On Tue 11-02-14 19:24:11, Kirill A. Shutemov wrote:
> Masayoshi Mizuma has reported bug with hung of application under memcg
> limit. It happens on write-protection fault to huge zero page
>
> If we successfully allocate huge page to replace zero page, but hit
> memcg limit we need to split zero page with split_huge_page_pmd() and
> fallback to small pages.
>
> Other part problem is that VM_FAULT_OOM has special meaning in
> do_huge_pmd_wp_page() context. __handle_mm_fault() expects the page to
> be split if it see VM_FAULT_OOM and it will will retry page fault
> handling. It causes infinite loop if the page was not split.
>
> do_huge_pmd_wp_zero_page_fallback() can return VM_FAULT_OOM if it failed
> to allocat one small page, so fallback to small pages will not help.
>
> The solution for this part is to replace VM_FAULT_OOM with
> VM_FAULT_FALLBACK is fallback required.
>
> Signed-off-by: Kirill A. Shutemov <kirill.shutemov@xxxxxxxxxxxxxxx>
> Reported-by: Masayoshi Mizuma <m.mizuma@xxxxxxxxxxxxxx>
FWIW
Reviewed-by: Michal Hocko <mhocko@xxxxxxx>
> ---
> mm/huge_memory.c | 9 ++++++---
> mm/memory.c | 14 +++-----------
> 2 files changed, 9 insertions(+), 14 deletions(-)
>
> diff --git a/mm/huge_memory.c b/mm/huge_memory.c
> index 82166bf974e1..65a88bef8694 100644
> --- a/mm/huge_memory.c
> +++ b/mm/huge_memory.c
> @@ -1166,8 +1166,10 @@ alloc:
> } else {
> ret = do_huge_pmd_wp_page_fallback(mm, vma, address,
> pmd, orig_pmd, page, haddr);
> - if (ret & VM_FAULT_OOM)
> + if (ret & VM_FAULT_OOM) {
> split_huge_page(page);
> + ret |= VM_FAULT_FALLBACK;
> + }
> put_page(page);
> }
> count_vm_event(THP_FAULT_FALLBACK);
> @@ -1179,9 +1181,10 @@ alloc:
> if (page) {
> split_huge_page(page);
> put_page(page);
> - }
> + } else
> + split_huge_page_pmd(vma, address, pmd);
> + ret |= VM_FAULT_FALLBACK;
> count_vm_event(THP_FAULT_FALLBACK);
> - ret |= VM_FAULT_OOM;
> goto out;
> }
>
> diff --git a/mm/memory.c b/mm/memory.c
> index be6a0c0d4ae0..3b57b7864667 100644
> --- a/mm/memory.c
> +++ b/mm/memory.c
> @@ -3703,7 +3703,6 @@ static int __handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma,
> if (unlikely(is_vm_hugetlb_page(vma)))
> return hugetlb_fault(mm, vma, address, flags);
>
> -retry:
> pgd = pgd_offset(mm, address);
> pud = pud_alloc(mm, pgd, address);
> if (!pud)
> @@ -3741,20 +3740,13 @@ retry:
> if (dirty && !pmd_write(orig_pmd)) {
> ret = do_huge_pmd_wp_page(mm, vma, address, pmd,
> orig_pmd);
> - /*
> - * If COW results in an oom, the huge pmd will
> - * have been split, so retry the fault on the
> - * pte for a smaller charge.
> - */
> - if (unlikely(ret & VM_FAULT_OOM))
> - goto retry;
> - return ret;
> + if (!(ret & VM_FAULT_FALLBACK))
> + return ret;
> } else {
> huge_pmd_set_accessed(mm, vma, address, pmd,
> orig_pmd, dirty);
> + return 0;
> }
> -
> - return 0;
> }
> }
>
> --
> 1.8.5.2
>
--
Michal Hocko
SUSE Labs
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@xxxxxxxxx. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>