Transparent Huge Pages are currently stored in i_pages as pointers to
consecutive subpages. This patch changes that to storing consecutive
pointers to the head page in preparation for storing huge pages more
efficiently in i_pages.
Large parts of this are "inspired" by Kirill's patch
https://lore.kernel.org/lkml/[email protected]/
Signed-off-by: Matthew Wilcox <[email protected]>
Acked-by: Jan Kara <[email protected]>
Reviewed-by: Kirill Shutemov <[email protected]>
Reviewed-and-tested-by: Song Liu <[email protected]>
Tested-by: William Kucharski <[email protected]>
Reviewed-by: William Kucharski <[email protected]>
---
v4: Extra tested-by and Reviewed-by tags
Fixed a couple of comments
Fixed a typo reported by Song
v3: Fix reporting of 'start' in find_get_pages_range() and
find_get_pages_range_tag() (noticed by Jan)
Fix page_cache_delete_batch() (Kirill)
Convert migrate_page_move_mapping() (Kirill)
Convert memfd_wait_for_pins() and memfd_tag_pins() (Kirill)
Fix __delete_from_swap_cache() (Kirill)
v2: Rebase on top of linux-next 20190212
Fixed a missing s/head/page/ in filemap_map_pages
Include missing calls to xas_store() in __split_huge_page
include/linux/pagemap.h | 9 +++
mm/filemap.c | 159 ++++++++++++++++------------------------
mm/huge_memory.c | 3 +
mm/khugepaged.c | 4 +-
mm/memfd.c | 2 +
mm/migrate.c | 2 +-
mm/shmem.c | 2 +-
mm/swap_state.c | 4 +-
8 files changed, 82 insertions(+), 103 deletions(-)
diff --git a/include/linux/pagemap.h b/include/linux/pagemap.h
index b477a70cc2e4..f5d0b9e69175 100644
--- a/include/linux/pagemap.h
+++ b/include/linux/pagemap.h
@@ -332,6 +332,15 @@ static inline struct page *grab_cache_page_nowait(struct address_space *mapping,
mapping_gfp_mask(mapping));
}
+static inline struct page *find_subpage(struct page *page, pgoff_t offset)
+{
+ VM_BUG_ON_PAGE(PageTail(page), page);
+ VM_BUG_ON_PAGE(page->index > offset, page);
+ VM_BUG_ON_PAGE(page->index + (1 << compound_order(page)) <= offset,
+ page);
+ return page - page->index + offset;
+}
+
struct page *find_get_entry(struct address_space *mapping, pgoff_t offset);
struct page *find_lock_entry(struct address_space *mapping, pgoff_t offset);
unsigned find_get_entries(struct address_space *mapping, pgoff_t start,
diff --git a/mm/filemap.c b/mm/filemap.c
index a3b4021c448f..d85bb9d7de74 100644
--- a/mm/filemap.c
+++ b/mm/filemap.c
@@ -279,11 +279,11 @@ EXPORT_SYMBOL(delete_from_page_cache);
* @pvec: pagevec with pages to delete
*
* The function walks over mapping->i_pages and removes pages passed in @pvec
- * from the mapping. The function expects @pvec to be sorted by page index.
+ * from the mapping. The function expects @pvec to be sorted by page index
+ * and is optimised for it to be dense.
* It tolerates holes in @pvec (mapping entries at those indices are not
* modified). The function expects only THP head pages to be present in the
- * @pvec and takes care to delete all corresponding tail pages from the
- * mapping as well.
+ * @pvec.
*
* The function expects the i_pages lock to be held.
*/
@@ -292,40 +292,44 @@ static void page_cache_delete_batch(struct address_space *mapping,
{
XA_STATE(xas, &mapping->i_pages, pvec->pages[0]->index);
int total_pages = 0;
- int i = 0, tail_pages = 0;
+ int i = 0;
struct page *page;
mapping_set_update(&xas, mapping);
xas_for_each(&xas, page, ULONG_MAX) {
- if (i >= pagevec_count(pvec) && !tail_pages)
+ if (i >= pagevec_count(pvec))
break;
+
+ /* A swap/dax/shadow entry got inserted? Skip it. */
if (xa_is_value(page))
continue;
- if (!tail_pages) {
- /*
- * Some page got inserted in our range? Skip it. We
- * have our pages locked so they are protected from
- * being removed.
- */
- if (page != pvec->pages[i]) {
- VM_BUG_ON_PAGE(page->index >
- pvec->pages[i]->index, page);
- continue;
- }
- WARN_ON_ONCE(!PageLocked(page));
- if (PageTransHuge(page) && !PageHuge(page))
- tail_pages = HPAGE_PMD_NR - 1;
+ /*
+ * A page got inserted in our range? Skip it. We have our
+ * pages locked so they are protected from being removed.
+ * If we see a page whose index is higher than ours, it
+ * means our page has been removed, which shouldn't be
+ * possible because we're holding the PageLock.
+ */
+ if (page != pvec->pages[i]) {
+ VM_BUG_ON_PAGE(page->index > pvec->pages[i]->index,
+ page);
+ continue;
+ }
+
+ WARN_ON_ONCE(!PageLocked(page));
+
+ if (page->index == xas.xa_index)
page->mapping = NULL;
- /*
- * Leave page->index set: truncation lookup relies
- * upon it
- */
+ /* Leave page->index set: truncation lookup relies on it */
+
+ /*
+ * Move to the next page in the vector if this is a regular
+ * page or the index is of the last sub-page of this compound
+ * page.
+ */
+ if (page->index + (1UL << compound_order(page)) - 1 ==
+ xas.xa_index)
i++;
- } else {
- VM_BUG_ON_PAGE(page->index + HPAGE_PMD_NR - tail_pages
- != pvec->pages[i]->index, page);
- tail_pages--;
- }
xas_store(&xas, NULL);
total_pages++;
}
@@ -1491,7 +1495,7 @@ EXPORT_SYMBOL(page_cache_prev_miss);
struct page *find_get_entry(struct address_space *mapping, pgoff_t offset)
{
XA_STATE(xas, &mapping->i_pages, offset);
- struct page *head, *page;
+ struct page *page;
rcu_read_lock();
repeat:
@@ -1506,25 +1510,19 @@ struct page *find_get_entry(struct address_space *mapping, pgoff_t offset)
if (!page || xa_is_value(page))
goto out;
- head = compound_head(page);
- if (!page_cache_get_speculative(head))
+ if (!page_cache_get_speculative(page))
goto repeat;
- /* The page was split under us? */
- if (compound_head(page) != head) {
- put_page(head);
- goto repeat;
- }
-
/*
- * Has the page moved?
+ * Has the page moved or been split?
* This is part of the lockless pagecache protocol. See
* include/linux/pagemap.h for details.
*/
if (unlikely(page != xas_reload(&xas))) {
- put_page(head);
+ put_page(page);
goto repeat;
}
+ page = find_subpage(page, offset);
out:
rcu_read_unlock();
@@ -1696,7 +1694,6 @@ unsigned find_get_entries(struct address_space *mapping,
rcu_read_lock();
xas_for_each(&xas, page, ULONG_MAX) {
- struct page *head;
if (xas_retry(&xas, page))
continue;
/*
@@ -1707,17 +1704,13 @@ unsigned find_get_entries(struct address_space *mapping,
if (xa_is_value(page))
goto export;
- head = compound_head(page);
- if (!page_cache_get_speculative(head))
+ if (!page_cache_get_speculative(page))
goto retry;
- /* The page was split under us? */
- if (compound_head(page) != head)
- goto put_page;
-
- /* Has the page moved? */
+ /* Has the page moved or been split? */
if (unlikely(page != xas_reload(&xas)))
goto put_page;
+ page = find_subpage(page, xas.xa_index);
export:
indices[ret] = xas.xa_index;
@@ -1726,7 +1719,7 @@ unsigned find_get_entries(struct address_space *mapping,
break;
continue;
put_page:
- put_page(head);
+ put_page(page);
retry:
xas_reset(&xas);
}
@@ -1768,33 +1761,27 @@ unsigned find_get_pages_range(struct address_space *mapping, pgoff_t *start,
rcu_read_lock();
xas_for_each(&xas, page, end) {
- struct page *head;
if (xas_retry(&xas, page))
continue;
/* Skip over shadow, swap and DAX entries */
if (xa_is_value(page))
continue;
- head = compound_head(page);
- if (!page_cache_get_speculative(head))
+ if (!page_cache_get_speculative(page))
goto retry;
- /* The page was split under us? */
- if (compound_head(page) != head)
- goto put_page;
-
- /* Has the page moved? */
+ /* Has the page moved or been split? */
if (unlikely(page != xas_reload(&xas)))
goto put_page;
- pages[ret] = page;
+ pages[ret] = find_subpage(page, xas.xa_index);
if (++ret == nr_pages) {
*start = xas.xa_index + 1;
goto out;
}
continue;
put_page:
- put_page(head);
+ put_page(page);
retry:
xas_reset(&xas);
}
@@ -1839,7 +1826,6 @@ unsigned find_get_pages_contig(struct address_space *mapping, pgoff_t index,
rcu_read_lock();
for (page = xas_load(&xas); page; page = xas_next(&xas)) {
- struct page *head;
if (xas_retry(&xas, page))
continue;
/*
@@ -1849,24 +1835,19 @@ unsigned find_get_pages_contig(struct address_space *mapping, pgoff_t index,
if (xa_is_value(page))
break;
- head = compound_head(page);
- if (!page_cache_get_speculative(head))
+ if (!page_cache_get_speculative(page))
goto retry;
- /* The page was split under us? */
- if (compound_head(page) != head)
- goto put_page;
-
- /* Has the page moved? */
+ /* Has the page moved or been split? */
if (unlikely(page != xas_reload(&xas)))
goto put_page;
- pages[ret] = page;
+ pages[ret] = find_subpage(page, xas.xa_index);
if (++ret == nr_pages)
break;
continue;
put_page:
- put_page(head);
+ put_page(page);
retry:
xas_reset(&xas);
}
@@ -1902,7 +1883,6 @@ unsigned find_get_pages_range_tag(struct address_space *mapping, pgoff_t *index,
rcu_read_lock();
xas_for_each_marked(&xas, page, end, tag) {
- struct page *head;
if (xas_retry(&xas, page))
continue;
/*
@@ -1913,26 +1893,21 @@ unsigned find_get_pages_range_tag(struct address_space *mapping, pgoff_t *index,
if (xa_is_value(page))
continue;
- head = compound_head(page);
- if (!page_cache_get_speculative(head))
+ if (!page_cache_get_speculative(page))
goto retry;
- /* The page was split under us? */
- if (compound_head(page) != head)
- goto put_page;
-
- /* Has the page moved? */
+ /* Has the page moved or been split? */
if (unlikely(page != xas_reload(&xas)))
goto put_page;
- pages[ret] = page;
+ pages[ret] = find_subpage(page, xas.xa_index);
if (++ret == nr_pages) {
*index = xas.xa_index + 1;
goto out;
}
continue;
put_page:
- put_page(head);
+ put_page(page);
retry:
xas_reset(&xas);
}
@@ -1981,7 +1956,6 @@ unsigned find_get_entries_tag(struct address_space *mapping, pgoff_t start,
rcu_read_lock();
xas_for_each_marked(&xas, page, ULONG_MAX, tag) {
- struct page *head;
if (xas_retry(&xas, page))
continue;
/*
@@ -1992,17 +1966,13 @@ unsigned find_get_entries_tag(struct address_space *mapping, pgoff_t start,
if (xa_is_value(page))
goto export;
- head = compound_head(page);
- if (!page_cache_get_speculative(head))
+ if (!page_cache_get_speculative(page))
goto retry;
- /* The page was split under us? */
- if (compound_head(page) != head)
- goto put_page;
-
- /* Has the page moved? */
+ /* Has the page moved or been split? */
if (unlikely(page != xas_reload(&xas)))
goto put_page;
+ page = find_subpage(page, xas.xa_index);
export:
indices[ret] = xas.xa_index;
@@ -2011,7 +1981,7 @@ unsigned find_get_entries_tag(struct address_space *mapping, pgoff_t start,
break;
continue;
put_page:
- put_page(head);
+ put_page(page);
retry:
xas_reset(&xas);
}
@@ -2633,7 +2603,7 @@ void filemap_map_pages(struct vm_fault *vmf,
pgoff_t last_pgoff = start_pgoff;
unsigned long max_idx;
XA_STATE(xas, &mapping->i_pages, start_pgoff);
- struct page *head, *page;
+ struct page *page;
rcu_read_lock();
xas_for_each(&xas, page, end_pgoff) {
@@ -2642,24 +2612,19 @@ void filemap_map_pages(struct vm_fault *vmf,
if (xa_is_value(page))
goto next;
- head = compound_head(page);
-
/*
* Check for a locked page first, as a speculative
* reference may adversely influence page migration.
*/
- if (PageLocked(head))
+ if (PageLocked(page))
goto next;
- if (!page_cache_get_speculative(head))
+ if (!page_cache_get_speculative(page))
goto next;
- /* The page was split under us? */
- if (compound_head(page) != head)
- goto skip;
-
- /* Has the page moved? */
+ /* Has the page moved or been split? */
if (unlikely(page != xas_reload(&xas)))
goto skip;
+ page = find_subpage(page, xas.xa_index);
if (!PageUptodate(page) ||
PageReadahead(page) ||
diff --git a/mm/huge_memory.c b/mm/huge_memory.c
index 404acdcd0455..aaf88f85d492 100644
--- a/mm/huge_memory.c
+++ b/mm/huge_memory.c
@@ -2456,6 +2456,9 @@ static void __split_huge_page(struct page *page, struct list_head *list,
if (IS_ENABLED(CONFIG_SHMEM) && PageSwapBacked(head))
shmem_uncharge(head->mapping->host, 1);
put_page(head + i);
+ } else if (!PageAnon(page)) {
+ __xa_store(&head->mapping->i_pages, head[i].index,
+ head + i, 0);
}
}
diff --git a/mm/khugepaged.c b/mm/khugepaged.c
index 449044378782..7ba7a1e4fa79 100644
--- a/mm/khugepaged.c
+++ b/mm/khugepaged.c
@@ -1374,7 +1374,7 @@ static void collapse_shmem(struct mm_struct *mm,
result = SCAN_FAIL;
goto xa_locked;
}
- xas_store(&xas, new_page + (index % HPAGE_PMD_NR));
+ xas_store(&xas, new_page);
nr_none++;
continue;
}
@@ -1450,7 +1450,7 @@ static void collapse_shmem(struct mm_struct *mm,
list_add_tail(&page->lru, &pagelist);
/* Finally, replace with the new page. */
- xas_store(&xas, new_page + (index % HPAGE_PMD_NR));
+ xas_store(&xas, new_page);
continue;
out_unlock:
unlock_page(page);
diff --git a/mm/memfd.c b/mm/memfd.c
index 650e65a46b9c..2647c898990c 100644
--- a/mm/memfd.c
+++ b/mm/memfd.c
@@ -39,6 +39,7 @@ static void memfd_tag_pins(struct xa_state *xas)
xas_for_each(xas, page, ULONG_MAX) {
if (xa_is_value(page))
continue;
+ page = find_subpage(page, xas->xa_index);
if (page_count(page) - page_mapcount(page) > 1)
xas_set_mark(xas, MEMFD_TAG_PINNED);
@@ -88,6 +89,7 @@ static int memfd_wait_for_pins(struct address_space *mapping)
bool clear = true;
if (xa_is_value(page))
continue;
+ page = find_subpage(page, xas.xa_index);
if (page_count(page) - page_mapcount(page) != 1) {
/*
* On the last scan, we clean up all those tags
diff --git a/mm/migrate.c b/mm/migrate.c
index ac6f4939bb59..1ce24fc3af27 100644
--- a/mm/migrate.c
+++ b/mm/migrate.c
@@ -465,7 +465,7 @@ int migrate_page_move_mapping(struct address_space *mapping,
for (i = 1; i < HPAGE_PMD_NR; i++) {
xas_next(&xas);
- xas_store(&xas, newpage + i);
+ xas_store(&xas, newpage);
}
}
diff --git a/mm/shmem.c b/mm/shmem.c
index b3db3779a30a..3a4b74cb4f14 100644
--- a/mm/shmem.c
+++ b/mm/shmem.c
@@ -614,7 +614,7 @@ static int shmem_add_to_page_cache(struct page *page,
if (xas_error(&xas))
goto unlock;
next:
- xas_store(&xas, page + i);
+ xas_store(&xas, page);
if (++i < nr) {
xas_next(&xas);
goto next;
diff --git a/mm/swap_state.c b/mm/swap_state.c
index 85245fdec8d9..eb714165afd2 100644
--- a/mm/swap_state.c
+++ b/mm/swap_state.c
@@ -132,7 +132,7 @@ int add_to_swap_cache(struct page *page, swp_entry_t entry, gfp_t gfp)
for (i = 0; i < nr; i++) {
VM_BUG_ON_PAGE(xas.xa_index != idx + i, page);
set_page_private(page + i, entry.val + i);
- xas_store(&xas, page + i);
+ xas_store(&xas, page);
xas_next(&xas);
}
address_space->nrpages += nr;
@@ -167,7 +167,7 @@ void __delete_from_swap_cache(struct page *page, swp_entry_t entry)
for (i = 0; i < nr; i++) {
void *entry = xas_store(&xas, NULL);
- VM_BUG_ON_PAGE(entry != page + i, entry);
+ VM_BUG_ON_PAGE(entry != page, entry);
set_page_private(page + i, 0);
xas_next(&xas);
}
--
2.20.1
Quoting Matthew Wilcox (2019-03-07 15:30:51)
> Transparent Huge Pages are currently stored in i_pages as pointers to
> consecutive subpages. This patch changes that to storing consecutive
> pointers to the head page in preparation for storing huge pages more
> efficiently in i_pages.
>
> Large parts of this are "inspired" by Kirill's patch
> https://lore.kernel.org/lkml/[email protected]/
>
> Signed-off-by: Matthew Wilcox <[email protected]>
> Acked-by: Jan Kara <[email protected]>
> Reviewed-by: Kirill Shutemov <[email protected]>
> Reviewed-and-tested-by: Song Liu <[email protected]>
> Tested-by: William Kucharski <[email protected]>
> Reviewed-by: William Kucharski <[email protected]>
I've bisected some new softlockups under THP mempressure to this patch.
They are all rcu stalls that look similar to:
[ 242.645276] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
[ 242.645293] rcu: Tasks blocked on level-0 rcu_node (CPUs 0-3): P828
[ 242.645301] (detected by 1, t=5252 jiffies, g=55501, q=221)
[ 242.645307] gem_syslatency R running task 0 828 815 0x00004000
[ 242.645315] Call Trace:
[ 242.645326] ? __schedule+0x1a0/0x440
[ 242.645332] ? preempt_schedule_irq+0x27/0x50
[ 242.645337] ? apic_timer_interrupt+0xa/0x20
[ 242.645342] ? xas_load+0x3c/0x80
[ 242.645347] ? xas_load+0x8/0x80
[ 242.645353] ? find_get_entry+0x4f/0x130
[ 242.645358] ? pagecache_get_page+0x2b/0x210
[ 242.645364] ? lookup_swap_cache+0x42/0x100
[ 242.645371] ? do_swap_page+0x6f/0x600
[ 242.645375] ? unmap_region+0xc2/0xe0
[ 242.645380] ? __handle_mm_fault+0x7a9/0xfa0
[ 242.645385] ? handle_mm_fault+0xc2/0x1c0
[ 242.645393] ? __do_page_fault+0x198/0x410
[ 242.645399] ? page_fault+0x5/0x20
[ 242.645404] ? page_fault+0x1b/0x20
Any suggestions as to what information you might want?
-Chris
Quoting Chris Wilson (2019-06-01 10:26:21)
> Quoting Matthew Wilcox (2019-03-07 15:30:51)
> > Transparent Huge Pages are currently stored in i_pages as pointers to
> > consecutive subpages. This patch changes that to storing consecutive
> > pointers to the head page in preparation for storing huge pages more
> > efficiently in i_pages.
> >
> > Large parts of this are "inspired" by Kirill's patch
> > https://lore.kernel.org/lkml/[email protected]/
> >
> > Signed-off-by: Matthew Wilcox <[email protected]>
> > Acked-by: Jan Kara <[email protected]>
> > Reviewed-by: Kirill Shutemov <[email protected]>
> > Reviewed-and-tested-by: Song Liu <[email protected]>
> > Tested-by: William Kucharski <[email protected]>
> > Reviewed-by: William Kucharski <[email protected]>
>
> I've bisected some new softlockups under THP mempressure to this patch.
> They are all rcu stalls that look similar to:
> [ 242.645276] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
> [ 242.645293] rcu: Tasks blocked on level-0 rcu_node (CPUs 0-3): P828
> [ 242.645301] (detected by 1, t=5252 jiffies, g=55501, q=221)
> [ 242.645307] gem_syslatency R running task 0 828 815 0x00004000
> [ 242.645315] Call Trace:
> [ 242.645326] ? __schedule+0x1a0/0x440
> [ 242.645332] ? preempt_schedule_irq+0x27/0x50
> [ 242.645337] ? apic_timer_interrupt+0xa/0x20
> [ 242.645342] ? xas_load+0x3c/0x80
> [ 242.645347] ? xas_load+0x8/0x80
> [ 242.645353] ? find_get_entry+0x4f/0x130
> [ 242.645358] ? pagecache_get_page+0x2b/0x210
> [ 242.645364] ? lookup_swap_cache+0x42/0x100
> [ 242.645371] ? do_swap_page+0x6f/0x600
> [ 242.645375] ? unmap_region+0xc2/0xe0
> [ 242.645380] ? __handle_mm_fault+0x7a9/0xfa0
> [ 242.645385] ? handle_mm_fault+0xc2/0x1c0
> [ 242.645393] ? __do_page_fault+0x198/0x410
> [ 242.645399] ? page_fault+0x5/0x20
> [ 242.645404] ? page_fault+0x1b/0x20
>
> Any suggestions as to what information you might want?
Perhaps,
[ 76.175502] page:ffffea00098e0000 count:0 mapcount:0 mapping:0000000000000000 index:0x1
[ 76.175525] flags: 0x8000000000000000()
[ 76.175533] raw: 8000000000000000 ffffea0004a7e988 ffffea000445c3c8 0000000000000000
[ 76.175538] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
[ 76.175543] page dumped because: VM_BUG_ON_PAGE(entry != page)
[ 76.175560] ------------[ cut here ]------------
[ 76.175564] kernel BUG at mm/swap_state.c:170!
[ 76.175574] invalid opcode: 0000 [#1] PREEMPT SMP
[ 76.175581] CPU: 0 PID: 131 Comm: kswapd0 Tainted: G U 5.1.0+ #247
[ 76.175586] Hardware name: /NUC6CAYB, BIOS AYAPLCEL.86A.0029.2016.1124.1625 11/24/2016
[ 76.175598] RIP: 0010:__delete_from_swap_cache+0x22e/0x340
[ 76.175604] Code: e8 b7 3e fd ff 48 01 1d a8 7e 04 01 48 83 c4 30 5b 5d 41 5c 41 5d 41 5e 41 5f c3 48 c7 c6 03 7e bf 81 48 89 c7 e8 92 f8 fd ff <0f> 0b 48 c7 c6 c8 7c bf 81 48 89 df e8 81 f8 fd ff 0f 0b 48 c7 c6
[ 76.175613] RSP: 0000:ffffc900008dba88 EFLAGS: 00010046
[ 76.175619] RAX: 0000000000000032 RBX: ffffea00098e0040 RCX: 0000000000000006
[ 76.175624] RDX: 0000000000000007 RSI: 0000000000000000 RDI: ffffffff81bf6d4c
[ 76.175629] RBP: ffff888265ed8640 R08: 00000000000002c2 R09: 0000000000000000
[ 76.175634] R10: 0000000273a4626d R11: 0000000000000000 R12: 0000000000000001
[ 76.175639] R13: 0000000000000040 R14: 0000000000000000 R15: ffffea00098e0000
[ 76.175645] FS: 0000000000000000(0000) GS:ffff888277a00000(0000) knlGS:0000000000000000
[ 76.175651] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 76.175656] CR2: 00007f24e4399000 CR3: 0000000002c09000 CR4: 00000000001406f0
[ 76.175661] Call Trace:
[ 76.175671] __remove_mapping+0x1c2/0x380
[ 76.175678] shrink_page_list+0x11db/0x1d10
[ 76.175684] shrink_inactive_list+0x14b/0x420
[ 76.175690] shrink_node_memcg+0x20e/0x740
[ 76.175696] shrink_node+0xba/0x420
[ 76.175702] balance_pgdat+0x27d/0x4d0
[ 76.175709] kswapd+0x216/0x300
[ 76.175715] ? wait_woken+0x80/0x80
[ 76.175721] ? balance_pgdat+0x4d0/0x4d0
[ 76.175726] kthread+0x106/0x120
[ 76.175732] ? kthread_create_on_node+0x40/0x40
[ 76.175739] ret_from_fork+0x1f/0x30
[ 76.175745] Modules linked in: i915 intel_gtt drm_kms_helper
[ 76.175754] ---[ end trace 8faf2ec849d50724 ]---
[ 76.206689] RIP: 0010:__delete_from_swap_cache+0x22e/0x340
[ 76.206708] Code: e8 b7 3e fd ff 48 01 1d a8 7e 04 01 48 83 c4 30 5b 5d 41 5c 41 5d 41 5e 41 5f c3 48 c7 c6 03 7e bf 81 48 89 c7 e8 92 f8 fd ff <0f> 0b 48 c7 c6 c8 7c bf 81 48 89 df e8 81 f8 fd ff 0f 0b 48 c7 c6
[ 76.206718] RSP: 0000:ffffc900008dba88 EFLAGS: 00010046
[ 76.206723] RAX: 0000000000000032 RBX: ffffea00098e0040 RCX: 0000000000000006
[ 76.206729] RDX: 0000000000000007 RSI: 0000000000000000 RDI: ffffffff81bf6d4c
[ 76.206734] RBP: ffff888265ed8640 R08: 00000000000002c2 R09: 0000000000000000
[ 76.206740] R10: 0000000273a4626d R11: 0000000000000000 R12: 0000000000000001
[ 76.206745] R13: 0000000000000040 R14: 0000000000000000 R15: ffffea00098e0000
[ 76.206750] FS: 0000000000000000(0000) GS:ffff888277a00000(0000) knlGS:0000000000000000
[ 76.206757] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
-Chris
On Sat, Jun 01, 2019 at 12:44:28PM +0100, Chris Wilson wrote:
> Quoting Chris Wilson (2019-06-01 10:26:21)
> > Quoting Matthew Wilcox (2019-03-07 15:30:51)
> > > Transparent Huge Pages are currently stored in i_pages as pointers to
> > > consecutive subpages. This patch changes that to storing consecutive
> > > pointers to the head page in preparation for storing huge pages more
> > > efficiently in i_pages.
> > >
> > > Large parts of this are "inspired" by Kirill's patch
> > > https://lore.kernel.org/lkml/[email protected]/
> > >
> > > Signed-off-by: Matthew Wilcox <[email protected]>
> > > Acked-by: Jan Kara <[email protected]>
> > > Reviewed-by: Kirill Shutemov <[email protected]>
> > > Reviewed-and-tested-by: Song Liu <[email protected]>
> > > Tested-by: William Kucharski <[email protected]>
> > > Reviewed-by: William Kucharski <[email protected]>
> >
> > I've bisected some new softlockups under THP mempressure to this patch.
> > They are all rcu stalls that look similar to:
> > [ 242.645276] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
> > [ 242.645293] rcu: Tasks blocked on level-0 rcu_node (CPUs 0-3): P828
> > [ 242.645301] (detected by 1, t=5252 jiffies, g=55501, q=221)
> > [ 242.645307] gem_syslatency R running task 0 828 815 0x00004000
> > [ 242.645315] Call Trace:
> > [ 242.645326] ? __schedule+0x1a0/0x440
> > [ 242.645332] ? preempt_schedule_irq+0x27/0x50
> > [ 242.645337] ? apic_timer_interrupt+0xa/0x20
> > [ 242.645342] ? xas_load+0x3c/0x80
> > [ 242.645347] ? xas_load+0x8/0x80
> > [ 242.645353] ? find_get_entry+0x4f/0x130
> > [ 242.645358] ? pagecache_get_page+0x2b/0x210
> > [ 242.645364] ? lookup_swap_cache+0x42/0x100
> > [ 242.645371] ? do_swap_page+0x6f/0x600
> > [ 242.645375] ? unmap_region+0xc2/0xe0
> > [ 242.645380] ? __handle_mm_fault+0x7a9/0xfa0
> > [ 242.645385] ? handle_mm_fault+0xc2/0x1c0
> > [ 242.645393] ? __do_page_fault+0x198/0x410
> > [ 242.645399] ? page_fault+0x5/0x20
> > [ 242.645404] ? page_fault+0x1b/0x20
> >
> > Any suggestions as to what information you might want?
>
> Perhaps,
> [ 76.175502] page:ffffea00098e0000 count:0 mapcount:0 mapping:0000000000000000 index:0x1
> [ 76.175525] flags: 0x8000000000000000()
> [ 76.175533] raw: 8000000000000000 ffffea0004a7e988 ffffea000445c3c8 0000000000000000
> [ 76.175538] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
> [ 76.175543] page dumped because: VM_BUG_ON_PAGE(entry != page)
> [ 76.175560] ------------[ cut here ]------------
> [ 76.175564] kernel BUG at mm/swap_state.c:170!
> [ 76.175574] invalid opcode: 0000 [#1] PREEMPT SMP
> [ 76.175581] CPU: 0 PID: 131 Comm: kswapd0 Tainted: G U 5.1.0+ #247
> [ 76.175586] Hardware name: /NUC6CAYB, BIOS AYAPLCEL.86A.0029.2016.1124.1625 11/24/2016
> [ 76.175598] RIP: 0010:__delete_from_swap_cache+0x22e/0x340
> [ 76.175604] Code: e8 b7 3e fd ff 48 01 1d a8 7e 04 01 48 83 c4 30 5b 5d 41 5c 41 5d 41 5e 41 5f c3 48 c7 c6 03 7e bf 81 48 89 c7 e8 92 f8 fd ff <0f> 0b 48 c7 c6 c8 7c bf 81 48 89 df e8 81 f8 fd ff 0f 0b 48 c7 c6
> [ 76.175613] RSP: 0000:ffffc900008dba88 EFLAGS: 00010046
> [ 76.175619] RAX: 0000000000000032 RBX: ffffea00098e0040 RCX: 0000000000000006
> [ 76.175624] RDX: 0000000000000007 RSI: 0000000000000000 RDI: ffffffff81bf6d4c
> [ 76.175629] RBP: ffff888265ed8640 R08: 00000000000002c2 R09: 0000000000000000
> [ 76.175634] R10: 0000000273a4626d R11: 0000000000000000 R12: 0000000000000001
> [ 76.175639] R13: 0000000000000040 R14: 0000000000000000 R15: ffffea00098e0000
> [ 76.175645] FS: 0000000000000000(0000) GS:ffff888277a00000(0000) knlGS:0000000000000000
> [ 76.175651] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [ 76.175656] CR2: 00007f24e4399000 CR3: 0000000002c09000 CR4: 00000000001406f0
> [ 76.175661] Call Trace:
> [ 76.175671] __remove_mapping+0x1c2/0x380
> [ 76.175678] shrink_page_list+0x11db/0x1d10
> [ 76.175684] shrink_inactive_list+0x14b/0x420
> [ 76.175690] shrink_node_memcg+0x20e/0x740
> [ 76.175696] shrink_node+0xba/0x420
> [ 76.175702] balance_pgdat+0x27d/0x4d0
> [ 76.175709] kswapd+0x216/0x300
> [ 76.175715] ? wait_woken+0x80/0x80
> [ 76.175721] ? balance_pgdat+0x4d0/0x4d0
> [ 76.175726] kthread+0x106/0x120
> [ 76.175732] ? kthread_create_on_node+0x40/0x40
> [ 76.175739] ret_from_fork+0x1f/0x30
> [ 76.175745] Modules linked in: i915 intel_gtt drm_kms_helper
> [ 76.175754] ---[ end trace 8faf2ec849d50724 ]---
> [ 76.206689] RIP: 0010:__delete_from_swap_cache+0x22e/0x340
> [ 76.206708] Code: e8 b7 3e fd ff 48 01 1d a8 7e 04 01 48 83 c4 30 5b 5d 41 5c 41 5d 41 5e 41 5f c3 48 c7 c6 03 7e bf 81 48 89 c7 e8 92 f8 fd ff <0f> 0b 48 c7 c6 c8 7c bf 81 48 89 df e8 81 f8 fd ff 0f 0b 48 c7 c6
> [ 76.206718] RSP: 0000:ffffc900008dba88 EFLAGS: 00010046
> [ 76.206723] RAX: 0000000000000032 RBX: ffffea00098e0040 RCX: 0000000000000006
> [ 76.206729] RDX: 0000000000000007 RSI: 0000000000000000 RDI: ffffffff81bf6d4c
> [ 76.206734] RBP: ffff888265ed8640 R08: 00000000000002c2 R09: 0000000000000000
> [ 76.206740] R10: 0000000273a4626d R11: 0000000000000000 R12: 0000000000000001
> [ 76.206745] R13: 0000000000000040 R14: 0000000000000000 R15: ffffea00098e0000
> [ 76.206750] FS: 0000000000000000(0000) GS:ffff888277a00000(0000) knlGS:0000000000000000
> [ 76.206757] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Thanks for the reports, Chris.
I think they're both canaries; somehow the page cache / swap cache has
got corrupted and contains entries that it shouldn't.
This second one (with the VM_BUG_ON_PAGE in __delete_from_swap_cache)
shows a regular (non-huge) page at index 1. There are two ways we might
have got there; one is that we asked to delete a page at index 1 which is
no longer in the cache. The other is that we asked to delete a huge page
at index 0, but the page wasn't subsequently stored in indices 1-511.
We dump the page that we found; not the page we're looking for, so I don't
know which. If this one's easy to reproduce, you could add:
for (i = 0; i < nr; i++) {
void *entry = xas_store(&xas, NULL);
+ if (entry != page) {
+ printk("Oh dear %d %d\n", i, nr);
+ dump_page(page, "deleting page");
+ }
VM_BUG_ON_PAGE(entry != page, entry);
set_page_private(page + i, 0);
xas_next(&xas);
}
I'll re-read the patch and see if I can figure out how the cache is getting
screwed up. Given what you said, probably on the swap-in path.
Quoting Matthew Wilcox (2019-06-02 11:51:50)
> Thanks for the reports, Chris.
>
> I think they're both canaries; somehow the page cache / swap cache has
> got corrupted and contains entries that it shouldn't.
>
> This second one (with the VM_BUG_ON_PAGE in __delete_from_swap_cache)
> shows a regular (non-huge) page at index 1. There are two ways we might
> have got there; one is that we asked to delete a page at index 1 which is
> no longer in the cache. The other is that we asked to delete a huge page
> at index 0, but the page wasn't subsequently stored in indices 1-511.
>
> We dump the page that we found; not the page we're looking for, so I don't
> know which. If this one's easy to reproduce, you could add:
>
> for (i = 0; i < nr; i++) {
> void *entry = xas_store(&xas, NULL);
> + if (entry != page) {
> + printk("Oh dear %d %d\n", i, nr);
> + dump_page(page, "deleting page");
> + }
[ 113.423120] Oh dear 0 1
[ 113.423141] page:ffffea000911cdc0 refcount:0 mapcount:0 mapping:ffff88826aee7bb1 index:0x7fce6ff37
[ 113.423146] anon
[ 113.423150] flags: 0x8000000000080445(locked|uptodate|workingset|owner_priv_1|swapbacked)
[ 113.423161] raw: 8000000000080445 dead000000000100 dead000000000200 ffff88826aee7bb1
[ 113.423167] raw: 00000007fce6ff37 0000000000054537 00000000ffffffff 0000000000000000
[ 113.423171] page dumped because: deleting page
[ 113.423176] page:ffffea0009118000 refcount:1 mapcount:0 mapping:ffff88826aee7bb1 index:0x7fce6fe00
[ 113.423182] anon
[ 113.423183] flags: 0x8000000000080454(uptodate|lru|workingset|owner_priv_1|swapbacked)
[ 113.423191] raw: 8000000000080454 ffffea0009118048 ffffea000911ce08 ffff88826aee7bb1
[ 113.423198] raw: 00000007fce6fe00 0000000000054400 00000001ffffffff ffff8882693e5000
[ 113.423204] page dumped because: VM_BUG_ON_PAGE(entry != page)
[ 113.423209] page->mem_cgroup:ffff8882693e5000
[ 113.423222] ------------[ cut here ]------------
[ 113.423227] kernel BUG at mm/swap_state.c:174!
[ 113.423236] invalid opcode: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC
[ 113.423243] CPU: 1 PID: 131 Comm: kswapd0 Tainted: G U 5.2.0-rc2+ #251
[ 113.423248] Hardware name: /NUC6CAYB, BIOS AYAPLCEL.86A.0029.2016.1124.1625 11/24/2016
[ 113.423260] RIP: 0010:__delete_from_swap_cache.cold.17+0x30/0x36
[ 113.423265] Code: 48 c7 c7 13 94 bf 81 e8 cd 7f f3 ff 48 89 df 48 c7 c6 24 94 bf 81 e8 95 6c fd ff 48 c7 c6 32 94 bf 81 4c 89 ff e8 86 6c fd ff <0f> 0b 90 90 90 90 48 8b 07 48 8b 16 48 c1 e8 3a 48 c1 ea 3a 29 d0
[ 113.423274] RSP: 0018:ffffc900008b3a80 EFLAGS: 00010046
[ 113.423280] RAX: 0000000000000000 RBX: ffffea000911cdc0 RCX: 0000000000000006
[ 113.423285] RDX: 0000000000000007 RSI: 0000000000000092 RDI: ffff888276c963c0
[ 113.423290] RBP: ffff888265a98d20 R08: 00000000000002ce R09: 0000000000000000
[ 113.423296] R10: 0000000272bc445c R11: 0000000000000000 R12: 0000000000000001
[ 113.423301] R13: 0000000000000000 R14: 0000000000000000 R15: ffffea0009118000
[ 113.423306] FS: 0000000000000000(0000) GS:ffff888276c80000(0000) knlGS:0000000000000000
[ 113.423313] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 113.423317] CR2: 00007fce7c857000 CR3: 0000000002c09000 CR4: 00000000001406e0
[ 113.423323] Call Trace:
[ 113.423331] __remove_mapping+0x1c2/0x380
[ 113.423337] shrink_page_list+0x123c/0x1d00
[ 113.423343] shrink_inactive_list+0x130/0x300
[ 113.423348] shrink_node_memcg+0x20e/0x740
[ 113.423354] shrink_node+0xba/0x420
[ 113.423359] balance_pgdat+0x27d/0x4d0
[ 113.423365] kswapd+0x216/0x300
[ 113.423372] ? wait_woken+0x80/0x80
[ 113.423378] ? balance_pgdat+0x4d0/0x4d0
[ 113.423384] kthread+0x106/0x120
[ 113.423389] ? kthread_create_on_node+0x40/0x40
[ 113.423398] ret_from_fork+0x1f/0x30
[ 113.423405] Modules linked in: i915 intel_gtt drm_kms_helper
[ 113.423414] ---[ end trace 328930613dd77e06 ]---
[ 113.454546] RIP: 0010:__delete_from_swap_cache.cold.17+0x30/0x36
> VM_BUG_ON_PAGE(entry != page, entry);
> set_page_private(page + i, 0);
> xas_next(&xas);
> }
>
> I'll re-read the patch and see if I can figure out how the cache is getting
> screwed up. Given what you said, probably on the swap-in path.
It may be self-incriminating, but this only occurs when i915.ko is also
involved via shrink_slab.
-Chris
Quoting Matthew Wilcox (2019-06-02 11:51:50)
> On Sat, Jun 01, 2019 at 12:44:28PM +0100, Chris Wilson wrote:
> > Quoting Chris Wilson (2019-06-01 10:26:21)
> > > Quoting Matthew Wilcox (2019-03-07 15:30:51)
> > > > Transparent Huge Pages are currently stored in i_pages as pointers to
> > > > consecutive subpages. This patch changes that to storing consecutive
> > > > pointers to the head page in preparation for storing huge pages more
> > > > efficiently in i_pages.
> > > >
> > > > Large parts of this are "inspired" by Kirill's patch
> > > > https://lore.kernel.org/lkml/[email protected]/
> > > >
> > > > Signed-off-by: Matthew Wilcox <[email protected]>
> > > > Acked-by: Jan Kara <[email protected]>
> > > > Reviewed-by: Kirill Shutemov <[email protected]>
> > > > Reviewed-and-tested-by: Song Liu <[email protected]>
> > > > Tested-by: William Kucharski <[email protected]>
> > > > Reviewed-by: William Kucharski <[email protected]>
> > >
> > > I've bisected some new softlockups under THP mempressure to this patch.
> > > They are all rcu stalls that look similar to:
> > > [ 242.645276] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
> > > [ 242.645293] rcu: Tasks blocked on level-0 rcu_node (CPUs 0-3): P828
> > > [ 242.645301] (detected by 1, t=5252 jiffies, g=55501, q=221)
> > > [ 242.645307] gem_syslatency R running task 0 828 815 0x00004000
> > > [ 242.645315] Call Trace:
> > > [ 242.645326] ? __schedule+0x1a0/0x440
> > > [ 242.645332] ? preempt_schedule_irq+0x27/0x50
> > > [ 242.645337] ? apic_timer_interrupt+0xa/0x20
> > > [ 242.645342] ? xas_load+0x3c/0x80
> > > [ 242.645347] ? xas_load+0x8/0x80
> > > [ 242.645353] ? find_get_entry+0x4f/0x130
> > > [ 242.645358] ? pagecache_get_page+0x2b/0x210
> > > [ 242.645364] ? lookup_swap_cache+0x42/0x100
> > > [ 242.645371] ? do_swap_page+0x6f/0x600
> > > [ 242.645375] ? unmap_region+0xc2/0xe0
> > > [ 242.645380] ? __handle_mm_fault+0x7a9/0xfa0
> > > [ 242.645385] ? handle_mm_fault+0xc2/0x1c0
> > > [ 242.645393] ? __do_page_fault+0x198/0x410
> > > [ 242.645399] ? page_fault+0x5/0x20
> > > [ 242.645404] ? page_fault+0x1b/0x20
> > >
> > > Any suggestions as to what information you might want?
> >
> > Perhaps,
> > [ 76.175502] page:ffffea00098e0000 count:0 mapcount:0 mapping:0000000000000000 index:0x1
> > [ 76.175525] flags: 0x8000000000000000()
> > [ 76.175533] raw: 8000000000000000 ffffea0004a7e988 ffffea000445c3c8 0000000000000000
> > [ 76.175538] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
> > [ 76.175543] page dumped because: VM_BUG_ON_PAGE(entry != page)
> > [ 76.175560] ------------[ cut here ]------------
> > [ 76.175564] kernel BUG at mm/swap_state.c:170!
> > [ 76.175574] invalid opcode: 0000 [#1] PREEMPT SMP
> > [ 76.175581] CPU: 0 PID: 131 Comm: kswapd0 Tainted: G U 5.1.0+ #247
> > [ 76.175586] Hardware name: /NUC6CAYB, BIOS AYAPLCEL.86A.0029.2016.1124.1625 11/24/2016
> > [ 76.175598] RIP: 0010:__delete_from_swap_cache+0x22e/0x340
> > [ 76.175604] Code: e8 b7 3e fd ff 48 01 1d a8 7e 04 01 48 83 c4 30 5b 5d 41 5c 41 5d 41 5e 41 5f c3 48 c7 c6 03 7e bf 81 48 89 c7 e8 92 f8 fd ff <0f> 0b 48 c7 c6 c8 7c bf 81 48 89 df e8 81 f8 fd ff 0f 0b 48 c7 c6
> > [ 76.175613] RSP: 0000:ffffc900008dba88 EFLAGS: 00010046
> > [ 76.175619] RAX: 0000000000000032 RBX: ffffea00098e0040 RCX: 0000000000000006
> > [ 76.175624] RDX: 0000000000000007 RSI: 0000000000000000 RDI: ffffffff81bf6d4c
> > [ 76.175629] RBP: ffff888265ed8640 R08: 00000000000002c2 R09: 0000000000000000
> > [ 76.175634] R10: 0000000273a4626d R11: 0000000000000000 R12: 0000000000000001
> > [ 76.175639] R13: 0000000000000040 R14: 0000000000000000 R15: ffffea00098e0000
> > [ 76.175645] FS: 0000000000000000(0000) GS:ffff888277a00000(0000) knlGS:0000000000000000
> > [ 76.175651] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> > [ 76.175656] CR2: 00007f24e4399000 CR3: 0000000002c09000 CR4: 00000000001406f0
> > [ 76.175661] Call Trace:
> > [ 76.175671] __remove_mapping+0x1c2/0x380
> > [ 76.175678] shrink_page_list+0x11db/0x1d10
> > [ 76.175684] shrink_inactive_list+0x14b/0x420
> > [ 76.175690] shrink_node_memcg+0x20e/0x740
> > [ 76.175696] shrink_node+0xba/0x420
> > [ 76.175702] balance_pgdat+0x27d/0x4d0
> > [ 76.175709] kswapd+0x216/0x300
> > [ 76.175715] ? wait_woken+0x80/0x80
> > [ 76.175721] ? balance_pgdat+0x4d0/0x4d0
> > [ 76.175726] kthread+0x106/0x120
> > [ 76.175732] ? kthread_create_on_node+0x40/0x40
> > [ 76.175739] ret_from_fork+0x1f/0x30
> > [ 76.175745] Modules linked in: i915 intel_gtt drm_kms_helper
> > [ 76.175754] ---[ end trace 8faf2ec849d50724 ]---
> > [ 76.206689] RIP: 0010:__delete_from_swap_cache+0x22e/0x340
> > [ 76.206708] Code: e8 b7 3e fd ff 48 01 1d a8 7e 04 01 48 83 c4 30 5b 5d 41 5c 41 5d 41 5e 41 5f c3 48 c7 c6 03 7e bf 81 48 89 c7 e8 92 f8 fd ff <0f> 0b 48 c7 c6 c8 7c bf 81 48 89 df e8 81 f8 fd ff 0f 0b 48 c7 c6
> > [ 76.206718] RSP: 0000:ffffc900008dba88 EFLAGS: 00010046
> > [ 76.206723] RAX: 0000000000000032 RBX: ffffea00098e0040 RCX: 0000000000000006
> > [ 76.206729] RDX: 0000000000000007 RSI: 0000000000000000 RDI: ffffffff81bf6d4c
> > [ 76.206734] RBP: ffff888265ed8640 R08: 00000000000002c2 R09: 0000000000000000
> > [ 76.206740] R10: 0000000273a4626d R11: 0000000000000000 R12: 0000000000000001
> > [ 76.206745] R13: 0000000000000040 R14: 0000000000000000 R15: ffffea00098e0000
> > [ 76.206750] FS: 0000000000000000(0000) GS:ffff888277a00000(0000) knlGS:0000000000000000
> > [ 76.206757] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
>
> Thanks for the reports, Chris.
>
> I think they're both canaries; somehow the page cache / swap cache has
> got corrupted and contains entries that it shouldn't.
>
> This second one (with the VM_BUG_ON_PAGE in __delete_from_swap_cache)
> shows a regular (non-huge) page at index 1. There are two ways we might
> have got there; one is that we asked to delete a page at index 1 which is
> no longer in the cache. The other is that we asked to delete a huge page
> at index 0, but the page wasn't subsequently stored in indices 1-511.
>
> We dump the page that we found; not the page we're looking for, so I don't
> know which. If this one's easy to reproduce, you could add:
>
> for (i = 0; i < nr; i++) {
> void *entry = xas_store(&xas, NULL);
> + if (entry != page) {
> + printk("Oh dear %d %d\n", i, nr);
> + dump_page(page, "deleting page");
> + }
> VM_BUG_ON_PAGE(entry != page, entry);
> set_page_private(page + i, 0);
> xas_next(&xas);
> }
>
> I'll re-read the patch and see if I can figure out how the cache is getting
> screwed up. Given what you said, probably on the swap-in path.
I can give you a clue, it requires split_huge_page_to_list().
-Chris
Quoting Matthew Wilcox (2019-03-07 15:30:51)
> diff --git a/mm/huge_memory.c b/mm/huge_memory.c
> index 404acdcd0455..aaf88f85d492 100644
> --- a/mm/huge_memory.c
> +++ b/mm/huge_memory.c
> @@ -2456,6 +2456,9 @@ static void __split_huge_page(struct page *page, struct list_head *list,
> if (IS_ENABLED(CONFIG_SHMEM) && PageSwapBacked(head))
> shmem_uncharge(head->mapping->host, 1);
> put_page(head + i);
> + } else if (!PageAnon(page)) {
> + __xa_store(&head->mapping->i_pages, head[i].index,
> + head + i, 0);
Forgiving the ignorant copy'n'paste, this is required:
+ } else if (PageSwapCache(page)) {
+ swp_entry_t entry = { .val = page_private(head + i) };
+ __xa_store(&swap_address_space(entry)->i_pages,
+ swp_offset(entry),
+ head + i, 0);
}
}
The locking is definitely wrong.
-Chris
On Sun, Jun 02, 2019 at 10:47:35PM +0100, Chris Wilson wrote:
> Quoting Matthew Wilcox (2019-03-07 15:30:51)
> > diff --git a/mm/huge_memory.c b/mm/huge_memory.c
> > index 404acdcd0455..aaf88f85d492 100644
> > --- a/mm/huge_memory.c
> > +++ b/mm/huge_memory.c
> > @@ -2456,6 +2456,9 @@ static void __split_huge_page(struct page *page, struct list_head *list,
> > if (IS_ENABLED(CONFIG_SHMEM) && PageSwapBacked(head))
> > shmem_uncharge(head->mapping->host, 1);
> > put_page(head + i);
> > + } else if (!PageAnon(page)) {
> > + __xa_store(&head->mapping->i_pages, head[i].index,
> > + head + i, 0);
>
> Forgiving the ignorant copy'n'paste, this is required:
>
> + } else if (PageSwapCache(page)) {
> + swp_entry_t entry = { .val = page_private(head + i) };
> + __xa_store(&swap_address_space(entry)->i_pages,
> + swp_offset(entry),
> + head + i, 0);
> }
> }
>
> The locking is definitely wrong.
Does it help with the problem, or it's just a possible lead?
--
Kirill A. Shutemov
Quoting Kirill A. Shutemov (2019-06-12 02:46:34)
> On Sun, Jun 02, 2019 at 10:47:35PM +0100, Chris Wilson wrote:
> > Quoting Matthew Wilcox (2019-03-07 15:30:51)
> > > diff --git a/mm/huge_memory.c b/mm/huge_memory.c
> > > index 404acdcd0455..aaf88f85d492 100644
> > > --- a/mm/huge_memory.c
> > > +++ b/mm/huge_memory.c
> > > @@ -2456,6 +2456,9 @@ static void __split_huge_page(struct page *page, struct list_head *list,
> > > if (IS_ENABLED(CONFIG_SHMEM) && PageSwapBacked(head))
> > > shmem_uncharge(head->mapping->host, 1);
> > > put_page(head + i);
> > > + } else if (!PageAnon(page)) {
> > > + __xa_store(&head->mapping->i_pages, head[i].index,
> > > + head + i, 0);
> >
> > Forgiving the ignorant copy'n'paste, this is required:
> >
> > + } else if (PageSwapCache(page)) {
> > + swp_entry_t entry = { .val = page_private(head + i) };
> > + __xa_store(&swap_address_space(entry)->i_pages,
> > + swp_offset(entry),
> > + head + i, 0);
> > }
> > }
> >
> > The locking is definitely wrong.
>
> Does it help with the problem, or it's just a possible lead?
It definitely solves the problem we encountered of the bad VM_PAGE
leading to RCU stalls in khugepaged. The locking is definitely wrong
though :)
-Chris
Quoting Chris Wilson (2019-06-12 08:42:05)
> Quoting Kirill A. Shutemov (2019-06-12 02:46:34)
> > On Sun, Jun 02, 2019 at 10:47:35PM +0100, Chris Wilson wrote:
> > > Quoting Matthew Wilcox (2019-03-07 15:30:51)
> > > > diff --git a/mm/huge_memory.c b/mm/huge_memory.c
> > > > index 404acdcd0455..aaf88f85d492 100644
> > > > --- a/mm/huge_memory.c
> > > > +++ b/mm/huge_memory.c
> > > > @@ -2456,6 +2456,9 @@ static void __split_huge_page(struct page *page, struct list_head *list,
> > > > if (IS_ENABLED(CONFIG_SHMEM) && PageSwapBacked(head))
> > > > shmem_uncharge(head->mapping->host, 1);
> > > > put_page(head + i);
> > > > + } else if (!PageAnon(page)) {
> > > > + __xa_store(&head->mapping->i_pages, head[i].index,
> > > > + head + i, 0);
> > >
> > > Forgiving the ignorant copy'n'paste, this is required:
> > >
> > > + } else if (PageSwapCache(page)) {
> > > + swp_entry_t entry = { .val = page_private(head + i) };
> > > + __xa_store(&swap_address_space(entry)->i_pages,
> > > + swp_offset(entry),
> > > + head + i, 0);
> > > }
> > > }
> > >
> > > The locking is definitely wrong.
> >
> > Does it help with the problem, or it's just a possible lead?
>
> It definitely solves the problem we encountered of the bad VM_PAGE
> leading to RCU stalls in khugepaged. The locking is definitely wrong
> though :)
I notice I'm not the only one to have bisected a swap related VM_PAGE_BUG
to this patch. Do we have a real fix I can put through our CI to confirm
the issue is resolved before 5.2?
-Chris