On 2022/5/9 15:55, HORIGUCHI NAOYA(堀口 直也) wrote:
> On Fri, Apr 29, 2022 at 04:49:16PM +0800, Miaohe Lin wrote:
>> On 2022/4/27 12:28, Naoya Horiguchi wrote:
>>> From: Naoya Horiguchi <naoya.horiguchi@xxxxxxx>
>>>
>>> HWPoisoned page is not supposed to prevent memory hotremove, but
>>> currently this does not properly work for hwpoisoned hugepages and the
>>> kernel tries to migrate them, which could cause consuming corrupted
>>> data.
>>>
>>> Move dissolve_free_huge_pages() before scan_movable_pages(). This is
>>> because the result of the movable check depends on the result of the
>>> dissolve. Now delayed dissolve is available, so hwpoisoned hugepages
>>> can be turned into 4kB hwpoison page which memory hotplug can handle.
>>>
>>> And clear HPageMigratable pseudo flag for hwpoisoned hugepages. This is
>>> also important because dissolve_free_huge_page() can fail. So it's
>>> still necessary to prevent do_migrate_pages() from trying to migrate
>>> hwpoison hugepages.
>>>
>>> Reported-by: Miaohe Lin <linmiaohe@xxxxxxxxxx>
>>> Signed-off-by: Naoya Horiguchi <naoya.horiguchi@xxxxxxx>
>>> ---
>>> mm/hugetlb.c | 11 +++++++++++
>>> mm/memory-failure.c | 2 ++
>>> mm/memory_hotplug.c | 23 +++++++++++------------
>>> 3 files changed, 24 insertions(+), 12 deletions(-)
>>>
>>> diff --git a/mm/hugetlb.c b/mm/hugetlb.c
>>> index 6867ea8345d1..95b1db852ca9 100644
>>> --- a/mm/hugetlb.c
>>> +++ b/mm/hugetlb.c
>>> @@ -2159,6 +2159,17 @@ int dissolve_free_huge_pages(unsigned long start_pfn, unsigned long end_pfn)
>>>
>>> for (pfn = start_pfn; pfn < end_pfn; pfn += 1 << minimum_order) {
>>> page = pfn_to_page(pfn);
>>> +
>>> + if (PageHuge(page) && PageHWPoison(page)) {
>>> + /*
>>> + * Release the last refcount from hwpoison to turn into
>>> + * a free hugepage.
>>> + */
>>> + if (page_count(page) == 1)
>>> + put_page(page);
>>> + page = hugetlb_page_hwpoison(page);
>>> + }
>>> +
>>
>> This patch looks good to me. Thanks!
>>
>> One question: Can this hugepage be put into buddy system? In free_huge_page,
>> if h->surplus_huge_pages_node[nid] > 0, hugepage might be put into buddy via
>> update_and_free_page. So it's not PageHuge anymore and won't be dissolved. If
>> this happens, the "raw error page" is still missed and might be accessed later.
>
> Yes, this put_page() could free pages directly into buddy. In such case, I
> expect __update_and_free_page() to move the PageHWpoison flag to the raw error
> page, so I think the final result should be the same.
Agree, __update_and_free_page could help move the PageHWpoison flag to the raw error page.
Thanks!
>
> Thanks,
> Naoya Horiguchi
>
