From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id A0390C433FE for ; Mon, 6 Dec 2021 18:45:53 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 317466B007B; Mon, 6 Dec 2021 13:45:43 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 2ED196B007E; Mon, 6 Dec 2021 13:45:43 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 1B5346B0080; Mon, 6 Dec 2021 13:45:43 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0019.hostedemail.com [216.40.44.19]) by kanga.kvack.org (Postfix) with ESMTP id 0E0A96B007B for ; Mon, 6 Dec 2021 13:45:43 -0500 (EST) Received: from smtpin27.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay01.hostedemail.com (Postfix) with ESMTP id C8D201815A4A1 for ; Mon, 6 Dec 2021 18:45:32 +0000 (UTC) X-FDA: 78888247704.27.F2EAE28 Received: from mail-ed1-f47.google.com (mail-ed1-f47.google.com [209.85.208.47]) by imf05.hostedemail.com (Postfix) with ESMTP id 884A3100003 for ; Mon, 6 Dec 2021 18:45:32 +0000 (UTC) Received: by mail-ed1-f47.google.com with SMTP id y13so46810443edd.13 for ; Mon, 06 Dec 2021 10:45:32 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=41srTfGlpmehHbwCLS1GDP+h5wFdKS7hsnX5LLmG86s=; b=eXDg6LoKQorLywqL78L+ebDdU1ljYhE26JEcTS7Sbt4q6p5ThMcQWAMkcZIp8mQOJU HaQH4nLYGwVakrpHwGbQSeRJqnH74i3wgAadZBIEi1nnz1c+LF++uGtJc2bH23w8ibUL 4Ls9dkZDu5z33VHYeE9xJML0zqUJ3EGiLOGnseDhH1ixjxoVWejKqbbaXFEkdZqPJwrX R6bt/IgTRrhbxySd6vrhB4MDuyMV2O5jrThBPYPPo77LsHJ7mFQpYZQ+myJu1yTHPyYV DKpuqNjX/NrLlFOi9+CJuyYMnAgsPP7vbVa/spYVxHPYccwXbA9hgTr8m6k5C8kw6wMY X/Sg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=41srTfGlpmehHbwCLS1GDP+h5wFdKS7hsnX5LLmG86s=; b=3Dh0bIfKAw8EmEq4TAybnZ9jhRNy0UjOSCxdMTBzSmZcT7P1K8ezBCgQe+n3PauYvC m+lf0ajTA7atuacAZGJVZQvtNmmQSNN/tKOwKbD05NQYVjo80vuvySUFjFthWj36DIJi RTSB0w6UAK8e8cZM3WIJ5yiFcibGNMotCu2GG/ZNRfEDSaLHNcn9RrH5ZKMR9dK4jHA1 YVO401txGRrcK4J9P/Kk0MdQ5JQHy1Yj9WKOUhH9p2PUdiau51o94s/q0Ks1KMvgMFXO xrevtvozs5jBqWnHzy0fHp6UgrGdeI111Uzutq4WHsaqFNiw2Yl2yu0wibnA46RDrQcp 5Amg== X-Gm-Message-State: AOAM5301pWi1ecLPAl8nIE9/tBSLm8aRCZJF/+lLT/HREd9saBWCNDN9 2gRBo5ji3uKPHn5I6tMVgsxae9UqB4LFuMoU5zUEiWZSjdw= X-Google-Smtp-Source: ABdhPJyRLG3PGoi6znWxe/JyociTUb66Zzsvm7EmV4RN4Ro1h8iAhdSQUTYaj00vAYyvqoqqhxsnre6YVPkXHlxmTa0= X-Received: by 2002:a17:906:4787:: with SMTP id cw7mr50552630ejc.311.1638816331464; Mon, 06 Dec 2021 10:45:31 -0800 (PST) MIME-Version: 1.0 References: <20211206033338.743270-1-npache@redhat.com> <20211206033338.743270-3-npache@redhat.com> In-Reply-To: <20211206033338.743270-3-npache@redhat.com> From: Yang Shi Date: Mon, 6 Dec 2021 10:45:19 -0800 Message-ID: Subject: Re: [RFC PATCH 2/2] mm/vmscan.c: Prevent allocating shrinker_info on offlined nodes To: Nico Pache Cc: Linux Kernel Mailing List , Linux MM , Andrew Morton , Shakeel Butt , Kirill Tkhai , Roman Gushchin , Vlastimil Babka , Vladimir Davydov , raquini@redhat.com Content-Type: text/plain; charset="UTF-8" X-Rspamd-Server: rspam03 X-Rspamd-Queue-Id: 884A3100003 X-Stat-Signature: c7eqondkpu6ggc5fry4hjtc6ktn4xt5p Authentication-Results: imf05.hostedemail.com; dkim=pass header.d=gmail.com header.s=20210112 header.b=eXDg6LoK; spf=pass (imf05.hostedemail.com: domain of shy828301@gmail.com designates 209.85.208.47 as permitted sender) smtp.mailfrom=shy828301@gmail.com; dmarc=pass (policy=none) header.from=gmail.com X-HE-Tag: 1638816332-727899 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Sun, Dec 5, 2021 at 7:34 PM Nico Pache wrote: > > We have run into a panic caused by a shrinker allocation being attempted > on an offlined node. > > Our crash analysis has determined that the issue originates from trying > to allocate pages on an offlined node in expand_one_shrinker_info. This > function makes the incorrect assumption that we can allocate on any node. > To correct this we make sure we only itterate over online nodes. > > This assumption can lead to an incorrect address being assigned to ac->zonelist > in the following callchain: > __alloc_pages > -> prepare_alloc_pages > -> node_zonelist > > static inline struct zonelist *node_zonelist(int nid, gfp_t flags) > { > return NODE_DATA(nid)->node_zonelists + gfp_zonelist(flags); > } > if the node is not online the return of node_zonelist will evaluate to a > invalid pointer of 0x00000 + offset_of(node_zonelists) + (1|0) > > This address is then dereferenced further down the callchain in: > prepare_alloc_pages > -> first_zones_zonelist > -> next_zones_zonelist > -> zonelist_zone_idx > > static inline int zonelist_zone_idx(struct zoneref *zoneref) > { > return zoneref->zone_idx; > } > > Leading the system to panic. > > We also correct this behavior in alloc_shrinker_info, free_shrinker_info, > and reparent_shrinker_deferred. > > Fixes: 2bfd36374edd ("mm: vmscan: consolidate shrinker_maps handling code") > Fixes: 0a4465d34028 ("mm, memcg: assign memcg-aware shrinkers bitmap to memcg") I think the correct fix tag should be: 86daf94efb11 ("mm/memcontrol.c: allocate shrinker_map on appropriate NUMA node") regardless of how we will fix this problem. > Signed-off-by: Nico Pache > --- > mm/vmscan.c | 8 ++++---- > 1 file changed, 4 insertions(+), 4 deletions(-) > > diff --git a/mm/vmscan.c b/mm/vmscan.c > index fb9584641ac7..731564b61e3f 100644 > --- a/mm/vmscan.c > +++ b/mm/vmscan.c > @@ -221,7 +221,7 @@ static int expand_one_shrinker_info(struct mem_cgroup *memcg, > int nid; > int size = map_size + defer_size; > > - for_each_node(nid) { > + for_each_online_node(nid) { > pn = memcg->nodeinfo[nid]; > old = shrinker_info_protected(memcg, nid); > /* Not yet online memcg */ > @@ -256,7 +256,7 @@ void free_shrinker_info(struct mem_cgroup *memcg) > struct shrinker_info *info; > int nid; > > - for_each_node(nid) { > + for_each_online_node(nid) { > pn = memcg->nodeinfo[nid]; > info = rcu_dereference_protected(pn->shrinker_info, true); > kvfree(info); > @@ -274,7 +274,7 @@ int alloc_shrinker_info(struct mem_cgroup *memcg) > map_size = shrinker_map_size(shrinker_nr_max); > defer_size = shrinker_defer_size(shrinker_nr_max); > size = map_size + defer_size; > - for_each_node(nid) { > + for_each_online_node(nid) { > info = kvzalloc_node(sizeof(*info) + size, GFP_KERNEL, nid); > if (!info) { > free_shrinker_info(memcg); > @@ -417,7 +417,7 @@ void reparent_shrinker_deferred(struct mem_cgroup *memcg) > > /* Prevent from concurrent shrinker_info expand */ > down_read(&shrinker_rwsem); > - for_each_node(nid) { > + for_each_online_node(nid) { > child_info = shrinker_info_protected(memcg, nid); > parent_info = shrinker_info_protected(parent, nid); > for (i = 0; i < shrinker_nr_max; i++) { > -- > 2.33.1 >