Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp477269yba; Sat, 4 May 2019 06:25:01 -0700 (PDT) X-Google-Smtp-Source: APXvYqzfxK82820a5GgDAQaUCVWhsPwUMDMfI+AdsCMqKgrMsSphf54jI6poXfVLg628aFiPLD2J X-Received: by 2002:a62:121c:: with SMTP id a28mr19202053pfj.58.1556976301343; Sat, 04 May 2019 06:25:01 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1556976301; cv=none; d=google.com; s=arc-20160816; b=OVM5bfAWNLPjKXSqO+zZmt3aPALXDB9rRaEbYfytEoL0Iy7xg/WTXskI3NUKZ9xl7q YuK2+wMMjymW+hP358piiWaRBxwkvIgqQxxnxvIArTJLFKw07sLXkwfWbpyVt8Dh7aX+ mSqHq9+Ie89xsEmR/N8oG6dWXohY5uE15sEAFx8OGHEsIVVLGKHHjg7vmGcJ9h4rh1sT +t8m6BhnkWhykuZ8a4eTVs+IskH+i1KyhfdVt7Zd48ayM8nu2iIfU/DnKnEe0ZSjAFsv EinidhNJSZSEWTV9VHDtpzPUoA8B4/BBHXboaPD06AEYhjBA64DM+G7fDATJofDELr/n uS4g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=mGMC4gp0OTH2/O/Fp82IT1KL0U0wtD27/na2szo7BEc=; b=AfjziXuGXMkuekdRb2YSlnwIpz0OozvUYmOSYx0Sh4hXbi2mxwDMRDPyHbv/G/0b1A lf/0iMAvuq2GNFs1feISCaEQTOh59nZIsNdtTU3vZcFOv0IsDg+2g8Mp6zBwgZPTj08Y QSSBWxrcttL1Af3YeVcM30fY8W1YGKWMRs7ahOYyb4JPYRMGb7APfky6GKJMyQdefCej F62zBJKF00Uf0aVgR0azkDCneVp9B3snMLukeua0hvlPIAzLYwWiZ79u8RWXMVqjkKMo 9Hn4Pp9KPU/rmd/X9DjRGgP503amT+zfPO2jQ2QGqkXfHkT0Wz5Gdl52U0COT4CXglqb knYA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id c11si7722352pgi.26.2019.05.04.06.24.15; Sat, 04 May 2019 06:25:01 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726770AbfEDNBm (ORCPT + 99 others); Sat, 4 May 2019 09:01:42 -0400 Received: from mx2.suse.de ([195.135.220.15]:37654 "EHLO mx1.suse.de" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1726215AbfEDNBm (ORCPT ); Sat, 4 May 2019 09:01:42 -0400 X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay2.suse.de (unknown [195.135.220.254]) by mx1.suse.de (Postfix) with ESMTP id DEE15ABF0; Sat, 4 May 2019 13:01:40 +0000 (UTC) Date: Sat, 4 May 2019 09:01:37 -0400 From: Michal Hocko To: Zhiqiang Liu Cc: mike.kravetz@oracle.com, shenkai8@huawei.com, linfeilong@huawei.com, linux-mm@kvack.org, linux-kernel@vger.kernel.org, wangwang2@huawei.com, "Zhoukang (A)" , Mingfangsen , agl@us.ibm.com, nacc@us.ibm.com Subject: Re: [PATCH] mm/hugetlb: Don't put_page in lock of hugetlb_lock Message-ID: <20190504130137.GS29835@dhcp22.suse.cz> References: <12a693da-19c8-dd2c-ea6a-0a5dc9d2db27@huawei.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <12a693da-19c8-dd2c-ea6a-0a5dc9d2db27@huawei.com> User-Agent: Mutt/1.10.1 (2018-07-13) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat 04-05-19 20:28:24, Zhiqiang Liu wrote: > From: Kai Shen > > spinlock recursion happened when do LTP test: > #!/bin/bash > ./runltp -p -f hugetlb & > ./runltp -p -f hugetlb & > ./runltp -p -f hugetlb & > ./runltp -p -f hugetlb & > ./runltp -p -f hugetlb & > > The dtor returned by get_compound_page_dtor in __put_compound_page > may be the function of free_huge_page which will lock the hugetlb_lock, > so don't put_page in lock of hugetlb_lock. > > BUG: spinlock recursion on CPU#0, hugemmap05/1079 > lock: hugetlb_lock+0x0/0x18, .magic: dead4ead, .owner: hugemmap05/1079, .owner_cpu: 0 > Call trace: > dump_backtrace+0x0/0x198 > show_stack+0x24/0x30 > dump_stack+0xa4/0xcc > spin_dump+0x84/0xa8 > do_raw_spin_lock+0xd0/0x108 > _raw_spin_lock+0x20/0x30 > free_huge_page+0x9c/0x260 > __put_compound_page+0x44/0x50 > __put_page+0x2c/0x60 > alloc_surplus_huge_page.constprop.19+0xf0/0x140 > hugetlb_acct_memory+0x104/0x378 > hugetlb_reserve_pages+0xe0/0x250 > hugetlbfs_file_mmap+0xc0/0x140 > mmap_region+0x3e8/0x5b0 > do_mmap+0x280/0x460 > vm_mmap_pgoff+0xf4/0x128 > ksys_mmap_pgoff+0xb4/0x258 > __arm64_sys_mmap+0x34/0x48 > el0_svc_common+0x78/0x130 > el0_svc_handler+0x38/0x78 > el0_svc+0x8/0xc > > Fixes: 9980d744a0 ("mm, hugetlb: get rid of surplus page accounting tricks") > Signed-off-by: Kai Shen > Signed-off-by: Feilong Lin > Reported-by: Wang Wang You are right. I must have completely missed that put_page path unconditionally takes the hugetlb_lock for hugetlb pages. Thanks for fixing this. I think this should be marked for stable because it is not hard to imagine a regular user might trigger this. Acked-by: Michal Hocko > --- > mm/hugetlb.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/mm/hugetlb.c b/mm/hugetlb.c > index 6cdc7b2..c1e7b81 100644 > --- a/mm/hugetlb.c > +++ b/mm/hugetlb.c > @@ -1574,8 +1574,9 @@ static struct page *alloc_surplus_huge_page(struct hstate *h, gfp_t gfp_mask, > */ > if (h->surplus_huge_pages >= h->nr_overcommit_huge_pages) { > SetPageHugeTemporary(page); > + spin_unlock(&hugetlb_lock); > put_page(page); > - page = NULL; > + return NULL; > } else { > h->surplus_huge_pages++; > h->surplus_huge_pages_node[page_to_nid(page)]++; > -- > 1.8.3.1 > > -- Michal Hocko SUSE Labs