Re: [patch ]mm/zs_malloc: Fix bit spinlock replacement
On Mon, 2016-10-17 at 17:15 +0200, Sebastian Andrzej Siewior wrote: > On 2016-10-16 05:18:03 [+0200], Mike Galbraith wrote: > > > > Do not alter HANDLE_SIZE, memory corruption ensues. The handle is > > a pointer, allocate space for the struct it points to and align it > > ZS_ALIGN. Also, when accessing the struct, mask HANDLE_PIN_BIT. > > So this is to merged / folded into "mm/zsmalloc: Use get/put_cpu_light > in zs_map_object()/zs_unmap_object()" which I re-did for v4.8? Yeah. > How was this tested? Latest LTP. You need latest, else it'll abort early. > I have: >CONFIG_FRONTSWAP=y ># CONFIG_CMA is not set >CONFIG_ZSWAP=y >CONFIG_ZPOOL=y >CONFIG_ZBUD=m >CONFIG_Z3FOLD=m >CONFIG_ZSMALLOC=m ># CONFIG_PGTABLE_MAPPING is not set >CONFIG_ZSMALLOC_STAT=y > > and > ># cat /sys/module/zswap/parameters/enabled >Y >cat /sys/module/zswap/parameters/zpool >zbud ># cat /sys/module/zswap/parameters/compressor >lzo ># cat /sys/module/zswap/parameters/max_pool_percent >20 > > and I do have 1GiB of swap on /dev/vdc. While I get swap to be used, I > see no firework. Is there something wrong with my setup? I would assume > so due to the lack of the fireworks on my side… Run the ltp testcase, and you'll meet the below every time. It'll write 23 time, then explode. [ 117.527727] zram: Added device: zram0 [ 132.913046] SFW2-INext-DROP-DEFLT IN=br0 OUT= MAC= SRC=fe80::::d63d:7eff:fefc:4f09 DST=ff02:::::::00fb LEN=138 TC=0 HOPLIMIT=255 FLOWLBL=240223 PROTO=UDP SPT=5353 DPT=5353 LEN=98 [ 145.205893] loop: module loaded [ 145.388652] zram0: detected capacity change from 0 to 536870912 [ 146.096042] BUG: unable to handle kernel paging request at 880389fa [ 146.096045] IP: [] memcpy_erms+0x6/0x10 [ 146.096046] PGD 2ded067 PUD 3f8f52063 PMD 38befc063 PTE 800389fa0161 [ 146.096048] Oops: 0003 [#1] PREEMPT SMP [ 146.096050] Dumping ftrace buffer: [ 146.096053](ftrace buffer empty) [ 146.096064] Modules linked in: loop(E) zram(E) ebtable_filter(E) ebtables(E) fuse(E) nf_log_ipv6(E) xt_pkttype(E) xt_physdev(E) br_netfilter(E) nf_log_ipv4(E) nf_log_common(E) xt_LOG(E) xt_limit(E) af_packet(E) bridge(E) stp(E) llc(E) iscsi_ibft(E) iscsi_boot_sysfs(E) ip6t_REJECT(E) xt_tcpudp(E) nf_conntrack_ipv6(E) nf_defrag_ipv6(E) ip6table_raw(E) ipt_REJECT(E) iptable_raw(E) xt_CT(E) iptable_filter(E) ip6table_mangle(E) nf_conntrack_netbios_ns(E) nf_conntrack_broadcast(E) nf_conntrack_ipv4(E) nf_defrag_ipv4(E) ip_tables(E) xt_conntrack(E) nf_conntrack(E) ip6table_filter(E) ip6_tables(E) x_tables(E) nls_iso8859_1(E) intel_rapl(E) nls_cp437(E) intel_powerclamp(E) coretemp(E) vfat(E) fat(E) kvm_intel(E) kvm(E) pl2303(E) usbserial(E) dm_mod(E) snd_hda_codec_hdmi(E) snd_hda_codec_realtek(E) snd_hda_codec_generic(E) [ 146.096077] snd_hda_intel(E) snd_hda_codec(E) irqbypass(E) sr_mod(E) cdrom(E) joydev(E) iTCO_wdt(E) crct10dif_pclmul(E) iTCO_vendor_support(E) crc32_pclmul(E) lpc_ich(E) mfd_core(E) ghash_clmulni_intel(E) aesni_intel(E) snd_hda_core(E) aes_x86_64(E) lrw(E) mei_me(E) mei(E) i2c_i801(E) gf128mul(E) i2c_smbus(E) pcspkr(E) shpchp(E) serio_raw(E) intel_smartconnect(E) tpm_infineon(E) battery(E) snd_hwdep(E) glue_helper(E) ablk_helper(E) snd_pcm(E) snd_timer(E) thermal(E) snd(E) nfsd(E) cryptd(E) fan(E) soundcore(E) auth_rpcgss(E) nfs_acl(E) lockd(E) grace(E) sunrpc(E) efivarfs(E) hid_logitech_hidpp(E) ext4(E) crc16(E) jbd2(E) mbcache(E) hid_logitech_dj(E) sd_mod(E) uas(E) usb_storage(E) hid_generic(E) usbhid(E) crc32c_intel(E) nouveau(E) wmi(E) i2c_algo_bit(E) drm_kms_helper(E) syscopyarea(E) sysfillrect(E) [ 146.096081] sysimgblt(E) ahci(E) ehci_pci(E) fb_sys_fops(E) libahci(E) xhci_pci(E) r8169(E) ehci_hcd(E) mii(E) ttm(E) xhci_hcd(E) libata(E) drm(E) usbcore(E) usb_common(E) fjes(E) video(E) button(E) sg(E) scsi_mod(E) autofs4(E) [ 146.096083] CPU: 1 PID: 4168 Comm: zram01 Tainted: GE 4.8.1-rt1-virgin_debug #6 [ 146.096083] Hardware name: MEDION MS-7848/MS-7848, BIOS M7848W08.20C 09/23/2013 [ 146.096084] task: 88038e763200 task.stack: 8803f7e4c000 [ 146.096085] RIP: 0010:[] [] memcpy_erms+0x6/0x10 [ 146.096085] RSP: 0018:8803f7e4f820 EFLAGS: 00010286 [ 146.096086] RAX: 880386d1a050 RBX: 880377d42b80 RCX: fcd7a000 [ 146.096086] RDX: ffb0 RSI: 880400551030 RDI: 880389fa [ 146.096086] RBP: 8803f7e4f870 R08: 88038e763200 R09: [ 146.096087] R10: 0004 R11: 0001 R12: 880375767000 [ 146.096087] R13: ea000df02d00 R14: 0080 R15: ffb0 [ 146.096088] FS: 7f8313fd4700() GS:88041ec4() knlGS: [ 146.096088] CS: 0010 DS: ES: CR0: 80050033 [ 146.096089] CR2: 880389fa CR3: 00037c627000 CR4: 001406e0 [ 146.096089] Stack: [ 146.096090] 8124bb53
Re: [patch ]mm/zs_malloc: Fix bit spinlock replacement
On Mon, 2016-10-17 at 17:15 +0200, Sebastian Andrzej Siewior wrote: > On 2016-10-16 05:18:03 [+0200], Mike Galbraith wrote: > > > > Do not alter HANDLE_SIZE, memory corruption ensues. The handle is > > a pointer, allocate space for the struct it points to and align it > > ZS_ALIGN. Also, when accessing the struct, mask HANDLE_PIN_BIT. > > So this is to merged / folded into "mm/zsmalloc: Use get/put_cpu_light > in zs_map_object()/zs_unmap_object()" which I re-did for v4.8? Yeah. > How was this tested? Latest LTP. You need latest, else it'll abort early. > I have: >CONFIG_FRONTSWAP=y ># CONFIG_CMA is not set >CONFIG_ZSWAP=y >CONFIG_ZPOOL=y >CONFIG_ZBUD=m >CONFIG_Z3FOLD=m >CONFIG_ZSMALLOC=m ># CONFIG_PGTABLE_MAPPING is not set >CONFIG_ZSMALLOC_STAT=y > > and > ># cat /sys/module/zswap/parameters/enabled >Y >cat /sys/module/zswap/parameters/zpool >zbud ># cat /sys/module/zswap/parameters/compressor >lzo ># cat /sys/module/zswap/parameters/max_pool_percent >20 > > and I do have 1GiB of swap on /dev/vdc. While I get swap to be used, I > see no firework. Is there something wrong with my setup? I would assume > so due to the lack of the fireworks on my side… Run the ltp testcase, and you'll meet the below every time. It'll write 23 time, then explode. [ 117.527727] zram: Added device: zram0 [ 132.913046] SFW2-INext-DROP-DEFLT IN=br0 OUT= MAC= SRC=fe80::::d63d:7eff:fefc:4f09 DST=ff02:::::::00fb LEN=138 TC=0 HOPLIMIT=255 FLOWLBL=240223 PROTO=UDP SPT=5353 DPT=5353 LEN=98 [ 145.205893] loop: module loaded [ 145.388652] zram0: detected capacity change from 0 to 536870912 [ 146.096042] BUG: unable to handle kernel paging request at 880389fa [ 146.096045] IP: [] memcpy_erms+0x6/0x10 [ 146.096046] PGD 2ded067 PUD 3f8f52063 PMD 38befc063 PTE 800389fa0161 [ 146.096048] Oops: 0003 [#1] PREEMPT SMP [ 146.096050] Dumping ftrace buffer: [ 146.096053](ftrace buffer empty) [ 146.096064] Modules linked in: loop(E) zram(E) ebtable_filter(E) ebtables(E) fuse(E) nf_log_ipv6(E) xt_pkttype(E) xt_physdev(E) br_netfilter(E) nf_log_ipv4(E) nf_log_common(E) xt_LOG(E) xt_limit(E) af_packet(E) bridge(E) stp(E) llc(E) iscsi_ibft(E) iscsi_boot_sysfs(E) ip6t_REJECT(E) xt_tcpudp(E) nf_conntrack_ipv6(E) nf_defrag_ipv6(E) ip6table_raw(E) ipt_REJECT(E) iptable_raw(E) xt_CT(E) iptable_filter(E) ip6table_mangle(E) nf_conntrack_netbios_ns(E) nf_conntrack_broadcast(E) nf_conntrack_ipv4(E) nf_defrag_ipv4(E) ip_tables(E) xt_conntrack(E) nf_conntrack(E) ip6table_filter(E) ip6_tables(E) x_tables(E) nls_iso8859_1(E) intel_rapl(E) nls_cp437(E) intel_powerclamp(E) coretemp(E) vfat(E) fat(E) kvm_intel(E) kvm(E) pl2303(E) usbserial(E) dm_mod(E) snd_hda_codec_hdmi(E) snd_hda_codec_realtek(E) snd_hda_codec_generic(E) [ 146.096077] snd_hda_intel(E) snd_hda_codec(E) irqbypass(E) sr_mod(E) cdrom(E) joydev(E) iTCO_wdt(E) crct10dif_pclmul(E) iTCO_vendor_support(E) crc32_pclmul(E) lpc_ich(E) mfd_core(E) ghash_clmulni_intel(E) aesni_intel(E) snd_hda_core(E) aes_x86_64(E) lrw(E) mei_me(E) mei(E) i2c_i801(E) gf128mul(E) i2c_smbus(E) pcspkr(E) shpchp(E) serio_raw(E) intel_smartconnect(E) tpm_infineon(E) battery(E) snd_hwdep(E) glue_helper(E) ablk_helper(E) snd_pcm(E) snd_timer(E) thermal(E) snd(E) nfsd(E) cryptd(E) fan(E) soundcore(E) auth_rpcgss(E) nfs_acl(E) lockd(E) grace(E) sunrpc(E) efivarfs(E) hid_logitech_hidpp(E) ext4(E) crc16(E) jbd2(E) mbcache(E) hid_logitech_dj(E) sd_mod(E) uas(E) usb_storage(E) hid_generic(E) usbhid(E) crc32c_intel(E) nouveau(E) wmi(E) i2c_algo_bit(E) drm_kms_helper(E) syscopyarea(E) sysfillrect(E) [ 146.096081] sysimgblt(E) ahci(E) ehci_pci(E) fb_sys_fops(E) libahci(E) xhci_pci(E) r8169(E) ehci_hcd(E) mii(E) ttm(E) xhci_hcd(E) libata(E) drm(E) usbcore(E) usb_common(E) fjes(E) video(E) button(E) sg(E) scsi_mod(E) autofs4(E) [ 146.096083] CPU: 1 PID: 4168 Comm: zram01 Tainted: GE 4.8.1-rt1-virgin_debug #6 [ 146.096083] Hardware name: MEDION MS-7848/MS-7848, BIOS M7848W08.20C 09/23/2013 [ 146.096084] task: 88038e763200 task.stack: 8803f7e4c000 [ 146.096085] RIP: 0010:[] [] memcpy_erms+0x6/0x10 [ 146.096085] RSP: 0018:8803f7e4f820 EFLAGS: 00010286 [ 146.096086] RAX: 880386d1a050 RBX: 880377d42b80 RCX: fcd7a000 [ 146.096086] RDX: ffb0 RSI: 880400551030 RDI: 880389fa [ 146.096086] RBP: 8803f7e4f870 R08: 88038e763200 R09: [ 146.096087] R10: 0004 R11: 0001 R12: 880375767000 [ 146.096087] R13: ea000df02d00 R14: 0080 R15: ffb0 [ 146.096088] FS: 7f8313fd4700() GS:88041ec4() knlGS: [ 146.096088] CS: 0010 DS: ES: CR0: 80050033 [ 146.096089] CR2: 880389fa CR3: 00037c627000 CR4: 001406e0 [ 146.096089] Stack: [ 146.096090] 8124bb53
Re: [patch ]mm/zs_malloc: Fix bit spinlock replacement
On 2016-10-16 05:18:03 [+0200], Mike Galbraith wrote: > > Do not alter HANDLE_SIZE, memory corruption ensues. The handle is > a pointer, allocate space for the struct it points to and align it > ZS_ALIGN. Also, when accessing the struct, mask HANDLE_PIN_BIT. So this is to merged / folded into "mm/zsmalloc: Use get/put_cpu_light in zs_map_object()/zs_unmap_object()" which I re-did for v4.8? How was this tested? I have: CONFIG_FRONTSWAP=y # CONFIG_CMA is not set CONFIG_ZSWAP=y CONFIG_ZPOOL=y CONFIG_ZBUD=m CONFIG_Z3FOLD=m CONFIG_ZSMALLOC=m # CONFIG_PGTABLE_MAPPING is not set CONFIG_ZSMALLOC_STAT=y and # cat /sys/module/zswap/parameters/enabled Y cat /sys/module/zswap/parameters/zpool zbud # cat /sys/module/zswap/parameters/compressor lzo # cat /sys/module/zswap/parameters/max_pool_percent 20 and I do have 1GiB of swap on /dev/vdc. While I get swap to be used, I see no firework. Is there something wrong with my setup? I would assume so due to the lack of the fireworks on my side… > Signed-off-by: Mike GalbraithSebastian
Re: [patch ]mm/zs_malloc: Fix bit spinlock replacement
On 2016-10-16 05:18:03 [+0200], Mike Galbraith wrote: > > Do not alter HANDLE_SIZE, memory corruption ensues. The handle is > a pointer, allocate space for the struct it points to and align it > ZS_ALIGN. Also, when accessing the struct, mask HANDLE_PIN_BIT. So this is to merged / folded into "mm/zsmalloc: Use get/put_cpu_light in zs_map_object()/zs_unmap_object()" which I re-did for v4.8? How was this tested? I have: CONFIG_FRONTSWAP=y # CONFIG_CMA is not set CONFIG_ZSWAP=y CONFIG_ZPOOL=y CONFIG_ZBUD=m CONFIG_Z3FOLD=m CONFIG_ZSMALLOC=m # CONFIG_PGTABLE_MAPPING is not set CONFIG_ZSMALLOC_STAT=y and # cat /sys/module/zswap/parameters/enabled Y cat /sys/module/zswap/parameters/zpool zbud # cat /sys/module/zswap/parameters/compressor lzo # cat /sys/module/zswap/parameters/max_pool_percent 20 and I do have 1GiB of swap on /dev/vdc. While I get swap to be used, I see no firework. Is there something wrong with my setup? I would assume so due to the lack of the fireworks on my side… > Signed-off-by: Mike Galbraith Sebastian
[patch ]mm/zs_malloc: Fix bit spinlock replacement
Do not alter HANDLE_SIZE, memory corruption ensues. The handle is a pointer, allocate space for the struct it points to and align it ZS_ALIGN. Also, when accessing the struct, mask HANDLE_PIN_BIT. Signed-off-by: Mike Galbraith--- mm/zsmalloc.c | 13 - 1 file changed, 8 insertions(+), 5 deletions(-) --- a/mm/zsmalloc.c +++ b/mm/zsmalloc.c @@ -71,6 +71,8 @@ #define ZS_MAX_ZSPAGE_ORDER 2 #define ZS_MAX_PAGES_PER_ZSPAGE (_AC(1, UL) << ZS_MAX_ZSPAGE_ORDER) +#define ZS_HANDLE_SIZE (sizeof(unsigned long)) + #ifdef CONFIG_PREEMPT_RT_BASE struct zsmalloc_handle { @@ -78,11 +80,11 @@ struct zsmalloc_handle { struct mutex lock; }; -#define ZS_HANDLE_SIZE (sizeof(struct zsmalloc_handle)) +#define ZS_HANDLE_ALLOC_SIZE (sizeof(struct zsmalloc_handle)) #else -#define ZS_HANDLE_SIZE (sizeof(unsigned long)) +#define ZS_HANDLE_ALLOC_SIZE ZS_HANDLE_SIZE #endif /* @@ -339,8 +341,9 @@ static void SetZsPageMovable(struct zs_p static int create_cache(struct zs_pool *pool) { - pool->handle_cachep = kmem_cache_create("zs_handle", ZS_HANDLE_SIZE, - 0, 0, NULL); + pool->handle_cachep = kmem_cache_create("zs_handle", + ZS_HANDLE_ALLOC_SIZE, + ZS_ALIGN, 0, NULL); if (!pool->handle_cachep) return 1; @@ -380,7 +383,7 @@ static unsigned long cache_alloc_handle( #ifdef CONFIG_PREEMPT_RT_BASE static struct zsmalloc_handle *zs_get_pure_handle(unsigned long handle) { - return (void *)(handle &~((1 << OBJ_TAG_BITS) - 1)); + return (void *)(handle & ~BIT(HANDLE_PIN_BIT)); } #endif
[patch ]mm/zs_malloc: Fix bit spinlock replacement
Do not alter HANDLE_SIZE, memory corruption ensues. The handle is a pointer, allocate space for the struct it points to and align it ZS_ALIGN. Also, when accessing the struct, mask HANDLE_PIN_BIT. Signed-off-by: Mike Galbraith --- mm/zsmalloc.c | 13 - 1 file changed, 8 insertions(+), 5 deletions(-) --- a/mm/zsmalloc.c +++ b/mm/zsmalloc.c @@ -71,6 +71,8 @@ #define ZS_MAX_ZSPAGE_ORDER 2 #define ZS_MAX_PAGES_PER_ZSPAGE (_AC(1, UL) << ZS_MAX_ZSPAGE_ORDER) +#define ZS_HANDLE_SIZE (sizeof(unsigned long)) + #ifdef CONFIG_PREEMPT_RT_BASE struct zsmalloc_handle { @@ -78,11 +80,11 @@ struct zsmalloc_handle { struct mutex lock; }; -#define ZS_HANDLE_SIZE (sizeof(struct zsmalloc_handle)) +#define ZS_HANDLE_ALLOC_SIZE (sizeof(struct zsmalloc_handle)) #else -#define ZS_HANDLE_SIZE (sizeof(unsigned long)) +#define ZS_HANDLE_ALLOC_SIZE ZS_HANDLE_SIZE #endif /* @@ -339,8 +341,9 @@ static void SetZsPageMovable(struct zs_p static int create_cache(struct zs_pool *pool) { - pool->handle_cachep = kmem_cache_create("zs_handle", ZS_HANDLE_SIZE, - 0, 0, NULL); + pool->handle_cachep = kmem_cache_create("zs_handle", + ZS_HANDLE_ALLOC_SIZE, + ZS_ALIGN, 0, NULL); if (!pool->handle_cachep) return 1; @@ -380,7 +383,7 @@ static unsigned long cache_alloc_handle( #ifdef CONFIG_PREEMPT_RT_BASE static struct zsmalloc_handle *zs_get_pure_handle(unsigned long handle) { - return (void *)(handle &~((1 << OBJ_TAG_BITS) - 1)); + return (void *)(handle & ~BIT(HANDLE_PIN_BIT)); } #endif