From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8ADC3C369C7 for ; Thu, 17 Apr 2025 05:30:03 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id D7C556B009C; Thu, 17 Apr 2025 01:30:01 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id D2E706B009D; Thu, 17 Apr 2025 01:30:01 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id BF33B6B009E; Thu, 17 Apr 2025 01:30:01 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id 9D6E46B009C for ; Thu, 17 Apr 2025 01:30:01 -0400 (EDT) Received: from smtpin22.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id CEDA0120F37 for ; Thu, 17 Apr 2025 05:30:01 +0000 (UTC) X-FDA: 83342409402.22.EA31146 Received: from mail-pf1-f178.google.com (mail-pf1-f178.google.com [209.85.210.178]) by imf08.hostedemail.com (Postfix) with ESMTP id DC8F5160003 for ; Thu, 17 Apr 2025 05:29:59 +0000 (UTC) Authentication-Results: imf08.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=h866gdO2; dmarc=pass (policy=reject) header.from=google.com; spf=pass (imf08.hostedemail.com: domain of hughd@google.com designates 209.85.210.178 as permitted sender) smtp.mailfrom=hughd@google.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1744867799; a=rsa-sha256; cv=none; b=KScnHwVXYvYM1eXH4m7lVbqAnVuUbves+7SUjsrUH4J5HWD6WN+KrwGT49DG/LY0g+1eBt K6JKNoPWhDglqyIvpd98RNiiNtrTYRqwZ3YS/PKtduvg186UaajHBEuKtPbc4gO6HmsHQv TsAwVjRt0I5vqF4zPurUAsCpYnompCY= ARC-Authentication-Results: i=1; imf08.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=h866gdO2; dmarc=pass (policy=reject) header.from=google.com; spf=pass (imf08.hostedemail.com: domain of hughd@google.com designates 209.85.210.178 as permitted sender) smtp.mailfrom=hughd@google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1744867799; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=K2/0NuQSzNOebXOyA98ZePT7hD/9RuG1jjaeZ69P3hY=; b=nYpYsfcH5h6nsfBQ1q/b0bMTqJWgRTaec6tnsk6bjG4k+Kq1mbiwPubncoF/hr3PFu3Mr8 4ew1KJuQCJ96fL9lMKcjXp4NTyeF9/C4kwBGwX10K5lcMKhHx6Jq6W0lmUn33Tui9b7mtg 7k4mPJbNxWWWOvYCYOyklcq3NM0fQH0= Received: by mail-pf1-f178.google.com with SMTP id d2e1a72fcca58-736a72220edso338484b3a.3 for ; Wed, 16 Apr 2025 22:29:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1744867798; x=1745472598; darn=kvack.org; h=mime-version:references:message-id:in-reply-to:subject:cc:to:from :date:from:to:cc:subject:date:message-id:reply-to; bh=K2/0NuQSzNOebXOyA98ZePT7hD/9RuG1jjaeZ69P3hY=; b=h866gdO2SKOmnRpQ/d5f08MgFkYdDxdXG5aI3LNuqdykYdwtmWz4o7iVWQDYM+2y99 I3ZEDsfmZN+l88sxJHJOW7T1oP4ZMupnGR+Zy6JSaTwi7/QVvbXKkBPf0Mx9uSLIQDhb w1h2FIN6GDQK/BgKOuqNJ8EtMcnR7J/sCTELX6DLQ13wNMHJT3wfPunE0V220Ljm6c+B 418qPuQU/H/ruRWXNb4j3oGD/qcHIM1JZHYhE6CFIdSGvH6HRCWLFhYnHH1Nk9DGUV+g eTeaAmRTocvg25kQKqT+CD71gGsZRjNG3g688EhVqqvO6HpjgrFxKnFRkPj61MfBLIGP 3pKQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1744867798; x=1745472598; h=mime-version:references:message-id:in-reply-to:subject:cc:to:from :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=K2/0NuQSzNOebXOyA98ZePT7hD/9RuG1jjaeZ69P3hY=; b=sMuvD2RjOrm3N1X2/G4qduFf5zzYNvkHo7HEEOvKOXyKhv1XAl5BeGU4dPkOVtDJdX Te8paU9hPq2R3NOWcRUfSdt4FkiuXMynanSB1QGwcplCOcs7D/nLWEZp3XA7xqr1tNtz fcm3THA/aQiwWATevbKYwoLaFsG9RTn4ZdMbnT9CQXRc0euom/9A8IPsZbAMfzA0mS7n Q2PAB15FIx/mtFt19OUhNJEnYDneu/IFWxA361TATzefx0TRVJyvzCI0lri0RDISvTg0 Qi7yzgc6DOfSLuwA3NdhpOFOb1osJ0WJhe6pMesJGsUf+L3pzTpIUIKnU8swQPUU/GPB Vf9A== X-Forwarded-Encrypted: i=1; AJvYcCVkg7JXFTsuMAO53H0kjLO4Oe5c2RYTHdwINIGDzyTL1cO3rtpLKDVHNfvEOPxbzFdaL89k8rPh8w==@kvack.org X-Gm-Message-State: AOJu0YybY+5uLoAn9rftQitQCxUP0wrczQSnqIKlSfwA3eDxuDlPloby 4t7wcC8VgWWtacu75bZqWTQh3adtLTNbxBupYn+PCzieTvGNAkZwOPlG0YcdZA== X-Gm-Gg: ASbGnct5XLv/4TU4eCTe/dFuYJDli97XbxvTE984A1e38L1ved0DuYGYPV7X3VQI9Cl FEaNKjtnt8AlvBPy6j49oHeV7oYjoFxMlwl/CNE7g6qas+qCQMJjRtLsz9/EGL4XQj7GyyBPTzI f7VU2pZHPKKp8KGAAd2Mr/299RefE6XzjVwvkgpJkiebqNaSVxSPG141VSelz1V9wJDvYQIkgRV yFXfhcu8CIz4mD+6J1JwO5vhNhQoUIZa7WB8iZKdB4bo8RHbCyHq3T3MGg1EG+KwCjQYhMM1Uii 70eTCLaFf6mAERhbtAHqAu5frZOOgh6+46CZ56jTpEeOUB3L76KeCdWsg9OU+rZ2OM3pqDvt2sn P9qS0dxu23MFGrlIC0aO3BsMJ X-Google-Smtp-Source: AGHT+IEqPmJ2V0Q5TenmE86WICH2IRs1S6rt1lUDyy3mX17Qt4m9speStiJo+O/DmW1SnrqjigDtJw== X-Received: by 2002:a05:6a00:180f:b0:736:6d4d:ffa6 with SMTP id d2e1a72fcca58-73c267e1deamr6189297b3a.15.1744867798384; Wed, 16 Apr 2025 22:29:58 -0700 (PDT) Received: from darker.attlocal.net (172-10-233-147.lightspeed.sntcca.sbcglobal.net. [172.10.233.147]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-73bd230e32dsm11452046b3a.150.2025.04.16.22.29.56 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 16 Apr 2025 22:29:57 -0700 (PDT) Date: Wed, 16 Apr 2025 22:29:56 -0700 (PDT) From: Hugh Dickins To: Zi Yan cc: Gavin Guo , linux-mm@kvack.org, akpm@linux-foundation.org, willy@infradead.org, linmiaohe@huawei.com, hughd@google.com, revest@google.com, david@redhat.com, kernel-dev@igalia.com, linux-kernel@vger.kernel.org, Naoya Horiguchi Subject: Re: [PATCH] mm/huge_memory: fix dereferencing invalid pmd migration entry In-Reply-To: Message-ID: <95e543dd-6b93-9507-d383-1ae91e2e6640@google.com> References: <20250414072737.1698513-1-gavinguo@igalia.com> <83629774-981b-44cb-a106-d549f1a43db9@igalia.com> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII X-Rspamd-Server: rspam11 X-Rspamd-Queue-Id: DC8F5160003 X-Stat-Signature: 1cnyfmmhabkxgit4qjw5go11p71tfruc X-Rspam-User: X-HE-Tag: 1744867799-713684 X-HE-Meta: U2FsdGVkX1+6UEjtYvnOFPp6QxLjuMlKbL1uPkqNyWsXaAXuxahecOLtXEWjTJUNNUywCX2F3h27ZRjBVjcWkBEwmHTBW/+effETlgax9/2heVkTuOLefdLMTmP4oC8np1WhpdD62eKZBVFY83apoOVGGv4LgfWmSdLeb4+6vvhh4BKqtd1C1TqE6zp/6anqWQYPYJ43XFbkHA1TK5SUQLeN5VQDauC81AKd2/oCyYLKdUiImxBtGpwtu0J3oI1VgtWZNVlk+hrRh6IX2H0Y3qB7uChWyMuGlgQtllv/80MZiR/cucaW0MDdsN+Gz5wyxCJqsFn9o1JLmrpTymUXiPeOe+Gwm/5eEN8cmIaVdnuYs81y74MlmCHeF9U0/J0a6mTZMgCTtstYPygmP7hKsL5Pm46HqSvKFOVKwCcmfZFpikJIlkuQm4md9SFyMPY27/qtqAz0O1qht7+1fuxi58wxbpZumE5CTjEu5A6IU4hDolfxWGU4I4LROAjv1t0Y8qs3HK1toMqXAAH5qth9PYwaCjy2OByXAyJiNRX0HeJQpGECUxXHORm5Iaq8fkpjcojbw7I+G2IfWQSbxum1M5hm1rka6uLUrNZ2NPETaIcMj8IglDhKOoOhMS7pPQkrhN+JVGhv1GrybWWsKvFuB8Euls/teycVnZU+uUKpVM3HPmi9B/B9m1KpbAhFgW1hDc7b8eZwjIx6PD0N6mYB4Mwqs/7TVqPlzmxcavYhnAhfDdssUkGdgy94mkLqT/mx7AYp/+ceRf9/O3G6lHOSDc5ByeIv6i8uqrlCGyxoBaYk6S2ImBJCqCIPImUzGr1uRmFqWmVr7KXEYbTs+PRbrfbop8x0L4eWr9wodY1Pi1ZwzMShMnquljsha+qqzaKgq1eIuE1h1mnB1ViTAG+tuDimDhykYoN+7nbbd7p80C7nM4xCQYwyAnc6lnuhIaLVGsoqRYRZH6LU6Kri3Mt n1i9F9mk pIieqYW2Butu39xedUBLdWkYTWzcJ9g1alBp8fFyXR0l+hZLdKRXDRxxa5FScY8o+BhvaVjWMboFCAEOOB6ub1uihsTwilzwfxGN3ST2OauwOXI5Qc3RP/ICo0UoiIjLI3o2bjwaara5/CKLk112j/tPp5n7BATINVh0mBaRVZCmuxt06Aj9Uu4z5W7wRvuE6kPvU2LrmWZG5ntNT5t4w6tntT3GB6fi0MarkJ55ui93PlMEbGdQiel7OVL/Z38+zN7qMY3aS3XYd4FeyHeVumtLJrlQIAGaRmwTBYMQiaAUpHIs5Ayk194oWEpJ82PyVst9WF1LZjoeTMVFjXMcoh2Dggl4l5llXZlSSVnzoFeezJXi32pQbx5CXRPHdEMrzhIgTTNqokjDaXMFuIrps7BqwtyvcSR1BLWxf0Ywt/HPDUDpj+QVsft6AFw== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000233, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Tue, 15 Apr 2025, Zi Yan wrote: > > Anyway, we need to figure out why both THP migration and deferred_split_scan() > hold the THP lock first, which sounds impossible to me. Or some other execution > interleaving is happening. I think perhaps you're missing that an anon_vma lookup points to a location which may contain the folio of interest, but might instead contain another folio: and weeding out those other folios is precisely what the "folio != pmd_folio((*pmd)" check (and the "risk of replacing the wrong folio" comment a few lines above it) is for. The "BUG: unable to handle page fault" comes about because that other folio might actually be being migrated at this time, so we encounter a PMD migration entry instead of a valid PMD entry. But if it's the folio we're looking for, our folio lock excludes a racing migration, so it would never be a PMD migration entry for our folio. Hugh