Re: [PATCH] mm/hugetlb: Don't crash when allocating a folio if there are no resv

linux-mm.kvack.org archive mirror
 help / color / mirror / Atom feed

From: Andrew Morton <akpm@linux-foundation.org>
To: "Kasireddy, Vivek" <vivek.kasireddy@intel.com>
Cc: Anshuman Khandual <anshuman.khandual@arm.com>,
	"dri-devel@lists.freedesktop.org"
	<dri-devel@lists.freedesktop.org>,
	"linux-mm@kvack.org" <linux-mm@kvack.org>,
	"syzbot+a504cb5bae4fe117ba94@syzkaller.appspotmail.com"
	<syzbot+a504cb5bae4fe117ba94@syzkaller.appspotmail.com>,
	Steve Sistare <steven.sistare@oracle.com>,
	Muchun Song <muchun.song@linux.dev>,
	"David Hildenbrand" <david@redhat.com>,
	Oscar Salvador <osalvador@suse.de>
Subject: Re: [PATCH] mm/hugetlb: Don't crash when allocating a folio if there are no resv
Date: Mon, 23 Jun 2025 16:35:46 -0700	[thread overview]
Message-ID: <20250623163546.ddb768e0833f7a19af259a43@linux-foundation.org> (raw)
In-Reply-To: <IA0PR11MB71859403C79419049C075E44F87DA@IA0PR11MB7185.namprd11.prod.outlook.com>

On Thu, 19 Jun 2025 05:30:52 +0000 "Kasireddy, Vivek" <vivek.kasireddy@intel.com> wrote:

> Hi Andrew, Anshuman,
> 
> > Subject: Re: [PATCH] mm/hugetlb: Don't crash when allocating a folio if there
> > are no resv
> > 
> > On Wed, 18 Jun 2025 12:14:49 +0530 Anshuman Khandual
> > <anshuman.khandual@arm.com> wrote:
> > 
> > > > Therefore, prevent the above crash by replacing the VM_BUG_ON()
> > > > with WARN_ON_ONCE() as there is no need to crash the system in
> > > > this situation and instead we could just warn and fail the
> > > > allocation.
> > >
> > > Why there are no reserved huge pages in such situations and also how
> > > likely this might happen ? Is it recoverable ?
> As described in the commit message above, the specific situation where this
> happens is when we try to pin memfd folios before they are faulted-in.
> Although, this is a valid thing to do, it is not the regular or the common
> use-case. Let me explain this further with the following scenarios:
> 1) hugetlbfs_file_mmap()
>     memfd_alloc_folio()
>     hugetlb_fault()
> 
> 2) memfd_alloc_folio()
>     hugetlbfs_file_mmap()
>     hugetlb_fault()
> 
> 3) hugetlbfs_file_mmap()
>     hugetlb_fault()
>         alloc_hugetlb_folio()
> 
> 3) is the most common use-case where first a memfd is allocated followed
> by mmap(), user writes/updates and then the relevant folios are pinned
> (memfd_pin_folios()). The BUG this patch is fixing occurs in 2) because we
> try to pin the folios before hugetlbfs_file_mmap() is called. So, in this
> situation we try to allocate the folios before pinning them but since we did
> not make any reservations, resv_huge_pages would be 0, leading to this issue.

Cool, thanks, I'll paste that into the changelog ;)

So if this code path is rare but expected and normal, should we be
emitting this warning at all?

> > I can't find any mailing report/discussion of this.  The Closes: takes
> > us to the syskaller report which is a bit of a dead end.
> My understanding is that the Closes tag can be associated with a URL for
> a public bugtracker like Syzkaller. Would the following be a better Closes link:
> https://lore.kernel.org/all/677928b5.050a0220.3b53b0.004d.GAE@google.com/T/

I'll add that - the more the merrier.

> > 
> > I agree with the patch - converting a BUG into a WARN+recover is a good
> > thing but as far as I can tell, we don't know what's causing this
> > situation.
> > 
> > syskaller has a C reproducer, if anyone is feeling brave.
> The udmabuf selftest added in patch #3 of the other series can also reproduce 
> this issue and is a lot simpler.
> 
> Thanks,
> Vivek

next prev parent reply	other threads:[~2025-06-23 23:35 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-06-18  5:28 Vivek Kasireddy
2025-06-18  6:44 ` Anshuman Khandual
2025-06-19  0:02   ` Andrew Morton
2025-06-19  5:30     ` Kasireddy, Vivek
2025-06-23 23:35       ` Andrew Morton [this message]
2025-06-25 14:18         ` Kasireddy, Vivek
2025-06-25 20:46           ` Andrew Morton
2025-06-19 13:53 ` Oscar Salvador
2025-06-21  2:02   ` Kasireddy, Vivek

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20250623163546.ddb768e0833f7a19af259a43@linux-foundation.org \
    --to=akpm@linux-foundation.org \
    --cc=anshuman.khandual@arm.com \
    --cc=david@redhat.com \
    --cc=dri-devel@lists.freedesktop.org \
    --cc=linux-mm@kvack.org \
    --cc=muchun.song@linux.dev \
    --cc=osalvador@suse.de \
    --cc=steven.sistare@oracle.com \
    --cc=syzbot+a504cb5bae4fe117ba94@syzkaller.appspotmail.com \
    --cc=vivek.kasireddy@intel.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox