From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2858EC433E0 for ; Wed, 6 Jan 2021 17:10:53 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id C148822EBD for ; Wed, 6 Jan 2021 17:10:52 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org C148822EBD Authentication-Results: mail.kernel.org; dmarc=fail (p=quarantine dis=none) header.from=suse.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id 1E1536B02AA; Wed, 6 Jan 2021 12:10:52 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 1B9486B02AC; Wed, 6 Jan 2021 12:10:52 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 0CDBC6B02AD; Wed, 6 Jan 2021 12:10:52 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0202.hostedemail.com [216.40.44.202]) by kanga.kvack.org (Postfix) with ESMTP id EC7E46B02AA for ; Wed, 6 Jan 2021 12:10:51 -0500 (EST) Received: from smtpin25.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay03.hostedemail.com (Postfix) with ESMTP id B4C64824556B for ; Wed, 6 Jan 2021 17:10:51 +0000 (UTC) X-FDA: 77675989902.25.burst09_2b12695274e3 Received: from filter.hostedemail.com (10.5.16.251.rfc1918.com [10.5.16.251]) by smtpin25.hostedemail.com (Postfix) with ESMTP id 87FCB1804E3A0 for ; Wed, 6 Jan 2021 17:10:51 +0000 (UTC) X-HE-Tag: burst09_2b12695274e3 X-Filterd-Recvd-Size: 3707 Received: from mx2.suse.de (mx2.suse.de [195.135.220.15]) by imf24.hostedemail.com (Postfix) with ESMTP for ; Wed, 6 Jan 2021 17:10:49 +0000 (UTC) X-Virus-Scanned: by amavisd-new at test-mx.suse.de DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=susede1; t=1609953048; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=cWYYM4wHsoqQNcniGqO0vexUGEXTnF+YOVKCWdq6TxQ=; b=DDaHdz4lIszPEqfj1mTAdQ9uawBb2j6rNVUbG2MR2mZcIzb/OZbLejquyf5IidXEeJWjLu JT7/IoiYMHDS5wxQmPF0ZSYO4ns75nnLf8t8WeZsQlwBnrqkxazXwsFuvWrgWcWsUcTy2y o6Ln0G8K+w8me5jPT6Celga5uHBEvPY= Received: from relay2.suse.de (unknown [195.135.221.27]) by mx2.suse.de (Postfix) with ESMTP id B8EA3ACAF; Wed, 6 Jan 2021 17:10:48 +0000 (UTC) Date: Wed, 6 Jan 2021 18:10:48 +0100 From: Michal Hocko To: Muchun Song Cc: mike.kravetz@oracle.com, akpm@linux-foundation.org, n-horiguchi@ah.jp.nec.com, ak@linux.intel.com, linux-mm@kvack.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH v2 5/6] mm: hugetlb: fix a race between isolating and freeing page Message-ID: <20210106171048.GV13207@dhcp22.suse.cz> References: <20210106084739.63318-1-songmuchun@bytedance.com> <20210106084739.63318-6-songmuchun@bytedance.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20210106084739.63318-6-songmuchun@bytedance.com> X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Wed 06-01-21 16:47:38, Muchun Song wrote: > There is a race between isolate_huge_page() and __free_huge_page(). > > CPU0: CPU1: > > if (PageHuge(page)) > put_page(page) > __free_huge_page(page) > spin_lock(&hugetlb_lock) > update_and_free_page(page) > set_compound_page_dtor(page, > NULL_COMPOUND_DTOR) > spin_unlock(&hugetlb_lock) > isolate_huge_page(page) > // trigger BUG_ON > VM_BUG_ON_PAGE(!PageHead(page), page) > spin_lock(&hugetlb_lock) > page_huge_active(page) > // trigger BUG_ON > VM_BUG_ON_PAGE(!PageHuge(page), page) > spin_unlock(&hugetlb_lock) > > When we isolate a HugeTLB page on CPU0. Meanwhile, we free it to the > buddy allocator on CPU1. Then, we can trigger a BUG_ON on CPU0. Because > it is already freed to the buddy allocator. > > Fixes: c8721bbbdd36 ("mm: memory-hotplug: enable memory hotplug to handle hugepage") > Signed-off-by: Muchun Song > Reviewed-by: Mike Kravetz Acked-by: Michal Hocko Thanks! > --- > mm/hugetlb.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/mm/hugetlb.c b/mm/hugetlb.c > index bf02e81e3953..67200dd25b1d 100644 > --- a/mm/hugetlb.c > +++ b/mm/hugetlb.c > @@ -5587,9 +5587,9 @@ bool isolate_huge_page(struct page *page, struct list_head *list) > { > bool ret = true; > > - VM_BUG_ON_PAGE(!PageHead(page), page); > spin_lock(&hugetlb_lock); > - if (!page_huge_active(page) || !get_page_unless_zero(page)) { > + if (!PageHeadHuge(page) || !page_huge_active(page) || > + !get_page_unless_zero(page)) { > ret = false; > goto unlock; > } > -- > 2.11.0 -- Michal Hocko SUSE Labs