* [syzbot] [mm?] WARNING in move_to_new_folio
@ 2025-04-13 0:03 syzbot
2025-04-13 6:24 ` syzbot
` (2 more replies)
0 siblings, 3 replies; 10+ messages in thread
From: syzbot @ 2025-04-13 0:03 UTC (permalink / raw)
To: akpm, linux-kernel, linux-mm, syzkaller-bugs
Hello,
syzbot found the following issue on:
HEAD commit: 01c6df60d5d4 Add linux-next specific files for 20250411
git tree: linux-next
console output: https://syzkaller.appspot.com/x/log.txt?x=107b77e4580000
kernel config: https://syzkaller.appspot.com/x/.config?x=db03cefa26ecf825
dashboard link: https://syzkaller.appspot.com/bug?extid=8bb6fd945af4e0ad9299
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/928246b3f3d5/disk-01c6df60.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/79a68c4e1134/vmlinux-01c6df60.xz
kernel image: https://storage.googleapis.com/syzbot-assets/9caf8c293819/bzImage-01c6df60.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+8bb6fd945af4e0ad9299@syzkaller.appspotmail.com
------------[ cut here ]------------
jfs_metapage_aops does not implement migrate_folio
WARNING: CPU: 0 PID: 6870 at mm/migrate.c:955 fallback_migrate_folio mm/migrate.c:953 [inline]
WARNING: CPU: 0 PID: 6870 at mm/migrate.c:955 move_to_new_folio+0x70e/0x840 mm/migrate.c:1007
Modules linked in:
CPU: 0 UID: 0 PID: 6870 Comm: syz.3.196 Not tainted 6.15.0-rc1-next-20250411-syzkaller #0 PREEMPT(full)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
RIP: 0010:fallback_migrate_folio mm/migrate.c:953 [inline]
RIP: 0010:move_to_new_folio+0x70e/0x840 mm/migrate.c:1007
Code: b8 00 00 00 00 00 fc ff df 41 80 7c 05 00 00 74 08 4c 89 e7 e8 73 2d fe ff 49 8b 34 24 48 c7 c7 00 8b 57 8c e8 d3 0b 53 ff 90 <0f> 0b 90 90 e9 0a fd ff ff e8 74 f6 93 ff 90 0f 0b 90 eb a7 e8 69
RSP: 0018:ffffc900045aeb30 EFLAGS: 00010246
RAX: d74fd979f2566d00 RBX: 0000000000000000 RCX: 0000000000080000
RDX: ffffc9000e489000 RSI: 000000000007ffff RDI: 0000000000080000
RBP: ffffea0000c98800 R08: ffffffff81829232 R09: 1ffff110170c4852
R10: dffffc0000000000 R11: ffffed10170c4853 R12: ffff8880612710a8
R13: 1ffff1100c24e215 R14: ffffffff8c839248 R15: ffff888061270f88
FS: 00007f855ea5e6c0(0000) GS:ffff888124f80000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000008 CR3: 000000003477c000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
migrate_folio_move mm/migrate.c:1312 [inline]
migrate_folios_move mm/migrate.c:1664 [inline]
migrate_pages_batch+0x1e86/0x30b0 mm/migrate.c:1911
migrate_pages_sync mm/migrate.c:1968 [inline]
migrate_pages+0x24f8/0x3470 mm/migrate.c:2050
compact_zone+0x365d/0x4dd0 mm/compaction.c:2689
compact_node mm/compaction.c:2958 [inline]
compact_nodes mm/compaction.c:2980 [inline]
sysctl_compaction_handler+0x498/0x9a0 mm/compaction.c:3031
proc_sys_call_handler+0x54b/0x820 fs/proc/proc_sysctl.c:601
iter_file_splice_write+0xbdf/0x1530 fs/splice.c:738
do_splice_from fs/splice.c:935 [inline]
direct_splice_actor+0x11b/0x220 fs/splice.c:1158
splice_direct_to_actor+0x595/0xc90 fs/splice.c:1102
do_splice_direct_actor fs/splice.c:1201 [inline]
do_splice_direct+0x281/0x3d0 fs/splice.c:1227
do_sendfile+0x582/0x8d0 fs/read_write.c:1368
__do_sys_sendfile64 fs/read_write.c:1423 [inline]
__se_sys_sendfile64+0x102/0x1e0 fs/read_write.c:1415
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xf3/0x230 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f855db8d169
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f855ea5e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
RAX: ffffffffffffffda RBX: 00007f855dda6080 RCX: 00007f855db8d169
RDX: 00002000000000c0 RSI: 0000000000000006 RDI: 0000000000000007
RBP: 00007f855dc0e990 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000009 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f855dda6080 R15: 00007ffe70b954f8
</TASK>
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
^ permalink raw reply [flat|nested] 10+ messages in thread* Re: [syzbot] [mm?] WARNING in move_to_new_folio 2025-04-13 0:03 [syzbot] [mm?] WARNING in move_to_new_folio syzbot @ 2025-04-13 6:24 ` syzbot 2025-04-13 21:44 ` syzbot 2025-04-15 4:33 ` [syzbot] " syzbot 2 siblings, 0 replies; 10+ messages in thread From: syzbot @ 2025-04-13 6:24 UTC (permalink / raw) To: akpm, linux-kernel, linux-mm, syzkaller-bugs syzbot has found a reproducer for the following issue on: HEAD commit: 01c6df60d5d4 Add linux-next specific files for 20250411 git tree: linux-next console+strace: https://syzkaller.appspot.com/x/log.txt?x=111db870580000 kernel config: https://syzkaller.appspot.com/x/.config?x=db03cefa26ecf825 dashboard link: https://syzkaller.appspot.com/bug?extid=8bb6fd945af4e0ad9299 compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=10afca3f980000 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=116f5c04580000 Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/928246b3f3d5/disk-01c6df60.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/79a68c4e1134/vmlinux-01c6df60.xz kernel image: https://storage.googleapis.com/syzbot-assets/9caf8c293819/bzImage-01c6df60.xz mounted in repro: https://storage.googleapis.com/syzbot-assets/9e5bb76a4272/mount_3.gz fsck result: failed (log: https://syzkaller.appspot.com/x/fsck.log?x=14ebd398580000) IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+8bb6fd945af4e0ad9299@syzkaller.appspotmail.com ------------[ cut here ]------------ jfs_metapage_aops does not implement migrate_folio WARNING: CPU: 1 PID: 5861 at mm/migrate.c:955 fallback_migrate_folio mm/migrate.c:953 [inline] WARNING: CPU: 1 PID: 5861 at mm/migrate.c:955 move_to_new_folio+0x70e/0x840 mm/migrate.c:1007 Modules linked in: CPU: 1 UID: 0 PID: 5861 Comm: syz-executor280 Not tainted 6.15.0-rc1-next-20250411-syzkaller #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 RIP: 0010:fallback_migrate_folio mm/migrate.c:953 [inline] RIP: 0010:move_to_new_folio+0x70e/0x840 mm/migrate.c:1007 Code: b8 00 00 00 00 00 fc ff df 41 80 7c 05 00 00 74 08 4c 89 e7 e8 73 2d fe ff 49 8b 34 24 48 c7 c7 00 8b 57 8c e8 d3 0b 53 ff 90 <0f> 0b 90 90 e9 0a fd ff ff e8 74 f6 93 ff 90 0f 0b 90 eb a7 e8 69 RSP: 0018:ffffc90003f16b30 EFLAGS: 00010246 RAX: b07441ff5c2b4f00 RBX: 0000000000000000 RCX: ffff88803508bc00 RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 RBP: ffffea00008cc8c0 R08: ffffffff81829232 R09: fffffbfff1d7ab08 R10: dffffc0000000000 R11: fffffbfff1d7ab08 R12: ffff888075b9d130 R13: 1ffff1100eb73a26 R14: ffffffff8c839248 R15: ffff888075b9d010 FS: 0000555581ea4380(0000) GS:ffff888125080000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fb8bd341e36 CR3: 000000003002a000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> migrate_folio_move mm/migrate.c:1312 [inline] migrate_folios_move mm/migrate.c:1664 [inline] migrate_pages_batch+0x1e86/0x30b0 mm/migrate.c:1911 migrate_pages_sync mm/migrate.c:1941 [inline] migrate_pages+0x1e13/0x3470 mm/migrate.c:2050 compact_zone+0x365d/0x4dd0 mm/compaction.c:2689 compact_node mm/compaction.c:2958 [inline] compact_nodes mm/compaction.c:2980 [inline] sysctl_compaction_handler+0x498/0x9a0 mm/compaction.c:3031 proc_sys_call_handler+0x54b/0x820 fs/proc/proc_sysctl.c:601 iter_file_splice_write+0xbdf/0x1530 fs/splice.c:738 do_splice_from fs/splice.c:935 [inline] direct_splice_actor+0x11b/0x220 fs/splice.c:1158 splice_direct_to_actor+0x595/0xc90 fs/splice.c:1102 do_splice_direct_actor fs/splice.c:1201 [inline] do_splice_direct+0x281/0x3d0 fs/splice.c:1227 do_sendfile+0x582/0x8d0 fs/read_write.c:1368 __do_sys_sendfile64 fs/read_write.c:1423 [inline] __se_sys_sendfile64+0x102/0x1e0 fs/read_write.c:1415 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f0011f6cc49 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffeb8797248 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f0011f6cc49 RDX: 0000200000000180 RSI: 0000000000000003 RDI: 0000000000000004 RBP: 00000000000f4240 R08: 0000555581ea5378 R09: 0000555581ea5378 R10: 000000000000000a R11: 0000000000000246 R12: 00000000000161d0 R13: 00007ffeb8797280 R14: 00007ffeb879726c R15: 00007f0011fb503b </TASK> --- If you want syzbot to run the reproducer, reply with: #syz test: git://repo/address.git branch-or-commit-hash If you attach or paste a git patch, syzbot will apply it before testing. ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [syzbot] [mm?] WARNING in move_to_new_folio 2025-04-13 0:03 [syzbot] [mm?] WARNING in move_to_new_folio syzbot 2025-04-13 6:24 ` syzbot @ 2025-04-13 21:44 ` syzbot 2025-04-15 4:57 ` Shivank Garg 2025-04-15 4:33 ` [syzbot] " syzbot 2 siblings, 1 reply; 10+ messages in thread From: syzbot @ 2025-04-13 21:44 UTC (permalink / raw) To: akpm, brauner, jfs-discussion, linux-kernel, linux-mm, shaggy, shivankg, syzkaller-bugs, willy syzbot has bisected this issue to: commit 7ee3647243e5c4a9d74d4c7ec621eac75c6d37ea Author: Matthew Wilcox (Oracle) <willy@infradead.org> Date: Wed Apr 2 14:59:57 2025 +0000 migrate: Remove call to ->writepage bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=15be8fe4580000 start commit: 01c6df60d5d4 Add linux-next specific files for 20250411 git tree: linux-next final oops: https://syzkaller.appspot.com/x/report.txt?x=17be8fe4580000 console output: https://syzkaller.appspot.com/x/log.txt?x=13be8fe4580000 kernel config: https://syzkaller.appspot.com/x/.config?x=db03cefa26ecf825 dashboard link: https://syzkaller.appspot.com/bug?extid=8bb6fd945af4e0ad9299 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=10afca3f980000 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=116f5c04580000 Reported-by: syzbot+8bb6fd945af4e0ad9299@syzkaller.appspotmail.com Fixes: 7ee3647243e5 ("migrate: Remove call to ->writepage") For information about bisection process see: https://goo.gl/tpsmEJ#bisection ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [syzbot] [mm?] WARNING in move_to_new_folio 2025-04-13 21:44 ` syzbot @ 2025-04-15 4:57 ` Shivank Garg 2025-04-15 5:24 ` syzbot 0 siblings, 1 reply; 10+ messages in thread From: Shivank Garg @ 2025-04-15 4:57 UTC (permalink / raw) To: syzbot, akpm, brauner, jfs-discussion, linux-kernel, linux-mm, shaggy, syzkaller-bugs, willy [-- Attachment #1: Type: text/plain, Size: 1243 bytes --] #syz test: git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git 01c6df60d5d4 Best Regards, Shivank On 4/14/2025 3:14 AM, syzbot wrote: > syzbot has bisected this issue to: > > commit 7ee3647243e5c4a9d74d4c7ec621eac75c6d37ea > Author: Matthew Wilcox (Oracle) <willy@infradead.org> > Date: Wed Apr 2 14:59:57 2025 +0000 > > migrate: Remove call to ->writepage > > bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=15be8fe4580000 > start commit: 01c6df60d5d4 Add linux-next specific files for 20250411 > git tree: linux-next > final oops: https://syzkaller.appspot.com/x/report.txt?x=17be8fe4580000 > console output: https://syzkaller.appspot.com/x/log.txt?x=13be8fe4580000 > kernel config: https://syzkaller.appspot.com/x/.config?x=db03cefa26ecf825 > dashboard link: https://syzkaller.appspot.com/bug?extid=8bb6fd945af4e0ad9299 > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=10afca3f980000 > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=116f5c04580000 > > Reported-by: syzbot+8bb6fd945af4e0ad9299@syzkaller.appspotmail.com > Fixes: 7ee3647243e5 ("migrate: Remove call to ->writepage") > > For information about bisection process see: https://goo.gl/tpsmEJ#bisection [-- Attachment #2: 0001-jfs-implement-migrate_folio-for-jfs_metapage_aops.patch --] [-- Type: text/plain, Size: 6141 bytes --] From 0cd57d102a07f453d4a722215ce8ae34ff81c0a1 Mon Sep 17 00:00:00 2001 From: Shivank Garg <shivankg@amd.com> Date: Sun, 13 Apr 2025 16:40:53 +0000 Subject: [PATCH] jfs: implement migrate_folio for jfs_metapage_aops Add the missing migrate_folio operation to jfs_metapage_aops to fix warnings during memory compaction. These warnings were introduced by commit 7ee3647243e5 ("migrate: Remove call to ->writepage") which added explicit warnings when filesystems don't implement migrate_folio. System reports following warnings: jfs_metapage_aops does not implement migrate_folio WARNING: CPU: 0 PID: 6870 at mm/migrate.c:955 fallback_migrate_folio mm/migrate.c:953 [inline] WARNING: CPU: 0 PID: 6870 at mm/migrate.c:955 move_to_new_folio+0x70e/0x840 mm/migrate.c:1007 Implement metapage_migrate_folio which handles both single and multiple metapages per page configurations. Fixes: 35474d52c605 ("jfs: Convert metapage_writepage to metapage_write_folio") Reported-by: syzbot+8bb6fd945af4e0ad9299@syzkaller.appspotmail.com Closes: https://lore.kernel.org/all/67faff52.050a0220.379d84.001b.GAE@google.com Signed-off-by: Shivank Garg <shivankg@amd.com> --- fs/jfs/jfs_metapage.c | 94 +++++++++++++++++++++++++++++++++++++++++ include/linux/migrate.h | 1 + mm/migrate.c | 3 +- 3 files changed, 97 insertions(+), 1 deletion(-) diff --git a/fs/jfs/jfs_metapage.c b/fs/jfs/jfs_metapage.c index df575a873ec6..50759a846e22 100644 --- a/fs/jfs/jfs_metapage.c +++ b/fs/jfs/jfs_metapage.c @@ -15,6 +15,7 @@ #include <linux/mempool.h> #include <linux/seq_file.h> #include <linux/writeback.h> +#include <linux/migrate.h> #include "jfs_incore.h" #include "jfs_superblock.h" #include "jfs_filsys.h" @@ -151,6 +152,54 @@ static inline void dec_io(struct folio *folio, blk_status_t status, handler(folio, anchor->status); } +static int __metapage_migrate_folio(struct address_space *mapping, struct folio *dst, + struct folio *src, enum migrate_mode mode) +{ + struct meta_anchor *src_anchor = src->private; + struct metapage *mps[MPS_PER_PAGE] = {0}; + struct metapage *mp; + int i, rc; + + for (i = 0; i < MPS_PER_PAGE; i++) { + mp = src_anchor->mp[i]; + if (mp && metapage_locked(mp)) + return -EAGAIN; + } + + rc = filemap_migrate_folio(mapping, dst, src, mode); + if (rc != MIGRATEPAGE_SUCCESS) + return rc; + + for (i = 0; i < MPS_PER_PAGE; i++) { + mp = src_anchor->mp[i]; + if (!mp) + continue; + if (unlikely(insert_metapage(dst, mp))) { + /* If error, roll-back previosly inserted pages */ + for (int j = 0 ; j < i; j++) { + if (mps[j]) + remove_metapage(dst, mps[j]); + } + return -EAGAIN; + } + mps[i] = mp; + } + + /* Update the metapage and remove it from src */ + for (int i = 0; i < MPS_PER_PAGE; i++) { + mp = mps[i]; + if (mp) { + int page_offset = mp->data - folio_address(src); + + mp->data = folio_address(dst) + page_offset; + mp->folio = dst; + remove_metapage(src, mp); + } + } + + return MIGRATEPAGE_SUCCESS; +} + #else static inline struct metapage *folio_to_mp(struct folio *folio, int offset) { @@ -175,6 +224,32 @@ static inline void remove_metapage(struct folio *folio, struct metapage *mp) #define inc_io(folio) do {} while(0) #define dec_io(folio, status, handler) handler(folio, status) +static int __metapage_migrate_folio(struct address_space *mapping, struct folio *dst, + struct folio *src, enum migrate_mode mode) +{ + struct metapage *mp; + int page_offset; + int rc; + + mp = folio_to_mp(src, 0); + if (mp && metapage_locked(mp)) + return -EAGAIN; + + rc = filemap_migrate_folio(mapping, dst, src, mode); + if (rc != MIGRATEPAGE_SUCCESS) + return rc; + + if (unlikely(insert_metapage(src, mp))) + return -EAGAIN; + + page_offset = mp->data - folio_address(src); + mp->data = folio_address(dst) + page_offset; + mp->folio = dst; + remove_metapage(src, mp); + + return MIGRATEPAGE_SUCCESS; +} + #endif static inline struct metapage *alloc_metapage(gfp_t gfp_mask) @@ -554,6 +629,24 @@ static bool metapage_release_folio(struct folio *folio, gfp_t gfp_mask) return ret; } +/** + * metapage_migrate_folio - Migration function for JFS metapages + */ +static int metapage_migrate_folio(struct address_space *mapping, struct folio *dst, + struct folio *src, enum migrate_mode mode) +{ + int expected_count; + + if (!src->private) + return filemap_migrate_folio(mapping, dst, src, mode); + + /* Check whether page does not have extra refs before we do more work */ + expected_count = folio_expected_refs(mapping, src); + if (folio_ref_count(src) != expected_count) + return -EAGAIN; + return __metapage_migrate_folio(mapping, dst, src, mode); +} + static void metapage_invalidate_folio(struct folio *folio, size_t offset, size_t length) { @@ -570,6 +663,7 @@ const struct address_space_operations jfs_metapage_aops = { .release_folio = metapage_release_folio, .invalidate_folio = metapage_invalidate_folio, .dirty_folio = filemap_dirty_folio, + .migrate_folio = metapage_migrate_folio, }; struct metapage *__get_metapage(struct inode *inode, unsigned long lblock, diff --git a/include/linux/migrate.h b/include/linux/migrate.h index aaa2114498d6..cb31c5b1eb6a 100644 --- a/include/linux/migrate.h +++ b/include/linux/migrate.h @@ -60,6 +60,7 @@ struct movable_operations { /* Defined in mm/debug.c: */ extern const char *migrate_reason_names[MR_TYPES]; +int folio_expected_refs(struct address_space *mapping, struct folio *folio); #ifdef CONFIG_MIGRATION void putback_movable_pages(struct list_head *l); diff --git a/mm/migrate.c b/mm/migrate.c index 6e2488e5dbe4..0f01b8a87dec 100644 --- a/mm/migrate.c +++ b/mm/migrate.c @@ -445,7 +445,7 @@ void pmd_migration_entry_wait(struct mm_struct *mm, pmd_t *pmd) } #endif -static int folio_expected_refs(struct address_space *mapping, +int folio_expected_refs(struct address_space *mapping, struct folio *folio) { int refs = 1; @@ -458,6 +458,7 @@ static int folio_expected_refs(struct address_space *mapping, return refs; } +EXPORT_SYMBOL_GPL(folio_expected_refs); /* * Replace the folio in the mapping. -- 2.34.1 ^ permalink raw reply related [flat|nested] 10+ messages in thread
* Re: [syzbot] [mm?] WARNING in move_to_new_folio 2025-04-15 4:57 ` Shivank Garg @ 2025-04-15 5:24 ` syzbot 2025-04-15 5:40 ` Shivank Garg 0 siblings, 1 reply; 10+ messages in thread From: syzbot @ 2025-04-15 5:24 UTC (permalink / raw) To: akpm, brauner, jfs-discussion, linux-kernel, linux-mm, shaggy, shivankg, syzkaller-bugs, willy Hello, syzbot has tested the proposed patch but the reproducer is still triggering an issue: unregister_netdevice: waiting for DEV to become free unregister_netdevice: waiting for batadv0 to become free. Usage count = 3 Tested on: commit: 01c6df60 Add linux-next specific files for 20250411 git tree: git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git console output: https://syzkaller.appspot.com/x/log.txt?x=1142f0cc580000 kernel config: https://syzkaller.appspot.com/x/.config?x=db03cefa26ecf825 dashboard link: https://syzkaller.appspot.com/bug?extid=8bb6fd945af4e0ad9299 compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 patch: https://syzkaller.appspot.com/x/patch.diff?x=107a60cc580000 ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [syzbot] [mm?] WARNING in move_to_new_folio 2025-04-15 5:24 ` syzbot @ 2025-04-15 5:40 ` Shivank Garg 2025-04-15 6:00 ` syzbot 2025-04-15 6:18 ` Shivank Garg 0 siblings, 2 replies; 10+ messages in thread From: Shivank Garg @ 2025-04-15 5:40 UTC (permalink / raw) To: syzbot, linux-kernel, syzkaller-bugs, shivankg [-- Attachment #1: Type: text/plain, Size: 1072 bytes --] I made a mistake in insert_metapage. I hope my revised patch work. I'll post it to original list if this pass. #syz test: git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git 01c6df60d5d4 Best Regards, Shivank On 4/15/2025 10:54 AM, syzbot wrote: > Hello, > > syzbot has tested the proposed patch but the reproducer is still triggering an issue: > unregister_netdevice: waiting for DEV to become free > > unregister_netdevice: waiting for batadv0 to become free. Usage count = 3 > > > Tested on: > > commit: 01c6df60 Add linux-next specific files for 20250411 > git tree: git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git > console output: https://syzkaller.appspot.com/x/log.txt?x=1142f0cc580000 > kernel config: https://syzkaller.appspot.com/x/.config?x=db03cefa26ecf825 > dashboard link: https://syzkaller.appspot.com/bug?extid=8bb6fd945af4e0ad9299 > compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 > patch: https://syzkaller.appspot.com/x/patch.diff?x=107a60cc580000 > [-- Attachment #2: 0001-jfs-implement-migrate_folio-for-jfs_metapage_aops.patch --] [-- Type: text/plain, Size: 6141 bytes --] From daa1334f94c94b52117835dcd2d10ee319617458 Mon Sep 17 00:00:00 2001 From: Shivank Garg <shivankg@amd.com> Date: Sun, 13 Apr 2025 16:40:53 +0000 Subject: [PATCH] jfs: implement migrate_folio for jfs_metapage_aops Add the missing migrate_folio operation to jfs_metapage_aops to fix warnings during memory compaction. These warnings were introduced by commit 7ee3647243e5 ("migrate: Remove call to ->writepage") which added explicit warnings when filesystems don't implement migrate_folio. System reports following warnings: jfs_metapage_aops does not implement migrate_folio WARNING: CPU: 0 PID: 6870 at mm/migrate.c:955 fallback_migrate_folio mm/migrate.c:953 [inline] WARNING: CPU: 0 PID: 6870 at mm/migrate.c:955 move_to_new_folio+0x70e/0x840 mm/migrate.c:1007 Implement metapage_migrate_folio which handles both single and multiple metapages per page configurations. Fixes: 35474d52c605 ("jfs: Convert metapage_writepage to metapage_write_folio") Reported-by: syzbot+8bb6fd945af4e0ad9299@syzkaller.appspotmail.com Closes: https://lore.kernel.org/all/67faff52.050a0220.379d84.001b.GAE@google.com Signed-off-by: Shivank Garg <shivankg@amd.com> --- fs/jfs/jfs_metapage.c | 94 +++++++++++++++++++++++++++++++++++++++++ include/linux/migrate.h | 1 + mm/migrate.c | 3 +- 3 files changed, 97 insertions(+), 1 deletion(-) diff --git a/fs/jfs/jfs_metapage.c b/fs/jfs/jfs_metapage.c index df575a873ec6..d440537db6fe 100644 --- a/fs/jfs/jfs_metapage.c +++ b/fs/jfs/jfs_metapage.c @@ -15,6 +15,7 @@ #include <linux/mempool.h> #include <linux/seq_file.h> #include <linux/writeback.h> +#include <linux/migrate.h> #include "jfs_incore.h" #include "jfs_superblock.h" #include "jfs_filsys.h" @@ -151,6 +152,54 @@ static inline void dec_io(struct folio *folio, blk_status_t status, handler(folio, anchor->status); } +static int __metapage_migrate_folio(struct address_space *mapping, struct folio *dst, + struct folio *src, enum migrate_mode mode) +{ + struct meta_anchor *src_anchor = src->private; + struct metapage *mps[MPS_PER_PAGE] = {0}; + struct metapage *mp; + int i, rc; + + for (i = 0; i < MPS_PER_PAGE; i++) { + mp = src_anchor->mp[i]; + if (mp && metapage_locked(mp)) + return -EAGAIN; + } + + rc = filemap_migrate_folio(mapping, dst, src, mode); + if (rc != MIGRATEPAGE_SUCCESS) + return rc; + + for (i = 0; i < MPS_PER_PAGE; i++) { + mp = src_anchor->mp[i]; + if (!mp) + continue; + if (unlikely(insert_metapage(dst, mp))) { + /* If error, roll-back previosly inserted pages */ + for (int j = 0 ; j < i; j++) { + if (mps[j]) + remove_metapage(dst, mps[j]); + } + return -EAGAIN; + } + mps[i] = mp; + } + + /* Update the metapage and remove it from src */ + for (int i = 0; i < MPS_PER_PAGE; i++) { + mp = mps[i]; + if (mp) { + int page_offset = mp->data - folio_address(src); + + mp->data = folio_address(dst) + page_offset; + mp->folio = dst; + remove_metapage(src, mp); + } + } + + return MIGRATEPAGE_SUCCESS; +} + #else static inline struct metapage *folio_to_mp(struct folio *folio, int offset) { @@ -175,6 +224,32 @@ static inline void remove_metapage(struct folio *folio, struct metapage *mp) #define inc_io(folio) do {} while(0) #define dec_io(folio, status, handler) handler(folio, status) +static int __metapage_migrate_folio(struct address_space *mapping, struct folio *dst, + struct folio *src, enum migrate_mode mode) +{ + struct metapage *mp; + int page_offset; + int rc; + + mp = folio_to_mp(src, 0); + if (mp && metapage_locked(mp)) + return -EAGAIN; + + rc = filemap_migrate_folio(mapping, dst, src, mode); + if (rc != MIGRATEPAGE_SUCCESS) + return rc; + + if (unlikely(insert_metapage(dst, mp))) + return -EAGAIN; + + page_offset = mp->data - folio_address(src); + mp->data = folio_address(dst) + page_offset; + mp->folio = dst; + remove_metapage(src, mp); + + return MIGRATEPAGE_SUCCESS; +} + #endif static inline struct metapage *alloc_metapage(gfp_t gfp_mask) @@ -554,6 +629,24 @@ static bool metapage_release_folio(struct folio *folio, gfp_t gfp_mask) return ret; } +/** + * metapage_migrate_folio - Migration function for JFS metapages + */ +static int metapage_migrate_folio(struct address_space *mapping, struct folio *dst, + struct folio *src, enum migrate_mode mode) +{ + int expected_count; + + if (!src->private) + return filemap_migrate_folio(mapping, dst, src, mode); + + /* Check whether page does not have extra refs before we do more work */ + expected_count = folio_expected_refs(mapping, src); + if (folio_ref_count(src) != expected_count) + return -EAGAIN; + return __metapage_migrate_folio(mapping, dst, src, mode); +} + static void metapage_invalidate_folio(struct folio *folio, size_t offset, size_t length) { @@ -570,6 +663,7 @@ const struct address_space_operations jfs_metapage_aops = { .release_folio = metapage_release_folio, .invalidate_folio = metapage_invalidate_folio, .dirty_folio = filemap_dirty_folio, + .migrate_folio = metapage_migrate_folio, }; struct metapage *__get_metapage(struct inode *inode, unsigned long lblock, diff --git a/include/linux/migrate.h b/include/linux/migrate.h index aaa2114498d6..cb31c5b1eb6a 100644 --- a/include/linux/migrate.h +++ b/include/linux/migrate.h @@ -60,6 +60,7 @@ struct movable_operations { /* Defined in mm/debug.c: */ extern const char *migrate_reason_names[MR_TYPES]; +int folio_expected_refs(struct address_space *mapping, struct folio *folio); #ifdef CONFIG_MIGRATION void putback_movable_pages(struct list_head *l); diff --git a/mm/migrate.c b/mm/migrate.c index 6e2488e5dbe4..0f01b8a87dec 100644 --- a/mm/migrate.c +++ b/mm/migrate.c @@ -445,7 +445,7 @@ void pmd_migration_entry_wait(struct mm_struct *mm, pmd_t *pmd) } #endif -static int folio_expected_refs(struct address_space *mapping, +int folio_expected_refs(struct address_space *mapping, struct folio *folio) { int refs = 1; @@ -458,6 +458,7 @@ static int folio_expected_refs(struct address_space *mapping, return refs; } +EXPORT_SYMBOL_GPL(folio_expected_refs); /* * Replace the folio in the mapping. -- 2.34.1 ^ permalink raw reply related [flat|nested] 10+ messages in thread
* Re: [syzbot] [mm?] WARNING in move_to_new_folio 2025-04-15 5:40 ` Shivank Garg @ 2025-04-15 6:00 ` syzbot 2025-04-15 6:18 ` Shivank Garg 1 sibling, 0 replies; 10+ messages in thread From: syzbot @ 2025-04-15 6:00 UTC (permalink / raw) To: linux-kernel, shivankg, syzkaller-bugs Hello, syzbot has tested the proposed patch but the reproducer is still triggering an issue: unregister_netdevice: waiting for DEV to become free unregister_netdevice: waiting for batadv0 to become free. Usage count = 3 Tested on: commit: 01c6df60 Add linux-next specific files for 20250411 git tree: git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git console output: https://syzkaller.appspot.com/x/log.txt?x=13f1f398580000 kernel config: https://syzkaller.appspot.com/x/.config?x=db03cefa26ecf825 dashboard link: https://syzkaller.appspot.com/bug?extid=8bb6fd945af4e0ad9299 compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 patch: https://syzkaller.appspot.com/x/patch.diff?x=12c3cfe4580000 ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [syzbot] [mm?] WARNING in move_to_new_folio 2025-04-15 5:40 ` Shivank Garg 2025-04-15 6:00 ` syzbot @ 2025-04-15 6:18 ` Shivank Garg 2025-04-15 7:00 ` syzbot 1 sibling, 1 reply; 10+ messages in thread From: Shivank Garg @ 2025-04-15 6:18 UTC (permalink / raw) To: syzbot, linux-kernel, syzkaller-bugs [-- Attachment #1: Type: text/plain, Size: 1474 bytes --] On 4/15/2025 11:10 AM, Shivank Garg wrote: > I made a mistake in insert_metapage. I hope my revised patch work. > I'll post it to original list if this pass. > > #syz test: git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git 01c6df60d5d4 > > Best Regards, > Shivank > > On 4/15/2025 10:54 AM, syzbot wrote: >> Hello, >> >> syzbot has tested the proposed patch but the reproducer is still triggering an issue: >> unregister_netdevice: waiting for DEV to become free >> >> unregister_netdevice: waiting for batadv0 to become free. Usage count = 3 >> >> >> Tested on: >> >> commit: 01c6df60 Add linux-next specific files for 20250411 >> git tree: git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git >> console output: https://syzkaller.appspot.com/x/log.txt?x=1142f0cc580000 >> kernel config: https://syzkaller.appspot.com/x/.config?x=db03cefa26ecf825 >> dashboard link: https://syzkaller.appspot.com/bug?extid=8bb6fd945af4e0ad9299 >> compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 >> patch: https://syzkaller.appspot.com/x/patch.diff?x=107a60cc580000 >> > > Looks like this error is unrelated and due to a different issue: https://lore.kernel.org/lkml/20250414-double_hold_fix-v5-1-10e056324cde@narfation.org Retesting with Sven Eckelmann's patch for batman-adv #syz test: git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git 01c6df60d5d4 Best Regards, Shivank [-- Attachment #2: revised-diff --] [-- Type: text/plain, Size: 5292 bytes --] diff --git a/fs/jfs/jfs_metapage.c b/fs/jfs/jfs_metapage.c index df575a873ec6..d440537db6fe 100644 --- a/fs/jfs/jfs_metapage.c +++ b/fs/jfs/jfs_metapage.c @@ -15,6 +15,7 @@ #include <linux/mempool.h> #include <linux/seq_file.h> #include <linux/writeback.h> +#include <linux/migrate.h> #include "jfs_incore.h" #include "jfs_superblock.h" #include "jfs_filsys.h" @@ -151,6 +152,54 @@ static inline void dec_io(struct folio *folio, blk_status_t status, handler(folio, anchor->status); } +static int __metapage_migrate_folio(struct address_space *mapping, struct folio *dst, + struct folio *src, enum migrate_mode mode) +{ + struct meta_anchor *src_anchor = src->private; + struct metapage *mps[MPS_PER_PAGE] = {0}; + struct metapage *mp; + int i, rc; + + for (i = 0; i < MPS_PER_PAGE; i++) { + mp = src_anchor->mp[i]; + if (mp && metapage_locked(mp)) + return -EAGAIN; + } + + rc = filemap_migrate_folio(mapping, dst, src, mode); + if (rc != MIGRATEPAGE_SUCCESS) + return rc; + + for (i = 0; i < MPS_PER_PAGE; i++) { + mp = src_anchor->mp[i]; + if (!mp) + continue; + if (unlikely(insert_metapage(dst, mp))) { + /* If error, roll-back previosly inserted pages */ + for (int j = 0 ; j < i; j++) { + if (mps[j]) + remove_metapage(dst, mps[j]); + } + return -EAGAIN; + } + mps[i] = mp; + } + + /* Update the metapage and remove it from src */ + for (int i = 0; i < MPS_PER_PAGE; i++) { + mp = mps[i]; + if (mp) { + int page_offset = mp->data - folio_address(src); + + mp->data = folio_address(dst) + page_offset; + mp->folio = dst; + remove_metapage(src, mp); + } + } + + return MIGRATEPAGE_SUCCESS; +} + #else static inline struct metapage *folio_to_mp(struct folio *folio, int offset) { @@ -175,6 +224,32 @@ static inline void remove_metapage(struct folio *folio, struct metapage *mp) #define inc_io(folio) do {} while(0) #define dec_io(folio, status, handler) handler(folio, status) +static int __metapage_migrate_folio(struct address_space *mapping, struct folio *dst, + struct folio *src, enum migrate_mode mode) +{ + struct metapage *mp; + int page_offset; + int rc; + + mp = folio_to_mp(src, 0); + if (mp && metapage_locked(mp)) + return -EAGAIN; + + rc = filemap_migrate_folio(mapping, dst, src, mode); + if (rc != MIGRATEPAGE_SUCCESS) + return rc; + + if (unlikely(insert_metapage(dst, mp))) + return -EAGAIN; + + page_offset = mp->data - folio_address(src); + mp->data = folio_address(dst) + page_offset; + mp->folio = dst; + remove_metapage(src, mp); + + return MIGRATEPAGE_SUCCESS; +} + #endif static inline struct metapage *alloc_metapage(gfp_t gfp_mask) @@ -554,6 +629,24 @@ static bool metapage_release_folio(struct folio *folio, gfp_t gfp_mask) return ret; } +/** + * metapage_migrate_folio - Migration function for JFS metapages + */ +static int metapage_migrate_folio(struct address_space *mapping, struct folio *dst, + struct folio *src, enum migrate_mode mode) +{ + int expected_count; + + if (!src->private) + return filemap_migrate_folio(mapping, dst, src, mode); + + /* Check whether page does not have extra refs before we do more work */ + expected_count = folio_expected_refs(mapping, src); + if (folio_ref_count(src) != expected_count) + return -EAGAIN; + return __metapage_migrate_folio(mapping, dst, src, mode); +} + static void metapage_invalidate_folio(struct folio *folio, size_t offset, size_t length) { @@ -570,6 +663,7 @@ const struct address_space_operations jfs_metapage_aops = { .release_folio = metapage_release_folio, .invalidate_folio = metapage_invalidate_folio, .dirty_folio = filemap_dirty_folio, + .migrate_folio = metapage_migrate_folio, }; struct metapage *__get_metapage(struct inode *inode, unsigned long lblock, diff --git a/include/linux/migrate.h b/include/linux/migrate.h index aaa2114498d6..cb31c5b1eb6a 100644 --- a/include/linux/migrate.h +++ b/include/linux/migrate.h @@ -60,6 +60,7 @@ struct movable_operations { /* Defined in mm/debug.c: */ extern const char *migrate_reason_names[MR_TYPES]; +int folio_expected_refs(struct address_space *mapping, struct folio *folio); #ifdef CONFIG_MIGRATION void putback_movable_pages(struct list_head *l); diff --git a/mm/migrate.c b/mm/migrate.c index 6e2488e5dbe4..0f01b8a87dec 100644 --- a/mm/migrate.c +++ b/mm/migrate.c @@ -445,7 +445,7 @@ void pmd_migration_entry_wait(struct mm_struct *mm, pmd_t *pmd) } #endif -static int folio_expected_refs(struct address_space *mapping, +int folio_expected_refs(struct address_space *mapping, struct folio *folio) { int refs = 1; @@ -458,6 +458,7 @@ static int folio_expected_refs(struct address_space *mapping, return refs; } +EXPORT_SYMBOL_GPL(folio_expected_refs); /* * Replace the folio in the mapping. diff --git a/net/batman-adv/hard-interface.c b/net/batman-adv/hard-interface.c index f145f9662653..7cd4bdcee439 100644 --- a/net/batman-adv/hard-interface.c +++ b/net/batman-adv/hard-interface.c @@ -725,7 +725,6 @@ int batadv_hardif_enable_interface(struct batadv_hard_iface *hard_iface, kref_get(&hard_iface->refcount); - dev_hold(mesh_iface); netdev_hold(mesh_iface, &hard_iface->meshif_dev_tracker, GFP_ATOMIC); hard_iface->mesh_iface = mesh_iface; bat_priv = netdev_priv(hard_iface->mesh_iface); ^ permalink raw reply related [flat|nested] 10+ messages in thread
* Re: [syzbot] [mm?] WARNING in move_to_new_folio 2025-04-15 6:18 ` Shivank Garg @ 2025-04-15 7:00 ` syzbot 0 siblings, 0 replies; 10+ messages in thread From: syzbot @ 2025-04-15 7:00 UTC (permalink / raw) To: linux-kernel, shivankg, syzkaller-bugs Hello, syzbot has tested the proposed patch and the reproducer did not trigger any issue: Reported-by: syzbot+8bb6fd945af4e0ad9299@syzkaller.appspotmail.com Tested-by: syzbot+8bb6fd945af4e0ad9299@syzkaller.appspotmail.com Tested on: commit: 01c6df60 Add linux-next specific files for 20250411 git tree: git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git console output: https://syzkaller.appspot.com/x/log.txt?x=166f7c04580000 kernel config: https://syzkaller.appspot.com/x/.config?x=db03cefa26ecf825 dashboard link: https://syzkaller.appspot.com/bug?extid=8bb6fd945af4e0ad9299 compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 patch: https://syzkaller.appspot.com/x/patch.diff?x=10d6c470580000 Note: testing is done by a robot and is best-effort only. ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [syzbot] Re: [syzbot] [mm?] WARNING in move_to_new_folio 2025-04-13 0:03 [syzbot] [mm?] WARNING in move_to_new_folio syzbot 2025-04-13 6:24 ` syzbot 2025-04-13 21:44 ` syzbot @ 2025-04-15 4:33 ` syzbot 2 siblings, 0 replies; 10+ messages in thread From: syzbot @ 2025-04-15 4:33 UTC (permalink / raw) To: linux-kernel, syzkaller-bugs For archival purposes, forwarding an incoming command email to linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com. *** Subject: Re: [syzbot] [mm?] WARNING in move_to_new_folio Author: shivankg@amd.com On 4/14/2025 3:14 AM, syzbot wrote: > syzbot has bisected this issue to: > > commit 7ee3647243e5c4a9d74d4c7ec621eac75c6d37ea > Author: Matthew Wilcox (Oracle) <willy@infradead.org> > Date: Wed Apr 2 14:59:57 2025 +0000 > > migrate: Remove call to ->writepage > > bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=15be8fe4580000 > start commit: 01c6df60d5d4 Add linux-next specific files for 20250411 > git tree: linux-next > final oops: https://syzkaller.appspot.com/x/report.txt?x=17be8fe4580000 > console output: https://syzkaller.appspot.com/x/log.txt?x=13be8fe4580000 > kernel config: https://syzkaller.appspot.com/x/.config?x=db03cefa26ecf825 > dashboard link: https://syzkaller.appspot.com/bug?extid=8bb6fd945af4e0ad9299 > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=10afca3f980000 > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=116f5c04580000 > > Reported-by: syzbot+8bb6fd945af4e0ad9299@syzkaller.appspotmail.com > Fixes: 7ee3647243e5 ("migrate: Remove call to ->writepage") > > For information about bisection process see: https://goo.gl/tpsmEJ#bisection #syz test diff --git a/fs/jfs/jfs_metapage.c b/fs/jfs/jfs_metapage.c index df575a873ec6..50759a846e22 100644 --- a/fs/jfs/jfs_metapage.c +++ b/fs/jfs/jfs_metapage.c @@ -15,6 +15,7 @@ #include <linux/mempool.h> #include <linux/seq_file.h> #include <linux/writeback.h> +#include <linux/migrate.h> #include "jfs_incore.h" #include "jfs_superblock.h" #include "jfs_filsys.h" @@ -151,6 +152,54 @@ static inline void dec_io(struct folio *folio, blk_status_t status, handler(folio, anchor->status); } +static int __metapage_migrate_folio(struct address_space *mapping, struct folio *dst, + struct folio *src, enum migrate_mode mode) +{ + struct meta_anchor *src_anchor = src->private; + struct metapage *mps[MPS_PER_PAGE] = {0}; + struct metapage *mp; + int i, rc; + + for (i = 0; i < MPS_PER_PAGE; i++) { + mp = src_anchor->mp[i]; + if (mp && metapage_locked(mp)) + return -EAGAIN; + } + + rc = filemap_migrate_folio(mapping, dst, src, mode); + if (rc != MIGRATEPAGE_SUCCESS) + return rc; + + for (i = 0; i < MPS_PER_PAGE; i++) { + mp = src_anchor->mp[i]; + if (!mp) + continue; + if (unlikely(insert_metapage(dst, mp))) { + /* If error, roll-back previosly inserted pages */ + for (int j = 0 ; j < i; j++) { + if (mps[j]) + remove_metapage(dst, mps[j]); + } + return -EAGAIN; + } + mps[i] = mp; + } + + /* Update the metapage and remove it from src */ + for (int i = 0; i < MPS_PER_PAGE; i++) { + mp = mps[i]; + if (mp) { + int page_offset = mp->data - folio_address(src); + + mp->data = folio_address(dst) + page_offset; + mp->folio = dst; + remove_metapage(src, mp); + } + } + + return MIGRATEPAGE_SUCCESS; +} + #else static inline struct metapage *folio_to_mp(struct folio *folio, int offset) { @@ -175,6 +224,32 @@ static inline void remove_metapage(struct folio *folio, struct metapage *mp) #define inc_io(folio) do {} while(0) #define dec_io(folio, status, handler) handler(folio, status) +static int __metapage_migrate_folio(struct address_space *mapping, struct folio *dst, + struct folio *src, enum migrate_mode mode) +{ + struct metapage *mp; + int page_offset; + int rc; + + mp = folio_to_mp(src, 0); + if (mp && metapage_locked(mp)) + return -EAGAIN; + + rc = filemap_migrate_folio(mapping, dst, src, mode); + if (rc != MIGRATEPAGE_SUCCESS) + return rc; + + if (unlikely(insert_metapage(src, mp))) + return -EAGAIN; + + page_offset = mp->data - folio_address(src); + mp->data = folio_address(dst) + page_offset; + mp->folio = dst; + remove_metapage(src, mp); + + return MIGRATEPAGE_SUCCESS; +} + #endif static inline struct metapage *alloc_metapage(gfp_t gfp_mask) @@ -554,6 +629,24 @@ static bool metapage_release_folio(struct folio *folio, gfp_t gfp_mask) return ret; } +/** + * metapage_migrate_folio - Migration function for JFS metapages + */ +static int metapage_migrate_folio(struct address_space *mapping, struct folio *dst, + struct folio *src, enum migrate_mode mode) +{ + int expected_count; + + if (!src->private) + return filemap_migrate_folio(mapping, dst, src, mode); + + /* Check whether page does not have extra refs before we do more work */ + expected_count = folio_expected_refs(mapping, src); + if (folio_ref_count(src) != expected_count) + return -EAGAIN; + return __metapage_migrate_folio(mapping, dst, src, mode); +} + static void metapage_invalidate_folio(struct folio *folio, size_t offset, size_t length) { @@ -570,6 +663,7 @@ const struct address_space_operations jfs_metapage_aops = { .release_folio = metapage_release_folio, .invalidate_folio = metapage_invalidate_folio, .dirty_folio = filemap_dirty_folio, + .migrate_folio = metapage_migrate_folio, }; struct metapage *__get_metapage(struct inode *inode, unsigned long lblock, diff --git a/include/linux/migrate.h b/include/linux/migrate.h index aaa2114498d6..cb31c5b1eb6a 100644 --- a/include/linux/migrate.h +++ b/include/linux/migrate.h @@ -60,6 +60,7 @@ struct movable_operations { /* Defined in mm/debug.c: */ extern const char *migrate_reason_names[MR_TYPES]; +int folio_expected_refs(struct address_space *mapping, struct folio *folio); #ifdef CONFIG_MIGRATION void putback_movable_pages(struct list_head *l); diff --git a/mm/migrate.c b/mm/migrate.c index 6e2488e5dbe4..0f01b8a87dec 100644 --- a/mm/migrate.c +++ b/mm/migrate.c @@ -445,7 +445,7 @@ void pmd_migration_entry_wait(struct mm_struct *mm, pmd_t *pmd) } #endif -static int folio_expected_refs(struct address_space *mapping, +int folio_expected_refs(struct address_space *mapping, struct folio *folio) { int refs = 1; @@ -458,6 +458,7 @@ static int folio_expected_refs(struct address_space *mapping, return refs; } +EXPORT_SYMBOL_GPL(folio_expected_refs); /* * Replace the folio in the mapping. -- 2.34.1 ^ permalink raw reply related [flat|nested] 10+ messages in thread
end of thread, other threads:[~2025-04-15 7:00 UTC | newest] Thread overview: 10+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2025-04-13 0:03 [syzbot] [mm?] WARNING in move_to_new_folio syzbot 2025-04-13 6:24 ` syzbot 2025-04-13 21:44 ` syzbot 2025-04-15 4:57 ` Shivank Garg 2025-04-15 5:24 ` syzbot 2025-04-15 5:40 ` Shivank Garg 2025-04-15 6:00 ` syzbot 2025-04-15 6:18 ` Shivank Garg 2025-04-15 7:00 ` syzbot 2025-04-15 4:33 ` [syzbot] " syzbot
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox