[PATCH v1] mm/balloon_compaction: avoid duplicate page removal

[PATCH v1] mm/balloon_compaction: avoid duplicate page removal

[Wei Wang]

Fixes: 418a3ab1e778 (mm/balloon_compaction: List interfaces)

A #GP is reported in the guest when requesting balloon inflation via
virtio-balloon. The reason is that the virtio-balloon driver has
removed the page from its internal page list (via balloon_page_pop),
but balloon_page_enqueue_one also calls "list_del"  to do the removal.
So remove the list_del in balloon_page_enqueue_one, and have the callers
do the page removal from their own page lists.

Signed-off-by: Wei Wang <wei.w.wang@intel.com>
---
 mm/balloon_compaction.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/mm/balloon_compaction.c b/mm/balloon_compaction.c
index 83a7b61..1a5ddc4 100644
--- a/mm/balloon_compaction.c
+++ b/mm/balloon_compaction.c
@@ -11,6 +11,7 @@
 #include <linux/export.h>
 #include <linux/balloon_compaction.h>
 
+/* Callers ensure that @page has been removed from its original list. */
 static void balloon_page_enqueue_one(struct balloon_dev_info *b_dev_info,
 				     struct page *page)
 {
@@ -21,7 +22,6 @@ static void balloon_page_enqueue_one(struct balloon_dev_info *b_dev_info,
 	 * memory corruption is possible and we should stop execution.
 	 */
 	BUG_ON(!trylock_page(page));
-	list_del(&page->lru);
 	balloon_page_insert(b_dev_info, page);
 	unlock_page(page);
 	__count_vm_event(BALLOON_INFLATE);
@@ -47,6 +47,7 @@ size_t balloon_page_list_enqueue(struct balloon_dev_info *b_dev_info,
 
 	spin_lock_irqsave(&b_dev_info->pages_lock, flags);
 	list_for_each_entry_safe(page, tmp, pages, lru) {
+		list_del(&page->lru);
 		balloon_page_enqueue_one(b_dev_info, page);
 		n_pages++;
 	}
-- 
2.7.4

Re: [PATCH v1] mm/balloon_compaction: avoid duplicate page removal

[Michael S. Tsirkin]

On Thu, Jul 18, 2019 at 10:23:30AM +0800, Wei Wang wrote:
> Fixes: 418a3ab1e778 (mm/balloon_compaction: List interfaces)
> 
> A #GP is reported in the guest when requesting balloon inflation via
> virtio-balloon. The reason is that the virtio-balloon driver has
> removed the page from its internal page list (via balloon_page_pop),
> but balloon_page_enqueue_one also calls "list_del"  to do the removal.

I would add here "this is necessary when it's used from
balloon_page_enqueue_list but not when it's called
from balloon_page_enqueue".

> So remove the list_del in balloon_page_enqueue_one, and have the callers
> do the page removal from their own page lists.
> 
> Signed-off-by: Wei Wang <wei.w.wang@intel.com>

Patch is good but comments need some work.

> ---
>  mm/balloon_compaction.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/mm/balloon_compaction.c b/mm/balloon_compaction.c
> index 83a7b61..1a5ddc4 100644
> --- a/mm/balloon_compaction.c
> +++ b/mm/balloon_compaction.c
> @@ -11,6 +11,7 @@
>  #include <linux/export.h>
>  #include <linux/balloon_compaction.h>
>  
> +/* Callers ensure that @page has been removed from its original list. */

This comment does not make sense. E.g. balloon_page_enqueue
does nothing to ensure this. And drivers are not supposed
to care how the page lists are managed. Pls drop.

Instead please add the following to balloon_page_enqueue:


	Note: drivers must not call balloon_page_list_enqueue on
	pages that have been pushed to a list with balloon_page_push
	before removing them with balloon_page_pop.
	To all pages on a list, use balloon_page_list_enqueue instead.

>  static void balloon_page_enqueue_one(struct balloon_dev_info *b_dev_info,
>  				     struct page *page)
>  {
> @@ -21,7 +22,6 @@ static void balloon_page_enqueue_one(struct balloon_dev_info *b_dev_info,
>  	 * memory corruption is possible and we should stop execution.
>  	 */
>  	BUG_ON(!trylock_page(page));
> -	list_del(&page->lru);
>  	balloon_page_insert(b_dev_info, page);
>  	unlock_page(page);
>  	__count_vm_event(BALLOON_INFLATE);
> @@ -47,6 +47,7 @@ size_t balloon_page_list_enqueue(struct balloon_dev_info *b_dev_info,
>  
>  	spin_lock_irqsave(&b_dev_info->pages_lock, flags);
>  	list_for_each_entry_safe(page, tmp, pages, lru) {
> +		list_del(&page->lru);
>  		balloon_page_enqueue_one(b_dev_info, page);
>  		n_pages++;
>  	}
> -- 
> 2.7.4

Re: [PATCH v1] mm/balloon_compaction: avoid duplicate page removal

[Wei Wang]

On 07/18/2019 12:31 PM, Michael S. Tsirkin wrote:
> On Thu, Jul 18, 2019 at 10:23:30AM +0800, Wei Wang wrote:
>> Fixes: 418a3ab1e778 (mm/balloon_compaction: List interfaces)
>>
>> A #GP is reported in the guest when requesting balloon inflation via
>> virtio-balloon. The reason is that the virtio-balloon driver has
>> removed the page from its internal page list (via balloon_page_pop),
>> but balloon_page_enqueue_one also calls "list_del"  to do the removal.
> I would add here "this is necessary when it's used from
> balloon_page_enqueue_list but not when it's called
> from balloon_page_enqueue".
>
>> So remove the list_del in balloon_page_enqueue_one, and have the callers
>> do the page removal from their own page lists.
>>
>> Signed-off-by: Wei Wang <wei.w.wang@intel.com>
> Patch is good but comments need some work.
>
>> ---
>>   mm/balloon_compaction.c | 3 ++-
>>   1 file changed, 2 insertions(+), 1 deletion(-)
>>
>> diff --git a/mm/balloon_compaction.c b/mm/balloon_compaction.c
>> index 83a7b61..1a5ddc4 100644
>> --- a/mm/balloon_compaction.c
>> +++ b/mm/balloon_compaction.c
>> @@ -11,6 +11,7 @@
>>   #include <linux/export.h>
>>   #include <linux/balloon_compaction.h>
>>   
>> +/* Callers ensure that @page has been removed from its original list. */
> This comment does not make sense. E.g. balloon_page_enqueue
> does nothing to ensure this. And drivers are not supposed
> to care how the page lists are managed. Pls drop.
>
> Instead please add the following to balloon_page_enqueue:
>
>
> 	Note: drivers must not call balloon_page_list_enqueue on

Probably, you meant balloon_page_enqueue here.

The description for balloon_page_enqueue also seems incorrect:
"allocates a new page and inserts it into the balloon page list."
This function doesn't do any allocation itself.
Plan to reword it: inserts a new page into the balloon page list."

Best,
Wei

Re: [PATCH v1] mm/balloon_compaction: avoid duplicate page removal

[Michael S. Tsirkin]

On Thu, Jul 18, 2019 at 02:31:14PM +0800, Wei Wang wrote:
> On 07/18/2019 12:31 PM, Michael S. Tsirkin wrote:
> > On Thu, Jul 18, 2019 at 10:23:30AM +0800, Wei Wang wrote:
> > > Fixes: 418a3ab1e778 (mm/balloon_compaction: List interfaces)
> > > 
> > > A #GP is reported in the guest when requesting balloon inflation via
> > > virtio-balloon. The reason is that the virtio-balloon driver has
> > > removed the page from its internal page list (via balloon_page_pop),
> > > but balloon_page_enqueue_one also calls "list_del"  to do the removal.
> > I would add here "this is necessary when it's used from
> > balloon_page_enqueue_list but not when it's called
> > from balloon_page_enqueue".
> > 
> > > So remove the list_del in balloon_page_enqueue_one, and have the callers
> > > do the page removal from their own page lists.
> > > 
> > > Signed-off-by: Wei Wang <wei.w.wang@intel.com>
> > Patch is good but comments need some work.
> > 
> > > ---
> > >   mm/balloon_compaction.c | 3 ++-
> > >   1 file changed, 2 insertions(+), 1 deletion(-)
> > > 
> > > diff --git a/mm/balloon_compaction.c b/mm/balloon_compaction.c
> > > index 83a7b61..1a5ddc4 100644
> > > --- a/mm/balloon_compaction.c
> > > +++ b/mm/balloon_compaction.c
> > > @@ -11,6 +11,7 @@
> > >   #include <linux/export.h>
> > >   #include <linux/balloon_compaction.h>
> > > +/* Callers ensure that @page has been removed from its original list. */
> > This comment does not make sense. E.g. balloon_page_enqueue
> > does nothing to ensure this. And drivers are not supposed
> > to care how the page lists are managed. Pls drop.
> > 
> > Instead please add the following to balloon_page_enqueue:
> > 
> > 
> > 	Note: drivers must not call balloon_page_list_enqueue on
> 
> Probably, you meant balloon_page_enqueue here.

yes

> The description for balloon_page_enqueue also seems incorrect:
> "allocates a new page and inserts it into the balloon page list."
> This function doesn't do any allocation itself.
> Plan to reword it: inserts a new page into the balloon page list."

And maybe
" Page must have been allocated with balloon_page_alloc.".


Also
 * Driver must call it to properly enqueue a balloon pages before definitively

should be
 * Driver must call it to properly enqueue balloon pages before definitively


> 
> Best,
> Wei