iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/mm
History
Miaohe Lin 7e0a322877 mm/hugetlb: fix DEBUG_LOCKS_WARN_ON(1) when dissolve_free_hugetlb_folio() 
commit 52ccdde16b6540abe43b6f8d8e1e1ec90b0983af upstream.

When I did memory failure tests recently, below warning occurs:

DEBUG_LOCKS_WARN_ON(1)
WARNING: CPU: 8 PID: 1011 at kernel/locking/lockdep.c:232 __lock_acquire+0xccb/0x1ca0
Modules linked in: mce_inject hwpoison_inject
CPU: 8 PID: 1011 Comm: bash Kdump: loaded Not tainted 6.9.0-rc3-next-20240410-00012-gdb69f219f4be #3
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
RIP: 0010:__lock_acquire+0xccb/0x1ca0
RSP: 0018:ffffa7a1c7fe3bd0 EFLAGS: 00000082
RAX: 0000000000000000 RBX: eb851eb853975fcf RCX: ffffa1ce5fc1c9c8
RDX: 00000000ffffffd8 RSI: 0000000000000027 RDI: ffffa1ce5fc1c9c0
RBP: ffffa1c6865d3280 R08: ffffffffb0f570a8 R09: 0000000000009ffb
R10: 0000000000000286 R11: ffffffffb0f2ad50 R12: ffffa1c6865d3d10
R13: ffffa1c6865d3c70 R14: 0000000000000000 R15: 0000000000000004
FS:  00007ff9f32aa740(0000) GS:ffffa1ce5fc00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ff9f3134ba0 CR3: 00000008484e4000 CR4: 00000000000006f0
Call Trace:
 <TASK>
 lock_acquire+0xbe/0x2d0
 _raw_spin_lock_irqsave+0x3a/0x60
 hugepage_subpool_put_pages.part.0+0xe/0xc0
 free_huge_folio+0x253/0x3f0
 dissolve_free_huge_page+0x147/0x210
 __page_handle_poison+0x9/0x70
 memory_failure+0x4e6/0x8c0
 hard_offline_page_store+0x55/0xa0
 kernfs_fop_write_iter+0x12c/0x1d0
 vfs_write+0x380/0x540
 ksys_write+0x64/0xe0
 do_syscall_64+0xbc/0x1d0
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7ff9f3114887
RSP: 002b:00007ffecbacb458 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 000000000000000c RCX: 00007ff9f3114887
RDX: 000000000000000c RSI: 0000564494164e10 RDI: 0000000000000001
RBP: 0000564494164e10 R08: 00007ff9f31d1460 R09: 000000007fffffff
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000c
R13: 00007ff9f321b780 R14: 00007ff9f3217600 R15: 00007ff9f3216a00
 </TASK>
Kernel panic - not syncing: kernel: panic_on_warn set ...
CPU: 8 PID: 1011 Comm: bash Kdump: loaded Not tainted 6.9.0-rc3-next-20240410-00012-gdb69f219f4be #3
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
Call Trace:
 <TASK>
 panic+0x326/0x350
 check_panic_on_warn+0x4f/0x50
 __warn+0x98/0x190
 report_bug+0x18e/0x1a0
 handle_bug+0x3d/0x70
 exc_invalid_op+0x18/0x70
 asm_exc_invalid_op+0x1a/0x20
RIP: 0010:__lock_acquire+0xccb/0x1ca0
RSP: 0018:ffffa7a1c7fe3bd0 EFLAGS: 00000082
RAX: 0000000000000000 RBX: eb851eb853975fcf RCX: ffffa1ce5fc1c9c8
RDX: 00000000ffffffd8 RSI: 0000000000000027 RDI: ffffa1ce5fc1c9c0
RBP: ffffa1c6865d3280 R08: ffffffffb0f570a8 R09: 0000000000009ffb
R10: 0000000000000286 R11: ffffffffb0f2ad50 R12: ffffa1c6865d3d10
R13: ffffa1c6865d3c70 R14: 0000000000000000 R15: 0000000000000004
 lock_acquire+0xbe/0x2d0
 _raw_spin_lock_irqsave+0x3a/0x60
 hugepage_subpool_put_pages.part.0+0xe/0xc0
 free_huge_folio+0x253/0x3f0
 dissolve_free_huge_page+0x147/0x210
 __page_handle_poison+0x9/0x70
 memory_failure+0x4e6/0x8c0
 hard_offline_page_store+0x55/0xa0
 kernfs_fop_write_iter+0x12c/0x1d0
 vfs_write+0x380/0x540
 ksys_write+0x64/0xe0
 do_syscall_64+0xbc/0x1d0
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7ff9f3114887
RSP: 002b:00007ffecbacb458 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 000000000000000c RCX: 00007ff9f3114887
RDX: 000000000000000c RSI: 0000564494164e10 RDI: 0000000000000001
RBP: 0000564494164e10 R08: 00007ff9f31d1460 R09: 000000007fffffff
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000c
R13: 00007ff9f321b780 R14: 00007ff9f3217600 R15: 00007ff9f3216a00
 </TASK>

After git bisecting and digging into the code, I believe the root cause is
that _deferred_list field of folio is unioned with _hugetlb_subpool field.
In __update_and_free_hugetlb_folio(), folio->_deferred_list is
initialized leading to corrupted folio->_hugetlb_subpool when folio is
hugetlb.  Later free_huge_folio() will use _hugetlb_subpool and above
warning happens.

But it is assumed hugetlb flag must have been cleared when calling
folio_put() in update_and_free_hugetlb_folio().  This assumption is broken
due to below race:

CPU1					CPU2
dissolve_free_huge_page			update_and_free_pages_bulk
 update_and_free_hugetlb_folio		 hugetlb_vmemmap_restore_folios
					  folio_clear_hugetlb_vmemmap_optimized
  clear_flag = folio_test_hugetlb_vmemmap_optimized
  if (clear_flag) <-- False, it's already cleared.
   __folio_clear_hugetlb(folio) <-- Hugetlb is not cleared.
  folio_put
   free_huge_folio <-- free_the_page is expected.
					 list_for_each_entry()
					  __folio_clear_hugetlb <-- Too late.

Fix this issue by checking whether folio is hugetlb directly instead of
checking clear_flag to close the race window.

Link: https://lkml.kernel.org/r/20240419085819.1901645-1-linmiaohe@huawei.com
Fixes: 32c877191e02 ("hugetlb: do not clear hugetlb dtor until allocating vmemmap")
Signed-off-by: Miaohe Lin <linmiaohe@huawei.com>
Reviewed-by: Oscar Salvador <osalvador@suse.de>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Miaohe Lin <linmiaohe@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2024-05-17 12:02:39 +02:00
..
damon
mm/damon/reclaim: fix quota stauts loss due to online tunings
2024-03-01 13:35:00 +01:00
kasan
kasan/test: avoid gcc warning for intentional overflow
2024-04-03 15:28:20 +02:00
kfence
LoongArch changes for v6.6
2023-09-08 12:16:52 -07:00
kmsan
mm, treewide: introduce NR_PAGE_ORDERS
2024-05-02 16:32:41 +02:00
backing-dev.c
blk-wbt: Fix detection of dirty-throttled tasks
2024-02-23 09:25:16 +01:00
balloon_compaction.c
bootmem_info.c
cma_debug.c
cma_sysfs.c
mm: cma: make kobj_type structure constant
2023-03-28 16:20:06 -07:00
cma.c
mm/cma: use nth_page() in place of direct struct page manipulation
2023-11-28 17:20:06 +00:00
cma.h
compaction.c
mm, treewide: introduce NR_PAGE_ORDERS
2024-05-02 16:32:41 +02:00
debug_page_alloc.c
mm: page_alloc: split out DEBUG_PAGEALLOC
2023-06-09 16:25:23 -07:00
debug_page_ref.c
debug_vm_pgtable.c
mm/debug_vm_pgtable: fix BUG_ON with pud advanced test
2024-03-06 14:48:41 +00:00
debug.c
mm: update validate_mm() to use vma iterator
2023-06-09 16:25:31 -07:00
dmapool_test.c
dmapool: add alloc/free performance test
2023-04-05 19:42:38 -07:00
dmapool.c
dmapool: create/destroy cleanup
2023-06-09 16:25:17 -07:00
early_ioremap.c
mm/early_ioremap.c: improve the execution efficiency of early_ioremap_setup()
2023-06-09 16:25:56 -07:00
fadvise.c
mm: remove unnecessary pagevec includes
2023-06-23 16:59:31 -07:00
fail_page_alloc.c
mm: page_alloc: split out FAIL_PAGE_ALLOC
2023-06-09 16:25:23 -07:00
failslab.c
filemap.c
mm: cachestat: fix two shmem bugs
2024-04-03 15:28:55 +02:00
folio-compat.c
filemap: Add fgf_t typedef
2023-07-24 18:04:30 -04:00
gup_test.c
Merge mm-hotfixes-stable into mm-stable to pick up depended-upon changes.
2023-06-23 16:58:19 -07:00
gup_test.h
gup.c
mm/madvise: make MADV_POPULATE_(READ|WRITE) handle VM_FAULT_RETRY properly
2024-05-02 16:32:40 +02:00
highmem.c
mm: ptep_get() conversion
2023-06-19 16:19:25 -07:00
hmm.c
mm: enable page walking API to lock vmas during the walk
2023-08-21 13:07:20 -07:00
huge_memory.c
mm: fix for negative counter: nr_file_hugepages
2023-11-28 17:20:13 +00:00
hugetlb_cgroup.c
mm/hugetlb: increase use of folios in alloc_huge_page()
2023-02-13 15:54:27 -08:00
hugetlb_vmemmap.c
mm: hugetlb_vmemmap: fix a race between vmemmap pmd split
2023-08-18 10:12:14 -07:00
hugetlb_vmemmap.h
hugetlb.c
mm/hugetlb: fix DEBUG_LOCKS_WARN_ON(1) when dissolve_free_hugetlb_folio()
2024-05-17 12:02:39 +02:00
hwpoison-inject.c
init-mm.c
mm: move dummy_vm_ops out of a header
2023-08-21 13:37:46 -07:00
internal.h
mm/madvise: make MADV_POPULATE_(READ|WRITE) handle VM_FAULT_RETRY properly
2024-05-02 16:32:40 +02:00
interval_tree.c
io-mapping.c
ioremap.c
mm: ioremap: remove unneeded ioremap_allowed and iounmap_allowed
2023-08-18 10:12:36 -07:00
Kconfig
- Some swap cleanups from Ma Wupeng ("fix WARN_ON in add_to_avail_list")
2023-08-29 14:25:26 -07:00
Kconfig.debug
mm: page_table_check: Make it dependent on EXCLUSIVE_SYSTEM_RAM
2023-05-29 16:14:28 +01:00
khugepaged.c
- Some swap cleanups from Ma Wupeng ("fix WARN_ON in add_to_avail_list")
2023-08-29 14:25:26 -07:00
kmemleak.c
mm/kmemleak: move up cond_resched() call in page scanning loop
2023-09-02 15:17:34 -07:00
ksm.c
mm: memory-failure: use rcu lock instead of tasklist_lock when collect_procs()
2023-09-05 11:11:52 -07:00
list_lru.c
maccess.c
mm: Fix copy_from_user_nofault().
2023-04-12 17:36:23 -07:00
madvise.c
mm/madvise: make MADV_POPULATE_(READ|WRITE) handle VM_FAULT_RETRY properly
2024-05-02 16:32:40 +02:00
Makefile
- Some swap cleanups from Ma Wupeng ("fix WARN_ON in add_to_avail_list")
2023-08-29 14:25:26 -07:00
mapping_dirty_helpers.c
mm: fix clean_record_shared_mapping_range kernel-doc
2023-08-24 16:20:30 -07:00
memblock.c
x86/numa: Fix the address overlap check in numa_fill_memblks()
2024-03-01 13:35:06 +01:00
memcontrol.c
mm: memcontrol: clarify swapaccount=0 deprecation warning
2024-03-01 13:35:00 +01:00
memfd.c
revert "memfd: improve userspace warnings for missing exec-related flags".
2023-09-05 11:11:52 -07:00
memory_hotplug.c
mm/memory_hotplug: fix memmap_on_memory sysfs value retrieval
2024-01-20 11:51:49 +01:00
memory-failure.c
mm/memory-failure: fix deadlock when hugetlb_optimize_vmemmap is enabled
2024-04-27 17:11:42 +02:00
memory-tiers.c
memory tier: use helper macro __ATTR_RW()
2023-08-18 10:12:38 -07:00
memory.c
x86/mm/pat: fix VM_PAT handling in COW mappings
2024-04-10 16:36:03 +02:00
mempolicy.c
numa: Generalize numa_map_to_online_node()
2023-11-20 11:58:51 +01:00
mempool.c
memremap.c
mm/memremap.c: fix outdated comment in devm_memremap_pages
2023-02-09 16:51:46 -08:00
memtest.c
memtest: use {READ,WRITE}_ONCE in memory scanning
2024-04-03 15:28:33 +02:00
migrate_device.c
Add x86 shadow stack support
2023-08-31 12:20:12 -07:00
migrate.c
mm/vmscan: fix a bug calling wakeup_kswapd() with a wrong zone index
2024-03-15 10:48:14 -04:00
mincore.c
mm: enable page walking API to lock vmas during the walk
2023-08-21 13:07:20 -07:00
mlock.c
merge mm-hotfixes-stable into mm-stable to pick up depended-upon changes
2023-08-21 14:26:20 -07:00
mm_init.c
efi: disable mirror feature during crashkernel
2024-01-31 16:18:56 -08:00
mm_slot.h
mmap_lock.c
mmap.c
mm, mmap: fix vma_merge() case 7 with vma_ops->close
2024-04-03 15:28:40 +02:00
mmu_gather.c
mm: fix kernel-doc warning from tlb_flush_rmaps()
2023-08-24 16:20:30 -07:00
mmu_notifier.c
mmu_notifiers: rename invalidate_range notifier
2023-08-18 10:12:41 -07:00
mmzone.c
mprotect.c
Add x86 shadow stack support
2023-08-31 12:20:12 -07:00
mremap.c
vm: fix move_vma() memory accounting being off
2023-09-16 15:23:31 -07:00
msync.c
nommu.c
Add x86 shadow stack support
2023-08-31 12:20:12 -07:00
oom_kill.c
mm: remove redundant K() macro definition
2023-08-21 13:37:44 -07:00
page_alloc.c
mm, treewide: introduce NR_PAGE_ORDERS
2024-05-02 16:32:41 +02:00
page_counter.c
page_ext.c
mm/page_ext: move functions around for minor cleanups to page_ext
2023-08-18 10:12:31 -07:00
page_idle.c
mm: page_idle: convert page idle to use a folio
2023-01-18 17:12:52 -08:00
page_io.c
zswap: make zswap_load() take a folio
2023-08-21 13:37:27 -07:00
page_isolation.c
mm/hugetlb: get rid of page_hstate()
2023-08-18 10:12:39 -07:00
page_owner.c
mm/page_ext: use page_ext_data helper in page_owner
2023-08-21 13:37:27 -07:00
page_poison.c
mm/page_poison: remove unused page_ext.h from page_poison
2023-08-21 13:37:30 -07:00
page_reporting.c
mm, treewide: introduce NR_PAGE_ORDERS
2024-05-02 16:32:41 +02:00
page_reporting.h
page_table_check.c
mm: convert page_table_check_pte_set() to page_table_check_ptes_set()
2023-08-24 16:20:18 -07:00
page_vma_mapped.c
mm: correct stale comment of function check_pte
2023-08-18 10:12:13 -07:00
page-writeback.c
blk-wbt: Fix detection of dirty-throttled tasks
2024-02-23 09:25:16 +01:00
pagewalk.c
mm/pagewalk: fix bootstopping regression from extra pte_unmap()
2023-09-02 08:39:21 -07:00
percpu-internal.h
percpu-internal/pcpu_chunk: re-layout pcpu_chunk structure to reduce false sharing
2023-06-19 16:19:29 -07:00
percpu-km.c
percpu-stats.c
percpu-vm.c
percpu.c
mm: Introduce flush_cache_vmap_early()
2024-02-16 19:10:52 +01:00
pgalloc-track.h
pgtable-generic.c
mm/pgtable: notes on pte_offset_map[_lock]()
2023-08-18 10:12:25 -07:00
process_vm_access.c
mm/gup: remove unused vmas parameter from pin_user_pages_remote()
2023-06-09 16:25:25 -07:00
ptdump.c
mm: ptdump should use ptep_get_lockless()
2023-06-19 16:19:24 -07:00
readahead.c
mm: use memalloc_nofs_save() in page_cache_ra_order()
2024-05-17 12:02:36 +02:00
rmap.c
mm: hugetlb: add huge page size param to set_huge_pte_at()
2023-09-29 17:20:47 -07:00
rodata_test.c
secretmem.c
mm/secretmem: use a folio in secretmem_fault()
2023-08-21 13:38:02 -07:00
shmem_quota.c
tmpfs: fix race on handling dquot rbtree
2024-04-03 15:28:54 +02:00
shmem.c
mm/shmem: inline shmem_is_huge() for disabled transparent hugepages
2024-04-27 17:11:42 +02:00
show_mem.c
mm, treewide: introduce NR_PAGE_ORDERS
2024-05-02 16:32:41 +02:00
shrinker_debug.c
Revert "mm: shrinkers: make count and scan in shrinker debugfs lockless"
2023-06-19 13:19:34 -07:00
shuffle.c
shuffle.h
mm, treewide: redefine MAX_ORDER sanely
2023-04-05 19:42:46 -07:00
slab_common.c
mm: slab: Do not create kmalloc caches smaller than arch_slab_minalign()
2023-10-11 15:24:49 +02:00
slab.c
Randomized slab caches for kmalloc()
2023-07-18 10:07:47 +02:00
slab.h
Randomized slab caches for kmalloc()
2023-07-18 10:07:47 +02:00
slub.c
mm/slub: remove freelist_dereference()
2023-07-14 09:57:21 +02:00
sparse-vmemmap.c
mm/vmemmap: allow architectures to override how vmemmap optimization works
2023-08-18 10:12:53 -07:00
sparse.c
mm/sparsemem: fix race in accessing memory_section->usage
2024-01-31 16:18:56 -08:00
swap_cgroup.c
swap_slots.c
swap_state.c
mm/swap: inline folio_set_swap_entry() and folio_swap_entry()
2023-08-24 16:20:28 -07:00
swap.c
mm: remove references to pagevec
2023-06-23 16:59:30 -07:00
swap.h
mm/swap: fix race when skipping swapcache
2024-03-01 13:35:00 +01:00
swapfile.c
mm: swap: fix race between free_swap_and_cache() and swapoff()
2024-04-03 15:28:27 +02:00
truncate.c
- Some swap cleanups from Ma Wupeng ("fix WARN_ON in add_to_avail_list")
2023-08-29 14:25:26 -07:00
usercopy.c
mm: Fix copy_from_user_nofault().
2023-04-12 17:36:23 -07:00
userfaultfd.c
userfaultfd: fix mmap_changing checking in mfill_atomic_hugetlb
2024-02-23 09:24:53 +01:00
util.c
parisc: fix mmap_base calculation when stack grows upwards
2023-11-28 17:20:08 +00:00
vmalloc.c
mm: hugetlb: add huge page size param to set_huge_pte_at()
2023-09-29 17:20:47 -07:00
vmpressure.c
net-memcg: Fix scope of sockmem pressure indicators
2023-08-16 12:21:32 +01:00
vmscan.c
mm, vmscan: prevent infinite loop for costly GFP_NOIO | __GFP_RETRY_MAYFAIL allocations
2024-04-03 15:28:44 +02:00
vmstat.c
mm, treewide: introduce NR_PAGE_ORDERS
2024-05-02 16:32:41 +02:00
workingset.c
mm/mglru: fix underprotected page cache
2023-12-20 17:02:02 +01:00
z3fold.c
mm/z3fold: remove obsolete comment for struct z3fold_pool
2023-08-21 13:37:51 -07:00
zbud.c
mm: zswap: remove shrink from zpool interface
2023-06-19 16:19:27 -07:00
zpool.c
mm: zswap: remove shrink from zpool interface
2023-06-19 16:19:27 -07:00
zsmalloc.c
merge mm-hotfixes-stable into mm-stable to pick up depended-upon changes
2023-08-21 14:26:20 -07:00
zswap.c
mm: zswap: fix missing folio cleanup in writeback race path
2024-03-01 13:35:10 +01:00