From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id BEB31D6EC0B for ; Fri, 29 Nov 2024 13:40:41 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 50EFD6B0082; Fri, 29 Nov 2024 08:40:41 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 4BDDA6B0089; Fri, 29 Nov 2024 08:40:41 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 35E8B6B008C; Fri, 29 Nov 2024 08:40:41 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id 17FA66B0082 for ; Fri, 29 Nov 2024 08:40:41 -0500 (EST) Received: from smtpin07.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay10.hostedemail.com (Postfix) with ESMTP id 9C0FDC02F4 for ; Fri, 29 Nov 2024 13:40:40 +0000 (UTC) X-FDA: 82839242262.07.8B8FB99 Received: from fout-a4-smtp.messagingengine.com (fout-a4-smtp.messagingengine.com [103.168.172.147]) by imf22.hostedemail.com (Postfix) with ESMTP id 28358C001A for ; Fri, 29 Nov 2024 13:40:28 +0000 (UTC) Authentication-Results: imf22.hostedemail.com; dkim=pass header.d=shutemov.name header.s=fm2 header.b="N gk+Hi0"; dkim=pass header.d=messagingengine.com header.s=fm1 header.b=ABysHRM4; spf=pass (imf22.hostedemail.com: domain of kirill@shutemov.name designates 103.168.172.147 as permitted sender) smtp.mailfrom=kirill@shutemov.name; dmarc=none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1732887630; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=h46sUWkmGOYezCFJtOC5vKVOrSkLwYy7bd1paRuMmx4=; b=WkZg4thIB8dxexBIzaa+Kpme0JZpfgjZltSoZdcWz+2SJA2pbv7Jsb5H2ZWtPSxGMDkZFh cpySyFMBZmXE1sGhMOtKuEzcyjrE7tgfV2jSb1Vh9ClnSDzlBrk3TPpwAxATOiSPJZuI7v 69CxKqGapMIOrAGPmvgkN+gJdwSfoiY= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1732887630; a=rsa-sha256; cv=none; b=gsl1Cna7/Ftvm+fbNWEPzN5C/3XKQ3/S9hmCvGezbhbEM/iMfhzVclJCTG3WAIWY4cd6ot fWjoTJOpmd50HByVzJAM3ldJ9D6wjx1ulpkmRsvKi1fydykoKpS4IAJ+diPypmW+uk1aZ/ zvPHh/83Xi23JV0ZhNkkZUU0ckkhF6o= ARC-Authentication-Results: i=1; imf22.hostedemail.com; dkim=pass header.d=shutemov.name header.s=fm2 header.b="N gk+Hi0"; dkim=pass header.d=messagingengine.com header.s=fm1 header.b=ABysHRM4; spf=pass (imf22.hostedemail.com: domain of kirill@shutemov.name designates 103.168.172.147 as permitted sender) smtp.mailfrom=kirill@shutemov.name; dmarc=none Received: from phl-compute-05.internal (phl-compute-05.phl.internal [10.202.2.45]) by mailfout.phl.internal (Postfix) with ESMTP id D5FAD1380679; Fri, 29 Nov 2024 08:40:37 -0500 (EST) Received: from phl-mailfrontend-01 ([10.202.2.162]) by phl-compute-05.internal (MEProxy); Fri, 29 Nov 2024 08:40:37 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=shutemov.name; h=cc:cc:content-type:content-type:date:date:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:subject:subject:to:to; s=fm2; t=1732887637; x= 1732974037; bh=h46sUWkmGOYezCFJtOC5vKVOrSkLwYy7bd1paRuMmx4=; b=N gk+Hi0X85vWgyt65XNrWgjZNvRWl9o6tt+R63M+CGmXij/Y5biOzwgu7GL1Bg1SN FnhSqeYfpCY5oBiYYOT2UXWR7LssANB2KFQAetoSX3nl7y7CqTPJj+q93SaPSqB7 BE3oOxoeS/peOsuCEb1oeaPiHODlDvV0fbAcj4Wfr01p8QUXVb4ySmfvgDiuUYYR +NhMNTOmRdUTWVNKdBNmjqmd850b37cOqZ+GXbPIcKnqzYMFJCBcbH7EwaH46eoM WgwCrg6lc/FbrcbKYdwRj+YjwBzIxOizPzF1qOZ/xerquDKbKEjsx1PKMYoCIwnx GT8CSJRllH2YhYrC/AR2Q== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:subject:subject:to :to:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; t= 1732887637; x=1732974037; bh=h46sUWkmGOYezCFJtOC5vKVOrSkLwYy7bd1 paRuMmx4=; b=ABysHRM4mlKrqpp/V50m4xqjyx8b8YDyk0e5rbq+I2A5I2Gl3Qe 1K/4iX4j8rUxAsRdm9YEKYBYmt2LM5jqXAJY640Ov3/bv1Jn2YXAkbrV2V1bIL91 zd1lbEEwlujMfz2RtNpErqorsNhN6cBcCWoSTBXZ4FV1BZOODxZBj9PhVVIoeCku 70Q6g9euYTYs/Lla+ty/tyvL9nsYNGw8t0mQMV+tziQug+gsIKKcErXdl/QAO1Vu o9l1t92KOgsZjG6KMY0xEEWxhywEGASoCBlX66zE6kunFHdTk+WrEwjkO1gCaiZk Y1SzezHPRnTxnU/AO9A5soTc2jT/ds3UNGQ== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeefuddrheefgdehfecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpggftfghnshhusghstghrihgsvgdpuffr tefokffrpgfnqfghnecuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnth hsucdlqddutddtmdenucfjughrpeffhffvvefukfhfgggtuggjsehttdfstddttddvnecu hfhrohhmpedfmfhirhhilhhlucetrdcuufhhuhhtvghmohhvfdcuoehkihhrihhllhessh hhuhhtvghmohhvrdhnrghmvgeqnecuggftrfgrthhtvghrnhepleetudegtdfgheduudfh teelieeuvddtheeijeejudefjeefgeettedutdeggfdunecuffhomhgrihhnpehkvghrnh gvlhdrohhrghenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhr ohhmpehkihhrihhllhesshhhuhhtvghmohhvrdhnrghmvgdpnhgspghrtghpthhtoheple dpmhhouggvpehsmhhtphhouhhtpdhrtghpthhtohepuggrvhhiugesrhgvughhrghtrdgt ohhmpdhrtghpthhtoheplhhinhhugidqkhgvrhhnvghlsehvghgvrhdrkhgvrhhnvghlrd horhhgpdhrtghpthhtoheplhhinhhugidqfhhsuggvvhgvlhesvhhgvghrrdhkvghrnhgv lhdrohhrghdprhgtphhtthhopehlihhnuhigqdhmmheskhhvrggtkhdrohhrghdprhgtph htthhopehshiiisghothdolehflegrjehfjeeffhgstdejlegsvdefkeejrgeisehshiii khgrlhhlvghrrdgrphhpshhpohhtmhgrihhlrdgtohhmpdhrtghpthhtohepfihilhhlhi esihhnfhhrrgguvggrugdrohhrghdprhgtphhtthhopegrkhhpmheslhhinhhugidqfhho uhhnuggrthhiohhnrdhorhhgpdhrtghpthhtohepkhhirhhilhhlrdhshhhuthgvmhhovh eslhhinhhugidrihhnthgvlhdrtghomhdprhgtphhtthhopehhuggrnhhtohhnsehsihhn rgdrtghomh X-ME-Proxy: Feedback-ID: ie3994620:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Fri, 29 Nov 2024 08:40:33 -0500 (EST) Date: Fri, 29 Nov 2024 15:40:29 +0200 From: "Kirill A. Shutemov" To: David Hildenbrand Cc: linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-mm@kvack.org, syzbot+9f9a7f73fb079b2387a6@syzkaller.appspotmail.com, "Matthew Wilcox (Oracle)" , Andrew Morton , "Kirill A. Shutemov" , Hillf Danton Subject: Re: [PATCH v1] mm/filemap: don't call folio_test_locked() without a reference in next_uptodate_folio() Message-ID: <2r2suyel6m6ngntarnxwtobicwignmmm3lfivvp5goufzis56e@rwtncfi7nxxn> References: <20241129125303.4033164-1-david@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20241129125303.4033164-1-david@redhat.com> X-Rspamd-Queue-Id: 28358C001A X-Rspam-User: X-Rspamd-Server: rspam07 X-Stat-Signature: roae719sh8gtqhfxbiqbjc4m3jxq91b9 X-HE-Tag: 1732887628-307050 X-HE-Meta: U2FsdGVkX19WQi2XRFZJs/ejoXfGITudnWSDRixOERNBYA4Qu3y1O5tkn4G7zv7Jhv6AX78gKKV6TLrF4CfmEj5TneIjqj+qVZydqp+U1ldxSyWCGbf+zzVGNf08GtpD63JDELQYWYSR3F53tDIaQVFbJVYyrFhNW6fLc1p4KWr1QM3O2Wc4ctedCw7ArwpHBpNAFbysIYVC8Yvu7X/drUjBTiRa1ck3i1K2jFe1Af92wYaSBwh4AYfYP0t1CE7yjJlwMT9GX6w2gouU7Ey/HOR2ZUG0acgKMOWjc7W0yaP577JjBXf/oyNmKFLJCMxzdYY0jePFM6UNT36NDBzMRePlANn5LHZ1/WaiETxdL+4P0qdeZhrwdI1e8lWPDU7/ch+L3eSdjLQoAacBbAvHPWrAkSzuHcevEWyAdehGwlsi+FQyIpx6Lp6e1HCP1yfXJqdA1PYt2+eAXI39FDRs7Mf3PMr9ROQfQ6a16Il518KuKTXdj2CiuOY62r8EyUEwNSbSjXMfj5eyDFxNJOqqnAlWJwchkF8vwS9A+YCCQxfioJVjLlm1R0Uwb4o34NCCizJJ0PZ8QYqt4dDSBmNbuWm9115JCddXYZnaMh0Ip0uAa2GjzlIA5tO1IPuIMrkHWOVMbcpPIAZpFMQPr7Vh7wo8HPy92f3j5u76bu5MDRteaweba55stH8tOXIgEKrEJrJU6Wtks9bwg/Y4iAhz/bak+S1ViuEjBc7RjEcHXwaAweGTfO6BntVR2BZhhtsI3idvdzN6nnhqPp45hJ64fcQpV9QicGhEOj+dkfpJwUJZftNZ4RicolHxvNJAH3vZEwzTbGgHpmyiQpmUpNqYBvQrtUhd0tNDynIsBrutMGyyRpGLlrXnJhMJD2aq/9fOyvFCcWBkjghx3apOOfIu6MYvkveoyK/l6Zz4S0ADlMrh4suhOM4S9N/w6dP20kYTUusI8RGAH5l6mqL551x tGPj7RB0 vRoCszcwkrBCpTsXJmITFo2ejKM+Swc+PYi9cPX8bwSeIcsTooXwXSOI3I93qO2+Mis8/vTZ4FF7aalbD84ucX3N1Fu/vQ9xArovXZGNHJYTgBJgq+vVvvxzwmAViTpkp/zEN4UPd+fzzqWEaNM19OlmkFQIxgq4sQx0CYH5PZ9S13zlFca1myjZnMeAaZAF9LNpvX5jDlX+0Ysd+E2POkotUxYWf1+nKTd6rCFdB/fv+0IIVaf7IIqy1BKPwh6mn2YEnZC/Dz57my9KpWXeOoTsWhFEQdGxNpx1t5RvFnd5lIrF4UfQ1S8Q51ouSVe8tpr5wsgZlRj5ckcOoc1vi70OQcY8M2tArD3CyWRhLpnAgCR6+89Z719d0EKYBPrxOBX3rk2YZjGKqrGYnB/EIuDbKt0qOVWseoXY/X6aOOgcNPkiEP3coBZWe87z1QgFS6ZNneyOqcYOAzkUm8n5jVhQx8fqgrInlNl/YqQL8Rnf2sWEVaaWSEJBPUzuZPDzM4QLku1B6YdFgSUrIX2Af5drAGoKvd+jwnZtMnt/uMEU/yryoG+wWtA4AVE015iZ6BuNRZUyT+LJ6MNE7T7fR7sX+eMRmaNUc0HehbvWxeFEL+wfW5U+M+SrhpSl1erRzsvEM/lhzQj4kKfT6n5HbkdJl3n0UmDQUnhy5Pn+XL00W/Q+G30GdZpLpyg7jeVKPlfDE9QLklspREBi29GD1M2NmjMUo1ew6sQ/iKd+qAT7sy055sHRg+DGFXf9AjC6fkfq3dywbDzUQ+UUvvmC4j8/Oh1Kev1Go1mtcBSaOGNlQP/k= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Fri, Nov 29, 2024 at 01:53:03PM +0100, David Hildenbrand wrote: > The folio can get freed + buddy-merged + reallocated in the meantime, > resulting in us calling folio_test_locked() possibly on a tail page. > > This makes const_folio_flags VM_BUG_ON_PGFLAGS() when stumbling over > the tail page. > > Could this result in other issues? Doesn't look like it. False positives > and false negatives don't really matter, because this folio would get > skipped either way when detecting that they have been reallocated in > the meantime. > > Fix it by performing the folio_test_locked() checked after grabbing a > reference. If this ever becomes a real problem, we could add a special > helper that racily checks if the bit is set even on tail pages ... but > let's hope that's not required so we can just handle it cleaner: > work on the folio after we hold a reference. > > Do we really need the folio_test_locked() check if we are going to > trylock briefly after? Well, we can at least avoid a xas_reload(). > > It's a bit unclear which exact change introduced that issue. Likely, > ever since we made PG_locked obey to the PF_NO_TAIL policy it could have > been triggered in some way. > > Reported-by: syzbot+9f9a7f73fb079b2387a6@syzkaller.appspotmail.com > Closes: https://lore.kernel.org/lkml/674184c9.050a0220.1cc393.0001.GAE@google.com/ > Fixes: 48c935ad88f5 ("page-flags: define PG_locked behavior on compound pages") > Cc: "Matthew Wilcox (Oracle)" > Cc: Andrew Morton > Cc: "Kirill A. Shutemov" > Cc: Hillf Danton > Signed-off-by: David Hildenbrand Looks reasonable: Acked-by: Kirill A. Shutemov -- Kiryl Shutsemau / Kirill A. Shutemov