On Thu, Sep 3, 2020 at 2:20 PM David Hildenbrand <david@xxxxxxxxxx> wrote: > > On 03.09.20 08:38, Michal Hocko wrote: > > On Wed 02-09-20 19:51:45, Vlastimil Babka wrote: > >> On 9/2/20 5:13 PM, Michal Hocko wrote: > >>> On Wed 02-09-20 16:55:05, Vlastimil Babka wrote: > >>>> On 9/2/20 4:26 PM, Pavel Tatashin wrote: > >>>>> On Wed, Sep 2, 2020 at 10:08 AM Michal Hocko <mhocko@xxxxxxxx> wrote: > >>>>>> > >>>>>>> > >>>>>>> Thread#1 - continue > >>>>>>> free_unref_page_commit > >>>>>>> migratetype = get_pcppage_migratetype(page); > >>>>>>> // get old migration type > >>>>>>> list_add(&page->lru, &pcp->lists[migratetype]); > >>>>>>> // add new page to already drained pcp list > >>>>>>> > >>>>>>> Thread#2 > >>>>>>> Never drains pcp again, and therefore gets stuck in the loop. > >>>>>>> > >>>>>>> The fix is to try to drain per-cpu lists again after > >>>>>>> check_pages_isolated_cb() fails. > >>>>>> > >>>>>> But this means that the page is not isolated and so it could be reused > >>>>>> for something else. No? > >>>>> > >>>>> The page is in a movable zone, has zero references, and the section is > >>>>> isolated (i.e. set_pageblock_migratetype(page, MIGRATE_ISOLATE);) is > >>>>> set. The page should be offlinable, but it is lost in a pcp list as > >>>>> that list is never drained again after the first failure to migrate > >>>>> all pages in the range. > >>>> > >>>> Yeah. To answer Michal's "it could be reused for something else" - yes, somebody > >>>> could allocate it from the pcplist before we do the extra drain. But then it > >>>> becomes "visible again" and the loop in __offline_pages() should catch it by > >>>> scan_movable_pages() - do_migrate_range(). And this time the pageblock is > >>>> already marked as isolated, so the page (freed by migration) won't end up on the > >>>> pcplist again. > >>> > >>> So the page block is marked MIGRATE_ISOLATE but the allocation itself > >>> could be used for non migrateable objects. Or does anything prevent that > >>> from happening? > >> > >> In a movable zone, the allocation should not be used for non migrateable > >> objects. E.g. if the zone was not ZONE_MOVABLE, the offlining could fail > >> regardless of this race (analogically for migrating away from CMA pageblocks). > >> > >>> We really do depend on isolation to not allow reuse when offlining. > >> > >> This is not really different than if the page on pcplist was allocated just a > >> moment before the offlining, thus isolation started. We ultimately rely on being > >> able to migrate any allocated pages away during the isolation. This "freeing to > >> pcplists" race doesn't fundamentally change anything in this regard. We just > >> have to guarantee that pages on pcplists will be eventually flushed, to make > >> forward progress, and there was a bug in this aspect. > > > > You are right. I managed to confuse myself yesterday. The race is > > impossible for !ZONE_MOVABLE because we do PageBuddy check there. And on > > the movable zone we are not losing the migrateability property. > > > > Pavel I think this will be a useful information to add to the changelog. > > We should also document this in the code to prevent from further > > confusion. I would suggest something like the following: > > > > diff --git a/mm/page_isolation.c b/mm/page_isolation.c > > index 242c03121d73..56d4892bceb8 100644 > > --- a/mm/page_isolation.c > > +++ b/mm/page_isolation.c > > @@ -170,6 +170,14 @@ __first_valid_page(unsigned long pfn, unsigned long nr_pages) > > * pageblocks we may have modified and return -EBUSY to caller. This > > * prevents two threads from simultaneously working on overlapping ranges. > > * > > + * Please note that there is no strong synchronization with the page allocator > > + * either. Pages might be freed while their page blocks are marked ISOLATED. > > + * In some cases pages might still end up on pcp lists and that would allow > > + * for their allocation even when they are in fact isolated already. Depending on > > + * how strong of a guarantee the caller needs drain_all_pages might be needed > > + * (e.g. __offline_pages will need to call it after check for isolated range for > > + * a next retry). > > + * > > As expressed in reply to v2, I dislike this hack. There is strong > synchronization, just PCP is special. Allocating from MIGRATE_ISOLATE is > just plain ugly. > > Can't we temporarily disable PCP (while some pageblock in the zone is > isolated, which we know e.g., due to the counter), so no new pages get > put into PCP lists after draining, and re-enable after no pageblocks are > isolated again? We keep draining the PCP, so it doesn't seem to be of a > lot of use during that period, no? It's a performance hit already. > > Then, we would only need exactly one drain. And we would only have to > check on the free path whether PCP is temporarily disabled. Hm, we could use a static branches to disable it, that would keep release code just as fast, but I am worried it will make code even uglier. Let's see what others in this thread think about this idea. Thank you, Pasha
