From nobody Wed Dec 17 07:29:12 2025 Received: from szxga08-in.huawei.com (szxga08-in.huawei.com [45.249.212.255]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 122171843 for ; Sat, 11 May 2024 03:31:05 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=45.249.212.255 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715398269; cv=none; b=Qa4pj0h+yAx4uaKhkW5j1nW1NE7b+e/xuVDhuHh68Q9l4QyJxh1woVcR7T4swlSsWehqFsJLxyB1B8a8I+lAQp6I8Wow+mH+JQ8NG871Xe9hD5e7neSkOOVlXk61S/rURNPchgTNVPe3U79i4Z7JFnAhKo6Du/usDJW7gIdngWc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715398269; c=relaxed/simple; bh=4/UgLr+ucXXQUJU++VxYrGUr+IeEP0s+MrOyacvIdss=; h=From:To:CC:Subject:Date:Message-ID:MIME-Version:Content-Type; b=P8AYH3rtqCpJ9chrbe1ihD2FGc8DO05k6nGQV2bNPY0H4NWPOUD/bCVWpkZqOkqnrX63ebx2qKCRTi2JalJ9Rz1soq2805W+OAQ8b9PM4emtVdxtmueiWTxQ6HZird6avFp1hD4+tG7B61Eug7e1aMq/gJ82R6qhDaeoKsp3sK4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=huawei.com; spf=pass smtp.mailfrom=huawei.com; arc=none smtp.client-ip=45.249.212.255 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=huawei.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=huawei.com Received: from mail.maildlp.com (unknown [172.19.163.252]) by szxga08-in.huawei.com (SkyGuard) with ESMTP id 4Vbrm64nmTz1S4sJ; Sat, 11 May 2024 11:27:34 +0800 (CST) Received: from canpemm500002.china.huawei.com (unknown [7.192.104.244]) by mail.maildlp.com (Postfix) with ESMTPS id F1CB518007F; Sat, 11 May 2024 11:30:57 +0800 (CST) Received: from huawei.com (10.173.135.154) by canpemm500002.china.huawei.com (7.192.104.244) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.35; Sat, 11 May 2024 11:30:57 +0800 From: Miaohe Lin To: CC: , , , , , Subject: [PATCH] mm/huge_memory: mark huge_zero_folio reserved Date: Sat, 11 May 2024 11:28:01 +0800 Message-ID: <20240511032801.1295023-1-linmiaohe@huawei.com> X-Mailer: git-send-email 2.33.0 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: dggems701-chm.china.huawei.com (10.3.19.178) To canpemm500002.china.huawei.com (7.192.104.244) Content-Type: text/plain; charset="utf-8" When I did memory failure tests recently, below panic occurs: kernel BUG at include/linux/mm.h:1135! invalid opcode: 0000 [#1] PREEMPT SMP NOPTI CPU: 9 PID: 137 Comm: kswapd1 Not tainted 6.9.0-rc4-00491-gd5ce28f156fe-di= rty #14 RIP: 0010:shrink_huge_zero_page_scan+0x168/0x1a0 RSP: 0018:ffff9933c6c57bd0 EFLAGS: 00000246 RAX: 000000000000003e RBX: 0000000000000000 RCX: ffff88f61fc5c9c8 RDX: 0000000000000000 RSI: 0000000000000027 RDI: ffff88f61fc5c9c0 RBP: ffffcd7c446b0000 R08: ffffffff9a9405f0 R09: 0000000000005492 R10: 00000000000030ea R11: ffffffff9a9405f0 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: ffff88e703c4ac00 FS: 0000000000000000(0000) GS:ffff88f61fc40000(0000) knlGS:00000000000000= 00 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055f4da6e9878 CR3: 0000000c71048000 CR4: 00000000000006f0 Call Trace: do_shrink_slab+0x14f/0x6a0 shrink_slab+0xca/0x8c0 shrink_node+0x2d0/0x7d0 balance_pgdat+0x33a/0x720 kswapd+0x1f3/0x410 kthread+0xd5/0x100 ret_from_fork+0x2f/0x50 ret_from_fork_asm+0x1a/0x30 Modules linked in: mce_inject hwpoison_inject ---[ end trace 0000000000000000 ]--- RIP: 0010:shrink_huge_zero_page_scan+0x168/0x1a0 RSP: 0018:ffff9933c6c57bd0 EFLAGS: 00000246 RAX: 000000000000003e RBX: 0000000000000000 RCX: ffff88f61fc5c9c8 RDX: 0000000000000000 RSI: 0000000000000027 RDI: ffff88f61fc5c9c0 RBP: ffffcd7c446b0000 R08: ffffffff9a9405f0 R09: 0000000000005492 R10: 00000000000030ea R11: ffffffff9a9405f0 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: ffff88e703c4ac00 FS: 0000000000000000(0000) GS:ffff88f61fc40000(0000) knlGS:00000000000000= 00 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055f4da6e9878 CR3: 0000000c71048000 CR4: 00000000000006f0 The root cause is that HWPoison flag will be set for huge_zero_folio without increasing the folio refcnt. But then unpoison_memory() will decrease the folio refcnt unexpectly as it appears like a successfully hwpoisoned folio leading to VM_BUG_ON_PAGE(page_ref_count(page) =3D=3D 0) when releasing huge_zero_folio. Fix this issue by marking huge_zero_folio reserved. So unpoison_memory() will skip this page. This will make it consistent with ZERO_PAGE case too. Fixes: 478d134e9506 ("mm/huge_memory: do not overkill when splitting huge_z= ero_page") Signed-off-by: Miaohe Lin Cc: --- mm/huge_memory.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/mm/huge_memory.c b/mm/huge_memory.c index 317de2afd371..d508ff793145 100644 --- a/mm/huge_memory.c +++ b/mm/huge_memory.c @@ -212,6 +212,7 @@ static bool get_huge_zero_page(void) folio_put(zero_folio); goto retry; } + __folio_set_reserved(zero_folio); WRITE_ONCE(huge_zero_pfn, folio_pfn(zero_folio)); =20 /* We take additional reference here. It will be put back by shrinker */ @@ -264,6 +265,7 @@ static unsigned long shrink_huge_zero_page_scan(struct = shrinker *shrink, struct folio *zero_folio =3D xchg(&huge_zero_folio, NULL); BUG_ON(zero_folio =3D=3D NULL); WRITE_ONCE(huge_zero_pfn, ~0UL); + __folio_clear_reserved(zero_folio); folio_put(zero_folio); return HPAGE_PMD_NR; } --=20 2.33.0