| Message ID | 872cefb182ba1dd686b0e7db1e6b2ebe5a4fff87.1651039624.git.xuyu@linux.alibaba.com (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | mm/memory-failure: rework fix on huge_zero_page splitting | expand |
On Tue, Apr 26, 2022 at 11:10 PM Xu Yu <xuyu@linux.alibaba.com> wrote: > > This reverts commit d173d5417fb67411e623d394aab986d847e47dad. > > The commit d173d5417fb6 ("mm/memory-failure.c: skip huge_zero_page in > memory_failure()") explicitly skips huge_zero_page in memory_failure(), > in order to avoid triggering VM_BUG_ON_PAGE on huge_zero_page in > split_huge_page_to_list(). > > This works, but Yang Shi thinks that, > > Raising BUG is overkilling for splitting huge_zero_page. The > huge_zero_page can't be met from normal paths other than memory > failure, but memory failure is a valid caller. So I tend to replace > the BUG to WARN + returning -EBUSY. If we don't care about the > reason code in memory failure, we don't have to touch memory > failure. > > And for the issue that huge_zero_page will be set PG_has_hwpoisoned, > Yang Shi comments that, > > The anonymous page fault doesn't check if the page is poisoned or > not since it typically gets a fresh allocated page and assumes the > poisoned page (isolated successfully) can't be reallocated again. > But huge zero page and base zero page are reused every time. So no > matter what fix we pick, the issue is always there. > > Finally, Yang, David, Anshuman and Naoya all agree to fix the bug, i.e., > to split huge_zero_page, in split_huge_page_to_list(). > > This reverts the commit d173d5417fb6 ("mm/memory-failure.c: skip > huge_zero_page in memory_failure()"), and the original bug will be fixed > by the next patch. Reviewed-by: Yang Shi <shy828301@gmail.com> > > Suggested-by: Yang Shi <shy828301@gmail.com> > Cc: Naoya Horiguchi <naoya.horiguchi@nec.com> > Signed-off-by: Xu Yu <xuyu@linux.alibaba.com> > --- > mm/memory-failure.c | 13 ------------- > 1 file changed, 13 deletions(-) > > diff --git a/mm/memory-failure.c b/mm/memory-failure.c > index 27760c19bad7..2020944398c9 100644 > --- a/mm/memory-failure.c > +++ b/mm/memory-failure.c > @@ -1860,19 +1860,6 @@ int memory_failure(unsigned long pfn, int flags) > } > > if (PageTransHuge(hpage)) { > - /* > - * Bail out before SetPageHasHWPoisoned() if hpage is > - * huge_zero_page, although PG_has_hwpoisoned is not > - * checked in set_huge_zero_page(). > - * > - * TODO: Handle memory failure of huge_zero_page thoroughly. > - */ > - if (is_huge_zero_page(hpage)) { > - action_result(pfn, MF_MSG_UNSPLIT_THP, MF_IGNORED); > - res = -EBUSY; > - goto unlock_mutex; > - } > - > /* > * The flag must be set after the refcount is bumped > * otherwise it may race with THP split. > -- > 2.20.1.2432.ga663e714 >
On 2022/4/27 14:10, Xu Yu wrote: > This reverts commit d173d5417fb67411e623d394aab986d847e47dad. > > The commit d173d5417fb6 ("mm/memory-failure.c: skip huge_zero_page in > memory_failure()") explicitly skips huge_zero_page in memory_failure(), > in order to avoid triggering VM_BUG_ON_PAGE on huge_zero_page in > split_huge_page_to_list(). > > This works, but Yang Shi thinks that, > > Raising BUG is overkilling for splitting huge_zero_page. The > huge_zero_page can't be met from normal paths other than memory > failure, but memory failure is a valid caller. So I tend to replace > the BUG to WARN + returning -EBUSY. If we don't care about the > reason code in memory failure, we don't have to touch memory > failure. > > And for the issue that huge_zero_page will be set PG_has_hwpoisoned, > Yang Shi comments that, > > The anonymous page fault doesn't check if the page is poisoned or > not since it typically gets a fresh allocated page and assumes the > poisoned page (isolated successfully) can't be reallocated again. > But huge zero page and base zero page are reused every time. So no > matter what fix we pick, the issue is always there. > > Finally, Yang, David, Anshuman and Naoya all agree to fix the bug, i.e., > to split huge_zero_page, in split_huge_page_to_list(). > > This reverts the commit d173d5417fb6 ("mm/memory-failure.c: skip > huge_zero_page in memory_failure()"), and the original bug will be fixed > by the next patch. > > Suggested-by: Yang Shi <shy828301@gmail.com> > Cc: Naoya Horiguchi <naoya.horiguchi@nec.com> > Signed-off-by: Xu Yu <xuyu@linux.alibaba.com> LGTM. Thanks! Reviewed-by: Miaohe Lin <linmiaohe@huawei.com> > --- > mm/memory-failure.c | 13 ------------- > 1 file changed, 13 deletions(-) > > diff --git a/mm/memory-failure.c b/mm/memory-failure.c > index 27760c19bad7..2020944398c9 100644 > --- a/mm/memory-failure.c > +++ b/mm/memory-failure.c > @@ -1860,19 +1860,6 @@ int memory_failure(unsigned long pfn, int flags) > } > > if (PageTransHuge(hpage)) { > - /* > - * Bail out before SetPageHasHWPoisoned() if hpage is > - * huge_zero_page, although PG_has_hwpoisoned is not > - * checked in set_huge_zero_page(). > - * > - * TODO: Handle memory failure of huge_zero_page thoroughly. > - */ > - if (is_huge_zero_page(hpage)) { > - action_result(pfn, MF_MSG_UNSPLIT_THP, MF_IGNORED); > - res = -EBUSY; > - goto unlock_mutex; > - } > - > /* > * The flag must be set after the refcount is bumped > * otherwise it may race with THP split. >
diff --git a/mm/memory-failure.c b/mm/memory-failure.c index 27760c19bad7..2020944398c9 100644 --- a/mm/memory-failure.c +++ b/mm/memory-failure.c @@ -1860,19 +1860,6 @@ int memory_failure(unsigned long pfn, int flags) } if (PageTransHuge(hpage)) { - /* - * Bail out before SetPageHasHWPoisoned() if hpage is - * huge_zero_page, although PG_has_hwpoisoned is not - * checked in set_huge_zero_page(). - * - * TODO: Handle memory failure of huge_zero_page thoroughly. - */ - if (is_huge_zero_page(hpage)) { - action_result(pfn, MF_MSG_UNSPLIT_THP, MF_IGNORED); - res = -EBUSY; - goto unlock_mutex; - } - /* * The flag must be set after the refcount is bumped * otherwise it may race with THP split.
This reverts commit d173d5417fb67411e623d394aab986d847e47dad. The commit d173d5417fb6 ("mm/memory-failure.c: skip huge_zero_page in memory_failure()") explicitly skips huge_zero_page in memory_failure(), in order to avoid triggering VM_BUG_ON_PAGE on huge_zero_page in split_huge_page_to_list(). This works, but Yang Shi thinks that, Raising BUG is overkilling for splitting huge_zero_page. The huge_zero_page can't be met from normal paths other than memory failure, but memory failure is a valid caller. So I tend to replace the BUG to WARN + returning -EBUSY. If we don't care about the reason code in memory failure, we don't have to touch memory failure. And for the issue that huge_zero_page will be set PG_has_hwpoisoned, Yang Shi comments that, The anonymous page fault doesn't check if the page is poisoned or not since it typically gets a fresh allocated page and assumes the poisoned page (isolated successfully) can't be reallocated again. But huge zero page and base zero page are reused every time. So no matter what fix we pick, the issue is always there. Finally, Yang, David, Anshuman and Naoya all agree to fix the bug, i.e., to split huge_zero_page, in split_huge_page_to_list(). This reverts the commit d173d5417fb6 ("mm/memory-failure.c: skip huge_zero_page in memory_failure()"), and the original bug will be fixed by the next patch. Suggested-by: Yang Shi <shy828301@gmail.com> Cc: Naoya Horiguchi <naoya.horiguchi@nec.com> Signed-off-by: Xu Yu <xuyu@linux.alibaba.com> --- mm/memory-failure.c | 13 ------------- 1 file changed, 13 deletions(-)