mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-11-01 17:08:10 +00:00
7298e3b0a1
Currently the calcuation of end_pfn can round up the pfn number to more
than the actual maximum number of pfns, causing an Oops. Fix this by
ensuring end_pfn is never more than max_pfn.
This can be easily triggered when on systems where the end_pfn gets
rounded up to more than max_pfn using the idle-page stress-ng stress test:
sudo stress-ng --idle-page 0
BUG: unable to handle kernel paging request at 00000000000020d8
#PF error: [normal kernel read fault]
PGD 0 P4D 0
Oops: 0000 [#1] SMP PTI
CPU: 1 PID: 11039 Comm: stress-ng-idle- Not tainted 5.0.0-5-generic #6-Ubuntu
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014
RIP: 0010:page_idle_get_page+0xc8/0x1a0
Code: 0f b1 0a 75 7d 48 8b 03 48 89 c2 48 c1 e8 33 83 e0 07 48 c1 ea 36 48 8d 0c 40 4c 8d 24 88 49 c1 e4 07 4c 03 24 d5 00 89 c3 be <49> 8b 44 24 58 48 8d b8 80 a1 02 00 e8 07 d5 77 00 48 8b 53 08 48
RSP: 0018:ffffafd7c672fde8 EFLAGS: 00010202
RAX: 0000000000000005 RBX: ffffe36341fff700 RCX: 000000000000000f
RDX: 0000000000000284 RSI: 0000000000000275 RDI: 0000000001fff700
RBP: ffffafd7c672fe00 R08: ffffa0bc34056410 R09: 0000000000000276
R10: ffffa0bc754e9b40 R11: ffffa0bc330f6400 R12: 0000000000002080
R13: ffffe36341fff700 R14: 0000000000080000 R15: ffffa0bc330f6400
FS: 00007f0ec1ea5740(0000) GS:ffffa0bc7db00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000000020d8 CR3: 0000000077d68000 CR4: 00000000000006e0
Call Trace:
page_idle_bitmap_write+0x8c/0x140
sysfs_kf_bin_write+0x5c/0x70
kernfs_fop_write+0x12e/0x1b0
__vfs_write+0x1b/0x40
vfs_write+0xab/0x1b0
ksys_write+0x55/0xc0
__x64_sys_write+0x1a/0x20
do_syscall_64+0x5a/0x110
entry_SYSCALL_64_after_hwframe+0x44/0xa9
Link: http://lkml.kernel.org/r/20190618124352.28307-1-colin.king@canonical.com
Fixes: 33c3fc71c8
("mm: introduce idle page tracking")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Reviewed-by: Andrew Morton <akpm@linux-foundation.org>
Acked-by: Vladimir Davydov <vdavydov.dev@gmail.com>
Cc: Michal Hocko <mhocko@suse.com>
Cc: Mike Rapoport <rppt@linux.vnet.ibm.com>
Cc: Mel Gorman <mgorman@techsingularity.net>
Cc: Stephen Rothwell <sfr@canb.auug.org.au>
Cc: Andrey Ryabinin <aryabinin@virtuozzo.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
238 lines
5.5 KiB
C
238 lines
5.5 KiB
C
// SPDX-License-Identifier: GPL-2.0
|
|
#include <linux/init.h>
|
|
#include <linux/memblock.h>
|
|
#include <linux/fs.h>
|
|
#include <linux/sysfs.h>
|
|
#include <linux/kobject.h>
|
|
#include <linux/mm.h>
|
|
#include <linux/mmzone.h>
|
|
#include <linux/pagemap.h>
|
|
#include <linux/rmap.h>
|
|
#include <linux/mmu_notifier.h>
|
|
#include <linux/page_ext.h>
|
|
#include <linux/page_idle.h>
|
|
|
|
#define BITMAP_CHUNK_SIZE sizeof(u64)
|
|
#define BITMAP_CHUNK_BITS (BITMAP_CHUNK_SIZE * BITS_PER_BYTE)
|
|
|
|
/*
|
|
* Idle page tracking only considers user memory pages, for other types of
|
|
* pages the idle flag is always unset and an attempt to set it is silently
|
|
* ignored.
|
|
*
|
|
* We treat a page as a user memory page if it is on an LRU list, because it is
|
|
* always safe to pass such a page to rmap_walk(), which is essential for idle
|
|
* page tracking. With such an indicator of user pages we can skip isolated
|
|
* pages, but since there are not usually many of them, it will hardly affect
|
|
* the overall result.
|
|
*
|
|
* This function tries to get a user memory page by pfn as described above.
|
|
*/
|
|
static struct page *page_idle_get_page(unsigned long pfn)
|
|
{
|
|
struct page *page;
|
|
pg_data_t *pgdat;
|
|
|
|
if (!pfn_valid(pfn))
|
|
return NULL;
|
|
|
|
page = pfn_to_page(pfn);
|
|
if (!page || !PageLRU(page) ||
|
|
!get_page_unless_zero(page))
|
|
return NULL;
|
|
|
|
pgdat = page_pgdat(page);
|
|
spin_lock_irq(&pgdat->lru_lock);
|
|
if (unlikely(!PageLRU(page))) {
|
|
put_page(page);
|
|
page = NULL;
|
|
}
|
|
spin_unlock_irq(&pgdat->lru_lock);
|
|
return page;
|
|
}
|
|
|
|
static bool page_idle_clear_pte_refs_one(struct page *page,
|
|
struct vm_area_struct *vma,
|
|
unsigned long addr, void *arg)
|
|
{
|
|
struct page_vma_mapped_walk pvmw = {
|
|
.page = page,
|
|
.vma = vma,
|
|
.address = addr,
|
|
};
|
|
bool referenced = false;
|
|
|
|
while (page_vma_mapped_walk(&pvmw)) {
|
|
addr = pvmw.address;
|
|
if (pvmw.pte) {
|
|
/*
|
|
* For PTE-mapped THP, one sub page is referenced,
|
|
* the whole THP is referenced.
|
|
*/
|
|
if (ptep_clear_young_notify(vma, addr, pvmw.pte))
|
|
referenced = true;
|
|
} else if (IS_ENABLED(CONFIG_TRANSPARENT_HUGEPAGE)) {
|
|
if (pmdp_clear_young_notify(vma, addr, pvmw.pmd))
|
|
referenced = true;
|
|
} else {
|
|
/* unexpected pmd-mapped page? */
|
|
WARN_ON_ONCE(1);
|
|
}
|
|
}
|
|
|
|
if (referenced) {
|
|
clear_page_idle(page);
|
|
/*
|
|
* We cleared the referenced bit in a mapping to this page. To
|
|
* avoid interference with page reclaim, mark it young so that
|
|
* page_referenced() will return > 0.
|
|
*/
|
|
set_page_young(page);
|
|
}
|
|
return true;
|
|
}
|
|
|
|
static void page_idle_clear_pte_refs(struct page *page)
|
|
{
|
|
/*
|
|
* Since rwc.arg is unused, rwc is effectively immutable, so we
|
|
* can make it static const to save some cycles and stack.
|
|
*/
|
|
static const struct rmap_walk_control rwc = {
|
|
.rmap_one = page_idle_clear_pte_refs_one,
|
|
.anon_lock = page_lock_anon_vma_read,
|
|
};
|
|
bool need_lock;
|
|
|
|
if (!page_mapped(page) ||
|
|
!page_rmapping(page))
|
|
return;
|
|
|
|
need_lock = !PageAnon(page) || PageKsm(page);
|
|
if (need_lock && !trylock_page(page))
|
|
return;
|
|
|
|
rmap_walk(page, (struct rmap_walk_control *)&rwc);
|
|
|
|
if (need_lock)
|
|
unlock_page(page);
|
|
}
|
|
|
|
static ssize_t page_idle_bitmap_read(struct file *file, struct kobject *kobj,
|
|
struct bin_attribute *attr, char *buf,
|
|
loff_t pos, size_t count)
|
|
{
|
|
u64 *out = (u64 *)buf;
|
|
struct page *page;
|
|
unsigned long pfn, end_pfn;
|
|
int bit;
|
|
|
|
if (pos % BITMAP_CHUNK_SIZE || count % BITMAP_CHUNK_SIZE)
|
|
return -EINVAL;
|
|
|
|
pfn = pos * BITS_PER_BYTE;
|
|
if (pfn >= max_pfn)
|
|
return 0;
|
|
|
|
end_pfn = pfn + count * BITS_PER_BYTE;
|
|
if (end_pfn > max_pfn)
|
|
end_pfn = max_pfn;
|
|
|
|
for (; pfn < end_pfn; pfn++) {
|
|
bit = pfn % BITMAP_CHUNK_BITS;
|
|
if (!bit)
|
|
*out = 0ULL;
|
|
page = page_idle_get_page(pfn);
|
|
if (page) {
|
|
if (page_is_idle(page)) {
|
|
/*
|
|
* The page might have been referenced via a
|
|
* pte, in which case it is not idle. Clear
|
|
* refs and recheck.
|
|
*/
|
|
page_idle_clear_pte_refs(page);
|
|
if (page_is_idle(page))
|
|
*out |= 1ULL << bit;
|
|
}
|
|
put_page(page);
|
|
}
|
|
if (bit == BITMAP_CHUNK_BITS - 1)
|
|
out++;
|
|
cond_resched();
|
|
}
|
|
return (char *)out - buf;
|
|
}
|
|
|
|
static ssize_t page_idle_bitmap_write(struct file *file, struct kobject *kobj,
|
|
struct bin_attribute *attr, char *buf,
|
|
loff_t pos, size_t count)
|
|
{
|
|
const u64 *in = (u64 *)buf;
|
|
struct page *page;
|
|
unsigned long pfn, end_pfn;
|
|
int bit;
|
|
|
|
if (pos % BITMAP_CHUNK_SIZE || count % BITMAP_CHUNK_SIZE)
|
|
return -EINVAL;
|
|
|
|
pfn = pos * BITS_PER_BYTE;
|
|
if (pfn >= max_pfn)
|
|
return -ENXIO;
|
|
|
|
end_pfn = pfn + count * BITS_PER_BYTE;
|
|
if (end_pfn > max_pfn)
|
|
end_pfn = max_pfn;
|
|
|
|
for (; pfn < end_pfn; pfn++) {
|
|
bit = pfn % BITMAP_CHUNK_BITS;
|
|
if ((*in >> bit) & 1) {
|
|
page = page_idle_get_page(pfn);
|
|
if (page) {
|
|
page_idle_clear_pte_refs(page);
|
|
set_page_idle(page);
|
|
put_page(page);
|
|
}
|
|
}
|
|
if (bit == BITMAP_CHUNK_BITS - 1)
|
|
in++;
|
|
cond_resched();
|
|
}
|
|
return (char *)in - buf;
|
|
}
|
|
|
|
static struct bin_attribute page_idle_bitmap_attr =
|
|
__BIN_ATTR(bitmap, 0600,
|
|
page_idle_bitmap_read, page_idle_bitmap_write, 0);
|
|
|
|
static struct bin_attribute *page_idle_bin_attrs[] = {
|
|
&page_idle_bitmap_attr,
|
|
NULL,
|
|
};
|
|
|
|
static const struct attribute_group page_idle_attr_group = {
|
|
.bin_attrs = page_idle_bin_attrs,
|
|
.name = "page_idle",
|
|
};
|
|
|
|
#ifndef CONFIG_64BIT
|
|
static bool need_page_idle(void)
|
|
{
|
|
return true;
|
|
}
|
|
struct page_ext_operations page_idle_ops = {
|
|
.need = need_page_idle,
|
|
};
|
|
#endif
|
|
|
|
static int __init page_idle_init(void)
|
|
{
|
|
int err;
|
|
|
|
err = sysfs_create_group(mm_kobj, &page_idle_attr_group);
|
|
if (err) {
|
|
pr_err("page_idle: register sysfs failed\n");
|
|
return err;
|
|
}
|
|
return 0;
|
|
}
|
|
subsys_initcall(page_idle_init);
|