Re: [PATCH] hugetlb: do not demote poisoned hugetlb pages

Miaohe Lin <linmiaohe@xxxxxxxxxx> · Tue, 8 Mar 2022 21:43:48 +0800

On 2022/3/8 5:57, Mike Kravetz wrote:
> It is possible for poisoned hugetlb pages to reside on the free lists.
> The huge page allocation routines which dequeue entries from the free
> lists make a point of avoiding poisoned pages.  There is no such check
> and avoidance in the demote code path.
> 
> If a hugetlb page on the is on a free list, poison will only be set in
> the head page rather then the page with the actual error.  If such a
> page is demoted, then the poison flag may follow the wrong page.  A page
> without error could have poison set, and a page with poison could not
> have the flag set.
> 
> Check for poison before attempting to demote a hugetlb page.  Also,
> return -EBUSY to the caller if only poisoned pages are on the free list.
> 
> Fixes: 8531fc6f52f5 ("hugetlb: add hugetlb demote page support")
> Signed-off-by: Mike Kravetz <mike.kravetz@xxxxxxxxxx>
> Cc: <stable@xxxxxxxxxxxxxxx>
> ---
>  mm/hugetlb.c | 17 ++++++++++-------
>  1 file changed, 10 insertions(+), 7 deletions(-)
> 
> diff --git a/mm/hugetlb.c b/mm/hugetlb.c
> index b34f50156f7e..f8ca7cca3c1a 100644
> --- a/mm/hugetlb.c
> +++ b/mm/hugetlb.c
> @@ -3475,7 +3475,6 @@ static int demote_pool_huge_page(struct hstate *h, nodemask_t *nodes_allowed)
>  {
>  	int nr_nodes, node;
>  	struct page *page;
> -	int rc = 0;
>  
>  	lockdep_assert_held(&hugetlb_lock);
>  
> @@ -3486,15 +3485,19 @@ static int demote_pool_huge_page(struct hstate *h, nodemask_t *nodes_allowed)
>  	}
>  
>  	for_each_node_mask_to_free(h, nr_nodes, node, nodes_allowed) {
> -		if (!list_empty(&h->hugepage_freelists[node])) {
> -			page = list_entry(h->hugepage_freelists[node].next,
> -					struct page, lru);
> -			rc = demote_free_huge_page(h, page);
> -			break;
> +		list_for_each_entry(page, &h->hugepage_freelists[node], lru) {
> +			if (PageHWPoison(page))
> +				continue;
> +
> +			return demote_free_huge_page(h, page);

It seems this patch is not ideal. Memory failure can hit the hugetlb page anytime without
holding the hugetlb_lock. So the page might become HWPoison just after the check. But this
patch should have handled the common case. Many thanks for your work. :)

>  		}
>  	}
>  
> -	return rc;
> +	/*
> +	 * Only way to get here is if all pages on free lists are poisoned.
> +	 * Return -EBUSY so that caller will not retry.
> +	 */
> +	return -EBUSY;
>  }
>  
>  #define HSTATE_ATTR_RO(_name) \
> 