1. 20 Dec, 2023 19 commits
    • Yosry Ahmed's avatar
      mm: memcg: restore subtree stats flushing · 7d7ef0a4
      Yosry Ahmed authored
      Stats flushing for memcg currently follows the following rules:
      - Always flush the entire memcg hierarchy (i.e. flush the root).
      - Only one flusher is allowed at a time. If someone else tries to flush
        concurrently, they skip and return immediately.
      - A periodic flusher flushes all the stats every 2 seconds.
      
      The reason this approach is followed is because all flushes are serialized
      by a global rstat spinlock.  On the memcg side, flushing is invoked from
      userspace reads as well as in-kernel flushers (e.g.  reclaim, refault,
      etc).  This approach aims to avoid serializing all flushers on the global
      lock, which can cause a significant performance hit under high
      concurrency.
      
      This approach has the following problems:
      - Occasionally a userspace read of the stats of a non-root cgroup will
        be too expensive as it has to flush the entire hierarchy [1].
      - Sometimes the stats accuracy are compromised if there is an ongoing
        flush, and we skip and return before the subtree of interest is
        actually flushed, yielding stale stats (by up to 2s due to periodic
        flushing). This is more visible when reading stats from userspace,
        but can also affect in-kernel flushers.
      
      The latter problem is particulary a concern when userspace reads stats
      after an event occurs, but gets stats from before the event. Examples:
      - When memory usage / pressure spikes, a userspace OOM handler may look
        at the stats of different memcgs to select a victim based on various
        heuristics (e.g. how much private memory will be freed by killing
        this). Reading stale stats from before the usage spike in this case
        may cause a wrongful OOM kill.
      - A proactive reclaimer may read the stats after writing to
        memory.reclaim to measure the success of the reclaim operation. Stale
        stats from before reclaim may give a false negative.
      - Reading the stats of a parent and a child memcg may be inconsistent
        (child larger than parent), if the flush doesn't happen when the
        parent is read, but happens when the child is read.
      
      As for in-kernel flushers, they will occasionally get stale stats.  No
      regressions are currently known from this, but if there are regressions,
      they would be very difficult to debug and link to the source of the
      problem.
      
      This patch aims to fix these problems by restoring subtree flushing, and
      removing the unified/coalesced flushing logic that skips flushing if there
      is an ongoing flush.  This change would introduce a significant regression
      with global stats flushing thresholds.  With per-memcg stats flushing
      thresholds, this seems to perform really well.  The thresholds protect the
      underlying lock from unnecessary contention.
      
      This patch was tested in two ways to ensure the latency of flushing is
      up to par, on a machine with 384 cpus:
      
      - A synthetic test with 5000 concurrent workers in 500 cgroups doing
        allocations and reclaim, as well as 1000 readers for memory.stat
        (variation of [2]). No regressions were noticed in the total runtime.
        Note that significant regressions in this test are observed with
        global stats thresholds, but not with per-memcg thresholds.
      
      - A synthetic stress test for concurrently reading memcg stats while
        memory allocation/freeing workers are running in the background,
        provided by Wei Xu [3]. With 250k threads reading the stats every
        100ms in 50k cgroups, 99.9% of reads take <= 50us. Less than 0.01%
        of reads take more than 1ms, and no reads take more than 100ms.
      
      [1] https://lore.kernel.org/lkml/CABWYdi0c6__rh-K7dcM_pkf9BJdTRtAU08M43KO9ME4-dsgfoQ@mail.gmail.com/
      [2] https://lore.kernel.org/lkml/CAJD7tka13M-zVZTyQJYL1iUAYvuQ1fcHbCjcOBZcz6POYTV-4g@mail.gmail.com/
      [3] https://lore.kernel.org/lkml/CAAPL-u9D2b=iF5Lf_cRnKxUfkiEe0AMDTu6yhrUAzX0b6a6rDg@mail.gmail.com/
      
      [akpm@linux-foundation.org: fix mm/zswap.c]
      [yosryahmed@google.com: remove stats flushing mutex]
        Link: https://lkml.kernel.org/r/CAJD7tkZgP3m-VVPn+fF_YuvXeQYK=tZZjJHj=dzD=CcSSpp2qg@mail.gmail.com
      Link: https://lkml.kernel.org/r/20231129032154.3710765-6-yosryahmed@google.comSigned-off-by: default avatarYosry Ahmed <yosryahmed@google.com>
      Tested-by: default avatarDomenico Cerasuolo <cerasuolodomenico@gmail.com>
      Acked-by: default avatarShakeel Butt <shakeelb@google.com>
      Cc: Chris Li <chrisl@kernel.org>
      Cc: Greg Thelen <gthelen@google.com>
      Cc: Ivan Babrou <ivan@cloudflare.com>
      Cc: Johannes Weiner <hannes@cmpxchg.org>
      Cc: Michal Hocko <mhocko@kernel.org>
      Cc: Michal Koutny <mkoutny@suse.com>
      Cc: Muchun Song <muchun.song@linux.dev>
      Cc: Roman Gushchin <roman.gushchin@linux.dev>
      Cc: Tejun Heo <tj@kernel.org>
      Cc: Waiman Long <longman@redhat.com>
      Cc: Wei Xu <weixugc@google.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      7d7ef0a4
    • Yosry Ahmed's avatar
      mm: workingset: move the stats flush into workingset_test_recent() · b0068472
      Yosry Ahmed authored
      The workingset code flushes the stats in workingset_refault() to get
      accurate stats of the eviction memcg.  In preparation for more scoped
      flushed and passing the eviction memcg to the flush call, move the call to
      workingset_test_recent() where we have a pointer to the eviction memcg.
      
      The flush call is sleepable, and cannot be made in an rcu read section. 
      Hence, minimize the rcu read section by also moving it into
      workingset_test_recent().  Furthermore, instead of holding the rcu read
      lock throughout workingset_test_recent(), only hold it briefly to get a
      ref on the eviction memcg.  This allows us to make the flush call after we
      get the eviction memcg.
      
      As for workingset_refault(), nothing else there appears to be protected by
      rcu.  The memcg of the faulted folio (which is not necessarily the same as
      the eviction memcg) is protected by the folio lock, which is held from all
      callsites.  Add a VM_BUG_ON() to make sure this doesn't change from under
      us.
      
      No functional change intended.
      
      Link: https://lkml.kernel.org/r/20231129032154.3710765-5-yosryahmed@google.comSigned-off-by: default avatarYosry Ahmed <yosryahmed@google.com>
      Tested-by: default avatarDomenico Cerasuolo <cerasuolodomenico@gmail.com>
      Acked-by: default avatarShakeel Butt <shakeelb@google.com>
      Cc: Chris Li <chrisl@kernel.org>
      Cc: Greg Thelen <gthelen@google.com>
      Cc: Ivan Babrou <ivan@cloudflare.com>
      Cc: Johannes Weiner <hannes@cmpxchg.org>
      Cc: Michal Hocko <mhocko@kernel.org>
      Cc: Michal Koutny <mkoutny@suse.com>
      Cc: Muchun Song <muchun.song@linux.dev>
      Cc: Roman Gushchin <roman.gushchin@linux.dev>
      Cc: Tejun Heo <tj@kernel.org>
      Cc: Waiman Long <longman@redhat.com>
      Cc: Wei Xu <weixugc@google.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      b0068472
    • Yosry Ahmed's avatar
      mm: memcg: make stats flushing threshold per-memcg · 8d59d221
      Yosry Ahmed authored
      A global counter for the magnitude of memcg stats update is maintained on
      the memcg side to avoid invoking rstat flushes when the pending updates
      are not significant.  This avoids unnecessary flushes, which are not very
      cheap even if there isn't a lot of stats to flush.  It also avoids
      unnecessary lock contention on the underlying global rstat lock.
      
      Make this threshold per-memcg.  The scheme is followed where percpu (now
      also per-memcg) counters are incremented in the update path, and only
      propagated to per-memcg atomics when they exceed a certain threshold.
      
      This provides two benefits: (a) On large machines with a lot of memcgs,
      the global threshold can be reached relatively fast, so guarding the
      underlying lock becomes less effective.  Making the threshold per-memcg
      avoids this.
      
      (b) Having a global threshold makes it hard to do subtree flushes, as we
      cannot reset the global counter except for a full flush.  Per-memcg
      counters removes this as a blocker from doing subtree flushes, which helps
      avoid unnecessary work when the stats of a small subtree are needed.
      
      Nothing is free, of course.  This comes at a cost: (a) A new per-cpu
      counter per memcg, consuming NR_CPUS * NR_MEMCGS * 4 bytes.  The extra
      memory usage is insigificant.
      
      (b) More work on the update side, although in the common case it will only
      be percpu counter updates.  The amount of work scales with the number of
      ancestors (i.e.  tree depth).  This is not a new concept, adding a cgroup
      to the rstat tree involves a parent loop, so is charging.  Testing results
      below show no significant regressions.
      
      (c) The error margin in the stats for the system as a whole increases from
      NR_CPUS * MEMCG_CHARGE_BATCH to NR_CPUS * MEMCG_CHARGE_BATCH * NR_MEMCGS. 
      This is probably fine because we have a similar per-memcg error in charges
      coming from percpu stocks, and we have a periodic flusher that makes sure
      we always flush all the stats every 2s anyway.
      
      This patch was tested to make sure no significant regressions are
      introduced on the update path as follows.  The following benchmarks were
      ran in a cgroup that is 2 levels deep (/sys/fs/cgroup/a/b/):
      
      (1) Running 22 instances of netperf on a 44 cpu machine with
      hyperthreading disabled. All instances are run in a level 2 cgroup, as
      well as netserver:
        # netserver -6
        # netperf -6 -H ::1 -l 60 -t TCP_SENDFILE -- -m 10K
      
      Averaging 20 runs, the numbers are as follows:
      Base: 40198.0 mbps
      Patched: 38629.7 mbps (-3.9%)
      
      The regression is minimal, especially for 22 instances in the same
      cgroup sharing all ancestors (so updating the same atomics).
      
      (2) will-it-scale page_fault tests. These tests (specifically
      per_process_ops in page_fault3 test) detected a 25.9% regression before
      for a change in the stats update path [1]. These are the
      numbers from 10 runs (+ is good) on a machine with 256 cpus:
      
                   LABEL            |     MEAN    |   MEDIAN    |   STDDEV   |
      ------------------------------+-------------+-------------+-------------
        page_fault1_per_process_ops |             |             |            |
        (A) base                    | 270249.164  | 265437.000  | 13451.836  |
        (B) patched                 | 261368.709  | 255725.000  | 13394.767  |
                                    | -3.29%      | -3.66%      |            |
        page_fault1_per_thread_ops  |             |             |            |
        (A) base                    | 242111.345  | 239737.000  | 10026.031  |
        (B) patched                 | 237057.109  | 235305.000  | 9769.687   |
                                    | -2.09%      | -1.85%      |            |
        page_fault1_scalability     |             |             |
        (A) base                    | 0.034387    | 0.035168    | 0.0018283  |
        (B) patched                 | 0.033988    | 0.034573    | 0.0018056  |
                                    | -1.16%      | -1.69%      |            |
        page_fault2_per_process_ops |             |             |
        (A) base                    | 203561.836  | 203301.000  | 2550.764   |
        (B) patched                 | 197195.945  | 197746.000  | 2264.263   |
                                    | -3.13%      | -2.73%      |            |
        page_fault2_per_thread_ops  |             |             |
        (A) base                    | 171046.473  | 170776.000  | 1509.679   |
        (B) patched                 | 166626.327  | 166406.000  | 768.753    |
                                    | -2.58%      | -2.56%      |            |
        page_fault2_scalability     |             |             |
        (A) base                    | 0.054026    | 0.053821    | 0.00062121 |
        (B) patched                 | 0.053329    | 0.05306     | 0.00048394 |
                                    | -1.29%      | -1.41%      |            |
        page_fault3_per_process_ops |             |             |
        (A) base                    | 1295807.782 | 1297550.000 | 5907.585   |
        (B) patched                 | 1275579.873 | 1273359.000 | 8759.160   |
                                    | -1.56%      | -1.86%      |            |
        page_fault3_per_thread_ops  |             |             |
        (A) base                    | 391234.164  | 390860.000  | 1760.720   |
        (B) patched                 | 377231.273  | 376369.000  | 1874.971   |
                                    | -3.58%      | -3.71%      |            |
        page_fault3_scalability     |             |             |
        (A) base                    | 0.60369     | 0.60072     | 0.0083029  |
        (B) patched                 | 0.61733     | 0.61544     | 0.009855   |
                                    | +2.26%      | +2.45%      |            |
      
      All regressions seem to be minimal, and within the normal variance for the
      benchmark.  The fix for [1] assumes that 3% is noise -- and there were no
      further practical complaints), so hopefully this means that such
      variations in these microbenchmarks do not reflect on practical workloads.
      
      (3) I also ran stress-ng in a nested cgroup and did not observe any
      obvious regressions.
      
      [1]https://lore.kernel.org/all/20190520063534.GB19312@shao2-debian/
      
      Link: https://lkml.kernel.org/r/20231129032154.3710765-4-yosryahmed@google.comSigned-off-by: default avatarYosry Ahmed <yosryahmed@google.com>
      Suggested-by: default avatarJohannes Weiner <hannes@cmpxchg.org>
      Tested-by: default avatarDomenico Cerasuolo <cerasuolodomenico@gmail.com>
      Acked-by: default avatarShakeel Butt <shakeelb@google.com>
      Cc: Chris Li <chrisl@kernel.org>
      Cc: Greg Thelen <gthelen@google.com>
      Cc: Ivan Babrou <ivan@cloudflare.com>
      Cc: Michal Hocko <mhocko@kernel.org>
      Cc: Michal Koutny <mkoutny@suse.com>
      Cc: Muchun Song <muchun.song@linux.dev>
      Cc: Roman Gushchin <roman.gushchin@linux.dev>
      Cc: Tejun Heo <tj@kernel.org>
      Cc: Waiman Long <longman@redhat.com>
      Cc: Wei Xu <weixugc@google.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      8d59d221
    • Yosry Ahmed's avatar
      mm: memcg: move vmstats structs definition above flushing code · e0bf1dc8
      Yosry Ahmed authored
      The following patch will make use of those structs in the flushing code,
      so move their definitions (and a few other dependencies) a little bit up
      to reduce the diff noise in the following patch.
      
      No functional change intended.
      
      Link: https://lkml.kernel.org/r/20231129032154.3710765-3-yosryahmed@google.comSigned-off-by: default avatarYosry Ahmed <yosryahmed@google.com>
      Tested-by: default avatarDomenico Cerasuolo <cerasuolodomenico@gmail.com>
      Acked-by: default avatarShakeel Butt <shakeelb@google.com>
      Cc: Chris Li <chrisl@kernel.org>
      Cc: Greg Thelen <gthelen@google.com>
      Cc: Ivan Babrou <ivan@cloudflare.com>
      Cc: Johannes Weiner <hannes@cmpxchg.org>
      Cc: Michal Hocko <mhocko@kernel.org>
      Cc: Michal Koutny <mkoutny@suse.com>
      Cc: Muchun Song <muchun.song@linux.dev>
      Cc: Roman Gushchin <roman.gushchin@linux.dev>
      Cc: Tejun Heo <tj@kernel.org>
      Cc: Waiman Long <longman@redhat.com>
      Cc: Wei Xu <weixugc@google.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      e0bf1dc8
    • Yosry Ahmed's avatar
      mm: memcg: change flush_next_time to flush_last_time · 508bed88
      Yosry Ahmed authored
      Patch series "mm: memcg: subtree stats flushing and thresholds", v4.
      
      This series attempts to address shortages in today's approach for memcg
      stats flushing, namely occasionally stale or expensive stat reads.  The
      series does so by changing the threshold that we use to decide whether to
      trigger a flush to be per memcg instead of global (patch 3), and then
      changing flushing to be per memcg (i.e.  subtree flushes) instead of
      global (patch 5).
      
      
      This patch (of 5):
      
      flush_next_time is an inaccurate name.  It's not the next time that
      periodic flushing will happen, it's rather the next time that ratelimited
      flushing can happen if the periodic flusher is late.
      
      Simplify its semantics by just storing the timestamp of the last flush
      instead, flush_last_time.  Move the 2*FLUSH_TIME addition to
      mem_cgroup_flush_stats_ratelimited(), and add a comment explaining it. 
      This way, all the ratelimiting semantics live in one place.
      
      No functional change intended.
      
      Link: https://lkml.kernel.org/r/20231129032154.3710765-1-yosryahmed@google.com
      Link: https://lkml.kernel.org/r/20231129032154.3710765-2-yosryahmed@google.comSigned-off-by: default avatarYosry Ahmed <yosryahmed@google.com>
      Tested-by: default avatarDomenico Cerasuolo <cerasuolodomenico@gmail.com>
      Acked-by: default avatarShakeel Butt <shakeelb@google.com>
      Acked-by: Chris Li <chrisl@kernel.org> (Google)
      Tested-by: default avatarBagas Sanjaya <bagasdotme@gmail.com>
      Cc: Greg Thelen <gthelen@google.com>
      Cc: Ivan Babrou <ivan@cloudflare.com>
      Cc: Johannes Weiner <hannes@cmpxchg.org>
      Cc: Michal Hocko <mhocko@kernel.org>
      Cc: Michal Koutny <mkoutny@suse.com>
      Cc: Muchun Song <muchun.song@linux.dev>
      Cc: Roman Gushchin <roman.gushchin@linux.dev>
      Cc: Tejun Heo <tj@kernel.org>
      Cc: Waiman Long <longman@redhat.com>
      Cc: Wei Xu <weixugc@google.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      508bed88
    • Andrew Morton's avatar
      mm/list_lru.c: remove unused list_lru_from_kmem() · 4a3bfbd1
      Andrew Morton authored
      Fixes: 0a97c01c ("list_lru: allow explicit memcg and NUMA node selection)
      Reported-by: default avatarkernel test robot <lkp@intel.com>
      Closes: https://lore.kernel.org/oe-kbuild-all/202312141318.q8b5yrAq-lkp@intel.com/
      Cc: Nhat Pham <nphamcs@gmail.com>
      Cc: Johannes Weiner <hannes@cmpxchg.org>
      Cc: Johannes Weiner <hannes@cmpxchg.org>
      Cc: Bagas Sanjaya <bagasdotme@gmail.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      4a3bfbd1
    • Andrew Morton's avatar
      lib/maple_tree.c: fix build error due to hotfix alteration · 5143eecd
      Andrew Morton authored
      Commit 0de56e38 ("maple_tree: use maple state end for write
      operations") was broken by a later patch "maple_tree: do not preallocate
      nodes for slot stores".  But the later patch was scheduled ahead of
      0de56e38, for 6.7-rc.
      
      This fixlet undoes the damage.
      
      Fixes: 0de56e38 ("maple_tree: use maple state end for write operations")
      Cc: Liam R. Howlett <Liam.Howlett@oracle.com>
      Cc: Sidhartha Kumar <sidhartha.kumar@oracle.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      5143eecd
    • Andrew Morton's avatar
    • Matthew Wilcox (Oracle)'s avatar
      mailmap: add an old address for Naoya Horiguchi · 1803d0c5
      Matthew Wilcox (Oracle) authored
      This address now bounces, remap it to a current address.
      
      Link: https://lkml.kernel.org/r/20231218140328.3313474-1-willy@infradead.orgSigned-off-by: default avatarMatthew Wilcox (Oracle) <willy@infradead.org>
      Cc: Dan Williams <dan.j.williams@intel.com>
      Cc: Naoya Horiguchi <n-horiguchi@ah.jp.nec.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      1803d0c5
    • Matthew Wilcox (Oracle)'s avatar
      mm/memory-failure: cast index to loff_t before shifting it · 39ebd6dc
      Matthew Wilcox (Oracle) authored
      On 32-bit systems, we'll lose the top bits of index because arithmetic
      will be performed in unsigned long instead of unsigned long long.  This
      affects files over 4GB in size.
      
      Link: https://lkml.kernel.org/r/20231218135837.3310403-4-willy@infradead.org
      Fixes: 6100e34b ("mm, memory_failure: Teach memory_failure() about dev_pagemap pages")
      Signed-off-by: default avatarMatthew Wilcox (Oracle) <willy@infradead.org>
      Cc: Dan Williams <dan.j.williams@intel.com>
      Cc: Naoya Horiguchi <n-horiguchi@ah.jp.nec.com>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      39ebd6dc
    • Matthew Wilcox (Oracle)'s avatar
      mm/memory-failure: check the mapcount of the precise page · c79c5a0a
      Matthew Wilcox (Oracle) authored
      A process may map only some of the pages in a folio, and might be missed
      if it maps the poisoned page but not the head page.  Or it might be
      unnecessarily hit if it maps the head page, but not the poisoned page.
      
      Link: https://lkml.kernel.org/r/20231218135837.3310403-3-willy@infradead.org
      Fixes: 7af446a8 ("HWPOISON, hugetlb: enable error handling path for hugepage")
      Signed-off-by: default avatarMatthew Wilcox (Oracle) <willy@infradead.org>
      Cc: Dan Williams <dan.j.williams@intel.com>
      Cc: Naoya Horiguchi <n-horiguchi@ah.jp.nec.com>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      c79c5a0a
    • Matthew Wilcox (Oracle)'s avatar
      mm/memory-failure: pass the folio and the page to collect_procs() · 376907f3
      Matthew Wilcox (Oracle) authored
      Patch series "Three memory-failure fixes".
      
      I've been looking at the memory-failure code and I believe I have found
      three bugs that need fixing -- one going all the way back to 2010!  I'll
      have more patches later to use folios more extensively but didn't want
      these bugfixes to get caught up in that.
      
      
      This patch (of 3):
      
      Both collect_procs_anon() and collect_procs_file() iterate over the VMA
      interval trees looking for a single pgoff, so it is wrong to look for the
      pgoff of the head page as is currently done.  However, it is also wrong to
      look at page->mapping of the precise page as this is invalid for tail
      pages.  Clear up the confusion by passing both the folio and the precise
      page to collect_procs().
      
      Link: https://lkml.kernel.org/r/20231218135837.3310403-1-willy@infradead.org
      Link: https://lkml.kernel.org/r/20231218135837.3310403-2-willy@infradead.org
      Fixes: 415c64c1 ("mm/memory-failure: split thp earlier in memory error handling")
      Signed-off-by: default avatarMatthew Wilcox (Oracle) <willy@infradead.org>
      Cc: Dan Williams <dan.j.williams@intel.com>
      Cc: Naoya Horiguchi <n-horiguchi@ah.jp.nec.com>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      376907f3
    • Muhammad Usama Anjum's avatar
      selftests: secretmem: floor the memory size to the multiple of page_size · 0aac13ad
      Muhammad Usama Anjum authored
      The "locked-in-memory size" limit per process can be non-multiple of
      page_size.  The mmap() fails if we try to allocate locked-in-memory with
      same size as the allowed limit if it isn't multiple of the page_size
      because mmap() rounds off the memory size to be allocated to next multiple
      of page_size.
      
      Fix this by flooring the length to be allocated with mmap() to the
      previous multiple of the page_size.
      
      This was getting triggered on KernelCI regularly because of different
      ulimit settings which wasn't multiple of the page_size.  Find logs
      here: https://linux.kernelci.org/test/plan/id/657654bd8e81e654fae13532/
      The bug in was present from the time test was first added.
      
      Link: https://lkml.kernel.org/r/20231214101931.1155586-1-usama.anjum@collabora.com
      Fixes: 76fe17ef ("secretmem: test: add basic selftest for memfd_secret(2)")
      Signed-off-by: default avatarMuhammad Usama Anjum <usama.anjum@collabora.com>
      Reported-by: default avatar"kernelci.org bot" <bot@kernelci.org>
      Closes: https://linux.kernelci.org/test/plan/id/657654bd8e81e654fae13532/
      Cc: "James E.J. Bottomley" <James.Bottomley@HansenPartnership.com>
      Cc: Mike Rapoport (IBM) <rppt@kernel.org>
      Cc: Shuah Khan <shuah@kernel.org>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      0aac13ad
    • Charan Teja Kalla's avatar
      mm: migrate high-order folios in swap cache correctly · fc346d0a
      Charan Teja Kalla authored
      Large folios occupy N consecutive entries in the swap cache instead of
      using multi-index entries like the page cache.  However, if a large folio
      is re-added to the LRU list, it can be migrated.  The migration code was
      not aware of the difference between the swap cache and the page cache and
      assumed that a single xas_store() would be sufficient.
      
      This leaves potentially many stale pointers to the now-migrated folio in
      the swap cache, which can lead to almost arbitrary data corruption in the
      future.  This can also manifest as infinite loops with the RCU read lock
      held.
      
      [willy@infradead.org: modifications to the changelog & tweaked the fix]
      Fixes: 3417013e ("mm/migrate: Add folio_migrate_mapping()")
      Link: https://lkml.kernel.org/r/20231214045841.961776-1-willy@infradead.orgSigned-off-by: default avatarCharan Teja Kalla <quic_charante@quicinc.com>
      Signed-off-by: default avatarMatthew Wilcox (Oracle) <willy@infradead.org>
      Reported-by: default avatarCharan Teja Kalla <quic_charante@quicinc.com>
      Closes: https://lkml.kernel.org/r/1700569840-17327-1-git-send-email-quic_charante@quicinc.com
      Cc: David Hildenbrand <david@redhat.com>
      Cc: Johannes Weiner <hannes@cmpxchg.org>
      Cc: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
      Cc: Naoya Horiguchi <n-horiguchi@ah.jp.nec.com>
      Cc: Shakeel Butt <shakeelb@google.com>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      fc346d0a
    • Sidhartha Kumar's avatar
      maple_tree: do not preallocate nodes for slot stores · 4249f13c
      Sidhartha Kumar authored
      mas_preallocate() defaults to requesting 1 node for preallocation and then
      ,depending on the type of store, will update the request variable.  There
      isn't a check for a slot store type, so slot stores are preallocating the
      default 1 node.  Slot stores do not require any additional nodes, so add a
      check for the slot store case that will bypass node_count_gfp().  Update
      the tests to reflect that slot stores do not require allocations.
      
      User visible effects of this bug include increased memory usage from the
      unneeded node that was allocated.
      
      Link: https://lkml.kernel.org/r/20231213205058.386589-1-sidhartha.kumar@oracle.com
      Fixes: 0b8bb544 ("maple_tree: update mas_preallocate() testing")
      Signed-off-by: default avatarSidhartha Kumar <sidhartha.kumar@oracle.com>
      Cc: Liam R. Howlett <Liam.Howlett@oracle.com>
      Cc: Matthew Wilcox (Oracle) <willy@infradead.org>
      Cc: Peng Zhang <zhangpeng.00@bytedance.com>
      Cc: <stable@vger.kernel.org>	[6.6+]
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      4249f13c
    • Baokun Li's avatar
      mm/filemap: avoid buffered read/write race to read inconsistent data · e2c27b80
      Baokun Li authored
      The following concurrency may cause the data read to be inconsistent with
      the data on disk:
      
                   cpu1                           cpu2
      ------------------------------|------------------------------
                                     // Buffered write 2048 from 0
                                     ext4_buffered_write_iter
                                      generic_perform_write
                                       copy_page_from_iter_atomic
                                       ext4_da_write_end
                                        ext4_da_do_write_end
                                         block_write_end
                                          __block_commit_write
                                           folio_mark_uptodate
      // Buffered read 4096 from 0          smp_wmb()
      ext4_file_read_iter                   set_bit(PG_uptodate, folio_flags)
       generic_file_read_iter            i_size_write // 2048
        filemap_read                     unlock_page(page)
         filemap_get_pages
          filemap_get_read_batch
          folio_test_uptodate(folio)
           ret = test_bit(PG_uptodate, folio_flags)
           if (ret)
            smp_rmb();
            // Ensure that the data in page 0-2048 is up-to-date.
      
                                     // New buffered write 2048 from 2048
                                     ext4_buffered_write_iter
                                      generic_perform_write
                                       copy_page_from_iter_atomic
                                       ext4_da_write_end
                                        ext4_da_do_write_end
                                         block_write_end
                                          __block_commit_write
                                           folio_mark_uptodate
                                            smp_wmb()
                                            set_bit(PG_uptodate, folio_flags)
                                         i_size_write // 4096
                                         unlock_page(page)
      
         isize = i_size_read(inode) // 4096
         // Read the latest isize 4096, but without smp_rmb(), there may be
         // Load-Load disorder resulting in the data in the 2048-4096 range
         // in the page is not up-to-date.
         copy_page_to_iter
         // copyout 4096
      
      In the concurrency above, we read the updated i_size, but there is no read
      barrier to ensure that the data in the page is the same as the i_size at
      this point, so we may copy the unsynchronized page out.  Hence adding the
      missing read memory barrier to fix this.
      
      This is a Load-Load reordering issue, which only occurs on some weak
      mem-ordering architectures (e.g.  ARM64, ALPHA), but not on strong
      mem-ordering architectures (e.g.  X86).  And theoretically the problem
      doesn't only happen on ext4, filesystems that call filemap_read() but
      don't hold inode lock (e.g.  btrfs, f2fs, ubifs ...) will have this
      problem, while filesystems with inode lock (e.g.  xfs, nfs) won't have
      this problem.
      
      Link: https://lkml.kernel.org/r/20231213062324.739009-1-libaokun1@huawei.comSigned-off-by: default avatarBaokun Li <libaokun1@huawei.com>
      Reviewed-by: default avatarJan Kara <jack@suse.cz>
      Cc: Andreas Dilger <adilger.kernel@dilger.ca>
      Cc: Christoph Hellwig <hch@infradead.org>
      Cc: Dave Chinner <david@fromorbit.com>
      Cc: Matthew Wilcox (Oracle) <willy@infradead.org>
      Cc: Ritesh Harjani (IBM) <ritesh.list@gmail.com>
      Cc: Theodore Ts'o <tytso@mit.edu>
      Cc: yangerkun <yangerkun@huawei.com>
      Cc: Yu Kuai <yukuai3@huawei.com>
      Cc: Zhang Yi <yi.zhang@huawei.com>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      e2c27b80
    • Nico Pache's avatar
      kunit: kasan_test: disable fortify string checker on kmalloc_oob_memset · b2325bf8
      Nico Pache authored
      Similar to commit 09c6304e ("kasan: test: fix compatibility with
      FORTIFY_SOURCE") the kernel is panicing in kmalloc_oob_memset_*.
      
      This is due to the `ptr` not being hidden from the optimizer which would
      disable the runtime fortify string checker.
      
      kernel BUG at lib/string_helpers.c:1048!
      Call Trace:
      [<00000000272502e2>] fortify_panic+0x2a/0x30
      ([<00000000272502de>] fortify_panic+0x26/0x30)
      [<001bffff817045c4>] kmalloc_oob_memset_2+0x22c/0x230 [kasan_test]
      
      Hide the `ptr` variable from the optimizer to fix the kernel panic.  Also
      define a memset_size variable and hide that as well.  This cleans up the
      code and follows the same convention as other tests.
      
      [npache@redhat.com: address review comments from Andrey]
        Link: https://lkml.kernel.org/r/20231214164423.6202-1-npache@redhat.com
      Link: https://lkml.kernel.org/r/20231212232659.18839-1-npache@redhat.comSigned-off-by: default avatarNico Pache <npache@redhat.com>
      Reviewed-by: default avatarAndrey Konovalov <andreyknvl@gmail.com>
      Cc: Alexander Potapenko <glider@google.com>
      Cc: Andrey Konovalov <andreyknvl@gmail.com>
      Cc: Andrey Ryabinin <ryabinin.a.a@gmail.com>
      Cc: Dmitry Vyukov <dvyukov@google.com>
      Cc: Vincenzo Frascino <vincenzo.frascino@arm.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      b2325bf8
    • Arnd Bergmann's avatar
      kexec: select CRYPTO from KEXEC_FILE instead of depending on it · e63bde3d
      Arnd Bergmann authored
      All other users of crypto code use 'select' instead of 'depends on', so do
      the same thing with KEXEC_FILE for consistency.
      
      In practice this makes very little difference as kernels with kexec
      support are very likely to also include some other feature that already
      selects both crypto and crypto_sha256, but being consistent here helps for
      usability as well as to avoid potential circular dependencies.
      
      This reverts the dependency back to what it was originally before commit
      74ca317c ("kexec: create a new config option CONFIG_KEXEC_FILE for
      new syscall"), which changed changed it with the comment "This should be
      safer as "select" is not recursive", but that appears to have been done in
      error, as "select" is indeed recursive, and there are no other
      dependencies that prevent CRYPTO_SHA256 from being selected here.
      
      Link: https://lkml.kernel.org/r/20231023110308.1202042-2-arnd@kernel.org
      Fixes: 74ca317c ("kexec: create a new config option CONFIG_KEXEC_FILE for new syscall")
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      Reviewed-by: default avatarEric DeVolder <eric_devolder@yahoo.com>
      Tested-by: default avatarEric DeVolder <eric_devolder@yahoo.com>
      Acked-by: default avatarBaoquan He <bhe@redhat.com>
      Cc: Herbert Xu <herbert@gondor.apana.org.au>
      Cc: "David S. Miller" <davem@davemloft.net>
      Cc: Albert Ou <aou@eecs.berkeley.edu>
      Cc: Alexander Gordeev <agordeev@linux.ibm.com>
      Cc: Ard Biesheuvel <ardb@kernel.org>
      Cc: Borislav Petkov <bp@alien8.de>
      Cc: Christian Borntraeger <borntraeger@linux.ibm.com>
      Cc: Christophe Leroy <christophe.leroy@csgroup.eu>
      Cc: Conor Dooley <conor@kernel.org>
      Cc: Dave Hansen <dave.hansen@linux.intel.com>
      Cc: Heiko Carstens <hca@linux.ibm.com>
      Cc: "H. Peter Anvin" <hpa@zytor.com>
      Cc: Ingo Molnar <mingo@redhat.com>
      Cc: Nicholas Piggin <npiggin@gmail.com>
      Cc: Palmer Dabbelt <palmer@dabbelt.com>
      Cc: Paul Walmsley <paul.walmsley@sifive.com>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Sven Schnelle <svens@linux.ibm.com>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: Vasily Gorbik <gor@linux.ibm.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      e63bde3d
    • Arnd Bergmann's avatar
      kexec: fix KEXEC_FILE dependencies · c1ad12ee
      Arnd Bergmann authored
      The cleanup for the CONFIG_KEXEC Kconfig logic accidentally changed the
      'depends on CRYPTO=y' dependency to a plain 'depends on CRYPTO', which
      causes a link failure when all the crypto support is in a loadable module
      and kexec_file support is built-in:
      
      x86_64-linux-ld: vmlinux.o: in function `__x64_sys_kexec_file_load':
      (.text+0x32e30a): undefined reference to `crypto_alloc_shash'
      x86_64-linux-ld: (.text+0x32e58e): undefined reference to `crypto_shash_update'
      x86_64-linux-ld: (.text+0x32e6ee): undefined reference to `crypto_shash_final'
      
      Both s390 and x86 have this problem, while ppc64 and riscv have the
      correct dependency already.  On riscv, the dependency is only used for the
      purgatory, not for the kexec_file code itself, which may be a bit
      surprising as it means that with CONFIG_CRYPTO=m, it is possible to enable
      KEXEC_FILE but then the purgatory code is silently left out.
      
      Move this into the common Kconfig.kexec file in a way that is correct
      everywhere, using the dependency on CRYPTO_SHA256=y only when the
      purgatory code is available.  This requires reversing the dependency
      between ARCH_SUPPORTS_KEXEC_PURGATORY and KEXEC_FILE, but the effect
      remains the same, other than making riscv behave like the other ones.
      
      On s390, there is an additional dependency on CRYPTO_SHA256_S390, which
      should technically not be required but gives better performance.  Remove
      this dependency here, noting that it was not present in the initial
      Kconfig code but was brought in without an explanation in commit
      71406883 ("s390/kexec_file: Add kexec_file_load system call").
      
      [arnd@arndb.de: fix riscv build]
        Link: https://lkml.kernel.org/r/67ddd260-d424-4229-a815-e3fcfb864a77@app.fastmail.com
      Link: https://lkml.kernel.org/r/20231023110308.1202042-1-arnd@kernel.org
      Fixes: 6af51380 ("x86/kexec: refactor for kernel/Kconfig.kexec")
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      Reviewed-by: default avatarEric DeVolder <eric_devolder@yahoo.com>
      Tested-by: default avatarEric DeVolder <eric_devolder@yahoo.com>
      Cc: Albert Ou <aou@eecs.berkeley.edu>
      Cc: Alexander Gordeev <agordeev@linux.ibm.com>
      Cc: Ard Biesheuvel <ardb@kernel.org>
      Cc: Borislav Petkov <bp@alien8.de>
      Cc: Christian Borntraeger <borntraeger@linux.ibm.com>
      Cc: Christophe Leroy <christophe.leroy@csgroup.eu>
      Cc: Conor Dooley <conor@kernel.org>
      Cc: Dave Hansen <dave.hansen@linux.intel.com>
      Cc: David S. Miller <davem@davemloft.net>
      Cc: Heiko Carstens <hca@linux.ibm.com>
      Cc: Herbert Xu <herbert@gondor.apana.org.au>
      Cc: "H. Peter Anvin" <hpa@zytor.com>
      Cc: Ingo Molnar <mingo@redhat.com>
      Cc: Nicholas Piggin <npiggin@gmail.com>
      Cc: Palmer Dabbelt <palmer@dabbelt.com>
      Cc: Paul Walmsley <paul.walmsley@sifive.com>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Sven Schnelle <svens@linux.ibm.com>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: Vasily Gorbik <gor@linux.ibm.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      c1ad12ee
  2. 13 Dec, 2023 17 commits
    • Yu Zhao's avatar
      mm/mglru: reclaim offlined memcgs harder · 4376807b
      Yu Zhao authored
      In the effort to reduce zombie memcgs [1], it was discovered that the
      memcg LRU doesn't apply enough pressure on offlined memcgs.  Specifically,
      instead of rotating them to the tail of the current generation
      (MEMCG_LRU_TAIL) for a second attempt, it moves them to the next
      generation (MEMCG_LRU_YOUNG) after the first attempt.
      
      Not applying enough pressure on offlined memcgs can cause them to build
      up, and this can be particularly harmful to memory-constrained systems.
      
      On Pixel 8 Pro, launching apps for 50 cycles:
                       Before  After  Change
        Zombie memcgs  45      35     -22%
      
      [1] https://lore.kernel.org/CABdmKX2M6koq4Q0Cmp_-=wbP0Qa190HdEGGaHfxNS05gAkUtPA@mail.gmail.com/
      
      Link: https://lkml.kernel.org/r/20231208061407.2125867-4-yuzhao@google.com
      Fixes: e4dde56c ("mm: multi-gen LRU: per-node lru_gen_folio lists")
      Signed-off-by: default avatarYu Zhao <yuzhao@google.com>
      Reported-by: default avatarT.J. Mercier <tjmercier@google.com>
      Tested-by: default avatarT.J. Mercier <tjmercier@google.com>
      Cc: Charan Teja Kalla <quic_charante@quicinc.com>
      Cc: Hillf Danton <hdanton@sina.com>
      Cc: Jaroslav Pulchart <jaroslav.pulchart@gooddata.com>
      Cc: Kairui Song <ryncsn@gmail.com>
      Cc: Kalesh Singh <kaleshsingh@google.com>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      4376807b
    • Yu Zhao's avatar
      mm/mglru: respect min_ttl_ms with memcgs · 8aa42061
      Yu Zhao authored
      While investigating kswapd "consuming 100% CPU" [1] (also see "mm/mglru:
      try to stop at high watermarks"), it was discovered that the memcg LRU can
      breach the thrashing protection imposed by min_ttl_ms.
      
      Before the memcg LRU:
        kswapd()
          shrink_node_memcgs()
            mem_cgroup_iter()
              inc_max_seq()  // always hit a different memcg
          lru_gen_age_node()
            mem_cgroup_iter()
              check the timestamp of the oldest generation
      
      After the memcg LRU:
        kswapd()
          shrink_many()
            restart:
              iterate the memcg LRU:
                inc_max_seq()  // occasionally hit the same memcg
                if raced with lru_gen_rotate_memcg():
                  goto restart
          lru_gen_age_node()
            mem_cgroup_iter()
              check the timestamp of the oldest generation
      
      Specifically, when the restart happens in shrink_many(), it needs to stick
      with the (memcg LRU) generation it began with.  In other words, it should
      neither re-read memcg_lru->seq nor age an lruvec of a different
      generation.  Otherwise it can hit the same memcg multiple times without
      giving lru_gen_age_node() a chance to check the timestamp of that memcg's
      oldest generation (against min_ttl_ms).
      
      [1] https://lore.kernel.org/CAK8fFZ4DY+GtBA40Pm7Nn5xCHy+51w3sfxPqkqpqakSXYyX+Wg@mail.gmail.com/
      
      Link: https://lkml.kernel.org/r/20231208061407.2125867-3-yuzhao@google.com
      Fixes: e4dde56c ("mm: multi-gen LRU: per-node lru_gen_folio lists")
      Signed-off-by: default avatarYu Zhao <yuzhao@google.com>
      Tested-by: default avatarT.J. Mercier <tjmercier@google.com>
      Cc: Charan Teja Kalla <quic_charante@quicinc.com>
      Cc: Hillf Danton <hdanton@sina.com>
      Cc: Jaroslav Pulchart <jaroslav.pulchart@gooddata.com>
      Cc: Kairui Song <ryncsn@gmail.com>
      Cc: Kalesh Singh <kaleshsingh@google.com>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      8aa42061
    • Yu Zhao's avatar
      mm/mglru: try to stop at high watermarks · 5095a2b2
      Yu Zhao authored
      The initial MGLRU patchset didn't include the memcg LRU support, and it
      relied on should_abort_scan(), added by commit f76c8337 ("mm:
      multi-gen LRU: optimize multiple memcgs"), to "backoff to avoid
      overshooting their aggregate reclaim target by too much".
      
      Later on when the memcg LRU was added, should_abort_scan() was deemed
      unnecessary, and the test results [1] showed no side effects after it was
      removed by commit a579086c ("mm: multi-gen LRU: remove eviction
      fairness safeguard").
      
      However, that test used memory.reclaim, which sets nr_to_reclaim to
      SWAP_CLUSTER_MAX.  So it can overshoot only by SWAP_CLUSTER_MAX-1 pages,
      i.e., from nr_reclaimed=nr_to_reclaim-1 to
      nr_reclaimed=nr_to_reclaim+SWAP_CLUSTER_MAX-1.  Compared with the batch
      size kswapd sets to nr_to_reclaim, SWAP_CLUSTER_MAX is tiny.  Therefore
      that test isn't able to reproduce the worst case scenario, i.e., kswapd
      overshooting GBs on large systems and "consuming 100% CPU" (see the Closes
      tag).
      
      Bring back a simplified version of should_abort_scan() on top of the memcg
      LRU, so that kswapd stops when all eligible zones are above their
      respective high watermarks plus a small delta to lower the chance of
      KSWAPD_HIGH_WMARK_HIT_QUICKLY.  Note that this only applies to order-0
      reclaim, meaning compaction-induced reclaim can still run wild (which is a
      different problem).
      
      On Android, launching 55 apps sequentially:
                 Before     After      Change
        pgpgin   838377172  802955040  -4%
        pgpgout  38037080   34336300   -10%
      
      [1] https://lore.kernel.org/20221222041905.2431096-1-yuzhao@google.com/
      
      Link: https://lkml.kernel.org/r/20231208061407.2125867-2-yuzhao@google.com
      Fixes: a579086c ("mm: multi-gen LRU: remove eviction fairness safeguard")
      Signed-off-by: default avatarYu Zhao <yuzhao@google.com>
      Reported-by: default avatarCharan Teja Kalla <quic_charante@quicinc.com>
      Reported-by: default avatarJaroslav Pulchart <jaroslav.pulchart@gooddata.com>
      Closes: https://lore.kernel.org/CAK8fFZ4DY+GtBA40Pm7Nn5xCHy+51w3sfxPqkqpqakSXYyX+Wg@mail.gmail.com/Tested-by: default avatarJaroslav Pulchart <jaroslav.pulchart@gooddata.com>
      Tested-by: default avatarKalesh Singh <kaleshsingh@google.com>
      Cc: Hillf Danton <hdanton@sina.com>
      Cc: Kairui Song <ryncsn@gmail.com>
      Cc: T.J. Mercier <tjmercier@google.com>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      5095a2b2
    • Yu Zhao's avatar
      mm/mglru: fix underprotected page cache · 08148805
      Yu Zhao authored
      Unmapped folios accessed through file descriptors can be underprotected. 
      Those folios are added to the oldest generation based on:
      
      1. The fact that they are less costly to reclaim (no need to walk the
         rmap and flush the TLB) and have less impact on performance (don't
         cause major PFs and can be non-blocking if needed again).
      2. The observation that they are likely to be single-use. E.g., for
         client use cases like Android, its apps parse configuration files
         and store the data in heap (anon); for server use cases like MySQL,
         it reads from InnoDB files and holds the cached data for tables in
         buffer pools (anon).
      
      However, the oldest generation can be very short lived, and if so, it
      doesn't provide the PID controller with enough time to respond to a surge
      of refaults.  (Note that the PID controller uses weighted refaults and
      those from evicted generations only take a half of the whole weight.) In
      other words, for a short lived generation, the moving average smooths out
      the spike quickly.
      
      To fix the problem:
      1. For folios that are already on LRU, if they can be beyond the
         tracking range of tiers, i.e., five accesses through file
         descriptors, move them to the second oldest generation to give them
         more time to age. (Note that tiers are used by the PID controller
         to statistically determine whether folios accessed multiple times
         through file descriptors are worth protecting.)
      2. When adding unmapped folios to LRU, adjust the placement of them so
         that they are not too close to the tail. The effect of this is
         similar to the above.
      
      On Android, launching 55 apps sequentially:
                                 Before     After      Change
        workingset_refault_anon  25641024   25598972   0%
        workingset_refault_file  115016834  106178438  -8%
      
      Link: https://lkml.kernel.org/r/20231208061407.2125867-1-yuzhao@google.com
      Fixes: ac35a490 ("mm: multi-gen LRU: minimal implementation")
      Signed-off-by: default avatarYu Zhao <yuzhao@google.com>
      Reported-by: default avatarCharan Teja Kalla <quic_charante@quicinc.com>
      Tested-by: default avatarKalesh Singh <kaleshsingh@google.com>
      Cc: T.J. Mercier <tjmercier@google.com>
      Cc: Kairui Song <ryncsn@gmail.com>
      Cc: Hillf Danton <hdanton@sina.com>
      Cc: Jaroslav Pulchart <jaroslav.pulchart@gooddata.com>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      08148805
    • David Stevens's avatar
      mm/shmem: fix race in shmem_undo_range w/THP · 55ac8bbe
      David Stevens authored
      Split folios during the second loop of shmem_undo_range.  It's not
      sufficient to only split folios when dealing with partial pages, since
      it's possible for a THP to be faulted in after that point.  Calling
      truncate_inode_folio in that situation can result in throwing away data
      outside of the range being targeted.
      
      [akpm@linux-foundation.org: tidy up comment layout]
      Link: https://lkml.kernel.org/r/20230418084031.3439795-1-stevensd@google.com
      Fixes: b9a8a419 ("truncate,shmem: Handle truncates that split large folios")
      Signed-off-by: default avatarDavid Stevens <stevensd@chromium.org>
      Cc: Matthew Wilcox (Oracle) <willy@infradead.org>
      Cc: Suleiman Souhlal <suleiman@google.com>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      55ac8bbe
    • John Hubbard's avatar
      Revert "selftests: error out if kernel header files are not yet built" · 43e8832f
      John Hubbard authored
      This reverts commit 9fc96c7c ("selftests: error out if kernel header
      files are not yet built").
      
      It turns out that requiring the kernel headers to be built as a
      prerequisite to building selftests, does not work in many cases. For
      example, Peter Zijlstra writes:
      
      "My biggest beef with the whole thing is that I simply do not want to use
      'make headers', it doesn't work for me.
      
      I have a ton of output directories and I don't care to build tools into
      the output dirs, in fact some of them flat out refuse to work that way
      (bpf comes to mind)." [1]
      
      Therefore, stop erroring out on the selftests build. Additional patches
      will be required in order to change over to not requiring the kernel
      headers.
      
      [1] https://lore.kernel.org/20231208221007.GO28727@noisy.programming.kicks-ass.net
      
      Link: https://lkml.kernel.org/r/20231209020144.244759-1-jhubbard@nvidia.com
      Fixes: 9fc96c7c ("selftests: error out if kernel header files are not yet built")
      Signed-off-by: default avatarJohn Hubbard <jhubbard@nvidia.com>
      Cc: Anders Roxell <anders.roxell@linaro.org>
      Cc: Muhammad Usama Anjum <usama.anjum@collabora.com>
      Cc: David Hildenbrand <david@redhat.com>
      Cc: Peter Xu <peterx@redhat.com>
      Cc: Jonathan Corbet <corbet@lwn.net>
      Cc: Nathan Chancellor <nathan@kernel.org>
      Cc: Shuah Khan <shuah@kernel.org>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Marcos Paulo de Souza <mpdesouza@suse.com>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      43e8832f
    • Yuntao Wang's avatar
      crash_core: fix the check for whether crashkernel is from high memory · 1dd11e97
      Yuntao Wang authored
      If crash_base is equal to CRASH_ADDR_LOW_MAX, it also indicates that
      the crashkernel memory is allocated from high memory. However, the
      current check only considers the case where crash_base is greater than
      CRASH_ADDR_LOW_MAX. Fix it.
      
      The runtime effects is that crashkernel high memory is successfully
      reserved, whereas the crashkernel low memory is bypassed in this case,
      then kdump kernel bootup will fail because of no low memory under 4G.
      
      This patch also includes some minor cleanups.
      
      Link: https://lkml.kernel.org/r/20231209141438.77233-1-ytcoode@gmail.com
      Fixes: 0ab97169 ("crash_core: add generic function to do reservation")
      Signed-off-by: default avatarYuntao Wang <ytcoode@gmail.com>
      Cc: Baoquan He <bhe@redhat.com>
      Cc: Dave Young <dyoung@redhat.com>
      Cc: Vivek Goyal <vgoyal@redhat.com>
      Cc: Zhen Lei <thunder.leizhen@huawei.com>
      Cc: "Eric W. Biederman" <ebiederm@xmission.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      1dd11e97
    • Baoquan He's avatar
      x86, kexec: fix the wrong ifdeffery CONFIG_KEXEC · 69f8ca8d
      Baoquan He authored
      With the current ifdeffery CONFIG_KEXEC, get_cmdline_acpi_rsdp() is only
      available when kexec_load interface is taken, while kexec_file_load
      interface can't make use of it.
      
      Now change it to CONFIG_KEXEC_CORE.
      
      Link: https://lkml.kernel.org/r/20231208073036.7884-6-bhe@redhat.comSigned-off-by: default avatarBaoquan He <bhe@redhat.com>
      Cc: Eric DeVolder <eric_devolder@yahoo.com>
      Cc: Ignat Korchagin <ignat@cloudflare.com>
      Cc: kernel test robot <lkp@intel.com>
      Cc: Stephen Rothwell <sfr@canb.auug.org.au>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      69f8ca8d
    • Baoquan He's avatar
      sh, kexec: fix the incorrect ifdeffery and dependency of CONFIG_KEXEC · d70c27b7
      Baoquan He authored
      The select of KEXEC for CRASH_DUMP in kernel/Kconfig.kexec will be
      dropped, then compiling errors will be triggered if below config
      items are set:
      
      ===
      CONFIG_CRASH_CORE=y
      CONFIG_KEXEC_CORE=y
      CONFIG_CRASH_DUMP=y
      ===
      
      Here, change the dependency of building kexec_core related object files,
      and the ifdeffery on SuperH from CONFIG_KEXEC to CONFIG_KEXEC_CORE.
      
      Link: https://lkml.kernel.org/r/20231208073036.7884-5-bhe@redhat.comSigned-off-by: default avatarBaoquan He <bhe@redhat.com>
      Cc: Eric DeVolder <eric_devolder@yahoo.com>
      Cc: Ignat Korchagin <ignat@cloudflare.com>
      Cc: kernel test robot <lkp@intel.com>
      Cc: Stephen Rothwell <sfr@canb.auug.org.au>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      d70c27b7
    • Baoquan He's avatar
      mips, kexec: fix the incorrect ifdeffery and dependency of CONFIG_KEXEC · 8cd2accb
      Baoquan He authored
      The select of KEXEC for CRASH_DUMP in kernel/Kconfig.kexec will be
      dropped, then compiling errors will be triggered if below config items are
      set:
      
      ===
      CONFIG_CRASH_CORE=y
      CONFIG_KEXEC_CORE=y
      CONFIG_CRASH_DUMP=y
      ===
      
      --------------------------------------------------------------------
      mipsel-linux-ld: kernel/kexec_core.o: in function `kimage_free':
      kernel/kexec_core.c:(.text+0x2200): undefined reference to `machine_kexec_cleanup'
      mipsel-linux-ld: kernel/kexec_core.o: in function `__crash_kexec':
      kernel/kexec_core.c:(.text+0x2480): undefined reference to `machine_crash_shutdown'
      mipsel-linux-ld: kernel/kexec_core.c:(.text+0x2488): undefined reference to `machine_kexec'
      mipsel-linux-ld: kernel/kexec_core.o: in function `kernel_kexec':
      kernel/kexec_core.c:(.text+0x29b8): undefined reference to `machine_shutdown'
      mipsel-linux-ld: kernel/kexec_core.c:(.text+0x29c0): undefined reference to `machine_kexec'
      --------------------------------------------------------------------
      
      Here, change the dependency of building kexec_core related object files,
      and the ifdeffery in mips from CONFIG_KEXEC to CONFIG_KEXEC_CORE.
      
      Link: https://lkml.kernel.org/r/20231208073036.7884-4-bhe@redhat.comSigned-off-by: default avatarBaoquan He <bhe@redhat.com>
      Reported-by: default avatarkernel test robot <lkp@intel.com>
      Closes: https://lore.kernel.org/oe-kbuild-all/202311302042.sn8cDPIX-lkp@intel.com/
      Cc: Eric DeVolder <eric_devolder@yahoo.com>
      Cc: Ignat Korchagin <ignat@cloudflare.com>
      Cc: Stephen Rothwell <sfr@canb.auug.org.au>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      8cd2accb
    • Baoquan He's avatar
      m68k, kexec: fix the incorrect ifdeffery and build dependency of CONFIG_KEXEC · 9bad6b75
      Baoquan He authored
      The select of KEXEC for CRASH_DUMP in kernel/Kconfig.kexec will be
      dropped, then compiling errors will be triggered if below config items are
      set:
      
      ===
      CONFIG_CRASH_CORE=y
      CONFIG_KEXEC_CORE=y
      CONFIG_CRASH_DUMP=y
      ===
      
      Here, change the dependency of buinding machine_kexec.o relocate_kernel.o
      and the ifdeffery in asm/kexe.h to CONFIG_KEXEC_CORE.
      
      Link: https://lkml.kernel.org/r/20231208073036.7884-3-bhe@redhat.comSigned-off-by: default avatarBaoquan He <bhe@redhat.com>
      Cc: Eric DeVolder <eric_devolder@yahoo.com>
      Cc: Ignat Korchagin <ignat@cloudflare.com>
      Cc: kernel test robot <lkp@intel.com>
      Cc: Stephen Rothwell <sfr@canb.auug.org.au>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      9bad6b75
    • Baoquan He's avatar
      loongarch, kexec: change dependency of object files · 655fc6cd
      Baoquan He authored
      Patch series "kexec: fix the incorrect ifdeffery and dependency of
      CONFIG_KEXEC".
      
      The select of KEXEC for CRASH_DUMP in kernel/Kconfig.kexec will be
      dropped, then compiling errors will be triggered if below config items are
      set:
      
      ===
      CONFIG_CRASH_CORE=y
      CONFIG_KEXEC_CORE=y
      CONFIG_CRASH_DUMP=y
      ===
      
      E.g on mips, below link error are seen:
      --------------------------------------------------------------------
      mipsel-linux-ld: kernel/kexec_core.o: in function `kimage_free':
      kernel/kexec_core.c:(.text+0x2200): undefined reference to `machine_kexec_cleanup'
      mipsel-linux-ld: kernel/kexec_core.o: in function `__crash_kexec':
      kernel/kexec_core.c:(.text+0x2480): undefined reference to `machine_crash_shutdown'
      mipsel-linux-ld: kernel/kexec_core.c:(.text+0x2488): undefined reference to `machine_kexec'
      mipsel-linux-ld: kernel/kexec_core.o: in function `kernel_kexec':
      kernel/kexec_core.c:(.text+0x29b8): undefined reference to `machine_shutdown'
      mipsel-linux-ld: kernel/kexec_core.c:(.text+0x29c0): undefined reference to `machine_kexec'
      --------------------------------------------------------------------
      
      Here, change the incorrect dependency of building kexec_core related
      object files, and the ifdeffery on architectures from CONFIG_KEXEC to
      CONFIG_KEXEC_CORE.
      
      Testing:
      ========
      Passed on mips and loognarch with the LKP reproducer.
      
      
      This patch (of 5):
      
      Currently, in arch/loongarch/kernel/Makefile, building machine_kexec.o
      relocate_kernel.o depends on CONFIG_KEXEC.
      
      Whereas, since we will drop the select of KEXEC for CRASH_DUMP in
      kernel/Kconfig.kexec, compiling error will be triggered if below config
      items are set:
      
      ===
      CONFIG_CRASH_CORE=y
      CONFIG_KEXEC_CORE=y
      CONFIG_CRASH_DUMP=y
      ===
      
      ---------------------------------------------------------------
      loongarch64-linux-ld: kernel/kexec_core.o: in function `.L209':
      >> kexec_core.c:(.text+0x1660): undefined reference to `machine_kexec_cleanup'
         loongarch64-linux-ld: kernel/kexec_core.o: in function `.L287':
      >> kexec_core.c:(.text+0x1c5c): undefined reference to `machine_crash_shutdown'
      >> loongarch64-linux-ld: kexec_core.c:(.text+0x1c64): undefined reference to `machine_kexec'
         loongarch64-linux-ld: kernel/kexec_core.o: in function `.L2^B5':
      >> kexec_core.c:(.text+0x2090): undefined reference to `machine_shutdown'
         loongarch64-linux-ld: kexec_core.c:(.text+0x20a0): undefined reference to `machine_kexec'
      ---------------------------------------------------------------
      
      Here, change the dependency of machine_kexec.o relocate_kernel.o to
      CONFIG_KEXEC_CORE can fix above building error.
      
      Link: https://lkml.kernel.org/r/20231208073036.7884-1-bhe@redhat.com
      Link: https://lkml.kernel.org/r/20231208073036.7884-2-bhe@redhat.comSigned-off-by: default avatarBaoquan He <bhe@redhat.com>
      Reported-by: default avatarkernel test robot <lkp@intel.com>
      Closes: https://lore.kernel.org/oe-kbuild-all/202311300946.kHE9Iu71-lkp@intel.com/
      Cc: Eric DeVolder <eric_devolder@yahoo.com>
      Cc: Ignat Korchagin <ignat@cloudflare.com>
      Cc: Stephen Rothwell <sfr@canb.auug.org.au>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      655fc6cd
    • SeongJae Park's avatar
      mm/damon/core: make damon_start() waits until kdamond_fn() starts · 6376a824
      SeongJae Park authored
      The cleanup tasks of kdamond threads including reset of corresponding
      DAMON context's ->kdamond field and decrease of global nr_running_ctxs
      counter is supposed to be executed by kdamond_fn().  However, commit
      0f91d133 ("mm/damon: simplify stop mechanism") made neither
      damon_start() nor damon_stop() ensure the corresponding kdamond has
      started the execution of kdamond_fn().
      
      As a result, the cleanup can be skipped if damon_stop() is called fast
      enough after the previous damon_start().  Especially the skipped reset
      of ->kdamond could cause a use-after-free.
      
      Fix it by waiting for start of kdamond_fn() execution from
      damon_start().
      
      Link: https://lkml.kernel.org/r/20231208175018.63880-1-sj@kernel.org
      Fixes: 0f91d133 ("mm/damon: simplify stop mechanism")
      Signed-off-by: default avatarSeongJae Park <sj@kernel.org>
      Reported-by: default avatarJakub Acs <acsjakub@amazon.de>
      Cc: Changbin Du <changbin.du@intel.com>
      Cc: Jakub Acs <acsjakub@amazon.de>
      Cc: <stable@vger.kernel.org> # 5.15.x
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      6376a824
    • David Hildenbrand's avatar
      selftests/mm: cow: print ksft header before printing anything else · a6fcd57c
      David Hildenbrand authored
      Doing a ksft_print_msg() before the ksft_print_header() seems to confuse
      the ksft framework in a strange way: running the test on the cmdline
      results in the expected output.
      
      But piping the output somewhere else, results in some odd output,
      whereby we repeatedly get the same info printed:
      	# [INFO] detected THP size: 2048 KiB
      	# [INFO] detected hugetlb page size: 2048 KiB
      	# [INFO] detected hugetlb page size: 1048576 KiB
      	# [INFO] huge zeropage is enabled
      	TAP version 13
      	1..190
      	# [INFO] Anonymous memory tests in private mappings
      	# [RUN] Basic COW after fork() ... with base page
      	# [INFO] detected THP size: 2048 KiB
      	# [INFO] detected hugetlb page size: 2048 KiB
      	# [INFO] detected hugetlb page size: 1048576 KiB
      	# [INFO] huge zeropage is enabled
      	TAP version 13
      	1..190
      	# [INFO] Anonymous memory tests in private mappings
      	# [RUN] Basic COW after fork() ... with base page
      	ok 1 No leak from parent into child
      	# [RUN] Basic COW after fork() ... with swapped out base page
      	# [INFO] detected THP size: 2048 KiB
      	# [INFO] detected hugetlb page size: 2048 KiB
      	# [INFO] detected hugetlb page size: 1048576 KiB
      	# [INFO] huge zeropage is enabled
      
      Doing the ksft_print_header() first seems to resolve that and gives us
      the output we expect:
      	TAP version 13
      	# [INFO] detected THP size: 2048 KiB
      	# [INFO] detected hugetlb page size: 2048 KiB
      	# [INFO] detected hugetlb page size: 1048576 KiB
      	# [INFO] huge zeropage is enabled
      	1..190
      	# [INFO] Anonymous memory tests in private mappings
      	# [RUN] Basic COW after fork() ... with base page
      	ok 1 No leak from parent into child
      	# [RUN] Basic COW after fork() ... with swapped out base page
      	ok 2 No leak from parent into child
      	# [RUN] Basic COW after fork() ... with THP
      	ok 3 No leak from parent into child
      	# [RUN] Basic COW after fork() ... with swapped-out THP
      	ok 4 No leak from parent into child
      	# [RUN] Basic COW after fork() ... with PTE-mapped THP
      	ok 5 No leak from parent into child
      
      Link: https://lkml.kernel.org/r/20231206103558.38040-1-david@redhat.com
      Fixes: f4b5fd69 ("selftests/vm: anon_cow: THP tests")
      Signed-off-by: default avatarDavid Hildenbrand <david@redhat.com>
      Reported-by: default avatarNico Pache <npache@redhat.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      a6fcd57c
    • Kefeng Wang's avatar
      mm: fix VMA heap bounds checking · d3bb89ea
      Kefeng Wang authored
      After converting selinux to VMA heap check helper, the gcl triggers an
      execheap SELinux denial, which is caused by a changed logic check.
      
      Previously selinux only checked that the VMA range was within the VMA heap
      range, and the implementation checks the intersection between the two
      ranges, but the corner case (vm_end=start_brk, brk=vm_start) isn't handled
      correctly.
      
      Since commit 11250fd1 ("mm: factor out VMA stack and heap checks") was
      only a function extraction, it seems that the issue was introduced by
      commit 0db0c01b ("procfs: fix /proc/<pid>/maps heap check").  Let's
      fix above corner cases, meanwhile, correct the wrong indentation of the
      stack and heap check helpers.
      
      Fixes: 11250fd1 ("mm: factor out VMA stack and heap checks")
      Signed-off-by: default avatarKefeng Wang <wangkefeng.wang@huawei.com>
      Reported-by: default avatarOndrej Mosnacek <omosnace@redhat.com>
      Closes: https://lore.kernel.org/selinux/CAFqZXNv0SVT0fkOK6neP9AXbj3nxJ61JAY4+zJzvxqJaeuhbFw@mail.gmail.com/Tested-by: default avatarOndrej Mosnacek <omosnace@redhat.com>
      Link: https://lkml.kernel.org/r/20231207152525.2607420-1-wangkefeng.wang@huawei.com
      Cc: David Hildenbrand <david@redhat.com>
      Cc: Paul Moore <paul@paul-moore.com>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Stephen Smalley <stephen.smalley.work@gmail.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      d3bb89ea
    • Baoquan He's avatar
      riscv: fix VMALLOC_START definition · ac88ff6b
      Baoquan He authored
      When below config items are set, compiler complained:
      
      --------------------
      CONFIG_CRASH_CORE=y
      CONFIG_KEXEC_CORE=y
      CONFIG_CRASH_DUMP=y
      ......
      -----------------------
      
      -------------------------------------------------------------------
      arch/riscv/kernel/crash_core.c: In function 'arch_crash_save_vmcoreinfo':
      arch/riscv/kernel/crash_core.c:11:58: warning: format '%lx' expects argument of type 'long unsigned int', but argument 2 has type 'int' [-Wformat=]
      11 |         vmcoreinfo_append_str("NUMBER(VMALLOC_START)=0x%lx\n", VMALLOC_START);
         |                                                        ~~^
         |                                                          |
         |                                                          long unsigned int
         |                                                        %x
      ----------------------------------------------------------------------
      
      This is because on riscv macro VMALLOC_START has different type when
      CONFIG_MMU is set or unset.
      
      arch/riscv/include/asm/pgtable.h:
      --------------------------------------------------
      
      Changing it to _AC(0, UL) in case CONFIG_MMU=n can fix the warning.
      
      Link: https://lkml.kernel.org/r/ZW7OsX4zQRA3mO4+@MiWiFi-R3L-srvSigned-off-by: default avatarBaoquan He <bhe@redhat.com>
      Reported-by: default avatarRandy Dunlap <rdunlap@infradead.org>
      Acked-by: default avatarRandy Dunlap <rdunlap@infradead.org>
      Tested-by: Randy Dunlap <rdunlap@infradead.org>	# build-tested
      Cc: Eric DeVolder <eric_devolder@yahoo.com>
      Cc: Ignat Korchagin <ignat@cloudflare.com>
      Cc: Stephen Rothwell <sfr@canb.auug.org.au>
      Cc: Paul Walmsley <paul.walmsley@sifive.com>
      Cc: Palmer Dabbelt <palmer@dabbelt.com>
      Cc: Albert Ou <aou@eecs.berkeley.edu>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      ac88ff6b
    • Ignat Korchagin's avatar
      kexec: drop dependency on ARCH_SUPPORTS_KEXEC from CRASH_DUMP · c41bd251
      Ignat Korchagin authored
      In commit f8ff23429c62 ("kernel/Kconfig.kexec: drop select of KEXEC for
      CRASH_DUMP") we tried to fix a config regression, where CONFIG_CRASH_DUMP
      required CONFIG_KEXEC.
      
      However, it was not enough at least for arm64 platforms.  While further
      testing the patch with our arm64 config I noticed that CONFIG_CRASH_DUMP
      is unavailable in menuconfig.  This is because CONFIG_CRASH_DUMP still
      depends on the new CONFIG_ARCH_SUPPORTS_KEXEC introduced in commit
      91506f7e ("arm64/kexec: refactor for kernel/Kconfig.kexec") and on
      arm64 CONFIG_ARCH_SUPPORTS_KEXEC requires CONFIG_PM_SLEEP_SMP=y, which in
      turn requires either CONFIG_SUSPEND=y or CONFIG_HIBERNATION=y neither of
      which are set in our config.
      
      Given that we already established that CONFIG_KEXEC (which is a switch for
      kexec system call itself) is not required for CONFIG_CRASH_DUMP drop
      CONFIG_ARCH_SUPPORTS_KEXEC dependency as well.  The arm64 kernel builds
      just fine with CONFIG_CRASH_DUMP=y and with both CONFIG_KEXEC=n and
      CONFIG_KEXEC_FILE=n after f8ff23429c62 ("kernel/Kconfig.kexec: drop select
      of KEXEC for CRASH_DUMP") and this patch are applied given that the
      necessary shared bits are included via CONFIG_KEXEC_CORE dependency.
      
      [bhe@redhat.com: don't export some symbols when CONFIG_MMU=n]
        Link: https://lkml.kernel.org/r/ZW03ODUKGGhP1ZGU@MiWiFi-R3L-srv
      [bhe@redhat.com: riscv, kexec: fix dependency of two items]
        Link: https://lkml.kernel.org/r/ZW04G/SKnhbE5mnX@MiWiFi-R3L-srv
      Link: https://lkml.kernel.org/r/20231129220409.55006-1-ignat@cloudflare.com
      Fixes: 91506f7e ("arm64/kexec: refactor for kernel/Kconfig.kexec")
      Signed-off-by: default avatarIgnat Korchagin <ignat@cloudflare.com>
      Signed-off-by: default avatarBaoquan He <bhe@redhat.com>
      Acked-by: default avatarBaoquan He <bhe@redhat.com>
      Cc: Alexander Gordeev <agordeev@linux.ibm.com>
      Cc: <stable@vger.kernel.org> # 6.6+: f8ff234: kernel/Kconfig.kexec: drop select of KEXEC for CRASH_DUMP
      Cc: <stable@vger.kernel.org> # 6.6+
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      c41bd251
  3. 12 Dec, 2023 4 commits