From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 45D6FC001B0 for ; Mon, 10 Jul 2023 07:58:21 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id D547D6B0072; Mon, 10 Jul 2023 03:58:20 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id D054E6B0075; Mon, 10 Jul 2023 03:58:20 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id BCBFE6B0078; Mon, 10 Jul 2023 03:58:20 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id A3BEF6B0072 for ; Mon, 10 Jul 2023 03:58:20 -0400 (EDT) Received: from smtpin12.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id 450B6AFA0A for ; Mon, 10 Jul 2023 07:58:20 +0000 (UTC) X-FDA: 80994949560.12.DFD1EBC Received: from out-14.mta0.migadu.com (out-14.mta0.migadu.com [91.218.175.14]) by imf16.hostedemail.com (Postfix) with ESMTP id 53672180019 for ; Mon, 10 Jul 2023 07:58:18 +0000 (UTC) Authentication-Results: imf16.hostedemail.com; dkim=pass header.d=linux.dev header.s=key1 header.b=H6ST3Ijv; dmarc=pass (policy=none) header.from=linux.dev; spf=pass (imf16.hostedemail.com: domain of naoya.horiguchi@linux.dev designates 91.218.175.14 as permitted sender) smtp.mailfrom=naoya.horiguchi@linux.dev ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1688975898; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=HVMEOtNfmrAJbNlYNLeJkpBJ86lBc5FefQaiwluDrmo=; b=TrRz8Se1yfRB7uDlYaHk2b8QmgiNTVIz0o7Mfi3sbp8z2ZTPkDvRyzztrxyXHrS/jDGQ48 +lvNxyFfz1LdE9Fib/zhEZtAQoUv42WSMj1+PeZ6+J0IHEHK3tUTbIO9UAG7D/eDsRaa09 teeg5jWmGGQohVBnGU4xsxdvLQQlWzo= ARC-Authentication-Results: i=1; imf16.hostedemail.com; dkim=pass header.d=linux.dev header.s=key1 header.b=H6ST3Ijv; dmarc=pass (policy=none) header.from=linux.dev; spf=pass (imf16.hostedemail.com: domain of naoya.horiguchi@linux.dev designates 91.218.175.14 as permitted sender) smtp.mailfrom=naoya.horiguchi@linux.dev ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1688975898; a=rsa-sha256; cv=none; b=i47b3dooa1cSGkIqxC+RJY9J9PfeUw1rT96t7f4H0eElD+jYySdDDAn+kNROzwJrZOrUnh Zpv1ptjkS5XiPA8QkhR3lUEtJ6HR3lT2PnGVvRf9YPwZu0tZoxeGbK/HEaAbwgjYEUfjkp 5I9f3thvliBMxnAZzYI0b/1tp5TKV+k= Date: Mon, 10 Jul 2023 16:58:12 +0900 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1688975897; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=HVMEOtNfmrAJbNlYNLeJkpBJ86lBc5FefQaiwluDrmo=; b=H6ST3Ijv+TfXMWOtilgr8Ll8L0J/2ivFMLsOaSbXrc3O0IE8/Q4oBPLl/LeOy8gJB6j2lg rKzmVYnsjHynEBV836ohplSW+R3c8Tmt+9eYtN1BBcnzTbyFup7auNcjGPlXY7isKL09RU aHc1tzI1Nj1xSdtqCTLFNyTv0WgXhQE= X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. From: Naoya Horiguchi To: Miaohe Lin Cc: akpm@linux-foundation.org, naoya.horiguchi@nec.com, linux-mm@kvack.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH 8/8] mm: memory-failure: fix race window when trying to get hugetlb folio Message-ID: <20230710075812.GH1686200@ik1-406-35019.vs.sakura.ne.jp> References: <20230708085744.3599311-1-linmiaohe@huawei.com> <20230708085744.3599311-9-linmiaohe@huawei.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20230708085744.3599311-9-linmiaohe@huawei.com> X-Migadu-Flow: FLOW_OUT X-Rspam-User: X-Rspamd-Server: rspam12 X-Rspamd-Queue-Id: 53672180019 X-Stat-Signature: b8csyd8ktmp7i68nhr8epcwxduodftk6 X-HE-Tag: 1688975898-635251 X-HE-Meta: U2FsdGVkX1+1IBF0PY6qtd3r85MfZmFcpoQ0beA2NXV3wwBII0vrT8xKpZ6GHLRXvYpDNDGrDTN1njnFRGpG77pApO798tBm2v0d4OCiyz4i3TlbPHLr25v/ZawHTywpT1rL1Z/ZOdMh3zR3UApn+8GgpSNfLOXDoDI1kDu6kAYlryzWlmsj7nHTkcayrn0k0JkE04h8dE9Qi3wJsAyEoeWHZGtQCYg/tha1e7aLBAFyHUY3CRNYDZqD+ZNOH/pwsAmzFcjfyxMAhqXLhbdelLRN3Cz921MkUURQ73xnIjszhaQLl/ooXhGyduilzzfhFqUo2UT0MNRqSGQO20HRdUfyRPUZuMisjbyz3hsluYB5n553MRYTGufKDTMSFianFz5fsuOMdqT5O6uW0u050J33fRfWb22rv2g0Utq/v8SaCwlbO88dBvQCO2viOy07E2dxv/Os7o2iQqSItOrANf6KBemI24djNzIt01UoF/DW1GdX2eWEjNeN8qJPxij6e86TrxfkvT6E02O4kcil8dTs6nY/U+n1pwn+s5AHr9Y0qQKcM8GwcOblkh4lyVkbgLG3Ru/aAjAeERNQvFsZhZmq5VE8Q+xgQtvV/RwHrSYdEKBfeJGG/+7mqWeqUFuwwhTv4oidCv7OxtpQGN3c0gxiVlVicrPMxGfUuLHjzDW2t5NzfpZQci7i5XVi2qPVQBHkytbQlK9AnzwbZO/GMsOfoEOl6STxyIUxODo9yAzVqfXzJOk0cJuSX/xyq5lU1Ylv07uSh4YuxjsWJZoEmhlpvPejtDFVnupPDPPjgmpcH31mfyPlA4hWLkU4Ecms5JnsnP/6lfXJw++i8GdK0M+j6bDmpGzy81PviHTx28fGBlZdixucKkIq7+vhjMLRJAsYQby5NdUdo98uEfWc6pW+3UObAW6vcHjT7N2d22o+PYB4T5gc13xpnNFOsUIjIHkxatWVm4bT3M/hPry duxc5Rwf +1fbLvd9vGlEWJ6WYlwZU7skMAl8ZK3jKmFPJ6PqWsd98ZDnWcfYY1dYXalA14LSMhvL/lZcCg0ddYTl7a8QsM2tUg8rLx2VJw5r2 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Sat, Jul 08, 2023 at 04:57:44PM +0800, Miaohe Lin wrote: > page_folio() is fetched before calling get_hwpoison_hugetlb_folio() > without hugetlb_lock being held. So hugetlb page could be demoted > before get_hwpoison_hugetlb_folio() holding hugetlb_lock but after > page_folio() is fetched. So get_hwpoison_hugetlb_folio() will hold > unexpected extra refcnt of hugetlb folio while leaving demoted page > un-refcnted. Very nice, thank you for finding the issue. > > Fixes: 25182f05ffed ("mm,hwpoison: fix race with hugetlb page allocation") > Signed-off-by: Miaohe Lin > --- > mm/memory-failure.c | 18 ++++++++++++++---- > 1 file changed, 14 insertions(+), 4 deletions(-) > > diff --git a/mm/memory-failure.c b/mm/memory-failure.c > index 76d88d27cdbe..066bf57f2d22 100644 > --- a/mm/memory-failure.c > +++ b/mm/memory-failure.c > @@ -1388,8 +1388,14 @@ static int __get_hwpoison_page(struct page *page, unsigned long flags) > bool hugetlb = false; > > ret = get_hwpoison_hugetlb_folio(folio, &hugetlb, false); > - if (hugetlb) > - return ret; > + if (hugetlb) { > + if (folio == page_folio(page)) > + return ret; Some short comment about the race against demotion here is helpful. Anyway, the patch looks good to me. Acked-by: Naoya Horiguchi > + if (ret > 0) { > + folio_put(folio); > + folio = page_folio(page); > + } > + } > > /* > * This check prevents from calling folio_try_get() for any > @@ -1478,8 +1484,12 @@ static int __get_unpoison_page(struct page *page) > bool hugetlb = false; > > ret = get_hwpoison_hugetlb_folio(folio, &hugetlb, true); > - if (hugetlb) > - return ret; > + if (hugetlb) { > + if (folio == page_folio(page)) > + return ret; > + if (ret > 0) > + folio_put(folio); > + } > > /* > * PageHWPoisonTakenOff pages are not only marked as PG_hwpoison, > -- > 2.33.0 > > >