* Dan Williams <dan.j.williams@xxxxxxxxx> wrote: > On Sat, Apr 29, 2017 at 7:18 AM, Ingo Molnar <mingo@xxxxxxxxxx> wrote: > > > > * Dan Williams <dan.j.williams@xxxxxxxxx> wrote: > > > >> Kirill points out that the calls to {get,put}_dev_pagemap() can be > >> removed from the mm fast path if we take a single get_dev_pagemap() > >> reference to signify that the page is alive and use the final put of the > >> page to drop that reference. > >> > >> This does require some care to make sure that any waits for the > >> percpu_ref to drop to zero occur *after* devm_memremap_page_release(), > >> since it now maintains its own elevated reference. > >> > >> Cc: Ingo Molnar <mingo@xxxxxxxxxx> > >> Cc: Jérôme Glisse <jglisse@xxxxxxxxxx> > >> Cc: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> > >> Reviewed-by: Logan Gunthorpe <logang@xxxxxxxxxxxx> > >> Suggested-by: Kirill Shutemov <kirill.shutemov@xxxxxxxxxxxxxxx> > >> Tested-by: Kirill Shutemov <kirill.shutemov@xxxxxxxxxxxxxxx> > >> Signed-off-by: Dan Williams <dan.j.williams@xxxxxxxxx> > > > > This changelog is lacking an explanation about how this solves the crashes you > > were seeing. > > Kirill? It wasn't clear to me why the conversion to generic > get_user_pages_fast() caused the reference counts to be off. Ok, the merge window is open and we really need this fix for x86/mm, so this is what I've decoded: The x86 conversion to the generic GUP code included a small change which causes crashes and data corruption in the pmem code - not good. The root cause is that the /dev/pmem driver code implicitly relies on the x86 get_user_pages() implementation doing a get_page() on the page refcount, because get_page() does a get_zone_device_page() which properly refcounts pmem's separate page struct arrays that are not present in the regular page struct structures. (The pmem driver does this because it can cover huge memory areas.) But the x86 conversion to the generic GUP code changed the get_page() to page_cache_get_speculative() which is faster but doesn't do the get_zone_device_page() call the pmem code relies on. One way to solve the regression would be to change the generic GUP code to use get_page(), but that would slow things down a bit and punish other generic-GUP using architectures for an x86-ism they did not care about. (Arguably the pmem driver was probably not working reliably for them: but nvdimm is an Intel feature, so non-x86 exposure is probably still limited.) So restructure the pmem code's interface with the MM instead: get rid of the get/put_zone_device_page() distinction, integrate put_zone_device_page() into __put_page() and and restructure the pmem completion-wait and teardown machinery. This speeds up things while also making the pmem refcounting more robust going forward. ... is this extension to the changelog correct? I'll apply this for the time being - but can still amend the text before sending it to Linus later today. Thanks, Ingo -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@xxxxxxxxx. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: <a href=mailto:"dont@xxxxxxxxx"> email@xxxxxxxxx </a>