From nobody Tue Nov 01 20:33:39 2022 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4N21v80fg2z4hChf; Tue, 1 Nov 2022 20:33:40 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4N21v808mTz3F0t; Tue, 1 Nov 2022 20:33:40 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1667334820; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=EdhtkdB+x3H3GIn+zuCKzL8ZvpwHAr5o5+CBnnZarGU=; b=caTW6YTkIgpcdFCVXXWAN0zJYgIQlX5lxEFNHDIN3ZCBxz5w824JtyvCj8X8Pjsplv2DMd zX7C5Nca1ZCr6gnPypIrArhAeYp5wKMdf+bPBw1UNVH4oskULpvtfsV0mb8aZleFd+aIgt a5/A2OOa4WvoToF2PhNaqJHckDpR6GjUzNdvTj2P2RvCtcGcfl7H3Kz+w33ubnzdWn6Rdj S9TRSA0e7boh7LLoQC9rReu8RQw3+ign89BaHThvP2+cAryrvHaDpT4phRH+tnBYQSbRl4 4Zngd55j4VytLR0u+wMaiFr8r++zckPc7WKMrhKyXamTaWkzDt1uKYHVfB+L2w== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4N21v766Q0zVBZ; Tue, 1 Nov 2022 20:33:39 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 2A1KXd1O026230; Tue, 1 Nov 2022 20:33:39 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 2A1KXd7m026229; Tue, 1 Nov 2022 20:33:39 GMT (envelope-from git) Date: Tue, 1 Nov 2022 20:33:39 GMT Message-Id: <202211012033.2A1KXd7m026229@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Mark Johnston Subject: git: 4867d7d34dfd - releng/13.1 - vm_page: Fix a logic error in the handling of PQ_ACTIVE operations List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/releng/13.1 X-Git-Reftype: branch X-Git-Commit: 4867d7d34dfd54986d5798eddc3ce92a70cc9841 Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1667334820; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=EdhtkdB+x3H3GIn+zuCKzL8ZvpwHAr5o5+CBnnZarGU=; b=G2uRGTBNy4PE91SDjLofNbmWJzx3lTrWpUVF5XC1fr+CMaRYoDquqQiwILe8U4XDfyUMSE 0IxH7MFtivHbaGWEax8haYFMQhpH9M6VrXwNoPz1bmtGF6S+DCFPXog7DSQq2+sTDNiz2l xDQCVm8wB9PKQFxrPnOTMA4kDgYi7ciDtETOy8lOZGYAKL1F6VForItMtuIRTS+1DMJlof np/7DByR4oZBV4VhSjMpTfMbfOzHWGMD/yz453imc6a4lS4jWarhyoUmBxEauR6TYe8Qrw SryIB3/UPMAqslGoeeBA6/ksKaJfkTb9CAxCwWrMTpv80mcaRG1J576hOg3NDg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1667334820; a=rsa-sha256; cv=none; b=GmYsfHuSMV2ESGU9m5F9j+0i6Z7eAInVNCWaNHVOf5CMaNyPTG12qinPIrWA0i/RVrKBYe iLLuPexcEv5JRQjIUQVtgCKiyfcGe1AJTJvAFog3ljmcQ13wDKuHNd2SvHyPOMDAMYqTNq fSFRtnfCPvogeQIKSxpD9avTRfSYrML20Ud8N3eONqibWc02OiXIdtI7L/IiCLOAZ613vD DwufsZQtqNcJZhWnSR/QoO7Qb2GHR+3CFUit0m8KZY6rV+jsLgTFMq8472rHfAPEepbIYw 7iycgUzxLfs5oYDRY4PbDJJ94XCheZ97XG6nyQhh/xsSmv41aJJUdRXHOaPEbw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch releng/13.1 has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=4867d7d34dfd54986d5798eddc3ce92a70cc9841 commit 4867d7d34dfd54986d5798eddc3ce92a70cc9841 Author: Mark Johnston AuthorDate: 2022-10-05 19:12:46 +0000 Commit: Mark Johnston CommitDate: 2022-11-01 13:28:11 +0000 vm_page: Fix a logic error in the handling of PQ_ACTIVE operations As an optimization, vm_page_activate() avoids requeuing a page that's already in the active queue. A page's location in the active queue is mostly unimportant. When a page is unwired and placed back in the page queues, vm_page_unwire() avoids moving pages out of PQ_ACTIVE to honour the request, the idea being that they're likely mapped and so will simply get bounced back in to PQ_ACTIVE during a queue scan. In both cases, if the page was logically in PQ_ACTIVE but had not yet been physically enqueued (i.e., the page is in a per-CPU batch), we would end up clearing PGA_REQUEUE from the page. Then, batch processing would ignore the page, so it would end up unwired and not in any queues. This can arise, for example, when a page is allocated and then vm_page_activate() is called multiple times in quick succession. The result is that the page is hidden from the page daemon, so while it will be freed when its VM object is destroyed, it cannot be reclaimed under memory pressure. Fix the bug: when checking if a page is in PQ_ACTIVE, only perform the optimization if the page is physically enqueued. Approved by: so Security: FreeBSD-EN-22:23.vm PR: 256507 Fixes: f3f38e2580f1 ("Start implementing queue state updates using fcmpset loops.") Reviewed by: alc, kib Sponsored by: E-CARD Ltd. Sponsored by: Klara, Inc. (cherry picked from commit 2c9dc2384f85a4ccc44a79b349f4fb0253a2f254) (cherry picked from commit 6094749a1a5dafb8daf98deab23fc968070bc695) --- sys/vm/vm_page.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/sys/vm/vm_page.c b/sys/vm/vm_page.c index 6cdde80bdb8b..d22e2322c572 100644 --- a/sys/vm/vm_page.c +++ b/sys/vm/vm_page.c @@ -4112,7 +4112,12 @@ vm_page_mvqueue(vm_page_t m, const uint8_t nqueue, const uint16_t nflag) if (nqueue == PQ_ACTIVE) new.act_count = max(old.act_count, ACT_INIT); if (old.queue == nqueue) { - if (nqueue != PQ_ACTIVE) + /* + * There is no need to requeue pages already in the + * active queue. + */ + if (nqueue != PQ_ACTIVE || + (old.flags & PGA_ENQUEUED) == 0) new.flags |= nflag; } else { new.flags |= nflag; @@ -4209,7 +4214,8 @@ vm_page_release_toq(vm_page_t m, uint8_t nqueue, const bool noreuse) * referenced and avoid any queue operations. */ new.flags &= ~PGA_QUEUE_OP_MASK; - if (nflag != PGA_REQUEUE_HEAD && old.queue == PQ_ACTIVE) + if (nflag != PGA_REQUEUE_HEAD && old.queue == PQ_ACTIVE && + (old.flags & PGA_ENQUEUED) != 0) new.flags |= PGA_REFERENCED; else { new.flags |= nflag;