Re: [PATCH -next] mm/vmscan: fix an undefined behavior for zone id

[Johannes Weiner]

On Tue, Nov 12, 2019 at 04:27:50PM +0100, Michal Hocko wrote:
> On Tue 12-11-19 06:59:42, Johannes Weiner wrote:
> > Qian, thanks for the report and the fix.
> > 
> > On Mon, Nov 11, 2019 at 02:28:12PM +0100, Michal Hocko wrote:
> > > On Mon 11-11-19 13:14:27, Chris Down wrote:
> > > > Chris Down writes:
> > > > > Ah, I just saw this in my local checkout and thought it was from my
> > > > > changes, until I saw it's also on clean mmots checkout. Thanks for the
> > > > > fixup!
> > > > 
> > > > Also, does this mean we should change callers that may pass through
> > > > zone_idx=MAX_NR_ZONES to become MAX_NR_ZONES-1 in a separate commit, then
> > > > remove this interim fixup? I'm worried otherwise we might paper over real
> > > > issues in future.
> > > 
> > > Yes, removing this special casing is reasonable. I am not sure
> > > MAX_NR_ZONES - 1 is a better choice though. It is error prone and
> > > zone_idx is the highest zone we should consider and MAX_NR_ZONES - 1
> > > be ZONE_DEVICE if it is configured. But ZONE_DEVICE is really standing
> > > outside of MM reclaim code AFAIK. It would be probably better to have
> > > MAX_LRU_ZONE (equal to MOVABLE) and use it instead.
> > 
> > We already use MAX_NR_ZONES - 1 everywhere else in vmscan.c to mean
> > "no zone restrictions" - get_scan_count() is the odd one out:
> > 
> > - mem_cgroup_shrink_node()
> > - try_to_free_mem_cgroup_pages()
> > - balance_pgdat()
> > - kswapd()
> > - shrink_all_memory()
> > 
> > It's a little odd that it points to ZONE_DEVICE, but it's MUCH less
> > subtle than handling both inclusive and exclusive range delimiters.
> > 
> > So I think the better fix would be this:
> 
> lruvec_lru_size is explicitly documented to use MAX_NR_ZONES for all
> LRUs and git grep says there are more instances outside of
> get_scan_count. So all of them have to be fixed.

Which ones?

[hannes@computer linux]$ git grep lruvec_lru_size
include/linux/mmzone.h:extern unsigned long lruvec_lru_size(struct lruvec *lruvec, enum lru_list lru, int zone_idx);
mm/vmscan.c: * lruvec_lru_size -  Returns the number of pages on the given LRU list.
mm/vmscan.c:unsigned long lruvec_lru_size(struct lruvec *lruvec, enum lru_list lru, int zone_idx)
mm/vmscan.c:    anon  = lruvec_lru_size(lruvec, LRU_ACTIVE_ANON, MAX_NR_ZONES - 1) +
mm/vmscan.c:            lruvec_lru_size(lruvec, LRU_INACTIVE_ANON, MAX_NR_ZONES - 1);
mm/vmscan.c:    file  = lruvec_lru_size(lruvec, LRU_ACTIVE_FILE, MAX_NR_ZONES - 1) +
mm/vmscan.c:            lruvec_lru_size(lruvec, LRU_INACTIVE_FILE, MAX_NR_ZONES - 1);
mm/vmscan.c:            lruvec_size = lruvec_lru_size(lruvec, lru, sc->reclaim_idx);
[hannes@computer linux]$

The only other user already passes sc->reclaim_idx, which always
points to a valid zone, and is initialized to MAX_NR_ZONES - 1 in many
places.

> I still think that MAX_NR_ZONES - 1 is a very error prone and subtle
> construct IMHO and an alias would be better readable.

I wouldn't mind a follow-up patch that changes this pattern
comprehensively. As it stands, get_scan_count() is the odd one out.

The documentation bit is a good point, though. We should fix
that. Updated patch:

---