From: mawupeng <mawupeng1@huawei.com>
To: <gregkh@linuxfoundation.org>
Cc: <mawupeng1@huawei.com>, <rppt@linux.vnet.ibm.com>,
<hughd@google.com>, <aarcange@redhat.com>, <hannes@cmpxchg.org>,
<linux-mm@kvack.org>, <linux-kernel@vger.kernel.org>,
<wangkefeng.wang@huawei.com>, <willy@infradead.org>
Subject: Re: [PATCH stable 4.14,4.19 1/1] mm: Fix page counter mismatch in shmem_mfill_atomic_pte
Date: Tue, 16 Aug 2022 15:04:08 +0800 [thread overview]
Message-ID: <b7468bcc-4b75-1190-5eae-9796d35b048c@huawei.com> (raw)
In-Reply-To: <YvsruBZBP+KpEBdb@kroah.com>
On 2022/8/16 13:31, Greg KH wrote:
> On Tue, Aug 16, 2022 at 11:27:08AM +0800, mawupeng wrote:
>> Cc Greg
>
> Cc Greg for what? I have no context here at all as to what you want me
> to do..
We found a bug related to memory cgroup counter in stable 4.14/4.19.
shmem_mfill_atomic_pte() wrongly called mem_cgroup_cancel_charge() in "success"
path, it should mem_cgroup_uncharge() to dec memory counter instead.
mem_cgroup_cancel_charge() should only be used if this transaction is
unsuccessful and mem_cgroup_uncharge() is used to do this if this transaction
succeed.
Commit 3fea5a499d57 ("mm: memcontrol: convert page cache to a new mem_cgroup_charge() API")
in v5.8-rc1 change is charge/uncharge/cancel logic so don't have this
problem.
This counter will underflow to negative maximum value and trigger oom to kill all
process include sshd and leave system unaccessible.
The reason cc you is that we want to merge this bugfix into stable 4.14/4.19.
The error call trace:
------------[ cut here ]------------
WARNING: CPU: 0 PID: 17127 at mm/page_counter.c:62 page_counter_cancel+0x57/0x90
RIP: 0010:page_counter_cancel+0x57/0x90
Call Trace:
page_counter_uncharge+0x33/0x60
uncharge_batch+0xb5/0x5f0
mem_cgroup_uncharge_list+0x102/0x170
release_pages+0x814/0xcc0
tlb_flush_mmu_free+0xa9/0x140
arch_tlb_finish_mmu+0xa4/0x140
tlb_finish_mmu+0x90/0xf0
exit_mmap+0x264/0x4b0
>
> totally confused,
>
> greg k-h
next prev parent reply other threads:[~2022-08-16 7:04 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-08-02 1:32 Wupeng Ma
2022-08-16 3:27 ` mawupeng
2022-08-16 5:31 ` Greg KH
2022-08-16 7:04 ` mawupeng [this message]
2022-08-16 7:15 ` Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=b7468bcc-4b75-1190-5eae-9796d35b048c@huawei.com \
--to=mawupeng1@huawei.com \
--cc=aarcange@redhat.com \
--cc=gregkh@linuxfoundation.org \
--cc=hannes@cmpxchg.org \
--cc=hughd@google.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=rppt@linux.vnet.ibm.com \
--cc=wangkefeng.wang@huawei.com \
--cc=willy@infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox