Revision 89a2848381b5fcd9c4d9c0cd97680e3b28730e31 authored by Johannes Weiner on 28 October 2016, 00:46:56 UTC, committed by Linus Torvalds on 28 October 2016, 01:43:43 UTC
On 4.0, we saw a stack corruption from a page fault entering direct memory cgroup reclaim, calling into btrfs_releasepage(), which then tried to allocate an extent and recursed back into a kmem charge ad nauseam: [...] btrfs_releasepage+0x2c/0x30 try_to_release_page+0x32/0x50 shrink_page_list+0x6da/0x7a0 shrink_inactive_list+0x1e5/0x510 shrink_lruvec+0x605/0x7f0 shrink_zone+0xee/0x320 do_try_to_free_pages+0x174/0x440 try_to_free_mem_cgroup_pages+0xa7/0x130 try_charge+0x17b/0x830 memcg_charge_kmem+0x40/0x80 new_slab+0x2d9/0x5a0 __slab_alloc+0x2fd/0x44f kmem_cache_alloc+0x193/0x1e0 alloc_extent_state+0x21/0xc0 __clear_extent_bit+0x2b5/0x400 try_release_extent_mapping+0x1a3/0x220 __btrfs_releasepage+0x31/0x70 btrfs_releasepage+0x2c/0x30 try_to_release_page+0x32/0x50 shrink_page_list+0x6da/0x7a0 shrink_inactive_list+0x1e5/0x510 shrink_lruvec+0x605/0x7f0 shrink_zone+0xee/0x320 do_try_to_free_pages+0x174/0x440 try_to_free_mem_cgroup_pages+0xa7/0x130 try_charge+0x17b/0x830 mem_cgroup_try_charge+0x65/0x1c0 handle_mm_fault+0x117f/0x1510 __do_page_fault+0x177/0x420 do_page_fault+0xc/0x10 page_fault+0x22/0x30 On later kernels, kmem charging is opt-in rather than opt-out, and that particular kmem allocation in btrfs_releasepage() is no longer being charged and won't recurse and overrun the stack anymore. But it's not impossible for an accounted allocation to happen from the memcg direct reclaim context, and we needed to reproduce this crash many times before we even got a useful stack trace out of it. Like other direct reclaimers, mark tasks in memcg reclaim PF_MEMALLOC to avoid recursing into any other form of direct reclaim. Then let recursive charges from PF_MEMALLOC contexts bypass the cgroup limit. Link: http://lkml.kernel.org/r/20161025141050.GA13019@cmpxchg.org Signed-off-by: Johannes Weiner <hannes@cmpxchg.org> Acked-by: Michal Hocko <mhocko@suse.com> Cc: Vladimir Davydov <vdavydov.dev@gmail.com> Cc: Tejun Heo <tj@kernel.org> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
1 parent 8f72cb4
| File | Mode | Size |
|---|---|---|
| ac97_codec.h | -rw-r--r-- | 28.4 KB |
| aci.h | -rw-r--r-- | 2.4 KB |
| ad1816a.h | -rw-r--r-- | 5.4 KB |
| ad1843.h | -rw-r--r-- | 1.5 KB |
| adau1373.h | -rw-r--r-- | 699 bytes |
| aess.h | -rw-r--r-- | 1.6 KB |
| ak4113.h | -rw-r--r-- | 10.9 KB |
| ak4114.h | -rw-r--r-- | 10.2 KB |
| ak4117.h | -rw-r--r-- | 9.0 KB |
| ak4531_codec.h | -rw-r--r-- | 3.1 KB |
| ak4641.h | -rw-r--r-- | 622 bytes |
| ak4xxx-adda.h | -rw-r--r-- | 3.3 KB |
| alc5623.h | -rw-r--r-- | 497 bytes |
| asequencer.h | -rw-r--r-- | 3.6 KB |
| asound.h | -rw-r--r-- | 1.3 KB |
| asoundef.h | -rw-r--r-- | 16.7 KB |
| atmel-abdac.h | -rw-r--r-- | 639 bytes |
| atmel-ac97c.h | -rw-r--r-- | 1.3 KB |
| compress_driver.h | -rw-r--r-- | 6.6 KB |
| control.h | -rw-r--r-- | 8.5 KB |
| core.h | -rw-r--r-- | 14.0 KB |
| cs35l33.h | -rw-r--r-- | 1.0 KB |
| cs4231-regs.h | -rw-r--r-- | 8.3 KB |
| cs4271.h | -rw-r--r-- | 1.4 KB |
| cs42l52.h | -rw-r--r-- | 738 bytes |
| cs42l56.h | -rw-r--r-- | 1.2 KB |
| cs42l73.h | -rw-r--r-- | 507 bytes |
| cs8403.h | -rw-r--r-- | 8.6 KB |
| cs8427.h | -rw-r--r-- | 10.4 KB |
| da7213.h | -rw-r--r-- | 1.2 KB |
| da7218.h | -rw-r--r-- | 2.6 KB |
| da7219-aad.h | -rw-r--r-- | 2.4 KB |
| da7219.h | -rw-r--r-- | 1.0 KB |
| da9055.h | -rw-r--r-- | 914 bytes |
| designware_i2s.h | -rw-r--r-- | 2.2 KB |
| dmaengine_pcm.h | -rw-r--r-- | 6.2 KB |
| emu10k1.h | -rw-r--r-- | 89.2 KB |
| emu10k1_synth.h | -rw-r--r-- | 1.3 KB |
| emu8000.h | -rw-r--r-- | 4.0 KB |
| emu8000_reg.h | -rw-r--r-- | 10.2 KB |
| emux_legacy.h | -rw-r--r-- | 5.4 KB |
| emux_synth.h | -rw-r--r-- | 7.5 KB |
| es1688.h | -rw-r--r-- | 3.5 KB |
| gus.h | -rw-r--r-- | 20.2 KB |
| hda_chmap.h | -rw-r--r-- | 2.6 KB |
| hda_hwdep.h | -rw-r--r-- | 1.4 KB |
| hda_i915.h | -rw-r--r-- | 1.6 KB |
| hda_register.h | -rw-r--r-- | 9.3 KB |
| hda_regmap.h | -rw-r--r-- | 6.6 KB |
| hda_verbs.h | -rw-r--r-- | 16.7 KB |
| hdaudio.h | -rw-r--r-- | 18.0 KB |
| hdaudio_ext.h | -rw-r--r-- | 7.0 KB |
| hdmi-codec.h | -rw-r--r-- | 2.2 KB |
| hwdep.h | -rw-r--r-- | 2.6 KB |
| i2c.h | -rw-r--r-- | 3.5 KB |
| info.h | -rw-r--r-- | 7.4 KB |
| initval.h | -rw-r--r-- | 3.1 KB |
| jack.h | -rw-r--r-- | 3.7 KB |
| l3.h | -rw-r--r-- | 485 bytes |
| max9768.h | -rw-r--r-- | 729 bytes |
| max98088.h | -rw-r--r-- | 1.3 KB |
| max98090.h | -rw-r--r-- | 754 bytes |
| max98095.h | -rw-r--r-- | 1.5 KB |
| memalloc.h | -rw-r--r-- | 4.4 KB |
| minors.h | -rw-r--r-- | 4.3 KB |
| mixer_oss.h | -rw-r--r-- | 2.4 KB |
| mpu401.h | -rw-r--r-- | 4.5 KB |
| omap-hdmi-audio.h | -rw-r--r-- | 1.3 KB |
| omap-pcm.h | -rw-r--r-- | 864 bytes |
| opl3.h | -rw-r--r-- | 12.4 KB |
| opl4.h | -rw-r--r-- | 1.1 KB |
| pcm-indirect.h | -rw-r--r-- | 5.6 KB |
| pcm.h | -rw-r--r-- | 47.5 KB |
| pcm_drm_eld.h | -rw-r--r-- | 144 bytes |
| pcm_iec958.h | -rw-r--r-- | 293 bytes |
| pcm_oss.h | -rw-r--r-- | 2.6 KB |
| pcm_params.h | -rw-r--r-- | 9.0 KB |
| pt2258.h | -rw-r--r-- | 1.2 KB |
| pxa2xx-lib.h | -rw-r--r-- | 1.5 KB |
| rawmidi.h | -rw-r--r-- | 6.2 KB |
| rt286.h | -rw-r--r-- | 460 bytes |
| rt298.h | -rw-r--r-- | 519 bytes |
| rt5640.h | -rw-r--r-- | 648 bytes |
| rt5645.h | -rw-r--r-- | 680 bytes |
| rt5651.h | -rw-r--r-- | 468 bytes |
| rt5659.h | -rw-r--r-- | 1003 bytes |
| rt5660.h | -rw-r--r-- | 724 bytes |
| rt5670.h | -rw-r--r-- | 652 bytes |
| rt5677.h | -rw-r--r-- | 1.1 KB |
| s3c24xx_uda134x.h | -rw-r--r-- | 190 bytes |
| sb.h | -rw-r--r-- | 11.0 KB |
| sb16_csp.h | -rw-r--r-- | 2.7 KB |
| seq_device.h | -rw-r--r-- | 2.8 KB |
| seq_kernel.h | -rw-r--r-- | 3.9 KB |
| seq_midi_emul.h | -rw-r--r-- | 7.3 KB |
| seq_midi_event.h | -rw-r--r-- | 2.2 KB |
| seq_oss.h | -rw-r--r-- | 2.9 KB |
| seq_oss_legacy.h | -rw-r--r-- | 1.0 KB |
| seq_virmidi.h | -rw-r--r-- | 2.7 KB |
| sh_dac_audio.h | -rw-r--r-- | 587 bytes |
| sh_fsi.h | -rw-r--r-- | 847 bytes |
| simple_card.h | -rw-r--r-- | 683 bytes |
| simple_card_utils.h | -rw-r--r-- | 2.5 KB |
| snd_wavefront.h | -rw-r--r-- | 5.5 KB |
| soc-dai.h | -rw-r--r-- | 10.1 KB |
| soc-dapm.h | -rw-r--r-- | 29.7 KB |
| soc-dpcm.h | -rw-r--r-- | 4.7 KB |
| soc-topology.h | -rw-r--r-- | 5.5 KB |
| soc.h | -rw-r--r-- | 57.1 KB |
| soundfont.h | -rw-r--r-- | 4.5 KB |
| spear_dma.h | -rw-r--r-- | 1003 bytes |
| spear_spdif.h | -rw-r--r-- | 1010 bytes |
| sta32x.h | -rw-r--r-- | 1.2 KB |
| sta350.h | -rw-r--r-- | 1.6 KB |
| tas2552-plat.h | -rw-r--r-- | 678 bytes |
| tas5086.h | -rw-r--r-- | 171 bytes |
| tea6330t.h | -rw-r--r-- | 1.1 KB |
| timer.h | -rw-r--r-- | 5.4 KB |
| tlv.h | -rw-r--r-- | 2.3 KB |
| tlv320aic32x4.h | -rw-r--r-- | 900 bytes |
| tlv320aic3x.h | -rw-r--r-- | 1.9 KB |
| tlv320dac33-plat.h | -rw-r--r-- | 720 bytes |
| tpa6130a2-plat.h | -rw-r--r-- | 900 bytes |
| uda134x.h | -rw-r--r-- | 597 bytes |
| uda1380.h | -rw-r--r-- | 481 bytes |
| util_mem.h | -rw-r--r-- | 2.3 KB |
| vx_core.h | -rw-r--r-- | 15.3 KB |
| wavefront.h | -rw-r--r-- | 18.8 KB |
| wm0010.h | -rw-r--r-- | 679 bytes |
| wm1250-ev1.h | -rw-r--r-- | 656 bytes |
| wm2000.h | -rw-r--r-- | 625 bytes |
| wm2200.h | -rw-r--r-- | 1.5 KB |
| wm5100.h | -rw-r--r-- | 1.2 KB |
| wm8903.h | -rw-r--r-- | 15.2 KB |
| wm8904.h | -rw-r--r-- | 7.4 KB |
| wm8955.h | -rw-r--r-- | 662 bytes |
| wm8960.h | -rw-r--r-- | 603 bytes |
| wm8962.h | -rw-r--r-- | 1.8 KB |
| wm8993.h | -rw-r--r-- | 1.2 KB |
| wm8996.h | -rw-r--r-- | 1.4 KB |
| wm9081.h | -rw-r--r-- | 661 bytes |
| wm9090.h | -rw-r--r-- | 780 bytes |
| wss.h | -rw-r--r-- | 8.4 KB |
Computing file changes ...
