On 2/18/20 1:36 PM, Mina Almasry wrote:
> On Tue, Feb 18, 2020 at 11:25 AM Mina Almasry <almasrymina@xxxxxxxxxx> wrote:
>>
>> On Tue, Feb 18, 2020 at 11:14 AM Mike Kravetz <mike.kravetz@xxxxxxxxxx> wrote:
>>>
>>> On 2/18/20 10:35 AM, Mina Almasry wrote:
>>>> On Tue, Feb 18, 2020 at 6:21 AM Qian Cai <cai@xxxxxx> wrote:
>>>>>
>>>>> On Tue, 2020-02-11 at 15:19 -0800, Andrew Morton wrote:
>>>>>> On Tue, 11 Feb 2020 13:31:20 -0800 Mina Almasry <almasrymina@xxxxxxxxxx> wrote:
>>>>>>
>>>>> [ 7933.806377][T14355] ------------[ cut here ]------------
>>>>> [ 7933.806541][T14355] kernel BUG at mm/hugetlb.c:490!
>>>>> VM_BUG_ON(t - f <= 1);
>>>>> [ 7933.806562][T14355] Oops: Exception in kernel mode, sig: 5 [#1]
>>> <snip>
>>>> Hi Qian,
>>>>
>>>> Yes this VM_BUG_ON was added by a patch in the series ("hugetlb:
>>>> disable region_add file_region coalescing") so it's definitely related
>>>> to the series. I'm taking a look at why this VM_BUG_ON fires. Can you
>>>> confirm you reproduce this by running hugemmap06 from the ltp on a
>>>> powerpc machine? Can I maybe have your config?
>>>>
>>>> Thanks!
>>>
>>> Hi Mina,
>>>
>>> Looking at the region_chg code again, we do a
>>>
>>> resv->adds_in_progress += *out_regions_needed;
>>>
>>> and then potentially drop the lock to allocate the needed entries. Could
>>> anopther thread (only adding reservation for a single page) then come in
>>> and notice that there are not enough entries in the cache and hit the
>>> VM_BUG_ON()?
>>
>> Maybe. Also I'm thinking the code thinks actual_regions_needed >=
>> in_regions_needed, but that doesn't seem like a guarantee. I think
>> this call sequence with the same t->f range would violate that:
>>
>> region_chg (regions_needed=1)
>> region_chg (regions_needed=1)
>> region_add (fills in the range)
>> region_add (in_regions_needed = 1, actual_regions_needed = 0, so
>> assumptions in the code break).
>>
>> Luckily it seems the ltp readily reproduces this, so I'm working on
>> reproducing it. I should have a fix soon, at least if I can reproduce
>> it as well.
>
> I had a bit of trouble reproducing this but I got it just now.
>
> Makes sense I've never run into this even though others can readily
> reproduce it. I happen to run my kernels on a pretty beefy 36 core
> machine and in that setup things seem to execute fast and there is
> never a queue of pending file_region inserts into the resv_map. Once I
> limited qemu to only use 2 cores I ran into the issue right away.
> Looking into a fix now.
This may not be optimal, but it resolves the issue for me. I just put it
together to test the theory that the region_chg code was at fault.
--
Mike Kravetz
diff --git a/mm/hugetlb.c b/mm/hugetlb.c
index 45219cb58ac7..f750f95ed37a 100644
--- a/mm/hugetlb.c
+++ b/mm/hugetlb.c
@@ -549,6 +549,7 @@ static long region_chg(struct resv_map *resv, long f, long t,
struct file_region *trg = NULL, *rg = NULL;
long chg = 0, i = 0, to_allocate = 0;
struct list_head allocated_regions;
+ long calc_adds_in_progress = 0;
INIT_LIST_HEAD(&allocated_regions);
@@ -561,14 +562,14 @@ static long region_chg(struct resv_map *resv, long f, long t,
if (*out_regions_needed == 0)
*out_regions_needed = 1;
- resv->adds_in_progress += *out_regions_needed;
+ calc_adds_in_progress = resv->adds_in_progress + *out_regions_needed;
/*
* Check for sufficient descriptors in the cache to accommodate
* the number of in progress add operations.
*/
- while (resv->region_cache_count < resv->adds_in_progress) {
- to_allocate = resv->adds_in_progress - resv->region_cache_count;
+ while (resv->region_cache_count < calc_adds_in_progress) {
+ to_allocate = calc_adds_in_progress - resv->region_cache_count;
/* Must drop lock to allocate a new descriptor. Note that even
* though we drop the lock here, we do not make another call to
@@ -593,8 +594,20 @@ static long region_chg(struct resv_map *resv, long f, long t,
list_add(&rg->link, &resv->region_cache);
resv->region_cache_count++;
}
+
+ chg = add_reservation_in_range(resv, f, t, NULL, NULL,
+ out_regions_needed, true);
+
+ if (*out_regions_needed == 0)
+ *out_regions_needed = 1;
+
+ calc_adds_in_progress = resv->adds_in_progress +
+ *out_regions_needed;
+
}
+ resv->adds_in_progress += *out_regions_needed;
+
spin_unlock(&resv->lock);
return chg;
