From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.1 required=3.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,NICE_REPLY_A, SPF_HELO_NONE,SPF_PASS,USER_AGENT_SANE_1 autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id C4F4FC07E95 for ; Mon, 19 Jul 2021 14:12:29 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 32346610D0 for ; Mon, 19 Jul 2021 14:12:29 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 32346610D0 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=bytedance.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id AB35A8D00F6; Mon, 19 Jul 2021 10:12:29 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id A8A958D00EC; Mon, 19 Jul 2021 10:12:29 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 92D468D00F6; Mon, 19 Jul 2021 10:12:29 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0020.hostedemail.com [216.40.44.20]) by kanga.kvack.org (Postfix) with ESMTP id 72D858D00EC for ; Mon, 19 Jul 2021 10:12:29 -0400 (EDT) Received: from forelay.prod.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by fograve01.hostedemail.com (Postfix) with ESMTP id 039F71844E3AA for ; Mon, 19 Jul 2021 14:12:28 +0000 (UTC) Received: from smtpin25.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay04.hostedemail.com (Postfix) with ESMTP id 5E16F231BF for ; Mon, 19 Jul 2021 14:12:13 +0000 (UTC) X-FDA: 78379526946.25.4EEB141 Received: from mail-pl1-f171.google.com (mail-pl1-f171.google.com [209.85.214.171]) by imf17.hostedemail.com (Postfix) with ESMTP id 595D5F002CA9 for ; Mon, 19 Jul 2021 14:12:11 +0000 (UTC) Received: by mail-pl1-f171.google.com with SMTP id e14so6883368plh.8 for ; Mon, 19 Jul 2021 07:12:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bytedance-com.20150623.gappssmtp.com; s=20150623; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-transfer-encoding; bh=zPPoyHSUpxCfW2xlkYhOq6mDYE3xjGota4xo6DJybww=; b=JTmcB5jXc/DDz7eOwJwJsql6oWlrfqV/PwmKWqHuwK0L0Z52XnaFyrK2X2kflNTvkU mPTh1Mvg0GB9aYkz2DRk/VB3HQCSmXx8CiKVjsAEc57BZSztBDlgapjgkXDKvVGnWkzi gf047ZBIDMZI7R129nmnqLLRRebhAT4TLWMLxqm8xDsGwP1R0u36si3oK2qqQ7mkYG6j 1qSAaysEQO+damp6WtgBZMQe8Qw1KIdyoB3V9iUKpaMb2ph5aZEJYk4w+FEdigQUta22 BrlrRvz+DHJjehUFDrYwumr69VVhfasH/+9UZtjr/PMsqyCRkioVe31xvjtlD4MDTlgK RMow== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding; bh=zPPoyHSUpxCfW2xlkYhOq6mDYE3xjGota4xo6DJybww=; b=i+E5EVi0/QxQrXYDFqSjMASzhihUNTIFv0SIklKIHZu5ialu0Zj/ZP+CM4RCFS0CQ2 SW5ymalCSH/8DVooaoCl3Zc+qF9SoCm+lI4bFbqU2WXAXP0aNCnLRxaSQbT+ovXamFVV RIjNeNpBWteiQv5L3UoqoeS3KqzqMVtCwpd9CtErcD7gox563AZ4GeIKH6kcsNt3nv5L gplxQadvaqJHi+os068Wp4YkAyA70LEqYZ+yvyLTZTr1Kwuos/yHyZJQcWdtGWNvT3pG Mwiv+2Ekv6oga3ENBzr861pcKmvCFg/gLJzgdcytpXkPDod8ZlAenRi1/km3FAxRb3Y6 p+VA== X-Gm-Message-State: AOAM533TQ9uJyRmu3g22Q2XuOFWhysNLJQ9w1q74K8RYy8PJBpWaLgi8 899lgFcYAy3WdJZQRbMhxOiJHQ== X-Google-Smtp-Source: ABdhPJzZNum/3ukd8jgO5Wv4AAt34cxFPOoKLNKvMdahVU8I0uGolb9wiu4+jV6H39fl7bWfqs0eeQ== X-Received: by 2002:a17:902:c40a:b029:12b:45c1:21b5 with SMTP id k10-20020a170902c40ab029012b45c121b5mr19464022plk.17.1626703930130; Mon, 19 Jul 2021 07:12:10 -0700 (PDT) Received: from [10.200.196.235] ([139.177.225.251]) by smtp.gmail.com with ESMTPSA id u24sm20804070pfm.200.2021.07.19.07.12.06 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 19 Jul 2021 07:12:09 -0700 (PDT) Subject: Re: [PATCH 5/7] mm: free user PTE page table pages To: =?UTF-8?Q?Mika_Penttil=c3=a4?= , akpm@linux-foundation.org, tglx@linutronix.de, hannes@cmpxchg.org, mhocko@kernel.org, vdavydov.dev@gmail.com Cc: linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, songmuchun@bytedance.com References: <20210718043034.76431-1-zhengqi.arch@bytedance.com> <20210718043034.76431-6-zhengqi.arch@bytedance.com> <9c3c87d5-e64e-f13f-ef36-b438e4de1e66@nextfour.com> <80b7d7fc-9d6d-0d1b-a333-b0ccd856e7c1@bytedance.com> <7fe2dd75-9b48-9685-8986-27a4cecc840f@nextfour.com> From: Qi Zheng Message-ID: <5ffff30c-59d7-fbb0-e3c2-fe9e47fc4658@bytedance.com> Date: Mon, 19 Jul 2021 22:12:04 +0800 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Thunderbird/78.12.0 MIME-Version: 1.0 In-Reply-To: <7fe2dd75-9b48-9685-8986-27a4cecc840f@nextfour.com> Content-Type: text/plain; charset=utf-8; format=flowed Authentication-Results: imf17.hostedemail.com; dkim=pass header.d=bytedance-com.20150623.gappssmtp.com header.s=20150623 header.b=JTmcB5jX; spf=pass (imf17.hostedemail.com: domain of zhengqi.arch@bytedance.com designates 209.85.214.171 as permitted sender) smtp.mailfrom=zhengqi.arch@bytedance.com; dmarc=pass (policy=none) header.from=bytedance.com X-Stat-Signature: bab87xczenhi8wkgfu9m1rjq55czhz1b X-Rspamd-Queue-Id: 595D5F002CA9 X-Rspamd-Server: rspam01 X-HE-Tag: 1626703931-149603 Content-Transfer-Encoding: quoted-printable X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On 7/19/21 9:55 PM, Mika Penttil=C3=A4 wrote: >=20 >=20 > On 19.7.2021 15.56, Qi Zheng wrote: >> On 7/18/21 2:19 PM, Mika Penttil=C3=A4 wrote: >> >>>> + >>>> +/* >>>> + * returns true if the pmd has been populated with PTE page table, >>>> + * or false for all other cases. >>>> + */ >>>> +bool pte_install_try_get(struct mm_struct *mm, pmd_t *pmd,=20 >>>> pgtable_t *pte) >>>> +{ >>>> +=C2=A0=C2=A0=C2=A0 spinlock_t *ptl; >>>> +=C2=A0=C2=A0=C2=A0 bool retval =3D true; >>>> + >>>> +retry: >>>> +=C2=A0=C2=A0=C2=A0 ptl =3D pmd_lock(mm, pmd); >>>> +=C2=A0=C2=A0=C2=A0 if (likely(pmd_none(*pmd))) { >>>> +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 __pte_install(mm, pmd, p= te); >>>> +=C2=A0=C2=A0=C2=A0 } else if (pmd_leaf(*pmd) || !pmd_present(*pmd))= { >>>> +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 retval =3D false; >>>> +=C2=A0=C2=A0=C2=A0 } else if (!pte_get_unless_zero(pmd)) { >>>> +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 spin_unlock(ptl); >>>> +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 goto retry; >>>> +=C2=A0=C2=A0=C2=A0 } >>>> +=C2=A0=C2=A0=C2=A0 spin_unlock(ptl); >>>> +=C2=A0=C2=A0=C2=A0 return retval; >>>> +} >>>> + >>> >>> Can pte_get_unless_zero() return true above? Can the pmd have been by= =20 >>> populated by others? In that case the ref count is wrongly incremente= d. >>> >> >> Here we only have mmap_read_lock(mm), so the pmd can be populated with >> other PTE page table page after a page fault in a different thread B=20 >> of this mm. In this case, thread B already hold a pte_refcount of the=20 >> PTE page table page populated in the pmd, so pte_get_unless_zero() can >> return true above. >> >=20 > Yes but if thread B populates the page table page and pte, then we also= =20 > increase the refcount with pte_get_unless_zero() , but dont decrease it= =20 > when notice !pte_none(). > And in the pte_none() case, the refcount is increased again, so double=20 > accounting. see finish_fault(). The semantics of this function is to hold the pte_refcount count when it returns 1, and its caller is responsible for decrease the pte_refcount by calling pte_put(), like the following pattern: do_anonymous_page() --> pte_alloc_try_get() do something about pte pte_put() Similarly in finish_fault(). Thanks, Qi >=20 >> Similarly, if THP is enabled, the pmd also can be populated with a THP= =20 >> page, we can see more detail in comment in handle_pte_fault(). The >> pmd_leaf() above is to detect this situation. >=20