From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 73D4DC25B74 for ; Fri, 31 May 2024 01:27:33 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id E31DC6B009C; Thu, 30 May 2024 21:27:32 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id DE1916B009D; Thu, 30 May 2024 21:27:32 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id C5AD56B009E; Thu, 30 May 2024 21:27:32 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id A7A6E6B009C for ; Thu, 30 May 2024 21:27:32 -0400 (EDT) Received: from smtpin03.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id DEB24140CEC for ; Fri, 31 May 2024 01:27:31 +0000 (UTC) X-FDA: 82176953502.03.4F4F9CA Received: from APC01-PSA-obe.outbound.protection.outlook.com (mail-psaapc01on2046.outbound.protection.outlook.com [40.107.255.46]) by imf23.hostedemail.com (Postfix) with ESMTP id C26C814001C for ; Fri, 31 May 2024 01:27:27 +0000 (UTC) Authentication-Results: imf23.hostedemail.com; dkim=pass header.d=oppo.com header.s=selector1 header.b=gavwqSWl; dmarc=pass (policy=quarantine) header.from=oppo.com; arc=pass ("microsoft.com:s=arcselector9901:i=1"); spf=pass (imf23.hostedemail.com: domain of hailong.liu@oppo.com designates 40.107.255.46 as permitted sender) smtp.mailfrom=hailong.liu@oppo.com ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1717118848; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=o0Ki4pZI9xDSsPn6vqaVovxDtBvF8cge3SmtC4lIyEE=; b=fAuDAfF8v/qjizTgYctWE2RfsXaJ1brWfCdS8ne7JUGmWJUJ1HA5GwJ/jx6TbUg0tCmMc1 lpm0pr7pYEBLOMUBA1zybBBFdNQ9dzJuBDCndLOOIi1PP9ZXxCxAyCZ+v5sNTC2tIi7gfH ofOiZc2rbzw5ymn92Xu/JnbMc5sTW54= ARC-Authentication-Results: i=2; imf23.hostedemail.com; dkim=pass header.d=oppo.com header.s=selector1 header.b=gavwqSWl; dmarc=pass (policy=quarantine) header.from=oppo.com; arc=pass ("microsoft.com:s=arcselector9901:i=1"); spf=pass (imf23.hostedemail.com: domain of hailong.liu@oppo.com designates 40.107.255.46 as permitted sender) smtp.mailfrom=hailong.liu@oppo.com ARC-Seal: i=2; s=arc-20220608; d=hostedemail.com; t=1717118848; a=rsa-sha256; cv=pass; b=Ia8tXghvDbnZHsu2p+PrCs+Vnin8Y5HEsXohlP/04SJjKFUlAL9fPns/pWf033UE82gQ5H Eb1jvMZXjzLMxY9FzcBEn8JkNcxixhxGH709DNeQFxryYUZp0wD3S+ATd0nW4E0umFUMQZ 3EHJyIEJbWY1xyWnasJK0QCSccCQwV8= ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Tti8xW1BsKcjz2nSpibaTV7mrFW8c5wxwpZDa7COGAUySDsJe0O8xb9xDxflTFV66AnuxGeYlmWVB4w0JxJnvJbDRfAzkrNyvNOugIdKMK4+4QAD/XANRUl9DJXWwCW57siYg0vuuDImdinle3tG8KUa0TmUJP9dk+Gi510xr/6zHJSwuHgClw5eVsptD4J2sHtfXpq/nKHQbGPLB+Eguu8T5Hd0fkxiXjqB+d3/exzS2p5DdGUCfwNRGx/XEx4ZtYNjm4aeWKGOHMvaCAhNm9SJBsCTPh+gVWaR3WJL8RSQRKdeNTdQzZIDt012NY/HQqLzcDqoU1HoL6p2t8+ezQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=o0Ki4pZI9xDSsPn6vqaVovxDtBvF8cge3SmtC4lIyEE=; b=SFoSvlpaZaV9t16VQvieyJ4cUYAGYpWfkIBd+Jy2HCEnfFMSQ8u1Ks4Pj4SXsNRReSCkYK2cqCIP+ViDQiGs9t2vo4Vy+l/X/b6lXvi2jSlYqyP0USzDQ0unCJFF7PzuJmrZTPgDeEJOxi32oKAx3rjy5J+cO//3zGXNywI7Biww5STUEzrwf744rfYZDYNsazgNZTGw9663E2I89rebdZ0Y6GnTMsLUBSZIDSczN9Ax/+TpgbM5Q/2epMtD23XSwjo0OrAEuEeHu+n/spYTsLwY3n7jGhCukv0fbH+95nmaFLyy+reZK9sbuwKgM++TWTmUofMbIuJJdyxZkPBJ6g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 58.252.5.68) smtp.rcpttodomain=unisoc.com smtp.mailfrom=oppo.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=oppo.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oppo.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=o0Ki4pZI9xDSsPn6vqaVovxDtBvF8cge3SmtC4lIyEE=; b=gavwqSWlP1Wtyv3n3eBsYRk/cbCM2/sUkmnULhmp2hFOJf2x4a23ac1606MDwaWBkNo0QlxdpNafyjb5izYE48GTp1RZOnffqK9vLZc5HMoEVZu4CN52LFz30M3eSFovdmWe/uaOUZdICKBQTb+IgCg44QvERthSZRksnSsEjl4= Received: from PS2PR04CA0013.apcprd04.prod.outlook.com (2603:1096:300:55::25) by JH0PR02MB6869.apcprd02.prod.outlook.com (2603:1096:990:53::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7633.24; Fri, 31 May 2024 01:27:20 +0000 Received: from HK3PEPF0000021D.apcprd03.prod.outlook.com (2603:1096:300:55:cafe::ac) by PS2PR04CA0013.outlook.office365.com (2603:1096:300:55::25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7633.23 via Frontend Transport; Fri, 31 May 2024 01:27:19 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 58.252.5.68) smtp.mailfrom=oppo.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=oppo.com; Received-SPF: Pass (protection.outlook.com: domain of oppo.com designates 58.252.5.68 as permitted sender) receiver=protection.outlook.com; client-ip=58.252.5.68; helo=mail.oppo.com; pr=C Received: from mail.oppo.com (58.252.5.68) by HK3PEPF0000021D.mail.protection.outlook.com (10.167.8.39) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7633.15 via Frontend Transport; Fri, 31 May 2024 01:27:19 +0000 Received: from oppo.com (172.16.40.118) by mailappw31.adc.com (172.16.56.198) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Fri, 31 May 2024 09:27:18 +0800 Date: Fri, 31 May 2024 09:27:18 +0800 From: hailong liu To: zhaoyang.huang CC: Andrew Morton , Uladzislau Rezki , Christoph Hellwig , Lorenzo Stoakes , Baoquan He , Thomas Gleixner , , , Zhaoyang Huang , Subject: Re: [PATCHv2] mm: fix incorrect vbq reference in purge_fragmented_block Message-ID: <20240531012718.ogitylhpsrrvvczo@oppo.com> References: <20240531005007.1600287-1-zhaoyang.huang@unisoc.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Disposition: inline In-Reply-To: <20240531005007.1600287-1-zhaoyang.huang@unisoc.com> X-Originating-IP: [172.16.40.118] X-ClientProxiedBy: mailappw31.adc.com (172.16.56.198) To mailappw31.adc.com (172.16.56.198) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: HK3PEPF0000021D:EE_|JH0PR02MB6869:EE_ X-MS-Office365-Filtering-Correlation-Id: 8d782c7f-d592-44fa-6f3f-08dc8110d093 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230031|36860700004|7416005|376005|1800799015|82310400017; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?X6x/HTouiH88Od/MR30Q+4TjTGu1hgP/HlRxrfcQ4IWeHAMIjhYgDl7RPI8p?= =?us-ascii?Q?l7hj4T0PgMQq7BhA9OZuJx5AjK1u7hIb1eAUh5a/JgLN9dFZQLtKEcMsNPnx?= =?us-ascii?Q?KX/IbOyUJY+Yxho38E/9VYA9Pn3noHjrxPytGXu4FXnAqMKmhQ/x2EgxxcPZ?= =?us-ascii?Q?PpQok+eAnVYLpbLAjy6MDfNWNXL7U5SPqEWXTKJm0gw1xFqt7CqxRXU9k7c6?= =?us-ascii?Q?pRDucKPRRUKGfOXCblkEoo0tujAZr+Fk/RsJjEXep8XJJyZzw3aPJdplIFeb?= =?us-ascii?Q?e7iTGmQ3Jn9ZXRRU/dTOtGXKOXf+NTP5+ezPBdMDMn5/y8bNEb7w9W//kz3h?= =?us-ascii?Q?zy/woXwUunnyTjyYB0Jpw4tgc/gkJW0jlJn106mORiouMC0pc0ePO6SBbSYC?= =?us-ascii?Q?bBEnD1t97Ahy2BP6oMl08PorQYe8YqyqsQVZ46tHy4wRuDcqnXTl1W/EhdNh?= =?us-ascii?Q?OYD5JizegbbuEf16QMj0fwEaWuLDDvlpMF5IH2D2w/xCylLaNmD7aYpdou8t?= =?us-ascii?Q?4RnlL7fgw7qFowxkrLDcQeDVxsQ1sYetgnM/hWWKwzvwi55pTZZrvXf/+3VJ?= =?us-ascii?Q?YYFgsof6PbofuOCSDALMARoZoaMnaYQqchgFyeJoIBKF7/XagIrxDp8Jf+nx?= =?us-ascii?Q?+zUkLWymxNylYY6sdcrcPALn5xoT+LGhW/sktOWXZjHB0MFs2ShHI34DCck1?= =?us-ascii?Q?DM0q7FrgyGmzkegvP5QQmtl/wv3mClg2pyhoV4wJgpi9OsFZzv8R+F84BUa1?= =?us-ascii?Q?SGkeRrpJ7/uqXiniT5kJ6zYW6Jh9FWNm+XjxMmLi1LWCyNwI5DMj/GRQgOXi?= =?us-ascii?Q?NS4F6p5T5paEBLM7C5tpv8YbsqTU5+TcRaLLbUJxHv9xQUPlnsk89Ho20o7s?= =?us-ascii?Q?8SZOg6Nj5RoHaivX2oe1koh0So4l42gAmF+J3kYooI7HOXLvIpH7lwQNw8jz?= =?us-ascii?Q?VsRmgC2Wx/iLfGeEt/r05Pw3p5fSQ80dhhy2MjmTAWebUS8Us5flokyz2FwI?= =?us-ascii?Q?jcE44AySMOm+ZHTee3qJ5ABP8pVCvHK34bGE1h7gwJZC7yVbjmPMJCgst1us?= =?us-ascii?Q?7IibCjq90BfGUtw+YpE35t8Sdt/Q5cLVSvgXbCyRSkikkvhrcLTY/xAwdL8D?= =?us-ascii?Q?0cVDbqjwerrrl7CNtY62xMnQVqsP9c9CdNTNV59wFy1iEh5NRUMkvT4sfmvx?= =?us-ascii?Q?2itdi8J0WACrHtPlqMr6jJWkUY1lVYUSdTXQuJMXznaOTmnvikFW6S0xnHYL?= =?us-ascii?Q?2g74Y4s2OJoouDjGsNflWEzTsVbrhnaCe/RhOiW7tSDeMu/mO/MZA1lDP/98?= =?us-ascii?Q?KYsyELSCk7u78UIm+xKWWf0SxT9Q6nWk/hGBpFbNBpyIEGAchX/FHWDo6Hal?= =?us-ascii?Q?bmQ0hQD8ZagOHPYkDEtRMuqwDztw?= X-Forefront-Antispam-Report: CIP:58.252.5.68;CTRY:CN;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:mail.oppo.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(36860700004)(7416005)(376005)(1800799015)(82310400017);DIR:OUT;SFP:1101; X-OriginatorOrg: oppo.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 31 May 2024 01:27:19.6832 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 8d782c7f-d592-44fa-6f3f-08dc8110d093 X-MS-Exchange-CrossTenant-Id: f1905eb1-c353-41c5-9516-62b4a54b5ee6 X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f1905eb1-c353-41c5-9516-62b4a54b5ee6;Ip=[58.252.5.68];Helo=[mail.oppo.com] X-MS-Exchange-CrossTenant-AuthSource: HK3PEPF0000021D.apcprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: JH0PR02MB6869 X-Rspam-User: X-Rspamd-Server: rspam02 X-Rspamd-Queue-Id: C26C814001C X-Stat-Signature: 9gmc397buwe87z4iemz6ntydjziatbzp X-HE-Tag: 1717118847-980424 X-HE-Meta: U2FsdGVkX1+nhENflPimun/4PvdADxYUZz+W2x4hAT4ixw68gUQdbhAL0QVlu/DqVSI1Lai8GXwtXiyNhd1bJhZmHyu0CLP3PC374/Kq2NwRtRNSHRA2rTfRuyJlSK9c9DOoxWKe3gixSoZDuSvIXmOc5tFPYVMPb3dJHVeyfeH9nHMKnFjR1ax5pHqMvlrnax1+irTW9jBQNJtYEjwB+HwMulB2thDSHDBhfFsZtBnCID1cwL5FcAPRrTfkTYUWBxc1XQu9jAmHqdscuMeWAqMw4SSlM5W34CFtZM6x4AM2wfpwa6ptAOFWENTwj+zoAVnOqofBgbDezh/EAc0HBPRPyTV/+s/W0zlrVfQEq2BJexUeouDDqxzNtwfERbrf7Zm+8AW/sRlCsSf/Rh/WFoo6JciAaUqT8ZFYxNydRKO64ELo19GM3i1HKYJpw1UUY33lhKXasUmQgTMWN21gpIKQuyWcdqBH3JTJ/NDgmdVHp3vvpranOxFGe5Zj4gapKdZzbr4GwVPIg2E8dtvO8WmtRgK4WRcRyYRaGTjLD59dEdJGtr7RbjIIiJIYe+SdtIkVw01OM4bVgBkRSO1KYVjjppNqnkjtnNtd6QuyLlIiMsi4P+ta0ABWPdWCpCGmRdfngeMRMyy1wXkNE1OyoCUy+TFJ7Tja7/dwb9dMQUda6f0yF2SP2qgun51FnUWiwrj3Ncz3s5O/NHVIxeqD4Erh9ApC1wzXmzjgy6i+ICZp3zalQDWbwwlj07w3JPZSBqFZEyiYFjTMj5EaJHSRtdhPkcWK91r4IlZaqSmmgoiHhM8pzCBRME9obQdYgC1rdF3JWr/TZjr/j5MAC1uWT8ThENwvIETsJnpW2yb/3R9KpOVImVwcMw+LD6KlMjSCUgMdHI91QbDHXvr5sMSEQijh35ze6XSGBaeHYMRQHp4NfaHuINjgXSNWYrTIHqFQJEIbWnbOUr2BbDFJHJs Szy8jsgu 59Z2/2F/5udOSR1e9kEPqndRGXlqeIqwhVEeH4jhpOseyXMOiC8Bx1HTAXABQog2fOGHgI6D2MAYlsKOmWMkGiInNg+d+5iG2f+MNo0KkkJ/VRS4entEkGeGZVg/9HqUYrDvOr+0kv7kg66U61ZUulZ29Pbts1xLoQ6ZZw9cCBPvDpZEX5jBG5CkWCxTCaiXEcaXkz9y4V8I5j6nd1dtrOzmdOK2tOknBE86uY11jU+kU3weZ8lA6ttKPq+N6YFhxxZ7q6j9++W0baBJRSsZ1MSgCr4v+WRJhOGBXVIrQ61KOwA6WdBUamfPr7WjhtK/YZDar0BHNq/CiMgq5wCZZSTwco/u+G8nWZVpP5oSapiwejtr8e2TAV6UV3SQEfDTjPq6rjgH30cEQSzmH1QTjSlr1YNwpzgvvzuB5OindiMEtEZ2ZVxdGUXIVXIzR6O9US771Z2OfscFQFKgIOPCEuHJb6g== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Fri, 31. May 08:50, zhaoyang.huang wrote: > From: Zhaoyang Huang > > vmalloc area runs out in our ARM64 system during an erofs test as > vm_map_ram failed[1]. By following the debug log, we find that > vm_map_ram()->vb_alloc() will allocate new vb->va which corresponding > to 4MB vmalloc area as list_for_each_entry_rcu returns immediately > when vbq->free->next points to vbq->free. That is to say, 65536 times > of page fault after the list's broken will run out of the whole > vmalloc area. This should be introduced by one vbq->free->next point to > vbq->free which makes list_for_each_entry_rcu can not iterate the list > and find the BUG. > > [1] > PID: 1 TASK: ffffff80802b4e00 CPU: 6 COMMAND: "init" > #0 [ffffffc08006afe0] __switch_to at ffffffc08111d5cc > #1 [ffffffc08006b040] __schedule at ffffffc08111dde0 > #2 [ffffffc08006b0a0] schedule at ffffffc08111e294 > #3 [ffffffc08006b0d0] schedule_preempt_disabled at ffffffc08111e3f0 > #4 [ffffffc08006b140] __mutex_lock at ffffffc08112068c > #5 [ffffffc08006b180] __mutex_lock_slowpath at ffffffc08111f8f8 > #6 [ffffffc08006b1a0] mutex_lock at ffffffc08111f834 > #7 [ffffffc08006b1d0] reclaim_and_purge_vmap_areas at ffffffc0803ebc3c > #8 [ffffffc08006b290] alloc_vmap_area at ffffffc0803e83fc > #9 [ffffffc08006b300] vm_map_ram at ffffffc0803e78c0 > > Fixes: fc1e0d980037 ("mm/vmalloc: prevent stale TLBs in fully utilized blocks") > > Signed-off-by: Zhaoyang Huang > --- > v2: introduce cpu in vmap_block to record the right CPU number > --- > --- > mm/vmalloc.c | 11 +++++++---- > 1 file changed, 7 insertions(+), 4 deletions(-) > > diff --git a/mm/vmalloc.c b/mm/vmalloc.c > index 22aa63f4ef63..ca962b554fa0 100644 > --- a/mm/vmalloc.c > +++ b/mm/vmalloc.c > @@ -2458,6 +2458,7 @@ struct vmap_block { > struct list_head free_list; > struct rcu_head rcu_head; > struct list_head purge; > + unsigned int cpu; > }; > > /* Queue of free and dirty vmap blocks, for allocation and flushing purposes */ > @@ -2574,6 +2575,7 @@ static void *new_vmap_block(unsigned int order, gfp_t gfp_mask) > vb->dirty = 0; > vb->dirty_min = VMAP_BBMAP_BITS; > vb->dirty_max = 0; if task migration to other CPU at this time, this may lead to get incorrect vbq. > + vb->cpu = smp_processor_id(); > bitmap_set(vb->used_map, 0, (1UL << order)); > INIT_LIST_HEAD(&vb->free_list); > > @@ -2614,9 +2616,10 @@ static void free_vmap_block(struct vmap_block *vb) > } > > static bool purge_fragmented_block(struct vmap_block *vb, > - struct vmap_block_queue *vbq, struct list_head *purge_list, > - bool force_purge) > + struct list_head *purge_list, bool force_purge) > { > + struct vmap_block_queue *vbq = &per_cpu(vmap_block_queue, vb->cpu); > + > if (vb->free + vb->dirty != VMAP_BBMAP_BITS || > vb->dirty == VMAP_BBMAP_BITS) > return false; > @@ -2664,7 +2667,7 @@ static void purge_fragmented_blocks(int cpu) > continue; > > spin_lock(&vb->lock); > - purge_fragmented_block(vb, vbq, &purge, true); > + purge_fragmented_block(vb, &purge, true); > spin_unlock(&vb->lock); > } > rcu_read_unlock(); > @@ -2801,7 +2804,7 @@ static void _vm_unmap_aliases(unsigned long start, unsigned long end, int flush) > * not purgeable, check whether there is dirty > * space to be flushed. > */ > - if (!purge_fragmented_block(vb, vbq, &purge_list, false) && > + if (!purge_fragmented_block(vb, &purge_list, false) && > vb->dirty_max && vb->dirty != VMAP_BBMAP_BITS) { > unsigned long va_start = vb->va->va_start; > unsigned long s, e; > -- > 2.25.1 > > -- Best Regards, Hailong.