From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 93D86C30653 for ; Thu, 27 Jun 2024 22:47:26 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id EB0666B0099; Thu, 27 Jun 2024 18:47:25 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id E5FF76B009A; Thu, 27 Jun 2024 18:47:25 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id D4E646B009B; Thu, 27 Jun 2024 18:47:25 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id AD22A6B0099 for ; Thu, 27 Jun 2024 18:47:25 -0400 (EDT) Received: from smtpin10.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id 68CC3A119C for ; Thu, 27 Jun 2024 22:47:25 +0000 (UTC) X-FDA: 82278156450.10.A922F22 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf01.hostedemail.com (Postfix) with ESMTP id 9A1694001D for ; Thu, 27 Jun 2024 22:47:23 +0000 (UTC) Authentication-Results: imf01.hostedemail.com; dkim=pass header.d=linux-foundation.org header.s=korg header.b=ml7sVsFv; spf=pass (imf01.hostedemail.com: domain of akpm@linux-foundation.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=akpm@linux-foundation.org; dmarc=none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1719528435; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=5uqwzqS9BRlsZigpfxxDYBxGYlZqQcPiQxsgW6pSErM=; b=KrCT+rzxPWplT4vsGnbrsbWqgef0EmKUWuLD56YVHDEPMFZWzkImBiQfF+bstn49ZiY6N2 uThGlg8Y7Fyitlpz5w3K2UL6L96G1iGdonBzmeAb+dqJnxOQW6kLwQbL9hgHFk4xX9uhWC hKSp3bqcE0As5OcFGKMncX2ENgTW0Fw= ARC-Authentication-Results: i=1; imf01.hostedemail.com; dkim=pass header.d=linux-foundation.org header.s=korg header.b=ml7sVsFv; spf=pass (imf01.hostedemail.com: domain of akpm@linux-foundation.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=akpm@linux-foundation.org; dmarc=none ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1719528435; a=rsa-sha256; cv=none; b=JQsFtsS5b6HnLJKv/bLnZJZxwWhvVyvKfFh1IJdQxEBe490g5ZMFc0NvwMO2gBgNEn+CkP M1jQApbv1Ka5pT+sye3O0D5k8xqmMy7eGe+FsgfSfnKjTui32kMOZj+XRQ12T25IexwPCl 7Z8+Bq4H18x8rxXE4fOdhwCZDLBWH3o= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id 7DDD261EF0; Thu, 27 Jun 2024 22:47:22 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id D0B7AC2BBFC; Thu, 27 Jun 2024 22:47:21 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linux-foundation.org; s=korg; t=1719528442; bh=XhR9dRhGH2Fpol0L63NLsuvdHiR3HGZLERYxyMMGTuA=; h=Date:From:To:Cc:Subject:In-Reply-To:References:From; b=ml7sVsFvH8C2/He23axIm4syYXKh5a/OzCai1M7xaJDMfjRsGJma1zvgny7+cXyt+ D9vEF1mTXwBVbFeoYvJSp2wPZNKXFN8vP2eENw1TSZUE3vrEJC/YW58QRApGk/Pzxn 7YRZ71d5GMfPYgyZWIXCM9nqPgij5Iy49kQk76KE= Date: Thu, 27 Jun 2024 15:47:21 -0700 From: Andrew Morton To: Yu Zhao Cc: Muchun Song , David Hildenbrand , Frank van der Linden , "Matthew Wilcox (Oracle)" , Peter Xu , Yang Shi , linux-mm@kvack.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH mm-unstable v2] mm/hugetlb_vmemmap: fix race with speculative PFN walkers Message-Id: <20240627154721.69aea29609984bd5422afc97@linux-foundation.org> In-Reply-To: <20240627222705.2974207-1-yuzhao@google.com> References: <20240627222705.2974207-1-yuzhao@google.com> X-Mailer: Sylpheed 3.7.0 (GTK+ 2.24.33; x86_64-pc-linux-gnu) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Rspamd-Server: rspam03 X-Rspam-User: X-Rspamd-Queue-Id: 9A1694001D X-Stat-Signature: fhdns9arwo3fpjiawk44x6aebb7cumfi X-HE-Tag: 1719528443-559597 X-HE-Meta: U2FsdGVkX18n+SKP7oTBpWvfMaGeEKbo5FAIWxiBAbbDCRzyS6pu+Sr3kDuUEszRNvHerMT+Z5PgydB+0cXd2Xit0CBINcHvmXZuOqmkUJOkLIsmQNOtT/HR3eil3Edw1C1462sUnGwoE9AjPnEVGg9lsGFuccD7ETatofHemjidaEUV2/kNy6kBT5wfvC5P0dhp2dG6Y0ET0YWXjL+QqwUNQYkmybLOFMfzV8luofjOpzTNxI489r+um4IJlzOKR9F7L1JPZ5ECZZPZitc0QTYst0haWCkmaSjvOilSP814BJRZdJ48SGhnVjALL18l1mFWWH+WuadKIRGGpYY0j1VOSyH7BvhHDWnPZbPJDPrQyrcoSg9RkO0zGNwrZK/PO44SmmbixBDyCZ7SbrH4SFPX/ZNZP7nVIo+eGEJsQMrK90SNyvvxLRJMOA3ZfXBOFzvfqxs2YuiRlx3YEIZZaGJT9D+S2VKprxBayXjx588duzkfv/WLxSntoKiEPUNI1CWg8/zYhMp6F07rxKsAPrpTU7+7uFCUp2Xm/+Uu990eDlbDonnntVAO17lJlVWr/yegGSeARGYDBoVPlHbWYnLpSp4IGKFTsHnTkj/LnsDOvMcgHdxqyIvgUc6ejRUaTGW0s7VhpS+xHFKRO0joQOfND0TR6tOTqHvMVrbpAbfLb0ylRJj2uqV4gO40hZN/vihaKznrlfqziI3mXLAj8LmenMpM39WeMX3JzIM6wrZDe+eiBqJbyXrYkKWGPQN2IDFlBvtKhRXewvM4zval5dddI0U1Bog5E45HoMEY2RTrD+cxWbsCnZNA1IQhzTLIlu0pgWIbDvkYKgVQPK1Qqb3eN9zXD4W7eSZJxjSt6NbueijHI/yZxiQUB5BIGkik6Ugqg/FboY6Ko2B/pUG/gMCccPLwtY/10GXqEnCdUkHlSEVYbgZf7GNasIk7q3ovwVfSbJaa3EZbxsoPq0B Alw8aQ7J q0Rrq2qaFut/nUNPy39W16RxErbKz0DBur7+YO+2LMaCQQUpKpFA6UjJ+XCbwbFPsTbE4tWE+Y5N8rAQo72XVR/L6mZUJ+98a/DbfDD81helkeO/LgGry01IvGLLboT371QxdJo2LxZ89ptcSPanfBh0p4Sj/6em9U5eqXN8XZtQnq4foSkaPcWeeItQG7KCUUhfTxIgwHkY1BEW/TghEQmc/dPxB6PSIMpmFRXtoDHxtknYppsC0YaU57dEzslOfcScKnrsWhgULWf1hsH2iOtCk5xt/GTccmLmm8OHvFHpdB2I= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Thu, 27 Jun 2024 16:27:05 -0600 Yu Zhao wrote: > While investigating HVO for THPs [1], it turns out that speculative > PFN walkers like compaction can race with vmemmap modifications, e.g., > > CPU 1 (vmemmap modifier) CPU 2 (speculative PFN walker) > ------------------------------- ------------------------------ > Allocates an LRU folio page1 > Sees page1 > Frees page1 > > Allocates a hugeTLB folio page2 > (page1 being a tail of page2) > > Updates vmemmap mapping page1 > get_page_unless_zero(page1) > > Even though page1->_refcount is zero after HVO, get_page_unless_zero() > can still try to modify this read-only field, resulting in a crash. Ah. So we should backport this into earlier kernels, yes? Are we able to identify a Fixes: for this? Looks difficult. This seems quite hard to trigger. Do any particular userspace actions invoke the race?