From: Andrew Morton <akpm@linux-foundation.org>
To: Jinjiang Tu <tujinjiang@huawei.com>
Cc: <muchun.song@linux.dev>, <osalvador@suse.de>, <david@kernel.org>,
<linmiaohe@huawei.com>, <nao.horiguchi@gmail.com>,
<linux-mm@kvack.org>, <wangkefeng.wang@huawei.com>,
<sunnanyong@huawei.com>
Subject: Re: [PATCH v2] mm/hugetlb: fix memory offline failure due to hwpoisoned file hugetlb
Date: Mon, 30 Mar 2026 21:18:48 -0700 [thread overview]
Message-ID: <20260330211848.a838814f501463ea8f003aec@linux-foundation.org> (raw)
In-Reply-To: <20260321021031.2240780-1-tujinjiang@huawei.com>
On Sat, 21 Mar 2026 10:10:31 +0800 Jinjiang Tu <tujinjiang@huawei.com> wrote:
> When a file hugetlb folio triggers UCE, me_huge_page() will keep the
> hugetlb folio in pagcahe with refcount increased and PG_hwpoison set. Even
> after the hugetlb file is deleted, the hugetlb folio is still leaked.
>
> If we want to offline the memory block that the hwpoisoned hugetlb folio
> belongs to, it fails in dissolve_free_hugetlb_folios() due to the
> hwpoisoned hugetlb folio isn't free.
>
> I can reproduce this issue with the following steps in qemu:
> 1) echo offline >/sys/devices/system/memory/auto_online_blocks
> 2) in qemu monitor:
> object_add memory-backend-ram,id=mem10,size=1G
> device_add pc-dimm,id=dimm1,memdev=mem10,node=2
> 3) echo online_movable > /sys/devices/system/node/node2/memory136/state
> 4) echo 5 > /sys/devices/system/node/node2/hugepages/hugepages-2048kB/nr_hugepages
> 5) run ./hugetlb_file. This process will receive SIGBUS.
> 6) remove the hugetlbfs file.
> 7) echo offline > /sys/devices/system/node/node2/memory136/state
>
> hugetlb_file.c:
> fd = open("/dev/hugepages/my_hugepage_file", O_CREAT | O_RDWR, 0755);
> fallocate(fd, 0, 0, HUGEPAGE_SIZE * 2);
> addr = mmap(NULL, HUGEPAGE_SIZE * 2, PROT_READ | PROT_WRITE,
> MAP_SHARED | MAP_HUGETLB, fd, 0);
> memset(addr, 0xaa, HUGEPAGE_SIZE * 2);
> madvise(addr, HUGEPAGE_SIZE, MADV_HWPOISON);
>
> To fix it, force to put ref of hwpoisoned hugetlb in memory offline, the
> hwpoisoned hugetlb will be freed and succeeds to be dissolved. We couldn't
> avoid races here, just like commit b023f46813cd ("memory-hotplug: skip
> HWPoisoned page when offlining pages"), which force to skip hwpoisoned
> page regardless of refcount.
Well, David sounds skeptical, although discussion petered out a week
ago. We haven't heard from Miahoe or Muchun and the AI review might be
seeing some issues
(https://sashiko.dev/#/patchset/20260321021031.2240780-1-tujinjiang@huawei.com).
So I'll drop this one.
Please feel free to resend after -rc1 if you feel this is a desirable
change. When doing so, please review the concerns which have been
raised thus far and attempt to address those within the updated
changelog.
Thanks.
prev parent reply other threads:[~2026-03-31 4:18 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-21 2:10 Jinjiang Tu
2026-03-21 2:50 ` Andrew Morton
2026-03-23 12:14 ` David Hildenbrand (Arm)
2026-03-24 6:41 ` Jinjiang Tu
2026-03-24 8:00 ` David Hildenbrand (Arm)
2026-03-31 4:18 ` Andrew Morton [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260330211848.a838814f501463ea8f003aec@linux-foundation.org \
--to=akpm@linux-foundation.org \
--cc=david@kernel.org \
--cc=linmiaohe@huawei.com \
--cc=linux-mm@kvack.org \
--cc=muchun.song@linux.dev \
--cc=nao.horiguchi@gmail.com \
--cc=osalvador@suse.de \
--cc=sunnanyong@huawei.com \
--cc=tujinjiang@huawei.com \
--cc=wangkefeng.wang@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox