On Fri, Dec 11, 2020 at 3:46 PM Jason Gunthorpe <jgg@xxxxxxxx> wrote:
>
> On Fri, Dec 11, 2020 at 03:40:57PM -0500, Pavel Tatashin wrote:
> > On Fri, Dec 11, 2020 at 3:23 PM Jason Gunthorpe <jgg@xxxxxxxx> wrote:
> > >
> > > On Fri, Dec 11, 2020 at 03:21:39PM -0500, Pavel Tatashin wrote:
> > > > @@ -1593,7 +1592,7 @@ static long check_and_migrate_cma_pages(struct mm_struct *mm,
> > > > }
> > > >
> > > > if (!isolate_lru_page(head)) {
> > > > - list_add_tail(&head->lru, &cma_page_list);
> > > > + list_add_tail(&head->lru, &movable_page_list);
> > > > mod_node_page_state(page_pgdat(head),
> > > > NR_ISOLATED_ANON +
> > > > page_is_file_lru(head),
> > > > @@ -1605,7 +1604,7 @@ static long check_and_migrate_cma_pages(struct mm_struct *mm,
> > > > i += step;
> > > > }
> > > >
> > > > - if (!list_empty(&cma_page_list)) {
> > > > + if (!list_empty(&movable_page_list)) {
> > >
> > > You didn't answer my earlier question, is it OK that ZONE_MOVABLE
> > > pages leak out here if ioslate_lru_page() fails but the
> > > moval_page_list is empty?
> > >
> > > I think the answer is no, right?
> > In my opinion it is OK. We are doing our best to not pin movable
> > pages, but if isolate_lru_page() fails because pages are currently
> > locked by someone else, we will end up long-term pinning them.
> > See comment in this patch:
> > + * 1. Pinned pages: (long-term) pinning of movable pages is avoided
> > + * when pages are pinned and faulted, but it is still possible that
> > + * address space already has pages in ZONE_MOVABLE at the time when
> > + * pages are pinned (i.e. user has touches that memory before
> > + * pinning). In such case we try to migrate them to a different zone,
> > + * but if migration fails the pages can still end-up pinned in
> > + * ZONE_MOVABLE. In such case, memory offlining might retry a long
> > + * time and will only succeed once user application unpins pages.
>
> It is not "retry a long time" it is "might never complete" because
> userspace will hold the DMA pin indefinitely.
>
> Confused what the point of all this is then ??
>
> I thought to goal here is to make memory unplug reliable, if you leave
> a hole like this then any hostile userspace can block it forever.
You are right, I used a wording from the previous comment, and it
should be made clear that pin may be forever. Without these patches it
is guaranteed that hot-remove will fail if there are pinned pages as
ZONE_MOVABLE is actually the first to be searched. Now, it will fail
only due to exceptions listed in ZONE_MOVABLE comment:
1. pin + migration/isolation failure
2. memblock allocation due to limited amount of space for kernelcore
3. memory holes
4. hwpoison
5. Unmovable PG_offline pages (? need to study why this is a scenario).
Do you think we should unconditionally unpin pages, and return error
when isolation/migration fails?
Pasha
>
> Jason
