From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id D8507C369DC for ; Mon, 28 Apr 2025 11:39:34 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 9E5606B0088; Mon, 28 Apr 2025 07:39:33 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 96C8D6B00AF; Mon, 28 Apr 2025 07:39:33 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 7E50D6B00B0; Mon, 28 Apr 2025 07:39:33 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id 57F506B0088 for ; Mon, 28 Apr 2025 07:39:33 -0400 (EDT) Received: from smtpin14.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay04.hostedemail.com (Postfix) with ESMTP id 1983D1A16C4 for ; Mon, 28 Apr 2025 11:39:33 +0000 (UTC) X-FDA: 83383257426.14.9F45F6F Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by imf14.hostedemail.com (Postfix) with ESMTP id F3C0110000E for ; Mon, 28 Apr 2025 11:39:30 +0000 (UTC) Authentication-Results: imf14.hostedemail.com; dkim=none; dmarc=pass (policy=none) header.from=arm.com; spf=pass (imf14.hostedemail.com: domain of anshuman.khandual@arm.com designates 217.140.110.172 as permitted sender) smtp.mailfrom=anshuman.khandual@arm.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1745840371; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=CNG1E8XPZ7LAbZbmKh2B7eJTOnJKAbbNyh83YTka0tI=; b=q4y4CfYvPKdRCZzk+yzxiVCY3LLnfg1wDeUwFMzu9HVfS8O8YBGjQi/eJKJ1g7n5b0Vlju OR9LoT0Y4kmff9W4Qim/h8NvEF/HXb6fxqo4+J+cAMkJil1QCww1c668ao3GQsjRYz/dUA Ce32WjRS7o9Ys4+hLFDyYkr+pveGfL0= ARC-Authentication-Results: i=1; imf14.hostedemail.com; dkim=none; dmarc=pass (policy=none) header.from=arm.com; spf=pass (imf14.hostedemail.com: domain of anshuman.khandual@arm.com designates 217.140.110.172 as permitted sender) smtp.mailfrom=anshuman.khandual@arm.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1745840371; a=rsa-sha256; cv=none; b=sCnpyetO/oPoFbP4MtdoagbJbJz+Yj5yFV4sciBNjwgLZtgmLQRanhxV8U/gd5BCVX8NSd 3stOCuctCljQf+6IH1nLLC89JEgRbebzRaP6yNvMJ6o6eZQ27dXQu+neFegrmtLfRYTeYO pYbWeF6S721Jmh58RcxEUIm8cvWTgag= Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 760141516; Mon, 28 Apr 2025 04:39:23 -0700 (PDT) Received: from [10.163.50.165] (unknown [10.163.50.165]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id B9AA83F673; Mon, 28 Apr 2025 04:39:27 -0700 (PDT) Message-ID: <4c49a45c-d904-4fd5-8af7-cf9051665ac3@arm.com> Date: Mon, 28 Apr 2025 17:09:23 +0530 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH] mm/memory: fix mapcount / refcount sanity check for mTHP reuse To: Kairui Song , linux-mm@kvack.org Cc: Andrew Morton , David Hildenbrand , linux-kernel@vger.kernel.org References: <20250425074325.61833-1-ryncsn@gmail.com> Content-Language: en-US From: Anshuman Khandual In-Reply-To: <20250425074325.61833-1-ryncsn@gmail.com> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Rspam-User: X-Rspamd-Server: rspam09 X-Rspamd-Queue-Id: F3C0110000E X-Stat-Signature: ysq34ifirqqanuzhnh3mgy5e1io9s6gc X-HE-Tag: 1745840370-168523 X-HE-Meta: U2FsdGVkX18XDlBM2G1Ct842qLJpSXYl5mNUuHx82k0/UA7ygtrNs6HiCR5IzUIRdmNO908l2lfo+AvOchOWS5Y+ZDf4qQWR8y23wICOchGpz13cOIsl42l2j3Tqyrydt+JtF/xy7LlLZJDaAQKlJqRWq82JMdUT0zXuYyuF/vjHo2qsNk6dNuOPpcjY8l07kjpci+esbMk1O++3RmG4TbURj/oTQsmlRchDMIuk6BaYBeDYUX13EoseHOgGp8h2CxdUwBRbM8mxS9vsbGqwdwFC1LIWy66TfpqJCwH7c4moct+shkiIhBvQmpuwUuBlMfYwl3Xw+CEgI2/MghmIhzPPBU6bb5oqmRZBpnS71b6n8q8qTOxWxe//4hlOh6op39vz0nJ5RmWKfxJWwFM3BgZiAkwwxjM7TW6qnuIGZQEgTeTEuPfKz2JKW8lPtr4HvDNViFo37B8xbAP+vS4Lvxp/wIU9PNmgn7f92NogLBDGMTy9nWjalS5gFx8KjOg6sAnbsOs+Igs7b22qQ2tFNhMKQJerbk7yf2wCbP/iz8hFP9h0+godeAiDUtqt04K2CsQExETleAxUMX/BajZBNROm02a9xwBHrUA0N46LDLQbfzFANYMWkR7vMfgA66xD3U0hPgaZYkqjljoycODATb+LdCzZ5XTkLEy0+XIK8YQhne5E6wxSZh+Rep/TnVN98cgN6JpsOw/oCVJtTea65iPRMZSCIinDxd/BBseSH6PZrDLOP4JQ6W+B8arf9rU+7aXPomID5c4U/4j67YsoBKmdsOPlGJOJ8hxvRMa4f4mOZNvWFZwPEp3SNN+RMyUytNzm3hpZj2OrjZsslzJvwIMkf0DjO6Vk07zMJDw7brEowWcNJjIMjmVVPFndhFP6jn8nNb6Iexz0HEWZG93kytvXYO27eSM47p1PzMKEP0EixxvqaCXQO6H2BcOGNDHkA1SapZY206Tn3zMdg4q Rw1PSnP8 z3wIvv+IYEn/RVstgSKnIXwjhxu+onLv/jJrZzlNTisr1UIIFQb1x5H3hskE/M5ZJpAfbArGPs9PGA6LtitQutusd69iMMDjc/lqGMUhN9kPUAHLIbxRpSAJe9vwic4/0BmUy8BCb1EJclNTzWkZjuftRmi53pcCrMjaizCKBZ2a4izntdsd+YKDZxyQCQ2kpoJivLogWrWuJys6oiuYM56ugzq8oYHQc3JCdFjiGfgbCqOsc4YbgCXxDn95NgeusUg8Kc6FMnG9QeuruRLYj2EpdDNvdq2ukZ6b1 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On 4/25/25 13:13, Kairui Song wrote: > From: Kairui Song > > The following WARNING was triggered during swap stress test with > mTHP enabled: > > [ 6609.335758] ------------[ cut here ]------------ > [ 6609.337758] WARNING: CPU: 82 PID: 755116 at mm/memory.c:3794 do_wp_page+0x1084/0x10e0 > [ 6609.340922] Modules linked in: zram virtiofs > [ 6609.342699] CPU: 82 UID: 0 PID: 755116 Comm: sh Kdump: loaded Not tainted 6.15.0-rc1+ #1429 PREEMPT(voluntary) > [ 6609.347620] Hardware name: Red Hat KVM/RHEL-AV, BIOS 0.0.0 02/06/2015 > [ 6609.349909] RIP: 0010:do_wp_page+0x1084/0x10e0 > [ 6609.351532] Code: ff ff 48 c7 c6 80 ba 49 82 4c 89 ef e8 95 fd fe ff 0f 0b bd f5 ff ff ff e9 43 fb ff ff 41 83 a9 bc 12 00 00 01 e9 5c fb ff ff <0f> 0b e9 a6 fc ff ff 65 ff 00 f0 48 0f b > a 6d 00 1f 0f 83 82 fc ff > [ 6609.357959] RSP: 0000:ffffc90002273d40 EFLAGS: 00010287 > [ 6609.359915] RAX: 000000000000000f RBX: 0000000000000000 RCX: 000fffffffe00000 > [ 6609.362606] RDX: 0000000000000010 RSI: 000055a119ac1000 RDI: ffffea000ae6ec00 > [ 6609.365143] RBP: ffffea000ae6ec68 R08: 84000002b9bb1025 R09: 000055a119ab6000 > [ 6609.367569] R10: ffff8881caa2ad80 R11: 0000000000000000 R12: ffff8881caa2ad80 > [ 6609.370255] R13: ffffea000ae6ec00 R14: 000055a119ac1c9c R15: ffffc90002273dd8 > [ 6609.373007] FS: 00007f08e467f740(0000) GS:ffff88a07c214000(0000) knlGS:0000000000000000 > [ 6609.375999] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > [ 6609.377946] CR2: 000055a119ac1c9c CR3: 00000001adfd6005 CR4: 0000000000770eb0 > [ 6609.380376] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 > [ 6609.382853] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 > [ 6609.385216] PKRU: 55555554 > [ 6609.386141] Call Trace: > [ 6609.387017] > [ 6609.387718] ? ___pte_offset_map+0x1b/0x110 > [ 6609.389056] __handle_mm_fault+0xa51/0xf00 > [ 6609.390363] ? exc_page_fault+0x6a/0x140 > [ 6609.391629] handle_mm_fault+0x13d/0x360 > [ 6609.392856] do_user_addr_fault+0x2f2/0x7f0 > [ 6609.394160] ? sigprocmask+0x77/0xa0 > [ 6609.395375] exc_page_fault+0x6a/0x140 > [ 6609.396735] asm_exc_page_fault+0x26/0x30 > [ 6609.398224] RIP: 0033:0x55a1050bc18b > [ 6609.399567] Code: 8b 3f 4d 85 ff 74 40 41 39 5f 18 75 f2 49 8b 7f 08 44 38 27 75 e9 4c 89 c6 4c 89 45 c8 e8 bd 83 fa ff 4c 8b 45 c8 85 c0 75 d5 <41> 83 47 1c 01 48 83 c4 28 4c 89 f8 5b 4 > 1 5c 41 5d 41 5e 41 5f 5d > [ 6609.405971] RSP: 002b:00007ffcf5f37d90 EFLAGS: 00010246 > [ 6609.407737] RAX: 0000000000000000 RBX: 00000000182768fa RCX: 0000000000000000 > [ 6609.410151] RDX: 00000000000000fa RSI: 000055a105175c7b RDI: 000055a119ac1c60 > [ 6609.412606] RBP: 00007ffcf5f37de0 R08: 000055a105175c7b R09: 0000000000000000 > [ 6609.414998] R10: 000000004d2dfb5a R11: 0000000000000246 R12: 0000000000000050 > [ 6609.417193] R13: 00000000000000fa R14: 000055a119abaf60 R15: 000055a119ac1c80 > [ 6609.419268] > [ 6609.419928] ---[ end trace 0000000000000000 ]--- > > The WARN_ON here is simply incorrect. The refcount here must be at least > the mapcount, not the opposite. Each mapcount must have a corresponding > refcount, but the refcount may increase if other components grab the > folio, which is acceptable. Meanwhile, having a mapcount larger than > refcount is a real problem. Agreed. > > So fix the WARN_ON condition. > > Fixes: 1da190f4d0a6 ("mm: Copy-on-Write (COW) reuse support for PTE-mapped THP") > Reported-by: Kairui Song > Closes: https://lore.kernel.org/all/CAMgjq7D+ea3eg9gRCVvRnto3Sv3_H3WVhupX4e=k8T5QAfBHbw@mail.gmail.com/ > Suggested-by: David Hildenbrand > Signed-off-by: Kairui Song > --- > mm/memory.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/mm/memory.c b/mm/memory.c > index 424420349bd3..f18266b5a0a9 100644 > --- a/mm/memory.c > +++ b/mm/memory.c > @@ -3789,7 +3789,7 @@ static bool __wp_can_reuse_large_anon_folio(struct folio *folio, > > /* Stabilize the mapcount vs. refcount and recheck. */ > folio_lock_large_mapcount(folio); > - VM_WARN_ON_ONCE(folio_large_mapcount(folio) < folio_ref_count(folio)); > + VM_WARN_ON_ONCE_FOLIO(folio_large_mapcount(folio) > folio_ref_count(folio), folio); Changing this to VM_WARN_ON_ONCE_FOLIO() is better. > > if (folio_test_large_maybe_mapped_shared(folio)) > goto unlock; Reviewed-by: Anshuman Khandual