Received: by 2002:a89:413:0:b0:1fd:dba5:e537 with SMTP id m19csp504253lqs; Thu, 13 Jun 2024 17:49:39 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCVOayYaOJ2KGIw/cadxOoZ/nS0WOjQ7Fp8UbWG6as4MZQrpvtPpd0+DEakWiVC8HOzAGGkxdxPZWoGS52liELv88arxe2s9SuunGggiDg== X-Google-Smtp-Source: AGHT+IFBiCIqqmL+eUf+mm0apu5g5UBrCr0LSi9aQIaDi3yvE/Z6jhorDKYe+fdeTxdgfIzLB48U X-Received: by 2002:a17:906:f6c7:b0:a6f:23e5:c112 with SMTP id a640c23a62f3a-a6f60d3f4c3mr76233966b.43.1718326179231; Thu, 13 Jun 2024 17:49:39 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1718326179; cv=pass; d=google.com; s=arc-20160816; b=z1DxGQlyqZLBWlaHsuPqZlAhBx3VwSn1vcpBhdgOhs9CMeyXS23lTIWaBH6Vdhjpfr roQ6lJLoVQ/++/txykbJNP62sB6SmVlFLBOiovzkKJ2g3eeAwgTnzP0yIAsdpl8LXNxN YYbe1McUAGyPqgfrdBQeAmbate1599fzj67ka7Nz93OlSBYhHNlX4xHRHAn+tnINTYMO iTfbOUPpHo2cQeQMGthEBNMZOgdmP8dADfcjWsQ4AiQg8BzzC89SYgxrJq/n9n6lJSjJ jjjZyvqlQWSNUHnI+uxv8inTRqe6ka6ATyQrL/hLBmNZGYyGG+XT5hDk/e1W8hlnBiIc 9PEQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:message-id:date:subject:cc:to :from:dkim-signature; bh=Z6jkMmRB8swkEwPnU1U4t7PuL8OFWR4mPrX+ypimZlA=; fh=kTMLDenPeNp2LC6O0M0DxVxs3DMawc00lIVty1o3BPk=; b=a5vhIXlt+uMqwQCJD2INybH6fm9Yi4iFt8wj1Iu2pK+zb1+3QrhkSPBsvdeF0JLIQ+ wEWriNgYlAMGHsEo9T07CY9jAow0tbJXSEmG0NjJJMDfWQ3bs5oYK75oHhw9S2XJ5j+2 NX0qiwFbvEXQzMAyVwuyn1c3TSEzIKhPFls1ZTDzFeHES6RmBZ+TkqVgz6PujdUYr8ag mlyCqew0WdL2iGhll1H9gNjcsj0r5o27MetgyKcyDRYyEQ42u4hp4eCOtWgaf114FwXt fEVso1GosR4RZ67h2DOuWbPjbXQOqSJG8X1sZhkKSjkq1qAeNLWO3cdWDEHDW5r10U3p 9h1A==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@linux.alibaba.com header.s=default header.b=dvNwvf77; arc=pass (i=1 spf=pass spfdomain=linux.alibaba.com dkim=pass dkdomain=linux.alibaba.com dmarc=pass fromdomain=linux.alibaba.com); spf=pass (google.com: domain of linux-kernel+bounces-214153-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-214153-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.alibaba.com Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [2604:1380:4601:e00::3]) by mx.google.com with ESMTPS id a640c23a62f3a-a6f56dd5e8dsi115800566b.400.2024.06.13.17.49.39 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 13 Jun 2024 17:49:39 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-214153-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) client-ip=2604:1380:4601:e00::3; Authentication-Results: mx.google.com; dkim=pass header.i=@linux.alibaba.com header.s=default header.b=dvNwvf77; arc=pass (i=1 spf=pass spfdomain=linux.alibaba.com dkim=pass dkdomain=linux.alibaba.com dmarc=pass fromdomain=linux.alibaba.com); spf=pass (google.com: domain of linux-kernel+bounces-214153-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-214153-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.alibaba.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id A69FD1F22801 for ; Fri, 14 Jun 2024 00:49:38 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 32BF223D7; Fri, 14 Jun 2024 00:49:33 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux.alibaba.com header.i=@linux.alibaba.com header.b="dvNwvf77" Received: from out30-131.freemail.mail.aliyun.com (out30-131.freemail.mail.aliyun.com [115.124.30.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BE53D944D for ; Fri, 14 Jun 2024 00:49:29 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=115.124.30.131 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1718326172; cv=none; b=hXDMXbPpjChO+vK9ggx0gtaNHU2O7y0sj2jRTGXJHed0WvDySwN4zOHv/V1JxYgT1ma/yKAFaMkNiuhJ4TCaDZwOw1T9Zi3CDJzqJ0xWGBQppfLxWVV5N0PfdrfTYPqEOgTKh9IN/KY/vsZ/v0u55gfqbRPV9ubdEWfnrMoErN4= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1718326172; c=relaxed/simple; bh=aaWDe96vVioWhU+xKeHBvUHBjwpG2ejuj+COdT3SqGk=; h=From:To:Cc:Subject:Date:Message-Id:MIME-Version; b=TM6uxaRGCjGEnF4OJY6m0t+OwQEZ+rn4pJlxkDagccJi3TxeSeCRf1O5VWAwSV8j+Ac0hNEEXg6XgLVazQma8zc+DklfYfrA/cVgSzdZ3qT017UI3URAYrU0y1XvdigZYEgSztnxqBKn7XI9C7TffYPgJWPyUmHXln7omWCTTh4= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.alibaba.com; spf=pass smtp.mailfrom=linux.alibaba.com; dkim=pass (1024-bit key) header.d=linux.alibaba.com header.i=@linux.alibaba.com header.b=dvNwvf77; arc=none smtp.client-ip=115.124.30.131 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.alibaba.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.alibaba.com DKIM-Signature:v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.alibaba.com; s=default; t=1718326167; h=From:To:Subject:Date:Message-Id:MIME-Version; bh=Z6jkMmRB8swkEwPnU1U4t7PuL8OFWR4mPrX+ypimZlA=; b=dvNwvf773JjfCvO+aAxAlI9di289/q/85tyExmEB1LIaWyy6ym8mCU00F5oGMhp4A6eELycXMgySKSjZvj1C1ZxJD2kg1SybJh21KUYY+hRueHJE9HSH0TVvI2Je6J0QzCbKe5WF28GNZtBejscRo/YKCoyRUEgHnVCzmfKvEhQ= X-Alimail-AntiSpam:AC=PASS;BC=-1|-1;BR=01201311R121e4;CH=green;DM=||false|;DS=||;FP=0|-1|-1|-1|0|-1|-1|-1;HT=maildocker-contentspam033045075189;MF=baolin.wang@linux.alibaba.com;NM=1;PH=DS;RN=12;SR=0;TI=SMTPD_---0W8PHTzl_1718326165; Received: from localhost(mailfrom:baolin.wang@linux.alibaba.com fp:SMTPD_---0W8PHTzl_1718326165) by smtp.aliyun-inc.com; Fri, 14 Jun 2024 08:49:26 +0800 From: Baolin Wang To: akpm@linux-foundation.org, hughd@google.com Cc: mhocko@kernel.org, roman.gushchin@linux.dev, shakeel.butt@linux.dev, muchun.song@linux.dev, hannes@cmpxchg.org, nphamcs@gmail.com, yosryahmed@google.com, baolin.wang@linux.alibaba.com, linux-mm@kvack.org, linux-kernel@vger.kernel.org Subject: [PATCH v2] mm: shmem: fix getting incorrect lruvec when replacing a shmem folio Date: Fri, 14 Jun 2024 08:49:13 +0800 Message-Id: <5ab860d8ee987955e917748f9d6da525d3b52690.1718326003.git.baolin.wang@linux.alibaba.com> X-Mailer: git-send-email 2.39.3 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit When testing shmem swapin, I encountered the warning below on my machine. The reason is that replacing an old shmem folio with a new one causes mem_cgroup_migrate() to clear the old folio's memcg data. As a result, the old folio cannot get the correct memcg's lruvec needed to remove itself from the LRU list when it is being freed. This could lead to possible serious problems, such as LRU list crashes due to holding the wrong LRU lock, and incorrect LRU statistics. To fix this issue, we can fallback to use the mem_cgroup_replace_folio() to replace the old shmem folio. [ 5241.100311] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5d9960 [ 5241.100317] head: order:4 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 5241.100319] flags: 0x17fffe0000040068(uptodate|lru|head|swapbacked|node=0|zone=2|lastcpupid=0x3ffff) [ 5241.100323] raw: 17fffe0000040068 fffffdffd6687948 fffffdffd69ae008 0000000000000000 [ 5241.100325] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 5241.100326] head: 17fffe0000040068 fffffdffd6687948 fffffdffd69ae008 0000000000000000 [ 5241.100327] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 5241.100328] head: 17fffe0000000204 fffffdffd6665801 ffffffffffffffff 0000000000000000 [ 5241.100329] head: 0000000a00000010 0000000000000000 00000000ffffffff 0000000000000000 [ 5241.100330] page dumped because: VM_WARN_ON_ONCE_FOLIO(!memcg && !mem_cgroup_disabled()) [ 5241.100338] ------------[ cut here ]------------ [ 5241.100339] WARNING: CPU: 19 PID: 78402 at include/linux/memcontrol.h:775 folio_lruvec_lock_irqsave+0x140/0x150 [...] [ 5241.100374] pc : folio_lruvec_lock_irqsave+0x140/0x150 [ 5241.100375] lr : folio_lruvec_lock_irqsave+0x138/0x150 [ 5241.100376] sp : ffff80008b38b930 [...] [ 5241.100398] Call trace: [ 5241.100399] folio_lruvec_lock_irqsave+0x140/0x150 [ 5241.100401] __page_cache_release+0x90/0x300 [ 5241.100404] __folio_put+0x50/0x108 [ 5241.100406] shmem_replace_folio+0x1b4/0x240 [ 5241.100409] shmem_swapin_folio+0x314/0x528 [ 5241.100411] shmem_get_folio_gfp+0x3b4/0x930 [ 5241.100412] shmem_fault+0x74/0x160 [ 5241.100414] __do_fault+0x40/0x218 [ 5241.100417] do_shared_fault+0x34/0x1b0 [ 5241.100419] do_fault+0x40/0x168 [ 5241.100420] handle_pte_fault+0x80/0x228 [ 5241.100422] __handle_mm_fault+0x1c4/0x440 [ 5241.100424] handle_mm_fault+0x60/0x1f0 [ 5241.100426] do_page_fault+0x120/0x488 [ 5241.100429] do_translation_fault+0x4c/0x68 [ 5241.100431] do_mem_abort+0x48/0xa0 [ 5241.100434] el0_da+0x38/0xc0 [ 5241.100436] el0t_64_sync_handler+0x68/0xc0 [ 5241.100437] el0t_64_sync+0x14c/0x150 [ 5241.100439] ---[ end trace 0000000000000000 ]--- Fixes: 85ce2c517ade ("memcontrol: only transfer the memcg data for migration") Signed-off-by: Baolin Wang Reviewed-by: Shakeel Butt --- Changes from v1: - Add reviewed tag from Shakeel. - Update related comments, per Yosry. --- mm/memcontrol.c | 5 +++-- mm/shmem.c | 2 +- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/mm/memcontrol.c b/mm/memcontrol.c index a811dfff10cd..4d9fda1d84a0 100644 --- a/mm/memcontrol.c +++ b/mm/memcontrol.c @@ -7780,8 +7780,9 @@ void __mem_cgroup_uncharge_folios(struct folio_batch *folios) * @new: Replacement folio. * * Charge @new as a replacement folio for @old. @old will - * be uncharged upon free. This is only used by the page cache - * (in replace_page_cache_folio()). + * be uncharged upon free. This is used by the page cache + * and shmem (in replace_page_cache_folio() and + * shmem_replace_folio()). * * Both folios must be locked, @new->mapping must be set up. */ diff --git a/mm/shmem.c b/mm/shmem.c index 99bd3c34f0fb..4acaf02bfe44 100644 --- a/mm/shmem.c +++ b/mm/shmem.c @@ -1908,7 +1908,7 @@ static int shmem_replace_folio(struct folio **foliop, gfp_t gfp, xa_lock_irq(&swap_mapping->i_pages); error = shmem_replace_entry(swap_mapping, swap_index, old, new); if (!error) { - mem_cgroup_migrate(old, new); + mem_cgroup_replace_folio(old, new); __lruvec_stat_mod_folio(new, NR_FILE_PAGES, 1); __lruvec_stat_mod_folio(new, NR_SHMEM, 1); __lruvec_stat_mod_folio(old, NR_FILE_PAGES, -1); -- 2.39.3