: " Greg Kroah-Hartman
2024-08-07 14:59 ` [PATCH 6.1 04/86] sysctl: allow change system v ipc sysctls inside ipc namespace Greg Kroah-Hartman
2024-08-07 14:59 ` [PATCH 6.1 05/86] sysctl: allow to change limits for posix messages queues Greg Kroah-Hartman
2024-08-07 14:59 ` [PATCH 6.1 06/86] sysctl: treewide: drop unused argument ctl_table_root::set_ownership(table) Greg Kroah-Hartman
2024-08-07 14:59 ` [PATCH 6.1 07/86] sysctl: always initialize i_uid/i_gid Greg Kroah-Hartman
2024-08-07 14:59 ` [PATCH 6.1 08/86] ext4: make ext4_es_insert_extent() return void Greg Kroah-Hartman
2024-08-07 14:59 ` [PATCH 6.1 09/86] ext4: refactor ext4_da_map_blocks() Greg Kroah-Hartman
2024-08-07 14:59 ` [PATCH 6.1 10/86] ext4: convert to exclusive lock while inserting delalloc extents Greg Kroah-Hartman
2024-08-07 14:59 ` [PATCH 6.1 11/86] ext4: factor out a common helper to query extent map Greg Kroah-Hartman
2024-08-07 14:59 ` [PATCH 6.1 12/86] ext4: check the extent status again before inserting delalloc block Greg Kroah-Hartman
2024-08-07 14:59 ` [PATCH 6.1 13/86] cpufreq: qcom-nvmem: Convert to platform remove callback returning void Greg Kroah-Hartman
2024-08-07 14:59 ` [PATCH 6.1 14/86] cpufreq: qcom-nvmem: Simplify driver data allocation Greg Kroah-Hartman
2024-08-07 14:59 ` [PATCH 6.1 15/86] cpufreq: qcom-nvmem: fix memory leaks in probe error paths Greg Kroah-Hartman
2024-08-07 14:59 ` [PATCH 6.1 16/86] leds: trigger: Remove unused function led_trigger_rename_static() Greg Kroah-Hartman
2024-08-07 14:59 ` [PATCH 6.1 17/86] leds: trigger: Store brightness set by led_trigger_event() Greg Kroah-Hartman
2024-08-07 14:59 ` [PATCH 6.1 18/86] leds: trigger: Call synchronize_rcu() before calling trig->activate() Greg Kroah-Hartman
2024-08-07 14:59 ` [PATCH 6.1 19/86] leds: triggers: Flush pending brightness before activating trigger Greg Kroah-Hartman
2024-08-07 14:59 ` [PATCH 6.1 20/86] mm: restrict the pcp batch scale factor to avoid too long latency Greg Kroah-Hartman
2024-08-07 15:00 ` [PATCH 6.1 21/86] mm: page_alloc: control latency caused by zone PCP draining Greg Kroah-Hartman
2024-08-07 15:00 ` Greg Kroah-Hartman [this message]
2024-08-07 15:00 ` [PATCH 6.1 23/86] f2fs: fix to avoid use SSR allocate when do defragment Greg Kroah-Hartman
2024-08-07 15:00 ` [PATCH 6.1 24/86] f2fs: assign CURSEG_ALL_DATA_ATGC if blkaddr is valid Greg Kroah-Hartman
2024-08-07 15:00 ` [PATCH 6.1 25/86] irqdomain: Use return value of strreplace() Greg Kroah-Hartman
2024-08-07 15:00 ` [PATCH 6.1 26/86] irqdomain: Fixed unbalanced fwnode get and put Greg Kroah-Hartman
2024-08-07 15:00 ` [PATCH 6.1 27/86] drm/udl: Rename struct udl_drm_connector to struct udl_connector Greg Kroah-Hartman
2024-08-07 15:00 ` [PATCH 6.1 28/86] drm/udl: Test pixel limit in mode-configs mode-valid function Greg Kroah-Hartman
2024-08-07 15:00 ` [PATCH 6.1 29/86] drm/udl: Use USB timeout constant when reading EDID Greg Kroah-Hartman
2024-08-07 15:00 ` [PATCH 6.1 30/86] drm/udl: Various improvements to the connector Greg Kroah-Hartman
2024-08-07 15:00 ` [PATCH 6.1 31/86] drm/udl: Move connector to modesetting code Greg Kroah-Hartman
2024-08-07 15:00 ` [PATCH 6.1 32/86] drm/udl: Remove DRM_CONNECTOR_POLL_HPD Greg Kroah-Hartman
2024-08-07 15:00 ` [PATCH 6.1 33/86] drm/i915/dp: Dont switch the LTTPR mode on an active link Greg Kroah-Hartman
2024-08-07 15:00 ` [PATCH 6.1 34/86] MIPS: Loongson64: DTS: Add RTC support to Loongson-2K1000 Greg Kroah-Hartman
2024-08-07 15:00 ` [PATCH 6.1 35/86] MIPS: Loongson64: DTS: Fix PCIe port nodes for ls7a Greg Kroah-Hartman
2024-08-07 15:00 ` [PATCH 6.1 36/86] MIPS: dts: loongson: Fix liointc IRQ polarity Greg Kroah-Hartman
2024-08-07 15:00 ` [PATCH 6.1 37/86] MIPS: dts: loongson: Fix ls2k1000-rtc interrupt Greg Kroah-Hartman
2024-08-07 15:00 ` [PATCH 6.1 38/86] HID: amd_sfh: Remove duplicate cleanup Greg Kroah-Hartman
2024-08-07 15:00 ` [PATCH 6.1 39/86] HID: amd_sfh: Split sensor and HID initialization Greg Kroah-Hartman
2024-08-07 15:00 ` [PATCH 6.1 40/86] HID: amd_sfh: Move sensor discovery before HID device initialization Greg Kroah-Hartman
2024-08-07 15:00 ` [PATCH 6.1 41/86] drm/nouveau: prime: fix refcount underflow Greg Kroah-Hartman
2024-08-07 15:00 ` [PATCH 6.1 42/86] drm/vmwgfx: Fix overlay when using Screen Targets Greg Kroah-Hartman
2024-08-07 15:00 ` [PATCH 6.1 43/86] drm/vmwgfx: Trigger a modeset when the screen moves Greg Kroah-Hartman
2024-08-07 15:00 ` [PATCH 6.1 44/86] sched: act_ct: take care of padding in struct zones_ht_key Greg Kroah-Hartman
2024-08-07 15:00 ` [PATCH 6.1 45/86] ALSA: hda: conexant: Reduce CONFIG_PM dependencies Greg Kroah-Hartman
2024-08-07 15:00 ` [PATCH 6.1 46/86] ALSA: hda: conexant: Fix headset auto detect fail in the polling mode Greg Kroah-Hartman
2024-08-07 15:00 ` [PATCH 6.1 47/86] Bluetooth: hci_sync: Fix suspending with wrong filter policy Greg Kroah-Hartman
2024-08-07 15:00 ` [PATCH 6.1 48/86] net: axienet: start napi before enabling Rx/Tx Greg Kroah-Hartman
2024-08-07 15:00 ` [PATCH 6.1 49/86] rtnetlink: Dont ignore IFLA_TARGET_NETNSID when ifname is specified in rtnl_dellink() Greg Kroah-Hartman
2024-08-07 15:00 ` [PATCH 6.1 50/86] ice: respect netif readiness in AF_XDP ZC related ndos Greg Kroah-Hartman
2024-08-07 15:00 ` [PATCH 6.1 51/86] ice: dont busy wait for Rx queue disable in ice_qp_dis() Greg Kroah-Hartman
2024-08-07 15:00 ` [PATCH 6.1 52/86] ice: replace synchronize_rcu with synchronize_net Greg Kroah-Hartman
2024-08-07 15:00 ` [PATCH 6.1 53/86] ice: add missing WRITE_ONCE when clearing ice_rx_ring::xdp_prog Greg Kroah-Hartman
2024-08-07 15:00 ` [PATCH 6.1 54/86] net/iucv: fix use after free in iucv_sock_close() Greg Kroah-Hartman
2024-08-07 15:00 ` [PATCH 6.1 55/86] drm/i915/hdcp: Fix HDCP2_STREAM_STATUS macro Greg Kroah-Hartman
2024-08-07 15:00 ` [PATCH 6.1 56/86] net: mvpp2: Dont re-use loop iterator Greg Kroah-Hartman
2024-08-07 15:00 ` [PATCH 6.1 57/86] ALSA: hda: Conditionally use snooping for AMD HDMI Greg Kroah-Hartman
2024-08-07 15:00 ` [PATCH 6.1 58/86] netfilter: iptables: Fix null-ptr-deref in iptable_nat_table_init() Greg Kroah-Hartman
2024-08-07 15:00 ` [PATCH 6.1 59/86] netfilter: iptables: Fix potential null-ptr-deref in ip6table_nat_table_init() Greg Kroah-Hartman
2024-08-07 15:00 ` [PATCH 6.1 60/86] net/mlx5: Lag, dont use the hardcoded value of the first port Greg Kroah-Hartman
2024-08-07 15:00 ` [PATCH 6.1 61/86] net/mlx5: Fix missing lock on sync reset reload Greg Kroah-Hartman
2024-08-07 15:00 ` [PATCH 6.1 62/86] net/mlx5e: Add a check for the return value from mlx5_port_set_eth_ptys Greg Kroah-Hartman
2024-08-07 15:00 ` [PATCH 6.1 63/86] ipv6: fix ndisc_is_useropt() handling for PIO Greg Kroah-Hartman
2024-08-07 15:00 ` [PATCH 6.1 64/86] riscv/mm: Add handling for VM_FAULT_SIGSEGV in mm_fault_error() Greg Kroah-Hartman
2024-08-07 15:00 ` [PATCH 6.1 65/86] arm64: jump_label: Ensure patched jump_labels are visible to all CPUs Greg Kroah-Hartman
2024-08-07 15:00 ` [PATCH 6.1 66/86] rust: SHADOW_CALL_STACK is incompatible with Rust Greg Kroah-Hartman
2024-08-07 15:00 ` [PATCH 6.1 67/86] platform/chrome: cros_ec_proto: Lock device when updating MKBP version Greg Kroah-Hartman
2024-08-07 15:00 ` [PATCH 6.1 68/86] HID: wacom: Modify pen IDs Greg Kroah-Hartman
2024-08-07 15:00 ` [PATCH 6.1 69/86] btrfs: zoned: fix zone_unusable accounting on making block group read-write again Greg Kroah-Hartman
2024-08-07 15:00 ` [PATCH 6.1 70/86] protect the fetch of ->fd[fd] in do_dup2() from mispredictions Greg Kroah-Hartman
2024-08-07 15:00 ` [PATCH 6.1 71/86] mptcp: sched: check both directions for backup Greg Kroah-Hartman
2024-08-07 15:00 ` [PATCH 6.1 72/86] ALSA: usb-audio: Correct surround channels in UAC1 channel map Greg Kroah-Hartman
2024-08-07 15:00 ` [PATCH 6.1 73/86] ALSA: hda/realtek: Add quirk for Acer Aspire E5-574G Greg Kroah-Hartman
2024-08-07 15:00 ` [PATCH 6.1 74/86] Revert "ALSA: firewire-lib: obsolete workqueue for period update" Greg Kroah-Hartman
2024-08-07 15:00 ` [PATCH 6.1 75/86] Revert "ALSA: firewire-lib: operate for period elapse event in process context" Greg Kroah-Hartman
2024-08-07 15:00 ` [PATCH 6.1 76/86] drm/vmwgfx: Fix a deadlock in dma buf fence polling Greg Kroah-Hartman
2024-08-07 15:00 ` [PATCH 6.1 77/86] drm/i915: Fix possible int overflow in skl_ddi_calculate_wrpll() Greg Kroah-Hartman
2024-08-07 15:00 ` [PATCH 6.1 78/86] net: usb: sr9700: fix uninitialized variable use in sr_mdio_read Greg Kroah-Hartman
2024-08-07 15:00 ` [PATCH 6.1 79/86] r8169: dont increment tx_dropped in case of NETDEV_TX_BUSY Greg Kroah-Hartman
2024-08-07 15:00 ` [PATCH 6.1 80/86] mptcp: fix user-space PM announced address accounting Greg Kroah-Hartman
2024-08-07 15:01 ` [PATCH 6.1 81/86] mptcp: distinguish rcv vs sent backup flag in requests Greg Kroah-Hartman
2024-08-07 15:01 ` [PATCH 6.1 82/86] mptcp: fix NL PM announced address accounting Greg Kroah-Hartman
2024-08-07 15:01 ` [PATCH 6.1 83/86] mptcp: fix bad RCVPRUNED mib accounting Greg Kroah-Hartman
2024-08-07 15:01 ` [PATCH 6.1 84/86] mptcp: pm: only set request_bkup flag when sending MP_PRIO Greg Kroah-Hartman
2024-08-07 15:01 ` [PATCH 6.1 85/86] mptcp: fix duplicate data handling Greg Kroah-Hartman
2024-08-07 15:01 ` [PATCH 6.1 86/86] selftests: mptcp: always close inputs FD if opened Greg Kroah-Hartman
2024-08-07 17:32 ` [PATCH 6.1 00/86] 6.1.104-rc1 review Pavel Machek
2024-08-07 17:42 ` Mark Brown
2024-08-07 18:22 ` Anders Roxell
2024-08-07 20:35 ` Salvatore Bonaccorso
2024-08-11 10:09   ` Greg Kroah-Hartman
2024-08-11 15:03     ` Salvatore Bonaccorso
2024-08-11 15:40       ` Greg Kroah-Hartman
2024-08-12 17:49         ` Salvatore Bonaccorso
2024-08-13  6:08           ` Greg Kroah-Hartman
2024-08-07 21:10 ` Florian Fainelli
2024-08-07 21:39 ` Shuah Khan

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:4029d13636ec dfblob:a905b850d31c )
 OR (
bs:"[PATCH 6.1 22/86] mm/page_alloc: fix pcp->count race between drain_pages_zone() vs __rmqueue_pcplist()" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20240807150039.969311524@linuxfoundation.org \
    --to=gregkh@linuxfoundation.org \
    --cc=akpm@linux-foundation.org \
    --cc=david@redhat.com \
    --cc=lizhijian@fujitsu.com \
    --cc=patches@lists.linux.dev \
    --cc=sashal@kernel.org \
    --cc=stable@vger.kernel.org \
    --cc=vbabka@suse.cz \
    --cc=yaoxt.fnst@fujitsu.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox