| Message ID | 1468198331-5133-2-git-send-email-gavin.guo@canonical.com |
|---|---|
| State | New |
| Headers | show |
On Mon, Jul 11, 2016 at 08:52:11AM +0800, Gavin Guo wrote: > BugLink: http://bugs.launchpad.net/bugs/1598197 > > Fix the nested spinlock() in balloon_page_dequeue() which would cause > the deadlock and the following coredump while deflating the balloon: > > [ 106.604006] NMI backtrace for cpu 0 > [ 106.604006] CPU: 0 PID: 231 Comm: vballoon Not tainted 3.13.0-91-generic #138-Ubuntu > [ 106.604006] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 > [ 106.604006] task: ffff8801353d4800 ti: ffff880134c20000 task.ti: ffff880134c20000 > [ 106.604006] RIP: 0010:[<ffffffff817319b7>] [<ffffffff817319b7>] _raw_spin_lock_irqsave+0x47/0x60 > [ 106.604006] RSP: 0018:ffff880134c21dc8 EFLAGS: 00000002 > [ 106.604006] RAX: 000000000000025e RBX: ffffea00014323c0 RCX: 0000000000005ee2 > [ 106.604006] RDX: 0000000000005ee0 RSI: 0000000000005ee2 RDI: ffff880138e649d8 > [ 106.604006] RBP: ffff880134c21dc8 R08: 0000000000000002 R09: 000000000000002f > [ 106.604006] R10: 0000000000000004 R11: 0000000000000005 R12: ffff880138e649d8 > [ 106.604006] R13: ffff880138e649c0 R14: ffffea0001432380 R15: 0000000000000206 > [ 106.604006] FS: 0000000000000000(0000) GS:ffff88013b200000(0000) knlGS:0000000000000000 > [ 106.604006] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b > [ 106.604006] CR2: 0000000001a94a58 CR3: 00000000a9d59000 CR4: 00000000000006f0 > [ 106.604006] Stack: > [ 106.604006] ffff880134c21e00 ffffffff81176748 ffff88013536b800 0000000000000100 > [ 106.604006] ffff880138e649c0 0000000000000000 ffff88013536b820 ffff880134c21e40 > [ 106.604006] ffffffff8143539f ffff88013536b868 ffff88013536b800 fffffffffff7d090 > [ 106.604006] Call Trace: > [ 106.604006] [<ffffffff81176748>] balloon_page_dequeue+0x78/0x140 > [ 106.604006] [<ffffffff8143539f>] leak_balloon+0x7f/0x110 > [ 106.604006] [<ffffffff81435776>] balloon+0x166/0x2a0 > [ 106.604006] [<ffffffff810adad0>] ? prepare_to_wait_event+0x100/0x100 > [ 106.604006] [<ffffffff81435610>] ? update_balloon_stats+0xf0/0xf0 > [ 106.604006] [<ffffffff8108dc79>] kthread+0xc9/0xe0 > [ 106.604006] [<ffffffff8108dbb0>] ? kthread_create_on_node+0x1c0/0x1c0 > [ 106.604006] [<ffffffff8173a3e8>] ret_from_fork+0x58/0x90 > [ 106.604006] [<ffffffff8108dbb0>] ? kthread_create_on_node+0x1c0/0x1c0 > > Signed-off-by: Gavin Guo <gavin.guo@canonical.com> > --- > mm/balloon_compaction.c | 2 -- > 1 file changed, 2 deletions(-) > > diff --git a/mm/balloon_compaction.c b/mm/balloon_compaction.c > index 65f9c733bc2d..bd60eebda2f4 100644 > --- a/mm/balloon_compaction.c > +++ b/mm/balloon_compaction.c > @@ -101,9 +101,7 @@ struct page *balloon_page_dequeue(struct balloon_dev_info *b_dev_info) > continue; > } > #endif > - spin_lock_irqsave(&b_dev_info->pages_lock, flags); > balloon_page_delete(page); > - spin_unlock_irqrestore(&b_dev_info->pages_lock, flags); > unlock_page(page); > dequeued_page = true; > break; > -- > 2.7.4 > After reading the bug report and looking through the commits this seems to fix a bad backport. --chris > > -- > kernel-team mailing list > kernel-team@lists.ubuntu.com > https://lists.ubuntu.com/mailman/listinfo/kernel-team
Quite obvious once you look at the code.
diff --git a/mm/balloon_compaction.c b/mm/balloon_compaction.c index 65f9c733bc2d..bd60eebda2f4 100644 --- a/mm/balloon_compaction.c +++ b/mm/balloon_compaction.c @@ -101,9 +101,7 @@ struct page *balloon_page_dequeue(struct balloon_dev_info *b_dev_info) continue; } #endif - spin_lock_irqsave(&b_dev_info->pages_lock, flags); balloon_page_delete(page); - spin_unlock_irqrestore(&b_dev_info->pages_lock, flags); unlock_page(page); dequeued_page = true; break;
BugLink: http://bugs.launchpad.net/bugs/1598197 Fix the nested spinlock() in balloon_page_dequeue() which would cause the deadlock and the following coredump while deflating the balloon: [ 106.604006] NMI backtrace for cpu 0 [ 106.604006] CPU: 0 PID: 231 Comm: vballoon Not tainted 3.13.0-91-generic #138-Ubuntu [ 106.604006] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 [ 106.604006] task: ffff8801353d4800 ti: ffff880134c20000 task.ti: ffff880134c20000 [ 106.604006] RIP: 0010:[<ffffffff817319b7>] [<ffffffff817319b7>] _raw_spin_lock_irqsave+0x47/0x60 [ 106.604006] RSP: 0018:ffff880134c21dc8 EFLAGS: 00000002 [ 106.604006] RAX: 000000000000025e RBX: ffffea00014323c0 RCX: 0000000000005ee2 [ 106.604006] RDX: 0000000000005ee0 RSI: 0000000000005ee2 RDI: ffff880138e649d8 [ 106.604006] RBP: ffff880134c21dc8 R08: 0000000000000002 R09: 000000000000002f [ 106.604006] R10: 0000000000000004 R11: 0000000000000005 R12: ffff880138e649d8 [ 106.604006] R13: ffff880138e649c0 R14: ffffea0001432380 R15: 0000000000000206 [ 106.604006] FS: 0000000000000000(0000) GS:ffff88013b200000(0000) knlGS:0000000000000000 [ 106.604006] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b [ 106.604006] CR2: 0000000001a94a58 CR3: 00000000a9d59000 CR4: 00000000000006f0 [ 106.604006] Stack: [ 106.604006] ffff880134c21e00 ffffffff81176748 ffff88013536b800 0000000000000100 [ 106.604006] ffff880138e649c0 0000000000000000 ffff88013536b820 ffff880134c21e40 [ 106.604006] ffffffff8143539f ffff88013536b868 ffff88013536b800 fffffffffff7d090 [ 106.604006] Call Trace: [ 106.604006] [<ffffffff81176748>] balloon_page_dequeue+0x78/0x140 [ 106.604006] [<ffffffff8143539f>] leak_balloon+0x7f/0x110 [ 106.604006] [<ffffffff81435776>] balloon+0x166/0x2a0 [ 106.604006] [<ffffffff810adad0>] ? prepare_to_wait_event+0x100/0x100 [ 106.604006] [<ffffffff81435610>] ? update_balloon_stats+0xf0/0xf0 [ 106.604006] [<ffffffff8108dc79>] kthread+0xc9/0xe0 [ 106.604006] [<ffffffff8108dbb0>] ? kthread_create_on_node+0x1c0/0x1c0 [ 106.604006] [<ffffffff8173a3e8>] ret_from_fork+0x58/0x90 [ 106.604006] [<ffffffff8108dbb0>] ? kthread_create_on_node+0x1c0/0x1c0 Signed-off-by: Gavin Guo <gavin.guo@canonical.com> --- mm/balloon_compaction.c | 2 -- 1 file changed, 2 deletions(-)