* Re: [PATCH v5] mm/rmap: do not add fully unmapped large folio to deferred split list
[not found] <20240426190253.541419-1-zi.yan@sent.com>
@ 2024-05-01 13:24 ` Alexander Gordeev
2024-05-01 13:38 ` Zi Yan
0 siblings, 1 reply; 5+ messages in thread
From: Alexander Gordeev @ 2024-05-01 13:24 UTC (permalink / raw)
To: Zi Yan, Andrew Morton
Cc: linux-mm, Matthew Wilcox (Oracle), Yang Shi, Ryan Roberts,
Barry Song, David Hildenbrand, Lance Yang, linux-kernel,
linux-s390
On Fri, Apr 26, 2024 at 03:02:53PM -0400, Zi Yan wrote:
Hi Zi,
It increasingly looks like this commit is crashing on s390 since
2024-04-30 in linux-next. If I do not miss something - since it
was included in mm-everything.
> @@ -1553,9 +1558,10 @@ static __always_inline void __folio_remove_rmap(struct folio *folio,
> * page of the folio is unmapped and at least one page
> * is still mapped.
> */
> - if (folio_test_large(folio) && folio_test_anon(folio))
> - if (level == RMAP_LEVEL_PTE || nr < nr_pmdmapped)
> - deferred_split_folio(folio);
> + if (folio_test_anon(folio) &&
> + list_empty(&folio->_deferred_list) &&
An attempt to reference folio->_deferred_list causes the crash below.
> + partially_mapped)
> + deferred_split_folio(folio);
> }
>
> /*
[ 507.227423] Unable to handle kernel pointer dereference in virtual kernel address space
[ 507.227432] Failing address: 000001d689000000 TEID: 000001d689000803
[ 507.227435] Fault in home space mode while using kernel ASCE.
[ 507.227439] AS:0000000180788007 R3:00000001fe2cc007 S:0000000000000020
[ 507.227492] Oops: 0010 ilc:3 [#1] SMP
[ 507.227497] Modules linked in: vmur(E) kvm(E) algif_hash(E) af_alg(E) binfmt_misc(E) nft_fib_inet(E) nft_fib_ipv4(E) nft_fib_ipv6(E) nft_fib(E) nft_reject_inet(E) nf_reject_ipv4(E) nf_reject_ipv6(E) nft_reject(E) nft_ct(E) nft_chain_nat(E) nf_nat(E) nf_conntrack(E) nf_defrag_ipv6(E) nf_defrag_ipv4(E) ip_set(E) nf_tables(E) nfnetlink(E) dm_service_time(E) s390_trng(E) vfio_ccw(E) mdev(E) vfio_iommu_type1(E) vfio(E) sch_fq_codel(E) loop(E) configfs(E) lcs(E) ctcm(E) fsm(E) zfcp(E) scsi_transport_fc(E) ghash_s390(E) prng(E) chacha_s390(E) libchacha(E) aes_s390(E) des_s390(E) libdes(E) sha3_512_s390(E) sha3_256_s390(E) sha512_s390(E) sha256_s390(E) sha1_s390(E) sha_common(E) scsi_dh_rdac(E) scsi_dh_emc(E) scsi_dh_alua(E) pkey(E) zcrypt(E) rng_core(E) dm_multipath(E) autofs4(E)
[ 507.227546] Unloaded tainted modules: dcssblk(E):2 [last unloaded: dcssblk(E)]
[ 507.230569] CPU: 0 PID: 36783 Comm: pahole Tainted: G E 6.9.0-20240430.rc6.git237.d04466706db5.300.fc39.s390x+next #1
[ 507.230574] Hardware name: IBM 3931 A01 703 (z/VM 7.3.0)
[ 507.230576] Krnl PSW : 0704f00180000000 0000025e1092a430 (folio_remove_rmap_ptes+0xe0/0x140)
[ 507.230588] R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:3 CC:3 PM:0 RI:0 EA:3
[ 507.230592] Krnl GPRS: ffffffffffffe377 0000000000000000 0000025e122075b8 0000000000000000
[ 507.230595] ffffffffffffffff 0000025d8f613288 8800000000000000 00000157a38b8700
[ 507.230598] 000000023fffe13f 0000000000000000 000001579ccd75c0 000001d688ffff80
[ 507.230602] 000003ffb9cacf98 000001d688ffff80 0000025e1092a428 000001de11fab878
[ 507.230610] Krnl Code: 0000025e1092a422: c0e500039f47 brasl %r14,0000025e1099e2b0
[ 507.230610] 0000025e1092a428: 9101b01f tm 31(%r11),1
[ 507.230610] #0000025e1092a42c: a784ffb9 brc 8,0000025e1092a39e
[ 507.230610] >0000025e1092a430: e340b0900004 lg %r4,144(%r11)
[ 507.230610] 0000025e1092a436: 4150b090 la %r5,144(%r11)
[ 507.230610] 0000025e1092a43a: ec45ffb26064 cgrj %r4,%r5,6,0000025e1092a39e
[ 507.230610] 0000025e1092a440: a7910001 tmll %r9,1
[ 507.230610] 0000025e1092a444: a784ffad brc 8,0000025e1092a39e
[ 507.230672] Call Trace:
[ 507.230678] [<0000025e1092a430>] folio_remove_rmap_ptes+0xe0/0x140
[ 507.230682] ([<0000025e1092a428>] folio_remove_rmap_ptes+0xd8/0x140)
[ 507.230685] [<0000025e1090d76a>] zap_present_ptes.isra.0+0x222/0x918
[ 507.230689] [<0000025e1090e008>] zap_pte_range+0x1a8/0x4e8
[ 507.230692] [<0000025e1090e58c>] zap_p4d_range+0x244/0x480
[ 507.230695] [<0000025e1090eb22>] unmap_page_range+0xea/0x2c0
[ 507.230698] [<0000025e1090ed92>] unmap_single_vma.isra.0+0x9a/0xf0
[ 507.230701] [<0000025e1090ee9e>] unmap_vmas+0xb6/0x1a0
[ 507.230705] [<0000025e1091e0d4>] exit_mmap+0xc4/0x3d0
[ 507.230709] [<0000025e10675c64>] __mmput+0x54/0x150
[ 507.230714] [<0000025e1067f3ba>] exit_mm+0xca/0x138
[ 507.230717] [<0000025e1067f690>] do_exit+0x268/0x520
[ 507.230721] [<0000025e1067fb38>] do_group_exit+0x40/0xb8
[ 507.230725] [<0000025e1067fc0e>] __s390x_sys_exit_group+0x2e/0x30
[ 507.230729] [<0000025e1136ba4e>] __do_syscall+0x216/0x2d0
[ 507.230736] [<0000025e1137c848>] system_call+0x70/0x98
[ 507.230780] Last Breaking-Event-Address:
[ 507.230783] [<0000025e1099e32a>] __lruvec_stat_mod_folio+0x7a/0xb0
[ 507.230789] Kernel panic - not syncing: Fatal exception: panic_on_oops
00: HCPGIR450W CP entered; disabled wait PSW 00020001 80000000 0000025E 10630B56
Thanks!
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH v5] mm/rmap: do not add fully unmapped large folio to deferred split list
2024-05-01 13:24 ` [PATCH v5] mm/rmap: do not add fully unmapped large folio to deferred split list Alexander Gordeev
@ 2024-05-01 13:38 ` Zi Yan
2024-05-01 15:54 ` David Hildenbrand
2024-05-02 13:18 ` Alexander Gordeev
0 siblings, 2 replies; 5+ messages in thread
From: Zi Yan @ 2024-05-01 13:38 UTC (permalink / raw)
To: Alexander Gordeev
Cc: Andrew Morton, linux-mm, Matthew Wilcox (Oracle), Yang Shi,
Ryan Roberts, Barry Song, David Hildenbrand, Lance Yang,
linux-kernel, linux-s390
[-- Attachment #1: Type: text/plain, Size: 6060 bytes --]
On 1 May 2024, at 9:24, Alexander Gordeev wrote:
> On Fri, Apr 26, 2024 at 03:02:53PM -0400, Zi Yan wrote:
>
> Hi Zi,
>
> It increasingly looks like this commit is crashing on s390 since
> 2024-04-30 in linux-next. If I do not miss something - since it
> was included in mm-everything.
>
>> @@ -1553,9 +1558,10 @@ static __always_inline void __folio_remove_rmap(struct folio *folio,
>> * page of the folio is unmapped and at least one page
>> * is still mapped.
>> */
>> - if (folio_test_large(folio) && folio_test_anon(folio))
>> - if (level == RMAP_LEVEL_PTE || nr < nr_pmdmapped)
>> - deferred_split_folio(folio);
>> + if (folio_test_anon(folio) &&
>> + list_empty(&folio->_deferred_list) &&
>
> An attempt to reference folio->_deferred_list causes the crash below.
So if you remove this line, the crash no longer happens? It looks strange to
me that referencing a anonymous folio's _deferred_list would cause a crash.
Hmm, unless the folio is order-0.
Can you try the patch below and see if it fixes the crash? It moves partially_mapped
ahead to exclude order-0 folios.
diff --git a/mm/rmap.c b/mm/rmap.c
index 087a79f1f611..2d27c92bb6d5 100644
--- a/mm/rmap.c
+++ b/mm/rmap.c
@@ -1557,9 +1557,8 @@ static __always_inline void __folio_remove_rmap(struct folio *folio,
* page of the folio is unmapped and at least one page
* is still mapped.
*/
- if (folio_test_anon(folio) &&
- list_empty(&folio->_deferred_list) &&
- partially_mapped)
+ if (folio_test_anon(folio) && partially_mapped &&
+ list_empty(&folio->_deferred_list))
deferred_split_folio(folio);
}
>
>> + partially_mapped)
>> + deferred_split_folio(folio);
>> }
>>
>> /*
>
> [ 507.227423] Unable to handle kernel pointer dereference in virtual kernel address space
> [ 507.227432] Failing address: 000001d689000000 TEID: 000001d689000803
> [ 507.227435] Fault in home space mode while using kernel ASCE.
> [ 507.227439] AS:0000000180788007 R3:00000001fe2cc007 S:0000000000000020
> [ 507.227492] Oops: 0010 ilc:3 [#1] SMP
> [ 507.227497] Modules linked in: vmur(E) kvm(E) algif_hash(E) af_alg(E) binfmt_misc(E) nft_fib_inet(E) nft_fib_ipv4(E) nft_fib_ipv6(E) nft_fib(E) nft_reject_inet(E) nf_reject_ipv4(E) nf_reject_ipv6(E) nft_reject(E) nft_ct(E) nft_chain_nat(E) nf_nat(E) nf_conntrack(E) nf_defrag_ipv6(E) nf_defrag_ipv4(E) ip_set(E) nf_tables(E) nfnetlink(E) dm_service_time(E) s390_trng(E) vfio_ccw(E) mdev(E) vfio_iommu_type1(E) vfio(E) sch_fq_codel(E) loop(E) configfs(E) lcs(E) ctcm(E) fsm(E) zfcp(E) scsi_transport_fc(E) ghash_s390(E) prng(E) chacha_s390(E) libchacha(E) aes_s390(E) des_s390(E) libdes(E) sha3_512_s390(E) sha3_256_s390(E) sha512_s390(E) sha256_s390(E) sha1_s390(E) sha_common(E) scsi_dh_rdac(E) scsi_dh_emc(E) scsi_dh_alua(E) pkey(E) zcrypt(E) rng_core(E) dm_multipath(E) autofs4(E)
> [ 507.227546] Unloaded tainted modules: dcssblk(E):2 [last unloaded: dcssblk(E)]
> [ 507.230569] CPU: 0 PID: 36783 Comm: pahole Tainted: G E 6.9.0-20240430.rc6.git237.d04466706db5.300.fc39.s390x+next #1
> [ 507.230574] Hardware name: IBM 3931 A01 703 (z/VM 7.3.0)
> [ 507.230576] Krnl PSW : 0704f00180000000 0000025e1092a430 (folio_remove_rmap_ptes+0xe0/0x140)
> [ 507.230588] R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:3 CC:3 PM:0 RI:0 EA:3
> [ 507.230592] Krnl GPRS: ffffffffffffe377 0000000000000000 0000025e122075b8 0000000000000000
> [ 507.230595] ffffffffffffffff 0000025d8f613288 8800000000000000 00000157a38b8700
> [ 507.230598] 000000023fffe13f 0000000000000000 000001579ccd75c0 000001d688ffff80
> [ 507.230602] 000003ffb9cacf98 000001d688ffff80 0000025e1092a428 000001de11fab878
> [ 507.230610] Krnl Code: 0000025e1092a422: c0e500039f47 brasl %r14,0000025e1099e2b0
> [ 507.230610] 0000025e1092a428: 9101b01f tm 31(%r11),1
> [ 507.230610] #0000025e1092a42c: a784ffb9 brc 8,0000025e1092a39e
> [ 507.230610] >0000025e1092a430: e340b0900004 lg %r4,144(%r11)
> [ 507.230610] 0000025e1092a436: 4150b090 la %r5,144(%r11)
> [ 507.230610] 0000025e1092a43a: ec45ffb26064 cgrj %r4,%r5,6,0000025e1092a39e
> [ 507.230610] 0000025e1092a440: a7910001 tmll %r9,1
> [ 507.230610] 0000025e1092a444: a784ffad brc 8,0000025e1092a39e
> [ 507.230672] Call Trace:
> [ 507.230678] [<0000025e1092a430>] folio_remove_rmap_ptes+0xe0/0x140
> [ 507.230682] ([<0000025e1092a428>] folio_remove_rmap_ptes+0xd8/0x140)
> [ 507.230685] [<0000025e1090d76a>] zap_present_ptes.isra.0+0x222/0x918
> [ 507.230689] [<0000025e1090e008>] zap_pte_range+0x1a8/0x4e8
> [ 507.230692] [<0000025e1090e58c>] zap_p4d_range+0x244/0x480
> [ 507.230695] [<0000025e1090eb22>] unmap_page_range+0xea/0x2c0
> [ 507.230698] [<0000025e1090ed92>] unmap_single_vma.isra.0+0x9a/0xf0
> [ 507.230701] [<0000025e1090ee9e>] unmap_vmas+0xb6/0x1a0
> [ 507.230705] [<0000025e1091e0d4>] exit_mmap+0xc4/0x3d0
> [ 507.230709] [<0000025e10675c64>] __mmput+0x54/0x150
> [ 507.230714] [<0000025e1067f3ba>] exit_mm+0xca/0x138
> [ 507.230717] [<0000025e1067f690>] do_exit+0x268/0x520
> [ 507.230721] [<0000025e1067fb38>] do_group_exit+0x40/0xb8
> [ 507.230725] [<0000025e1067fc0e>] __s390x_sys_exit_group+0x2e/0x30
> [ 507.230729] [<0000025e1136ba4e>] __do_syscall+0x216/0x2d0
> [ 507.230736] [<0000025e1137c848>] system_call+0x70/0x98
> [ 507.230780] Last Breaking-Event-Address:
> [ 507.230783] [<0000025e1099e32a>] __lruvec_stat_mod_folio+0x7a/0xb0
> [ 507.230789] Kernel panic - not syncing: Fatal exception: panic_on_oops
> 00: HCPGIR450W CP entered; disabled wait PSW 00020001 80000000 0000025E 10630B56
>
> Thanks!
--
Best Regards,
Yan, Zi
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 854 bytes --]
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH v5] mm/rmap: do not add fully unmapped large folio to deferred split list
2024-05-01 13:38 ` Zi Yan
@ 2024-05-01 15:54 ` David Hildenbrand
2024-05-02 13:18 ` Alexander Gordeev
1 sibling, 0 replies; 5+ messages in thread
From: David Hildenbrand @ 2024-05-01 15:54 UTC (permalink / raw)
To: Zi Yan, Alexander Gordeev
Cc: Andrew Morton, linux-mm, Matthew Wilcox (Oracle), Yang Shi,
Ryan Roberts, Barry Song, Lance Yang, linux-kernel, linux-s390
On 01.05.24 15:38, Zi Yan wrote:
> On 1 May 2024, at 9:24, Alexander Gordeev wrote:
>
>> On Fri, Apr 26, 2024 at 03:02:53PM -0400, Zi Yan wrote:
>>
>> Hi Zi,
>>
>> It increasingly looks like this commit is crashing on s390 since
>> 2024-04-30 in linux-next. If I do not miss something - since it
>> was included in mm-everything.
>>
>>> @@ -1553,9 +1558,10 @@ static __always_inline void __folio_remove_rmap(struct folio *folio,
>>> * page of the folio is unmapped and at least one page
>>> * is still mapped.
>>> */
>>> - if (folio_test_large(folio) && folio_test_anon(folio))
>>> - if (level == RMAP_LEVEL_PTE || nr < nr_pmdmapped)
>>> - deferred_split_folio(folio);
>>> + if (folio_test_anon(folio) &&
>>> + list_empty(&folio->_deferred_list) &&
>>
>> An attempt to reference folio->_deferred_list causes the crash below.
>
> So if you remove this line, the crash no longer happens? It looks strange to
> me that referencing a anonymous folio's _deferred_list would cause a crash.
> Hmm, unless the folio is order-0.
>
> Can you try the patch below and see if it fixes the crash? It moves partially_mapped
> ahead to exclude order-0 folios.
>
> diff --git a/mm/rmap.c b/mm/rmap.c
> index 087a79f1f611..2d27c92bb6d5 100644
> --- a/mm/rmap.c
> +++ b/mm/rmap.c
> @@ -1557,9 +1557,8 @@ static __always_inline void __folio_remove_rmap(struct folio *folio,
> * page of the folio is unmapped and at least one page
> * is still mapped.
> */
> - if (folio_test_anon(folio) &&
> - list_empty(&folio->_deferred_list) &&
> - partially_mapped)
> + if (folio_test_anon(folio) && partially_mapped &&
> + list_empty(&folio->_deferred_list))
> deferred_split_folio(folio);
Yes, that should fix it and is the right thing to do. For small folios,
partially_mapped will always be false.
--
Cheers,
David / dhildenb
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH v5] mm/rmap: do not add fully unmapped large folio to deferred split list
2024-05-01 13:38 ` Zi Yan
2024-05-01 15:54 ` David Hildenbrand
@ 2024-05-02 13:18 ` Alexander Gordeev
2024-05-02 13:20 ` Zi Yan
1 sibling, 1 reply; 5+ messages in thread
From: Alexander Gordeev @ 2024-05-02 13:18 UTC (permalink / raw)
To: Zi Yan
Cc: Andrew Morton, linux-mm, Matthew Wilcox (Oracle), Yang Shi,
Ryan Roberts, Barry Song, David Hildenbrand, Lance Yang,
linux-kernel, linux-s390
On Wed, May 01, 2024 at 09:38:24AM -0400, Zi Yan wrote:
Hi Zi,
> @@ -1557,9 +1557,8 @@ static __always_inline void __folio_remove_rmap(struct folio *folio,
> * page of the folio is unmapped and at least one page
> * is still mapped.
> */
> - if (folio_test_anon(folio) &&
> - list_empty(&folio->_deferred_list) &&
> - partially_mapped)
> + if (folio_test_anon(folio) && partially_mapped &&
> + list_empty(&folio->_deferred_list))
> deferred_split_folio(folio);
> }
That helps.
> Best Regards,
> Yan, Zi
Thanks!
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH v5] mm/rmap: do not add fully unmapped large folio to deferred split list
2024-05-02 13:18 ` Alexander Gordeev
@ 2024-05-02 13:20 ` Zi Yan
0 siblings, 0 replies; 5+ messages in thread
From: Zi Yan @ 2024-05-02 13:20 UTC (permalink / raw)
To: Alexander Gordeev
Cc: Andrew Morton, linux-mm, Matthew Wilcox (Oracle), Yang Shi,
Ryan Roberts, Barry Song, David Hildenbrand, Lance Yang,
linux-kernel, linux-s390
[-- Attachment #1: Type: text/plain, Size: 833 bytes --]
On 2 May 2024, at 9:18, Alexander Gordeev wrote:
> On Wed, May 01, 2024 at 09:38:24AM -0400, Zi Yan wrote:
> Hi Zi,
>> @@ -1557,9 +1557,8 @@ static __always_inline void __folio_remove_rmap(struct folio *folio,
>> * page of the folio is unmapped and at least one page
>> * is still mapped.
>> */
>> - if (folio_test_anon(folio) &&
>> - list_empty(&folio->_deferred_list) &&
>> - partially_mapped)
>> + if (folio_test_anon(folio) && partially_mapped &&
>> + list_empty(&folio->_deferred_list))
>> deferred_split_folio(folio);
>> }
>
> That helps.
>
>> Best Regards,
>> Yan, Zi
>
> Thanks!
Great! I will send a v6.
--
Best Regards,
Yan, Zi
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 854 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2024-05-02 13:20 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <20240426190253.541419-1-zi.yan@sent.com>
2024-05-01 13:24 ` [PATCH v5] mm/rmap: do not add fully unmapped large folio to deferred split list Alexander Gordeev
2024-05-01 13:38 ` Zi Yan
2024-05-01 15:54 ` David Hildenbrand
2024-05-02 13:18 ` Alexander Gordeev
2024-05-02 13:20 ` Zi Yan
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox