From: David Hildenbrand <david@redhat.com>
To: Yang Shi <shy828301@gmail.com>, Xu Yu <xuyu@linux.alibaba.com>
Cc: "Linux MM" <linux-mm@kvack.org>,
"HORIGUCHI NAOYA(堀口 直也)" <naoya.horiguchi@nec.com>,
"Andrew Morton" <akpm@linux-foundation.org>,
"Miaohe Lin" <linmiaohe@huawei.com>,
"Oscar Salvador" <osalvador@suse.de>
Subject: Re: [PATCH v2] mm/memory-failure.c: skip huge_zero_page in memory_failure()
Date: Thu, 21 Apr 2022 11:03:23 +0200 [thread overview]
Message-ID: <47144bd6-4de0-26e3-a993-6075714e7f33@redhat.com> (raw)
In-Reply-To: <CAHbLzkq3Nv+F5p22KMyb1kAWmLw5vj5nVGr2cMHAeVYePhCgLg@mail.gmail.com>
On 21.04.22 01:38, Yang Shi wrote:
> On Tue, Apr 12, 2022 at 8:11 AM Xu Yu <xuyu@linux.alibaba.com> wrote:
>>
>> Kernel panic when injecting memory_failure for the global huge_zero_page,
>> when CONFIG_DEBUG_VM is enabled, as follows.
>>
>> [ 5.582720] Injecting memory failure for pfn 0x109ff9 at process virtual address 0x20ff9000
>> [ 5.583786] page:00000000fb053fc3 refcount:2 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109e00
>> [ 5.584900] head:00000000fb053fc3 order:9 compound_mapcount:0 compound_pincount:0
>> [ 5.585796] flags: 0x17fffc000010001(locked|head|node=0|zone=2|lastcpupid=0x1ffff)
>> [ 5.586712] raw: 017fffc000010001 0000000000000000 dead000000000122 0000000000000000
>> [ 5.587640] raw: 0000000000000000 0000000000000000 00000002ffffffff 0000000000000000
>> [ 5.588565] page dumped because: VM_BUG_ON_PAGE(is_huge_zero_page(head))
>> [ 5.589398] ------------[ cut here ]------------
>> [ 5.589952] kernel BUG at mm/huge_memory.c:2499!
>> [ 5.590516] invalid opcode: 0000 [#1] PREEMPT SMP PTI
>> [ 5.591120] CPU: 6 PID: 553 Comm: split_bug Not tainted 5.18.0-rc1+ #11
>> [ 5.591904] Hardware name: Alibaba Cloud Alibaba Cloud ECS, BIOS 3288b3c 04/01/2014
>> [ 5.592817] RIP: 0010:split_huge_page_to_list+0x66a/0x880
>> [ 5.593469] Code: 84 9b fb ff ff 48 8b 7c 24 08 31 f6 e8 9f 5d 2a 00 b8 b8 02 00 00 e9 e8 fb ff ff 48 c7 c6 e8 47 3c 82 4c b
>> [ 5.595806] RSP: 0018:ffffc90000dcbdf8 EFLAGS: 00010246
>> [ 5.596434] RAX: 000000000000003c RBX: 0000000000000001 RCX: 0000000000000000
>> [ 5.597322] RDX: 0000000000000000 RSI: ffffffff823e4c4f RDI: 00000000ffffffff
>> [ 5.598162] RBP: ffff88843fffdb40 R08: 0000000000000000 R09: 00000000fffeffff
>> [ 5.598999] R10: ffffc90000dcbc48 R11: ffffffff82d68448 R12: ffffea0004278000
>> [ 5.599849] R13: ffffffff823c6203 R14: 0000000000109ff9 R15: ffffea000427fe40
>> [ 5.600693] FS: 00007fc375a26740(0000) GS:ffff88842fd80000(0000) knlGS:0000000000000000
>> [ 5.601640] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
>> [ 5.602304] CR2: 00007fc3757c9290 CR3: 0000000102174006 CR4: 00000000003706e0
>> [ 5.603139] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
>> [ 5.603977] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
>> [ 5.604806] Call Trace:
>> [ 5.605101] <TASK>
>> [ 5.605357] ? __irq_work_queue_local+0x39/0x70
>> [ 5.605904] try_to_split_thp_page+0x3a/0x130
>> [ 5.606430] memory_failure+0x128/0x800
>> [ 5.606888] madvise_inject_error.cold+0x8b/0xa1
>> [ 5.607444] __x64_sys_madvise+0x54/0x60
>> [ 5.607915] do_syscall_64+0x35/0x80
>> [ 5.608347] entry_SYSCALL_64_after_hwframe+0x44/0xae
>> [ 5.608949] RIP: 0033:0x7fc3754f8bf9
>> [ 5.609374] Code: 01 00 48 81 c4 80 00 00 00 e9 f1 fe ff ff 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 8
>> [ 5.611554] RSP: 002b:00007ffeda93a1d8 EFLAGS: 00000217 ORIG_RAX: 000000000000001c
>> [ 5.612441] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc3754f8bf9
>> [ 5.613269] RDX: 0000000000000064 RSI: 0000000000003000 RDI: 0000000020ff9000
>> [ 5.614108] RBP: 00007ffeda93a200 R08: 0000000000000000 R09: 0000000000000000
>> [ 5.614946] R10: 00000000ffffffff R11: 0000000000000217 R12: 0000000000400490
>> [ 5.615787] R13: 00007ffeda93a2e0 R14: 0000000000000000 R15: 0000000000000000
>> [ 5.616626] </TASK>
>>
>> This makes huge_zero_page bail out explicitly before split in
>> memory_failure(), thus the panic above won't happen again.
>
> Skipping huge_zero_page in error injection is ok to me, but I'm
> actually wondering whether raising BUG is overkilling for splitting
> huge_zero_page or not. Returning -EBUSY should be totally fine.
I tend to agree. Just failing with -EBUSY might be cleaner. Most
probably we want to catch any bogus code here that does something we
don't really expect -- splitting the huge zeropage makes 0 sense.
--
Thanks,
David / dhildenb
next prev parent reply other threads:[~2022-04-21 9:03 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-04-12 15:11 Xu Yu
2022-04-12 20:01 ` Andrew Morton
2022-04-15 6:16 ` HORIGUCHI NAOYA(堀口 直也)
2022-04-16 1:47 ` Miaohe Lin
2022-04-20 23:38 ` Yang Shi
2022-04-21 9:03 ` David Hildenbrand [this message]
2022-04-21 11:18 ` Anshuman Khandual
2022-04-21 17:53 ` Yang Shi
2022-04-22 1:00 ` HORIGUCHI NAOYA(堀口 直也)
2022-04-22 3:27 ` Yu Xu
2022-04-22 16:03 ` Yang Shi
2022-04-22 17:37 ` Yu Xu
2022-04-22 17:58 ` Yang Shi
2022-04-21 11:15 ` Anshuman Khandual
2022-04-23 3:16 ` Yu Xu
2022-04-25 14:16 ` HORIGUCHI NAOYA(堀口 直也)
2022-04-26 6:48 ` Anshuman Khandual
2022-04-26 6:58 ` HORIGUCHI NAOYA(堀口 直也)
2022-05-02 5:59 ` Anshuman Khandual
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=47144bd6-4de0-26e3-a993-6075714e7f33@redhat.com \
--to=david@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=linmiaohe@huawei.com \
--cc=linux-mm@kvack.org \
--cc=naoya.horiguchi@nec.com \
--cc=osalvador@suse.de \
--cc=shy828301@gmail.com \
--cc=xuyu@linux.alibaba.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox