On Fri, Nov 22, 2019 at 10:36:32AM +0800, Alex Shi wrote:
> > If we could restrict lock_page_lruvec() to working only on PageLRU
> > pages, we could fix the problem with memory barriers. But this won't
> > work for split_huge_page(), which is AFAICT the only user that needs
> > to freeze the lru state of a page that could be isolated elsewhere.
> >
> > So AFAICS the only option is to lock out mem_cgroup_move_account()
> > entirely when the lru_lock is held. Which I guess should be fine.
> I guess we can try from lock_page_memcg, is that a good start?


> diff --git a/mm/memcontrol.c b/mm/memcontrol.c
> index 7e6387ad01f0..f4bbbf72c5b8 100644
> --- a/mm/memcontrol.c
> +++ b/mm/memcontrol.c
> @@ -1224,7 +1224,7 @@ struct lruvec *mem_cgroup_page_lruvec(struct page *page, struct pglist_data *pgd
> goto out;
> }
> - memcg = page->mem_cgroup;
> + memcg = lock_page_memcg(page);
> /*
> * Swapcache readahead pages are added to the LRU - and
> * possibly migrated - before they are charged.

test_clear_page_writeback() calls this function with that lock already
held so that would deadlock. Let's keep locking in lock_page_lruvec().


memcg = lock_page_memcg(page);
lruvec = mem_cgroup_lruvec(page_pgdat(page), memcg);

spin_lock_irqsave(&lruvec->lru_lock, *flags);
return lruvec;



The lock ordering should be fine as well. But it might be a good idea
to stick a might_lock(&memcg->move_lock) in lock_page_memcg() before
that atomic_read() and test with lockdep enabled.

But that leaves me with one more worry: compaction. We locked out
charge moving now, so between that and knowing that the page is alive,
we have page->mem_cgroup stable. But compaction doesn't know whether
the page is alive - it comes from a pfn and finds out using PageLRU.

In the current code, pgdat->lru_lock remains the same before and after
the page is charged to a cgroup, so once compaction has that locked
and it observes PageLRU, it can go ahead and isolate the page.

But lruvec->lru_lock changes during charging, and then compaction may
hold the wrong lock during isolation:

compaction: generic_file_buffered_read:



lruvec = mem_cgroup_page_lruvec()
if lruvec != mem_cgroup_page_lruvec()
goto again

page->mem_cgroup = foo

if PageLRU(page):

I don't see what prevents the lruvec from changing under compaction,
neither in your patches nor in Hugh's. Maybe I'm missing something?