[0/2] Fix hugetlb free path race with memory errors

Message ID	20230711220942.43706-1-mike.kravetz@oracle.com (mailing list archive)
Headers	show Return-Path: <owner-linux-mm@kvack.org> From: Mike Kravetz <mike.kravetz@oracle.com> To: linux-mm@kvack.org, linux-kernel@vger.kernel.org Cc: Jiaqi Yan <jiaqiyan@google.com>, Naoya Horiguchi <naoya.horiguchi@linux.dev>, Muchun Song <songmuchun@bytedance.com>, Miaohe Lin <linmiaohe@huawei.com>, Axel Rasmussen <axelrasmussen@google.com>, James Houghton <jthoughton@google.com>, Michal Hocko <mhocko@suse.com>, Andrew Morton <akpm@linux-foundation.org>, Mike Kravetz <mike.kravetz@oracle.com> Subject: [PATCH 0/2] Fix hugetlb free path race with memory errors Date: Tue, 11 Jul 2023 15:09:40 -0700 Message-ID: <20230711220942.43706-1-mike.kravetz@oracle.com> Content-Transfer-Encoding: 8bit Content-Type: text/plain MIME-Version: 1.0 Sender: owner-linux-mm@kvack.org Precedence: bulk
Series	Fix hugetlb free path race with memory errors \| expand [0/2] Fix hugetlb free path race with memory errors [1/2] hugetlb: Do not clear hugetlb dtor until allocating vmemmap [2/2] hugetlb: optimize update_and_free_pages_bulk to avoid lock cycles

Message ID

20230711220942.43706-1-mike.kravetz@oracle.com (mailing list archive)

Headers

From: Mike Kravetz <mike.kravetz@oracle.com>
To: linux-mm@kvack.org, linux-kernel@vger.kernel.org
Cc: Jiaqi Yan <jiaqiyan@google.com>,
        Naoya Horiguchi <naoya.horiguchi@linux.dev>,
        Muchun Song <songmuchun@bytedance.com>,
        Miaohe Lin <linmiaohe@huawei.com>,
        Axel Rasmussen <axelrasmussen@google.com>,
        James Houghton <jthoughton@google.com>,
 Michal Hocko <mhocko@suse.com>,
        Andrew Morton <akpm@linux-foundation.org>,
        Mike Kravetz <mike.kravetz@oracle.com>
Subject: [PATCH 0/2] Fix hugetlb free path race with memory errors
Date: Tue, 11 Jul 2023 15:09:40 -0700
Message-ID: <20230711220942.43706-1-mike.kravetz@oracle.com>
Content-Transfer-Encoding: 8bit
Content-Type: text/plain
MIME-Version: 1.0
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 
 BSutvyqLlHVag+LhE90eBxDqZqxTk++Qu9of8uq5ljdFleiPVKZAOPh0dI0pvpNTgylgULa/JmqQT9nsHe3NjnqN3EC5YyyASXrP1JcGZcB9qCxWx9A5tFH/CMzUXrhmByYwi3S0mNy0JB7eilaBL1uK+scz0HjaMvT2CZCzCzkkYPa6w5AZhOncXFxH6rkOgHXdXRmmReMN9A2xpVmwLF2kNwD/h9XYieuvwrJJUS3sWj3mGJjuzRBRi0KIhP6XdNuYvj1kj6jcXrcW/ZkPA6GeMuRsgfgtO3yksF2+PdaligM8ELHH9zTAm1lyutArnWr5kN7vc2Ac40g5nlgRhifmSmz+YX+ovc/zCERn05oywM1whwoUQy1txZGol4oJe9wI9JV5G9Fj0j+F34WyzYLwpB5DpLi+fMOACA/Bvy7dxWHM9QwxMut+3T5qZZLvVxEjHZMHkdPf/M4iEp3T+PA07hSD+JDnEWuL7Y3LXE9ZWIugXZaHyX5hfeWj4PkspiPDPKyq7J4h9jcLiHZ/cBG/DT5UJ7KdtXRe+gg+nz0cyfzIsKYebJ7i5UJ2tN6rSQrqXUKV0b/XBpib9o+bycYOU0M5eENLzIqXJ/44sCdmW6oKy9Hm+W0pd0MdV8d4wKx90zOfjq8LBpEewVBvMD9T0N8OGMvCg0niE3f5LOTtfiNRtDhmqfC4doGdL/L/+lvVIN4Zd1lacmISPWZY5uabqd4Pwm8KuKeyR3a7vcqfoTvCKk153bcMjatD+tCKRiQJfgc6fNFMd8fef0/sFTGvlG1jvMpPb0h6DIW889WD3434hFZWVXUelja/YS3ZcZbVSQGHuk/nIDYLq9OE0M3InCVv3HVpaxbxt0AGy72wjKPOHk7UkXBt99TB5RfubybHm1b44mRQmvCLIATZUKCi6kGQHDUEX3qQDdYwCUhVOUqyqx/cDAuX3IoJGFGVn6cf5P/n/KNZ+q71oGkX230u8QZGdqnq/HEmwCQmfMqqIKwtdp2iYKqhVR4zndRNtmn98f+4npPy9aPNYc8c9rNrp6wRWL1Wun7qvot5Uit8kcRn1abHLxx3v3mmrEJZpalDsjz3MNxPjjQtZ83rBzRKPtMg0apGdMfzP1KPgbx2mRnlNSk2WIFYFJ9g0NC1DGOCfY3xBBoLS9XFz9eaMLyhef5ZTRjSX+HX6bkykKf2w87C6GuMxj6F6hhtJnO4lv2cOo5Qa+OCW4LUX3OsX46a6f29BaNbIjlEzmj7tZYQwh3r6awtOhjk0bXPRTRMQrw7fGnTqFqFm8SVnNIskcsJNDAXGth1LZTY2Z894Z0sh5yzBhoGsNh3aX3GGl1KdKBqfE2IkaI1biIGcUXlJJKtI/XgafTg09yQvIyq90oOvI1NBE8DjTeyqutkWYHvps87ctVjViIMwBK4DM5y/ftGD2H4pnw37a8EtiUqMCXCPfySX5te4EsDAnfb50TJqm2cY8+9YahJLNFCI8STcGyC5pwvy8SEOmzkvnIyiUlOOroM9n4QWm4Jj/BuGVv9T5ulqEvf9sqmmeNz03rjHB3/VKyvpwOOnqNP7KDpPdZtdGhkTj8roW3tY1oW6WNw
X-MS-Exchange-AntiSpam-ExternalHop-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-ExternalHop-MessageData-0: 
 6uppYHA4cHmvL0BFcpctk8tuH4otLTKn6mToeQssrH/Pa9oosGlOb0LJ0YK8Yp+oJ6PGsdxy/RKlyCEgNE8y/Ds2Np/0+CEKX8Pt8JgKn9ds3CEWGiJmsDjcTM4L3O7UJXZPVc9D/hswFp95onYFHXrBPDdt6ilph9SHGrCcR0eWO53U4uCz28zjWCFXgyjKO+9gLGFKdEDKpUuWgXz8dpIaKkeNXdydo8hbymAxt7AXi+MzFVIdds4kDqI6XY2EEP8rKW2Ft88JETXLDq2a+gv5A/e3lOuUvmH8lbSsr6ZAYNd8A6YrDF6AaSFih69KvUg14sy0tw3czxQL1bwE8WU7Gfxb52fMdJ6c4/Y7rajbv4FVenU33uQEQXTmGfrTRw6MjEg8I/6HAr7mcbaC+CBPyLEGlBGOVD8xjZPkW4cy/Mq0lMjOObx3ysYs+GblMusEg2v0ZXEqcsFZxjyhqGuKaXVs5C8PabkEgg3m4x3lmDkDBTVwiRXxajfNObOf9H1QQrgP6RKNh1/HLCT3ICTF5AmU7zEb54c4Fj62v4IbAr1F1wTU0lsP1mfZxYksWvF0NRa5ngSLFRJPB6M3v/9n/vaHQBXBYnH1lNfEjcuU4HpEdb0NeHH4meDPDxYoC9qU0EW0J4JSM1hUbnLQnmXHb3fg6mkzpF9MqSyyXiNtHzwJkY3mHgamezMP6dyofSFfs3mI8V9S6kdwQ2MtekDl6NWkmt65iQ0SekE/PnADRnL5+DAYnOpV1HmrZeXPXIAljkwoRhDalqQPHMtpBhpESAFJFkZVthN65a0sftGghkMwxamfUZEUnRkcrwg2+j39tKK/4AqhN1E4sHq2F6nJEGeD+NspX0uFFGzq+R+eRKv7T4uQ0hwJ6xlW1RDQgkxlYtGG5VyMGnxapdZlMeXb9nFlEgsQ4mdJavmAJK9jH1BxlrEjoMYH2yKAav9ypU0WntMm1QQd4vB6NTRm+z4EChm2Wk1vwSJSKXUZxr6dqr7CdNBxr4C4dZ0Rgjej
X-OriginatorOrg: oracle.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 f62f98c8-baff-4daf-001b-08db825b8a56
X-MS-Exchange-CrossTenant-AuthSource: BY5PR10MB4196.namprd10.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 Jul 2023 22:09:47.8809
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 4e2c6054-71cb-48f1-bd6c-3a9705aca71b
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 
 xIQJPvJ/vvnsHegJk5LUWKGbKFBdq3lN+s5lV0XnACjOeBfjUipLzMu/okawDH4iya1QcuumPKQFl8FsFZ3tVQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR10MB4775
X-Proofpoint-Virus-Version: vendor=baseguard
 engine=ICAP:2.0.254,Aquarius:18.0.957,Hydra:6.0.591,FMLib:17.11.176.26
 definitions=2023-07-11_12,2023-07-11_01,2023-05-22_02
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 adultscore=0
 mlxscore=0 bulkscore=0
 suspectscore=0 spamscore=0 phishscore=0 mlxlogscore=666 malwarescore=0
 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2305260000
 definitions=main-2307110202
X-Proofpoint-ORIG-GUID: S4eklLHOpZhgZTPti2dzdBTAtnc_E8ql
X-Proofpoint-GUID: S4eklLHOpZhgZTPti2dzdBTAtnc_E8ql
X-Rspamd-Queue-Id: 6DCF11A0003
X-Rspam-User: 
X-Stat-Signature: bb9rf37k98ct4i6s1muci5cgfc7udmcd
X-Rspamd-Server: rspam01
X-HE-Tag: 1689113416-489582
X-HE-Meta: 
 U2FsdGVkX1+OH8L0twbSxp4X7lRCCd9DJqnj2Ta7PYPwyPjhdpnuquRJZ0ynJXAUMKhiVyvpHaI3byT8Gjid1q+H0Q9R5wLpZS2YUx7RyPk9F7sNHdvMWBWMdCK6fE6uqdhNDZZMqgrnz/fmTU8Wj34HbySnjSdDfsrfCDi+V7xz11T4wdw7j2BujsgCi1N7+DuTyt0PxMoRgfvet2h3Z6a5LaIkvUKqbz2feWbBDGOLQYlcZ+EsG+0WOQ3moU6utQWFmk7blk4VkM3LFZkUOvGiQB5D8sOPjaBnMWm2DhMHkJt3a8GerlEqTpnmSqpqAmrI7uOsdHRNsOIRM6MiNL58L0j2XkZR2uv5VI0qQLreXMxd44zz9WWb0FG5j91mBRqYiJBFsNIMR0pwllerdcBPvsFeaYSzvxEG+StP0w6C87aKQ0u8Ogn37I/hKJSiZ6B+ZPPV9MxJjUDdhtTQ08dQntzp6Z3+BZyM2KxBGjKKTSzWbPcOOIavC22yBj/XXhUlrFbo2c2lM8xyKO9cER2ayAJtotACQKtNDVd1RH19rcLFqoNXRsFdAzQfF4gxeMEH5y9d/ajWncFAo6iFrp8aiUEeNwEsxpTKbhR9KiSVhdHfkCVtCh8x0qBoFuuvsWZitENjb25yc0gQvbPisbcIx42q/0qofomNiUiI+RgFwaRbu0O9FWXjB90vF1btK2zx8g4FoAnFdVbGBrxbIkq3ZPucum7k3sPOBzSlU/TuNmYZfRuNIFzJqGoY6U7MPHALAY7m7mbjM5OjYd91iol3IguHtDnFkFvGSXgkkObi/XfchCHbIwfDdl7f8ZDuGTVNM79M7zlnrupES/o3WgMlGJCJa4/ULx9jsIWPqFNkH+oCL3RkrEcgelvrD7z3mPLbU3Z1MdEf/79rtzkn5m4dKf/XdXfC6HliQxnYULRvtSYdXww0PD946PeGWiV0BWFWcoGk3K9OUlF+FyH
 tVzu9Nxx
 P3zh3u9dHfJPyTY5xonJcb4U063lS7BEoBeH3BBfsvD5IxQpsZi/YtqU88NyM/+gU29go+rFx17MtWHYf47QWiMHwzT1hw0iHT1hGUFzXiQykFtobZ0dIqvJFfBgNfu9bkCtql6pMs2viaErb6VJgFmIu5CUJr+o6pawUiWPgkv8pzWz4fc2S0vBwc10nFa6Z7J/VlhnDcF0w88HpOU4xtwwccbXc9HuL3NXBiW/U3Ise6FCpUZ2f1PlrcVaDjFEMmcmnKtI8r2tPxqAXpJCfoi0AnW1e/FcH9a5JRGfltZ4DJkhrgBtMhtpxq/qqE5M+KhZsmZkq/jL4BfVBQOsMWrKFbbtmV2KVZzo2/9MpcI4H98/IyXW7SVpXrHvFuHsIT1QbM0xXetUdAv1Cjw+9Vb6aePBM22exVmvs
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

Series

Fix hugetlb free path race with memory errors | expand

Message

Mike Kravetz July 11, 2023, 10:09 p.m. UTC

In the discussion of Jiaqi Yan's series "Improve hugetlbfs read on
HWPOISON hugepages" the race window was discovered.
https://lore.kernel.org/linux-mm/20230616233447.GB7371@monkey/

Freeing a hugetlb page back to low level memory allocators is performed
in two steps.
1) Under hugetlb lock, remove page from hugetlb lists and clear destructor
2) Outside lock, allocate vmemmap if necessary and call low level free
Between these two steps, the hugetlb page will appear as a normal
compound page.  However, vmemmap for tail pages could be missing.
If a memory error occurs at this time, we could try to update page
flags non-existant page structs.

A much more detailed description is in the first patch.

The first patch addresses the race window.  However, it adds a
hugetlb_lock lock/unlock cycle to every vmemmap optimized hugetlb
page free operation.  This could lead to slowdowns if one is freeing
a large number of hugetlb pages.

The second path optimizes the update_and_free_pages_bulk routine
to only take the lock once in bulk operations.

The second patch is technically not a bug fix, but includes a Fixes
tag and Cc stable to avoid a performance regression.  It can be
combined with the first, but was done separately make reviewing easier.

Mike Kravetz (2):
  hugetlb: Do not clear hugetlb dtor until allocating vmemmap
  hugetlb: optimize update_and_free_pages_bulk to avoid lock cycles

 mm/hugetlb.c | 110 +++++++++++++++++++++++++++++++++++++++------------
 1 file changed, 85 insertions(+), 25 deletions(-)

Comments

Andrew Morton July 13, 2023, 5:34 p.m. UTC | #1

On Tue, 11 Jul 2023 15:09:40 -0700 Mike Kravetz <mike.kravetz@oracle.com> wrote:

> In the discussion of Jiaqi Yan's series "Improve hugetlbfs read on
> HWPOISON hugepages" the race window was discovered.
> https://lore.kernel.org/linux-mm/20230616233447.GB7371@monkey/
> 
> Freeing a hugetlb page back to low level memory allocators is performed
> in two steps.
> 1) Under hugetlb lock, remove page from hugetlb lists and clear destructor
> 2) Outside lock, allocate vmemmap if necessary and call low level free
> Between these two steps, the hugetlb page will appear as a normal
> compound page.  However, vmemmap for tail pages could be missing.
> If a memory error occurs at this time, we could try to update page
> flags non-existant page structs.
> 
> A much more detailed description is in the first patch.
> 
> The first patch addresses the race window.  However, it adds a
> hugetlb_lock lock/unlock cycle to every vmemmap optimized hugetlb
> page free operation.  This could lead to slowdowns if one is freeing
> a large number of hugetlb pages.
> 
> The second path optimizes the update_and_free_pages_bulk routine
> to only take the lock once in bulk operations.
> 
> The second patch is technically not a bug fix, but includes a Fixes
> tag and Cc stable to avoid a performance regression.  It can be
> combined with the first, but was done separately make reviewing easier.
> 

I feel that backporting performance improvements into -stable is not a
usual thing to do.  Perhaps the fact that it's a regression fix changes
this, but why?

Much hinges on the magnitude of the performance change.  Are you able
to quantify this at all?