Re: [PATCH] mm/page_alloc: don't corrupt pcppage_migratetype

Vlastimil Babka <vbabka@xxxxxxx> · Thu, 12 Aug 2021 10:17:08 +0200

On 8/11/21 8:29 PM, Doug Berger wrote:
> When placing pages on a pcp list, migratetype values over
> MIGRATE_PCPTYPES get added to the MIGRATE_MOVABLE pcp list.
> 
> However, the actual migratetype is preserved in the page and
> should not be changed to MIGRATE_MOVABLE or the page may end
> up on the wrong free_list.

Nice, how did you find out? Were there any user-visible effects? (Hint: which?
the changelog should say that so that the severity of the bug can be judged).
Otherwise I agree the bug is there and patch is fixing it. Thanks.

> Fixes: df1acc856923 ("mm/page_alloc: avoid conflating IRQs disabled with zone->lock")
> Signed-off-by: Doug Berger <opendmb@xxxxxxxxx>

Acked-by: Vlastimil Babka <vbabka@xxxxxxx>

> ---
>  mm/page_alloc.c | 25 ++++++++++++-------------
>  1 file changed, 12 insertions(+), 13 deletions(-)
> 
> diff --git a/mm/page_alloc.c b/mm/page_alloc.c
> index 73704e836649..8addb4919f75 100644
> --- a/mm/page_alloc.c
> +++ b/mm/page_alloc.c
> @@ -3436,19 +3436,10 @@ void free_unref_page_list(struct list_head *list)
>  		 * comment in free_unref_page.
>  		 */
>  		migratetype = get_pcppage_migratetype(page);
> -		if (unlikely(migratetype >= MIGRATE_PCPTYPES)) {
> -			if (unlikely(is_migrate_isolate(migratetype))) {
> -				list_del(&page->lru);
> -				free_one_page(page_zone(page), page, pfn, 0,
> -							migratetype, FPI_NONE);
> -				continue;
> -			}
> -
> -			/*
> -			 * Non-isolated types over MIGRATE_PCPTYPES get added
> -			 * to the MIGRATE_MOVABLE pcp list.
> -			 */
> -			set_pcppage_migratetype(page, MIGRATE_MOVABLE);
> +		if (unlikely(is_migrate_isolate(migratetype))) {
> +			list_del(&page->lru);
> +			free_one_page(page_zone(page), page, pfn, 0, migratetype, FPI_NONE);
> +			continue;
>  		}
>  
>  		set_page_private(page, pfn);
> @@ -3458,7 +3449,15 @@ void free_unref_page_list(struct list_head *list)
>  	list_for_each_entry_safe(page, next, list, lru) {
>  		pfn = page_private(page);
>  		set_page_private(page, 0);
> +
> +		/*
> +		 * Non-isolated types over MIGRATE_PCPTYPES get added
> +		 * to the MIGRATE_MOVABLE pcp list.
> +		 */
>  		migratetype = get_pcppage_migratetype(page);
> +		if (unlikely(migratetype >= MIGRATE_PCPTYPES))
> +			migratetype = MIGRATE_MOVABLE;
> +
>  		trace_mm_page_free_batched(page);
>  		free_unref_page_commit(page, pfn, migratetype, 0);
>  
> 