From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id C6C6CC677C4 for ; Wed, 11 Jun 2025 07:41:43 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 56A1D6B008A; Wed, 11 Jun 2025 03:41:43 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 51AC96B008C; Wed, 11 Jun 2025 03:41:43 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 4305F6B0092; Wed, 11 Jun 2025 03:41:43 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id 2A3C66B008A for ; Wed, 11 Jun 2025 03:41:43 -0400 (EDT) Received: from smtpin17.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id 9E358100584 for ; Wed, 11 Jun 2025 07:41:42 +0000 (UTC) X-FDA: 83542325244.17.7D45121 Received: from out30-130.freemail.mail.aliyun.com (out30-130.freemail.mail.aliyun.com [115.124.30.130]) by imf10.hostedemail.com (Postfix) with ESMTP id 7459FC000A for ; Wed, 11 Jun 2025 07:41:39 +0000 (UTC) Authentication-Results: imf10.hostedemail.com; dkim=pass header.d=linux.alibaba.com header.s=default header.b=hHFZ1Ths; spf=pass (imf10.hostedemail.com: domain of baolin.wang@linux.alibaba.com designates 115.124.30.130 as permitted sender) smtp.mailfrom=baolin.wang@linux.alibaba.com; dmarc=pass (policy=none) header.from=linux.alibaba.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1749627700; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=uq80mpSiBoOoP0SpXROsynAkOFNz2d9hYKWr1AlfZnY=; b=BnpU5kCY3qDCyXieLpPZTYQacApy6gfNSCkE7Z3rBJH9sUjzIew8Z9UvILXi7dEdrQTlqW 07WXCNSp580yCqjGBscjvuOUNE56e/dpslGUE+t+p3ueIOwWDesirx27LCBJJAF+4auzr9 O78+XiINDQuoWkc2snAfUMdEmiq56zY= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1749627700; a=rsa-sha256; cv=none; b=SrkZSSTdakmzfKQToDxA60Cxfl7X1Q4RZpblbSY3uEEwFNrW8NAfxQ1XlVCCpoBkhFzN59 iNs545CvlgGsVIiVIaKD4d8HZ6mhDxc2TAqbd/0IPAXJE4+PhAep7EorOQ7sE9wbNwRdLy TXhq/+Dj1bZDq6o+3Ru78PtBCsyEyuc= ARC-Authentication-Results: i=1; imf10.hostedemail.com; dkim=pass header.d=linux.alibaba.com header.s=default header.b=hHFZ1Ths; spf=pass (imf10.hostedemail.com: domain of baolin.wang@linux.alibaba.com designates 115.124.30.130 as permitted sender) smtp.mailfrom=baolin.wang@linux.alibaba.com; dmarc=pass (policy=none) header.from=linux.alibaba.com DKIM-Signature:v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.alibaba.com; s=default; t=1749627696; h=Message-ID:Date:MIME-Version:Subject:To:From:Content-Type; bh=uq80mpSiBoOoP0SpXROsynAkOFNz2d9hYKWr1AlfZnY=; b=hHFZ1Thsc89b5nTnkNqAaVoaG5hFzpC06z1s4xPs50eChwPZueMJuztZQeUmzVtyvQUARc1EdYzbHTO/pUUfwsIYJCjAeRB2S8Uwvt/oITquDSJKEeOf1cshxZ9SHhY4tIeXDqDRxsFrmQSjEHwmxduUCqT0+lbNiC0sAhECWS8= Received: from 30.74.144.128(mailfrom:baolin.wang@linux.alibaba.com fp:SMTPD_---0WdcFevd_1749627695 cluster:ay36) by smtp.aliyun-inc.com; Wed, 11 Jun 2025 15:41:36 +0800 Message-ID: <24580f79-c104-41aa-bbdb-e1ce120c28a0@linux.alibaba.com> Date: Wed, 11 Jun 2025 15:41:35 +0800 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH 2/7] mm: shmem: avoid setting error on splited entries in shmem_set_folio_swapin_error() To: Kemeng Shi , hughd@google.com, willy@infradead.org, akpm@linux-foundation.org Cc: linux-mm@kvack.org, linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org References: <20250605221037.7872-1-shikemeng@huaweicloud.com> <20250605221037.7872-3-shikemeng@huaweicloud.com> <100d50f3-95df-86a3-7965-357d72390193@huaweicloud.com> From: Baolin Wang In-Reply-To: <100d50f3-95df-86a3-7965-357d72390193@huaweicloud.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Rspam-User: X-Rspamd-Server: rspam10 X-Rspamd-Queue-Id: 7459FC000A X-Stat-Signature: deh7w9dqsjwhgockxasgseotr7bxq9oa X-HE-Tag: 1749627699-125779 X-HE-Meta: U2FsdGVkX1/yAmEWe/S+K8zieMb1ocqo6ZdEDItKL5KqCySndCtm1BRucmeQfL2ApPhk2i8hRcJU4INU2QIdBXc/gKhE+ZxtJEdDrtnLPk/X2Nx+vVHgCYmVFZ+Hw4koIM0xWS3r37pbJZtg/GaNDN3v+nPIdXt3lI7bXdeXuKfPbX6Se/mjeK57yyAQ1MVrgjJvKKi8+TllI5eiT1AguaIvN0jNaJPLx1cY2b/iWp1XoddVaqyAUAtXedMMnoYiZeT20gae1Znh+EZtmB65WeZwXcPvcs+v/SF6bJrXshae3vsZlPA1fFPysTq3IeEfAmLQ2RVa+Ea5bsv00WXwkVUMFKuXAArdKGsHqgg98whbWwn9hbPHZ1HzWIUr8Ak9Cj4RaJ8M5Do2ntK8ONC0PfsY7TIJXmswUb5S/q60WThLLZeCqiBMHXw/XTaWTeBKcjFsUtf0wemf7N3yfPInGGTSdAjDvaCswySny4L5+AvFQG0/de35Yl21q2x63h1Khk9Y8N5XMtyU+vrGfL/vvAAkpjqFc+DSHEYyLhsdUCLncA+nrdVOFR+8vcZitpHtK2WNtddLw+Cd0KG61vUGq1+wXazEFjx0i5iQ7eoTryLIT09nV07k+PxVa5bXpeG8IknLgOvN8PegFrO6ZIHr2pGoE0HPybyhmI4ymOM+9uzYcTdI+r6IoowSM45OSniVFO1lgM3wIcvhW00+9b2VGiUb853jxnx8bRz6OPg8VYAaZrGdsOOAJT9tyt9hKDgbfxwkY291Ttkqmx8vxb6BYe6vdBnHvR6NNnYJBL28U+K2zimydQirQh0wzUJUaSWWXGNE540bjDkpSCygjEQh4Puu5jlq+zM/Xs5wB2z+DETfXSbBysqLdPcMcrLCH0C/fqGDJtDI9oZpUPHB2r8hsc6gzUuxf608dCpcI9iaSSUEqT/GH1QtOpgpy6uZo0oNKqIC54k8DrRaz4YfNbh EreJOB9T Fi+2qiybwbG8DFZ0hKk/kdlnkfuGSYJUf/c2rNRnvtL/waYbRfcTUf8/DPgsg6RvYfzG8I8E1FBG/273m1P0SByYruWdggZNnm+QT9KampNU8wy0ljDBTfDqVyzCtGRDkHaVB405BEbiXDKnGp+ogzWZ3pGbkFuAIsed6bYX2UVaIrx9eAMS26LoHBWgeryE/7WX3uTUKx8myyNegFsTZGGLz1SvPCSC10beXr9xlpqQycX1k3lfOZCGZtK4zfsaO4shhQnRMQSbRVDiqM2UXEBNIifbXQ9kqOEjovwK2Hq8AsoUy4JnXeqDkSQH/BrmV/AOQkZwW9544ui4H8Lg/CvFwzLBXiWpv+RhFhMozd+D4258ahquPjjRwTIqDt6tA6uFx32Tg2wUUsXbep978eWlMpjX0Pvco9K5r X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On 2025/6/9 09:19, Kemeng Shi wrote: > > > on 6/7/2025 2:20 PM, Baolin Wang wrote: >> >> >> On 2025/6/6 06:10, Kemeng Shi wrote: >>> When large entry is splited, the first entry splited from large entry >>> retains the same entry value and index as original large entry but it's >>> order is reduced. In shmem_set_folio_swapin_error(), if large entry is >>> splited before xa_cmpxchg_irq(), we may replace the first splited entry >>> with error entry while using the size of original large entry for release >>> operations. This could lead to a WARN_ON(i_blocks) due to incorrect >>> nr_pages used by shmem_recalc_inode() and could lead to used after free >>> due to incorrect nr_pages used by swap_free_nr(). >> >> I wonder if you have actually triggered this issue? When a large swap entry is split, it means the folio is already at order 0, so why would the size of the original large entry be used for release operations? Or is there another race condition? > All issues are found during review the code of shmem as I menthioned in > cover letter. > The folio could be allocated from shmem_swap_alloc_folio() and the folio > order will keep unchange when swap entry is split. Sorry, I did not get your point. If a large swap entry is split, we must ensure that the corresponding folio is order 0. However, I missed one potential case which was recently fixed by Kairui[1]. [1] https://lore.kernel.org/all/20250610181645.45922-1-ryncsn@gmail.com/