From patchwork Mon Aug 28 02:25:27 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Tong Tiangen X-Patchwork-Id: 13367501 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 33C5CC83F11 for ; Mon, 28 Aug 2023 02:26:07 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 43D2128000F; Sun, 27 Aug 2023 22:26:06 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 3ECE78E0001; Sun, 27 Aug 2023 22:26:06 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 2DB9428000F; Sun, 27 Aug 2023 22:26:06 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id 1F2A98E0001 for ; Sun, 27 Aug 2023 22:26:06 -0400 (EDT) Received: from smtpin12.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id DC03314027D for ; Mon, 28 Aug 2023 02:26:05 +0000 (UTC) X-FDA: 81171923490.12.E0976C4 Received: from szxga02-in.huawei.com (szxga02-in.huawei.com [45.249.212.188]) by imf24.hostedemail.com (Postfix) with ESMTP id 9F064180012 for ; Mon, 28 Aug 2023 02:26:02 +0000 (UTC) Authentication-Results: imf24.hostedemail.com; dkim=none; dmarc=pass (policy=quarantine) header.from=huawei.com; spf=pass (imf24.hostedemail.com: domain of tongtiangen@huawei.com designates 45.249.212.188 as permitted sender) smtp.mailfrom=tongtiangen@huawei.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1693189564; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:in-reply-to: references; bh=7S5vXgTs38v7kTRka+lQA7E3x5oex1uP5J3/OPJIwns=; b=5j/f/FHQpmaHY/kdw4ZAFBe6o0fLxDUKmtOeK0SVYO3Ru+WYg6KfikAKb5NOf5nNUoxUwO DViTub12wtDGPXrmHcotpxWFlJweiW9OPBEbZ9Ps+vwA6vtgBfDrRPzhZvC6HYCE5aVPrU f2M8dJLvFbF1qccyAtoVMnaThtRognc= ARC-Authentication-Results: i=1; imf24.hostedemail.com; dkim=none; dmarc=pass (policy=quarantine) header.from=huawei.com; spf=pass (imf24.hostedemail.com: domain of tongtiangen@huawei.com designates 45.249.212.188 as permitted sender) smtp.mailfrom=tongtiangen@huawei.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1693189564; a=rsa-sha256; cv=none; b=T22qqEYjPMNYnxUq2uAAvQTqtoIC3cnHldK5KtNnnbdrcW7jQcC/4JzlNrliGwwyFIB1cH GJa+Zwjqut671LZqckalBuMYTYnpbAPXoWSjhKHPT4djRz2ztkvF+vrHyu2H0GApGoU8cb hS3c0lNS7yhTikSE6xs6RA4PG84zGpo= Received: from kwepemm600017.china.huawei.com (unknown [172.30.72.53]) by szxga02-in.huawei.com (SkyGuard) with ESMTP id 4RYvTT3J09zNnGr; Mon, 28 Aug 2023 10:22:21 +0800 (CST) Received: from localhost.localdomain (10.175.112.125) by kwepemm600017.china.huawei.com (7.193.23.234) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.31; Mon, 28 Aug 2023 10:25:57 +0800 From: Tong Tiangen To: Andrew Morton , Matthew Wilcox , Naoya Horiguchi , , "Paul E . McKenney" , Miaohe Lin CC: , , Tong Tiangen Subject: [PATCH v3] mm: memory-failure: use rcu lock instead of tasklist_lock when collect_procs() Date: Mon, 28 Aug 2023 10:25:27 +0800 Message-ID: <20230828022527.241693-1-tongtiangen@huawei.com> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 X-Originating-IP: [10.175.112.125] X-ClientProxiedBy: dggems704-chm.china.huawei.com (10.3.19.181) To kwepemm600017.china.huawei.com (7.193.23.234) X-CFilter-Loop: Reflected X-Rspamd-Queue-Id: 9F064180012 X-Rspam-User: X-Rspamd-Server: rspam02 X-Stat-Signature: y93wqfxhisrt5soc6dopzdrne5gdzcqx X-HE-Tag: 1693189562-683578 X-HE-Meta: U2FsdGVkX1+iQXFsbifcpz7HVRaD0shzTv+vXdmGg6U8p6C7lLvQg7z0kMiiyVOHeI64Mc56J/8Zx+d2k7hjTUDwgQ0Byq4+h7Ngz4d+4gfcTfjaDrylIzXRznyA0FZVpes82lu/Abw8VulBYC488KrSu2nxecdq5Tn7dyazLfcGQQvCkVWDNDiXMDDvXzIhxKgXQMVOMy7ppmpb81DgsuH44JUUeIduZn+BbgbFrIa/xGV/ozwfA3T3eDjG1aD2FxoQ1TTscvxXiLIBsF261NeORWH9c1dqs6MXa1yHdziA3szoGInegK4WI3L7l2Vpouvot2BidS+LOBklPas1Lm/DWROmr5M/Rg69j3js+oSkvJn+1i/Dzu2b2N+kJ7qO+2eOCrV8MmWb/E3hwQuM8aZ+Mde0mdfYIDR/mc3JSAeB73AL6A5Bx8WcYMv6KFMiqmGDJP8K8Wnic8yUakHTQbhQfSB8mfMipqPRBJuuw3xyYSo6DL/6gVXPOFB0f5XJemZgCcSFDUZ5GUwH4PwBOmWDws6+qhXXoxIKt1rY7Rh8fwkQL7YFa1rkPNIi9mB0HRGTVqhTlKb3rWLyD5GFco40qOJzf2I2F3KB7cvlGECJXsPAgbt37+Zbk+s1A+waSne9+3wfvpKOmAUBI0Hmq3lcUA1lFMt+KxtpjcaAOxM2cbg80mGUuLH2x6A5xL7AjBxQ2cLgLL2TTYjwy7pf08V9nocZsnId1CVOH7Yp7K/iFLiWt8X0p74auMZXQgVNrZBECtlDaLscVNKtdrXsFvL4XFpGUYx7Q01J1DfmhNy84g6ismnV3bvB5MQBOnG136TGBapsoFuaUsvetfJzslLefckZ4y0mYBiOQHhnfPbUobnibJPft7UHKV6X2XVZ+Dl76+LlB88UNlnatYjkXJLazMAkr3FKJjjplHwHlkZiS6iJjybNlars23bZUfYKOlBtP5zQuK3r2KtGX4V rdYYA42C OKn+3Ih5x4kH0ZrDxCDB0cc4oG9SyYWsPmAsb+tSUNkAqH3ELK4dYjuqixfNOkdplp/8NicZjaKT4/uM+633YOfCdT/0y4fgKdi8bMWfswZXwyo4vZPzHejMMdB0GLohnADxNVmUh8+b/Og7iMY1e5nv9s2vEty5S8YFveIHXAqUU29TbYXalmOVhm5Y9SXhEyms4bBa+qsaU1nAibQ6wAkw4kbY0Qb04qqXsE4hSpzb6kiQ0zIQVNe6oO3e7loJuA+T5WSE4Xl3VOQfD+IYy52enJul/wIT1JvEO X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: We found a softlock issue in our test, analyzed the logs, and found that the relevant CPU call trace as follows: CPU0: _do_fork -> copy_process() -> write_lock_irq(&tasklist_lock) //Disable irq,waiting for //tasklist_lock CPU1: wp_page_copy() ->pte_offset_map_lock() -> spin_lock(&page->ptl); //Hold page->ptl -> ptep_clear_flush() -> flush_tlb_others() ... -> smp_call_function_many() -> arch_send_call_function_ipi_mask() -> csd_lock_wait() //Waiting for other CPUs respond //IPI CPU2: collect_procs_anon() -> read_lock(&tasklist_lock) //Hold tasklist_lock ->for_each_process(tsk) -> page_mapped_in_vma() -> page_vma_mapped_walk() -> map_pte() ->spin_lock(&page->ptl) //Waiting for page->ptl We can see that CPU1 waiting for CPU0 respond IPI,CPU0 waiting for CPU2 unlock tasklist_lock, CPU2 waiting for CPU1 unlock page->ptl. As a result, softlockup is triggered. For collect_procs_anon(), what we're doing is task list iteration, during the iteration, with the help of call_rcu(), the task_struct object is freed only after one or more grace periods elapse. the logic as follows: release_task() -> __exit_signal() -> __unhash_process() -> list_del_rcu() -> put_task_struct_rcu_user() -> call_rcu(&task->rcu, delayed_put_task_struct) delayed_put_task_struct() -> put_task_struct() -> if (refcount_sub_and_test()) __put_task_struct() -> free_task() Therefore, under the protection of the rcu lock, we can safely use get_task_struct() to ensure a safe reference to task_struct during the iteration. By removing the use of tasklist_lock in task list iteration, we can break the softlock chain above. The same logic can also be applied to: - collect_procs_file() - collect_procs_fsdax() - collect_procs_ksm() Signed-off-by: Tong Tiangen Acked-by: Naoya Horiguchi --- Since v2: - 1. According to the analysis of Naoya,Matthew and Kefeng,update the commit message. Since v1: - 1. According to Matthew's suggestion, only the comments of find_early_kill_thread() are modified, no need to hold the rcu lock. Changes since RFC[1]: - 1. According to Naoya's suggestion, modify the tasklist_lock in the comment about locking order in mm/filemap.c. - 2. According to Kefeng's suggestion, optimize the implementation of find_early_kill_thread() without functional changes. - 3. Modify the title description. [1] https://lore.kernel.org/lkml/20230815130154.1100779-1-tongtiangen@huawei.com/ --- mm/filemap.c | 3 --- mm/ksm.c | 4 ++-- mm/memory-failure.c | 16 ++++++++-------- 3 files changed, 10 insertions(+), 13 deletions(-) diff --git a/mm/filemap.c b/mm/filemap.c index 014b73eb96a1..dfade1ef1765 100644 --- a/mm/filemap.c +++ b/mm/filemap.c @@ -121,9 +121,6 @@ * bdi.wb->list_lock (zap_pte_range->set_page_dirty) * ->inode->i_lock (zap_pte_range->set_page_dirty) * ->private_lock (zap_pte_range->block_dirty_folio) - * - * ->i_mmap_rwsem - * ->tasklist_lock (memory_failure, collect_procs_ao) */ static void page_cache_delete(struct address_space *mapping, diff --git a/mm/ksm.c b/mm/ksm.c index 8d6aee05421d..981af9c72e7a 100644 --- a/mm/ksm.c +++ b/mm/ksm.c @@ -2925,7 +2925,7 @@ void collect_procs_ksm(struct page *page, struct list_head *to_kill, struct anon_vma *av = rmap_item->anon_vma; anon_vma_lock_read(av); - read_lock(&tasklist_lock); + rcu_read_lock(); for_each_process(tsk) { struct anon_vma_chain *vmac; unsigned long addr; @@ -2944,7 +2944,7 @@ void collect_procs_ksm(struct page *page, struct list_head *to_kill, } } } - read_unlock(&tasklist_lock); + rcu_read_unlock(); anon_vma_unlock_read(av); } } diff --git a/mm/memory-failure.c b/mm/memory-failure.c index 7b01fffe7a79..4d6e43c88489 100644 --- a/mm/memory-failure.c +++ b/mm/memory-failure.c @@ -547,8 +547,8 @@ static void kill_procs(struct list_head *to_kill, int forcekill, bool fail, * on behalf of the thread group. Return task_struct of the (first found) * dedicated thread if found, and return NULL otherwise. * - * We already hold read_lock(&tasklist_lock) in the caller, so we don't - * have to call rcu_read_lock/unlock() in this function. + * We already hold rcu lock in the caller, so we don't have to call + * rcu_read_lock/unlock() in this function. */ static struct task_struct *find_early_kill_thread(struct task_struct *tsk) { @@ -609,7 +609,7 @@ static void collect_procs_anon(struct page *page, struct list_head *to_kill, return; pgoff = page_to_pgoff(page); - read_lock(&tasklist_lock); + rcu_read_lock(); for_each_process(tsk) { struct anon_vma_chain *vmac; struct task_struct *t = task_early_kill(tsk, force_early); @@ -626,7 +626,7 @@ static void collect_procs_anon(struct page *page, struct list_head *to_kill, add_to_kill_anon_file(t, page, vma, to_kill); } } - read_unlock(&tasklist_lock); + rcu_read_unlock(); anon_vma_unlock_read(av); } @@ -642,7 +642,7 @@ static void collect_procs_file(struct page *page, struct list_head *to_kill, pgoff_t pgoff; i_mmap_lock_read(mapping); - read_lock(&tasklist_lock); + rcu_read_lock(); pgoff = page_to_pgoff(page); for_each_process(tsk) { struct task_struct *t = task_early_kill(tsk, force_early); @@ -662,7 +662,7 @@ static void collect_procs_file(struct page *page, struct list_head *to_kill, add_to_kill_anon_file(t, page, vma, to_kill); } } - read_unlock(&tasklist_lock); + rcu_read_unlock(); i_mmap_unlock_read(mapping); } @@ -685,7 +685,7 @@ static void collect_procs_fsdax(struct page *page, struct task_struct *tsk; i_mmap_lock_read(mapping); - read_lock(&tasklist_lock); + rcu_read_lock(); for_each_process(tsk) { struct task_struct *t = task_early_kill(tsk, true); @@ -696,7 +696,7 @@ static void collect_procs_fsdax(struct page *page, add_to_kill_fsdax(t, page, vma, to_kill, pgoff); } } - read_unlock(&tasklist_lock); + rcu_read_unlock(); i_mmap_unlock_read(mapping); } #endif /* CONFIG_FS_DAX */