| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 12 Jan 2022 21:15:51 +0800
From: Dong Aisheng <aisheng.dong@....com>
To: linux-mm@...ck.org
Cc: linux-kernel@...r.kernel.org, linux-arm-kernel@...ts.infradead.org,
dongas86@...il.com, jason.hui.liu@....com, leoyang.li@....com,
abel.vesa@....com, shawnguo@...nel.org, linux-imx@....com,
akpm@...ux-foundation.org, m.szyprowski@...sung.com,
lecopzer.chen@...iatek.com, david@...hat.com, vbabka@...e.cz,
stable@...r.kernel.org, shijie.qin@....com,
Dong Aisheng <aisheng.dong@....com>
Subject: [PATCH v2 1/2] mm: cma: fix allocation may fail sometimes
We met dma_alloc_coherent() fail sometimes when doing 8 VPU decoder
test in parallel on a MX6Q SDB board.
Error log:
cma: cma_alloc: linux,cma: alloc failed, req-size: 148 pages, ret: -16
cma: number of available pages:
3@...+20@...+12@...+4@...+32@...+17@...7+23@...3+20@...76+99@...77+108@...52+44@...08+20@...96+108@...64+108@...20+
108@...00+108@...56+483@...61+1763@...41+1440@...12+20@...24+20@...88+5076@...52+2304@...40+35@...41+20@...20+20@...84+
7188@...48+84@...20+7276@...52+227@...25+6371@...49=> 33161 free of 81920 total pages
When issue happened, we saw there were still 33161 pages (129M) free CMA
memory and a lot available free slots for 148 pages in CMA bitmap that we
want to allocate.
If dumping memory info, we found that there was also ~342M normal memory,
but only 1352K CMA memory left in buddy system while a lot of pageblocks
were isolated.
Memory info log:
Normal free:351096kB min:30000kB low:37500kB high:45000kB reserved_highatomic:0KB
active_anon:98060kB inactive_anon:98948kB active_file:60864kB inactive_file:31776kB
unevictable:0kB writepending:0kB present:1048576kB managed:1018328kB mlocked:0kB
bounce:0kB free_pcp:220kB local_pcp:192kB free_cma:1352kB lowmem_reserve[]: 0 0 0
Normal: 78*4kB (UECI) 1772*8kB (UMECI) 1335*16kB (UMECI) 360*32kB (UMECI) 65*64kB (UMCI)
36*128kB (UMECI) 16*256kB (UMCI) 6*512kB (EI) 8*1024kB (UEI) 4*2048kB (MI) 8*4096kB (EI)
8*8192kB (UI) 3*16384kB (EI) 8*32768kB (M) = 489288kB
The root cause of this issue is that since commit a4efc174b382
("mm/cma.c: remove redundant cma_mutex lock"), CMA supports concurrent
memory allocation. It's possible that the pageblock process A try to alloc
has already been isolated by the allocation of process B during memory
migration.
When there're multi process allocating CMA memory in parallel, it's
likely that other the remain pageblocks may have also been isolated,
then CMA alloc fail finally during the first round of scanning of the
whole available CMA bitmap.
This patch introduces a retry mechanism to rescan CMA bitmap for -EBUSY
error in case the target pageblock may has been temporarily isolated
by others and released later.
Theoretically, this issue can be easily reproduced on ARMv7 platforms
with big MAX_ORDER/pageblock
e.g. 1G RAM(320M reserved CMA) and 32M pageblock ARM platform:
Page block order: 13
Pages per block: 8192
Cc: Andrew Morton <akpm@...ux-foundation.org>
Cc: Marek Szyprowski <m.szyprowski@...sung.com>
Cc: Lecopzer Chen <lecopzer.chen@...iatek.com>
Cc: David Hildenbrand <david@...hat.com>
Cc: Vlastimil Babka <vbabka@...e.cz>
CC: stable@...r.kernel.org # 5.11+
Fixes: a4efc174b382 ("mm/cma.c: remove redundant cma_mutex lock")
Signed-off-by: Dong Aisheng <aisheng.dong@....com>
---
ChangeLog:
* v1->v2: no changes
---
mm/cma.c | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/mm/cma.c b/mm/cma.c
index bc9ca8f3c487..1c13a729d274 100644
--- a/mm/cma.c
+++ b/mm/cma.c
@@ -433,6 +433,7 @@ struct page *cma_alloc(struct cma *cma, unsigned long count,
unsigned long i;
struct page *page = NULL;
int ret = -ENOMEM;
+ int loop = 0;
if (!cma || !cma->count || !cma->bitmap)
goto out;
@@ -460,6 +461,16 @@ struct page *cma_alloc(struct cma *cma, unsigned long count,
offset);
if (bitmap_no >= bitmap_maxno) {
spin_unlock_irq(&cma->lock);
+ pr_debug("%s(): alloc fail, retry loop %d\n", __func__, loop++);
+ /*
+ * rescan as others may finish the memory migration
+ * and quit if no available CMA memory found finally
+ */
+ if (start) {
+ schedule();
+ start = 0;
+ continue;
+ }
break;
}
bitmap_set(cma->bitmap, bitmap_no, bitmap_count);
--
2.25.1
Powered by blists - more mailing lists