Re: [PATCH] [13/16] HWPOISON: The high level memory error handler in the VM v5

From: Andi Kleen
Date: Fri Jun 12 2009 - 05:50:45 EST

Next message: Arnd Bergmann: "Re: PATCH: README - Fix misleading pointer to the defconf directory"
Previous message: Lai Jiangshan: "[PATCH RFC] softirq: fix ksoftirq starved"
In reply to: Nick Piggin: "Re: [PATCH] [13/16] HWPOISON: The high level memory error handler in the VM v5"
Next in thread: Wu Fengguang: "[PATCH] HWPOISON: fix tasklist_lock/anon_vma locking order"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Jun 09, 2009 at 05:05:53PM +0100, Hugh Dickins wrote:
> To me, it's just another layer of complexity and maintenance burden
> that one special-interest group is imposing upon mm, and I can't
> keep up with it myself.

Thanks for the kind words.
>
> However, if I'm interpreting these extracts correctly, the whole
> thing looks very misguided to me. Are we really going to kill any
> process that has a cousin who might once have mapped the page that's
> been found hwpoisonous? The hwpoison secret police are dangerously
> out of control, I'd say.

What do you mean with once? It's a not yet afaik?

The not yet was intentional for early kill mode -- the main reason
for that is KVM guests where it should mimic the hardware behaviour
that you report a future memory corruption, so that the guest
takes step to never access it. So even if the access
to the bad page is in the future as long as the process
has theoretical access it should be killed.

In late kill modus that's different of course.

>
> The usual use of rmap lookup loops is to go on to look into the page
> table to see whether the page is actually mapped: I see no attempt
> at that here, just an assumption that anyone on the list is guilty
> of mapping the page and must be killed. And even if it did go on

Yes that's intentional.

>
> At least in the file's prio_tree case, we'll only be killing those
> who mmapped the range which happens to include the page. But in the
> anon case, remember the anon_vma is just a bundle of "related" vmas
> outside of which the page will not be found; so if one process got a
> poisonous page through COW, all the other processes which happen to
> be sharing that anon_vma through fork or through adjacent merging,
> are going to get killed too.

You're right the COW case is a bit of a problem, we don't distingush
that. Perhaps that can be easily checked, but even if we kill
a bit too much it's still better than killing too little. I don't think it's
as big a problem as you claim.

> I think a much more sensible approach would be to follow the page
> migration technique of replacing the page's ptes by a special swap-like
> entry, then do the killing from do_swap_page() if a process actually
> tries to access the page.

That's what late kill modus does (see the patch description/comment on
top of file), but it doesn't have the right semantics for KVM.
It's still used for a few cases by default, e.g. for the swap cache.

-Andi

--
ak@xxxxxxxxxxxxxxx -- Speaking for myself only.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Arnd Bergmann: "Re: PATCH: README - Fix misleading pointer to the defconf directory"
Previous message: Lai Jiangshan: "[PATCH RFC] softirq: fix ksoftirq starved"
In reply to: Nick Piggin: "Re: [PATCH] [13/16] HWPOISON: The high level memory error handler in the VM v5"
Next in thread: Wu Fengguang: "[PATCH] HWPOISON: fix tasklist_lock/anon_vma locking order"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]