[PATCH 3.18 25/52] hwpoison, memcg: forcibly uncharge LRU pages

Mon, 29 Jan 2018 12:18:42 -0800 

3.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Michal Hocko <mho...@suse.com>

commit 18365225f0440d09708ad9daade2ec11275c3df9 upstream.

Laurent Dufour has noticed that hwpoinsoned pages are kept charged.  In
his particular case he has hit a bad_page("page still charged to
cgroup") when onlining a hwpoison page.  While this looks like something
that shouldn't happen in the first place because onlining hwpages and
returning them to the page allocator makes only little sense it shows a
real problem.

hwpoison pages do not get freed usually so we do not uncharge them (at
least not since commit 0a31bc97c80c ("mm: memcontrol: rewrite uncharge
API")).  Each charge pins memcg (since e8ea14cc6ead ("mm: memcontrol:
take a css reference for each charged page")) as well and so the
mem_cgroup and the associated state will never go away.  Fix this leak
by forcibly uncharging a LRU hwpoisoned page in delete_from_lru_cache().
We also have to tweak uncharge_list because it cannot rely on zero ref
count for these pages.

[a...@linux-foundation.org: coding-style fixes]
Fixes: 0a31bc97c80c ("mm: memcontrol: rewrite uncharge API")
Link: http://lkml.kernel.org/r/20170502185507.gb19...@dhcp22.suse.cz
Signed-off-by: Michal Hocko <mho...@suse.com>
Reported-by: Laurent Dufour <lduf...@linux.vnet.ibm.com>
Tested-by: Laurent Dufour <lduf...@linux.vnet.ibm.com>
Reviewed-by: Balbir Singh <bsinghar...@gmail.com>
Reviewed-by: Naoya Horiguchi <n-horigu...@ah.jp.nec.com>
Signed-off-by: Andrew Morton <a...@linux-foundation.org>
Signed-off-by: Linus Torvalds <torva...@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gre...@linuxfoundation.org>

---
 mm/memcontrol.c     |    2 +-
 mm/memory-failure.c |    7 +++++++
 2 files changed, 8 insertions(+), 1 deletion(-)

--- a/mm/memcontrol.c
+++ b/mm/memcontrol.c
@@ -6500,7 +6500,7 @@ static void uncharge_list(struct list_he
                next = page->lru.next;
 
                VM_BUG_ON_PAGE(PageLRU(page), page);
-               VM_BUG_ON_PAGE(page_count(page), page);
+               VM_BUG_ON_PAGE(!PageHWPoison(page) && page_count(page), page);
 
                pc = lookup_page_cgroup(page);
                if (!PageCgroupUsed(pc))
--- a/mm/memory-failure.c
+++ b/mm/memory-failure.c
@@ -548,6 +548,13 @@ static int delete_from_lru_cache(struct
                 */
                ClearPageActive(p);
                ClearPageUnevictable(p);
+
+               /*
+                * Poisoned page might never drop its ref count to 0 so we have
+                * to uncharge it manually from its memcg.
+                */
+               mem_cgroup_uncharge(p);
+
                /*
                 * drop the page count elevated by isolate_lru_page()
                 */

Reply via email to