From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 3A55FC83F1B
	for <linux-mm@archiver.kernel.org>; Wed, 16 Jul 2025 21:19:37 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id BF4C08D0006; Wed, 16 Jul 2025 17:19:36 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id BA56C8D0001; Wed, 16 Jul 2025 17:19:36 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id AE24C8D0006; Wed, 16 Jul 2025 17:19:36 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16])
	by kanga.kvack.org (Postfix) with ESMTP id 9DDD58D0001
	for <linux-mm@kvack.org>; Wed, 16 Jul 2025 17:19:36 -0400 (EDT)
Received: from smtpin12.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay02.hostedemail.com (Postfix) with ESMTP id 1A23912D8D7
	for <linux-mm@kvack.org>; Wed, 16 Jul 2025 21:19:36 +0000 (UTC)
X-FDA: 83671394352.12.9B9C96B
Received: from sea.source.kernel.org (sea.source.kernel.org [172.234.252.31])
	by imf26.hostedemail.com (Postfix) with ESMTP id 465D914000A
	for <linux-mm@kvack.org>; Wed, 16 Jul 2025 21:19:34 +0000 (UTC)
Authentication-Results: imf26.hostedemail.com;
	dkim=pass header.d=linux-foundation.org header.s=korg header.b=0jdCzKjm;
	dmarc=none;
	spf=pass (imf26.hostedemail.com: domain of akpm@linux-foundation.org designates 172.234.252.31 as permitted sender) smtp.mailfrom=akpm@linux-foundation.org
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1752700774; a=rsa-sha256;
	cv=none;
	b=JcA3pGxtBOy3coxXS0i2/op4UDb71dOjlUzTXW+T6PRB78PiUeo04e5P1giuidUKtCtAkm
	jDDrJEU0LgM1t3avY3XESKu/PjgFkPT32zCGVGneCeYiHu5XBDasRDJnW/T/H01gFso9tm
	JGcpZ7GbLNFDTDOCOitqrACCeF4wOiY=
ARC-Authentication-Results: i=1;
	imf26.hostedemail.com;
	dkim=pass header.d=linux-foundation.org header.s=korg header.b=0jdCzKjm;
	dmarc=none;
	spf=pass (imf26.hostedemail.com: domain of akpm@linux-foundation.org designates 172.234.252.31 as permitted sender) smtp.mailfrom=akpm@linux-foundation.org
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1752700774;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=w7vOS9S6BPcqU97+bqoDnaUoq5Q1tBaEurs+6KCuOwY=;
	b=OPj6GBWl8Y7fVZhhrNIi0sAtABIE/P2yKesDsKzLfaQqgXlh374+S0RjbZQLDyWWrea7QL
	Riwrs3EJtyPGm2Uh3IrgGCG62k4WJUtc3YE5L1rNtU7MFtGATImzoz+Hpq0bvBMJGux22F
	gQwKzME3s7gzFBZ/W3jmRc9+tNUVKZ8=
Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58])
	by sea.source.kernel.org (Postfix) with ESMTP id F3E4C451C8;
	Wed, 16 Jul 2025 21:19:32 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id A5270C4CEE7;
	Wed, 16 Jul 2025 21:19:32 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linux-foundation.org;
	s=korg; t=1752700772;
	bh=/JmxPB4cTLr0IibWQJNx/g20Oe33VTfhF06Cl9tw14U=;
	h=Date:From:To:Cc:Subject:In-Reply-To:References:From;
	b=0jdCzKjm31JDscUqED0ieanQUmYCbiBLIMgTX1jBuH1wasMjJlTGbXdCjwlN3Btin
	 eTGlJ7LtRctbQ7C0An4ZUvnomPzEpfPga1+jxPQnOdCVeGqF8Z4Xjh0cdAhY5vjqPp
	 uvDfwA9qlAQknoBBvjA3Hv32DPiZeavY9t/5DnBw=
Date: Wed, 16 Jul 2025 14:19:31 -0700
From: Andrew Morton <akpm@linux-foundation.org>
To: Yadan Fan <ydfan@suse.com>
Cc: linux-mm@kvack.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] mm: mempool: fix wake-up edge case bug for zero-minimum
 pools
Message-Id: <20250716141931.273ca3effdbc0f442523eac8@linux-foundation.org>
In-Reply-To: <8c0cdb71-8d21-497e-b793-c43ce3a16345@suse.com>
References: <8c0cdb71-8d21-497e-b793-c43ce3a16345@suse.com>
X-Mailer: Sylpheed 3.7.0 (GTK+ 2.24.33; x86_64-pc-linux-gnu)
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
X-Rspamd-Queue-Id: 465D914000A
X-Stat-Signature: hjspanbdsyrcrbm5m17uk8fykib5b6pj
X-Rspam-User: 
X-Rspamd-Server: rspam08
X-HE-Tag: 1752700774-927972
X-HE-Meta: U2FsdGVkX1+0Q9jDFt/0sJGQv5/uaXpUedCEfM2M8iHoOSogWjzNzxOeIjlzCz/ioOOaqM+YUxLt6EYkdeX52YDU7jFx20Ns8npZ8pTlNQPCVRUnH1ainRRA3CwDBmkYd2oaViC/f5BuVQqW9E3l0Bfut2WTOblI0VeK9MdX0QuIDC9q9lLlzOItGEwbiirr3WZFzkHPnuz9E5JKMQupIqKG2TcPBeRRcz2gr7jwGR7tMuirtdFX9hJ2pmDs3tfC/aNH0n+eBSM+tYoe8XXKJDp9PZBTAW2xeg2FNmIBNFh6z92SE6RFeauugl2Rv+y/1rmi/YUV+NA1dJIyQ1ufBtiAH/cPKr+W3a8dpMaaAaB0z9PzwSg0eCHMnBGT2N1qz8/S0k3yqh0NpNi5e5E0EZA2YGi7LECGpKqo1MGfVXBCaWE2qKv21KpqW/Sd2XB1DAHr4sa5EsuQ0gSvJ3cXjFtVgCDku/bw6b6gz78anuACQRQ3PRp0Rs3jjs+LGXZXx8eiVTlf2fctxJuWnM7jU03z4s2HXQNx2XGioQmfKEpQLCKiJ2QWIJkk+RDxiX7jeScE1M3EPA0s3MjTbOtnx/FztY/+bxGRY8ocv7Y/oAVekAVVWQpdC3r7+e7X2Wv516TQuqXURO8xpA19ZEPZOFg7x6rF8wY8TsMjmdyFE37pscrvvZeLWoVcCsGO1RYXWJlSwfE4k+DJ0/hHAjt/ch1Js9x0m8IYkgWF7U0wF3Okrrp1DGu9rhf1xprxyBhNV96N/Ld1HjwcTFeVIDCDKwlHgGKegT43AzdwKv/87eBCowfSNxX6igrR2ZfKeIV2D7/XphCw0GIYjHZs5nZDeBx8Vk6j34ec5x6Ul9ddeYNtchnwg/ZYdQ3huzF9MD/Y6QnNxb7UCWwHuLDjXlN28aR2qC4jFtwPZHU8fO+QqFNzXs5UZiIjYkpGUgCQpLH2qDS5mVqcmRIBFwiau3u
 Atny7xgA
 0HKqeuRfhWFkTCRbuRhlmCwyOqhrqp9B2C+/n/1WmaAw3lR3pviDzJNyTvXw+0C1BJOyHaJdO4f3US66zYaL3alz49atbJu8AZVRLzF7llvuLZLdQ4k9Er1y0Wp2PTJVmJNzO9VQmLIaBdizugNf7xcKv5m7g9meilHFtNUZ+Rxvck4HgPAkX/nNktraEn2780PT/52/g8zRvdeaHJxVLzzRiOxATNF6XxOXHRJMZlC+MHrB8cJQDsjZqjc8urMSkgngh/X1BtfgEL6MOfYUFvMBnnyRkgeZCh3z6afLwNlcy2zaxPixwnQyETw==
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>
List-Subscribe: <mailto:majordomo@kvack.org>
List-Unsubscribe: <mailto:majordomo@kvack.org>

On Wed, 16 Jul 2025 23:37:30 +0800 Yadan Fan <ydfan@suse.com> wrote:

> The mempool wake-up mechanism has a edge case bug that affects pools
> created with min_nr=3D0. When a thread blocks waiting for memory from an
> empty pool (curr_nr =3D=3D 0), subsequent mempool_free() calls fail to wa=
ke
> the waiting thread because the condition "curr_nr < min_nr" evaluates
> to "0 < 0" which is false, this causes threads to sleep indefinitely.
>=20
> There is at least 2 places where the mempool created with min_nr=3D0:
>=20
> 1. lib/btree.c:191: mempool_create(0, btree_alloc, btree_free, NULL)
> 2. drivers/md/dm-verity-fec.c:791:
>  =A0=A0 mempool_init_slab_pool(&f->extra_pool, 0, f->cache)

This is very old code.  Can you suggest why this has taken so long to
surface?

Which is a roundabout way of asking "should this be backported into
-stable kernels".  For that we'd need to know how this issue is
affecting our users.

> Add an explicit check in mempool_free() to handle the min_nr=3D0 case:
> when the pool has zero minimum reserves, is currently empty, and has
> active waiters, wake them up. The wq_has_sleeper() avoids unnecessary
> wake-ups when no threads are waiting.

Do we need the separate test?  What's wrong with the obvious approach
of replacing the "<" with "<=3D" in the preceding test?

And would the previous (ie, existing) test benefit from the
wq_has_sleeper() check?

> --- a/mm/mempool.c
> +++ b/mm/mempool.c
> @@ -545,6 +545,22 @@ void mempool_free(void *element, mempool_t *pool)
>  =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 }
>  =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 spin_unlock_irqrestore(&po=
ol->lock, flags);
>  =A0=A0=A0=A0=A0=A0=A0 }
> +=A0=A0=A0=A0=A0=A0 /*
> +=A0=A0=A0=A0=A0=A0=A0 * Handle the min_nr =3D 0 edge case:
> +=A0=A0=A0=A0=A0=A0=A0 * For zero-minimum pools, curr_nr < min_nr (0 < 0)=
 never succeeds,
> +=A0=A0=A0=A0=A0=A0=A0 * so waiters sleeping on pool->wait would never be=
 woken by the
> +=A0=A0=A0=A0=A0=A0=A0 * normal wake-up path. This explicit check ensures=
 that when
> +=A0=A0=A0=A0=A0=A0=A0 * pool->min_nr =3D=3D 0 and pool->curr_nr =3D=3D 0=
, any active waiters
> +=A0=A0=A0=A0=A0=A0=A0 * are properly awakened.
> +=A0=A0=A0=A0=A0=A0=A0 * The wq_has_sleeper() avoids unnecessary wake-ups=
 when no
> +=A0=A0=A0=A0=A0=A0=A0 * threads are waiting.
> +=A0=A0=A0=A0=A0=A0=A0 */
> +=A0=A0=A0=A0=A0=A0 if (unlikely(pool->min_nr =3D=3D 0 &&
> +=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 READ_ONCE(pool=
->curr_nr) =3D=3D 0 &&
> +=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 wq_has_sleeper=
(&pool->wait))) {
> +=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 wake_up(&pool->wait);
> +=A0=A0=A0=A0=A0=A0 }
> +

Something strange is happening with the whitespace here.  I pretty much
retyped the patch.  Please have a chat with your email client ;)