On Tue, May 12, 2015 at 03:00:17PM -0700, Andrew Morton wrote:
> On Tue, 12 May 2015 09:46:47 +0000 Naoya Horiguchi <n-horiguchi@xxxxxxxxxxxxx> wrote:
>
> > memory_failrue() can run in 2 different mode (specified by MF_COUNT_INCREASED)
> > in page refcount perspective. When MF_COUNT_INCREASED is set, memory_failrue()
> > assumes that the caller takes a refcount of the target page. And if cleared,
> > memory_failure() takes it in it's own.
> >
> > In current code, however, refcounting is done differently in each caller. For
> > example, madvise_hwpoison() uses get_user_pages_fast() and hwpoison_inject()
> > uses get_page_unless_zero(). So this inconsistent refcounting causes refcount
> > failure especially for thp tail pages. Typical user visible effects are like
> > memory leak or VM_BUG_ON_PAGE(!page_count(page)) in isolate_lru_page().
> >
> > To fix this refcounting issue, this patch introduces get_hwpoison_page() to
> > handle thp tail pages in the same manner for each caller of hwpoison code.
> >
> > There's a non-trivial change around unpoisoning, which now returns immediately
> > for thp with "MCE: Memory failure is now running on %#lx\n" message. This is
> > not right when split_huge_page() fails. So this patch also allows
> > unpoison_memory() to handle thp.
> >
> > ...
> >
> > /*
> > + * Get refcount for memory error handling:
> > + * - @page: raw page
> > + */
> > +inline int get_hwpoison_page(struct page *page)
> > +{
> > + struct page *head = compound_head(page);
> > +
> > + if (PageHuge(head))
> > + return get_page_unless_zero(head);
> > + else if (PageTransHuge(head))
> > + if (get_page_unless_zero(head)) {
> > + if (PageTail(page))
> > + get_page(page);
> > + return 1;
> > + } else {
> > + return 0;
> > + }
> > + else
> > + return get_page_unless_zero(page);
> > +}
>
> This function is a bit weird.
>
> - The comment looks like kerneldoc but isn't kerneldoc
OK, will fix it.
> - Why the inline? It isn't fastpath?
No, so I'll drop 'inline'.
> - The layout is rather painful. It could be
>
> if (PageHuge(head))
> return get_page_unless_zero(head);
>
> if (PageTransHuge(head)) {
> if (get_page_unless_zero(head)) {
> if (PageTail(page))
> get_page(page);
> return 1;
> } else {
> return 0;
> }
> }
>
> return get_page_unless_zero(page);
OK, will do like this.
> - Some illuminating comments would be nice. In particular that code
> path where it grabs a ref on the tail page as well as on the head
> page. What's going on there?
We can't call get_page_unless_zero() directly for thp tail pages because
that breaks thp's refcounting rule (refcount of tail pages is stored in
->_mapcount.) This code intends to comply with the rule in hwpoison code too.
So I'll comment the point.
Hmm, I found just now that I forget to put_page(head) in if (PageTail) block,
which leaks head page after thp split.
So it'll be fixed in the next version.
Thanks,
Naoya Horiguchi
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@xxxxxxxxx. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href