From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id ED1F8C3DA7F for ; Thu, 15 Aug 2024 19:17:02 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 6644B6B0187; Thu, 15 Aug 2024 15:17:02 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 5ED3D6B0189; Thu, 15 Aug 2024 15:17:02 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 48F716B0201; Thu, 15 Aug 2024 15:17:02 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id 25C016B0187 for ; Thu, 15 Aug 2024 15:17:02 -0400 (EDT) Received: from smtpin03.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay10.hostedemail.com (Postfix) with ESMTP id A0DD3C185B for ; Thu, 15 Aug 2024 19:17:01 +0000 (UTC) X-FDA: 82455437442.03.CA7ECD1 Received: from mail-wr1-f45.google.com (mail-wr1-f45.google.com [209.85.221.45]) by imf15.hostedemail.com (Postfix) with ESMTP id 6E22FA000D for ; Thu, 15 Aug 2024 19:16:59 +0000 (UTC) Authentication-Results: imf15.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=Mh0i5tC2; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (imf15.hostedemail.com: domain of usamaarif642@gmail.com designates 209.85.221.45 as permitted sender) smtp.mailfrom=usamaarif642@gmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1723749337; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=12Z31+a15503HqE1J4tj6gMw+kccttTQ8cLqeplfxrY=; b=2gbKLKV8Tf3LjdgQf24feiJeCpdyF85j/xpvwcuTAQ6LW7R8w+a2Kvyy1IWNwoTF58wMby tGqsaGkgGtRtM/z9i/jyPBXdr50N3ZyAkCCAnz7W7427cAm15i1hnY9zKCJ+Yl0JIYQJHt tKi/JDKBjAGoq+uybRBxnMdDJO7mA5w= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1723749337; a=rsa-sha256; cv=none; b=FzuxTYKPqcqLufetjpjxqhMXB1H2UDseTtiGChpLU50V3pnpEBRs7Ksom14UygJcy0fz9A oyNTutJyQxA1Dhssx/eqcervcRJrZwiaZhd/UaQosRdqu+TT40T5oqHZHrDrrw1khQtPj7 ZxMLJhIlpUmGCFRmLytqBbcCIG9uKhw= ARC-Authentication-Results: i=1; imf15.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=Mh0i5tC2; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (imf15.hostedemail.com: domain of usamaarif642@gmail.com designates 209.85.221.45 as permitted sender) smtp.mailfrom=usamaarif642@gmail.com Received: by mail-wr1-f45.google.com with SMTP id ffacd0b85a97d-3687f91af40so750197f8f.0 for ; Thu, 15 Aug 2024 12:16:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1723749418; x=1724354218; darn=kvack.org; h=content-transfer-encoding:in-reply-to:from:content-language :references:cc:to:subject:user-agent:mime-version:date:message-id :from:to:cc:subject:date:message-id:reply-to; bh=12Z31+a15503HqE1J4tj6gMw+kccttTQ8cLqeplfxrY=; b=Mh0i5tC2FazYqOSVOBNREoYPOtQynAQf9ujzFQiyjeTltQKT0ZfmOpv96jjcxQ14Rs vHhGL/HuXWiiyhd/kVDi8T6WTykMhnCUvY0OkPGGVhOF2asxHiZCrOrhQimVmvYR9wYq MoLN+G8lgy3+H9QyoYOldKQ+75txD6pj4qi8vEFsiNqsjxs3KeRQyroUAGMI3bR9kxd3 4XpEmwRT5sp+GSVDIvrC0S5U22ptJeOTlUhWHqrXG0UaVKVCNiYqXCA4AZcZntH4M6ZB BwXbJfM1qxKzm/WecS/ZrvPTQ4ixreFgnf5aqcQeuLv+eVMT/58QIrgxCpfQ5ABsloFj BYVw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1723749418; x=1724354218; h=content-transfer-encoding:in-reply-to:from:content-language :references:cc:to:subject:user-agent:mime-version:date:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=12Z31+a15503HqE1J4tj6gMw+kccttTQ8cLqeplfxrY=; b=BedUsIdvmP0STIdEzwSQyoYueZFAoeLCymWPIscLjXQ6lh1BTJS5iM4CBNfslv20se osjjvb5TZhOEjIMOe0vriqCYpODjxMVxQpWx2yGWUaYnvTpWmaqT9zu8ZeQ2/9LqvN5K Q0hLR6VBMQiYspoNpoLSk18+6r4OynXj2juZh2rIYHYkSiorl4gLwvyTd7Her7KfOlxs ybA1EJai5YXMH7eF+0elSyCNC/JE03LoATsrttVGMo2s65hjtYZFVeFK8vKNz/umu4Am 8FLPwpJtce94pZ56dlrFF9CzXygkcx/xS+fjyHlsJ8nizq5hhJFyZLDK5+tgIWxh4hOw 9Gsg== X-Forwarded-Encrypted: i=1; AJvYcCU4Z1Qp77bA0ZHtYQAwrFKMcygLxxWsmXJBVRCSXEQIvsYKX7nIP5EAFZQvLP8dCvWZ8KxpSAhEdS1lANDhcrWfBxw= X-Gm-Message-State: AOJu0YwxcHZzCzWTdJ3Pv6YZEJJv1/L4fsQTtCYCIorTieijfSowGU4O Xsb3OG6UL/v2MolG+DxpObf04v4J8ti5aGtV2HY8Z3IH9QAiBorp X-Google-Smtp-Source: AGHT+IFdEdE3KWUUL8vExPd+XrzXIfiFGkvD4jYe1ElM70l5kxZ/0D3Fj9TIi3wRnYnhIL+BF9tIIg== X-Received: by 2002:adf:f70c:0:b0:371:8a8f:3baf with SMTP id ffacd0b85a97d-37194314c25mr246980f8f.9.1723749417414; Thu, 15 Aug 2024 12:16:57 -0700 (PDT) Received: from ?IPV6:2a02:6b6f:e750:7600:c5:51ce:2b5:970b? ([2a02:6b6f:e750:7600:c5:51ce:2b5:970b]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-3718983a2eesm2175767f8f.19.2024.08.15.12.16.56 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 15 Aug 2024 12:16:57 -0700 (PDT) Message-ID: Date: Thu, 15 Aug 2024 20:16:56 +0100 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH v3 1/6] mm: free zapped tail pages when splitting isolated thp To: Kairui Song Cc: akpm@linux-foundation.org, linux-mm@kvack.org, hannes@cmpxchg.org, riel@surriel.com, shakeel.butt@linux.dev, roman.gushchin@linux.dev, yuzhao@google.com, david@redhat.com, baohua@kernel.org, ryan.roberts@arm.com, rppt@kernel.org, willy@infradead.org, cerasuolodomenico@gmail.com, corbet@lwn.net, linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org, kernel-team@meta.com, Shuang Zhai References: <20240813120328.1275952-1-usamaarif642@gmail.com> <20240813120328.1275952-2-usamaarif642@gmail.com> Content-Language: en-US From: Usama Arif In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Rspamd-Server: rspam07 X-Rspamd-Queue-Id: 6E22FA000D X-Stat-Signature: nrw14fmoifb3z9ny8gasjsw9y5aikha1 X-Rspam-User: X-HE-Tag: 1723749419-302193 X-HE-Meta: U2FsdGVkX19Zj8sgaLVO/I0lA5ScGivaaxzfc2dMo9lulMkHTjXcgStwnxoI2uTbSOQRwtTij5a0OwKhWMrokmoPLKGFzQUebCigg95bVw3LeDesLZDE8X+w4r5IeqxDNdeAZep/+xjOPIijouCHJZDOXMd5aFYl5UBnQlfCoB/sl15f3s+gXWGcBwFciNcYYbdbU3y+oOdjCKzK2Mdqws3I9W2hiJaCtb+jVYTe5veFzAWz0rbVPKrsXiFoan4Tr8u6JKdgzW9onmjBYrRXxONNiQr7BlKCsQ+04Sf6csKymjy/mE/ji5YsD8X7bts20ILrI3AgWgNofZRFNmLjgH10hAfzushYYije16VD/Fpwz6dxSdWO0vo6KJn+2uSA5Sciv/bQZGKTYyUyYolfPXFAqcWIzA4KNIPAQ+IkOtDNN1DtswgbHx800SlX+8k+5GHVC9KeTLS7NM+DpO00MQ19xS+Fsk7Jf1XNjG5yjowUn4jWEpAPf+vcGOY0r9IBgNelIPH+EOuKN1UQkWmQoaLgrFhfkB8EvV5WPS+yCX7IYMzp6debohNZxulduhaEoHkvl9O63hPsuiILReVdbg6CNPd4Ewz/3j8V2QSwNDVgmdi/05/55ezUgPdZQHcbDgnJkr0CAwgo7xxlVQn0inpkntkkMvh1wNHLHTNnY/zWEzKYW9APt251ImtHxpA2coCUO56VTOxncq0fhIKT2xfqnk8GCoc/L8FIAmnVumg+zKWCPjoGTCOdUrP3XIn3KZnOteYaPV0xZbn724GV06GpitJi2c69K5i9MX2JxOe3MQ07kfTXXUe2JuqFd1wVOXYfyiXcbDqNpNprFe0J+rR2y22ovHzIrsjXDSIf/hHyTI2fUYzaakW9vhqfpC1+6pf3khNXl072pfiga4SAb4pin1ZsJdDEGWkt5jTkCWpbAqiOmep/fMEdVCLIyWaGbXvqmblaAQN7ywuzR92 mJ5WlHgV pdYHBqjT2Nob2i90Um76Z4nhorGoIGlcN0hV0CukJ0FGft0mfho7SHmv+OdUqwYMBOk5Qf0fVs9jfMv6q9+GIq8aSXwccnM5FwlrisQSIFYLJjy9mNFUlcBFV6X+tD1z3UmJZ5Aj3YBgAFv64AVNgIn2CmlxWHVAgzUy9UyZk80uvaC/vjFHNLV6QapkNs4D/JszF8sRChS2JXAPq4Jx9P6WBpZjF+quatqW5UvxPtNWX05ubj8yulDzK6dWxVWNanbwPJ7TbNlg6xFKzZTDlpE6VNHx/OEUvH4oH8ZI3Qu0ER9qFRNqNd4oPNcAAbBisJcG091KzL2LH1MaHiSsk8R32bl6r/sXe8D/A+16eSyWccN41YWmTVp8b+4B5wNz12VZnUCjSxoPGv8irtcrzKW/MCzEIO14WncGM48+AqECcQa2EDpQp6MRxYJ35e5YpZDjRh+9ouGN7KUjtH2b2PLor+lQZvEx7REK7eiT9sXGNI0RiTJ3EGElZ2E2kP/GAyHSLlFleA9FOi9Y= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On 15/08/2024 19:47, Kairui Song wrote: > On Tue, Aug 13, 2024 at 8:03 PM Usama Arif wrote: >> >> From: Yu Zhao >> >> If a tail page has only two references left, one inherited from the >> isolation of its head and the other from lru_add_page_tail() which we >> are about to drop, it means this tail page was concurrently zapped. >> Then we can safely free it and save page reclaim or migration the >> trouble of trying it. >> >> Signed-off-by: Yu Zhao >> Tested-by: Shuang Zhai >> Signed-off-by: Usama Arif >> Acked-by: Johannes Weiner >> --- >> mm/huge_memory.c | 27 +++++++++++++++++++++++++++ >> 1 file changed, 27 insertions(+) > > Hi, Usama, Yu > > This commit is causing the kernel to panic very quickly with build > kernel test on top of tmpfs with all mTHP enabled, the panic comes > after: > Hi, Thanks for pointing this out. It is a very silly bug I have introduced going from v1 page version to the folio version of the patch in v3. Doing below over this patch will fix it: diff --git a/mm/huge_memory.c b/mm/huge_memory.c index 907813102430..a6ca454e1168 100644 --- a/mm/huge_memory.c +++ b/mm/huge_memory.c @@ -3183,7 +3183,7 @@ static void __split_huge_page(struct page *page, struct list_head *list, folio_clear_active(new_folio); folio_clear_unevictable(new_folio); - if (!folio_batch_add(&free_folios, folio)) { + if (!folio_batch_add(&free_folios, new_folio)) { mem_cgroup_uncharge_folios(&free_folios); free_unref_folios(&free_folios); } I will include it in the next revision. > [ 207.147705] BUG: Bad page state in process tar pfn:14ae70 > [ 207.149376] page: refcount:3 mapcount:2 mapping:0000000000000000 > index:0x562d23b70 pfn:0x14ae70 > [ 207.151750] flags: > 0x17ffffc0020019(locked|uptodate|dirty|swapbacked|node=0|zone=2|lastcpupid=0x1fffff) > [ 207.154325] raw: 0017ffffc0020019 dead000000000100 dead000000000122 > 0000000000000000 > [ 207.156442] raw: 0000000562d23b70 0000000000000000 0000000300000001 > 0000000000000000 > [ 207.158561] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set > [ 207.160325] Modules linked in: > [ 207.161194] CPU: 22 UID: 0 PID: 2650 Comm: tar Not tainted > 6.11.0-rc3.ptch+ #136 > [ 207.163198] Hardware name: Red Hat KVM/RHEL-AV, BIOS 0.0.0 02/06/2015 > [ 207.164946] Call Trace: > [ 207.165636] > [ 207.166226] dump_stack_lvl+0x53/0x70 > [ 207.167241] bad_page+0x70/0x120 > [ 207.168131] free_page_is_bad+0x5f/0x70 > [ 207.169193] free_unref_folios+0x3a5/0x620 > [ 207.170320] ? __mem_cgroup_uncharge_folios+0x7e/0xa0 > [ 207.171705] __split_huge_page+0xb02/0xcf0 > [ 207.172839] ? smp_call_function_many_cond+0x105/0x4b0 > [ 207.174250] ? __pfx_flush_tlb_func+0x10/0x10 > [ 207.175410] ? on_each_cpu_cond_mask+0x29/0x50 > [ 207.176603] split_huge_page_to_list_to_order+0x857/0x9b0 > [ 207.178052] shrink_folio_list+0x4e1/0x1200 > [ 207.179198] evict_folios+0x468/0xab0 > [ 207.180202] try_to_shrink_lruvec+0x1f3/0x280 > [ 207.181394] shrink_lruvec+0x89/0x780 > [ 207.182398] ? mem_cgroup_iter+0x66/0x290 > [ 207.183488] shrink_node+0x243/0xb00 > [ 207.184474] do_try_to_free_pages+0xbd/0x4e0 > [ 207.185621] try_to_free_mem_cgroup_pages+0x107/0x230 > [ 207.186994] try_charge_memcg+0x184/0x5d0 > [ 207.188092] charge_memcg+0x3a/0x60 > [ 207.189046] __mem_cgroup_charge+0x2c/0x80 > [ 207.190162] shmem_alloc_and_add_folio+0x1a3/0x470 > [ 207.191469] shmem_get_folio_gfp+0x24a/0x670 > [ 207.192635] shmem_write_begin+0x56/0xd0 > [ 207.193703] generic_perform_write+0x140/0x330 > [ 207.194919] shmem_file_write_iter+0x89/0x90 > [ 207.196082] vfs_write+0x2f3/0x420 > [ 207.197019] ksys_write+0x5d/0xd0 > [ 207.197914] do_syscall_64+0x47/0x110 > [ 207.198915] entry_SYSCALL_64_after_hwframe+0x76/0x7e > [ 207.200293] RIP: 0033:0x7f2e6099c784 > [ 207.201278] Code: c7 00 16 00 00 00 b8 ff ff ff ff c3 66 2e 0f 1f > 84 00 00 00 00 00 f3 0f 1e fa 80 3d c5 08 0e 00 00 74 13 b8 01 00 00 > 00 0f 05 <48> 3d 00 f0 ff ff 77 54 c3 0f 1f 00 55 $ > 8 89 e5 48 83 ec 20 48 89 > [ 207.206280] RSP: 002b:00007ffdb1a0e7d8 EFLAGS: 00000202 ORIG_RAX: > 0000000000000001 > [ 207.208312] RAX: ffffffffffffffda RBX: 00000000000005e7 RCX: 00007f2e6099c784 > [ 207.210225] RDX: 00000000000005e7 RSI: 0000562d23b77000 RDI: 0000000000000004 > [ 207.212145] RBP: 00007ffdb1a0e820 R08: 00000000000005e7 R09: 0000000000000007 > [ 207.214064] R10: 0000000000000180 R11: 0000000000000202 R12: 0000562d23b77000 > [ 207.215974] R13: 0000000000000004 R14: 00000000000005e7 R15: 0000000000000000 > [ 207.217888] > > Test is done using ZRAM as SWAP, 1G memcg, and run: > cd /mnt/tmpfs > time tar zxf "$linux_src" > make -j64 clean > make defconfig > /usr/bin/time make -j64 > >> >> diff --git a/mm/huge_memory.c b/mm/huge_memory.c >> index 04ee8abd6475..85a424e954be 100644 >> --- a/mm/huge_memory.c >> +++ b/mm/huge_memory.c >> @@ -3059,7 +3059,9 @@ static void __split_huge_page(struct page *page, struct list_head *list, >> unsigned int new_nr = 1 << new_order; >> int order = folio_order(folio); >> unsigned int nr = 1 << order; >> + struct folio_batch free_folios; >> >> + folio_batch_init(&free_folios); >> /* complete memcg works before add pages to LRU */ >> split_page_memcg(head, order, new_order); >> >> @@ -3143,6 +3145,26 @@ static void __split_huge_page(struct page *page, struct list_head *list, >> if (subpage == page) >> continue; >> folio_unlock(new_folio); >> + /* >> + * If a folio has only two references left, one inherited >> + * from the isolation of its head and the other from >> + * lru_add_page_tail() which we are about to drop, it means this >> + * folio was concurrently zapped. Then we can safely free it >> + * and save page reclaim or migration the trouble of trying it. >> + */ >> + if (list && folio_ref_freeze(new_folio, 2)) { >> + VM_WARN_ON_ONCE_FOLIO(folio_test_lru(new_folio), new_folio); >> + VM_WARN_ON_ONCE_FOLIO(folio_test_large(new_folio), new_folio); >> + VM_WARN_ON_ONCE_FOLIO(folio_mapped(new_folio), new_folio); >> + >> + folio_clear_active(new_folio); >> + folio_clear_unevictable(new_folio); >> + if (!folio_batch_add(&free_folios, folio)) { >> + mem_cgroup_uncharge_folios(&free_folios); >> + free_unref_folios(&free_folios); >> + } >> + continue; >> + } >> >> /* >> * Subpages may be freed if there wasn't any mapping >> @@ -3153,6 +3175,11 @@ static void __split_huge_page(struct page *page, struct list_head *list, >> */ >> free_page_and_swap_cache(subpage); >> } >> + >> + if (free_folios.nr) { >> + mem_cgroup_uncharge_folios(&free_folios); >> + free_unref_folios(&free_folios); >> + } >> } >> >> /* Racy check whether the huge page can be split */ >> -- >> 2.43.5 >> >>