Received: by 2002:a25:d7c1:0:0:0:0:0 with SMTP id o184csp1531662ybg;
        Wed, 23 Oct 2019 17:47:04 -0700 (PDT)
X-Google-Smtp-Source: APXvYqwD4fj3oSgtkToF9abUoYNmCynE1b03BiWg2S0Efn/xCw7PD9pIxjgme9Q/+PwZz1jNX/oO
X-Received: by 2002:a50:ee12:: with SMTP id g18mr40081500eds.114.1571878024093;
        Wed, 23 Oct 2019 17:47:04 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1571878024; cv=none;
        d=google.com; s=arc-20160816;
        b=QHLME8YtdWRfI3ATkiQbbq7vMvK0XPMaIS/V0ZV56t/SshFEMFoD1Z1GBywy/JsXcB
         f5Mr/s54Y0CUMOH1Hcpcad7u2jXoUgXir5fuQM5QV/SbSiCKeD8fL6HIgGGjT4e04RUh
         1UDgEQn5837/f3JrQnOQ1i3qCE2CoK1W6TkyIcpN4K2MMmOcRJShCZHloaFbW/Ji+dPh
         CnPZoll+9oMBco0zL5f7T8nPK1lyS2ROp5b4zXBhomLvVxdzsqrvpBHOl+OT/2J2tu/Q
         vAprHmOqN96xiNxVBybtJhZuJWUt+Yt22hK9RoartU4OoBlax/bzGSblLZZx1l32+kcP
         pgbw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding
         :content-language:in-reply-to:mime-version:user-agent:date
         :message-id:organization:from:references:cc:to:subject
         :dkim-signature;
        bh=OJHao8kPiRsd3Mtcj407xdZ7Kz+GOgkvEb6Cy2YqoVQ=;
        b=MosXtQOAppqsGT6c/AkvvDtDjACQLmnVn/AGukvGcPb4DAKZeoMT/b+TRW87fSj19i
         EaAHa8IAL+kmCxVa2DCYZxiriH7za9a/ZgMfNQX7TehG4J9pXYx7Rey1bwVn636E6QXM
         eyAWaBlhu64FFih6b5GwiNPx4/DFN/ULAzzUoq6Ehpqzbad3WHDZ/aNiIdmrv1/Zet1h
         xF4dRHEGzdOqqAXJ6c5tLTDZpkIBdtU+8PMnTvlczLbcjZgpVKChPWEWlpZ1CMF6FVLU
         rUyJHNd9ZfmVzN58hzt26di5PV5gUa/QxcSUv9orTdJ/TDgRJQQ6phPENeVcyeS2QlJZ
         /QMw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=hW8rjnMH;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id j6si14649818ejj.37.2019.10.23.17.45.36;
        Wed, 23 Oct 2019 17:47:04 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=hW8rjnMH;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S2405869AbfJWOan (ORCPT <rfc822;fezhang.suse@gmail.com>
        + 99 others); Wed, 23 Oct 2019 10:30:43 -0400
Received: from us-smtp-2.mimecast.com ([207.211.31.81]:24168 "EHLO
        us-smtp-delivery-1.mimecast.com" rhost-flags-OK-OK-OK-FAIL)
        by vger.kernel.org with ESMTP id S2403845AbfJWOan (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 23 Oct 2019 10:30:43 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
        s=mimecast20190719; t=1571841041;
        h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
         to:to:cc:cc:mime-version:mime-version:content-type:content-type:
         content-transfer-encoding:content-transfer-encoding:
         in-reply-to:in-reply-to:references:references;
        bh=OJHao8kPiRsd3Mtcj407xdZ7Kz+GOgkvEb6Cy2YqoVQ=;
        b=hW8rjnMHxXLjHnQ6xB9CHhmKiV+ROwhwfNNXGS3aNtdWrFwC6Km9Y6pJ+3sFLftW7nHEeZ
        sGlmbra2ZO+RYuJimSOQpKoVx2lAByVb0PIUO+ujHS/Mvwjw7r88f/NoWNxIEaJwMbbTqV
        mx3G2VluPQNIusCHTPO4woqyfkxyWN0=
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-319-7lIMO7akMiyALgaC7ohTqA-1; Wed, 23 Oct 2019 10:30:38 -0400
Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22])
        (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
        (No client certificate requested)
        by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 70DEB1800D79;
        Wed, 23 Oct 2019 14:30:36 +0000 (UTC)
Received: from llong.remote.csb (dhcp-17-59.bos.redhat.com [10.18.17.59])
        by smtp.corp.redhat.com (Postfix) with ESMTP id A423B1001B07;
        Wed, 23 Oct 2019 14:30:30 +0000 (UTC)
Subject: Re: [PATCH] mm/vmstat: Reduce zone lock hold time when reading
 /proc/pagetypeinfo
To:     Andrew Morton <akpm@linux-foundation.org>
Cc:     linux-mm@kvack.org, linux-kernel@vger.kernel.org,
        Johannes Weiner <hannes@cmpxchg.org>,
        Michal Hocko <mhocko@kernel.org>, Roman Gushchin <guro@fb.com>,
        Vlastimil Babka <vbabka@suse.cz>,
        Konstantin Khlebnikov <khlebnikov@yandex-team.ru>,
        Jann Horn <jannh@google.com>, Song Liu <songliubraving@fb.com>,
        Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        Rafael Aquini <aquini@redhat.com>
References: <20191022162156.17316-1-longman@redhat.com>
 <20191022145902.d9c4a719c0b32175e06e4eee@linux-foundation.org>
From:   Waiman Long <longman@redhat.com>
Organization: Red Hat
Message-ID: <2236495a-ead0-e08e-3fb6-f3ab906b75b6@redhat.com>
Date:   Wed, 23 Oct 2019 10:30:30 -0400
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101
 Thunderbird/60.7.2
MIME-Version: 1.0
In-Reply-To: <20191022145902.d9c4a719c0b32175e06e4eee@linux-foundation.org>
Content-Language: en-US
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22
X-MC-Unique: 7lIMO7akMiyALgaC7ohTqA-1
X-Mimecast-Spam-Score: 0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 10/22/19 5:59 PM, Andrew Morton wrote:
> On Tue, 22 Oct 2019 12:21:56 -0400 Waiman Long <longman@redhat.com> wrote=
:
>
>> The pagetypeinfo_showfree_print() function prints out the number of
>> free blocks for each of the page orders and migrate types. The current
>> code just iterates the each of the free lists to get counts.  There are
>> bug reports about hard lockup panics when reading the /proc/pagetyeinfo
>> file just because it look too long to iterate all the free lists within
>> a zone while holing the zone lock with irq disabled.
>>
>> Given the fact that /proc/pagetypeinfo is readable by all, the possiblit=
y
>> of crashing a system by the simple act of reading /proc/pagetypeinfo
>> by any user is a security problem that needs to be addressed.
> Yes.
>
>> There is a free_area structure associated with each page order. There
>> is also a nr_free count within the free_area for all the different
>> migration types combined. Tracking the number of free list entries
>> for each migration type will probably add some overhead to the fast
>> paths like moving pages from one migration type to another which may
>> not be desirable.
>>
>> we can actually skip iterating the list of one of the migration types
>> and used nr_free to compute the missing count. Since MIGRATE_MOVABLE
>> is usually the largest one on large memory systems, this is the one
>> to be skipped. Since the printing order is migration-type =3D> order, we
>> will have to store the counts in an internal 2D array before printing
>> them out.
>>
>> Even by skipping the MIGRATE_MOVABLE pages, we may still be holding the
>> zone lock for too long blocking out other zone lock waiters from being
>> run. This can be problematic for systems with large amount of memory.
>> So a check is added to temporarily release the lock and reschedule if
>> more than 64k of list entries have been iterated for each order. With
>> a MAX_ORDER of 11, the worst case will be iterating about 700k of list
>> entries before releasing the lock.
>>
>> ...
>>
>> --- a/mm/vmstat.c
>> +++ b/mm/vmstat.c
>> @@ -1373,23 +1373,54 @@ static void pagetypeinfo_showfree_print(struct s=
eq_file *m,
>>  =09=09=09=09=09pg_data_t *pgdat, struct zone *zone)
>>  {
>>  =09int order, mtype;
>> +=09unsigned long nfree[MAX_ORDER][MIGRATE_TYPES];
> 600+ bytes is a bit much.  I guess it's OK in this situation.
>
This function is called by reading /proc/pagetypeinfo. The call stack is
rather shallow:

PID: 58188=C2=A0 TASK: ffff938a4d4f1fa0=C2=A0 CPU: 2=C2=A0=C2=A0 COMMAND: "=
sosreport"
=C2=A0#0 [ffff9483bf488e48] crash_nmi_callback at ffffffffb8c551d7
=C2=A0#1 [ffff9483bf488e58] nmi_handle at ffffffffb931d8cc
=C2=A0#2 [ffff9483bf488eb0] do_nmi at ffffffffb931dba8
=C2=A0#3 [ffff9483bf488ef0] end_repeat_nmi at ffffffffb931cd69
=C2=A0=C2=A0=C2=A0 [exception RIP: pagetypeinfo_showfree_print+0x73]
=C2=A0=C2=A0=C2=A0 RIP: ffffffffb8db7173=C2=A0 RSP: ffff938b9fcbfda0=C2=A0 =
RFLAGS: 00000006
=C2=A0=C2=A0=C2=A0 RAX: fffff0c9946d7020=C2=A0 RBX: ffff96073ffd5528=C2=A0 =
RCX: 0000000000000000
=C2=A0=C2=A0=C2=A0 RDX: 00000000001c7764=C2=A0 RSI: ffffffffb9676ab1=C2=A0 =
RDI: 0000000000000000
=C2=A0=C2=A0=C2=A0 RBP: ffff938b9fcbfdd0=C2=A0=C2=A0 R8: 000000000000000a=
=C2=A0=C2=A0 R9: 00000000fffffffe
=C2=A0=C2=A0=C2=A0 R10: 0000000000000000=C2=A0 R11: ffff938b9fcbfc36=C2=A0 =
R12: ffff942b97758240
=C2=A0=C2=A0=C2=A0 R13: ffffffffb942f730=C2=A0 R14: ffff96073ffd5000=C2=A0 =
R15: ffff96073ffd5180
=C2=A0=C2=A0=C2=A0 ORIG_RAX: ffffffffffffffff=C2=A0 CS: 0010=C2=A0 SS: 0018
--- <NMI exception stack> ---
=C2=A0#4 [ffff938b9fcbfda0] pagetypeinfo_showfree_print at ffffffffb8db7173
=C2=A0#5 [ffff938b9fcbfdd8] walk_zones_in_node at ffffffffb8db74df
=C2=A0#6 [ffff938b9fcbfe20] pagetypeinfo_show at ffffffffb8db7a29
=C2=A0#7 [ffff938b9fcbfe48] seq_read at ffffffffb8e45c3c
=C2=A0#8 [ffff938b9fcbfeb8] proc_reg_read at ffffffffb8e95070
=C2=A0#9 [ffff938b9fcbfed8] vfs_read at ffffffffb8e1f2af
#10 [ffff938b9fcbff08] sys_read at ffffffffb8e2017f
#11 [ffff938b9fcbff50] system_call_fastpath at ffffffffb932579b

So we should not be in any risk of overflowing the stack.

>> -=09for (mtype =3D 0; mtype < MIGRATE_TYPES; mtype++) {
>> -=09=09seq_printf(m, "Node %4d, zone %8s, type %12s ",
>> -=09=09=09=09=09pgdat->node_id,
>> -=09=09=09=09=09zone->name,
>> -=09=09=09=09=09migratetype_names[mtype]);
>> -=09=09for (order =3D 0; order < MAX_ORDER; ++order) {
>> +=09lockdep_assert_held(&zone->lock);
>> +=09lockdep_assert_irqs_disabled();
>> +
>> +=09/*
>> +=09 * MIGRATE_MOVABLE is usually the largest one in large memory
>> +=09 * systems. We skip iterating that list. Instead, we compute it by
>> +=09 * subtracting the total of the rests from free_area->nr_free.
>> +=09 */
>> +=09for (order =3D 0; order < MAX_ORDER; ++order) {
>> +=09=09unsigned long nr_total =3D 0;
>> +=09=09struct free_area *area =3D &(zone->free_area[order]);
>> +
>> +=09=09for (mtype =3D 0; mtype < MIGRATE_TYPES; mtype++) {
>>  =09=09=09unsigned long freecount =3D 0;
>> -=09=09=09struct free_area *area;
>>  =09=09=09struct list_head *curr;
>> =20
>> -=09=09=09area =3D &(zone->free_area[order]);
>> -
>> +=09=09=09if (mtype =3D=3D MIGRATE_MOVABLE)
>> +=09=09=09=09continue;
>>  =09=09=09list_for_each(curr, &area->free_list[mtype])
>>  =09=09=09=09freecount++;
>> -=09=09=09seq_printf(m, "%6lu ", freecount);
>> +=09=09=09nfree[order][mtype] =3D freecount;
>> +=09=09=09nr_total +=3D freecount;
>>  =09=09}
>> +=09=09nfree[order][MIGRATE_MOVABLE] =3D area->nr_free - nr_total;
>> +
>> +=09=09/*
>> +=09=09 * If we have already iterated more than 64k of list
>> +=09=09 * entries, we might have hold the zone lock for too long.
>> +=09=09 * Temporarily release the lock and reschedule before
>> +=09=09 * continuing so that other lock waiters have a chance
>> +=09=09 * to run.
>> +=09=09 */
>> +=09=09if (nr_total > (1 << 16)) {
>> +=09=09=09spin_unlock_irq(&zone->lock);
>> +=09=09=09cond_resched();
>> +=09=09=09spin_lock_irq(&zone->lock);
>> +=09=09}
>> +=09}
>> +
>> +=09for (mtype =3D 0; mtype < MIGRATE_TYPES; mtype++) {
>> +=09=09seq_printf(m, "Node %4d, zone %8s, type %12s ",
>> +=09=09=09=09=09pgdat->node_id,
>> +=09=09=09=09=09zone->name,
>> +=09=09=09=09=09migratetype_names[mtype]);
>> +=09=09for (order =3D 0; order < MAX_ORDER; ++order)
>> +=09=09=09seq_printf(m, "%6lu ", nfree[order][mtype]);
>>  =09=09seq_putc(m, '\n');
> This is not exactly a thing of beauty :( Presumably there might still
> be situations where the irq-off times remain excessive.
Yes, that is still possible.
>
> Why are we actually holding zone->lock so much?  Can we get away with
> holding it across the list_for_each() loop and nothing else?  If so,

We can certainly do that with the risk that the counts will be less
reliable for a given order. I can send a v2 patch if you think this is
safer.


> this still isn't a bulletproof fix.  Maybe just terminate the list
> walk if freecount reaches 1024.  Would anyone really care?
>
> Sigh.  I wonder if anyone really uses this thing for anything
> important.  Can we just remove it all?
>
Removing it will be a breakage of kernel API.

Another alternative is to mark the migration type in the page structure
so that we can do per-migration type nr_free tracking. That will be a
major change to the mm code.

I consider this patch lesser of the two evils.=C2=A0

Cheers,
Longman