From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.3 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,NICE_REPLY_A,SPF_HELO_NONE, SPF_PASS,USER_AGENT_SANE_1 autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id E83E9C4727D for ; Tue, 22 Sep 2020 11:22:17 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 548532388B for ; Tue, 22 Sep 2020 11:22:17 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 548532388B Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=suse.cz Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id 512C1900061; Tue, 22 Sep 2020 07:22:16 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 44EA190005C; Tue, 22 Sep 2020 07:22:16 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 34A42900061; Tue, 22 Sep 2020 07:22:16 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id 116FC90005C for ; Tue, 22 Sep 2020 07:22:16 -0400 (EDT) Received: from smtpin14.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay02.hostedemail.com (Postfix) with ESMTP id BFDA4362B for ; Tue, 22 Sep 2020 11:22:15 +0000 (UTC) X-FDA: 77290458630.14.soda47_16143532714d Received: from filter.hostedemail.com (10.5.16.251.rfc1918.com [10.5.16.251]) by smtpin14.hostedemail.com (Postfix) with ESMTP id 935BF18229818 for ; Tue, 22 Sep 2020 11:22:15 +0000 (UTC) X-HE-Tag: soda47_16143532714d X-Filterd-Recvd-Size: 2326 Received: from mx2.suse.de (mx2.suse.de [195.135.220.15]) by imf45.hostedemail.com (Postfix) with ESMTP for ; Tue, 22 Sep 2020 11:22:15 +0000 (UTC) X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay2.suse.de (unknown [195.135.221.27]) by mx2.suse.de (Postfix) with ESMTP id 4F9ACB290; Tue, 22 Sep 2020 11:22:50 +0000 (UTC) Subject: Re: Rare memory leakage To: Matthew Wilcox , linux-mm@kvack.org References: <20200922031215.GZ32101@casper.infradead.org> Cc: Ira Weiny , "Kirill A. Shutemov" From: Vlastimil Babka Message-ID: <8f294420-93c9-618a-6128-432b7035642b@suse.cz> Date: Tue, 22 Sep 2020 13:22:12 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.12.0 MIME-Version: 1.0 In-Reply-To: <20200922031215.GZ32101@casper.infradead.org> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On 9/22/20 5:12 AM, Matthew Wilcox wrote: > This is a fun little race. > > Dramatis personae: Pages P0, P1 are consecutive and aligned. > Threads A, B, C. > > Page P0 is allocated to the page cache. > Page P1 is free. > > Thread A calls find_get_entry() > P0 is returned from xas_load() > > Thread B removes the page from the page cache (eg truncate, invalidatepage). > P0 is buddy-merged with P1. > > Thread C calls alloc_pages, order 1, does not specify GFP_COMP. P0 now > has refcount 1. > > Thread A calls page_cache_get_speculative(). P0 has refcount 2. > > Thread C calls __free_page(P0, 1) > put_page_testzero is _false_. Do not call free_the_page(). > > Thread A calls put_page(P0) > We free P0 and nobody knows to free P1. > > > Weird solution: In __free_page(), if put_page_testzero() fails and page > is not PageHead, convert it to a compound page. Then the put_page() > by Thread A will free P1. I can imagine doing the conversion in a manner that deals with races properly will be rather tricky... > Better ideas? IMHO, alloc_pages() with order > 0 and without __GFP_COMP is a weird beast. In that case it would be probably best to refcount each base page separately. I don't know how many assumptions this would break :/