linux-fsdevel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH v4] page cache: Store only head pages in i_pages
@ 2019-03-07 15:30 Matthew Wilcox
  2019-06-01  9:26 ` Chris Wilson
  2019-06-02 21:47 ` Chris Wilson
  0 siblings, 2 replies; 10+ messages in thread
From: Matthew Wilcox @ 2019-03-07 15:30 UTC (permalink / raw)
  To: Andrew Morton, linux-mm, linux-fsdevel, linux-kernel
  Cc: Matthew Wilcox, Kirill A. Shutemov, Hugh Dickins, Jan Kara, Song Liu

Transparent Huge Pages are currently stored in i_pages as pointers to
consecutive subpages.  This patch changes that to storing consecutive
pointers to the head page in preparation for storing huge pages more
efficiently in i_pages.

Large parts of this are "inspired" by Kirill's patch
https://lore.kernel.org/lkml/20170126115819.58875-2-kirill.shutemov@linux.intel.com/

Signed-off-by: Matthew Wilcox <willy@infradead.org>
Acked-by: Jan Kara <jack@suse.cz>
Reviewed-by: Kirill Shutemov <kirill@shutemov.name>
Reviewed-and-tested-by: Song Liu <songliubraving@fb.com>
Tested-by: William Kucharski <william.kucharski@oracle.com>
Reviewed-by: William Kucharski <william.kucharski@oracle.com>
---

v4: Extra tested-by and Reviewed-by tags
    Fixed a couple of comments
    Fixed a typo reported by Song
v3: Fix reporting of 'start' in find_get_pages_range() and
      find_get_pages_range_tag() (noticed by Jan)
    Fix page_cache_delete_batch() (Kirill)
    Convert migrate_page_move_mapping() (Kirill)
    Convert memfd_wait_for_pins() and memfd_tag_pins() (Kirill)
    Fix __delete_from_swap_cache() (Kirill)
v2: Rebase on top of linux-next 20190212
    Fixed a missing s/head/page/ in filemap_map_pages
    Include missing calls to xas_store() in __split_huge_page

 include/linux/pagemap.h |   9 +++
 mm/filemap.c            | 159 ++++++++++++++++------------------------
 mm/huge_memory.c        |   3 +
 mm/khugepaged.c         |   4 +-
 mm/memfd.c              |   2 +
 mm/migrate.c            |   2 +-
 mm/shmem.c              |   2 +-
 mm/swap_state.c         |   4 +-
 8 files changed, 82 insertions(+), 103 deletions(-)

diff --git a/include/linux/pagemap.h b/include/linux/pagemap.h
index b477a70cc2e4..f5d0b9e69175 100644
--- a/include/linux/pagemap.h
+++ b/include/linux/pagemap.h
@@ -332,6 +332,15 @@ static inline struct page *grab_cache_page_nowait(struct address_space *mapping,
 			mapping_gfp_mask(mapping));
 }
 
+static inline struct page *find_subpage(struct page *page, pgoff_t offset)
+{
+	VM_BUG_ON_PAGE(PageTail(page), page);
+	VM_BUG_ON_PAGE(page->index > offset, page);
+	VM_BUG_ON_PAGE(page->index + (1 << compound_order(page)) <= offset,
+			page);
+	return page - page->index + offset;
+}
+
 struct page *find_get_entry(struct address_space *mapping, pgoff_t offset);
 struct page *find_lock_entry(struct address_space *mapping, pgoff_t offset);
 unsigned find_get_entries(struct address_space *mapping, pgoff_t start,
diff --git a/mm/filemap.c b/mm/filemap.c
index a3b4021c448f..d85bb9d7de74 100644
--- a/mm/filemap.c
+++ b/mm/filemap.c
@@ -279,11 +279,11 @@ EXPORT_SYMBOL(delete_from_page_cache);
  * @pvec: pagevec with pages to delete
  *
  * The function walks over mapping->i_pages and removes pages passed in @pvec
- * from the mapping. The function expects @pvec to be sorted by page index.
+ * from the mapping. The function expects @pvec to be sorted by page index
+ * and is optimised for it to be dense.
  * It tolerates holes in @pvec (mapping entries at those indices are not
  * modified). The function expects only THP head pages to be present in the
- * @pvec and takes care to delete all corresponding tail pages from the
- * mapping as well.
+ * @pvec.
  *
  * The function expects the i_pages lock to be held.
  */
@@ -292,40 +292,44 @@ static void page_cache_delete_batch(struct address_space *mapping,
 {
 	XA_STATE(xas, &mapping->i_pages, pvec->pages[0]->index);
 	int total_pages = 0;
-	int i = 0, tail_pages = 0;
+	int i = 0;
 	struct page *page;
 
 	mapping_set_update(&xas, mapping);
 	xas_for_each(&xas, page, ULONG_MAX) {
-		if (i >= pagevec_count(pvec) && !tail_pages)
+		if (i >= pagevec_count(pvec))
 			break;
+
+		/* A swap/dax/shadow entry got inserted? Skip it. */
 		if (xa_is_value(page))
 			continue;
-		if (!tail_pages) {
-			/*
-			 * Some page got inserted in our range? Skip it. We
-			 * have our pages locked so they are protected from
-			 * being removed.
-			 */
-			if (page != pvec->pages[i]) {
-				VM_BUG_ON_PAGE(page->index >
-						pvec->pages[i]->index, page);
-				continue;
-			}
-			WARN_ON_ONCE(!PageLocked(page));
-			if (PageTransHuge(page) && !PageHuge(page))
-				tail_pages = HPAGE_PMD_NR - 1;
+		/*
+		 * A page got inserted in our range? Skip it. We have our
+		 * pages locked so they are protected from being removed.
+		 * If we see a page whose index is higher than ours, it
+		 * means our page has been removed, which shouldn't be
+		 * possible because we're holding the PageLock.
+		 */
+		if (page != pvec->pages[i]) {
+			VM_BUG_ON_PAGE(page->index > pvec->pages[i]->index,
+					page);
+			continue;
+		}
+
+		WARN_ON_ONCE(!PageLocked(page));
+
+		if (page->index == xas.xa_index)
 			page->mapping = NULL;
-			/*
-			 * Leave page->index set: truncation lookup relies
-			 * upon it
-			 */
+		/* Leave page->index set: truncation lookup relies on it */
+
+		/*
+		 * Move to the next page in the vector if this is a regular
+		 * page or the index is of the last sub-page of this compound
+		 * page.
+		 */
+		if (page->index + (1UL << compound_order(page)) - 1 ==
+				xas.xa_index)
 			i++;
-		} else {
-			VM_BUG_ON_PAGE(page->index + HPAGE_PMD_NR - tail_pages
-					!= pvec->pages[i]->index, page);
-			tail_pages--;
-		}
 		xas_store(&xas, NULL);
 		total_pages++;
 	}
@@ -1491,7 +1495,7 @@ EXPORT_SYMBOL(page_cache_prev_miss);
 struct page *find_get_entry(struct address_space *mapping, pgoff_t offset)
 {
 	XA_STATE(xas, &mapping->i_pages, offset);
-	struct page *head, *page;
+	struct page *page;
 
 	rcu_read_lock();
 repeat:
@@ -1506,25 +1510,19 @@ struct page *find_get_entry(struct address_space *mapping, pgoff_t offset)
 	if (!page || xa_is_value(page))
 		goto out;
 
-	head = compound_head(page);
-	if (!page_cache_get_speculative(head))
+	if (!page_cache_get_speculative(page))
 		goto repeat;
 
-	/* The page was split under us? */
-	if (compound_head(page) != head) {
-		put_page(head);
-		goto repeat;
-	}
-
 	/*
-	 * Has the page moved?
+	 * Has the page moved or been split?
 	 * This is part of the lockless pagecache protocol. See
 	 * include/linux/pagemap.h for details.
 	 */
 	if (unlikely(page != xas_reload(&xas))) {
-		put_page(head);
+		put_page(page);
 		goto repeat;
 	}
+	page = find_subpage(page, offset);
 out:
 	rcu_read_unlock();
 
@@ -1696,7 +1694,6 @@ unsigned find_get_entries(struct address_space *mapping,
 
 	rcu_read_lock();
 	xas_for_each(&xas, page, ULONG_MAX) {
-		struct page *head;
 		if (xas_retry(&xas, page))
 			continue;
 		/*
@@ -1707,17 +1704,13 @@ unsigned find_get_entries(struct address_space *mapping,
 		if (xa_is_value(page))
 			goto export;
 
-		head = compound_head(page);
-		if (!page_cache_get_speculative(head))
+		if (!page_cache_get_speculative(page))
 			goto retry;
 
-		/* The page was split under us? */
-		if (compound_head(page) != head)
-			goto put_page;
-
-		/* Has the page moved? */
+		/* Has the page moved or been split? */
 		if (unlikely(page != xas_reload(&xas)))
 			goto put_page;
+		page = find_subpage(page, xas.xa_index);
 
 export:
 		indices[ret] = xas.xa_index;
@@ -1726,7 +1719,7 @@ unsigned find_get_entries(struct address_space *mapping,
 			break;
 		continue;
 put_page:
-		put_page(head);
+		put_page(page);
 retry:
 		xas_reset(&xas);
 	}
@@ -1768,33 +1761,27 @@ unsigned find_get_pages_range(struct address_space *mapping, pgoff_t *start,
 
 	rcu_read_lock();
 	xas_for_each(&xas, page, end) {
-		struct page *head;
 		if (xas_retry(&xas, page))
 			continue;
 		/* Skip over shadow, swap and DAX entries */
 		if (xa_is_value(page))
 			continue;
 
-		head = compound_head(page);
-		if (!page_cache_get_speculative(head))
+		if (!page_cache_get_speculative(page))
 			goto retry;
 
-		/* The page was split under us? */
-		if (compound_head(page) != head)
-			goto put_page;
-
-		/* Has the page moved? */
+		/* Has the page moved or been split? */
 		if (unlikely(page != xas_reload(&xas)))
 			goto put_page;
 
-		pages[ret] = page;
+		pages[ret] = find_subpage(page, xas.xa_index);
 		if (++ret == nr_pages) {
 			*start = xas.xa_index + 1;
 			goto out;
 		}
 		continue;
 put_page:
-		put_page(head);
+		put_page(page);
 retry:
 		xas_reset(&xas);
 	}
@@ -1839,7 +1826,6 @@ unsigned find_get_pages_contig(struct address_space *mapping, pgoff_t index,
 
 	rcu_read_lock();
 	for (page = xas_load(&xas); page; page = xas_next(&xas)) {
-		struct page *head;
 		if (xas_retry(&xas, page))
 			continue;
 		/*
@@ -1849,24 +1835,19 @@ unsigned find_get_pages_contig(struct address_space *mapping, pgoff_t index,
 		if (xa_is_value(page))
 			break;
 
-		head = compound_head(page);
-		if (!page_cache_get_speculative(head))
+		if (!page_cache_get_speculative(page))
 			goto retry;
 
-		/* The page was split under us? */
-		if (compound_head(page) != head)
-			goto put_page;
-
-		/* Has the page moved? */
+		/* Has the page moved or been split? */
 		if (unlikely(page != xas_reload(&xas)))
 			goto put_page;
 
-		pages[ret] = page;
+		pages[ret] = find_subpage(page, xas.xa_index);
 		if (++ret == nr_pages)
 			break;
 		continue;
 put_page:
-		put_page(head);
+		put_page(page);
 retry:
 		xas_reset(&xas);
 	}
@@ -1902,7 +1883,6 @@ unsigned find_get_pages_range_tag(struct address_space *mapping, pgoff_t *index,
 
 	rcu_read_lock();
 	xas_for_each_marked(&xas, page, end, tag) {
-		struct page *head;
 		if (xas_retry(&xas, page))
 			continue;
 		/*
@@ -1913,26 +1893,21 @@ unsigned find_get_pages_range_tag(struct address_space *mapping, pgoff_t *index,
 		if (xa_is_value(page))
 			continue;
 
-		head = compound_head(page);
-		if (!page_cache_get_speculative(head))
+		if (!page_cache_get_speculative(page))
 			goto retry;
 
-		/* The page was split under us? */
-		if (compound_head(page) != head)
-			goto put_page;
-
-		/* Has the page moved? */
+		/* Has the page moved or been split? */
 		if (unlikely(page != xas_reload(&xas)))
 			goto put_page;
 
-		pages[ret] = page;
+		pages[ret] = find_subpage(page, xas.xa_index);
 		if (++ret == nr_pages) {
 			*index = xas.xa_index + 1;
 			goto out;
 		}
 		continue;
 put_page:
-		put_page(head);
+		put_page(page);
 retry:
 		xas_reset(&xas);
 	}
@@ -1981,7 +1956,6 @@ unsigned find_get_entries_tag(struct address_space *mapping, pgoff_t start,
 
 	rcu_read_lock();
 	xas_for_each_marked(&xas, page, ULONG_MAX, tag) {
-		struct page *head;
 		if (xas_retry(&xas, page))
 			continue;
 		/*
@@ -1992,17 +1966,13 @@ unsigned find_get_entries_tag(struct address_space *mapping, pgoff_t start,
 		if (xa_is_value(page))
 			goto export;
 
-		head = compound_head(page);
-		if (!page_cache_get_speculative(head))
+		if (!page_cache_get_speculative(page))
 			goto retry;
 
-		/* The page was split under us? */
-		if (compound_head(page) != head)
-			goto put_page;
-
-		/* Has the page moved? */
+		/* Has the page moved or been split? */
 		if (unlikely(page != xas_reload(&xas)))
 			goto put_page;
+		page = find_subpage(page, xas.xa_index);
 
 export:
 		indices[ret] = xas.xa_index;
@@ -2011,7 +1981,7 @@ unsigned find_get_entries_tag(struct address_space *mapping, pgoff_t start,
 			break;
 		continue;
 put_page:
-		put_page(head);
+		put_page(page);
 retry:
 		xas_reset(&xas);
 	}
@@ -2633,7 +2603,7 @@ void filemap_map_pages(struct vm_fault *vmf,
 	pgoff_t last_pgoff = start_pgoff;
 	unsigned long max_idx;
 	XA_STATE(xas, &mapping->i_pages, start_pgoff);
-	struct page *head, *page;
+	struct page *page;
 
 	rcu_read_lock();
 	xas_for_each(&xas, page, end_pgoff) {
@@ -2642,24 +2612,19 @@ void filemap_map_pages(struct vm_fault *vmf,
 		if (xa_is_value(page))
 			goto next;
 
-		head = compound_head(page);
-
 		/*
 		 * Check for a locked page first, as a speculative
 		 * reference may adversely influence page migration.
 		 */
-		if (PageLocked(head))
+		if (PageLocked(page))
 			goto next;
-		if (!page_cache_get_speculative(head))
+		if (!page_cache_get_speculative(page))
 			goto next;
 
-		/* The page was split under us? */
-		if (compound_head(page) != head)
-			goto skip;
-
-		/* Has the page moved? */
+		/* Has the page moved or been split? */
 		if (unlikely(page != xas_reload(&xas)))
 			goto skip;
+		page = find_subpage(page, xas.xa_index);
 
 		if (!PageUptodate(page) ||
 				PageReadahead(page) ||
diff --git a/mm/huge_memory.c b/mm/huge_memory.c
index 404acdcd0455..aaf88f85d492 100644
--- a/mm/huge_memory.c
+++ b/mm/huge_memory.c
@@ -2456,6 +2456,9 @@ static void __split_huge_page(struct page *page, struct list_head *list,
 			if (IS_ENABLED(CONFIG_SHMEM) && PageSwapBacked(head))
 				shmem_uncharge(head->mapping->host, 1);
 			put_page(head + i);
+		} else if (!PageAnon(page)) {
+			__xa_store(&head->mapping->i_pages, head[i].index,
+					head + i, 0);
 		}
 	}
 
diff --git a/mm/khugepaged.c b/mm/khugepaged.c
index 449044378782..7ba7a1e4fa79 100644
--- a/mm/khugepaged.c
+++ b/mm/khugepaged.c
@@ -1374,7 +1374,7 @@ static void collapse_shmem(struct mm_struct *mm,
 				result = SCAN_FAIL;
 				goto xa_locked;
 			}
-			xas_store(&xas, new_page + (index % HPAGE_PMD_NR));
+			xas_store(&xas, new_page);
 			nr_none++;
 			continue;
 		}
@@ -1450,7 +1450,7 @@ static void collapse_shmem(struct mm_struct *mm,
 		list_add_tail(&page->lru, &pagelist);
 
 		/* Finally, replace with the new page. */
-		xas_store(&xas, new_page + (index % HPAGE_PMD_NR));
+		xas_store(&xas, new_page);
 		continue;
 out_unlock:
 		unlock_page(page);
diff --git a/mm/memfd.c b/mm/memfd.c
index 650e65a46b9c..2647c898990c 100644
--- a/mm/memfd.c
+++ b/mm/memfd.c
@@ -39,6 +39,7 @@ static void memfd_tag_pins(struct xa_state *xas)
 	xas_for_each(xas, page, ULONG_MAX) {
 		if (xa_is_value(page))
 			continue;
+		page = find_subpage(page, xas->xa_index);
 		if (page_count(page) - page_mapcount(page) > 1)
 			xas_set_mark(xas, MEMFD_TAG_PINNED);
 
@@ -88,6 +89,7 @@ static int memfd_wait_for_pins(struct address_space *mapping)
 			bool clear = true;
 			if (xa_is_value(page))
 				continue;
+			page = find_subpage(page, xas.xa_index);
 			if (page_count(page) - page_mapcount(page) != 1) {
 				/*
 				 * On the last scan, we clean up all those tags
diff --git a/mm/migrate.c b/mm/migrate.c
index ac6f4939bb59..1ce24fc3af27 100644
--- a/mm/migrate.c
+++ b/mm/migrate.c
@@ -465,7 +465,7 @@ int migrate_page_move_mapping(struct address_space *mapping,
 
 		for (i = 1; i < HPAGE_PMD_NR; i++) {
 			xas_next(&xas);
-			xas_store(&xas, newpage + i);
+			xas_store(&xas, newpage);
 		}
 	}
 
diff --git a/mm/shmem.c b/mm/shmem.c
index b3db3779a30a..3a4b74cb4f14 100644
--- a/mm/shmem.c
+++ b/mm/shmem.c
@@ -614,7 +614,7 @@ static int shmem_add_to_page_cache(struct page *page,
 		if (xas_error(&xas))
 			goto unlock;
 next:
-		xas_store(&xas, page + i);
+		xas_store(&xas, page);
 		if (++i < nr) {
 			xas_next(&xas);
 			goto next;
diff --git a/mm/swap_state.c b/mm/swap_state.c
index 85245fdec8d9..eb714165afd2 100644
--- a/mm/swap_state.c
+++ b/mm/swap_state.c
@@ -132,7 +132,7 @@ int add_to_swap_cache(struct page *page, swp_entry_t entry, gfp_t gfp)
 		for (i = 0; i < nr; i++) {
 			VM_BUG_ON_PAGE(xas.xa_index != idx + i, page);
 			set_page_private(page + i, entry.val + i);
-			xas_store(&xas, page + i);
+			xas_store(&xas, page);
 			xas_next(&xas);
 		}
 		address_space->nrpages += nr;
@@ -167,7 +167,7 @@ void __delete_from_swap_cache(struct page *page, swp_entry_t entry)
 
 	for (i = 0; i < nr; i++) {
 		void *entry = xas_store(&xas, NULL);
-		VM_BUG_ON_PAGE(entry != page + i, entry);
+		VM_BUG_ON_PAGE(entry != page, entry);
 		set_page_private(page + i, 0);
 		xas_next(&xas);
 	}
-- 
2.20.1


^ permalink raw reply related	[flat|nested] 10+ messages in thread

* Re: [PATCH v4] page cache: Store only head pages in i_pages
  2019-03-07 15:30 [PATCH v4] page cache: Store only head pages in i_pages Matthew Wilcox
@ 2019-06-01  9:26 ` Chris Wilson
  2019-06-01 11:44   ` Chris Wilson
  2019-06-02 21:47 ` Chris Wilson
  1 sibling, 1 reply; 10+ messages in thread
From: Chris Wilson @ 2019-06-01  9:26 UTC (permalink / raw)
  To: Andrew Morton, Matthew Wilcox, linux-fsdevel, linux-kernel, linux-mm
  Cc: Matthew Wilcox, Kirill A. Shutemov, Hugh Dickins, Jan Kara, Song Liu

Quoting Matthew Wilcox (2019-03-07 15:30:51)
> Transparent Huge Pages are currently stored in i_pages as pointers to
> consecutive subpages.  This patch changes that to storing consecutive
> pointers to the head page in preparation for storing huge pages more
> efficiently in i_pages.
> 
> Large parts of this are "inspired" by Kirill's patch
> https://lore.kernel.org/lkml/20170126115819.58875-2-kirill.shutemov@linux.intel.com/
> 
> Signed-off-by: Matthew Wilcox <willy@infradead.org>
> Acked-by: Jan Kara <jack@suse.cz>
> Reviewed-by: Kirill Shutemov <kirill@shutemov.name>
> Reviewed-and-tested-by: Song Liu <songliubraving@fb.com>
> Tested-by: William Kucharski <william.kucharski@oracle.com>
> Reviewed-by: William Kucharski <william.kucharski@oracle.com>

I've bisected some new softlockups under THP mempressure to this patch.
They are all rcu stalls that look similar to:
[  242.645276] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
[  242.645293] rcu: 	Tasks blocked on level-0 rcu_node (CPUs 0-3): P828
[  242.645301] 	(detected by 1, t=5252 jiffies, g=55501, q=221)
[  242.645307] gem_syslatency  R  running task        0   828    815 0x00004000
[  242.645315] Call Trace:
[  242.645326]  ? __schedule+0x1a0/0x440
[  242.645332]  ? preempt_schedule_irq+0x27/0x50
[  242.645337]  ? apic_timer_interrupt+0xa/0x20
[  242.645342]  ? xas_load+0x3c/0x80
[  242.645347]  ? xas_load+0x8/0x80
[  242.645353]  ? find_get_entry+0x4f/0x130
[  242.645358]  ? pagecache_get_page+0x2b/0x210
[  242.645364]  ? lookup_swap_cache+0x42/0x100
[  242.645371]  ? do_swap_page+0x6f/0x600
[  242.645375]  ? unmap_region+0xc2/0xe0
[  242.645380]  ? __handle_mm_fault+0x7a9/0xfa0
[  242.645385]  ? handle_mm_fault+0xc2/0x1c0
[  242.645393]  ? __do_page_fault+0x198/0x410
[  242.645399]  ? page_fault+0x5/0x20
[  242.645404]  ? page_fault+0x1b/0x20

Any suggestions as to what information you might want?
-Chris

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [PATCH v4] page cache: Store only head pages in i_pages
  2019-06-01  9:26 ` Chris Wilson
@ 2019-06-01 11:44   ` Chris Wilson
  2019-06-02 10:51     ` Matthew Wilcox
  0 siblings, 1 reply; 10+ messages in thread
From: Chris Wilson @ 2019-06-01 11:44 UTC (permalink / raw)
  To: Andrew Morton, Matthew Wilcox, linux-fsdevel, linux-kernel, linux-mm
  Cc: Matthew Wilcox, Kirill A. Shutemov, Hugh Dickins, Jan Kara, Song Liu

Quoting Chris Wilson (2019-06-01 10:26:21)
> Quoting Matthew Wilcox (2019-03-07 15:30:51)
> > Transparent Huge Pages are currently stored in i_pages as pointers to
> > consecutive subpages.  This patch changes that to storing consecutive
> > pointers to the head page in preparation for storing huge pages more
> > efficiently in i_pages.
> > 
> > Large parts of this are "inspired" by Kirill's patch
> > https://lore.kernel.org/lkml/20170126115819.58875-2-kirill.shutemov@linux.intel.com/
> > 
> > Signed-off-by: Matthew Wilcox <willy@infradead.org>
> > Acked-by: Jan Kara <jack@suse.cz>
> > Reviewed-by: Kirill Shutemov <kirill@shutemov.name>
> > Reviewed-and-tested-by: Song Liu <songliubraving@fb.com>
> > Tested-by: William Kucharski <william.kucharski@oracle.com>
> > Reviewed-by: William Kucharski <william.kucharski@oracle.com>
> 
> I've bisected some new softlockups under THP mempressure to this patch.
> They are all rcu stalls that look similar to:
> [  242.645276] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
> [  242.645293] rcu:     Tasks blocked on level-0 rcu_node (CPUs 0-3): P828
> [  242.645301]  (detected by 1, t=5252 jiffies, g=55501, q=221)
> [  242.645307] gem_syslatency  R  running task        0   828    815 0x00004000
> [  242.645315] Call Trace:
> [  242.645326]  ? __schedule+0x1a0/0x440
> [  242.645332]  ? preempt_schedule_irq+0x27/0x50
> [  242.645337]  ? apic_timer_interrupt+0xa/0x20
> [  242.645342]  ? xas_load+0x3c/0x80
> [  242.645347]  ? xas_load+0x8/0x80
> [  242.645353]  ? find_get_entry+0x4f/0x130
> [  242.645358]  ? pagecache_get_page+0x2b/0x210
> [  242.645364]  ? lookup_swap_cache+0x42/0x100
> [  242.645371]  ? do_swap_page+0x6f/0x600
> [  242.645375]  ? unmap_region+0xc2/0xe0
> [  242.645380]  ? __handle_mm_fault+0x7a9/0xfa0
> [  242.645385]  ? handle_mm_fault+0xc2/0x1c0
> [  242.645393]  ? __do_page_fault+0x198/0x410
> [  242.645399]  ? page_fault+0x5/0x20
> [  242.645404]  ? page_fault+0x1b/0x20
> 
> Any suggestions as to what information you might want?

Perhaps,
[   76.175502] page:ffffea00098e0000 count:0 mapcount:0 mapping:0000000000000000 index:0x1
[   76.175525] flags: 0x8000000000000000()
[   76.175533] raw: 8000000000000000 ffffea0004a7e988 ffffea000445c3c8 0000000000000000
[   76.175538] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
[   76.175543] page dumped because: VM_BUG_ON_PAGE(entry != page)
[   76.175560] ------------[ cut here ]------------
[   76.175564] kernel BUG at mm/swap_state.c:170!
[   76.175574] invalid opcode: 0000 [#1] PREEMPT SMP
[   76.175581] CPU: 0 PID: 131 Comm: kswapd0 Tainted: G     U            5.1.0+ #247
[   76.175586] Hardware name:  /NUC6CAYB, BIOS AYAPLCEL.86A.0029.2016.1124.1625 11/24/2016
[   76.175598] RIP: 0010:__delete_from_swap_cache+0x22e/0x340
[   76.175604] Code: e8 b7 3e fd ff 48 01 1d a8 7e 04 01 48 83 c4 30 5b 5d 41 5c 41 5d 41 5e 41 5f c3 48 c7 c6 03 7e bf 81 48 89 c7 e8 92 f8 fd ff <0f> 0b 48 c7 c6 c8 7c bf 81 48 89 df e8 81 f8 fd ff 0f 0b 48 c7 c6
[   76.175613] RSP: 0000:ffffc900008dba88 EFLAGS: 00010046
[   76.175619] RAX: 0000000000000032 RBX: ffffea00098e0040 RCX: 0000000000000006
[   76.175624] RDX: 0000000000000007 RSI: 0000000000000000 RDI: ffffffff81bf6d4c
[   76.175629] RBP: ffff888265ed8640 R08: 00000000000002c2 R09: 0000000000000000
[   76.175634] R10: 0000000273a4626d R11: 0000000000000000 R12: 0000000000000001
[   76.175639] R13: 0000000000000040 R14: 0000000000000000 R15: ffffea00098e0000
[   76.175645] FS:  0000000000000000(0000) GS:ffff888277a00000(0000) knlGS:0000000000000000
[   76.175651] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   76.175656] CR2: 00007f24e4399000 CR3: 0000000002c09000 CR4: 00000000001406f0
[   76.175661] Call Trace:
[   76.175671]  __remove_mapping+0x1c2/0x380
[   76.175678]  shrink_page_list+0x11db/0x1d10
[   76.175684]  shrink_inactive_list+0x14b/0x420
[   76.175690]  shrink_node_memcg+0x20e/0x740
[   76.175696]  shrink_node+0xba/0x420
[   76.175702]  balance_pgdat+0x27d/0x4d0
[   76.175709]  kswapd+0x216/0x300
[   76.175715]  ? wait_woken+0x80/0x80
[   76.175721]  ? balance_pgdat+0x4d0/0x4d0
[   76.175726]  kthread+0x106/0x120
[   76.175732]  ? kthread_create_on_node+0x40/0x40
[   76.175739]  ret_from_fork+0x1f/0x30
[   76.175745] Modules linked in: i915 intel_gtt drm_kms_helper
[   76.175754] ---[ end trace 8faf2ec849d50724 ]---
[   76.206689] RIP: 0010:__delete_from_swap_cache+0x22e/0x340
[   76.206708] Code: e8 b7 3e fd ff 48 01 1d a8 7e 04 01 48 83 c4 30 5b 5d 41 5c 41 5d 41 5e 41 5f c3 48 c7 c6 03 7e bf 81 48 89 c7 e8 92 f8 fd ff <0f> 0b 48 c7 c6 c8 7c bf 81 48 89 df e8 81 f8 fd ff 0f 0b 48 c7 c6
[   76.206718] RSP: 0000:ffffc900008dba88 EFLAGS: 00010046
[   76.206723] RAX: 0000000000000032 RBX: ffffea00098e0040 RCX: 0000000000000006
[   76.206729] RDX: 0000000000000007 RSI: 0000000000000000 RDI: ffffffff81bf6d4c
[   76.206734] RBP: ffff888265ed8640 R08: 00000000000002c2 R09: 0000000000000000
[   76.206740] R10: 0000000273a4626d R11: 0000000000000000 R12: 0000000000000001
[   76.206745] R13: 0000000000000040 R14: 0000000000000000 R15: ffffea00098e0000
[   76.206750] FS:  0000000000000000(0000) GS:ffff888277a00000(0000) knlGS:0000000000000000
[   76.206757] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
-Chris

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [PATCH v4] page cache: Store only head pages in i_pages
  2019-06-01 11:44   ` Chris Wilson
@ 2019-06-02 10:51     ` Matthew Wilcox
  2019-06-02 13:11       ` Chris Wilson
  2019-06-02 19:28       ` Chris Wilson
  0 siblings, 2 replies; 10+ messages in thread
From: Matthew Wilcox @ 2019-06-02 10:51 UTC (permalink / raw)
  To: Chris Wilson
  Cc: Andrew Morton, linux-fsdevel, linux-kernel, linux-mm,
	Kirill A. Shutemov, Hugh Dickins, Jan Kara, Song Liu

On Sat, Jun 01, 2019 at 12:44:28PM +0100, Chris Wilson wrote:
> Quoting Chris Wilson (2019-06-01 10:26:21)
> > Quoting Matthew Wilcox (2019-03-07 15:30:51)
> > > Transparent Huge Pages are currently stored in i_pages as pointers to
> > > consecutive subpages.  This patch changes that to storing consecutive
> > > pointers to the head page in preparation for storing huge pages more
> > > efficiently in i_pages.
> > > 
> > > Large parts of this are "inspired" by Kirill's patch
> > > https://lore.kernel.org/lkml/20170126115819.58875-2-kirill.shutemov@linux.intel.com/
> > > 
> > > Signed-off-by: Matthew Wilcox <willy@infradead.org>
> > > Acked-by: Jan Kara <jack@suse.cz>
> > > Reviewed-by: Kirill Shutemov <kirill@shutemov.name>
> > > Reviewed-and-tested-by: Song Liu <songliubraving@fb.com>
> > > Tested-by: William Kucharski <william.kucharski@oracle.com>
> > > Reviewed-by: William Kucharski <william.kucharski@oracle.com>
> > 
> > I've bisected some new softlockups under THP mempressure to this patch.
> > They are all rcu stalls that look similar to:
> > [  242.645276] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
> > [  242.645293] rcu:     Tasks blocked on level-0 rcu_node (CPUs 0-3): P828
> > [  242.645301]  (detected by 1, t=5252 jiffies, g=55501, q=221)
> > [  242.645307] gem_syslatency  R  running task        0   828    815 0x00004000
> > [  242.645315] Call Trace:
> > [  242.645326]  ? __schedule+0x1a0/0x440
> > [  242.645332]  ? preempt_schedule_irq+0x27/0x50
> > [  242.645337]  ? apic_timer_interrupt+0xa/0x20
> > [  242.645342]  ? xas_load+0x3c/0x80
> > [  242.645347]  ? xas_load+0x8/0x80
> > [  242.645353]  ? find_get_entry+0x4f/0x130
> > [  242.645358]  ? pagecache_get_page+0x2b/0x210
> > [  242.645364]  ? lookup_swap_cache+0x42/0x100
> > [  242.645371]  ? do_swap_page+0x6f/0x600
> > [  242.645375]  ? unmap_region+0xc2/0xe0
> > [  242.645380]  ? __handle_mm_fault+0x7a9/0xfa0
> > [  242.645385]  ? handle_mm_fault+0xc2/0x1c0
> > [  242.645393]  ? __do_page_fault+0x198/0x410
> > [  242.645399]  ? page_fault+0x5/0x20
> > [  242.645404]  ? page_fault+0x1b/0x20
> > 
> > Any suggestions as to what information you might want?
> 
> Perhaps,
> [   76.175502] page:ffffea00098e0000 count:0 mapcount:0 mapping:0000000000000000 index:0x1
> [   76.175525] flags: 0x8000000000000000()
> [   76.175533] raw: 8000000000000000 ffffea0004a7e988 ffffea000445c3c8 0000000000000000
> [   76.175538] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
> [   76.175543] page dumped because: VM_BUG_ON_PAGE(entry != page)
> [   76.175560] ------------[ cut here ]------------
> [   76.175564] kernel BUG at mm/swap_state.c:170!
> [   76.175574] invalid opcode: 0000 [#1] PREEMPT SMP
> [   76.175581] CPU: 0 PID: 131 Comm: kswapd0 Tainted: G     U            5.1.0+ #247
> [   76.175586] Hardware name:  /NUC6CAYB, BIOS AYAPLCEL.86A.0029.2016.1124.1625 11/24/2016
> [   76.175598] RIP: 0010:__delete_from_swap_cache+0x22e/0x340
> [   76.175604] Code: e8 b7 3e fd ff 48 01 1d a8 7e 04 01 48 83 c4 30 5b 5d 41 5c 41 5d 41 5e 41 5f c3 48 c7 c6 03 7e bf 81 48 89 c7 e8 92 f8 fd ff <0f> 0b 48 c7 c6 c8 7c bf 81 48 89 df e8 81 f8 fd ff 0f 0b 48 c7 c6
> [   76.175613] RSP: 0000:ffffc900008dba88 EFLAGS: 00010046
> [   76.175619] RAX: 0000000000000032 RBX: ffffea00098e0040 RCX: 0000000000000006
> [   76.175624] RDX: 0000000000000007 RSI: 0000000000000000 RDI: ffffffff81bf6d4c
> [   76.175629] RBP: ffff888265ed8640 R08: 00000000000002c2 R09: 0000000000000000
> [   76.175634] R10: 0000000273a4626d R11: 0000000000000000 R12: 0000000000000001
> [   76.175639] R13: 0000000000000040 R14: 0000000000000000 R15: ffffea00098e0000
> [   76.175645] FS:  0000000000000000(0000) GS:ffff888277a00000(0000) knlGS:0000000000000000
> [   76.175651] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [   76.175656] CR2: 00007f24e4399000 CR3: 0000000002c09000 CR4: 00000000001406f0
> [   76.175661] Call Trace:
> [   76.175671]  __remove_mapping+0x1c2/0x380
> [   76.175678]  shrink_page_list+0x11db/0x1d10
> [   76.175684]  shrink_inactive_list+0x14b/0x420
> [   76.175690]  shrink_node_memcg+0x20e/0x740
> [   76.175696]  shrink_node+0xba/0x420
> [   76.175702]  balance_pgdat+0x27d/0x4d0
> [   76.175709]  kswapd+0x216/0x300
> [   76.175715]  ? wait_woken+0x80/0x80
> [   76.175721]  ? balance_pgdat+0x4d0/0x4d0
> [   76.175726]  kthread+0x106/0x120
> [   76.175732]  ? kthread_create_on_node+0x40/0x40
> [   76.175739]  ret_from_fork+0x1f/0x30
> [   76.175745] Modules linked in: i915 intel_gtt drm_kms_helper
> [   76.175754] ---[ end trace 8faf2ec849d50724 ]---
> [   76.206689] RIP: 0010:__delete_from_swap_cache+0x22e/0x340
> [   76.206708] Code: e8 b7 3e fd ff 48 01 1d a8 7e 04 01 48 83 c4 30 5b 5d 41 5c 41 5d 41 5e 41 5f c3 48 c7 c6 03 7e bf 81 48 89 c7 e8 92 f8 fd ff <0f> 0b 48 c7 c6 c8 7c bf 81 48 89 df e8 81 f8 fd ff 0f 0b 48 c7 c6
> [   76.206718] RSP: 0000:ffffc900008dba88 EFLAGS: 00010046
> [   76.206723] RAX: 0000000000000032 RBX: ffffea00098e0040 RCX: 0000000000000006
> [   76.206729] RDX: 0000000000000007 RSI: 0000000000000000 RDI: ffffffff81bf6d4c
> [   76.206734] RBP: ffff888265ed8640 R08: 00000000000002c2 R09: 0000000000000000
> [   76.206740] R10: 0000000273a4626d R11: 0000000000000000 R12: 0000000000000001
> [   76.206745] R13: 0000000000000040 R14: 0000000000000000 R15: ffffea00098e0000
> [   76.206750] FS:  0000000000000000(0000) GS:ffff888277a00000(0000) knlGS:0000000000000000
> [   76.206757] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033

Thanks for the reports, Chris.

I think they're both canaries; somehow the page cache / swap cache has
got corrupted and contains entries that it shouldn't.

This second one (with the VM_BUG_ON_PAGE in __delete_from_swap_cache)
shows a regular (non-huge) page at index 1.  There are two ways we might
have got there; one is that we asked to delete a page at index 1 which is
no longer in the cache.  The other is that we asked to delete a huge page
at index 0, but the page wasn't subsequently stored in indices 1-511.

We dump the page that we found; not the page we're looking for, so I don't
know which.  If this one's easy to reproduce, you could add:

        for (i = 0; i < nr; i++) {
                void *entry = xas_store(&xas, NULL);
+		if (entry != page) {
+			printk("Oh dear %d %d\n", i, nr);
+			dump_page(page, "deleting page");
+		}
                VM_BUG_ON_PAGE(entry != page, entry);
                set_page_private(page + i, 0);
                xas_next(&xas);
        }

I'll re-read the patch and see if I can figure out how the cache is getting
screwed up.  Given what you said, probably on the swap-in path.

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [PATCH v4] page cache: Store only head pages in i_pages
  2019-06-02 10:51     ` Matthew Wilcox
@ 2019-06-02 13:11       ` Chris Wilson
  2019-06-02 19:28       ` Chris Wilson
  1 sibling, 0 replies; 10+ messages in thread
From: Chris Wilson @ 2019-06-02 13:11 UTC (permalink / raw)
  To: Matthew Wilcox
  Cc: Andrew Morton, linux-fsdevel, linux-kernel, linux-mm,
	Kirill A. Shutemov, Hugh Dickins, Jan Kara, Song Liu

Quoting Matthew Wilcox (2019-06-02 11:51:50)
> Thanks for the reports, Chris.
> 
> I think they're both canaries; somehow the page cache / swap cache has
> got corrupted and contains entries that it shouldn't.
> 
> This second one (with the VM_BUG_ON_PAGE in __delete_from_swap_cache)
> shows a regular (non-huge) page at index 1.  There are two ways we might
> have got there; one is that we asked to delete a page at index 1 which is
> no longer in the cache.  The other is that we asked to delete a huge page
> at index 0, but the page wasn't subsequently stored in indices 1-511.
> 
> We dump the page that we found; not the page we're looking for, so I don't
> know which.  If this one's easy to reproduce, you could add:
> 
>         for (i = 0; i < nr; i++) {
>                 void *entry = xas_store(&xas, NULL);
> +               if (entry != page) {
> +                       printk("Oh dear %d %d\n", i, nr);
> +                       dump_page(page, "deleting page");
> +               }

[  113.423120] Oh dear 0 1
[  113.423141] page:ffffea000911cdc0 refcount:0 mapcount:0 mapping:ffff88826aee7bb1 index:0x7fce6ff37
[  113.423146] anon
[  113.423150] flags: 0x8000000000080445(locked|uptodate|workingset|owner_priv_1|swapbacked)
[  113.423161] raw: 8000000000080445 dead000000000100 dead000000000200 ffff88826aee7bb1
[  113.423167] raw: 00000007fce6ff37 0000000000054537 00000000ffffffff 0000000000000000
[  113.423171] page dumped because: deleting page
[  113.423176] page:ffffea0009118000 refcount:1 mapcount:0 mapping:ffff88826aee7bb1 index:0x7fce6fe00
[  113.423182] anon
[  113.423183] flags: 0x8000000000080454(uptodate|lru|workingset|owner_priv_1|swapbacked)
[  113.423191] raw: 8000000000080454 ffffea0009118048 ffffea000911ce08 ffff88826aee7bb1
[  113.423198] raw: 00000007fce6fe00 0000000000054400 00000001ffffffff ffff8882693e5000
[  113.423204] page dumped because: VM_BUG_ON_PAGE(entry != page)
[  113.423209] page->mem_cgroup:ffff8882693e5000
[  113.423222] ------------[ cut here ]------------
[  113.423227] kernel BUG at mm/swap_state.c:174!
[  113.423236] invalid opcode: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC
[  113.423243] CPU: 1 PID: 131 Comm: kswapd0 Tainted: G     U            5.2.0-rc2+ #251
[  113.423248] Hardware name:  /NUC6CAYB, BIOS AYAPLCEL.86A.0029.2016.1124.1625 11/24/2016
[  113.423260] RIP: 0010:__delete_from_swap_cache.cold.17+0x30/0x36
[  113.423265] Code: 48 c7 c7 13 94 bf 81 e8 cd 7f f3 ff 48 89 df 48 c7 c6 24 94 bf 81 e8 95 6c fd ff 48 c7 c6 32 94 bf 81 4c 89 ff e8 86 6c fd ff <0f> 0b 90 90 90 90 48 8b 07 48 8b 16 48 c1 e8 3a 48 c1 ea 3a 29 d0
[  113.423274] RSP: 0018:ffffc900008b3a80 EFLAGS: 00010046
[  113.423280] RAX: 0000000000000000 RBX: ffffea000911cdc0 RCX: 0000000000000006
[  113.423285] RDX: 0000000000000007 RSI: 0000000000000092 RDI: ffff888276c963c0
[  113.423290] RBP: ffff888265a98d20 R08: 00000000000002ce R09: 0000000000000000
[  113.423296] R10: 0000000272bc445c R11: 0000000000000000 R12: 0000000000000001
[  113.423301] R13: 0000000000000000 R14: 0000000000000000 R15: ffffea0009118000
[  113.423306] FS:  0000000000000000(0000) GS:ffff888276c80000(0000) knlGS:0000000000000000
[  113.423313] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  113.423317] CR2: 00007fce7c857000 CR3: 0000000002c09000 CR4: 00000000001406e0
[  113.423323] Call Trace:
[  113.423331]  __remove_mapping+0x1c2/0x380
[  113.423337]  shrink_page_list+0x123c/0x1d00
[  113.423343]  shrink_inactive_list+0x130/0x300
[  113.423348]  shrink_node_memcg+0x20e/0x740
[  113.423354]  shrink_node+0xba/0x420
[  113.423359]  balance_pgdat+0x27d/0x4d0
[  113.423365]  kswapd+0x216/0x300
[  113.423372]  ? wait_woken+0x80/0x80
[  113.423378]  ? balance_pgdat+0x4d0/0x4d0
[  113.423384]  kthread+0x106/0x120
[  113.423389]  ? kthread_create_on_node+0x40/0x40
[  113.423398]  ret_from_fork+0x1f/0x30
[  113.423405] Modules linked in: i915 intel_gtt drm_kms_helper
[  113.423414] ---[ end trace 328930613dd77e06 ]---
[  113.454546] RIP: 0010:__delete_from_swap_cache.cold.17+0x30/0x36

>                 VM_BUG_ON_PAGE(entry != page, entry);
>                 set_page_private(page + i, 0);
>                 xas_next(&xas);
>         }
> 
> I'll re-read the patch and see if I can figure out how the cache is getting
> screwed up.  Given what you said, probably on the swap-in path.

It may be self-incriminating, but this only occurs when i915.ko is also
involved via shrink_slab.
-Chris

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [PATCH v4] page cache: Store only head pages in i_pages
  2019-06-02 10:51     ` Matthew Wilcox
  2019-06-02 13:11       ` Chris Wilson
@ 2019-06-02 19:28       ` Chris Wilson
  1 sibling, 0 replies; 10+ messages in thread
From: Chris Wilson @ 2019-06-02 19:28 UTC (permalink / raw)
  To: Matthew Wilcox
  Cc: Andrew Morton, linux-fsdevel, linux-kernel, linux-mm,
	Kirill A. Shutemov, Hugh Dickins, Jan Kara, Song Liu

Quoting Matthew Wilcox (2019-06-02 11:51:50)
> On Sat, Jun 01, 2019 at 12:44:28PM +0100, Chris Wilson wrote:
> > Quoting Chris Wilson (2019-06-01 10:26:21)
> > > Quoting Matthew Wilcox (2019-03-07 15:30:51)
> > > > Transparent Huge Pages are currently stored in i_pages as pointers to
> > > > consecutive subpages.  This patch changes that to storing consecutive
> > > > pointers to the head page in preparation for storing huge pages more
> > > > efficiently in i_pages.
> > > > 
> > > > Large parts of this are "inspired" by Kirill's patch
> > > > https://lore.kernel.org/lkml/20170126115819.58875-2-kirill.shutemov@linux.intel.com/
> > > > 
> > > > Signed-off-by: Matthew Wilcox <willy@infradead.org>
> > > > Acked-by: Jan Kara <jack@suse.cz>
> > > > Reviewed-by: Kirill Shutemov <kirill@shutemov.name>
> > > > Reviewed-and-tested-by: Song Liu <songliubraving@fb.com>
> > > > Tested-by: William Kucharski <william.kucharski@oracle.com>
> > > > Reviewed-by: William Kucharski <william.kucharski@oracle.com>
> > > 
> > > I've bisected some new softlockups under THP mempressure to this patch.
> > > They are all rcu stalls that look similar to:
> > > [  242.645276] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
> > > [  242.645293] rcu:     Tasks blocked on level-0 rcu_node (CPUs 0-3): P828
> > > [  242.645301]  (detected by 1, t=5252 jiffies, g=55501, q=221)
> > > [  242.645307] gem_syslatency  R  running task        0   828    815 0x00004000
> > > [  242.645315] Call Trace:
> > > [  242.645326]  ? __schedule+0x1a0/0x440
> > > [  242.645332]  ? preempt_schedule_irq+0x27/0x50
> > > [  242.645337]  ? apic_timer_interrupt+0xa/0x20
> > > [  242.645342]  ? xas_load+0x3c/0x80
> > > [  242.645347]  ? xas_load+0x8/0x80
> > > [  242.645353]  ? find_get_entry+0x4f/0x130
> > > [  242.645358]  ? pagecache_get_page+0x2b/0x210
> > > [  242.645364]  ? lookup_swap_cache+0x42/0x100
> > > [  242.645371]  ? do_swap_page+0x6f/0x600
> > > [  242.645375]  ? unmap_region+0xc2/0xe0
> > > [  242.645380]  ? __handle_mm_fault+0x7a9/0xfa0
> > > [  242.645385]  ? handle_mm_fault+0xc2/0x1c0
> > > [  242.645393]  ? __do_page_fault+0x198/0x410
> > > [  242.645399]  ? page_fault+0x5/0x20
> > > [  242.645404]  ? page_fault+0x1b/0x20
> > > 
> > > Any suggestions as to what information you might want?
> > 
> > Perhaps,
> > [   76.175502] page:ffffea00098e0000 count:0 mapcount:0 mapping:0000000000000000 index:0x1
> > [   76.175525] flags: 0x8000000000000000()
> > [   76.175533] raw: 8000000000000000 ffffea0004a7e988 ffffea000445c3c8 0000000000000000
> > [   76.175538] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
> > [   76.175543] page dumped because: VM_BUG_ON_PAGE(entry != page)
> > [   76.175560] ------------[ cut here ]------------
> > [   76.175564] kernel BUG at mm/swap_state.c:170!
> > [   76.175574] invalid opcode: 0000 [#1] PREEMPT SMP
> > [   76.175581] CPU: 0 PID: 131 Comm: kswapd0 Tainted: G     U            5.1.0+ #247
> > [   76.175586] Hardware name:  /NUC6CAYB, BIOS AYAPLCEL.86A.0029.2016.1124.1625 11/24/2016
> > [   76.175598] RIP: 0010:__delete_from_swap_cache+0x22e/0x340
> > [   76.175604] Code: e8 b7 3e fd ff 48 01 1d a8 7e 04 01 48 83 c4 30 5b 5d 41 5c 41 5d 41 5e 41 5f c3 48 c7 c6 03 7e bf 81 48 89 c7 e8 92 f8 fd ff <0f> 0b 48 c7 c6 c8 7c bf 81 48 89 df e8 81 f8 fd ff 0f 0b 48 c7 c6
> > [   76.175613] RSP: 0000:ffffc900008dba88 EFLAGS: 00010046
> > [   76.175619] RAX: 0000000000000032 RBX: ffffea00098e0040 RCX: 0000000000000006
> > [   76.175624] RDX: 0000000000000007 RSI: 0000000000000000 RDI: ffffffff81bf6d4c
> > [   76.175629] RBP: ffff888265ed8640 R08: 00000000000002c2 R09: 0000000000000000
> > [   76.175634] R10: 0000000273a4626d R11: 0000000000000000 R12: 0000000000000001
> > [   76.175639] R13: 0000000000000040 R14: 0000000000000000 R15: ffffea00098e0000
> > [   76.175645] FS:  0000000000000000(0000) GS:ffff888277a00000(0000) knlGS:0000000000000000
> > [   76.175651] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> > [   76.175656] CR2: 00007f24e4399000 CR3: 0000000002c09000 CR4: 00000000001406f0
> > [   76.175661] Call Trace:
> > [   76.175671]  __remove_mapping+0x1c2/0x380
> > [   76.175678]  shrink_page_list+0x11db/0x1d10
> > [   76.175684]  shrink_inactive_list+0x14b/0x420
> > [   76.175690]  shrink_node_memcg+0x20e/0x740
> > [   76.175696]  shrink_node+0xba/0x420
> > [   76.175702]  balance_pgdat+0x27d/0x4d0
> > [   76.175709]  kswapd+0x216/0x300
> > [   76.175715]  ? wait_woken+0x80/0x80
> > [   76.175721]  ? balance_pgdat+0x4d0/0x4d0
> > [   76.175726]  kthread+0x106/0x120
> > [   76.175732]  ? kthread_create_on_node+0x40/0x40
> > [   76.175739]  ret_from_fork+0x1f/0x30
> > [   76.175745] Modules linked in: i915 intel_gtt drm_kms_helper
> > [   76.175754] ---[ end trace 8faf2ec849d50724 ]---
> > [   76.206689] RIP: 0010:__delete_from_swap_cache+0x22e/0x340
> > [   76.206708] Code: e8 b7 3e fd ff 48 01 1d a8 7e 04 01 48 83 c4 30 5b 5d 41 5c 41 5d 41 5e 41 5f c3 48 c7 c6 03 7e bf 81 48 89 c7 e8 92 f8 fd ff <0f> 0b 48 c7 c6 c8 7c bf 81 48 89 df e8 81 f8 fd ff 0f 0b 48 c7 c6
> > [   76.206718] RSP: 0000:ffffc900008dba88 EFLAGS: 00010046
> > [   76.206723] RAX: 0000000000000032 RBX: ffffea00098e0040 RCX: 0000000000000006
> > [   76.206729] RDX: 0000000000000007 RSI: 0000000000000000 RDI: ffffffff81bf6d4c
> > [   76.206734] RBP: ffff888265ed8640 R08: 00000000000002c2 R09: 0000000000000000
> > [   76.206740] R10: 0000000273a4626d R11: 0000000000000000 R12: 0000000000000001
> > [   76.206745] R13: 0000000000000040 R14: 0000000000000000 R15: ffffea00098e0000
> > [   76.206750] FS:  0000000000000000(0000) GS:ffff888277a00000(0000) knlGS:0000000000000000
> > [   76.206757] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> 
> Thanks for the reports, Chris.
> 
> I think they're both canaries; somehow the page cache / swap cache has
> got corrupted and contains entries that it shouldn't.
> 
> This second one (with the VM_BUG_ON_PAGE in __delete_from_swap_cache)
> shows a regular (non-huge) page at index 1.  There are two ways we might
> have got there; one is that we asked to delete a page at index 1 which is
> no longer in the cache.  The other is that we asked to delete a huge page
> at index 0, but the page wasn't subsequently stored in indices 1-511.
> 
> We dump the page that we found; not the page we're looking for, so I don't
> know which.  If this one's easy to reproduce, you could add:
> 
>         for (i = 0; i < nr; i++) {
>                 void *entry = xas_store(&xas, NULL);
> +               if (entry != page) {
> +                       printk("Oh dear %d %d\n", i, nr);
> +                       dump_page(page, "deleting page");
> +               }
>                 VM_BUG_ON_PAGE(entry != page, entry);
>                 set_page_private(page + i, 0);
>                 xas_next(&xas);
>         }
> 
> I'll re-read the patch and see if I can figure out how the cache is getting
> screwed up.  Given what you said, probably on the swap-in path.

I can give you a clue, it requires split_huge_page_to_list().
-Chris

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [PATCH v4] page cache: Store only head pages in i_pages
  2019-03-07 15:30 [PATCH v4] page cache: Store only head pages in i_pages Matthew Wilcox
  2019-06-01  9:26 ` Chris Wilson
@ 2019-06-02 21:47 ` Chris Wilson
  2019-06-12  1:46   ` Kirill A. Shutemov
  1 sibling, 1 reply; 10+ messages in thread
From: Chris Wilson @ 2019-06-02 21:47 UTC (permalink / raw)
  To: Andrew Morton, Matthew Wilcox, linux-fsdevel, linux-kernel, linux-mm
  Cc: Matthew Wilcox, Kirill A. Shutemov, Hugh Dickins, Jan Kara, Song Liu

Quoting Matthew Wilcox (2019-03-07 15:30:51)
> diff --git a/mm/huge_memory.c b/mm/huge_memory.c
> index 404acdcd0455..aaf88f85d492 100644
> --- a/mm/huge_memory.c
> +++ b/mm/huge_memory.c
> @@ -2456,6 +2456,9 @@ static void __split_huge_page(struct page *page, struct list_head *list,
>                         if (IS_ENABLED(CONFIG_SHMEM) && PageSwapBacked(head))
>                                 shmem_uncharge(head->mapping->host, 1);
>                         put_page(head + i);
> +               } else if (!PageAnon(page)) {
> +                       __xa_store(&head->mapping->i_pages, head[i].index,
> +                                       head + i, 0);

Forgiving the ignorant copy'n'paste, this is required:

+               } else if (PageSwapCache(page)) {
+                       swp_entry_t entry = { .val = page_private(head + i) };
+                       __xa_store(&swap_address_space(entry)->i_pages,
+                                  swp_offset(entry),
+                                  head + i, 0);
                }
        }
 
The locking is definitely wrong.
-Chris

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [PATCH v4] page cache: Store only head pages in i_pages
  2019-06-02 21:47 ` Chris Wilson
@ 2019-06-12  1:46   ` Kirill A. Shutemov
  2019-06-12  7:42     ` Chris Wilson
  0 siblings, 1 reply; 10+ messages in thread
From: Kirill A. Shutemov @ 2019-06-12  1:46 UTC (permalink / raw)
  To: Chris Wilson
  Cc: Andrew Morton, Matthew Wilcox, linux-fsdevel, linux-kernel,
	linux-mm, Hugh Dickins, Jan Kara, Song Liu

On Sun, Jun 02, 2019 at 10:47:35PM +0100, Chris Wilson wrote:
> Quoting Matthew Wilcox (2019-03-07 15:30:51)
> > diff --git a/mm/huge_memory.c b/mm/huge_memory.c
> > index 404acdcd0455..aaf88f85d492 100644
> > --- a/mm/huge_memory.c
> > +++ b/mm/huge_memory.c
> > @@ -2456,6 +2456,9 @@ static void __split_huge_page(struct page *page, struct list_head *list,
> >                         if (IS_ENABLED(CONFIG_SHMEM) && PageSwapBacked(head))
> >                                 shmem_uncharge(head->mapping->host, 1);
> >                         put_page(head + i);
> > +               } else if (!PageAnon(page)) {
> > +                       __xa_store(&head->mapping->i_pages, head[i].index,
> > +                                       head + i, 0);
> 
> Forgiving the ignorant copy'n'paste, this is required:
> 
> +               } else if (PageSwapCache(page)) {
> +                       swp_entry_t entry = { .val = page_private(head + i) };
> +                       __xa_store(&swap_address_space(entry)->i_pages,
> +                                  swp_offset(entry),
> +                                  head + i, 0);
>                 }
>         }
>  
> The locking is definitely wrong.

Does it help with the problem, or it's just a possible lead?

-- 
 Kirill A. Shutemov

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [PATCH v4] page cache: Store only head pages in i_pages
  2019-06-12  1:46   ` Kirill A. Shutemov
@ 2019-06-12  7:42     ` Chris Wilson
  2019-06-19 10:04       ` Chris Wilson
  0 siblings, 1 reply; 10+ messages in thread
From: Chris Wilson @ 2019-06-12  7:42 UTC (permalink / raw)
  To: Kirill A. Shutemov
  Cc: Andrew Morton, Matthew Wilcox, linux-fsdevel, linux-kernel,
	linux-mm, Hugh Dickins, Jan Kara, Song Liu

Quoting Kirill A. Shutemov (2019-06-12 02:46:34)
> On Sun, Jun 02, 2019 at 10:47:35PM +0100, Chris Wilson wrote:
> > Quoting Matthew Wilcox (2019-03-07 15:30:51)
> > > diff --git a/mm/huge_memory.c b/mm/huge_memory.c
> > > index 404acdcd0455..aaf88f85d492 100644
> > > --- a/mm/huge_memory.c
> > > +++ b/mm/huge_memory.c
> > > @@ -2456,6 +2456,9 @@ static void __split_huge_page(struct page *page, struct list_head *list,
> > >                         if (IS_ENABLED(CONFIG_SHMEM) && PageSwapBacked(head))
> > >                                 shmem_uncharge(head->mapping->host, 1);
> > >                         put_page(head + i);
> > > +               } else if (!PageAnon(page)) {
> > > +                       __xa_store(&head->mapping->i_pages, head[i].index,
> > > +                                       head + i, 0);
> > 
> > Forgiving the ignorant copy'n'paste, this is required:
> > 
> > +               } else if (PageSwapCache(page)) {
> > +                       swp_entry_t entry = { .val = page_private(head + i) };
> > +                       __xa_store(&swap_address_space(entry)->i_pages,
> > +                                  swp_offset(entry),
> > +                                  head + i, 0);
> >                 }
> >         }
> >  
> > The locking is definitely wrong.
> 
> Does it help with the problem, or it's just a possible lead?

It definitely solves the problem we encountered of the bad VM_PAGE
leading to RCU stalls in khugepaged. The locking is definitely wrong
though :)
-Chris

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [PATCH v4] page cache: Store only head pages in i_pages
  2019-06-12  7:42     ` Chris Wilson
@ 2019-06-19 10:04       ` Chris Wilson
  0 siblings, 0 replies; 10+ messages in thread
From: Chris Wilson @ 2019-06-19 10:04 UTC (permalink / raw)
  To: Kirill A. Shutemov
  Cc: Andrew Morton, Matthew Wilcox, linux-fsdevel, linux-kernel,
	linux-mm, Hugh Dickins, Jan Kara, Song Liu

Quoting Chris Wilson (2019-06-12 08:42:05)
> Quoting Kirill A. Shutemov (2019-06-12 02:46:34)
> > On Sun, Jun 02, 2019 at 10:47:35PM +0100, Chris Wilson wrote:
> > > Quoting Matthew Wilcox (2019-03-07 15:30:51)
> > > > diff --git a/mm/huge_memory.c b/mm/huge_memory.c
> > > > index 404acdcd0455..aaf88f85d492 100644
> > > > --- a/mm/huge_memory.c
> > > > +++ b/mm/huge_memory.c
> > > > @@ -2456,6 +2456,9 @@ static void __split_huge_page(struct page *page, struct list_head *list,
> > > >                         if (IS_ENABLED(CONFIG_SHMEM) && PageSwapBacked(head))
> > > >                                 shmem_uncharge(head->mapping->host, 1);
> > > >                         put_page(head + i);
> > > > +               } else if (!PageAnon(page)) {
> > > > +                       __xa_store(&head->mapping->i_pages, head[i].index,
> > > > +                                       head + i, 0);
> > > 
> > > Forgiving the ignorant copy'n'paste, this is required:
> > > 
> > > +               } else if (PageSwapCache(page)) {
> > > +                       swp_entry_t entry = { .val = page_private(head + i) };
> > > +                       __xa_store(&swap_address_space(entry)->i_pages,
> > > +                                  swp_offset(entry),
> > > +                                  head + i, 0);
> > >                 }
> > >         }
> > >  
> > > The locking is definitely wrong.
> > 
> > Does it help with the problem, or it's just a possible lead?
> 
> It definitely solves the problem we encountered of the bad VM_PAGE
> leading to RCU stalls in khugepaged. The locking is definitely wrong
> though :)

I notice I'm not the only one to have bisected a swap related VM_PAGE_BUG
to this patch. Do we have a real fix I can put through our CI to confirm
the issue is resolved before 5.2?
-Chris

^ permalink raw reply	[flat|nested] 10+ messages in thread

end of thread, other threads:[~2019-06-19 10:04 UTC | newest]

Thread overview: 10+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-03-07 15:30 [PATCH v4] page cache: Store only head pages in i_pages Matthew Wilcox
2019-06-01  9:26 ` Chris Wilson
2019-06-01 11:44   ` Chris Wilson
2019-06-02 10:51     ` Matthew Wilcox
2019-06-02 13:11       ` Chris Wilson
2019-06-02 19:28       ` Chris Wilson
2019-06-02 21:47 ` Chris Wilson
2019-06-12  1:46   ` Kirill A. Shutemov
2019-06-12  7:42     ` Chris Wilson
2019-06-19 10:04       ` Chris Wilson

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).