From: Greg Kroah-Hartman Date: Mon, 5 Jun 2017 13:15:56 +0000 (+0200) Subject: 3.18-stable patches X-Git-Tag: v3.18.56~18 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d140d53ca1359a783d27814d44f9a9e223eca956;p=thirdparty%2Fkernel%2Fstable-queue.git 3.18-stable patches added patches: mlock-fix-mlock-count-can-not-decrease-in-race-condition.patch mm-migrate-fix-refcount-handling-when-hugepage_migration_supported.patch --- diff --git a/queue-3.18/mlock-fix-mlock-count-can-not-decrease-in-race-condition.patch b/queue-3.18/mlock-fix-mlock-count-can-not-decrease-in-race-condition.patch new file mode 100644 index 00000000000..26eacd5ffe3 --- /dev/null +++ b/queue-3.18/mlock-fix-mlock-count-can-not-decrease-in-race-condition.patch @@ -0,0 +1,113 @@ +From 70feee0e1ef331b22cc51f383d532a0d043fbdcc Mon Sep 17 00:00:00 2001 +From: Yisheng Xie +Date: Fri, 2 Jun 2017 14:46:43 -0700 +Subject: mlock: fix mlock count can not decrease in race condition + +From: Yisheng Xie + +commit 70feee0e1ef331b22cc51f383d532a0d043fbdcc upstream. + +Kefeng reported that when running the follow test, the mlock count in +meminfo will increase permanently: + + [1] testcase + linux:~ # cat test_mlockal + grep Mlocked /proc/meminfo + for j in `seq 0 10` + do + for i in `seq 4 15` + do + ./p_mlockall >> log & + done + sleep 0.2 + done + # wait some time to let mlock counter decrease and 5s may not enough + sleep 5 + grep Mlocked /proc/meminfo + + linux:~ # cat p_mlockall.c + #include + #include + #include + + #define SPACE_LEN 4096 + + int main(int argc, char ** argv) + { + int ret; + void *adr = malloc(SPACE_LEN); + if (!adr) + return -1; + + ret = mlockall(MCL_CURRENT | MCL_FUTURE); + printf("mlcokall ret = %d\n", ret); + + ret = munlockall(); + printf("munlcokall ret = %d\n", ret); + + free(adr); + return 0; + } + +In __munlock_pagevec() we should decrement NR_MLOCK for each page where +we clear the PageMlocked flag. Commit 1ebb7cc6a583 ("mm: munlock: batch +NR_MLOCK zone state updates") has introduced a bug where we don't +decrement NR_MLOCK for pages where we clear the flag, but fail to +isolate them from the lru list (e.g. when the pages are on some other +cpu's percpu pagevec). Since PageMlocked stays cleared, the NR_MLOCK +accounting gets permanently disrupted by this. + +Fix it by counting the number of page whose PageMlock flag is cleared. + +Fixes: 1ebb7cc6a583 (" mm: munlock: batch NR_MLOCK zone state updates") +Link: http://lkml.kernel.org/r/1495678405-54569-1-git-send-email-xieyisheng1@huawei.com +Signed-off-by: Yisheng Xie +Reported-by: Kefeng Wang +Tested-by: Kefeng Wang +Cc: Vlastimil Babka +Cc: Joern Engel +Cc: Mel Gorman +Cc: Michel Lespinasse +Cc: Hugh Dickins +Cc: Rik van Riel +Cc: Johannes Weiner +Cc: Michal Hocko +Cc: Xishi Qiu +Cc: zhongjiang +Cc: Hanjun Guo +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + mm/mlock.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +--- a/mm/mlock.c ++++ b/mm/mlock.c +@@ -333,7 +333,7 @@ static void __munlock_pagevec(struct pag + { + int i; + int nr = pagevec_count(pvec); +- int delta_munlocked; ++ int delta_munlocked = -nr; + struct pagevec pvec_putback; + int pgrescued = 0; + +@@ -353,6 +353,8 @@ static void __munlock_pagevec(struct pag + continue; + else + __munlock_isolation_failed(page); ++ } else { ++ delta_munlocked++; + } + + /* +@@ -364,7 +366,6 @@ static void __munlock_pagevec(struct pag + pagevec_add(&pvec_putback, pvec->pages[i]); + pvec->pages[i] = NULL; + } +- delta_munlocked = -nr + pagevec_count(&pvec_putback); + __mod_zone_page_state(zone, NR_MLOCK, delta_munlocked); + spin_unlock_irq(&zone->lru_lock); + diff --git a/queue-3.18/mm-migrate-fix-refcount-handling-when-hugepage_migration_supported.patch b/queue-3.18/mm-migrate-fix-refcount-handling-when-hugepage_migration_supported.patch new file mode 100644 index 00000000000..ae35780031e --- /dev/null +++ b/queue-3.18/mm-migrate-fix-refcount-handling-when-hugepage_migration_supported.patch @@ -0,0 +1,87 @@ +From 30809f559a0d348c2dfd7ab05e9a451e2384962e Mon Sep 17 00:00:00 2001 +From: Punit Agrawal +Date: Fri, 2 Jun 2017 14:46:40 -0700 +Subject: mm/migrate: fix refcount handling when !hugepage_migration_supported() + +From: Punit Agrawal + +commit 30809f559a0d348c2dfd7ab05e9a451e2384962e upstream. + +On failing to migrate a page, soft_offline_huge_page() performs the +necessary update to the hugepage ref-count. + +But when !hugepage_migration_supported() , unmap_and_move_hugepage() +also decrements the page ref-count for the hugepage. The combined +behaviour leaves the ref-count in an inconsistent state. + +This leads to soft lockups when running the overcommitted hugepage test +from mce-tests suite. + + Soft offlining pfn 0x83ed600 at process virtual address 0x400000000000 + soft offline: 0x83ed600: migration failed 1, type 1fffc00000008008 (uptodate|head) + INFO: rcu_preempt detected stalls on CPUs/tasks: + Tasks blocked on level-0 rcu_node (CPUs 0-7): P2715 + (detected by 7, t=5254 jiffies, g=963, c=962, q=321) + thugetlb_overco R running task 0 2715 2685 0x00000008 + Call trace: + dump_backtrace+0x0/0x268 + show_stack+0x24/0x30 + sched_show_task+0x134/0x180 + rcu_print_detail_task_stall_rnp+0x54/0x7c + rcu_check_callbacks+0xa74/0xb08 + update_process_times+0x34/0x60 + tick_sched_handle.isra.7+0x38/0x70 + tick_sched_timer+0x4c/0x98 + __hrtimer_run_queues+0xc0/0x300 + hrtimer_interrupt+0xac/0x228 + arch_timer_handler_phys+0x3c/0x50 + handle_percpu_devid_irq+0x8c/0x290 + generic_handle_irq+0x34/0x50 + __handle_domain_irq+0x68/0xc0 + gic_handle_irq+0x5c/0xb0 + +Address this by changing the putback_active_hugepage() in +soft_offline_huge_page() to putback_movable_pages(). + +This only triggers on systems that enable memory failure handling +(ARCH_SUPPORTS_MEMORY_FAILURE) but not hugepage migration +(!ARCH_ENABLE_HUGEPAGE_MIGRATION). + +I imagine this wasn't triggered as there aren't many systems running +this configuration. + +[akpm@linux-foundation.org: remove dead comment, per Naoya] +Link: http://lkml.kernel.org/r/20170525135146.32011-1-punit.agrawal@arm.com +Reported-by: Manoj Iyer +Tested-by: Manoj Iyer +Suggested-by: Naoya Horiguchi +Signed-off-by: Punit Agrawal +Cc: Joonsoo Kim +Cc: Wanpeng Li +Cc: Christoph Lameter +Cc: Mel Gorman +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + mm/memory-failure.c | 8 ++------ + 1 file changed, 2 insertions(+), 6 deletions(-) + +--- a/mm/memory-failure.c ++++ b/mm/memory-failure.c +@@ -1570,12 +1570,8 @@ static int soft_offline_huge_page(struct + if (ret) { + pr_info("soft offline: %#lx: migration failed %d, type %lx\n", + pfn, ret, page->flags); +- /* +- * We know that soft_offline_huge_page() tries to migrate +- * only one hugepage pointed to by hpage, so we need not +- * run through the pagelist here. +- */ +- putback_active_hugepage(hpage); ++ if (!list_empty(&pagelist)) ++ putback_movable_pages(&pagelist); + if (ret > 0) + ret = -EIO; + } else { diff --git a/queue-3.18/series b/queue-3.18/series index 664944bdb7d..020789814e5 100644 --- a/queue-3.18/series +++ b/queue-3.18/series @@ -20,3 +20,5 @@ pcmcia-remove-left-over-z-format.patch alsa-hda-apply-stac_9200_dell_m22-quirk-for-dell-latitude-d430.patch slub-memcg-cure-the-brainless-abuse-of-sysfs-attributes.patch drm-gma500-psb-actually-use-vbt-mode-when-it-is-found.patch +mm-migrate-fix-refcount-handling-when-hugepage_migration_supported.patch +mlock-fix-mlock-count-can-not-decrease-in-race-condition.patch