From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id B879AC48BF8 for ; Tue, 20 Feb 2024 01:31:56 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 2AC6C6B007E; Mon, 19 Feb 2024 20:31:56 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 25CBD6B0080; Mon, 19 Feb 2024 20:31:56 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 125156B0081; Mon, 19 Feb 2024 20:31:56 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id 00D1B6B007E for ; Mon, 19 Feb 2024 20:31:55 -0500 (EST) Received: from smtpin19.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id 2BEB5A0562 for ; Tue, 20 Feb 2024 01:31:55 +0000 (UTC) X-FDA: 81810455790.19.508D901 Received: from sin.source.kernel.org (sin.source.kernel.org [145.40.73.55]) by imf03.hostedemail.com (Postfix) with ESMTP id 2F35820018 for ; Tue, 20 Feb 2024 01:31:52 +0000 (UTC) Authentication-Results: imf03.hostedemail.com; dkim=pass header.d=linux-foundation.org header.s=korg header.b=udjUBuNY; dmarc=none; spf=pass (imf03.hostedemail.com: domain of akpm@linux-foundation.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=akpm@linux-foundation.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1708392713; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=quY5NXL+1QgMY/t9SiQomgeHbAdQhPH2ixy0YuC6J5o=; b=10YIKFgKA53DlSuYqeqVNVwb6xCZE/poU+S0WqksDiDkk4aMPCGGv0B+2t86O80Axa9Tli AAA2HhsrY4kT+KQsK/UmFwIrDGb4DV+w8RC4D3k3qTIsHdPAmnU5sr9GNb+Oitvx93l6KE NjKLLw03DOAnD3D4g3Rv6O3lBrIgHpQ= ARC-Authentication-Results: i=1; imf03.hostedemail.com; dkim=pass header.d=linux-foundation.org header.s=korg header.b=udjUBuNY; dmarc=none; spf=pass (imf03.hostedemail.com: domain of akpm@linux-foundation.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=akpm@linux-foundation.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1708392713; a=rsa-sha256; cv=none; b=y790zWkP8Dd/bir5amU3A3p4l7g+UrL1hk8eho1qMBh/eA4QAa4zba3wK4auhTHG8OF7Wr fsTJPnSnM+jpIS28u7NfaIfwHWPaaqI8wiI8k0VCE23+383Ge3jmDNyHYxWAz8setDSMNR nbip2jjGn2CF9D+vwZMnWKW0xXBb1DE= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by sin.source.kernel.org (Postfix) with ESMTP id 506E5CE17C7; Tue, 20 Feb 2024 01:31:49 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 98352C433C7; Tue, 20 Feb 2024 01:31:47 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linux-foundation.org; s=korg; t=1708392708; bh=tpxsdC5YcAUY6lkZarOTnYclCEbb54OfNodgJZlo95Q=; h=Date:From:To:Cc:Subject:In-Reply-To:References:From; b=udjUBuNY3u4ggtpqTZdfZV2NKWbZ90+fhEhk7JDSiCyqqNGW4cwhpxQplUgvcZgog gKGRXmrGeyT1aDDEqwmQvl+CA8j7OnpCwrZCj/Xgw4BW1/vTc6H1US1P8FIsEjmnol BEWQh5IuFepzHNtpZSHCuoLimmHcMe2kfB2a7USo= Date: Mon, 19 Feb 2024 17:31:47 -0800 From: Andrew Morton To: Kairui Song Cc: Kairui Song , linux-mm@kvack.org, "Huang, Ying" , Chris Li , Minchan Kim , Barry Song , Yu Zhao , SeongJae Park , David Hildenbrand , Hugh Dickins , Johannes Weiner , Matthew Wilcox , Michal Hocko , Yosry Ahmed , Aaron Lu , stable@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH v4] mm/swap: fix race when skipping swapcache Message-Id: <20240219173147.3f4b50b7c9ae554008f50b66@linux-foundation.org> In-Reply-To: <20240219082040.7495-1-ryncsn@gmail.com> References: <20240219082040.7495-1-ryncsn@gmail.com> X-Mailer: Sylpheed 3.8.0beta1 (GTK+ 2.24.33; x86_64-pc-linux-gnu) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 2F35820018 X-Rspam-User: X-Rspamd-Server: rspam02 X-Stat-Signature: kfhjyu74kndwbiks6w1ukxa46qarbb6q X-HE-Tag: 1708392712-535899 X-HE-Meta: U2FsdGVkX1+UAX602Oy8Jy1M2Bl4p8J//HQ+zptYj1OLFQEINTKRym4y2WYh2fiGQRd6YqlM/rJhp57jhEjxnoLh3gQoSPLahwgtNfGcLmderfsNozJYgEXwcsEcp7sOsHWmZj2vl3iG2Nwlgwi4O+lvg30oc9OLYJix9u8rdI5C3QcG+3kTH9d1mgDBczq20Col35tL/OCXg/umps6i/d0cM8QBOyu2fKMmJ0ahVI1ejU5EwVgdYSqSJLRas/8Bf+PTiAX1IeHO3FF77Ul4LPF3ZLjO2tbFX74md0cmCMcliRZbwtDWOoVzNhbXzanORfpnYY72STi5BrYtwAPs78lfn669o53KN6GmhyA7440akWfLWzEo4froWhU4yvB0cmO9agaXU3rJi6rb7RMHSbRtSRp9E2fsjOvpH0wBdNwrO8TqudXZBPZJHaiL5a59vS37Q523DSLQYPgIi75qkYgeDwR/BLOIF+A3m84CLX26TLP2s7I8BMrP9z+tq9pX3OVRVbNmyM5lc/PUDhrZS7yJ1VJWLp62Cp+ZLqvfY43T8z+EsDgtejHIZNBDaxQ1Z749HrQrG6C8LKXweB95u/jLijGa2I1CjaygF4Fv5W5k1xiMGtNywjSWs7BHqhsC6DxqVq+EO0IoxVqKyQW0hrEjReFwC5l/pU5IdZFhJQPyT9ODukmoX5cbR2jNFE4BwQjAs/iP7HeBBuCAJcN8bzjxVHUUd5dvRjMCo+YSejD3TYJUHxORktEHrtTu+mA6ixxxL87rtZQuvQxaYhy7M5JbAzv7F691ycL6VgQ7GF9fJIuhwFMWEAGTnjNFyvUz5r89WKLJhvZumwZc7QJ/a3JueMe7+11OGkLDPUbl1KVUmLJPlKu8QiRmyjaPQ2PJvjr4JbV3Yo0PkP75NY/gg8BsaJRRPDFcvv6rlPlHzPs= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Mon, 19 Feb 2024 16:20:40 +0800 Kairui Song wrote: > From: Kairui Song > > When skipping swapcache for SWP_SYNCHRONOUS_IO, if two or more threads > swapin the same entry at the same time, they get different pages (A, B). > Before one thread (T0) finishes the swapin and installs page (A) > to the PTE, another thread (T1) could finish swapin of page (B), > swap_free the entry, then swap out the possibly modified page > reusing the same entry. It breaks the pte_same check in (T0) because > PTE value is unchanged, causing ABA problem. Thread (T0) will > install a stalled page (A) into the PTE and cause data corruption. > > @@ -3867,6 +3868,20 @@ vm_fault_t do_swap_page(struct vm_fault *vmf) > if (!folio) { > if (data_race(si->flags & SWP_SYNCHRONOUS_IO) && > __swap_count(entry) == 1) { > + /* > + * Prevent parallel swapin from proceeding with > + * the cache flag. Otherwise, another thread may > + * finish swapin first, free the entry, and swapout > + * reusing the same entry. It's undetectable as > + * pte_same() returns true due to entry reuse. > + */ > + if (swapcache_prepare(entry)) { > + /* Relax a bit to prevent rapid repeated page faults */ > + schedule_timeout_uninterruptible(1); Well this is unpleasant. How often can we expect this to occur? > + goto out; > + } > + need_clear_cache = true; > + > /* skip swapcache */ > folio = vma_alloc_folio(GFP_HIGHUSER_MOVABLE, 0, > vma, vmf->address, false);