The fix has two steps
1. Decrement HWPoison HugeTLB huge folio's refcount when it is 1. It is
done in folios_put_refs during truncating or eviting HugeTLB file.
2. Dissolve HugeTLB HWpoison folio in free_huge_folio.
Again, just for demo purpose, not a proper fix, especially step 1.
Signed-off-by: Jiaqi Yan <jiaqiyan@xxxxxxxxxx>
---
mm/hugetlb.c | 6 ++++++
mm/swap.c | 9 ++++++++-
2 files changed, 14 insertions(+), 1 deletion(-)
diff --git a/mm/hugetlb.c b/mm/hugetlb.c
index 87761b042ed04..b28e0bc7f199f 100644
--- a/mm/hugetlb.c
+++ b/mm/hugetlb.c
@@ -1818,6 +1818,7 @@ void free_huge_folio(struct folio *folio)
int nid = folio_nid(folio);
struct hugepage_subpool *spool = hugetlb_folio_subpool(folio);
bool restore_reserve;
+ bool hwpoison = folio_test_hwpoison(folio);
unsigned long flags;
VM_BUG_ON_FOLIO(folio_ref_count(folio), folio);
@@ -1869,6 +1870,11 @@ void free_huge_folio(struct folio *folio)
remove_hugetlb_folio(h, folio, true);
spin_unlock_irqrestore(&hugetlb_lock, flags);
update_and_free_hugetlb_folio(h, folio, true);
+ } else if (hwpoison) {
+ remove_hugetlb_folio(h, folio, false);
+ h->max_huge_pages--;
+ spin_unlock_irqrestore(&hugetlb_lock, flags);
+ update_and_free_hugetlb_folio(h, folio, true);
} else {
arch_clear_hugetlb_flags(folio);
enqueue_hugetlb_folio(h, folio);
diff --git a/mm/swap.c b/mm/swap.c
index 746a5ceba42c9..d6b4d4cb4004f 100644
--- a/mm/swap.c
+++ b/mm/swap.c
@@ -961,7 +961,14 @@ void folios_put_refs(struct folio_batch *folios, unsigned int *refs)
continue;
}
- if (!folio_ref_sub_and_test(folio, nr_refs))
+ folio_ref_sub(folio, nr_refs);
+
+ if (folio_test_hugetlb(folio) &&
+ folio_ref_count(folio) == 1 &&
+ folio_test_hwpoison(folio))
+ folio_ref_dec(folio);
+
+ if (folio_ref_count(folio) > 0)
continue;
/* hugetlb has its own memcg */
--
2.48.0.rc2.279.g1de40edade-goog
