lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <245e6969-f45b-4d00-bf34-83da529cd3c1@kernel.org>
Date: Mon, 8 Dec 2025 20:29:19 +0100
From: "David Hildenbrand (Red Hat)" <david@...nel.org>
To: Aboorva Devarajan <aboorvad@...ux.ibm.com>,
 Andrew Morton <akpm@...ux-foundation.org>, gourry@...rry.net, mhocko@...e.com
Cc: vbabka@...e.cz, surenb@...gle.com, jackmanb@...gle.com,
 hannes@...xchg.org, ziy@...dia.com, linux-mm@...ck.org,
 linux-kernel@...r.kernel.org
Subject: Re: [PATCH] mm/page_alloc: make percpu_pagelist_high_fraction reads
 lock-free

On 12/8/25 18:30, Aboorva Devarajan wrote:
> On Mon, 2025-12-01 at 09:41 -0800, Andrew Morton wrote:
>> On Mon,  1 Dec 2025 11:30:09 +0530 Aboorva Devarajan <aboorvad@...ux.ibm.com> wrote:
>>
>>> When page isolation loops indefinitely during memory offline, reading
>>> /proc/sys/vm/percpu_pagelist_high_fraction blocks on pcp_batch_high_lock,
>>> causing hung task warnings.
>>
>> That's pretty bad behavior.
>>
>> I wonder if there are other problems which can be caused by this
>> lengthy hold time.
>>
>> It would be better to address the lengthy hold time rather that having
>> to work around it in one impacted site.
> 
> 
> Sorry for the delayed response, I spent some time recreating this issue.
> 
> 
> I've encountered this lengthy hold time several times during memory hot-unplug, with
> operations hanging indefinitely (20+ hours). It occurs intermittently, and it has
> different failure signatures, here's one example where isolation fails on a single
> slab page continuously:
> 
> ..
> [83310.373699] page dumped because: isolation failed
> [83310.373704] failed to isolate pfn 4dc68
> [83310.373708] page: refcount:2 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4dc68
> [83310.373714] flags: 0x23ffffe00000000(node=2|zone=0|lastcpupid=0x1fffff)
> [83310.373722] page_type: f5(slab)
> [83310.373727] raw: 023ffffe00000000 c0000028e001fa00 5deadbeef0000100 5deadbeef0000122
> [83310.373735] raw: 0000000000000000 0000000001e101e1 00000002f5000000 0000000000000000
> [83310.373741] page dumped because: isolation failed
> [83310.373749] failed to isolate pfn 4dc68
> [83310.373753] page: refcount:2 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4dc68
> [83310.373760] flags: 0x23ffffe00000000(node=2|zone=0|lastcpupid=0x1fffff)
> [83310.373767] page_type: f5(slab)
> [83310.373770] raw: 023ffffe00000000 c0000028e001fa00 5deadbeef0000100 5deadbeef0000122
> [83310.373774] raw: 0000000000000000 0000000001e101e1 00000002f5000000 0000000000000000
> [83310.373778] page dumped because: isolation failed
> [83310.373788] failed to isolate pfn 4dc68
> [83310.373791] page: refcount:2 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4dc68
> [83310.373794] flags: 0x23ffffe00000000(node=2|zone=0|lastcpupid=0x1fffff)
> [83310.373797] page_type: f5(slab)
> [83310.373799] raw: 023ffffe00000000 c0000028e001fa00 5deadbeef0000100 5deadbeef0000122
> [83310.373803] raw: 0000000000000000 0000000001e101e1 00000002f5000000 0000000000000000
> [83310.373809] page dumped because: isolation failed
> [83315.383370] do_migrate_range: 1098409 callbacks suppressed
> [83315.383377] failed to isolate pfn 4dc68
> [83315.383406] page: refcount:2 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4dc68
> [83315.383411] flags: 0x23ffffe00000000(node=2|zone=0|lastcpupid=0x1fffff)
> [83315.383416] page_type: f5(slab)
> [83315.383420] raw: 023ffffe00000000 c0000028e001fa00 5deadbeef0000100 5deadbeef0000122
> [83315.383423] raw: 0000000000000000 0000000001e101e1 00000002f5000000 0000000000000000
> [83315.383426] page dumped because: isolation failed
> [83315.383431] failed to isolate pfn 4dc68
> [83315.383433] page: refcount:2 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4dc68
> [83315.383442] flags: 0x23ffffe00000000(node=2|zone=0|lastcpupid=0x1fffff)
> [83315.383448] page_type: f5(slab)
> [83315.383454] raw: 023ffffe00000000 c0000028e001fa00 5deadbeef0000100 5deadbeef0000122
> [83315.383462] raw: 0000000000000000 0000000001e101e1 00000002f5000000 0000000000000000
> [83315.383470] page dumped because: isolation failed

When starting memory offlining we do a racy check whether memory 
offlining will succeed in has_unmovable_pages().

It's racy because briefly after the check, a kernel page could get 
allocated, before we isolate all the free pages.

I assume that's what happened here.

But even performing another has_unmovable_pages() check after isolating 
the free pages will not catch all cases: in particular movable pages 
that are longterm-pinned.

-- 
Cheers

David

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ