On Thu, 17 Mar 2022 03:28:57 -0400 Jianxing Wang <wangjianxing@xxxxxxxxxxx> wrote:
> free a large list of pages maybe cause rcu_sched starved on
> non-preemptible kernels. howerver free_unref_page_list maybe can't
> cond_resched as it maybe called in interrupt or atomic context,
> especially can't detect atomic context in CONFIG_PREEMPTION=n.
>
> tlb flush batch count depends on PAGE_SIZE, it's too large if
> PAGE_SIZE > 4K, here limit free batch count with 512.
> And add schedule point in tlb_batch_pages_flush.
>
> rcu: rcu_sched kthread starved for 5359 jiffies! g454793 f0x0
> RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=19
> [...]
> Call Trace:
> free_unref_page_list+0x19c/0x270
> release_pages+0x3cc/0x498
> tlb_flush_mmu_free+0x44/0x70
> zap_pte_range+0x450/0x738
> unmap_page_range+0x108/0x240
> unmap_vmas+0x74/0xf0
> unmap_region+0xb0/0x120
> do_munmap+0x264/0x438
> vm_munmap+0x58/0xa0
> sys_munmap+0x10/0x20
> syscall_common+0x24/0x38
tlb_batch_pages_flush() doesn't appear in this trace. I assume the call
sequence is
zap_pte_range
->tlb_flush_mmu
->tlb_flush_mmu_free
correct?
> --- a/mm/mmu_gather.c
> +++ b/mm/mmu_gather.c
> @@ -47,8 +47,20 @@ static void tlb_batch_pages_flush(struct mmu_gather *tlb)
> struct mmu_gather_batch *batch;
>
> for (batch = &tlb->local; batch && batch->nr; batch = batch->next) {
> - free_pages_and_swap_cache(batch->pages, batch->nr);
> - batch->nr = 0;
> + struct page **pages = batch->pages;
> +
> + do {
> + /*
> + * limit free batch count when PAGE_SIZE > 4K
> + */
> + unsigned int nr = min(512U, batch->nr);
> +
> + free_pages_and_swap_cache(pages, nr);
> + pages += nr;
> + batch->nr -= nr;
> +
> + cond_resched();
> + } while (batch->nr);
> }
The patch looks safe enough. But again, it's unlikely to work if the
calling task has realtime policy. The same can be said of the
cond_resched() in zap_pte_range(), and presumably many others.
I'll save this away for now and will revisit after 5.18-rc1.
How serious is this problem? Under precisely what circumstances were
you able to trigger this? In other words, do you believe that a
backport into -stable kernels is needed and if so, why?
Thanks.
