* Re: [PATCH v5] mm/rmap: do not add fully unmapped large folio to deferred split list [not found] <20240426190253.541419-1-zi.yan@sent.com> @ 2024-05-01 13:24 ` Alexander Gordeev 2024-05-01 13:38 ` Zi Yan 0 siblings, 1 reply; 5+ messages in thread From: Alexander Gordeev @ 2024-05-01 13:24 UTC (permalink / raw) To: Zi Yan, Andrew Morton Cc: linux-mm, Matthew Wilcox (Oracle), Yang Shi, Ryan Roberts, Barry Song, David Hildenbrand, Lance Yang, linux-kernel, linux-s390 On Fri, Apr 26, 2024 at 03:02:53PM -0400, Zi Yan wrote: Hi Zi, It increasingly looks like this commit is crashing on s390 since 2024-04-30 in linux-next. If I do not miss something - since it was included in mm-everything. > @@ -1553,9 +1558,10 @@ static __always_inline void __folio_remove_rmap(struct folio *folio, > * page of the folio is unmapped and at least one page > * is still mapped. > */ > - if (folio_test_large(folio) && folio_test_anon(folio)) > - if (level == RMAP_LEVEL_PTE || nr < nr_pmdmapped) > - deferred_split_folio(folio); > + if (folio_test_anon(folio) && > + list_empty(&folio->_deferred_list) && An attempt to reference folio->_deferred_list causes the crash below. > + partially_mapped) > + deferred_split_folio(folio); > } > > /* [ 507.227423] Unable to handle kernel pointer dereference in virtual kernel address space [ 507.227432] Failing address: 000001d689000000 TEID: 000001d689000803 [ 507.227435] Fault in home space mode while using kernel ASCE. [ 507.227439] AS:0000000180788007 R3:00000001fe2cc007 S:0000000000000020 [ 507.227492] Oops: 0010 ilc:3 [#1] SMP [ 507.227497] Modules linked in: vmur(E) kvm(E) algif_hash(E) af_alg(E) binfmt_misc(E) nft_fib_inet(E) nft_fib_ipv4(E) nft_fib_ipv6(E) nft_fib(E) nft_reject_inet(E) nf_reject_ipv4(E) nf_reject_ipv6(E) nft_reject(E) nft_ct(E) nft_chain_nat(E) nf_nat(E) nf_conntrack(E) nf_defrag_ipv6(E) nf_defrag_ipv4(E) ip_set(E) nf_tables(E) nfnetlink(E) dm_service_time(E) s390_trng(E) vfio_ccw(E) mdev(E) vfio_iommu_type1(E) vfio(E) sch_fq_codel(E) loop(E) configfs(E) lcs(E) ctcm(E) fsm(E) zfcp(E) scsi_transport_fc(E) ghash_s390(E) prng(E) chacha_s390(E) libchacha(E) aes_s390(E) des_s390(E) libdes(E) sha3_512_s390(E) sha3_256_s390(E) sha512_s390(E) sha256_s390(E) sha1_s390(E) sha_common(E) scsi_dh_rdac(E) scsi_dh_emc(E) scsi_dh_alua(E) pkey(E) zcrypt(E) rng_core(E) dm_multipath(E) autofs4(E) [ 507.227546] Unloaded tainted modules: dcssblk(E):2 [last unloaded: dcssblk(E)] [ 507.230569] CPU: 0 PID: 36783 Comm: pahole Tainted: G E 6.9.0-20240430.rc6.git237.d04466706db5.300.fc39.s390x+next #1 [ 507.230574] Hardware name: IBM 3931 A01 703 (z/VM 7.3.0) [ 507.230576] Krnl PSW : 0704f00180000000 0000025e1092a430 (folio_remove_rmap_ptes+0xe0/0x140) [ 507.230588] R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:3 CC:3 PM:0 RI:0 EA:3 [ 507.230592] Krnl GPRS: ffffffffffffe377 0000000000000000 0000025e122075b8 0000000000000000 [ 507.230595] ffffffffffffffff 0000025d8f613288 8800000000000000 00000157a38b8700 [ 507.230598] 000000023fffe13f 0000000000000000 000001579ccd75c0 000001d688ffff80 [ 507.230602] 000003ffb9cacf98 000001d688ffff80 0000025e1092a428 000001de11fab878 [ 507.230610] Krnl Code: 0000025e1092a422: c0e500039f47 brasl %r14,0000025e1099e2b0 [ 507.230610] 0000025e1092a428: 9101b01f tm 31(%r11),1 [ 507.230610] #0000025e1092a42c: a784ffb9 brc 8,0000025e1092a39e [ 507.230610] >0000025e1092a430: e340b0900004 lg %r4,144(%r11) [ 507.230610] 0000025e1092a436: 4150b090 la %r5,144(%r11) [ 507.230610] 0000025e1092a43a: ec45ffb26064 cgrj %r4,%r5,6,0000025e1092a39e [ 507.230610] 0000025e1092a440: a7910001 tmll %r9,1 [ 507.230610] 0000025e1092a444: a784ffad brc 8,0000025e1092a39e [ 507.230672] Call Trace: [ 507.230678] [<0000025e1092a430>] folio_remove_rmap_ptes+0xe0/0x140 [ 507.230682] ([<0000025e1092a428>] folio_remove_rmap_ptes+0xd8/0x140) [ 507.230685] [<0000025e1090d76a>] zap_present_ptes.isra.0+0x222/0x918 [ 507.230689] [<0000025e1090e008>] zap_pte_range+0x1a8/0x4e8 [ 507.230692] [<0000025e1090e58c>] zap_p4d_range+0x244/0x480 [ 507.230695] [<0000025e1090eb22>] unmap_page_range+0xea/0x2c0 [ 507.230698] [<0000025e1090ed92>] unmap_single_vma.isra.0+0x9a/0xf0 [ 507.230701] [<0000025e1090ee9e>] unmap_vmas+0xb6/0x1a0 [ 507.230705] [<0000025e1091e0d4>] exit_mmap+0xc4/0x3d0 [ 507.230709] [<0000025e10675c64>] __mmput+0x54/0x150 [ 507.230714] [<0000025e1067f3ba>] exit_mm+0xca/0x138 [ 507.230717] [<0000025e1067f690>] do_exit+0x268/0x520 [ 507.230721] [<0000025e1067fb38>] do_group_exit+0x40/0xb8 [ 507.230725] [<0000025e1067fc0e>] __s390x_sys_exit_group+0x2e/0x30 [ 507.230729] [<0000025e1136ba4e>] __do_syscall+0x216/0x2d0 [ 507.230736] [<0000025e1137c848>] system_call+0x70/0x98 [ 507.230780] Last Breaking-Event-Address: [ 507.230783] [<0000025e1099e32a>] __lruvec_stat_mod_folio+0x7a/0xb0 [ 507.230789] Kernel panic - not syncing: Fatal exception: panic_on_oops 00: HCPGIR450W CP entered; disabled wait PSW 00020001 80000000 0000025E 10630B56 Thanks! ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH v5] mm/rmap: do not add fully unmapped large folio to deferred split list 2024-05-01 13:24 ` [PATCH v5] mm/rmap: do not add fully unmapped large folio to deferred split list Alexander Gordeev @ 2024-05-01 13:38 ` Zi Yan 2024-05-01 15:54 ` David Hildenbrand 2024-05-02 13:18 ` Alexander Gordeev 0 siblings, 2 replies; 5+ messages in thread From: Zi Yan @ 2024-05-01 13:38 UTC (permalink / raw) To: Alexander Gordeev Cc: Andrew Morton, linux-mm, Matthew Wilcox (Oracle), Yang Shi, Ryan Roberts, Barry Song, David Hildenbrand, Lance Yang, linux-kernel, linux-s390 [-- Attachment #1: Type: text/plain, Size: 6060 bytes --] On 1 May 2024, at 9:24, Alexander Gordeev wrote: > On Fri, Apr 26, 2024 at 03:02:53PM -0400, Zi Yan wrote: > > Hi Zi, > > It increasingly looks like this commit is crashing on s390 since > 2024-04-30 in linux-next. If I do not miss something - since it > was included in mm-everything. > >> @@ -1553,9 +1558,10 @@ static __always_inline void __folio_remove_rmap(struct folio *folio, >> * page of the folio is unmapped and at least one page >> * is still mapped. >> */ >> - if (folio_test_large(folio) && folio_test_anon(folio)) >> - if (level == RMAP_LEVEL_PTE || nr < nr_pmdmapped) >> - deferred_split_folio(folio); >> + if (folio_test_anon(folio) && >> + list_empty(&folio->_deferred_list) && > > An attempt to reference folio->_deferred_list causes the crash below. So if you remove this line, the crash no longer happens? It looks strange to me that referencing a anonymous folio's _deferred_list would cause a crash. Hmm, unless the folio is order-0. Can you try the patch below and see if it fixes the crash? It moves partially_mapped ahead to exclude order-0 folios. diff --git a/mm/rmap.c b/mm/rmap.c index 087a79f1f611..2d27c92bb6d5 100644 --- a/mm/rmap.c +++ b/mm/rmap.c @@ -1557,9 +1557,8 @@ static __always_inline void __folio_remove_rmap(struct folio *folio, * page of the folio is unmapped and at least one page * is still mapped. */ - if (folio_test_anon(folio) && - list_empty(&folio->_deferred_list) && - partially_mapped) + if (folio_test_anon(folio) && partially_mapped && + list_empty(&folio->_deferred_list)) deferred_split_folio(folio); } > >> + partially_mapped) >> + deferred_split_folio(folio); >> } >> >> /* > > [ 507.227423] Unable to handle kernel pointer dereference in virtual kernel address space > [ 507.227432] Failing address: 000001d689000000 TEID: 000001d689000803 > [ 507.227435] Fault in home space mode while using kernel ASCE. > [ 507.227439] AS:0000000180788007 R3:00000001fe2cc007 S:0000000000000020 > [ 507.227492] Oops: 0010 ilc:3 [#1] SMP > [ 507.227497] Modules linked in: vmur(E) kvm(E) algif_hash(E) af_alg(E) binfmt_misc(E) nft_fib_inet(E) nft_fib_ipv4(E) nft_fib_ipv6(E) nft_fib(E) nft_reject_inet(E) nf_reject_ipv4(E) nf_reject_ipv6(E) nft_reject(E) nft_ct(E) nft_chain_nat(E) nf_nat(E) nf_conntrack(E) nf_defrag_ipv6(E) nf_defrag_ipv4(E) ip_set(E) nf_tables(E) nfnetlink(E) dm_service_time(E) s390_trng(E) vfio_ccw(E) mdev(E) vfio_iommu_type1(E) vfio(E) sch_fq_codel(E) loop(E) configfs(E) lcs(E) ctcm(E) fsm(E) zfcp(E) scsi_transport_fc(E) ghash_s390(E) prng(E) chacha_s390(E) libchacha(E) aes_s390(E) des_s390(E) libdes(E) sha3_512_s390(E) sha3_256_s390(E) sha512_s390(E) sha256_s390(E) sha1_s390(E) sha_common(E) scsi_dh_rdac(E) scsi_dh_emc(E) scsi_dh_alua(E) pkey(E) zcrypt(E) rng_core(E) dm_multipath(E) autofs4(E) > [ 507.227546] Unloaded tainted modules: dcssblk(E):2 [last unloaded: dcssblk(E)] > [ 507.230569] CPU: 0 PID: 36783 Comm: pahole Tainted: G E 6.9.0-20240430.rc6.git237.d04466706db5.300.fc39.s390x+next #1 > [ 507.230574] Hardware name: IBM 3931 A01 703 (z/VM 7.3.0) > [ 507.230576] Krnl PSW : 0704f00180000000 0000025e1092a430 (folio_remove_rmap_ptes+0xe0/0x140) > [ 507.230588] R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:3 CC:3 PM:0 RI:0 EA:3 > [ 507.230592] Krnl GPRS: ffffffffffffe377 0000000000000000 0000025e122075b8 0000000000000000 > [ 507.230595] ffffffffffffffff 0000025d8f613288 8800000000000000 00000157a38b8700 > [ 507.230598] 000000023fffe13f 0000000000000000 000001579ccd75c0 000001d688ffff80 > [ 507.230602] 000003ffb9cacf98 000001d688ffff80 0000025e1092a428 000001de11fab878 > [ 507.230610] Krnl Code: 0000025e1092a422: c0e500039f47 brasl %r14,0000025e1099e2b0 > [ 507.230610] 0000025e1092a428: 9101b01f tm 31(%r11),1 > [ 507.230610] #0000025e1092a42c: a784ffb9 brc 8,0000025e1092a39e > [ 507.230610] >0000025e1092a430: e340b0900004 lg %r4,144(%r11) > [ 507.230610] 0000025e1092a436: 4150b090 la %r5,144(%r11) > [ 507.230610] 0000025e1092a43a: ec45ffb26064 cgrj %r4,%r5,6,0000025e1092a39e > [ 507.230610] 0000025e1092a440: a7910001 tmll %r9,1 > [ 507.230610] 0000025e1092a444: a784ffad brc 8,0000025e1092a39e > [ 507.230672] Call Trace: > [ 507.230678] [<0000025e1092a430>] folio_remove_rmap_ptes+0xe0/0x140 > [ 507.230682] ([<0000025e1092a428>] folio_remove_rmap_ptes+0xd8/0x140) > [ 507.230685] [<0000025e1090d76a>] zap_present_ptes.isra.0+0x222/0x918 > [ 507.230689] [<0000025e1090e008>] zap_pte_range+0x1a8/0x4e8 > [ 507.230692] [<0000025e1090e58c>] zap_p4d_range+0x244/0x480 > [ 507.230695] [<0000025e1090eb22>] unmap_page_range+0xea/0x2c0 > [ 507.230698] [<0000025e1090ed92>] unmap_single_vma.isra.0+0x9a/0xf0 > [ 507.230701] [<0000025e1090ee9e>] unmap_vmas+0xb6/0x1a0 > [ 507.230705] [<0000025e1091e0d4>] exit_mmap+0xc4/0x3d0 > [ 507.230709] [<0000025e10675c64>] __mmput+0x54/0x150 > [ 507.230714] [<0000025e1067f3ba>] exit_mm+0xca/0x138 > [ 507.230717] [<0000025e1067f690>] do_exit+0x268/0x520 > [ 507.230721] [<0000025e1067fb38>] do_group_exit+0x40/0xb8 > [ 507.230725] [<0000025e1067fc0e>] __s390x_sys_exit_group+0x2e/0x30 > [ 507.230729] [<0000025e1136ba4e>] __do_syscall+0x216/0x2d0 > [ 507.230736] [<0000025e1137c848>] system_call+0x70/0x98 > [ 507.230780] Last Breaking-Event-Address: > [ 507.230783] [<0000025e1099e32a>] __lruvec_stat_mod_folio+0x7a/0xb0 > [ 507.230789] Kernel panic - not syncing: Fatal exception: panic_on_oops > 00: HCPGIR450W CP entered; disabled wait PSW 00020001 80000000 0000025E 10630B56 > > Thanks! -- Best Regards, Yan, Zi [-- Attachment #2: OpenPGP digital signature --] [-- Type: application/pgp-signature, Size: 854 bytes --] ^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH v5] mm/rmap: do not add fully unmapped large folio to deferred split list 2024-05-01 13:38 ` Zi Yan @ 2024-05-01 15:54 ` David Hildenbrand 2024-05-02 13:18 ` Alexander Gordeev 1 sibling, 0 replies; 5+ messages in thread From: David Hildenbrand @ 2024-05-01 15:54 UTC (permalink / raw) To: Zi Yan, Alexander Gordeev Cc: Andrew Morton, linux-mm, Matthew Wilcox (Oracle), Yang Shi, Ryan Roberts, Barry Song, Lance Yang, linux-kernel, linux-s390 On 01.05.24 15:38, Zi Yan wrote: > On 1 May 2024, at 9:24, Alexander Gordeev wrote: > >> On Fri, Apr 26, 2024 at 03:02:53PM -0400, Zi Yan wrote: >> >> Hi Zi, >> >> It increasingly looks like this commit is crashing on s390 since >> 2024-04-30 in linux-next. If I do not miss something - since it >> was included in mm-everything. >> >>> @@ -1553,9 +1558,10 @@ static __always_inline void __folio_remove_rmap(struct folio *folio, >>> * page of the folio is unmapped and at least one page >>> * is still mapped. >>> */ >>> - if (folio_test_large(folio) && folio_test_anon(folio)) >>> - if (level == RMAP_LEVEL_PTE || nr < nr_pmdmapped) >>> - deferred_split_folio(folio); >>> + if (folio_test_anon(folio) && >>> + list_empty(&folio->_deferred_list) && >> >> An attempt to reference folio->_deferred_list causes the crash below. > > So if you remove this line, the crash no longer happens? It looks strange to > me that referencing a anonymous folio's _deferred_list would cause a crash. > Hmm, unless the folio is order-0. > > Can you try the patch below and see if it fixes the crash? It moves partially_mapped > ahead to exclude order-0 folios. > > diff --git a/mm/rmap.c b/mm/rmap.c > index 087a79f1f611..2d27c92bb6d5 100644 > --- a/mm/rmap.c > +++ b/mm/rmap.c > @@ -1557,9 +1557,8 @@ static __always_inline void __folio_remove_rmap(struct folio *folio, > * page of the folio is unmapped and at least one page > * is still mapped. > */ > - if (folio_test_anon(folio) && > - list_empty(&folio->_deferred_list) && > - partially_mapped) > + if (folio_test_anon(folio) && partially_mapped && > + list_empty(&folio->_deferred_list)) > deferred_split_folio(folio); Yes, that should fix it and is the right thing to do. For small folios, partially_mapped will always be false. -- Cheers, David / dhildenb ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH v5] mm/rmap: do not add fully unmapped large folio to deferred split list 2024-05-01 13:38 ` Zi Yan 2024-05-01 15:54 ` David Hildenbrand @ 2024-05-02 13:18 ` Alexander Gordeev 2024-05-02 13:20 ` Zi Yan 1 sibling, 1 reply; 5+ messages in thread From: Alexander Gordeev @ 2024-05-02 13:18 UTC (permalink / raw) To: Zi Yan Cc: Andrew Morton, linux-mm, Matthew Wilcox (Oracle), Yang Shi, Ryan Roberts, Barry Song, David Hildenbrand, Lance Yang, linux-kernel, linux-s390 On Wed, May 01, 2024 at 09:38:24AM -0400, Zi Yan wrote: Hi Zi, > @@ -1557,9 +1557,8 @@ static __always_inline void __folio_remove_rmap(struct folio *folio, > * page of the folio is unmapped and at least one page > * is still mapped. > */ > - if (folio_test_anon(folio) && > - list_empty(&folio->_deferred_list) && > - partially_mapped) > + if (folio_test_anon(folio) && partially_mapped && > + list_empty(&folio->_deferred_list)) > deferred_split_folio(folio); > } That helps. > Best Regards, > Yan, Zi Thanks! ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH v5] mm/rmap: do not add fully unmapped large folio to deferred split list 2024-05-02 13:18 ` Alexander Gordeev @ 2024-05-02 13:20 ` Zi Yan 0 siblings, 0 replies; 5+ messages in thread From: Zi Yan @ 2024-05-02 13:20 UTC (permalink / raw) To: Alexander Gordeev Cc: Andrew Morton, linux-mm, Matthew Wilcox (Oracle), Yang Shi, Ryan Roberts, Barry Song, David Hildenbrand, Lance Yang, linux-kernel, linux-s390 [-- Attachment #1: Type: text/plain, Size: 833 bytes --] On 2 May 2024, at 9:18, Alexander Gordeev wrote: > On Wed, May 01, 2024 at 09:38:24AM -0400, Zi Yan wrote: > Hi Zi, >> @@ -1557,9 +1557,8 @@ static __always_inline void __folio_remove_rmap(struct folio *folio, >> * page of the folio is unmapped and at least one page >> * is still mapped. >> */ >> - if (folio_test_anon(folio) && >> - list_empty(&folio->_deferred_list) && >> - partially_mapped) >> + if (folio_test_anon(folio) && partially_mapped && >> + list_empty(&folio->_deferred_list)) >> deferred_split_folio(folio); >> } > > That helps. > >> Best Regards, >> Yan, Zi > > Thanks! Great! I will send a v6. -- Best Regards, Yan, Zi [-- Attachment #2: OpenPGP digital signature --] [-- Type: application/pgp-signature, Size: 854 bytes --] ^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2024-05-02 13:20 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <20240426190253.541419-1-zi.yan@sent.com>
2024-05-01 13:24 ` [PATCH v5] mm/rmap: do not add fully unmapped large folio to deferred split list Alexander Gordeev
2024-05-01 13:38 ` Zi Yan
2024-05-01 15:54 ` David Hildenbrand
2024-05-02 13:18 ` Alexander Gordeev
2024-05-02 13:20 ` Zi Yan
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox