From 2c9dc2384f85a4ccc44a79b349f4fb0253a2f254 Mon Sep 17 00:00:00 2001 From: Mark Johnston Date: Wed, 5 Oct 2022 15:12:46 -0400 Subject: [PATCH] vm_page: Fix a logic error in the handling of PQ_ACTIVE operations As an optimization, vm_page_activate() avoids requeuing a page that's already in the active queue. A page's location in the active queue is mostly unimportant. When a page is unwired and placed back in the page queues, vm_page_unwire() avoids moving pages out of PQ_ACTIVE to honour the request, the idea being that they're likely mapped and so will simply get bounced back in to PQ_ACTIVE during a queue scan. In both cases, if the page was logically in PQ_ACTIVE but had not yet been physically enqueued (i.e., the page is in a per-CPU batch), we would end up clearing PGA_REQUEUE from the page. Then, batch processing would ignore the page, so it would end up unwired and not in any queues. This can arise, for example, when a page is allocated and then vm_page_activate() is called multiple times in quick succession. The result is that the page is hidden from the page daemon, so while it will be freed when its VM object is destroyed, it cannot be reclaimed under memory pressure. Fix the bug: when checking if a page is in PQ_ACTIVE, only perform the optimization if the page is physically enqueued. PR: 256507 Fixes: f3f38e2580f1 ("Start implementing queue state updates using fcmpset loops.") Reviewed by: alc, kib MFC after: 1 week Sponsored by: E-CARD Ltd. Sponsored by: Klara, Inc. Differential Revision: https://reviews.freebsd.org/D36839 --- sys/vm/vm_page.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/sys/vm/vm_page.c b/sys/vm/vm_page.c index e7500e9d3e7..d6084a5b052 100644 --- a/sys/vm/vm_page.c +++ b/sys/vm/vm_page.c @@ -4141,7 +4141,12 @@ vm_page_mvqueue(vm_page_t m, const uint8_t nqueue, const uint16_t nflag) if (nqueue == PQ_ACTIVE) new.act_count = max(old.act_count, ACT_INIT); if (old.queue == nqueue) { - if (nqueue != PQ_ACTIVE) + /* + * There is no need to requeue pages already in the + * active queue. + */ + if (nqueue != PQ_ACTIVE || + (old.flags & PGA_ENQUEUED) == 0) new.flags |= nflag; } else { new.flags |= nflag; @@ -4238,7 +4243,8 @@ vm_page_release_toq(vm_page_t m, uint8_t nqueue, const bool noreuse) * referenced and avoid any queue operations. */ new.flags &= ~PGA_QUEUE_OP_MASK; - if (nflag != PGA_REQUEUE_HEAD && old.queue == PQ_ACTIVE) + if (nflag != PGA_REQUEUE_HEAD && old.queue == PQ_ACTIVE && + (old.flags & PGA_ENQUEUED) != 0) new.flags |= PGA_REFERENCED; else { new.flags |= nflag; -- 2.45.0