On Tue, May 25, 2021 at 4:58 PM Hugh Dickins [off-list ref] wrote:

On Tue, 25 May 2021, Yang Shi wrote:

quoted

On Tue, May 25, 2021 at 3:06 PM Hugh Dickins [off-list ref] wrote:

quoted

On Tue, 25 May 2021, Yang Shi wrote:

quoted

When debugging the bug reported by Wang Yugui [1], try_to_unmap() may
return false positive for PTE-mapped THP since page_mapcount() is used
to check if the THP is unmapped, but it just checks compound mapount and
head page's mapcount.  If the THP is PTE-mapped and head page is not
mapped, it may return false positive.

But those false positives did not matter because there was a separate
DEBUG_VM check later.

It's good to have the link to Wang Yugui's report, but that paragraph
is not really about this patch, as it has evolved now: this patch
consolidates the two DEBUG_VM checks into one VM_WARN_ON_ONCE_PAGE.

quoted

The try_to_unmap() has been changed to void function, so check
page_mapped() after it.  And changed BUG_ON to WARN_ON since it is not a
fatal issue.

The change from DEBUG_VM BUG to VM_WARN_ON_ONCE is the most important
part of this, and the reason it's good for stable: and the patch title
ought to highlight that, not the page_mapcount business.

Will update the subject and the commit log accordingly.

Thanks!

quoted

quoted

quoted

[1] https://lore.kernel.org/linux-mm/20210412180659.B9E3.409509F4@e16-tech.com/ (local)

Reviewed-by: Zi Yan <ziy@nvidia.com>
Signed-off-by: Yang Shi <redacted>

This will be required Cc: stable@vger.kernel.org
(but we don't want to Cc them on this mail).

As I said on the other, I think this should be 1/2 not 2/2.

Sure.

Great.

quoted

quoted

quoted

---
v3: Incorporated the comments from Hugh. Keep Zi Yan's reviewed-by tag
    since there is no fundamental change against v2.
v2: Removed dead code and updated the comment of try_to_unmap() per Zi
    Yan.
 mm/huge_memory.c | 17 +++++------------
 1 file changed, 5 insertions(+), 12 deletions(-)

diff --git a/mm/huge_memory.c b/mm/huge_memory.c
index 80fe642d742d..72d81d8e01b1 100644
--- a/mm/huge_memory.c
+++ b/mm/huge_memory.c

@@ -2343,6 +2343,8 @@ static void unmap_page(struct page *page)
              ttu_flags |= TTU_SPLIT_FREEZE;

      try_to_unmap(page, ttu_flags);
+
+     VM_WARN_ON_ONCE_PAGE(page_mapped(page), page);

There is one useful piece of information that dump_page() will not show:
total_mapcount(page).  Is there a way of crafting that into the output?

Not with the macros available, I think.  Maybe we should be optimistic
and assume I already have the fixes, so not worth trying to refine the
message (but I'm not entirely convinced of that!).

The trouble with
        if (VM_WARN_ON_ONCE_PAGE(page_mapped(page), page))
                pr_warn("total_mapcount:%d\n", total_mapcount(page));
is that it's printed regardless of the ONCEness.  Another "trouble"
is that it's printed so long after the page_mapped(page) check that
it may be 0 by now - but one can see that as itself informative.

We should be able to make dump_page() print total mapcount, right? The
dump_page() should be just called in some error paths so taking some
extra overhead to dump more information seems harmless, or am I
missing something? Of course, this can be done in a separate patch.

I didn't want to ask that of you, but yes, if you're willing to add
total_mapcount() into dump_page(), I think that would be ideal; and
could be helpful for other cases too.

Looking through total_mapcount(), I think it's safe to call from
dump_page() - I always worry about extending crash info with
something that depends on a maybe-corrupted pointer which would
generate a further crash and either recurse or truncate the output -
but please check that carefully.

Yes, it is possible. If the THP is being split, some VM_BUG_* might be
triggered if total_mapcount() is called. But it is still feasible to
print total mapcount as long as we implement a more robust version for
dump_page().

Yes, a separate patch please: which can come later on, and no
need for stable for that one, but good to know it's coming.

Thanks,
Hugh