From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0B7F3C761A6 for ; Mon, 3 Apr 2023 08:02:45 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 9CA356B0078; Mon, 3 Apr 2023 04:02:44 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 97AE36B007B; Mon, 3 Apr 2023 04:02:44 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 86A866B007D; Mon, 3 Apr 2023 04:02:44 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id 77F4C6B0078 for ; Mon, 3 Apr 2023 04:02:44 -0400 (EDT) Received: from smtpin14.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id 3E32812045A for ; Mon, 3 Apr 2023 08:02:44 +0000 (UTC) X-FDA: 80639338248.14.67864FC Received: from out30-99.freemail.mail.aliyun.com (out30-99.freemail.mail.aliyun.com [115.124.30.99]) by imf03.hostedemail.com (Postfix) with ESMTP id A47432001C for ; Mon, 3 Apr 2023 08:02:40 +0000 (UTC) Authentication-Results: imf03.hostedemail.com; dkim=none; dmarc=pass (policy=none) header.from=alibaba.com; spf=pass (imf03.hostedemail.com: domain of rongwei.wang@linux.alibaba.com designates 115.124.30.99 as permitted sender) smtp.mailfrom=rongwei.wang@linux.alibaba.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1680508962; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=H+a2++dXfWS+mlkkv4vg4uMFcYoxO8xAGb5AUBZZMKc=; b=YH27ZRgd4Mpu94DuzDK8Ll9al4aK0jmc2GbNDTbAqht489Yq0kVbxz0+6z4z8msErvV8uB 7QwIwvaHuWR/NjT2sK9d1xavinoq8lO8op2H4k9msxSCgmar/pXuhbnu3oUqpgrwuc+r0k FwhI+tdW4jmsT3uwZfdDoVqs6Y2bqVk= ARC-Authentication-Results: i=1; imf03.hostedemail.com; dkim=none; dmarc=pass (policy=none) header.from=alibaba.com; spf=pass (imf03.hostedemail.com: domain of rongwei.wang@linux.alibaba.com designates 115.124.30.99 as permitted sender) smtp.mailfrom=rongwei.wang@linux.alibaba.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1680508962; a=rsa-sha256; cv=none; b=5067N6IAAYII3pXnvHgZUzahiEltqgkqJvjXGQ41iV1PqtXFdhPtugRFfIYlPw8t8YmMQb mDLdv9JcK3iUNJpxdjkPRmbyiC+c3qQINiG+BLg41xQq2dTrc9076jBhcP0j/jh5HDNp7S OqsOTkpU8vo6EprIjZeT3pIZbneSaPU= X-Alimail-AntiSpam:AC=PASS;BC=-1|-1;BR=01201311R831e4;CH=green;DM=||false|;DS=||;FP=0|-1|-1|-1|0|-1|-1|-1;HT=ay29a033018046059;MF=rongwei.wang@linux.alibaba.com;NM=1;PH=DS;RN=5;SR=0;TI=SMTPD_---0VfFRiwW_1680508954; Received: from 30.24.98.140(mailfrom:rongwei.wang@linux.alibaba.com fp:SMTPD_---0VfFRiwW_1680508954) by smtp.aliyun-inc.com; Mon, 03 Apr 2023 16:02:35 +0800 Message-ID: <4301a7be-354f-183d-a828-01445434a1b3@linux.alibaba.com> Date: Mon, 3 Apr 2023 16:02:34 +0800 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH] mm/swap: fix swap_info_struct race between swapoff and get_swap_pages() Content-Language: en-US To: Matthew Wilcox Cc: akpm@linux-foundation.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org, stable@vger.kernel.org References: <20230401221920.57986-1-rongwei.wang@linux.alibaba.com> From: Rongwei Wang In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Rspamd-Server: rspam05 X-Rspamd-Queue-Id: A47432001C X-Stat-Signature: ispf533kwurkr98tkeoqqyea15js19ro X-Rspam-User: X-HE-Tag: 1680508960-667337 X-HE-Meta: U2FsdGVkX19HGGMsNlyVx1+MLIz3e8Ozd7NioDc22zdzaT4sDVzRkh/cpkT4CvO9c/QqXwJQfA9SsbjzkWS5UUD99U6b287sFqc/Eln3Fp2/u8y48rZ6f7d6oiFqBc7HmaWvsshvvgMLimIfSQWV2YcBsKJeSHg97zCokdk0KK6ScNWz4w1XRd0SC/46KCbn7aEF0eWxqul8afmxZTEaf/SjksHgE+T2ZqDycJwBfaXzsXL3C872lj/qnqIu1Ir19PAdtbxvpFlRNr5UZCaWrdzZa/WKiMaXPWaMAdhJPAJsX8uTpG8HbaIzgs/yuOxc5DTktBxdThPtkXAMff9ko26CHjNwxkldhNbbTTIuZrH7YsF0VYHqwnjNkm8WEgWv5mZlPg2igi90TzawBG/R2Ni/jCRyeVt9LvhcPKTc5iT6DTKflBUJg0XAOe6X/e5oMi4bxfW65VkwHfseOZxY6xif/CY2pKeDdzQaXtC4Rg/iURNfDylTPSjhabGin/uZpdo2uwA2hMDma5qqSHBt8OGFxGc/H68SceXMb0YXNhvL4tSgpTw09Lx43idllPJKYydsjSOASiR3AC0Xbgf97iF+v+C/Zg5OswckeHsFWBotEdMDiLp9z9Z07e2ED90Pzw4jll+qisJAEjsMAarh71h7rGEDlym8z2/G4PBW7NqGyV1fYZuFQLRS/3tGOVpTjPfVPw9PMk3NsiNNtAdL2x56fUWcIJ1p6ejim1XbAwf99YRR40xeOUHazgj2rqd8AXipLssNwEUSMyY7XHGcsZ8r80doKLoopvqe1C/nc/OSlV8mFp1nswgRYVCiHHt3lC1XMHk/CZVvkSRXLBRRXI6g7chkqBAsrpfccibx7U7UF7MBAR0oViylcsw/I0fbVVdlvGs4ZxK0WpUgbiYW7pFQmesYjhvHhgKKhwUt/lcrtAHnUXbJKT9g/9CHoYj+sodWU2OrtjWHSFRQA/U 7Olpyb1K TBjf26IdkJhiCpgLCc4HD5fIWjFavRxr37fiXXh1suvf7dAtv36Asjpm6jacCdKhLzhFJgtl7UHVkTaNdcQTr/MjCCOWuGoB0JgxvWL71pKrIVJ22Ik0zGS8FMdFnR6xatvkTBrBzO7tiyUd2VRWiT0BhrT9KtGc4pWJdb6KvLbeYWuKFKTkCsusH1Q== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On 4/3/23 12:10 PM, Matthew Wilcox wrote: > On Sun, Apr 02, 2023 at 06:19:20AM +0800, Rongwei Wang wrote: >> Without this modification, a core will wait (mostly) >> 'swap_info_struct->lock' when completing >> 'del_from_avail_list(p)'. Immediately, other cores >> soon calling 'add_to_avail_list()' to add the same >> object again when acquiring the lock that released >> by former. It's not the desired result but exists >> indeed. This case can be described as below: > This feels like a very verbose way of saying > > "The si->lock must be held when deleting the si from the > available list. Otherwise, another thread can re-add the > si to the available list, which can lead to memory corruption. > The only place we have found where this happens is in the > swapoff path." It looks better than mine. Sorry for my confusing description, it will be fixed in the next version. > >> +++ b/mm/swapfile.c >> @@ -2610,8 +2610,12 @@ SYSCALL_DEFINE1(swapoff, const char __user *, specialfile) >> spin_unlock(&swap_lock); >> goto out_dput; >> } >> - del_from_avail_list(p); >> + /* >> + * Here lock is used to protect deleting and SWP_WRITEOK clearing >> + * can be seen concurrently. >> + */ > This comment isn't necessary. But I would add a lockdep assert inside > __del_from_avail_list() that p->lock is held. Thanks. Actually, I have this line in previous test version, but delete for saving one line of code. I will update here as you said. Thanks for your time. > >> spin_lock(&p->lock); >> + del_from_avail_list(p); >> if (p->prio < 0) { >> struct swap_info_struct *si = p; >> int nid; >> -- >> 2.27.0 >> >>