> -----Original Message-----
> From: Alistair Popple <apopple@xxxxxxxxxx>
> Sent: Tuesday, August 16, 2022 08:01
> To: Wang, Haiyue <haiyue.wang@xxxxxxxxx>
> Cc: linux-mm@xxxxxxxxx; linux-kernel@xxxxxxxxxxxxxxx; akpm@xxxxxxxxxxxxxxxxxxxx; david@xxxxxxxxxx;
> linmiaohe@xxxxxxxxxx; Huang, Ying <ying.huang@xxxxxxxxx>; songmuchun@xxxxxxxxxxxxx;
> naoya.horiguchi@xxxxxxxxx; alex.sierra@xxxxxxx; Felix Kuehling <Felix.Kuehling@xxxxxxx>
> Subject: Re: [PATCH v5 2/2] mm: fix the handling Non-LRU pages returned by follow_page
>
>
> Haiyue Wang <haiyue.wang@xxxxxxxxx> writes:
>
> > The handling Non-LRU pages returned by follow_page() jumps directly, it
> > doesn't call put_page() to handle the reference count, since 'FOLL_GET'
> > flag for follow_page() has get_page() called. Fix the zone device page
> > check by handling the page reference count correctly before returning.
> >
> > And as David reviewed, "device pages are never PageKsm pages". Drop this
> > zone device page check for break_ksm().
> >
> > Fixes: 3218f8712d6b ("mm: handling Non-LRU pages returned by vm_normal_pages")
> > Signed-off-by: Haiyue Wang <haiyue.wang@xxxxxxxxx>
> > ---
> > mm/huge_memory.c | 4 ++--
> > mm/ksm.c | 12 +++++++++---
> > mm/migrate.c | 10 +++++++---
> > 3 files changed, 18 insertions(+), 8 deletions(-)
> >
> > diff --git a/mm/huge_memory.c b/mm/huge_memory.c
> > index 8a7c1b344abe..b2ba17c3dcd7 100644
> > --- a/mm/huge_memory.c
> > +++ b/mm/huge_memory.c
> > @@ -2963,10 +2963,10 @@ static int split_huge_pages_pid(int pid, unsigned long vaddr_start,
> > /* FOLL_DUMP to ignore special (like zero) pages */
> > page = follow_page(vma, addr, FOLL_GET | FOLL_DUMP);
> >
> > - if (IS_ERR_OR_NULL(page) || is_zone_device_page(page))
> > + if (IS_ERR_OR_NULL(page))
> > continue;
> >
> > - if (!is_transparent_hugepage(page))
> > + if (is_zone_device_page(page) || !is_transparent_hugepage(page))
> > goto next;
> >
> > total++;
> > diff --git a/mm/ksm.c b/mm/ksm.c
> > index 42ab153335a2..e26f57fc1f0e 100644
> > --- a/mm/ksm.c
> > +++ b/mm/ksm.c
> > @@ -475,7 +475,7 @@ static int break_ksm(struct vm_area_struct *vma, unsigned long addr)
> > cond_resched();
> > page = follow_page(vma, addr,
> > FOLL_GET | FOLL_MIGRATION | FOLL_REMOTE);
> > - if (IS_ERR_OR_NULL(page) || is_zone_device_page(page))
> > + if (IS_ERR_OR_NULL(page))
> > break;
> > if (PageKsm(page))
> > ret = handle_mm_fault(vma, addr,
> > @@ -560,12 +560,15 @@ static struct page *get_mergeable_page(struct rmap_item *rmap_item)
> > goto out;
> >
> > page = follow_page(vma, addr, FOLL_GET);
> > - if (IS_ERR_OR_NULL(page) || is_zone_device_page(page))
> > + if (IS_ERR_OR_NULL(page))
> > goto out;
> > + if (is_zone_device_page(page))
>
> Same as for break_ksm() I think we should be able to drop the
> is_zone_device_page() check here because scan_get_next_rmap_item()
> already filters out zone device pages.
>
The 'page' for scan_get_next_rmap_item() is from 'vma' which is NOT MERGEABLE:
for (; vma; vma = vma->vm_next) {
if (!(vma->vm_flags & VM_MERGEABLE))
continue;
The 'page' for get_mergeable_page() is from 'vma' which is MERGEABLE by 'find_mergeable_vma()'
So they may be different, and the unstable_tree_search_insert() shows the logical:
'page' vs 'tree_page':
tree_page = get_mergeable_page(tree_rmap_item);
if (!tree_page)
return NULL;
/*
* Don't substitute a ksm page for a forked page.
*/
if (page == tree_page) {
put_page(tree_page);
return NULL;
}
ret = memcmp_pages(page, tree_page);
> > + goto out_putpage;
> > if (PageAnon(page)) {
> > flush_anon_page(vma, page, addr);
> > flush_dcache_page(page);
> > } else {
> > +out_putpage:
> > put_page(page);
> > out:
> > page = NULL;
> > @@ -2308,11 +2311,13 @@ static struct rmap_item *scan_get_next_rmap_item(struct page **page)
> > if (ksm_test_exit(mm))
> > break;
> > *page = follow_page(vma, ksm_scan.address, FOLL_GET);
> > - if (IS_ERR_OR_NULL(*page) || is_zone_device_page(*page)) {
> > + if (IS_ERR_OR_NULL(*page)) {
> > ksm_scan.address += PAGE_SIZE;
> > cond_resched();
> > continue;
> > }
> > + if (is_zone_device_page(*page))
> > + goto next_page;
> > if (PageAnon(*page)) {
> > flush_anon_page(vma, *page, ksm_scan.address);
> > flush_dcache_page(*page);
> > @@ -2327,6 +2332,7 @@ static struct rmap_item *scan_get_next_rmap_item(struct page **page)
> > mmap_read_unlock(mm);
> > return rmap_item;
> > }
> > +next_page:
> > put_page(*page);
> > ksm_scan.address += PAGE_SIZE;
> > cond_resched();
> > diff --git a/mm/migrate.c b/mm/migrate.c
> > index 581dfaad9257..fee12cd2f294 100644
> > --- a/mm/migrate.c
> > +++ b/mm/migrate.c
> > @@ -1672,9 +1672,12 @@ static int add_page_for_migration(struct mm_struct *mm, unsigned long addr,
> > goto out;
> >
> > err = -ENOENT;
> > - if (!page || is_zone_device_page(page))
> > + if (!page)
> > goto out;
> >
> > + if (is_zone_device_page(page))
> > + goto out_putpage;
> > +
> > err = 0;
> > if (page_to_nid(page) == node)
> > goto out_putpage;
> > @@ -1868,8 +1871,9 @@ static void do_pages_stat_array(struct mm_struct *mm, unsigned long nr_pages,
> > if (IS_ERR(page))
> > goto set_status;
> >
> > - if (page && !is_zone_device_page(page)) {
> > - err = page_to_nid(page);
> > + if (page) {
> > + err = !is_zone_device_page(page) ? page_to_nid(page)
> > + : -ENOENT;
>
> Can we remove the multiple layers of conditionals here? Something like
> this is cleaner and easier to understand IMHO:
OK, I will try it in new patch.
>
> - if (page && !is_zone_device_page(page)) {
> - err = page_to_nid(page);
> - if (foll_flags & FOLL_GET)
> - put_page(page);
> - } else {
> + if (!page) {
> err = -ENOENT;
> + goto set_status;
> }
> +
> + if (is_zone_device_page(page))
> + err = -ENOENT;
> + else
> + err = page_to_nid_page(page);
> +
> + if (foll_flags & FOLL_GET)
> + put_page(page);
>
> Thanks.
>
> - Alistair
>
> > if (foll_flags & FOLL_GET)
> > put_page(page);
> > } else {
