From: Linus Torvalds <torvalds@linux-foundation.org>
To: Pavel Tatashin <pasha.tatashin@oracle.com>
Cc: Andrew Morton <akpm@linux-foundation.org>,
Thomas Gleixner <tglx@linutronix.de>,
Matthew Wilcox <willy@infradead.org>,
Ingo Molnar <mingo@redhat.com>, Jens Axboe <axboe@kernel.dk>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
David Miller <davem@davemloft.net>,
Al Viro <viro@zeniv.linux.org.uk>,
Dave Airlie <airlied@gmail.com>, Tejun Heo <tj@kernel.org>,
Ted Ts'o <tytso@google.com>, Mike Snitzer <snitzer@redhat.com>,
linux-mm <linux-mm@kvack.org>, Daniel Vacek <neelx@redhat.com>,
Mel Gorman <mgorman@techsingularity.net>
Subject: Re: Instability in current -git tree
Date: Fri, 13 Jul 2018 19:40:37 -0700 [thread overview]
Message-ID: <CA+55aFwPAwczHS3XKkEnjY02PaDf2mWrcqx_hket4Ce3nScsSg@mail.gmail.com> (raw)
In-Reply-To: <5edf2d71-f548-98f9-16dd-b7fed29f4869@oracle.com>
On Fri, Jul 13, 2018 at 5:47 PM Pavel Tatashin
<pasha.tatashin@oracle.com> wrote:
>
> The commit intends to zero memmap (struct pages) for every hole in
> e820 ranges by marking them reserved in memblock. Later
> zero_resv_unavail() walks through memmap ranges and zeroes struct
> pages for every page that is reserved, but does not have a physical
> backing known by kernel.
Ahh. That just looks incoredibly buggy.
You can't just memset() the 'struct page' to zero after it's been set up.
That also zeroes page->flags, but page->flags contains things like the
zone and node ID.
That would explain the completely bogus "DMA" zone. That's not the
real zone, it's just that page_zonenr() returns 0 because of an
incorrect clearing of page->flags.
And it would also completely bugger pfn_to_page() for
CONFIG_DISCONTIGMEM, because the way that works is that it looks up
the node using page_to_nid(), and then looks up the pfn by using the
per-node pglist_data ->node_mem_map (that the 'struct page' is
supposed to be a pointer into).
So zerong the page->flags after it has been set up is completely wrong
as far as I can see. It literally invalidates 'struct page' and makes
various core VM function assumptions stop working.
As an example, it makes "page_to_pfn -> pfn_to_page" not be the
identity transformation, which could result in totally random
behavior.
And it definitely explains the whole "oh, now the zone ID doesn't
match" issue. It &*should* have been zone #1 ("DMA32"), but it got
cleared and that made it zone #0 ("DMA").
So yeah, this looks like the cause of it. And it could result in any
number of really odd problems, so this could easily explain the syzbot
failures and reboots at bootup too. Who knows what happens when
pfn_to_page() doesn't work any more.
Should we perhaps just revert
124049decbb1 x86/e820: put !E820_TYPE_RAM regions into memblock.reserved
f7f99100d8d9 mm: stop zeroing memory during allocation in vmemmap
it still reverts fairly cleanly (there's a trivial conflict with the
older commit).
Linus
next prev parent reply other threads:[~2018-07-14 2:40 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <CA+55aFyARQV302+mXNYznrOOjzW+yxbcv+=OkD43dG6G1ktoMQ@mail.gmail.com>
[not found] ` <alpine.DEB.2.21.1807140031440.2644@nanos.tec.linutronix.de>
[not found] ` <CA+55aFzBx1haeM2QSFvhaW2t_HVK78Y=bKvsiJmOZztwkZ-y7Q@mail.gmail.com>
[not found] ` <CA+55aFzVGa57apuzDMBLgWQQRcm3BNBs1UEg-G_2o7YW1i=o2Q@mail.gmail.com>
[not found] ` <CA+55aFy9NJZeqT7h_rAgbKUZLjzfxvDPwneFQracBjVhY53aQQ@mail.gmail.com>
2018-07-13 23:48 ` Andrew Morton
2018-07-13 23:51 ` Linus Torvalds
2018-07-13 23:58 ` Andrew Morton
2018-07-14 0:19 ` Pavel Tatashin
2018-07-14 0:28 ` Linus Torvalds
2018-07-14 0:46 ` Pavel Tatashin
2018-07-14 2:40 ` Linus Torvalds [this message]
2018-07-14 3:03 ` Pavel Tatashin
2018-07-14 3:25 ` Linus Torvalds
2018-07-14 3:28 ` Pavel Tatashin
2018-07-14 13:39 ` Pavel Tatashin
2018-07-14 17:11 ` Linus Torvalds
2018-07-14 17:29 ` Linus Torvalds
2018-07-16 12:06 ` Michal Hocko
2018-07-16 12:09 ` Pavel Tatashin
2018-07-16 12:29 ` Michal Hocko
2018-07-16 13:26 ` Pavel Tatashin
2018-07-16 14:12 ` Michal Hocko
2018-07-16 13:39 ` Oscar Salvador
2018-07-14 3:04 ` Linus Torvalds
2018-07-14 0:20 ` Linus Torvalds
2018-07-14 9:28 ` Ard Biesheuvel
2018-07-17 2:59 ` Ard Biesheuvel
2018-07-17 3:14 ` Ard Biesheuvel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CA+55aFwPAwczHS3XKkEnjY02PaDf2mWrcqx_hket4Ce3nScsSg@mail.gmail.com \
--to=torvalds@linux-foundation.org \
--cc=airlied@gmail.com \
--cc=akpm@linux-foundation.org \
--cc=axboe@kernel.dk \
--cc=davem@davemloft.net \
--cc=gregkh@linuxfoundation.org \
--cc=linux-mm@kvack.org \
--cc=mgorman@techsingularity.net \
--cc=mingo@redhat.com \
--cc=neelx@redhat.com \
--cc=pasha.tatashin@oracle.com \
--cc=snitzer@redhat.com \
--cc=tglx@linutronix.de \
--cc=tj@kernel.org \
--cc=tytso@google.com \
--cc=viro@zeniv.linux.org.uk \
--cc=willy@infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox