On Thu, Mar 18, 2021 at 02:57:16PM +0000, Matthew Wilcox wrote: > On Thu, Mar 18, 2021 at 05:08:43PM +0300, Kirill A. Shutemov wrote: > > On Tue, Mar 16, 2021 at 02:09:47PM +0000, Matthew Wilcox wrote: > > > If we get a memory failure in the middle of a file THP, I think we handle > > > it poorly. > > > > > > int memory_failure(unsigned long pfn, int flags) > > > ... > > > if (TestSetPageHWPoison(p)) { > > > ... > > > orig_head = hpage = compound_head(p); > > > ... > > > if (PageTransHuge(hpage)) { > > > if (try_to_split_thp_page(p, "Memory Failure") < 0) { > > > action_result(pfn, MF_MSG_UNSPLIT_THP, MF_IGNORED); > > > return -EBUSY; > > > } > > > > > > static int try_to_split_thp_page(struct page *page, const char *msg) > > > { > > > lock_page(page); > > > if (!PageAnon(page) || unlikely(split_huge_page(page))) { > > > unsigned long pfn = page_to_pfn(page); > > > > > > unlock_page(page); > > > if (!PageAnon(page)) > > > pr_info("%s: %#lx: non anonymous thp\n", msg, pfn); > > > else > > > pr_info("%s: %#lx: thp split failed\n", msg, pfn); > > > put_page(page); > > > return -EBUSY; > > > > > > So (for some reason) we don't even try to split a file THP. But then, > > > if we take a page fault on a file THP: > > > > > > static struct page *next_uptodate_page(struct page *page, > > > ... > > > if (PageHWPoison(page)) > > > goto skip; > > > (... but we're only testing the head page here, which isn't necessarily > > > the one which got the error ...) > > > > > > if (pmd_none(*vmf->pmd) && PageTransHuge(page)) { > > > vm_fault_t ret = do_set_pmd(vmf, page); > > > > > > So we now map the PMD-sized page into userspace, even though it has a > > > HWPoison in it. > > > > > > I think there are two things that we should be doing: > > > > > > 1. Attempt to split THPs which are file-backed. That makes most of this > > > problem disappear because there won't be THPs with HWPoison, mostly. > > > > +Naoya. Could you give more context here? Recently, I tried to address the problem on https://lore.kernel.org/linux-mm/20210209062128.453814-1-nao.horiguchi@xxxxxxxxx/ but the patch was found incorrect because the related page table entries disappeared after split_huge_page() succeeded. I thought I'm going to study more, but didn't make it this week because I looked at other review requests. A pmd mapping for anonymous thp is replaced with 512 pte mappings by split_huge_page(), so I'm wondering why we don't do the same for shmem thp. > > I did some git archaeology and found this check was introduced in > 7f6bf39bbdd1 ("mm/hwpoison: fix panic due to split huge zero page") where > it wasn't intended to catch _file_ pages at all, but the zero page. > I suspect that nobody thought to look at this when introducing THP > for shmem. Yes, 7f6bf39bbdd1 was worked before thp page cache, so we did not consider it at that time. Thanks, Naoya Horiguchi > > > > 2. When the THP fails to split, use a spare page flag to indicate that > > > the THP contains a HWPoison bit in one of its subpages. There are a > > > lot of PF_SECOND flags available for this purpose. > > > > > > but I know almost nothing about the memory-failure subsystem and I'm > > > still learning all the complexities of THPs, so it's entirely possible > > > I've overlooked something important. > > > > I wounder if it would be cleaner to switch PG_hwpoison to PF_HEAD: if > > split failed we posion whole compound page. Yes, we will waste more > > memory, but it makes it much cleaner for user: just check if the page is > > poisoned. > > I think that's a poor quality implementation ... it'd cause processes > to die that weren't even touching the page that had hwpoison. Using > a PF_SECOND bit lets us do the check as cheaply as if we made hwpoison > PF_HEAD.