iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/mm
History
Miaohe Lin 2effe407f7 mm/hugetlb: fix DEBUG_LOCKS_WARN_ON(1) when dissolve_free_hugetlb_folio() 
commit 52ccdde16b6540abe43b6f8d8e1e1ec90b0983af upstream.

When I did memory failure tests recently, below warning occurs:

DEBUG_LOCKS_WARN_ON(1)
WARNING: CPU: 8 PID: 1011 at kernel/locking/lockdep.c:232 __lock_acquire+0xccb/0x1ca0
Modules linked in: mce_inject hwpoison_inject
CPU: 8 PID: 1011 Comm: bash Kdump: loaded Not tainted 6.9.0-rc3-next-20240410-00012-gdb69f219f4be #3
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
RIP: 0010:__lock_acquire+0xccb/0x1ca0
RSP: 0018:ffffa7a1c7fe3bd0 EFLAGS: 00000082
RAX: 0000000000000000 RBX: eb851eb853975fcf RCX: ffffa1ce5fc1c9c8
RDX: 00000000ffffffd8 RSI: 0000000000000027 RDI: ffffa1ce5fc1c9c0
RBP: ffffa1c6865d3280 R08: ffffffffb0f570a8 R09: 0000000000009ffb
R10: 0000000000000286 R11: ffffffffb0f2ad50 R12: ffffa1c6865d3d10
R13: ffffa1c6865d3c70 R14: 0000000000000000 R15: 0000000000000004
FS:  00007ff9f32aa740(0000) GS:ffffa1ce5fc00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ff9f3134ba0 CR3: 00000008484e4000 CR4: 00000000000006f0
Call Trace:
 <TASK>
 lock_acquire+0xbe/0x2d0
 _raw_spin_lock_irqsave+0x3a/0x60
 hugepage_subpool_put_pages.part.0+0xe/0xc0
 free_huge_folio+0x253/0x3f0
 dissolve_free_huge_page+0x147/0x210
 __page_handle_poison+0x9/0x70
 memory_failure+0x4e6/0x8c0
 hard_offline_page_store+0x55/0xa0
 kernfs_fop_write_iter+0x12c/0x1d0
 vfs_write+0x380/0x540
 ksys_write+0x64/0xe0
 do_syscall_64+0xbc/0x1d0
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7ff9f3114887
RSP: 002b:00007ffecbacb458 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 000000000000000c RCX: 00007ff9f3114887
RDX: 000000000000000c RSI: 0000564494164e10 RDI: 0000000000000001
RBP: 0000564494164e10 R08: 00007ff9f31d1460 R09: 000000007fffffff
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000c
R13: 00007ff9f321b780 R14: 00007ff9f3217600 R15: 00007ff9f3216a00
 </TASK>
Kernel panic - not syncing: kernel: panic_on_warn set ...
CPU: 8 PID: 1011 Comm: bash Kdump: loaded Not tainted 6.9.0-rc3-next-20240410-00012-gdb69f219f4be #3
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
Call Trace:
 <TASK>
 panic+0x326/0x350
 check_panic_on_warn+0x4f/0x50
 __warn+0x98/0x190
 report_bug+0x18e/0x1a0
 handle_bug+0x3d/0x70
 exc_invalid_op+0x18/0x70
 asm_exc_invalid_op+0x1a/0x20
RIP: 0010:__lock_acquire+0xccb/0x1ca0
RSP: 0018:ffffa7a1c7fe3bd0 EFLAGS: 00000082
RAX: 0000000000000000 RBX: eb851eb853975fcf RCX: ffffa1ce5fc1c9c8
RDX: 00000000ffffffd8 RSI: 0000000000000027 RDI: ffffa1ce5fc1c9c0
RBP: ffffa1c6865d3280 R08: ffffffffb0f570a8 R09: 0000000000009ffb
R10: 0000000000000286 R11: ffffffffb0f2ad50 R12: ffffa1c6865d3d10
R13: ffffa1c6865d3c70 R14: 0000000000000000 R15: 0000000000000004
 lock_acquire+0xbe/0x2d0
 _raw_spin_lock_irqsave+0x3a/0x60
 hugepage_subpool_put_pages.part.0+0xe/0xc0
 free_huge_folio+0x253/0x3f0
 dissolve_free_huge_page+0x147/0x210
 __page_handle_poison+0x9/0x70
 memory_failure+0x4e6/0x8c0
 hard_offline_page_store+0x55/0xa0
 kernfs_fop_write_iter+0x12c/0x1d0
 vfs_write+0x380/0x540
 ksys_write+0x64/0xe0
 do_syscall_64+0xbc/0x1d0
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7ff9f3114887
RSP: 002b:00007ffecbacb458 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 000000000000000c RCX: 00007ff9f3114887
RDX: 000000000000000c RSI: 0000564494164e10 RDI: 0000000000000001
RBP: 0000564494164e10 R08: 00007ff9f31d1460 R09: 000000007fffffff
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000c
R13: 00007ff9f321b780 R14: 00007ff9f3217600 R15: 00007ff9f3216a00
 </TASK>

After git bisecting and digging into the code, I believe the root cause is
that _deferred_list field of folio is unioned with _hugetlb_subpool field.
In __update_and_free_hugetlb_folio(), folio->_deferred_list is
initialized leading to corrupted folio->_hugetlb_subpool when folio is
hugetlb.  Later free_huge_folio() will use _hugetlb_subpool and above
warning happens.

But it is assumed hugetlb flag must have been cleared when calling
folio_put() in update_and_free_hugetlb_folio().  This assumption is broken
due to below race:

CPU1					CPU2
dissolve_free_huge_page			update_and_free_pages_bulk
 update_and_free_hugetlb_folio		 hugetlb_vmemmap_restore_folios
					  folio_clear_hugetlb_vmemmap_optimized
  clear_flag = folio_test_hugetlb_vmemmap_optimized
  if (clear_flag) <-- False, it's already cleared.
   __folio_clear_hugetlb(folio) <-- Hugetlb is not cleared.
  folio_put
   free_huge_folio <-- free_the_page is expected.
					 list_for_each_entry()
					  __folio_clear_hugetlb <-- Too late.

Fix this issue by checking whether folio is hugetlb directly instead of
checking clear_flag to close the race window.

Link: https://lkml.kernel.org/r/20240419085819.1901645-1-linmiaohe@huawei.com
Fixes: 32c877191e02 ("hugetlb: do not clear hugetlb dtor until allocating vmemmap")
Signed-off-by: Miaohe Lin <linmiaohe@huawei.com>
Reviewed-by: Oscar Salvador <osalvador@suse.de>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Miaohe Lin <linmiaohe@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2024-05-17 11:56:24 +02:00
..
damon
mm/damon/reclaim: fix quota stauts loss due to online tunings
2024-03-01 13:26:39 +01:00
kasan
kasan/test: avoid gcc warning for intentional overflow
2024-04-03 15:19:27 +02:00
kfence
mm,kfence: decouple kfence from page granularity mapping judgement
2023-12-03 07:32:08 +01:00
kmsan
mm: kmsan: handle alloc failures in kmsan_vmap_pages_range_noflush()
2023-04-26 14:28:41 +02:00
backing-dev.c
writeback, cgroup: fix null-ptr-deref write in bdi_split_work_to_wbs
2023-04-26 14:28:39 +02:00
balloon_compaction.c
mm: Convert all PageMovable users to movable_operations
2022-08-02 12:34:03 -04:00
bootmem_info.c
bootmem: remove the vmemmap pages from kmemleak in put_page_bootmem
2022-08-28 14:02:45 -07:00
cma_debug.c
mm/cma_debug: show complete cma name in debugfs directories
2022-09-11 20:25:50 -07:00
cma_sysfs.c
cma.c
mm/cma: use nth_page() in place of direct struct page manipulation
2023-11-28 17:07:14 +00:00
cma.h
compaction.c
mm, vmscan: prevent infinite loop for costly GFP_NOIO | __GFP_RETRY_MAYFAIL allocations
2024-04-03 15:19:42 +02:00
debug_page_ref.c
debug_vm_pgtable.c
docs: rename Documentation/vm to Documentation/mm
2022-06-27 12:52:53 -07:00
debug.c
mm: remove the vma linked list
2022-09-26 19:46:26 -07:00
dmapool.c
early_ioremap.c
mm/early_ioremap: declare early_memremap_pgprot_adjust()
2022-03-22 15:57:11 -07:00
fadvise.c
riscv: compat: syscall: Add compat_sys_call_table implementation
2022-04-26 13:36:25 -07:00
failslab.c
mm: fix unexpected changes to {failslab|fail_page_alloc}.attr
2022-11-22 18:50:44 -08:00
filemap.c
mm: merge folio_has_private()/filemap_release_folio() call pairs
2024-01-10 17:10:31 +01:00
folio-compat.c
mm: remove try_to_free_swap()
2022-10-03 14:02:53 -07:00
frontswap.c
frontswap: don't call ->init if no ops are registered
2022-09-26 12:14:34 -07:00
gup_test.c
mm: rename is_pinnable_page() to is_longterm_pinnable_page()
2022-07-17 17:14:27 -07:00
gup_test.h
gup.c
mm: always expand the stack with the mmap write lock held
2023-07-01 13:16:25 +02:00
highmem.c
highmem: fix kmap_to_page() for kmap_local_page() addresses
2022-10-12 18:51:51 -07:00
hmm.c
mm/swap: add swp_offset_pfn() to fetch PFN from swap entry
2022-09-26 19:46:05 -07:00
huge_memory.c
mm: huge_memory: don't force huge page alignment on 32 bit
2024-03-06 14:45:06 +00:00
hugetlb_cgroup.c
mm/hugetlb_cgroup: convert hugetlb_cgroup_uncharge_page() to folios
2024-05-17 11:55:52 +02:00
hugetlb_vmemmap.c
mm: hugetlb_vmemmap: fix a race between vmemmap pmd split
2023-09-19 12:27:56 +02:00
hugetlb_vmemmap.h
mm: hugetlb_vmemmap: improve hugetlb_vmemmap code readability
2022-08-08 18:06:43 -07:00
hugetlb.c
mm/hugetlb: fix DEBUG_LOCKS_WARN_ON(1) when dissolve_free_hugetlb_folio()
2024-05-17 11:56:24 +02:00
hwpoison-inject.c
mm/hwpoison: add __init/__exit annotations to module init/exit funcs
2022-10-03 14:03:05 -07:00
init-mm.c
mm: remove rb tree.
2022-09-26 19:46:16 -07:00
internal.h
mm, netfs, fscache: stop read optimisation when folio removed from pagecache
2024-01-10 17:10:31 +01:00
interval_tree.c
io-mapping.c
ioremap.c
mm: ioremap: Add ioremap/iounmap_allowed()
2022-06-27 12:22:31 +01:00
Kconfig
mm: introduce new 'lock_mm_and_find_vma()' page fault helper
2023-07-01 13:16:24 +02:00
Kconfig.debug
mm: page_table_check: Make it dependent on EXCLUSIVE_SYSTEM_RAM
2023-06-14 11:15:29 +02:00
khugepaged.c
mm: merge folio_has_private()/filemap_release_folio() call pairs
2024-01-10 17:10:31 +01:00
kmemleak.c
mm/kmemleak: prevent soft lockup in kmemleak_scan()'s object iteration loops
2022-10-28 13:37:22 -07:00
ksm.c
mm/ksm: fix race with VMA iteration and mm_struct teardown
2023-03-30 12:49:29 +02:00
list_lru.c
mm: kmem: make mem_cgroup_from_obj() vmalloc()-safe
2022-06-16 19:48:31 -07:00
maccess.c
mm: Fix copy_from_user_nofault().
2023-06-28 11:12:17 +02:00
madvise.c
madvise:madvise_free_pte_range(): don't use mapcount() against large folio for sharing check
2023-08-30 16:11:11 +02:00
Makefile
mm: memcontrol: drop dead CONFIG_MEMCG_SWAP config symbol
2022-10-03 14:03:36 -07:00
mapping_dirty_helpers.c
memblock.c
x86/numa: Fix the address overlap check in numa_fill_memblks()
2024-03-01 13:26:36 +01:00
memcontrol.c
mm: memcontrol: clarify swapaccount=0 deprecation warning
2024-03-01 13:26:32 +01:00
memfd.c
memfd: check for non-NULL file_seals in memfd_create() syscall
2023-06-28 11:12:27 +02:00
memory_hotplug.c
mm/memory_hotplug: fix error handling in add_memory_resource()
2024-01-10 17:10:33 +01:00
memory-failure.c
mm/memory-failure: fix deadlock when hugetlb_optimize_vmemmap is enabled
2024-04-27 17:07:16 +02:00
memory-tiers.c
memory tier: release the new_memtier in find_create_memory_tier()
2023-03-10 09:34:27 +01:00
memory.c
x86/mm/pat: fix VM_PAT handling in COW mappings
2024-04-10 16:28:33 +02:00
mempolicy.c
mm/mempolicy: fix set_mempolicy_home_node() previous VMA pointer
2023-11-08 14:11:02 +01:00
mempool.c
mm/mempool: use might_alloc()
2022-06-16 19:48:30 -07:00
memremap.c
mm/memremap.c: map FS_DAX device memory as decrypted
2022-11-08 15:57:23 -08:00
memtest.c
memtest: use {READ,WRITE}_ONCE in memory scanning
2024-04-03 15:19:36 +02:00
migrate_device.c
mm/migrate_device: return number of migrating pages in args->cpages
2022-11-22 18:50:43 -08:00
migrate.c
mm/hugetlb: add folio_hstate()
2024-05-17 11:55:52 +02:00
mincore.c
mm: teach mincore_hugetlb about pte markers
2023-03-22 13:34:03 +01:00
mlock.c
mm/mlock: drop dead code in count_mm_mlocked_page_nr()
2022-09-26 19:46:27 -07:00
mm_init.c
mm: multi-gen LRU: groundwork
2022-09-26 19:46:09 -07:00
mm_slot.h
mm: introduce common struct mm_slot
2022-10-03 14:02:43 -07:00
mmap_lock.c
mmap.c
mmap: fix error paths with dup_anon_vma()
2023-11-08 14:11:03 +01:00
mmu_gather.c
mm/khugepaged: fix GUP-fast interaction by sending IPI
2022-11-30 14:49:42 -08:00
mmu_notifier.c
mm/mmu_notifier.c: fix race in mmu_interval_notifier_remove()
2022-04-21 20:01:10 -07:00
mmzone.c
mm: multi-gen LRU: groundwork
2022-09-26 19:46:09 -07:00
mprotect.c
mm/uffd: fix warning without PTE_MARKER_UFFD_WP compiled in
2022-10-12 15:56:46 -07:00
mremap.c
mm, mremap: fix mremap() expanding for vma's with vm_ops->close()
2023-02-09 11:28:22 +01:00
msync.c
mm/msync: use vma_find() instead of vma linked list
2022-09-26 19:46:25 -07:00
nommu.c
xtensa: fix lock_mm_and_find_vma in case VMA not found
2023-07-05 18:27:37 +01:00
oom_kill.c
mm: reduce noise in show_mem for lowmem allocations
2022-09-26 19:46:29 -07:00
page_alloc.c
mm, vmscan: prevent infinite loop for costly GFP_NOIO | __GFP_RETRY_MAYFAIL allocations
2024-04-03 15:19:42 +02:00
page_counter.c
mm: page_counter: remove unneeded atomic ops for low/min
2022-09-11 20:26:01 -07:00
page_ext.c
mm/page_exit: fix kernel doc warning in page_ext_put()
2022-11-22 18:50:41 -08:00
page_idle.c
mm: don't be stuck to rmap lock on reclaim path
2022-05-19 14:08:54 -07:00
page_io.c
use less confusing names for iov_iter direction initializers
2023-02-09 11:28:04 +01:00
page_isolation.c
mm/page_isolation: fix clang deadcode warning
2022-10-28 13:37:22 -07:00
page_owner.c
mm: reuse pageblock_start/end_pfn() macro
2022-10-03 14:03:03 -07:00
page_poison.c
page_reporting.c
page_reporting.h
page_table_check.c
mm: page_table_check: Ensure user pages are not slab pages
2023-06-14 11:15:29 +02:00
page_vma_mapped.c
mm/swap: add swp_offset_pfn() to fetch PFN from swap entry
2022-09-26 19:46:05 -07:00
page-writeback.c
mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again
2024-02-23 09:12:32 +01:00
pagewalk.c
- Yu Zhao's Multi-Gen LRU patches are here. They've been under test in
2022-10-10 17:53:04 -07:00
percpu-internal.h
percpu: improve percpu_alloc_percpu event trace
2022-05-13 07:20:18 -07:00
percpu-km.c
percpu-stats.c
percpu-vm.c
percpu.c
mm: percpu: use kmemleak_ignore_phys() instead of kmemleak_free()
2022-07-17 17:14:47 -07:00
pgalloc-track.h
pgtable-generic.c
mm: avoid unnecessary flush on change_huge_pmd()
2022-05-13 07:20:05 -07:00
process_vm_access.c
use less confusing names for iov_iter direction initializers
2023-02-09 11:28:04 +01:00
ptdump.c
mm: pagewalk: Fix race between unmap and page walker
2022-09-03 10:13:13 -07:00
readahead.c
mm: use memalloc_nofs_save() in page_cache_ra_order()
2024-05-17 11:56:21 +02:00
rmap.c
mm/hwpoison: convert TTU_IGNORE_HWPOISON to TTU_HWPOISON
2023-03-10 09:34:25 +01:00
rodata_test.c
mm/rodata_test: use PAGE_ALIGNED() helper
2022-10-03 14:03:05 -07:00
secretmem.c
mm/secretmem: remove reduntant return value
2022-10-03 14:03:36 -07:00
shmem.c
mm/shmem: fix race in shmem_undo_range w/THP
2023-12-20 17:00:26 +01:00
shrinker_debug.c
mm: shrinkers: fix deadlock in shrinker debugfs
2023-02-22 12:59:46 +01:00
shuffle.c
mm/shuffle: convert module_param_call to module_param_cb
2022-10-03 14:03:07 -07:00
shuffle.h
slab_common.c
mm/slab_common: fix slab_caches list corruption after kmem_cache_destroy()
2023-10-06 14:57:03 +02:00
slab.c
mm/slab: Fix undefined init_cache_node_node() for NUMA and !SMP
2023-03-30 12:49:23 +02:00
slab.h
- Yu Zhao's Multi-Gen LRU patches are here. They've been under test in
2022-10-10 17:53:04 -07:00
slob.c
Merge branch 'slab/for-6.1/kmalloc_size_roundup' into slab/for-next
2022-09-29 11:30:55 +02:00
slub.c
treewide: use prandom_u32_max() when possible, part 1
2022-10-11 17:42:55 -06:00
sparse-vmemmap.c
mm: hugetlb_vmemmap: move vmemmap code related to HugeTLB to hugetlb_vmemmap.c
2022-08-08 18:06:42 -07:00
sparse.c
mm/sparsemem: fix race in accessing memory_section->usage
2024-01-31 16:17:02 -08:00
swap_cgroup.c
mm: memcontrol: don't allocate cgroup swap arrays when memcg is disabled
2022-10-03 14:03:36 -07:00
swap_slots.c
mm/swap: convert put_swap_page() to put_swap_folio()
2022-10-03 14:02:46 -07:00
swap_state.c
swap_state: convert free_swap_cache() to use a folio
2022-10-03 14:02:51 -07:00
swap.c
mm: add folio_add_lru_vma()
2022-10-03 14:02:45 -07:00
swap.h
mm/swap: fix race when skipping swapcache
2024-03-01 13:26:32 +01:00
swapfile.c
mm: swap: fix race between free_swap_and_cache() and swapoff()
2024-04-03 15:19:32 +02:00
truncate.c
mm: merge folio_has_private()/filemap_release_folio() call pairs
2024-01-10 17:10:31 +01:00
usercopy.c
mm: Fix copy_from_user_nofault().
2023-06-28 11:12:17 +02:00
userfaultfd.c
userfaultfd: fix mmap_changing checking in mfill_atomic_hugetlb
2024-02-23 09:12:51 +01:00
util.c
rcu: dump vmalloc memory info safely
2023-09-13 09:42:59 +02:00
vmalloc.c
mm/vmalloc: add a safer version of find_vm_area() for debug
2023-09-13 09:43:00 +02:00
vmpressure.c
net-memcg: Fix scope of sockmem pressure indicators
2023-09-13 09:42:33 +02:00
vmscan.c
mm, vmscan: prevent infinite loop for costly GFP_NOIO | __GFP_RETRY_MAYFAIL allocations
2024-04-03 15:19:42 +02:00
vmstat.c
- Yu Zhao's Multi-Gen LRU patches are here. They've been under test in
2022-10-10 17:53:04 -07:00
workingset.c
mm/mglru: fix underprotected page cache
2023-12-20 17:00:26 +01:00
z3fold.c
mm: Convert all PageMovable users to movable_operations
2022-08-02 12:34:03 -04:00
zbud.c
zpool.c
zsmalloc.c
zsmalloc: allow only one active pool compaction context
2023-08-23 17:52:40 +02:00
zswap.c
mm: zswap: fix missing folio cleanup in writeback race path
2024-03-01 13:26:39 +01:00