| Message ID | 20210311144117.1175073-1-cascardo@canonical.com |
|---|---|
| State | New |
| Headers | show |
| Series | [SRU,Groovy] UBUNTU: SAUCE: Revert "mm: memcg/slab: optimize objcg stock draining" | expand |
On 11.03.21 15:41, Thadeu Lima de Souza Cascardo wrote: > BugLink: https://bugs.launchpad.net/bugs/1918668 > > This reverts commit 482b2134fda0a74aff66147e777233caede3a0bc, which is commit > 3de7d4f25a7438f09fef4e71ef111f1805cd8e7c upstream. > > It is supposed to fix f2fe7b09a52b ("mm: memcg/slab: charge individual slab > objects instead of pages"), which is not present in groovy kernel at all. > > It leads to NULL pointer derefences like: > [ 10.012503] BUG: kernel NULL pointer dereference, address: 0000000000000518 > [ 10.030761] #PF: supervisor read access in kernel mode > [ 10.042518] #PF: error_code(0x0000) - not-present page > [ 10.050165] PGD 0 P4D 0 > [ 10.077050] Oops: 0000 [#1] SMP PTI > [ 10.081927] CPU: 0 PID: 516 Comm: kexec-load Tainted: G W 5.8.0-45-generic #51 > [ 10.092486] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-1 04/01/2014 > [ 10.103510] RIP: 0010:__mod_memcg_state.part.0+0xc/0x90 > > This is possibly caused by a refcount going past 0: > [ 5.792689] percpu ref (css_release) <= 0 (-81) after switching to atomic > [ 5.792747] WARNING: CPU: 2 PID: 24 at lib/percpu-refcount.c:161 percpu_ref_switch_to_atomic_rcu+0x147/0x160 > > Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com> Thanks Cascardo for catching the issue early! Acked-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com> > --- > mm/memcontrol.c | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > > diff --git a/mm/memcontrol.c b/mm/memcontrol.c > index fdfae074ac91..bf0fc20ae20b 100644 > --- a/mm/memcontrol.c > +++ b/mm/memcontrol.c > @@ -2936,7 +2936,9 @@ void __memcg_kmem_uncharge(struct mem_cgroup *memcg, unsigned int nr_pages) > if (!cgroup_subsys_on_dfl(memory_cgrp_subsys)) > page_counter_uncharge(&memcg->kmem, nr_pages); > > - refill_stock(memcg, nr_pages); > + page_counter_uncharge(&memcg->memory, nr_pages); > + if (do_memsw_account()) > + page_counter_uncharge(&memcg->memsw, nr_pages); > } > > /** >
Acked-by: Tim Gardner <tim.gardner@canonical.com> Seems pretty cut and dried. On 3/11/21 7:41 AM, Thadeu Lima de Souza Cascardo wrote: > BugLink: https://bugs.launchpad.net/bugs/1918668 > > This reverts commit 482b2134fda0a74aff66147e777233caede3a0bc, which is commit > 3de7d4f25a7438f09fef4e71ef111f1805cd8e7c upstream. > > It is supposed to fix f2fe7b09a52b ("mm: memcg/slab: charge individual slab > objects instead of pages"), which is not present in groovy kernel at all. > > It leads to NULL pointer derefences like: > [ 10.012503] BUG: kernel NULL pointer dereference, address: 0000000000000518 > [ 10.030761] #PF: supervisor read access in kernel mode > [ 10.042518] #PF: error_code(0x0000) - not-present page > [ 10.050165] PGD 0 P4D 0 > [ 10.077050] Oops: 0000 [#1] SMP PTI > [ 10.081927] CPU: 0 PID: 516 Comm: kexec-load Tainted: G W 5.8.0-45-generic #51 > [ 10.092486] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-1 04/01/2014 > [ 10.103510] RIP: 0010:__mod_memcg_state.part.0+0xc/0x90 > > This is possibly caused by a refcount going past 0: > [ 5.792689] percpu ref (css_release) <= 0 (-81) after switching to atomic > [ 5.792747] WARNING: CPU: 2 PID: 24 at lib/percpu-refcount.c:161 percpu_ref_switch_to_atomic_rcu+0x147/0x160 > > Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com> > --- > mm/memcontrol.c | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > > diff --git a/mm/memcontrol.c b/mm/memcontrol.c > index fdfae074ac91..bf0fc20ae20b 100644 > --- a/mm/memcontrol.c > +++ b/mm/memcontrol.c > @@ -2936,7 +2936,9 @@ void __memcg_kmem_uncharge(struct mem_cgroup *memcg, unsigned int nr_pages) > if (!cgroup_subsys_on_dfl(memory_cgrp_subsys)) > page_counter_uncharge(&memcg->kmem, nr_pages); > > - refill_stock(memcg, nr_pages); > + page_counter_uncharge(&memcg->memory, nr_pages); > + if (do_memsw_account()) > + page_counter_uncharge(&memcg->memsw, nr_pages); > } > > /** >
Applied to groovy master-next. Thank you! -Kelsey On 2021-03-11 11:41:17 , Thadeu Lima de Souza Cascardo wrote: > BugLink: https://bugs.launchpad.net/bugs/1918668 > > This reverts commit 482b2134fda0a74aff66147e777233caede3a0bc, which is commit > 3de7d4f25a7438f09fef4e71ef111f1805cd8e7c upstream. > > It is supposed to fix f2fe7b09a52b ("mm: memcg/slab: charge individual slab > objects instead of pages"), which is not present in groovy kernel at all. > > It leads to NULL pointer derefences like: > [ 10.012503] BUG: kernel NULL pointer dereference, address: 0000000000000518 > [ 10.030761] #PF: supervisor read access in kernel mode > [ 10.042518] #PF: error_code(0x0000) - not-present page > [ 10.050165] PGD 0 P4D 0 > [ 10.077050] Oops: 0000 [#1] SMP PTI > [ 10.081927] CPU: 0 PID: 516 Comm: kexec-load Tainted: G W 5.8.0-45-generic #51 > [ 10.092486] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-1 04/01/2014 > [ 10.103510] RIP: 0010:__mod_memcg_state.part.0+0xc/0x90 > > This is possibly caused by a refcount going past 0: > [ 5.792689] percpu ref (css_release) <= 0 (-81) after switching to atomic > [ 5.792747] WARNING: CPU: 2 PID: 24 at lib/percpu-refcount.c:161 percpu_ref_switch_to_atomic_rcu+0x147/0x160 > > Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com> > --- > mm/memcontrol.c | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > > diff --git a/mm/memcontrol.c b/mm/memcontrol.c > index fdfae074ac91..bf0fc20ae20b 100644 > --- a/mm/memcontrol.c > +++ b/mm/memcontrol.c > @@ -2936,7 +2936,9 @@ void __memcg_kmem_uncharge(struct mem_cgroup *memcg, unsigned int nr_pages) > if (!cgroup_subsys_on_dfl(memory_cgrp_subsys)) > page_counter_uncharge(&memcg->kmem, nr_pages); > > - refill_stock(memcg, nr_pages); > + page_counter_uncharge(&memcg->memory, nr_pages); > + if (do_memsw_account()) > + page_counter_uncharge(&memcg->memsw, nr_pages); > } > > /** > -- > 2.27.0 > > > -- > kernel-team mailing list > kernel-team@lists.ubuntu.com > https://lists.ubuntu.com/mailman/listinfo/kernel-team
diff --git a/mm/memcontrol.c b/mm/memcontrol.c index fdfae074ac91..bf0fc20ae20b 100644 --- a/mm/memcontrol.c +++ b/mm/memcontrol.c @@ -2936,7 +2936,9 @@ void __memcg_kmem_uncharge(struct mem_cgroup *memcg, unsigned int nr_pages) if (!cgroup_subsys_on_dfl(memory_cgrp_subsys)) page_counter_uncharge(&memcg->kmem, nr_pages); - refill_stock(memcg, nr_pages); + page_counter_uncharge(&memcg->memory, nr_pages); + if (do_memsw_account()) + page_counter_uncharge(&memcg->memsw, nr_pages); } /**
BugLink: https://bugs.launchpad.net/bugs/1918668 This reverts commit 482b2134fda0a74aff66147e777233caede3a0bc, which is commit 3de7d4f25a7438f09fef4e71ef111f1805cd8e7c upstream. It is supposed to fix f2fe7b09a52b ("mm: memcg/slab: charge individual slab objects instead of pages"), which is not present in groovy kernel at all. It leads to NULL pointer derefences like: [ 10.012503] BUG: kernel NULL pointer dereference, address: 0000000000000518 [ 10.030761] #PF: supervisor read access in kernel mode [ 10.042518] #PF: error_code(0x0000) - not-present page [ 10.050165] PGD 0 P4D 0 [ 10.077050] Oops: 0000 [#1] SMP PTI [ 10.081927] CPU: 0 PID: 516 Comm: kexec-load Tainted: G W 5.8.0-45-generic #51 [ 10.092486] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-1 04/01/2014 [ 10.103510] RIP: 0010:__mod_memcg_state.part.0+0xc/0x90 This is possibly caused by a refcount going past 0: [ 5.792689] percpu ref (css_release) <= 0 (-81) after switching to atomic [ 5.792747] WARNING: CPU: 2 PID: 24 at lib/percpu-refcount.c:161 percpu_ref_switch_to_atomic_rcu+0x147/0x160 Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com> --- mm/memcontrol.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-)