From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 889A1C3DA59 for ; Tue, 16 Jul 2024 02:34:41 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 18BE66B0096; Mon, 15 Jul 2024 22:34:41 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 13BE06B0098; Mon, 15 Jul 2024 22:34:41 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 02AAE6B0099; Mon, 15 Jul 2024 22:34:40 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id D90556B0096 for ; Mon, 15 Jul 2024 22:34:40 -0400 (EDT) Received: from smtpin14.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id 699071212DD for ; Tue, 16 Jul 2024 02:34:40 +0000 (UTC) X-FDA: 82344047520.14.2527EA1 Received: from szxga05-in.huawei.com (szxga05-in.huawei.com [45.249.212.191]) by imf28.hostedemail.com (Postfix) with ESMTP id 9B30FC000B for ; Tue, 16 Jul 2024 02:34:37 +0000 (UTC) Authentication-Results: imf28.hostedemail.com; dkim=none; dmarc=pass (policy=quarantine) header.from=huawei.com; spf=pass (imf28.hostedemail.com: domain of linmiaohe@huawei.com designates 45.249.212.191 as permitted sender) smtp.mailfrom=linmiaohe@huawei.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1721097247; a=rsa-sha256; cv=none; b=zOuwtj63+HiKoh6I2DR3czTM838jWNWgTKCI/QZHoGtOXuw39h4zcrjpV/eeIUkYBOfJ7v 8ODnKq+9dTkjoJjPdEB5P7nndSTmJNQhUhtnFZz8SkmTiIUxO9UZPpHlmiOBG0PzGrSJVL KFT9CVS1IdtbFg+enaLtpWUgYzT6j1Y= ARC-Authentication-Results: i=1; imf28.hostedemail.com; dkim=none; dmarc=pass (policy=quarantine) header.from=huawei.com; spf=pass (imf28.hostedemail.com: domain of linmiaohe@huawei.com designates 45.249.212.191 as permitted sender) smtp.mailfrom=linmiaohe@huawei.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1721097247; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=971l+1a5U2bYSu3/1hWt+uDQcGSSWvNKMBl4K7y55QA=; b=Fu3X0uwtkELaQLW/p4zmsohzfVKVPzPMcLXRMadgo964bSvcQ6K1lV3OKNzDJqlnYmIo1Q Ebxmi/5mIB7W0b9CjVIZcBT041NoBi5QToVG0X0BypYxHltSGHilhVjdLZuA+8uIXdUIPh EZ7+0v4P5/7aAAySTH6lt26P+l/nWkQ= Received: from mail.maildlp.com (unknown [172.19.163.44]) by szxga05-in.huawei.com (SkyGuard) with ESMTP id 4WNNMX3G1Bz28fT0; Tue, 16 Jul 2024 10:30:16 +0800 (CST) Received: from kwepemd200019.china.huawei.com (unknown [7.221.188.193]) by mail.maildlp.com (Postfix) with ESMTPS id B12B1140120; Tue, 16 Jul 2024 10:34:33 +0800 (CST) Received: from [10.173.127.72] (10.173.127.72) by kwepemd200019.china.huawei.com (7.221.188.193) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1544.11; Tue, 16 Jul 2024 10:34:33 +0800 Subject: Re: [PATCH] mm/memory-failure: fix VM_BUG_ON_PAGE(PagePoisoned(page)) when unpoison memory To: David Hildenbrand , Andrew Morton CC: , , References: <20240712064249.3882707-1-linmiaohe@huawei.com> <20240712140921.9aa90b18d22e67417d59dfc1@linux-foundation.org> <8fe349f9-d3d3-65ab-6045-da0bd19249ea@huawei.com> <00e18339-d911-4332-8732-e31bcecbf823@redhat.com> From: Miaohe Lin Message-ID: <5f8107e2-2b37-d899-f7f2-5a6093d8b089@huawei.com> Date: Tue, 16 Jul 2024 10:34:32 +0800 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.6.0 MIME-Version: 1.0 In-Reply-To: <00e18339-d911-4332-8732-e31bcecbf823@redhat.com> Content-Type: text/plain; charset="utf-8" Content-Language: en-US Content-Transfer-Encoding: 8bit X-Originating-IP: [10.173.127.72] X-ClientProxiedBy: dggems706-chm.china.huawei.com (10.3.19.183) To kwepemd200019.china.huawei.com (7.221.188.193) X-Rspamd-Server: rspam12 X-Rspamd-Queue-Id: 9B30FC000B X-Stat-Signature: zirrzh8zfrx9b8nwqr7c8bk7a69r85s3 X-Rspam-User: X-HE-Tag: 1721097277-451590 X-HE-Meta: U2FsdGVkX1/irNrsaOPkM9BDWzTXsvHOpXnqd4uSLzHhww8UrtROsVc1wsWdR/QynLcSz/QqvJNV46NFJGWDo4rlbq6YOt0lKsZSKG6F9H+2NyBg6dRgX0uBBnvk3xIq0tKSlahzOttNnX+Hlr+vjb9dMfytOtF3j9vA6D/889ow5FLD4IduPpdwV60YCCYz9UufiZVxvJvM1PpMAS9XbDH+g1wlSYfXMxM/RthRojEvCJgem9z/3AnXZeL5gYSEp6dLAgzAElqixdJtguF9W5SaexBX+iGEQQyossShGIge7I+oJEDvcF1CLhwcgg+Z/nXVmaso8CYAVuHWy5mdxj6iADzBXLBjBCqY+wcti7UWXY+Zlx0uJR9UAONJRQnzwgISCDHNUlsC/rx4DV3MSZLzsMV8oLuLXHPKl7KbL09fP60yV2Lrd7xPOrnnAf1lE9t3xDB2kfE6hTMCT7YrG+ufvQovupz7QWRioUo2Z9a05AMkjaf4xp130CRO3JpVwMz73ydYRKItupIq3kg6zsFbND1TtxfjEFSjdAJ5vI2yRSjgLkxZIHtzJzzDCyIUvmQSBKBkuWssmfhKm9rhOx6agWjOY0DA1Ho8wKuLOK0w5pMlJR6Pm4h+w39n4FMXciv0nHpChmQWyQf5+DYTcZEhXvFBV9cgx0rnGJ7COIiN0X1m+Kaak2HKlY0fvwd5fj5DD7vtPE16DoZE9cEjzzS46lbnoOyQ+seM38KYyPCJ3is/xXGLTHJAQ3vL4Yj55XsM5LlNGxQ4dfr5jcI/YKp7iETjSjbIcUpWTQYAVxIr/Vp1bVki9/dyp2A3O27vSg9v/zCr4AKNOMRf/ylzmwt65tXAKZyH1VQlwHzUtsSSQLO/xBAdCgBFRctaRP99Tp2EYlo/i1Qp6o2TcFhPelb3uPKGihVayYOHngj104xKaesAXjlAXJH6cad1CSxfGEcwqdlnVeGjUoCOtrP zMJnBbDO /cPyWG9kOkKssCLip+zdzbnfp5+S/rwxYxN/2dTSCLOMFxFRnQRSCc/W1kwxxkaUsSbJ9+8FyNXZvSe8+eWKcvfCTK/zerY4kh+eRDJZYJ+hJWJxEvuAOkAOxioqQ6gbKsba+mX/ufXbPH/vmBrmaRP494bv/x/huj0P8gbIu+jJv1pbeyfBOUjMqE1MdIdmd21kMOUflhUwP4+tVx/Gx+oAGM614smHbLB7BREG2Y8Eb5Z01Ubu7mtINjD5OUpUUR3tYL1r4Twcd6PtzZZqTQzEY9ZCP7gaxGgCi X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On 2024/7/16 0:16, David Hildenbrand wrote: > On 15.07.24 08:23, Miaohe Lin wrote: >> On 2024/7/13 5:09, Andrew Morton wrote: >>> On Fri, 12 Jul 2024 14:42:49 +0800 Miaohe Lin wrote: >>> >>>> When I did memory failure tests recently, below panic occurs: >>>> >>>> page dumped because: VM_BUG_ON_PAGE(PagePoisoned(page)) >>>> kernel BUG at include/linux/page-flags.h:616! >>>> Oops: invalid opcode: 0000 [#1] PREEMPT SMP NOPTI >>>> CPU: 3 PID: 720 Comm: bash Not tainted 6.10.0-rc1-00195-g148743902568 #40 >>>> RIP: 0010:unpoison_memory+0x2f3/0x590 >>>> RSP: 0018:ffffa57fc8787d60 EFLAGS: 00000246 >>>> RAX: 0000000000000037 RBX: 0000000000000009 RCX: ffff9be25fcdc9c8 >>>> RDX: 0000000000000000 RSI: 0000000000000027 RDI: ffff9be25fcdc9c0 >>>> RBP: 0000000000300000 R08: ffffffffb4956f88 R09: 0000000000009ffb >>>> R10: 0000000000000284 R11: ffffffffb4926fa0 R12: ffffe6b00c000000 >>>> R13: ffff9bdb453dfd00 R14: 0000000000000000 R15: fffffffffffffffe >>>> FS:  00007f08f04e4740(0000) GS:ffff9be25fcc0000(0000) knlGS:0000000000000000 >>>> CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033 >>>> CR2: 0000564787a30410 CR3: 000000010d4e2000 CR4: 00000000000006f0 >>>> Call Trace: >>>>   >>>>   unpoison_memory+0x2f3/0x590 >>>>   simple_attr_write_xsigned.constprop.0.isra.0+0xb3/0x110 >>>>   debugfs_attr_write+0x42/0x60 >>>>   full_proxy_write+0x5b/0x80 >>>>   vfs_write+0xd5/0x540 >>>>   ksys_write+0x64/0xe0 >>>>   do_syscall_64+0xb9/0x1d0 >>>>   entry_SYSCALL_64_after_hwframe+0x77/0x7f >>>> RIP: 0033:0x7f08f0314887 >>>> RSP: 002b:00007ffece710078 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 >>>> RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 00007f08f0314887 >>>> RDX: 0000000000000009 RSI: 0000564787a30410 RDI: 0000000000000001 >>>> RBP: 0000564787a30410 R08: 000000000000fefe R09: 000000007fffffff >>>> R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000009 >>>> R13: 00007f08f041b780 R14: 00007f08f0417600 R15: 00007f08f0416a00 >>>>   >>>> Modules linked in: hwpoison_inject >>>> ---[ end trace 0000000000000000 ]--- >>>> RIP: 0010:unpoison_memory+0x2f3/0x590 >>>> RSP: 0018:ffffa57fc8787d60 EFLAGS: 00000246 >>>> RAX: 0000000000000037 RBX: 0000000000000009 RCX: ffff9be25fcdc9c8 >>>> RDX: 0000000000000000 RSI: 0000000000000027 RDI: ffff9be25fcdc9c0 >>>> RBP: 0000000000300000 R08: ffffffffb4956f88 R09: 0000000000009ffb >>>> R10: 0000000000000284 R11: ffffffffb4926fa0 R12: ffffe6b00c000000 >>>> R13: ffff9bdb453dfd00 R14: 0000000000000000 R15: fffffffffffffffe >>>> FS:  00007f08f04e4740(0000) GS:ffff9be25fcc0000(0000) knlGS:0000000000000000 >>>> CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033 >>>> CR2: 0000564787a30410 CR3: 000000010d4e2000 CR4: 00000000000006f0 >>>> Kernel panic - not syncing: Fatal exception >>>> Kernel Offset: 0x31c00000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) >>>> ---[ end Kernel panic - not syncing: Fatal exception ]--- >>>> >>>> The root cause is that unpoison_memory() tries to check the PG_HWPoison >>>> flags of an uninitialized page. So VM_BUG_ON_PAGE(PagePoisoned(page)) is >>>> triggered. >>> >>> I'm not seeing the call path.  Is this BUG happening via >>> >>> static __always_inline void __ClearPage##uname(struct page *page)    \ >>> {                                    \ >>>     VM_BUG_ON_PAGE(!Page##uname(page), page);            \ >>>     page->page_type |= PG_##lname;                    \ >>> } >>> >>> ? >>> >>> If so, where's the callsite? >> >> It is BUG on PF_ANY(): >> >> PAGEFLAG(HWPoison, hwpoison, PF_ANY) >> >> #define PF_ANY(page, enforce)    PF_POISONED_CHECK(page) >> >> #define PF_POISONED_CHECK(page) ({                    \ >>     VM_BUG_ON_PGFLAGS(PagePoisoned(page), page);        \ >>     page; }) >> >> #define    PAGE_POISON_PATTERN    -1l >> static inline int PagePoisoned(const struct page *page) >> { >>     return READ_ONCE(page->flags) == PAGE_POISON_PATTERN; >> } >> >> The offlined pages will have page->flags set to PAGE_POISON_PATTERN while pfn is still valid: >> >> offline_pages >>    remove_pfn_range_from_zone >>      page_init_poison >>        memset(page, PAGE_POISON_PATTERN, size); > > Worth noting that this happens after __offline_isolated_pages() marked the covering sections as offline. > > Are we missing a pfn_to_online_page() check somewhere, or are we racing with offlining code that marks the section offline? I was thinking about to use pfn_to_online_page() instead of pfn_to_page() in unpoison_memory() so we can get rid of offlined pages. But there're ZONE_DEVICE pages. They're not-onlined too. And unpoison_memory() should work for them. So we can't simply use pfn_to_online_page() in that. Or am I miss something? Thanks. .