BACKPORT: mm: remove folio from deferred split list before uncharging it
When freeing a large folio, we must remove it from the deferred split list before we uncharge it as each memcg has its own deferred split list (with associated lock) and removing a folio from the deferred split list while holding the wrong lock will corrupt that list and cause various related problems. Link: https://lore.kernel.org/linux-mm/367a14f7-340e-4b29-90ae-bc3fcefdd5f4@arm.com/ Link: https://lkml.kernel.org/r/20240311191835.312162-1-willy@infradead.org Fixes: f77171d2 (mm: allow non-hugetlb large folios to be batch processed) Fixes: 29f38430 (mm: free folios directly in move_folios_to_lru()) Fixes: bc2ff4cb (mm: free folios in a batch in shrink_folio_list()) Signed-off-by:Matthew Wilcox (Oracle) <willy@infradead.org> Debugged-by:
Ryan Roberts <ryan.roberts@arm.com> Tested-by:
Andrew Morton <akpm@linux-foundation.org> (cherry picked from commit 47932e70) [ Drop changes to shrink_folio_list() and move_folios_to_lru() in mm/vmscan.c since they both call destroy_large_folio() which removes the folio from the deferred split list - Kalesh Singh ] [ Use folio_unqueue_deferred_split() instead of folio_undo_large_unmappable(); which also performs the necessary large folio checks - Kalesh Singh ] Bug: 419599659 Signed-off-by:
Kalesh Singh <kaleshsingh@google.com> Change-Id: I012dfb4c33678bb1e8a546a6dc78a0227858aa5b (cherry picked from commit 6dbb3c2e) Fixes: 3a8faa5b (BACKPORT: mm/thp: fix deferred split unqueue naming and locking) [ Resolved a minor conflict. Pick this commit to resolve the following warning - Pengfei Li ] [ 33.756689] ------------[ cut here ]------------ [ 33.757362] WARNING: CPU: 7 PID: 112 at mm/memcontrol.c:7358 uncharge_folio+0x308/0x4d4 [ 33.759394] Modules linked in: [ 33.761530] CPU: 7 PID: 112 Comm: sh Not tainted 6.6.89-gb40044b65f25 #13 [ 33.762362] Hardware name: linux,dummy-virt (DT) [ 33.763240] pstate: 21400005 (nzCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--) [ 33.763906] pc : uncharge_folio+0x308/0x4d4 [ 33.764324] lr : uncharge_folio+0x1b4/0x4d4 [ 33.764736] sp : ffffffc0804d37a0 [ 33.765082] x29: ffffffc0804d37a0 x28: 000000000000000f x27: ffffffe9beed9000 [ 33.766090] x26: 0000000000000000 x25: ffffffc0804d3840 x24: fffffffe030022c8 [ 33.766765] x23: fffffffe003492c8 x22: 0000000000000000 x21: ffffffc0804d37d0 [ 33.767421] x20: fffffffe000a6b00 x19: ffffff8002cfa000 x18: ffffff8006fe0000 [ 33.768077] x17: 00000000005f6000 x16: 0000000000000002 x15: 0000000000605fff [ 33.768733] x14: fffffffe03002288 x13: fffffffe00349348 x12: ffffff8002cfb000 [ 33.769387] x11: 000000000000000a x10: 000000000000000c x9 : 0000000100000000 [ 33.770123] x8 : 0000000100000000 x7 : ffffffe9beb5214e x6 : ffffffc0804d382c [ 33.770768] x5 : 0000000000000010 x4 : 00000000ffffffff x3 : ffffff8002cfa8b0 [ 33.771412] x2 : fffffffe000a6b90 x1 : 0000000000000000 x0 : 0000000000000001 [ 33.772331] Call trace: [ 33.773206] uncharge_folio+0x308/0x4d4 [ 33.774055] __mem_cgroup_uncharge_list+0x48/0x90 [ 33.774600] folios_put_refs+0x470/0x5fc [ 33.774982] release_pages+0xe0/0x148 [ 33.775322] free_pages_and_swap_cache+0x58/0x6c [ 33.775739] tlb_flush_mmu+0x90/0x120 [ 33.776089] tlb_finish_mmu+0x48/0xb0 [ 33.776431] exit_mmap+0x1a4/0x50c [ 33.776763] __mmput+0x44/0x15c [ 33.777068] mmput+0x34/0x160 [ 33.777361] exit_mm+0x98/0x17c [ 33.777665] do_exit+0x228/0xa08 [ 33.777969] trace_android_vh_do_group_exit+0x0/0x90 [ 33.778395] get_signal+0x750/0x864 [ 33.778722] do_notify_resume+0x114/0xf1c [ 33.779088] el0_svc+0x60/0x64 [ 33.779396] el0t_64_sync_handler+0x90/0xfc [ 33.779764] el0t_64_sync+0x190/0x194 Cc: Kalesh Singh <kaleshsingh@google.com> Bug: 434908246 Signed-off-by:
Pengfei Li <pengfei.kernel@vivo.corp-partner.google.com>
Loading
Please sign in to comment