https://github.com/torvalds/linux
Revision 89da619bc18d79bca5304724c11d4ba3b67ce2c6 authored by Jiang Biao on 18 July 2018, 02:29:28 UTC, committed by Michael S. Tsirkin on 30 July 2018, 13:45:33 UTC
Kernel panic when with high memory pressure, calltrace looks like, PID: 21439 TASK: ffff881be3afedd0 CPU: 16 COMMAND: "java" #0 [ffff881ec7ed7630] machine_kexec at ffffffff81059beb #1 [ffff881ec7ed7690] __crash_kexec at ffffffff81105942 #2 [ffff881ec7ed7760] crash_kexec at ffffffff81105a30 #3 [ffff881ec7ed7778] oops_end at ffffffff816902c8 #4 [ffff881ec7ed77a0] no_context at ffffffff8167ff46 #5 [ffff881ec7ed77f0] __bad_area_nosemaphore at ffffffff8167ffdc #6 [ffff881ec7ed7838] __node_set at ffffffff81680300 #7 [ffff881ec7ed7860] __do_page_fault at ffffffff8169320f #8 [ffff881ec7ed78c0] do_page_fault at ffffffff816932b5 #9 [ffff881ec7ed78f0] page_fault at ffffffff8168f4c8 [exception RIP: _raw_spin_lock_irqsave+47] RIP: ffffffff8168edef RSP: ffff881ec7ed79a8 RFLAGS: 00010046 RAX: 0000000000000246 RBX: ffffea0019740d00 RCX: ffff881ec7ed7fd8 RDX: 0000000000020000 RSI: 0000000000000016 RDI: 0000000000000008 RBP: ffff881ec7ed79a8 R8: 0000000000000246 R9: 000000000001a098 R10: ffff88107ffda000 R11: 0000000000000000 R12: 0000000000000000 R13: 0000000000000008 R14: ffff881ec7ed7a80 R15: ffff881be3afedd0 ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018 It happens in the pagefault and results in double pagefault during compacting pages when memory allocation fails. Analysed the vmcore, the page leads to second pagefault is corrupted with _mapcount=-256, but private=0. It's caused by the race between migration and ballooning, and lock missing in virtballoon_migratepage() of virtio_balloon driver. This patch fix the bug. Fixes: e22504296d4f64f ("virtio_balloon: introduce migration primitives to balloon pages") Cc: stable@vger.kernel.org Signed-off-by: Jiang Biao <jiang.biao2@zte.com.cn> Signed-off-by: Huang Chong <huang.chong@zte.com.cn> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
1 parent f2467ee
Tip revision: 89da619bc18d79bca5304724c11d4ba3b67ce2c6 authored by Jiang Biao on 18 July 2018, 02:29:28 UTC
virtio_balloon: fix another race between migration and ballooning
virtio_balloon: fix another race between migration and ballooning
Tip revision: 89da619
File | Mode | Size |
---|---|---|
bpf | ||
cgroup | ||
configs | ||
debug | ||
dma | ||
events | ||
gcov | ||
irq | ||
livepatch | ||
locking | ||
power | ||
printk | ||
rcu | ||
sched | ||
time | ||
trace | ||
.gitignore | -rw-r--r-- | 69 bytes |
Kconfig.freezer | -rw-r--r-- | 52 bytes |
Kconfig.hz | -rw-r--r-- | 1.6 KB |
Kconfig.locks | -rw-r--r-- | 4.8 KB |
Kconfig.preempt | -rw-r--r-- | 2.1 KB |
Makefile | -rw-r--r-- | 4.1 KB |
acct.c | -rw-r--r-- | 15.4 KB |
async.c | -rw-r--r-- | 10.1 KB |
audit.c | -rw-r--r-- | 62.5 KB |
audit.h | -rw-r--r-- | 11.1 KB |
audit_fsnotify.c | -rw-r--r-- | 6.1 KB |
audit_tree.c | -rw-r--r-- | 23.8 KB |
audit_watch.c | -rw-r--r-- | 14.6 KB |
auditfilter.c | -rw-r--r-- | 34.2 KB |
auditsc.c | -rw-r--r-- | 66.8 KB |
backtracetest.c | -rw-r--r-- | 2.1 KB |
bounds.c | -rw-r--r-- | 739 bytes |
capability.c | -rw-r--r-- | 13.9 KB |
compat.c | -rw-r--r-- | 12.8 KB |
configs.c | -rw-r--r-- | 2.8 KB |
context_tracking.c | -rw-r--r-- | 6.3 KB |
cpu.c | -rw-r--r-- | 47.9 KB |
cpu_pm.c | -rw-r--r-- | 6.0 KB |
crash_core.c | -rw-r--r-- | 11.4 KB |
crash_dump.c | -rw-r--r-- | 1.3 KB |
cred.c | -rw-r--r-- | 21.5 KB |
delayacct.c | -rw-r--r-- | 4.7 KB |
dma.c | -rw-r--r-- | 3.3 KB |
elfcore.c | -rw-r--r-- | 432 bytes |
exec_domain.c | -rw-r--r-- | 1.1 KB |
exit.c | -rw-r--r-- | 44.3 KB |
extable.c | -rw-r--r-- | 4.8 KB |
fail_function.c | -rw-r--r-- | 7.2 KB |
fork.c | -rw-r--r-- | 60.9 KB |
freezer.c | -rw-r--r-- | 4.4 KB |
futex.c | -rw-r--r-- | 97.4 KB |
futex_compat.c | -rw-r--r-- | 4.5 KB |
groups.c | -rw-r--r-- | 4.9 KB |
hung_task.c | -rw-r--r-- | 6.2 KB |
iomem.c | -rw-r--r-- | 4.7 KB |
irq_work.c | -rw-r--r-- | 4.4 KB |
jump_label.c | -rw-r--r-- | 19.8 KB |
kallsyms.c | -rw-r--r-- | 17.0 KB |
kcmp.c | -rw-r--r-- | 5.7 KB |
kcov.c | -rw-r--r-- | 11.0 KB |
kexec.c | -rw-r--r-- | 7.6 KB |
kexec_core.c | -rw-r--r-- | 30.9 KB |
kexec_file.c | -rw-r--r-- | 30.6 KB |
kexec_internal.h | -rw-r--r-- | 924 bytes |
kmod.c | -rw-r--r-- | 5.0 KB |
kprobes.c | -rw-r--r-- | 64.3 KB |
ksysfs.c | -rw-r--r-- | 6.3 KB |
kthread.c | -rw-r--r-- | 33.6 KB |
latencytop.c | -rw-r--r-- | 7.9 KB |
memremap.c | -rw-r--r-- | 9.7 KB |
module-internal.h | -rw-r--r-- | 458 bytes |
module.c | -rw-r--r-- | 111.7 KB |
module_signing.c | -rw-r--r-- | 2.2 KB |
notifier.c | -rw-r--r-- | 16.3 KB |
nsproxy.c | -rw-r--r-- | 6.5 KB |
padata.c | -rw-r--r-- | 27.1 KB |
panic.c | -rw-r--r-- | 16.6 KB |
params.c | -rw-r--r-- | 23.2 KB |
pid.c | -rw-r--r-- | 11.1 KB |
pid_namespace.c | -rw-r--r-- | 11.4 KB |
profile.c | -rw-r--r-- | 14.8 KB |
ptrace.c | -rw-r--r-- | 32.4 KB |
range.c | -rw-r--r-- | 3.0 KB |
reboot.c | -rw-r--r-- | 13.8 KB |
relay.c | -rw-r--r-- | 32.1 KB |
resource.c | -rw-r--r-- | 39.6 KB |
rseq.c | -rw-r--r-- | 10.0 KB |
seccomp.c | -rw-r--r-- | 34.3 KB |
signal.c | -rw-r--r-- | 101.3 KB |
smp.c | -rw-r--r-- | 21.3 KB |
smpboot.c | -rw-r--r-- | 13.1 KB |
smpboot.h | -rw-r--r-- | 640 bytes |
softirq.c | -rw-r--r-- | 18.5 KB |
stacktrace.c | -rw-r--r-- | 1.8 KB |
stop_machine.c | -rw-r--r-- | 17.4 KB |
sys.c | -rw-r--r-- | 62.2 KB |
sys_ni.c | -rw-r--r-- | 8.8 KB |
sysctl.c | -rw-r--r-- | 74.7 KB |
sysctl_binary.c | -rw-r--r-- | 50.2 KB |
task_work.c | -rw-r--r-- | 3.1 KB |
taskstats.c | -rw-r--r-- | 15.4 KB |
test_kprobes.c | -rw-r--r-- | 7.9 KB |
torture.c | -rw-r--r-- | 21.0 KB |
tracepoint.c | -rw-r--r-- | 14.6 KB |
tsacct.c | -rw-r--r-- | 5.1 KB |
ucount.c | -rw-r--r-- | 5.7 KB |
uid16.c | -rw-r--r-- | 5.1 KB |
uid16.h | -rw-r--r-- | 442 bytes |
umh.c | -rw-r--r-- | 18.0 KB |
up.c | -rw-r--r-- | 2.0 KB |
user-return-notifier.c | -rw-r--r-- | 1.3 KB |
user.c | -rw-r--r-- | 5.6 KB |
user_namespace.c | -rw-r--r-- | 33.4 KB |
utsname.c | -rw-r--r-- | 4.0 KB |
utsname_sysctl.c | -rw-r--r-- | 3.0 KB |
watchdog.c | -rw-r--r-- | 21.7 KB |
watchdog_hld.c | -rw-r--r-- | 7.7 KB |
workqueue.c | -rw-r--r-- | 159.0 KB |
workqueue_internal.h | -rw-r--r-- | 2.2 KB |
Computing file changes ...