From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 9B1EBC3ABC9
	for <linux-mm@archiver.kernel.org>; Thu, 15 May 2025 03:59:24 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 9F3E58D0001; Wed, 14 May 2025 23:59:23 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 9A35C6B00E7; Wed, 14 May 2025 23:59:23 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 86B178D0001; Wed, 14 May 2025 23:59:23 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13])
	by kanga.kvack.org (Postfix) with ESMTP id 66B906B00D6
	for <linux-mm@kvack.org>; Wed, 14 May 2025 23:59:23 -0400 (EDT)
Received: from smtpin02.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay03.hostedemail.com (Postfix) with ESMTP id 1477AB69D2
	for <linux-mm@kvack.org>; Thu, 15 May 2025 03:59:23 +0000 (UTC)
X-FDA: 83443787406.02.2242C17
Received: from out30-98.freemail.mail.aliyun.com (out30-98.freemail.mail.aliyun.com [115.124.30.98])
	by imf02.hostedemail.com (Postfix) with ESMTP id 0C9BF80007
	for <linux-mm@kvack.org>; Thu, 15 May 2025 03:59:19 +0000 (UTC)
Authentication-Results: imf02.hostedemail.com;
	dkim=pass header.d=linux.alibaba.com header.s=default header.b=NHmy8Jvn;
	spf=pass (imf02.hostedemail.com: domain of baolin.wang@linux.alibaba.com designates 115.124.30.98 as permitted sender) smtp.mailfrom=baolin.wang@linux.alibaba.com;
	dmarc=pass (policy=none) header.from=linux.alibaba.com
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1747281561;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=TFdZ6vQjYgvoP+lEGuUuMLwUa7mcXBQhvQk2iDXRQ5U=;
	b=ehTKsPpQCgL0T+MT0+MnRsUM+ZDN60x8pkIzZUJBuJhL/bu6REQYPOA/mDqKgX91sH7lLy
	9XSdpM6oV87jfsrSa70TopRF7nRPsbsnOUWvPjuNjqLs72nCQAi3z5chKZl0keCw+dEURL
	M0Wqi7tv2edTyoWvHVOChYY3HsKi0Bc=
ARC-Authentication-Results: i=1;
	imf02.hostedemail.com;
	dkim=pass header.d=linux.alibaba.com header.s=default header.b=NHmy8Jvn;
	spf=pass (imf02.hostedemail.com: domain of baolin.wang@linux.alibaba.com designates 115.124.30.98 as permitted sender) smtp.mailfrom=baolin.wang@linux.alibaba.com;
	dmarc=pass (policy=none) header.from=linux.alibaba.com
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1747281561; a=rsa-sha256;
	cv=none;
	b=ZpwuCRTONja+1bgKrd4Xr80BCRsfdczBDKeE1ph9uF1KJpcLv3aWwVJlIVV3ttwUjxHHXm
	aqGNLI0uDrk2kFCPOoaj9v7yznt7cS7Rq5auo5EyQuzDEtEidD0IGpnxlWNxYvz7Gkswhx
	C6X9hItMcIxyg6wUVu1KVH8Y5Of7QEU=
DKIM-Signature:v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=linux.alibaba.com; s=default;
	t=1747281556; h=Message-ID:Date:MIME-Version:Subject:To:From:Content-Type;
	bh=TFdZ6vQjYgvoP+lEGuUuMLwUa7mcXBQhvQk2iDXRQ5U=;
	b=NHmy8JvneAMwp8uezMGaYQxxJQDeMaxxoAiDNRNStAbSJO9STCJFcOywNn0IhUXt/BYla3inoKy9jFG7ReVKW1TQqzPbllUOvI8u7qWhi6fehcA3fW+c/BNlLbUuQt0NSp41qQfQG0k7izn2JxYqNNvnqCVyWJjGw9Tgi3bZdd4=
Received: from 30.74.144.114(mailfrom:baolin.wang@linux.alibaba.com fp:SMTPD_---0Wap9KyY_1747281555 cluster:ay36)
          by smtp.aliyun-inc.com;
          Thu, 15 May 2025 11:59:15 +0800
Message-ID: <453015aa-e18f-4e37-86b1-001ec4e994d1@linux.alibaba.com>
Date: Thu, 15 May 2025 11:59:13 +0800
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: [PATCH 3/5] mm/shmem: Fix potential dead loop in shmem_unuse()
To: Kemeng Shi <shikemeng@huaweicloud.com>, hughd@google.com,
 akpm@linux-foundation.org
Cc: linux-mm@kvack.org, linux-kernel@vger.kernel.org
References: <20250514165047.946884-1-shikemeng@huaweicloud.com>
 <20250514165047.946884-4-shikemeng@huaweicloud.com>
 <b7b6d5d0-2c3f-43ba-b2a9-3c9669f3f96d@linux.alibaba.com>
 <634a73ce-a24e-01d4-1d00-86272bc78860@huaweicloud.com>
From: Baolin Wang <baolin.wang@linux.alibaba.com>
In-Reply-To: <634a73ce-a24e-01d4-1d00-86272bc78860@huaweicloud.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
X-Rspamd-Server: rspam10
X-Stat-Signature: pzxc8cwxwfx1176ysd1m87118d1gdw47
X-Rspamd-Queue-Id: 0C9BF80007
X-Rspam-User: 
X-HE-Tag: 1747281559-269388
X-HE-Meta: U2FsdGVkX1/hmbdz0JPwbvQUjA4KFdNgTrfJ/TFyqYGKXrBL8OYlCe416Hy079IX1+DnxaWrkaUjp9r7XYROu+TLY0N30YWjKzo/5WsLidUVqkOVzZgHxMHiheUMHpefc9TvHH+tkceqVxmoAKHkrtuh/a6ZbFJOtbMad+2oudIM2seK3TEdLdjPN4gD5UVE3C8rqUp/pep73RexhfjQl0Q2UiCTIkwBPAThqVa1OSVADEkp7A2JuNhSH/AKo00woWvwigLxlna9BYIjZviBbE9bQM/jobsh6T+hNnDIZYlCs/8bLhcBluTT0Y03QVMu5KEAEWpF3Jzbhlw8YetxBffEdwHQowuKg5zCTPyzJ9hb1XMGJ3xtBr/Gg7Ujf7vibB9FtSsFvF0U3mbrfHGeW72NaT6o+i17KAzpLyLqzxQdaBmZiDZVY3A8D2wOS9UDo0MMDOxL5godBTUtIx54qqL+Nzb9u1MH5OsZaOgkAAifNRgEMclTSW2du8AgXM1x1aabGj4VA1UuZrNQeDSWTzr7SlIOBSgP3gjviy4kfYo/HEp+rICjcnO3QWGcoRYCIHrBkBXItufxhNiD3A6qO363tM+4NXing62lNA05AkUFHOIRfWYqNLZuuCRp9eUlr/Kj2c1Nc49TUK9cp0UjMfjlnwXOZ7vKLwMK+IG5AxQ15E7yj3t7NJtdbw5lBCKovvR0MU4oNnpcUywMczPYCri78fDpE2MbwMTRhRM4Ej6Sf++vdJlRUK237AV4tO9TZJ4la6aRTI138JDFUSNxi2VDkuK+jQOKwJZzk5V1pmCgaptODn2177XKsDDxDAmiUpztmiVm7pn+OzDZcWqekwoSOtfQUToWXCmxGKziPc8wSFl2fgLEG3f8/J1ARNmNtgaEe55V0EU46uTO/jgWGmogaByOoLQmBR+LPeejzl2abPje9+ozpYaVjJX8yybeK25PsxKp2SX/AUTGC95
 wWOcNQr6
 8hq/Ag0UnCPmalI8KodDsqXgHIwIHkiyrKORUg3Y6I81duzUiYYwVBA6SpDlWO/7bKexGpk8YYAJ+5MvORmVdNtuYIxLLyK87vLw50Yw8/+fEIOvYhazL5mfM5XnWJhtwwqUzquyrIz7is+SV928JYKdrg6oGXw3WZCi3bsDYOdX1MV81aflpGv6EwXir68Mb/mW8Yfan0H5t00w2UhMopOqA1VH0aa6v8LISzHjOIytZRmrMJVXz+Oy384SEBwo035Rq4BSG5IPRJ8tPlVw9AChSYyCtRH2eWirSoU4Nzk5o/wlWDGoL2y8vHMEckjPasCI+fMCRQ51jFX48Z0m+I2uTBVEIyAnB5hkr71db4TIozqS3r3XJRUcLnJPPGLzg6DA7
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>
List-Subscribe: <mailto:majordomo@kvack.org>
List-Unsubscribe: <mailto:majordomo@kvack.org>



On 2025/5/15 09:05, Kemeng Shi wrote:
> 
> 
> on 5/14/2025 5:24 PM, Baolin Wang wrote:
>>
>>
>> On 2025/5/15 00:50, Kemeng Shi wrote:
>>> If multi shmem_unuse() for different swap type is called concurrently,
>>> a dead loop could occur as following:
>>> shmem_unuse(typeA)               shmem_unuse(typeB)
>>>    mutex_lock(&shmem_swaplist_mutex)
>>>    list_for_each_entry_safe(info, next, ...)
>>>     ...
>>>     mutex_unlock(&shmem_swaplist_mutex)
>>>     /* info->swapped may drop to 0 */
>>>     shmem_unuse_inode(&info->vfs_inode, type)
>>>
>>>                                     mutex_lock(&shmem_swaplist_mutex)
>>>                                     list_for_each_entry(info, next, ...)
>>>                                      if (!info->swapped)
>>>                                       list_del_init(&info->swaplist)
>>>
>>>                                     ...
>>>                                     mutex_unlock(&shmem_swaplist_mutex)
>>>
>>>     mutex_lock(&shmem_swaplist_mutex)
>>>     /* iterate with offlist entry and encounter a dead loop */
>>>     next = list_next_entry(info, swaplist);
>>>     ...
>>>
>>> Restart the iteration if the inode is already off shmem_swaplist list
>>> to fix the issue.
>>>
>>> Fixes: b56a2d8af9147 ("mm: rid swapoff of quadratic complexity")
>>> Signed-off-by: Kemeng Shi <shikemeng@huaweicloud.com>
>>> ---
>>>    mm/shmem.c | 3 +++
>>>    1 file changed, 3 insertions(+)
>>>
>>> diff --git a/mm/shmem.c b/mm/shmem.c
>>> index 495e661eb8bb..0fed94c2bc09 100644
>>> --- a/mm/shmem.c
>>> +++ b/mm/shmem.c
>>> @@ -1505,6 +1505,7 @@ int shmem_unuse(unsigned int type)
>>>            return 0;
>>>          mutex_lock(&shmem_swaplist_mutex);
>>> +start_over:
>>>        list_for_each_entry_safe(info, next, &shmem_swaplist, swaplist) {
>>>            if (!info->swapped) {
>>>                list_del_init(&info->swaplist);
>>> @@ -1530,6 +1531,8 @@ int shmem_unuse(unsigned int type)
>>
>>          next = list_next_entry(info, swaplist);
>>          if (!info->swapped)
>>              list_del_init(&info->swaplist);
>>          if (atomic_dec_and_test(&info->stop_eviction))
>>              wake_up_var(&info->stop_eviction);
>>
>> We may still hit the list warning when calling list_del_init() for the off-list info->swaplist? So I hope we can add a check for the possible off-list:
> Hello,
> When entry is taken off list, it will be initialized to a valid empty entry
> with INIT_LIST_HEAD(). So it should be fine to call list_del_init() for
> off-list entry.
> Please correct me if I miss anything. Thanks!

Ah, yes. I got confused with list_del(), but I still think we should not 
continue to operate on an off-list entry.

>> diff --git a/mm/shmem.c b/mm/shmem.c
>> index 99327c30507c..f5ae5e2d6fb4 100644
>> --- a/mm/shmem.c
>> +++ b/mm/shmem.c
>> @@ -1523,9 +1523,11 @@ int shmem_unuse(unsigned int type)
>>                  cond_resched();
>>
>>                  mutex_lock(&shmem_swaplist_mutex);
>> -               next = list_next_entry(info, swaplist);
>> -               if (!info->swapped)
>> -                       list_del_init(&info->swaplist);
>> +               if (!list_empty(&info->swaplist)) {
>> +                       next = list_next_entry(info, swaplist);
>> +                       if (!info->swapped)
>> +                               list_del_init(&info->swaplist);
>> +               }
>>                  if (atomic_dec_and_test(&info->stop_eviction))
>>                          wake_up_var(&info->stop_eviction);
>>                  if (error)
>>
>>>                wake_up_var(&info->stop_eviction);
>>>            if (error)
>>>                break;
>>> +        if (list_empty(&info->swaplist))
>>> +            goto start_over;
>>>        }
>>>        mutex_unlock(&shmem_swaplist_mutex);
>>>    
>>