Message ID | 20190307153051.18815-1-willy@infradead.org (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | [v4] page cache: Store only head pages in i_pages | expand |
Quoting Matthew Wilcox (2019-03-07 15:30:51) > Transparent Huge Pages are currently stored in i_pages as pointers to > consecutive subpages. This patch changes that to storing consecutive > pointers to the head page in preparation for storing huge pages more > efficiently in i_pages. > > Large parts of this are "inspired" by Kirill's patch > https://lore.kernel.org/lkml/20170126115819.58875-2-kirill.shutemov@linux.intel.com/ > > Signed-off-by: Matthew Wilcox <willy@infradead.org> > Acked-by: Jan Kara <jack@suse.cz> > Reviewed-by: Kirill Shutemov <kirill@shutemov.name> > Reviewed-and-tested-by: Song Liu <songliubraving@fb.com> > Tested-by: William Kucharski <william.kucharski@oracle.com> > Reviewed-by: William Kucharski <william.kucharski@oracle.com> I've bisected some new softlockups under THP mempressure to this patch. They are all rcu stalls that look similar to: [ 242.645276] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 242.645293] rcu: Tasks blocked on level-0 rcu_node (CPUs 0-3): P828 [ 242.645301] (detected by 1, t=5252 jiffies, g=55501, q=221) [ 242.645307] gem_syslatency R running task 0 828 815 0x00004000 [ 242.645315] Call Trace: [ 242.645326] ? __schedule+0x1a0/0x440 [ 242.645332] ? preempt_schedule_irq+0x27/0x50 [ 242.645337] ? apic_timer_interrupt+0xa/0x20 [ 242.645342] ? xas_load+0x3c/0x80 [ 242.645347] ? xas_load+0x8/0x80 [ 242.645353] ? find_get_entry+0x4f/0x130 [ 242.645358] ? pagecache_get_page+0x2b/0x210 [ 242.645364] ? lookup_swap_cache+0x42/0x100 [ 242.645371] ? do_swap_page+0x6f/0x600 [ 242.645375] ? unmap_region+0xc2/0xe0 [ 242.645380] ? __handle_mm_fault+0x7a9/0xfa0 [ 242.645385] ? handle_mm_fault+0xc2/0x1c0 [ 242.645393] ? __do_page_fault+0x198/0x410 [ 242.645399] ? page_fault+0x5/0x20 [ 242.645404] ? page_fault+0x1b/0x20 Any suggestions as to what information you might want? -Chris
Quoting Chris Wilson (2019-06-01 10:26:21) > Quoting Matthew Wilcox (2019-03-07 15:30:51) > > Transparent Huge Pages are currently stored in i_pages as pointers to > > consecutive subpages. This patch changes that to storing consecutive > > pointers to the head page in preparation for storing huge pages more > > efficiently in i_pages. > > > > Large parts of this are "inspired" by Kirill's patch > > https://lore.kernel.org/lkml/20170126115819.58875-2-kirill.shutemov@linux.intel.com/ > > > > Signed-off-by: Matthew Wilcox <willy@infradead.org> > > Acked-by: Jan Kara <jack@suse.cz> > > Reviewed-by: Kirill Shutemov <kirill@shutemov.name> > > Reviewed-and-tested-by: Song Liu <songliubraving@fb.com> > > Tested-by: William Kucharski <william.kucharski@oracle.com> > > Reviewed-by: William Kucharski <william.kucharski@oracle.com> > > I've bisected some new softlockups under THP mempressure to this patch. > They are all rcu stalls that look similar to: > [ 242.645276] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: > [ 242.645293] rcu: Tasks blocked on level-0 rcu_node (CPUs 0-3): P828 > [ 242.645301] (detected by 1, t=5252 jiffies, g=55501, q=221) > [ 242.645307] gem_syslatency R running task 0 828 815 0x00004000 > [ 242.645315] Call Trace: > [ 242.645326] ? __schedule+0x1a0/0x440 > [ 242.645332] ? preempt_schedule_irq+0x27/0x50 > [ 242.645337] ? apic_timer_interrupt+0xa/0x20 > [ 242.645342] ? xas_load+0x3c/0x80 > [ 242.645347] ? xas_load+0x8/0x80 > [ 242.645353] ? find_get_entry+0x4f/0x130 > [ 242.645358] ? pagecache_get_page+0x2b/0x210 > [ 242.645364] ? lookup_swap_cache+0x42/0x100 > [ 242.645371] ? do_swap_page+0x6f/0x600 > [ 242.645375] ? unmap_region+0xc2/0xe0 > [ 242.645380] ? __handle_mm_fault+0x7a9/0xfa0 > [ 242.645385] ? handle_mm_fault+0xc2/0x1c0 > [ 242.645393] ? __do_page_fault+0x198/0x410 > [ 242.645399] ? page_fault+0x5/0x20 > [ 242.645404] ? page_fault+0x1b/0x20 > > Any suggestions as to what information you might want? Perhaps, [ 76.175502] page:ffffea00098e0000 count:0 mapcount:0 mapping:0000000000000000 index:0x1 [ 76.175525] flags: 0x8000000000000000() [ 76.175533] raw: 8000000000000000 ffffea0004a7e988 ffffea000445c3c8 0000000000000000 [ 76.175538] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 76.175543] page dumped because: VM_BUG_ON_PAGE(entry != page) [ 76.175560] ------------[ cut here ]------------ [ 76.175564] kernel BUG at mm/swap_state.c:170! [ 76.175574] invalid opcode: 0000 [#1] PREEMPT SMP [ 76.175581] CPU: 0 PID: 131 Comm: kswapd0 Tainted: G U 5.1.0+ #247 [ 76.175586] Hardware name: /NUC6CAYB, BIOS AYAPLCEL.86A.0029.2016.1124.1625 11/24/2016 [ 76.175598] RIP: 0010:__delete_from_swap_cache+0x22e/0x340 [ 76.175604] Code: e8 b7 3e fd ff 48 01 1d a8 7e 04 01 48 83 c4 30 5b 5d 41 5c 41 5d 41 5e 41 5f c3 48 c7 c6 03 7e bf 81 48 89 c7 e8 92 f8 fd ff <0f> 0b 48 c7 c6 c8 7c bf 81 48 89 df e8 81 f8 fd ff 0f 0b 48 c7 c6 [ 76.175613] RSP: 0000:ffffc900008dba88 EFLAGS: 00010046 [ 76.175619] RAX: 0000000000000032 RBX: ffffea00098e0040 RCX: 0000000000000006 [ 76.175624] RDX: 0000000000000007 RSI: 0000000000000000 RDI: ffffffff81bf6d4c [ 76.175629] RBP: ffff888265ed8640 R08: 00000000000002c2 R09: 0000000000000000 [ 76.175634] R10: 0000000273a4626d R11: 0000000000000000 R12: 0000000000000001 [ 76.175639] R13: 0000000000000040 R14: 0000000000000000 R15: ffffea00098e0000 [ 76.175645] FS: 0000000000000000(0000) GS:ffff888277a00000(0000) knlGS:0000000000000000 [ 76.175651] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 76.175656] CR2: 00007f24e4399000 CR3: 0000000002c09000 CR4: 00000000001406f0 [ 76.175661] Call Trace: [ 76.175671] __remove_mapping+0x1c2/0x380 [ 76.175678] shrink_page_list+0x11db/0x1d10 [ 76.175684] shrink_inactive_list+0x14b/0x420 [ 76.175690] shrink_node_memcg+0x20e/0x740 [ 76.175696] shrink_node+0xba/0x420 [ 76.175702] balance_pgdat+0x27d/0x4d0 [ 76.175709] kswapd+0x216/0x300 [ 76.175715] ? wait_woken+0x80/0x80 [ 76.175721] ? balance_pgdat+0x4d0/0x4d0 [ 76.175726] kthread+0x106/0x120 [ 76.175732] ? kthread_create_on_node+0x40/0x40 [ 76.175739] ret_from_fork+0x1f/0x30 [ 76.175745] Modules linked in: i915 intel_gtt drm_kms_helper [ 76.175754] ---[ end trace 8faf2ec849d50724 ]--- [ 76.206689] RIP: 0010:__delete_from_swap_cache+0x22e/0x340 [ 76.206708] Code: e8 b7 3e fd ff 48 01 1d a8 7e 04 01 48 83 c4 30 5b 5d 41 5c 41 5d 41 5e 41 5f c3 48 c7 c6 03 7e bf 81 48 89 c7 e8 92 f8 fd ff <0f> 0b 48 c7 c6 c8 7c bf 81 48 89 df e8 81 f8 fd ff 0f 0b 48 c7 c6 [ 76.206718] RSP: 0000:ffffc900008dba88 EFLAGS: 00010046 [ 76.206723] RAX: 0000000000000032 RBX: ffffea00098e0040 RCX: 0000000000000006 [ 76.206729] RDX: 0000000000000007 RSI: 0000000000000000 RDI: ffffffff81bf6d4c [ 76.206734] RBP: ffff888265ed8640 R08: 00000000000002c2 R09: 0000000000000000 [ 76.206740] R10: 0000000273a4626d R11: 0000000000000000 R12: 0000000000000001 [ 76.206745] R13: 0000000000000040 R14: 0000000000000000 R15: ffffea00098e0000 [ 76.206750] FS: 0000000000000000(0000) GS:ffff888277a00000(0000) knlGS:0000000000000000 [ 76.206757] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 -Chris
On Sat, Jun 01, 2019 at 12:44:28PM +0100, Chris Wilson wrote: > Quoting Chris Wilson (2019-06-01 10:26:21) > > Quoting Matthew Wilcox (2019-03-07 15:30:51) > > > Transparent Huge Pages are currently stored in i_pages as pointers to > > > consecutive subpages. This patch changes that to storing consecutive > > > pointers to the head page in preparation for storing huge pages more > > > efficiently in i_pages. > > > > > > Large parts of this are "inspired" by Kirill's patch > > > https://lore.kernel.org/lkml/20170126115819.58875-2-kirill.shutemov@linux.intel.com/ > > > > > > Signed-off-by: Matthew Wilcox <willy@infradead.org> > > > Acked-by: Jan Kara <jack@suse.cz> > > > Reviewed-by: Kirill Shutemov <kirill@shutemov.name> > > > Reviewed-and-tested-by: Song Liu <songliubraving@fb.com> > > > Tested-by: William Kucharski <william.kucharski@oracle.com> > > > Reviewed-by: William Kucharski <william.kucharski@oracle.com> > > > > I've bisected some new softlockups under THP mempressure to this patch. > > They are all rcu stalls that look similar to: > > [ 242.645276] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: > > [ 242.645293] rcu: Tasks blocked on level-0 rcu_node (CPUs 0-3): P828 > > [ 242.645301] (detected by 1, t=5252 jiffies, g=55501, q=221) > > [ 242.645307] gem_syslatency R running task 0 828 815 0x00004000 > > [ 242.645315] Call Trace: > > [ 242.645326] ? __schedule+0x1a0/0x440 > > [ 242.645332] ? preempt_schedule_irq+0x27/0x50 > > [ 242.645337] ? apic_timer_interrupt+0xa/0x20 > > [ 242.645342] ? xas_load+0x3c/0x80 > > [ 242.645347] ? xas_load+0x8/0x80 > > [ 242.645353] ? find_get_entry+0x4f/0x130 > > [ 242.645358] ? pagecache_get_page+0x2b/0x210 > > [ 242.645364] ? lookup_swap_cache+0x42/0x100 > > [ 242.645371] ? do_swap_page+0x6f/0x600 > > [ 242.645375] ? unmap_region+0xc2/0xe0 > > [ 242.645380] ? __handle_mm_fault+0x7a9/0xfa0 > > [ 242.645385] ? handle_mm_fault+0xc2/0x1c0 > > [ 242.645393] ? __do_page_fault+0x198/0x410 > > [ 242.645399] ? page_fault+0x5/0x20 > > [ 242.645404] ? page_fault+0x1b/0x20 > > > > Any suggestions as to what information you might want? > > Perhaps, > [ 76.175502] page:ffffea00098e0000 count:0 mapcount:0 mapping:0000000000000000 index:0x1 > [ 76.175525] flags: 0x8000000000000000() > [ 76.175533] raw: 8000000000000000 ffffea0004a7e988 ffffea000445c3c8 0000000000000000 > [ 76.175538] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 > [ 76.175543] page dumped because: VM_BUG_ON_PAGE(entry != page) > [ 76.175560] ------------[ cut here ]------------ > [ 76.175564] kernel BUG at mm/swap_state.c:170! > [ 76.175574] invalid opcode: 0000 [#1] PREEMPT SMP > [ 76.175581] CPU: 0 PID: 131 Comm: kswapd0 Tainted: G U 5.1.0+ #247 > [ 76.175586] Hardware name: /NUC6CAYB, BIOS AYAPLCEL.86A.0029.2016.1124.1625 11/24/2016 > [ 76.175598] RIP: 0010:__delete_from_swap_cache+0x22e/0x340 > [ 76.175604] Code: e8 b7 3e fd ff 48 01 1d a8 7e 04 01 48 83 c4 30 5b 5d 41 5c 41 5d 41 5e 41 5f c3 48 c7 c6 03 7e bf 81 48 89 c7 e8 92 f8 fd ff <0f> 0b 48 c7 c6 c8 7c bf 81 48 89 df e8 81 f8 fd ff 0f 0b 48 c7 c6 > [ 76.175613] RSP: 0000:ffffc900008dba88 EFLAGS: 00010046 > [ 76.175619] RAX: 0000000000000032 RBX: ffffea00098e0040 RCX: 0000000000000006 > [ 76.175624] RDX: 0000000000000007 RSI: 0000000000000000 RDI: ffffffff81bf6d4c > [ 76.175629] RBP: ffff888265ed8640 R08: 00000000000002c2 R09: 0000000000000000 > [ 76.175634] R10: 0000000273a4626d R11: 0000000000000000 R12: 0000000000000001 > [ 76.175639] R13: 0000000000000040 R14: 0000000000000000 R15: ffffea00098e0000 > [ 76.175645] FS: 0000000000000000(0000) GS:ffff888277a00000(0000) knlGS:0000000000000000 > [ 76.175651] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > [ 76.175656] CR2: 00007f24e4399000 CR3: 0000000002c09000 CR4: 00000000001406f0 > [ 76.175661] Call Trace: > [ 76.175671] __remove_mapping+0x1c2/0x380 > [ 76.175678] shrink_page_list+0x11db/0x1d10 > [ 76.175684] shrink_inactive_list+0x14b/0x420 > [ 76.175690] shrink_node_memcg+0x20e/0x740 > [ 76.175696] shrink_node+0xba/0x420 > [ 76.175702] balance_pgdat+0x27d/0x4d0 > [ 76.175709] kswapd+0x216/0x300 > [ 76.175715] ? wait_woken+0x80/0x80 > [ 76.175721] ? balance_pgdat+0x4d0/0x4d0 > [ 76.175726] kthread+0x106/0x120 > [ 76.175732] ? kthread_create_on_node+0x40/0x40 > [ 76.175739] ret_from_fork+0x1f/0x30 > [ 76.175745] Modules linked in: i915 intel_gtt drm_kms_helper > [ 76.175754] ---[ end trace 8faf2ec849d50724 ]--- > [ 76.206689] RIP: 0010:__delete_from_swap_cache+0x22e/0x340 > [ 76.206708] Code: e8 b7 3e fd ff 48 01 1d a8 7e 04 01 48 83 c4 30 5b 5d 41 5c 41 5d 41 5e 41 5f c3 48 c7 c6 03 7e bf 81 48 89 c7 e8 92 f8 fd ff <0f> 0b 48 c7 c6 c8 7c bf 81 48 89 df e8 81 f8 fd ff 0f 0b 48 c7 c6 > [ 76.206718] RSP: 0000:ffffc900008dba88 EFLAGS: 00010046 > [ 76.206723] RAX: 0000000000000032 RBX: ffffea00098e0040 RCX: 0000000000000006 > [ 76.206729] RDX: 0000000000000007 RSI: 0000000000000000 RDI: ffffffff81bf6d4c > [ 76.206734] RBP: ffff888265ed8640 R08: 00000000000002c2 R09: 0000000000000000 > [ 76.206740] R10: 0000000273a4626d R11: 0000000000000000 R12: 0000000000000001 > [ 76.206745] R13: 0000000000000040 R14: 0000000000000000 R15: ffffea00098e0000 > [ 76.206750] FS: 0000000000000000(0000) GS:ffff888277a00000(0000) knlGS:0000000000000000 > [ 76.206757] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 Thanks for the reports, Chris. I think they're both canaries; somehow the page cache / swap cache has got corrupted and contains entries that it shouldn't. This second one (with the VM_BUG_ON_PAGE in __delete_from_swap_cache) shows a regular (non-huge) page at index 1. There are two ways we might have got there; one is that we asked to delete a page at index 1 which is no longer in the cache. The other is that we asked to delete a huge page at index 0, but the page wasn't subsequently stored in indices 1-511. We dump the page that we found; not the page we're looking for, so I don't know which. If this one's easy to reproduce, you could add: for (i = 0; i < nr; i++) { void *entry = xas_store(&xas, NULL); + if (entry != page) { + printk("Oh dear %d %d\n", i, nr); + dump_page(page, "deleting page"); + } VM_BUG_ON_PAGE(entry != page, entry); set_page_private(page + i, 0); xas_next(&xas); } I'll re-read the patch and see if I can figure out how the cache is getting screwed up. Given what you said, probably on the swap-in path.
Quoting Matthew Wilcox (2019-06-02 11:51:50) > Thanks for the reports, Chris. > > I think they're both canaries; somehow the page cache / swap cache has > got corrupted and contains entries that it shouldn't. > > This second one (with the VM_BUG_ON_PAGE in __delete_from_swap_cache) > shows a regular (non-huge) page at index 1. There are two ways we might > have got there; one is that we asked to delete a page at index 1 which is > no longer in the cache. The other is that we asked to delete a huge page > at index 0, but the page wasn't subsequently stored in indices 1-511. > > We dump the page that we found; not the page we're looking for, so I don't > know which. If this one's easy to reproduce, you could add: > > for (i = 0; i < nr; i++) { > void *entry = xas_store(&xas, NULL); > + if (entry != page) { > + printk("Oh dear %d %d\n", i, nr); > + dump_page(page, "deleting page"); > + } [ 113.423120] Oh dear 0 1 [ 113.423141] page:ffffea000911cdc0 refcount:0 mapcount:0 mapping:ffff88826aee7bb1 index:0x7fce6ff37 [ 113.423146] anon [ 113.423150] flags: 0x8000000000080445(locked|uptodate|workingset|owner_priv_1|swapbacked) [ 113.423161] raw: 8000000000080445 dead000000000100 dead000000000200 ffff88826aee7bb1 [ 113.423167] raw: 00000007fce6ff37 0000000000054537 00000000ffffffff 0000000000000000 [ 113.423171] page dumped because: deleting page [ 113.423176] page:ffffea0009118000 refcount:1 mapcount:0 mapping:ffff88826aee7bb1 index:0x7fce6fe00 [ 113.423182] anon [ 113.423183] flags: 0x8000000000080454(uptodate|lru|workingset|owner_priv_1|swapbacked) [ 113.423191] raw: 8000000000080454 ffffea0009118048 ffffea000911ce08 ffff88826aee7bb1 [ 113.423198] raw: 00000007fce6fe00 0000000000054400 00000001ffffffff ffff8882693e5000 [ 113.423204] page dumped because: VM_BUG_ON_PAGE(entry != page) [ 113.423209] page->mem_cgroup:ffff8882693e5000 [ 113.423222] ------------[ cut here ]------------ [ 113.423227] kernel BUG at mm/swap_state.c:174! [ 113.423236] invalid opcode: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC [ 113.423243] CPU: 1 PID: 131 Comm: kswapd0 Tainted: G U 5.2.0-rc2+ #251 [ 113.423248] Hardware name: /NUC6CAYB, BIOS AYAPLCEL.86A.0029.2016.1124.1625 11/24/2016 [ 113.423260] RIP: 0010:__delete_from_swap_cache.cold.17+0x30/0x36 [ 113.423265] Code: 48 c7 c7 13 94 bf 81 e8 cd 7f f3 ff 48 89 df 48 c7 c6 24 94 bf 81 e8 95 6c fd ff 48 c7 c6 32 94 bf 81 4c 89 ff e8 86 6c fd ff <0f> 0b 90 90 90 90 48 8b 07 48 8b 16 48 c1 e8 3a 48 c1 ea 3a 29 d0 [ 113.423274] RSP: 0018:ffffc900008b3a80 EFLAGS: 00010046 [ 113.423280] RAX: 0000000000000000 RBX: ffffea000911cdc0 RCX: 0000000000000006 [ 113.423285] RDX: 0000000000000007 RSI: 0000000000000092 RDI: ffff888276c963c0 [ 113.423290] RBP: ffff888265a98d20 R08: 00000000000002ce R09: 0000000000000000 [ 113.423296] R10: 0000000272bc445c R11: 0000000000000000 R12: 0000000000000001 [ 113.423301] R13: 0000000000000000 R14: 0000000000000000 R15: ffffea0009118000 [ 113.423306] FS: 0000000000000000(0000) GS:ffff888276c80000(0000) knlGS:0000000000000000 [ 113.423313] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 113.423317] CR2: 00007fce7c857000 CR3: 0000000002c09000 CR4: 00000000001406e0 [ 113.423323] Call Trace: [ 113.423331] __remove_mapping+0x1c2/0x380 [ 113.423337] shrink_page_list+0x123c/0x1d00 [ 113.423343] shrink_inactive_list+0x130/0x300 [ 113.423348] shrink_node_memcg+0x20e/0x740 [ 113.423354] shrink_node+0xba/0x420 [ 113.423359] balance_pgdat+0x27d/0x4d0 [ 113.423365] kswapd+0x216/0x300 [ 113.423372] ? wait_woken+0x80/0x80 [ 113.423378] ? balance_pgdat+0x4d0/0x4d0 [ 113.423384] kthread+0x106/0x120 [ 113.423389] ? kthread_create_on_node+0x40/0x40 [ 113.423398] ret_from_fork+0x1f/0x30 [ 113.423405] Modules linked in: i915 intel_gtt drm_kms_helper [ 113.423414] ---[ end trace 328930613dd77e06 ]--- [ 113.454546] RIP: 0010:__delete_from_swap_cache.cold.17+0x30/0x36 > VM_BUG_ON_PAGE(entry != page, entry); > set_page_private(page + i, 0); > xas_next(&xas); > } > > I'll re-read the patch and see if I can figure out how the cache is getting > screwed up. Given what you said, probably on the swap-in path. It may be self-incriminating, but this only occurs when i915.ko is also involved via shrink_slab. -Chris
Quoting Matthew Wilcox (2019-06-02 11:51:50) > On Sat, Jun 01, 2019 at 12:44:28PM +0100, Chris Wilson wrote: > > Quoting Chris Wilson (2019-06-01 10:26:21) > > > Quoting Matthew Wilcox (2019-03-07 15:30:51) > > > > Transparent Huge Pages are currently stored in i_pages as pointers to > > > > consecutive subpages. This patch changes that to storing consecutive > > > > pointers to the head page in preparation for storing huge pages more > > > > efficiently in i_pages. > > > > > > > > Large parts of this are "inspired" by Kirill's patch > > > > https://lore.kernel.org/lkml/20170126115819.58875-2-kirill.shutemov@linux.intel.com/ > > > > > > > > Signed-off-by: Matthew Wilcox <willy@infradead.org> > > > > Acked-by: Jan Kara <jack@suse.cz> > > > > Reviewed-by: Kirill Shutemov <kirill@shutemov.name> > > > > Reviewed-and-tested-by: Song Liu <songliubraving@fb.com> > > > > Tested-by: William Kucharski <william.kucharski@oracle.com> > > > > Reviewed-by: William Kucharski <william.kucharski@oracle.com> > > > > > > I've bisected some new softlockups under THP mempressure to this patch. > > > They are all rcu stalls that look similar to: > > > [ 242.645276] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: > > > [ 242.645293] rcu: Tasks blocked on level-0 rcu_node (CPUs 0-3): P828 > > > [ 242.645301] (detected by 1, t=5252 jiffies, g=55501, q=221) > > > [ 242.645307] gem_syslatency R running task 0 828 815 0x00004000 > > > [ 242.645315] Call Trace: > > > [ 242.645326] ? __schedule+0x1a0/0x440 > > > [ 242.645332] ? preempt_schedule_irq+0x27/0x50 > > > [ 242.645337] ? apic_timer_interrupt+0xa/0x20 > > > [ 242.645342] ? xas_load+0x3c/0x80 > > > [ 242.645347] ? xas_load+0x8/0x80 > > > [ 242.645353] ? find_get_entry+0x4f/0x130 > > > [ 242.645358] ? pagecache_get_page+0x2b/0x210 > > > [ 242.645364] ? lookup_swap_cache+0x42/0x100 > > > [ 242.645371] ? do_swap_page+0x6f/0x600 > > > [ 242.645375] ? unmap_region+0xc2/0xe0 > > > [ 242.645380] ? __handle_mm_fault+0x7a9/0xfa0 > > > [ 242.645385] ? handle_mm_fault+0xc2/0x1c0 > > > [ 242.645393] ? __do_page_fault+0x198/0x410 > > > [ 242.645399] ? page_fault+0x5/0x20 > > > [ 242.645404] ? page_fault+0x1b/0x20 > > > > > > Any suggestions as to what information you might want? > > > > Perhaps, > > [ 76.175502] page:ffffea00098e0000 count:0 mapcount:0 mapping:0000000000000000 index:0x1 > > [ 76.175525] flags: 0x8000000000000000() > > [ 76.175533] raw: 8000000000000000 ffffea0004a7e988 ffffea000445c3c8 0000000000000000 > > [ 76.175538] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 > > [ 76.175543] page dumped because: VM_BUG_ON_PAGE(entry != page) > > [ 76.175560] ------------[ cut here ]------------ > > [ 76.175564] kernel BUG at mm/swap_state.c:170! > > [ 76.175574] invalid opcode: 0000 [#1] PREEMPT SMP > > [ 76.175581] CPU: 0 PID: 131 Comm: kswapd0 Tainted: G U 5.1.0+ #247 > > [ 76.175586] Hardware name: /NUC6CAYB, BIOS AYAPLCEL.86A.0029.2016.1124.1625 11/24/2016 > > [ 76.175598] RIP: 0010:__delete_from_swap_cache+0x22e/0x340 > > [ 76.175604] Code: e8 b7 3e fd ff 48 01 1d a8 7e 04 01 48 83 c4 30 5b 5d 41 5c 41 5d 41 5e 41 5f c3 48 c7 c6 03 7e bf 81 48 89 c7 e8 92 f8 fd ff <0f> 0b 48 c7 c6 c8 7c bf 81 48 89 df e8 81 f8 fd ff 0f 0b 48 c7 c6 > > [ 76.175613] RSP: 0000:ffffc900008dba88 EFLAGS: 00010046 > > [ 76.175619] RAX: 0000000000000032 RBX: ffffea00098e0040 RCX: 0000000000000006 > > [ 76.175624] RDX: 0000000000000007 RSI: 0000000000000000 RDI: ffffffff81bf6d4c > > [ 76.175629] RBP: ffff888265ed8640 R08: 00000000000002c2 R09: 0000000000000000 > > [ 76.175634] R10: 0000000273a4626d R11: 0000000000000000 R12: 0000000000000001 > > [ 76.175639] R13: 0000000000000040 R14: 0000000000000000 R15: ffffea00098e0000 > > [ 76.175645] FS: 0000000000000000(0000) GS:ffff888277a00000(0000) knlGS:0000000000000000 > > [ 76.175651] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > > [ 76.175656] CR2: 00007f24e4399000 CR3: 0000000002c09000 CR4: 00000000001406f0 > > [ 76.175661] Call Trace: > > [ 76.175671] __remove_mapping+0x1c2/0x380 > > [ 76.175678] shrink_page_list+0x11db/0x1d10 > > [ 76.175684] shrink_inactive_list+0x14b/0x420 > > [ 76.175690] shrink_node_memcg+0x20e/0x740 > > [ 76.175696] shrink_node+0xba/0x420 > > [ 76.175702] balance_pgdat+0x27d/0x4d0 > > [ 76.175709] kswapd+0x216/0x300 > > [ 76.175715] ? wait_woken+0x80/0x80 > > [ 76.175721] ? balance_pgdat+0x4d0/0x4d0 > > [ 76.175726] kthread+0x106/0x120 > > [ 76.175732] ? kthread_create_on_node+0x40/0x40 > > [ 76.175739] ret_from_fork+0x1f/0x30 > > [ 76.175745] Modules linked in: i915 intel_gtt drm_kms_helper > > [ 76.175754] ---[ end trace 8faf2ec849d50724 ]--- > > [ 76.206689] RIP: 0010:__delete_from_swap_cache+0x22e/0x340 > > [ 76.206708] Code: e8 b7 3e fd ff 48 01 1d a8 7e 04 01 48 83 c4 30 5b 5d 41 5c 41 5d 41 5e 41 5f c3 48 c7 c6 03 7e bf 81 48 89 c7 e8 92 f8 fd ff <0f> 0b 48 c7 c6 c8 7c bf 81 48 89 df e8 81 f8 fd ff 0f 0b 48 c7 c6 > > [ 76.206718] RSP: 0000:ffffc900008dba88 EFLAGS: 00010046 > > [ 76.206723] RAX: 0000000000000032 RBX: ffffea00098e0040 RCX: 0000000000000006 > > [ 76.206729] RDX: 0000000000000007 RSI: 0000000000000000 RDI: ffffffff81bf6d4c > > [ 76.206734] RBP: ffff888265ed8640 R08: 00000000000002c2 R09: 0000000000000000 > > [ 76.206740] R10: 0000000273a4626d R11: 0000000000000000 R12: 0000000000000001 > > [ 76.206745] R13: 0000000000000040 R14: 0000000000000000 R15: ffffea00098e0000 > > [ 76.206750] FS: 0000000000000000(0000) GS:ffff888277a00000(0000) knlGS:0000000000000000 > > [ 76.206757] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > > Thanks for the reports, Chris. > > I think they're both canaries; somehow the page cache / swap cache has > got corrupted and contains entries that it shouldn't. > > This second one (with the VM_BUG_ON_PAGE in __delete_from_swap_cache) > shows a regular (non-huge) page at index 1. There are two ways we might > have got there; one is that we asked to delete a page at index 1 which is > no longer in the cache. The other is that we asked to delete a huge page > at index 0, but the page wasn't subsequently stored in indices 1-511. > > We dump the page that we found; not the page we're looking for, so I don't > know which. If this one's easy to reproduce, you could add: > > for (i = 0; i < nr; i++) { > void *entry = xas_store(&xas, NULL); > + if (entry != page) { > + printk("Oh dear %d %d\n", i, nr); > + dump_page(page, "deleting page"); > + } > VM_BUG_ON_PAGE(entry != page, entry); > set_page_private(page + i, 0); > xas_next(&xas); > } > > I'll re-read the patch and see if I can figure out how the cache is getting > screwed up. Given what you said, probably on the swap-in path. I can give you a clue, it requires split_huge_page_to_list(). -Chris
Quoting Matthew Wilcox (2019-03-07 15:30:51) > diff --git a/mm/huge_memory.c b/mm/huge_memory.c > index 404acdcd0455..aaf88f85d492 100644 > --- a/mm/huge_memory.c > +++ b/mm/huge_memory.c > @@ -2456,6 +2456,9 @@ static void __split_huge_page(struct page *page, struct list_head *list, > if (IS_ENABLED(CONFIG_SHMEM) && PageSwapBacked(head)) > shmem_uncharge(head->mapping->host, 1); > put_page(head + i); > + } else if (!PageAnon(page)) { > + __xa_store(&head->mapping->i_pages, head[i].index, > + head + i, 0); Forgiving the ignorant copy'n'paste, this is required: + } else if (PageSwapCache(page)) { + swp_entry_t entry = { .val = page_private(head + i) }; + __xa_store(&swap_address_space(entry)->i_pages, + swp_offset(entry), + head + i, 0); } } The locking is definitely wrong. -Chris
On Sun, Jun 02, 2019 at 10:47:35PM +0100, Chris Wilson wrote: > Quoting Matthew Wilcox (2019-03-07 15:30:51) > > diff --git a/mm/huge_memory.c b/mm/huge_memory.c > > index 404acdcd0455..aaf88f85d492 100644 > > --- a/mm/huge_memory.c > > +++ b/mm/huge_memory.c > > @@ -2456,6 +2456,9 @@ static void __split_huge_page(struct page *page, struct list_head *list, > > if (IS_ENABLED(CONFIG_SHMEM) && PageSwapBacked(head)) > > shmem_uncharge(head->mapping->host, 1); > > put_page(head + i); > > + } else if (!PageAnon(page)) { > > + __xa_store(&head->mapping->i_pages, head[i].index, > > + head + i, 0); > > Forgiving the ignorant copy'n'paste, this is required: > > + } else if (PageSwapCache(page)) { > + swp_entry_t entry = { .val = page_private(head + i) }; > + __xa_store(&swap_address_space(entry)->i_pages, > + swp_offset(entry), > + head + i, 0); > } > } > > The locking is definitely wrong. Does it help with the problem, or it's just a possible lead?
Quoting Kirill A. Shutemov (2019-06-12 02:46:34) > On Sun, Jun 02, 2019 at 10:47:35PM +0100, Chris Wilson wrote: > > Quoting Matthew Wilcox (2019-03-07 15:30:51) > > > diff --git a/mm/huge_memory.c b/mm/huge_memory.c > > > index 404acdcd0455..aaf88f85d492 100644 > > > --- a/mm/huge_memory.c > > > +++ b/mm/huge_memory.c > > > @@ -2456,6 +2456,9 @@ static void __split_huge_page(struct page *page, struct list_head *list, > > > if (IS_ENABLED(CONFIG_SHMEM) && PageSwapBacked(head)) > > > shmem_uncharge(head->mapping->host, 1); > > > put_page(head + i); > > > + } else if (!PageAnon(page)) { > > > + __xa_store(&head->mapping->i_pages, head[i].index, > > > + head + i, 0); > > > > Forgiving the ignorant copy'n'paste, this is required: > > > > + } else if (PageSwapCache(page)) { > > + swp_entry_t entry = { .val = page_private(head + i) }; > > + __xa_store(&swap_address_space(entry)->i_pages, > > + swp_offset(entry), > > + head + i, 0); > > } > > } > > > > The locking is definitely wrong. > > Does it help with the problem, or it's just a possible lead? It definitely solves the problem we encountered of the bad VM_PAGE leading to RCU stalls in khugepaged. The locking is definitely wrong though :) -Chris
Quoting Chris Wilson (2019-06-12 08:42:05) > Quoting Kirill A. Shutemov (2019-06-12 02:46:34) > > On Sun, Jun 02, 2019 at 10:47:35PM +0100, Chris Wilson wrote: > > > Quoting Matthew Wilcox (2019-03-07 15:30:51) > > > > diff --git a/mm/huge_memory.c b/mm/huge_memory.c > > > > index 404acdcd0455..aaf88f85d492 100644 > > > > --- a/mm/huge_memory.c > > > > +++ b/mm/huge_memory.c > > > > @@ -2456,6 +2456,9 @@ static void __split_huge_page(struct page *page, struct list_head *list, > > > > if (IS_ENABLED(CONFIG_SHMEM) && PageSwapBacked(head)) > > > > shmem_uncharge(head->mapping->host, 1); > > > > put_page(head + i); > > > > + } else if (!PageAnon(page)) { > > > > + __xa_store(&head->mapping->i_pages, head[i].index, > > > > + head + i, 0); > > > > > > Forgiving the ignorant copy'n'paste, this is required: > > > > > > + } else if (PageSwapCache(page)) { > > > + swp_entry_t entry = { .val = page_private(head + i) }; > > > + __xa_store(&swap_address_space(entry)->i_pages, > > > + swp_offset(entry), > > > + head + i, 0); > > > } > > > } > > > > > > The locking is definitely wrong. > > > > Does it help with the problem, or it's just a possible lead? > > It definitely solves the problem we encountered of the bad VM_PAGE > leading to RCU stalls in khugepaged. The locking is definitely wrong > though :) I notice I'm not the only one to have bisected a swap related VM_PAGE_BUG to this patch. Do we have a real fix I can put through our CI to confirm the issue is resolved before 5.2? -Chris
diff --git a/include/linux/pagemap.h b/include/linux/pagemap.h index b477a70cc2e4..f5d0b9e69175 100644 --- a/include/linux/pagemap.h +++ b/include/linux/pagemap.h @@ -332,6 +332,15 @@ static inline struct page *grab_cache_page_nowait(struct address_space *mapping, mapping_gfp_mask(mapping)); } +static inline struct page *find_subpage(struct page *page, pgoff_t offset) +{ + VM_BUG_ON_PAGE(PageTail(page), page); + VM_BUG_ON_PAGE(page->index > offset, page); + VM_BUG_ON_PAGE(page->index + (1 << compound_order(page)) <= offset, + page); + return page - page->index + offset; +} + struct page *find_get_entry(struct address_space *mapping, pgoff_t offset); struct page *find_lock_entry(struct address_space *mapping, pgoff_t offset); unsigned find_get_entries(struct address_space *mapping, pgoff_t start, diff --git a/mm/filemap.c b/mm/filemap.c index a3b4021c448f..d85bb9d7de74 100644 --- a/mm/filemap.c +++ b/mm/filemap.c @@ -279,11 +279,11 @@ EXPORT_SYMBOL(delete_from_page_cache); * @pvec: pagevec with pages to delete * * The function walks over mapping->i_pages and removes pages passed in @pvec - * from the mapping. The function expects @pvec to be sorted by page index. + * from the mapping. The function expects @pvec to be sorted by page index + * and is optimised for it to be dense. * It tolerates holes in @pvec (mapping entries at those indices are not * modified). The function expects only THP head pages to be present in the - * @pvec and takes care to delete all corresponding tail pages from the - * mapping as well. + * @pvec. * * The function expects the i_pages lock to be held. */ @@ -292,40 +292,44 @@ static void page_cache_delete_batch(struct address_space *mapping, { XA_STATE(xas, &mapping->i_pages, pvec->pages[0]->index); int total_pages = 0; - int i = 0, tail_pages = 0; + int i = 0; struct page *page; mapping_set_update(&xas, mapping); xas_for_each(&xas, page, ULONG_MAX) { - if (i >= pagevec_count(pvec) && !tail_pages) + if (i >= pagevec_count(pvec)) break; + + /* A swap/dax/shadow entry got inserted? Skip it. */ if (xa_is_value(page)) continue; - if (!tail_pages) { - /* - * Some page got inserted in our range? Skip it. We - * have our pages locked so they are protected from - * being removed. - */ - if (page != pvec->pages[i]) { - VM_BUG_ON_PAGE(page->index > - pvec->pages[i]->index, page); - continue; - } - WARN_ON_ONCE(!PageLocked(page)); - if (PageTransHuge(page) && !PageHuge(page)) - tail_pages = HPAGE_PMD_NR - 1; + /* + * A page got inserted in our range? Skip it. We have our + * pages locked so they are protected from being removed. + * If we see a page whose index is higher than ours, it + * means our page has been removed, which shouldn't be + * possible because we're holding the PageLock. + */ + if (page != pvec->pages[i]) { + VM_BUG_ON_PAGE(page->index > pvec->pages[i]->index, + page); + continue; + } + + WARN_ON_ONCE(!PageLocked(page)); + + if (page->index == xas.xa_index) page->mapping = NULL; - /* - * Leave page->index set: truncation lookup relies - * upon it - */ + /* Leave page->index set: truncation lookup relies on it */ + + /* + * Move to the next page in the vector if this is a regular + * page or the index is of the last sub-page of this compound + * page. + */ + if (page->index + (1UL << compound_order(page)) - 1 == + xas.xa_index) i++; - } else { - VM_BUG_ON_PAGE(page->index + HPAGE_PMD_NR - tail_pages - != pvec->pages[i]->index, page); - tail_pages--; - } xas_store(&xas, NULL); total_pages++; } @@ -1491,7 +1495,7 @@ EXPORT_SYMBOL(page_cache_prev_miss); struct page *find_get_entry(struct address_space *mapping, pgoff_t offset) { XA_STATE(xas, &mapping->i_pages, offset); - struct page *head, *page; + struct page *page; rcu_read_lock(); repeat: @@ -1506,25 +1510,19 @@ struct page *find_get_entry(struct address_space *mapping, pgoff_t offset) if (!page || xa_is_value(page)) goto out; - head = compound_head(page); - if (!page_cache_get_speculative(head)) + if (!page_cache_get_speculative(page)) goto repeat; - /* The page was split under us? */ - if (compound_head(page) != head) { - put_page(head); - goto repeat; - } - /* - * Has the page moved? + * Has the page moved or been split? * This is part of the lockless pagecache protocol. See * include/linux/pagemap.h for details. */ if (unlikely(page != xas_reload(&xas))) { - put_page(head); + put_page(page); goto repeat; } + page = find_subpage(page, offset); out: rcu_read_unlock(); @@ -1696,7 +1694,6 @@ unsigned find_get_entries(struct address_space *mapping, rcu_read_lock(); xas_for_each(&xas, page, ULONG_MAX) { - struct page *head; if (xas_retry(&xas, page)) continue; /* @@ -1707,17 +1704,13 @@ unsigned find_get_entries(struct address_space *mapping, if (xa_is_value(page)) goto export; - head = compound_head(page); - if (!page_cache_get_speculative(head)) + if (!page_cache_get_speculative(page)) goto retry; - /* The page was split under us? */ - if (compound_head(page) != head) - goto put_page; - - /* Has the page moved? */ + /* Has the page moved or been split? */ if (unlikely(page != xas_reload(&xas))) goto put_page; + page = find_subpage(page, xas.xa_index); export: indices[ret] = xas.xa_index; @@ -1726,7 +1719,7 @@ unsigned find_get_entries(struct address_space *mapping, break; continue; put_page: - put_page(head); + put_page(page); retry: xas_reset(&xas); } @@ -1768,33 +1761,27 @@ unsigned find_get_pages_range(struct address_space *mapping, pgoff_t *start, rcu_read_lock(); xas_for_each(&xas, page, end) { - struct page *head; if (xas_retry(&xas, page)) continue; /* Skip over shadow, swap and DAX entries */ if (xa_is_value(page)) continue; - head = compound_head(page); - if (!page_cache_get_speculative(head)) + if (!page_cache_get_speculative(page)) goto retry; - /* The page was split under us? */ - if (compound_head(page) != head) - goto put_page; - - /* Has the page moved? */ + /* Has the page moved or been split? */ if (unlikely(page != xas_reload(&xas))) goto put_page; - pages[ret] = page; + pages[ret] = find_subpage(page, xas.xa_index); if (++ret == nr_pages) { *start = xas.xa_index + 1; goto out; } continue; put_page: - put_page(head); + put_page(page); retry: xas_reset(&xas); } @@ -1839,7 +1826,6 @@ unsigned find_get_pages_contig(struct address_space *mapping, pgoff_t index, rcu_read_lock(); for (page = xas_load(&xas); page; page = xas_next(&xas)) { - struct page *head; if (xas_retry(&xas, page)) continue; /* @@ -1849,24 +1835,19 @@ unsigned find_get_pages_contig(struct address_space *mapping, pgoff_t index, if (xa_is_value(page)) break; - head = compound_head(page); - if (!page_cache_get_speculative(head)) + if (!page_cache_get_speculative(page)) goto retry; - /* The page was split under us? */ - if (compound_head(page) != head) - goto put_page; - - /* Has the page moved? */ + /* Has the page moved or been split? */ if (unlikely(page != xas_reload(&xas))) goto put_page; - pages[ret] = page; + pages[ret] = find_subpage(page, xas.xa_index); if (++ret == nr_pages) break; continue; put_page: - put_page(head); + put_page(page); retry: xas_reset(&xas); } @@ -1902,7 +1883,6 @@ unsigned find_get_pages_range_tag(struct address_space *mapping, pgoff_t *index, rcu_read_lock(); xas_for_each_marked(&xas, page, end, tag) { - struct page *head; if (xas_retry(&xas, page)) continue; /* @@ -1913,26 +1893,21 @@ unsigned find_get_pages_range_tag(struct address_space *mapping, pgoff_t *index, if (xa_is_value(page)) continue; - head = compound_head(page); - if (!page_cache_get_speculative(head)) + if (!page_cache_get_speculative(page)) goto retry; - /* The page was split under us? */ - if (compound_head(page) != head) - goto put_page; - - /* Has the page moved? */ + /* Has the page moved or been split? */ if (unlikely(page != xas_reload(&xas))) goto put_page; - pages[ret] = page; + pages[ret] = find_subpage(page, xas.xa_index); if (++ret == nr_pages) { *index = xas.xa_index + 1; goto out; } continue; put_page: - put_page(head); + put_page(page); retry: xas_reset(&xas); } @@ -1981,7 +1956,6 @@ unsigned find_get_entries_tag(struct address_space *mapping, pgoff_t start, rcu_read_lock(); xas_for_each_marked(&xas, page, ULONG_MAX, tag) { - struct page *head; if (xas_retry(&xas, page)) continue; /* @@ -1992,17 +1966,13 @@ unsigned find_get_entries_tag(struct address_space *mapping, pgoff_t start, if (xa_is_value(page)) goto export; - head = compound_head(page); - if (!page_cache_get_speculative(head)) + if (!page_cache_get_speculative(page)) goto retry; - /* The page was split under us? */ - if (compound_head(page) != head) - goto put_page; - - /* Has the page moved? */ + /* Has the page moved or been split? */ if (unlikely(page != xas_reload(&xas))) goto put_page; + page = find_subpage(page, xas.xa_index); export: indices[ret] = xas.xa_index; @@ -2011,7 +1981,7 @@ unsigned find_get_entries_tag(struct address_space *mapping, pgoff_t start, break; continue; put_page: - put_page(head); + put_page(page); retry: xas_reset(&xas); } @@ -2633,7 +2603,7 @@ void filemap_map_pages(struct vm_fault *vmf, pgoff_t last_pgoff = start_pgoff; unsigned long max_idx; XA_STATE(xas, &mapping->i_pages, start_pgoff); - struct page *head, *page; + struct page *page; rcu_read_lock(); xas_for_each(&xas, page, end_pgoff) { @@ -2642,24 +2612,19 @@ void filemap_map_pages(struct vm_fault *vmf, if (xa_is_value(page)) goto next; - head = compound_head(page); - /* * Check for a locked page first, as a speculative * reference may adversely influence page migration. */ - if (PageLocked(head)) + if (PageLocked(page)) goto next; - if (!page_cache_get_speculative(head)) + if (!page_cache_get_speculative(page)) goto next; - /* The page was split under us? */ - if (compound_head(page) != head) - goto skip; - - /* Has the page moved? */ + /* Has the page moved or been split? */ if (unlikely(page != xas_reload(&xas))) goto skip; + page = find_subpage(page, xas.xa_index); if (!PageUptodate(page) || PageReadahead(page) || diff --git a/mm/huge_memory.c b/mm/huge_memory.c index 404acdcd0455..aaf88f85d492 100644 --- a/mm/huge_memory.c +++ b/mm/huge_memory.c @@ -2456,6 +2456,9 @@ static void __split_huge_page(struct page *page, struct list_head *list, if (IS_ENABLED(CONFIG_SHMEM) && PageSwapBacked(head)) shmem_uncharge(head->mapping->host, 1); put_page(head + i); + } else if (!PageAnon(page)) { + __xa_store(&head->mapping->i_pages, head[i].index, + head + i, 0); } } diff --git a/mm/khugepaged.c b/mm/khugepaged.c index 449044378782..7ba7a1e4fa79 100644 --- a/mm/khugepaged.c +++ b/mm/khugepaged.c @@ -1374,7 +1374,7 @@ static void collapse_shmem(struct mm_struct *mm, result = SCAN_FAIL; goto xa_locked; } - xas_store(&xas, new_page + (index % HPAGE_PMD_NR)); + xas_store(&xas, new_page); nr_none++; continue; } @@ -1450,7 +1450,7 @@ static void collapse_shmem(struct mm_struct *mm, list_add_tail(&page->lru, &pagelist); /* Finally, replace with the new page. */ - xas_store(&xas, new_page + (index % HPAGE_PMD_NR)); + xas_store(&xas, new_page); continue; out_unlock: unlock_page(page); diff --git a/mm/memfd.c b/mm/memfd.c index 650e65a46b9c..2647c898990c 100644 --- a/mm/memfd.c +++ b/mm/memfd.c @@ -39,6 +39,7 @@ static void memfd_tag_pins(struct xa_state *xas) xas_for_each(xas, page, ULONG_MAX) { if (xa_is_value(page)) continue; + page = find_subpage(page, xas->xa_index); if (page_count(page) - page_mapcount(page) > 1) xas_set_mark(xas, MEMFD_TAG_PINNED); @@ -88,6 +89,7 @@ static int memfd_wait_for_pins(struct address_space *mapping) bool clear = true; if (xa_is_value(page)) continue; + page = find_subpage(page, xas.xa_index); if (page_count(page) - page_mapcount(page) != 1) { /* * On the last scan, we clean up all those tags diff --git a/mm/migrate.c b/mm/migrate.c index ac6f4939bb59..1ce24fc3af27 100644 --- a/mm/migrate.c +++ b/mm/migrate.c @@ -465,7 +465,7 @@ int migrate_page_move_mapping(struct address_space *mapping, for (i = 1; i < HPAGE_PMD_NR; i++) { xas_next(&xas); - xas_store(&xas, newpage + i); + xas_store(&xas, newpage); } } diff --git a/mm/shmem.c b/mm/shmem.c index b3db3779a30a..3a4b74cb4f14 100644 --- a/mm/shmem.c +++ b/mm/shmem.c @@ -614,7 +614,7 @@ static int shmem_add_to_page_cache(struct page *page, if (xas_error(&xas)) goto unlock; next: - xas_store(&xas, page + i); + xas_store(&xas, page); if (++i < nr) { xas_next(&xas); goto next; diff --git a/mm/swap_state.c b/mm/swap_state.c index 85245fdec8d9..eb714165afd2 100644 --- a/mm/swap_state.c +++ b/mm/swap_state.c @@ -132,7 +132,7 @@ int add_to_swap_cache(struct page *page, swp_entry_t entry, gfp_t gfp) for (i = 0; i < nr; i++) { VM_BUG_ON_PAGE(xas.xa_index != idx + i, page); set_page_private(page + i, entry.val + i); - xas_store(&xas, page + i); + xas_store(&xas, page); xas_next(&xas); } address_space->nrpages += nr; @@ -167,7 +167,7 @@ void __delete_from_swap_cache(struct page *page, swp_entry_t entry) for (i = 0; i < nr; i++) { void *entry = xas_store(&xas, NULL); - VM_BUG_ON_PAGE(entry != page + i, entry); + VM_BUG_ON_PAGE(entry != page, entry); set_page_private(page + i, 0); xas_next(&xas); }