From: Andrea Arcangeli <aarcange@redhat.com>
To: Xishi Qiu <qiuxishi@huawei.com>
Cc: Vlastimil Babka <vbabka@suse.cz>,
"'Kirill A . Shutemov'" <kirill.shutemov@linux.intel.com>,
zhong jiang <zhongjiang@huawei.com>,
Hugh Dickins <hughd@google.com>,
Andrew Morton <akpm@linux-foundation.org>,
Tejun Heo <tj@kernel.org>, Michal Hocko <mhocko@kernel.org>,
Johannes Weiner <hannes@cmpxchg.org>,
Mel Gorman <mgorman@techsingularity.net>,
Michal Hocko <mhocko@suse.com>, Minchan Kim <minchan@kernel.org>,
David Rientjes <rientjes@google.com>,
Joonsoo Kim <iamjoonsoo.kim@lge.com>,
sumeet.keswani@hpe.com, Rik van Riel <riel@redhat.com>,
Linux MM <linux-mm@kvack.org>,
LKML <linux-kernel@vger.kernel.org>
Subject: Re: mm, something wrong in page_lock_anon_vma_read()?
Date: Thu, 20 Jul 2017 14:58:35 +0200 [thread overview]
Message-ID: <20170720125835.GC29716@redhat.com> (raw)
In-Reply-To: <596F2D65.8020902@huawei.com>
On Wed, Jul 19, 2017 at 05:59:01PM +0800, Xishi Qiu wrote:
> I find two patches from upstream.
> 887843961c4b4681ee993c36d4997bf4b4aa8253
Do you use the remap_file_pages syscall? Such syscall has been dropped
upstream so very few apps should possibly try to use it on 64bit
archs.
It would also require a get_user_pages(write=1, force=1) on a nonlinear
VM_SHARED mapped without PROT_WRITE and such action should happen
before remap_file_pages is called to overwrite the page that got poked
by gdb.
Which sounds an extremely unusual setup for a production
environment. Said that you're clearly running docker containers so who
knows what is running inside them (and the point where you notice the
stale anon-vma and the container that crashes isn't necessarily the
same container that runs the fremap readonly gdb poking workload).
I'll look into integrating the above fix regardless.
I'll also send you privately the fix backported to the specific
enterprise kernel you're using, adding a WARN_ON as well that will
tell us if such a fix ever makes a difference. The alternative is that
you place a perf probe or systemtap hook in remap_file_pages to know
if it ever runs, but the WARN_ON I'll add is even better proof. If you
get the WARN_ON in the logs, we'll be 100% sure thing the patch fixed
your issue and we don't have to keep looking for other issues of the
same kind.
> a9c8e4beeeb64c22b84c803747487857fe424b68
>
> I can't find any relations to the panic from the first one, and the second
Actually I do. Vlastimil theory that a pte got marked none is sound
but if zap_pte in a fremap fails to drop the anon page that was under
memory migration/compaction the exact same thing will happen. Either
ways an anon page isn't freed as it should have been: the vma will be
dropped, the anon-vma too, but the page will be left hanging around as
anonymous in the lrus with page->mapping pointing to a stale anon_vma
and the rss counters will go off by one too.
> one seems triggered from xen, but we use kvm.
Correct, the second one isn't needed with KVM.
Thanks,
Andrea
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
next prev parent reply other threads:[~2017-07-20 12:58 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-05-18 9:46 mm, something wring in page_lock_anon_vma_read()? Xishi Qiu
2017-05-19 8:52 ` Xishi Qiu
2017-05-19 9:44 ` Xishi Qiu
2017-05-19 22:00 ` Hugh Dickins
2017-05-20 1:21 ` Xishi Qiu
2017-05-20 2:02 ` Hugh Dickins
2017-05-20 2:18 ` Xishi Qiu
2017-05-20 2:40 ` Hugh Dickins
2017-05-20 3:01 ` zhong jiang
2017-05-22 16:51 ` Vlastimil Babka
2017-05-23 9:21 ` zhong jiang
2017-05-23 9:33 ` Vlastimil Babka
2017-05-23 10:32 ` zhong jiang
2017-06-08 13:44 ` Xishi Qiu
2017-06-08 13:59 ` Vlastimil Babka
2017-06-08 14:11 ` zhong jiang
2017-07-18 10:59 ` mm, something wrong " Xishi Qiu
2017-07-19 8:40 ` Vlastimil Babka
2017-07-19 9:59 ` Xishi Qiu
2017-07-20 12:58 ` Andrea Arcangeli [this message]
2017-07-20 16:15 ` Andrea Arcangeli
2017-05-22 9:48 ` mm, something wring " Xishi Qiu
2017-05-22 19:26 ` Hugh Dickins
2017-05-23 2:19 ` Xishi Qiu
2017-05-23 2:51 ` Hugh Dickins
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170720125835.GC29716@redhat.com \
--to=aarcange@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=hannes@cmpxchg.org \
--cc=hughd@google.com \
--cc=iamjoonsoo.kim@lge.com \
--cc=kirill.shutemov@linux.intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=mgorman@techsingularity.net \
--cc=mhocko@kernel.org \
--cc=mhocko@suse.com \
--cc=minchan@kernel.org \
--cc=qiuxishi@huawei.com \
--cc=riel@redhat.com \
--cc=rientjes@google.com \
--cc=sumeet.keswani@hpe.com \
--cc=tj@kernel.org \
--cc=vbabka@suse.cz \
--cc=zhongjiang@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).