[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH] xen/page_alloc: Keep away MFN 0 from the buddy allocator

On Friday, August 9, 2019 9:39 AM, Jan Beulich <jbeulich@xxxxxxxx> wrote:
>On 09.08.2019 14:14, Julien Grall wrote:
>> Combining of buddies happens only such that the resulting larger buddy
>> is still order-aligned. To cross a zone boundary while merging, the
>> implication is that both the buddy [0, 2^n-1] and the buddy
>> [2^n, 2^(n+1)] are free.
>
>[2^n, 2^(n+1)-1]
>
>You may want to add that merging across zone boundaries is what we
>need to prevent.
>
>> Ideally we want to fix the allocator, but for now we can just prevent
>> adding the MFN 0 in the allocator.
>>
>> On x86, the MFN 0 is already kept away from the buddy allocator. So the
>> bug can only happen on Arm platform where the first memory bank is
>> starting at 0.
>>
>> As this is a specific to the allocator, the MFN 0 is removed in the common 
>> code
>> to cater all the architectures (current and future).
>>
>> Reported-by: Jeff Kubascik <jeff.kubascik@xxxxxxxxxxxxxxx>
>> Signed-off-by: Julien Grall <julien.grall@xxxxxxx>
>
>Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx>

Here is Jeff's initial patch for the issue.

From: Jeff Kubascik <jeff.kubascik@xxxxxxxxxxxxxxx>
Date: Mon, 4 Mar 2019 14:14:05 -0500
Subject: [PATCH] Check zone before merging adjacent blocks in heap

The Xen heap is split up into nodes and zones. Each node + zone is
managed as a separate pool of memory.

When returning pages to the heap, free_heap_pages will check adjacent
blocks to see if they can be combined into a larger block. However, the
zone of the adjacent block is not checked. This results in blocks that
migrate from one zone to another.

When a block migrates to the adjacent zone, the avail counters for the
old and new node + zone is not updated accordingly. The avail counter
is used when allocating pages to determine whether to skip over a zone.
With this behavior, it is possible for free pages to collect in a zone
with the avail counter smaller than the actual page count, resulting
in free pages that are not allocable.

This commit adds a check to compare the adjacent block's zone with the
current zone before merging them.

Signed-off-by: Jeff Kubascik <Jeff.Kubascik@xxxxxxxxxxxxxxx>
Tested-by: Stewart Hildebrand <stewart.hildebrand@xxxxxxxxxxxxxxx>
---
 xen/common/page_alloc.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/xen/common/page_alloc.c b/xen/common/page_alloc.c
index 482f0988f7..a92268cc67 100644
--- a/xen/common/page_alloc.c
+++ b/xen/common/page_alloc.c
@@ -1419,6 +1419,7 @@ static void free_heap_pages(
             if ( !mfn_valid(page_to_mfn(predecessor)) ||
                  !page_state_is(predecessor, free) ||
                  (PFN_ORDER(predecessor) != order) ||
+                 (page_to_zone(pg-mask) != zone) ||
                  (phys_to_nid(page_to_maddr(predecessor)) != node) )
                 break;
 
@@ -1442,6 +1443,7 @@ static void free_heap_pages(
             if ( !mfn_valid(page_to_mfn(successor)) ||
                  !page_state_is(successor, free) ||
                  (PFN_ORDER(successor) != order) ||
+                 (page_to_zone(pg+mask) != zone) ||
                  (phys_to_nid(page_to_maddr(successor)) != node) )
                 break;
 
-- 
2.22.0

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.