From patchwork Mon Jan 18 07:41:26 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Wu Yan <wu-yan@tcl.com>
X-Patchwork-Id: 12026705
Return-Path: <SRS0=dhnz=GV=kvack.org=owner-linux-mm@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00,
	HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH,
	MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT
	autolearn=ham autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 8B8C3C433E0
	for <linux-mm@archiver.kernel.org>; Mon, 18 Jan 2021 07:41:51 +0000 (UTC)
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by mail.kernel.org (Postfix) with ESMTP id DC8F022242
	for <linux-mm@archiver.kernel.org>; Mon, 18 Jan 2021 07:41:50 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org DC8F022242
Authentication-Results: mail.kernel.org;
 dmarc=none (p=none dis=none) header.from=tcl.com
Authentication-Results: mail.kernel.org;
 spf=pass smtp.mailfrom=owner-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix)
	id A63646B0280; Mon, 18 Jan 2021 02:41:49 -0500 (EST)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id A14AB6B0281; Mon, 18 Jan 2021 02:41:49 -0500 (EST)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 92A426B0282; Mon, 18 Jan 2021 02:41:49 -0500 (EST)
X-Delivered-To: linux-mm@kvack.org
Received: from forelay.hostedemail.com (smtprelay0067.hostedemail.com
 [216.40.44.67])
	by kanga.kvack.org (Postfix) with ESMTP id 79C416B0280
	for <linux-mm@kvack.org>; Mon, 18 Jan 2021 02:41:49 -0500 (EST)
Received: from smtpin13.hostedemail.com (10.5.19.251.rfc1918.com
 [10.5.19.251])
	by forelay03.hostedemail.com (Postfix) with ESMTP id 31400824999B
	for <linux-mm@kvack.org>; Mon, 18 Jan 2021 07:41:49 +0000 (UTC)
X-FDA: 77718101538.13.meal97_181682627547
Received: from filter.hostedemail.com (10.5.16.251.rfc1918.com [10.5.16.251])
	by smtpin13.hostedemail.com (Postfix) with ESMTP id 1309818140B89
	for <linux-mm@kvack.org>; Mon, 18 Jan 2021 07:41:49 +0000 (UTC)
X-HE-Tag: meal97_181682627547
X-Filterd-Recvd-Size: 4552
Received: from support.corp-email.com (support.corp-email.com
 [222.73.234.235])
	by imf41.hostedemail.com (Postfix) with ESMTP
	for <linux-mm@kvack.org>; Mon, 18 Jan 2021 07:41:46 +0000 (UTC)
Received: from ([183.47.25.45])
        by support.corp-email.com ((LNX1044)) with ASMTP (SSL) id LYH00040;
        Mon, 18 Jan 2021 15:41:40 +0800
Received: from GCY-EXS-15.TCL.com (10.74.128.165) by GCY-EXS-07.TCL.com
 (10.74.128.157) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2106.2; Mon, 18 Jan
 2021 15:41:40 +0800
Received: from localhost.localdomain (172.16.34.38) by GCY-EXS-15.TCL.com
 (10.74.128.165) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2106.2; Mon, 18 Jan
 2021 15:41:39 +0800
From: Rokudo Yan <wu-yan@tcl.com>
To: <akpm@linux-foundation.org>
CC: <aarcange@redhat.com>, <haiwang.fu@tcl.com>,
	<linux-kernel@vger.kernel.org>, <linux-mm@kvack.org>,
	<mgorman@techsingularity.net>, <rientjes@google.com>, <tang.ding@tcl.com>,
	<vbabka@suse.cz>, <wu-yan@tcl.com>, <xiushui.ye@tcl.com>
Subject: [PATCH] mm, compaction: move high_pfn to the for loop scope.
Date: Mon, 18 Jan 2021 15:41:26 +0800
Message-ID: <20210118074126.1838139-1-wu-yan@tcl.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <20210112142711.b82cf36abaa7ff04773e212f@linux-foundation.org>
References: <20210112142711.b82cf36abaa7ff04773e212f@linux-foundation.org>
MIME-Version: 1.0
X-Originating-IP: [172.16.34.38]
X-ClientProxiedBy: GCY-EXS-01.TCL.com (10.74.128.151) To GCY-EXS-15.TCL.com
 (10.74.128.165)
tUid: 2021118154140b2abbdfb168f8823bfb5153861e0b1ce
X-Abuse-Reports-To: service@corp-email.com
Abuse-Reports-To: service@corp-email.com
X-Complaints-To: service@corp-email.com
X-Report-Abuse-To: service@corp-email.com
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

In fast_isolate_freepages, high_pfn will be used if a prefered one(PFN >= low_fn) not found. But the high_pfn
is not reset before searching an free area, so when it was used as freepage, it may from another free area searched before.
And move_freelist_head(freelist, freepage) will have unexpected behavior(eg. corrupt the MOVABLE freelist)

Unable to handle kernel paging request at virtual address dead000000000200
Mem abort info:
  ESR = 0x96000044
  Exception class = DABT (current EL), IL = 32 bits
  SET = 0, FnV = 0
  EA = 0, S1PTW = 0
Data abort info:
  ISV = 0, ISS = 0x00000044
  CM = 0, WnR = 1
[dead000000000200] address between user and kernel address ranges

-000|list_cut_before(inline)
-000|move_freelist_head(inline)
-000|fast_isolate_freepages(inline)
-000|isolate_freepages(inline)
-000|compaction_alloc(?, ?)
-001|unmap_and_move(inline)
-001|migrate_pages([NSD:0xFFFFFF80088CBBD0] from = 0xFFFFFF80088CBD88, [NSD:0xFFFFFF80088CBBC8] get_new_p
-002|__read_once_size(inline)
-002|static_key_count(inline)
-002|static_key_false(inline)
-002|trace_mm_compaction_migratepages(inline)
-002|compact_zone(?, [NSD:0xFFFFFF80088CBCB0] capc = 0x0)
-003|kcompactd_do_work(inline)
-003|kcompactd([X19] p = 0xFFFFFF93227FBC40)
-004|kthread([X20] _create = 0xFFFFFFE1AFB26380)
-005|ret_from_fork(asm)
---|end of frame

The issue was reported on an smart phone product with 6GB ram and 3GB zram as swap device.

This patch fixes the issue by reset high_pfn before searching each free area, which ensure
freepage and freelist match when call move_freelist_head in fast_isolate_freepages().

Fixes: 5a811889de10f1eb ("mm, compaction: use free lists to quickly locate a migration target")

Signed-off-by: Rokudo Yan <wu-yan@tcl.com>
Acked-by: Mel Gorman <mgorman@techsingularity.net>
---
 mm/compaction.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/mm/compaction.c b/mm/compaction.c
index cc1a7f600a86..75f0e550b18f 100644
--- a/mm/compaction.c
+++ b/mm/compaction.c
@@ -1303,7 +1303,7 @@ fast_isolate_freepages(struct compact_control *cc)
 {
 	unsigned int limit = min(1U, freelist_scan_limit(cc) >> 1);
 	unsigned int nr_scanned = 0;
-	unsigned long low_pfn, min_pfn, high_pfn = 0, highest = 0;
+	unsigned long low_pfn, min_pfn, highest = 0;
 	unsigned long nr_isolated = 0;
 	unsigned long distance;
 	struct page *page = NULL;
@@ -1348,6 +1348,7 @@ fast_isolate_freepages(struct compact_control *cc)
 		struct page *freepage;
 		unsigned long flags;
 		unsigned int order_scanned = 0;
+		unsigned long high_pfn = 0;
 
 		if (!area->nr_free)
 			continue;