From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9E84FC76196 for ; Fri, 7 Apr 2023 02:20:58 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 23B746B0075; Thu, 6 Apr 2023 22:20:58 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 1EAE26B0074; Thu, 6 Apr 2023 22:20:58 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 0DACB6B0075; Thu, 6 Apr 2023 22:20:58 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id 00B976B0072 for ; Thu, 6 Apr 2023 22:20:57 -0400 (EDT) Received: from smtpin12.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id C4C54ACC6A for ; Fri, 7 Apr 2023 02:20:57 +0000 (UTC) X-FDA: 80652992154.12.5FEEB0D Received: from out30-97.freemail.mail.aliyun.com (out30-97.freemail.mail.aliyun.com [115.124.30.97]) by imf08.hostedemail.com (Postfix) with ESMTP id AEAC8160008 for ; Fri, 7 Apr 2023 02:20:54 +0000 (UTC) Authentication-Results: imf08.hostedemail.com; dkim=none; dmarc=pass (policy=none) header.from=alibaba.com; spf=pass (imf08.hostedemail.com: domain of rongwei.wang@linux.alibaba.com designates 115.124.30.97 as permitted sender) smtp.mailfrom=rongwei.wang@linux.alibaba.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1680834055; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=s8LycYhhoDonglh0mKOW1z8HH74Qq8dbFmwY45FHmb8=; b=T8NnjRKgP+bD11YEniUKqbCKUQyZXt/4uIajhIkV2qyI7PYiNoYhzzm/7j/Jt2hK2+xGuP f2qEZ7i+/KY1G2qU351giWReaZ1aoqv+A/6XG+AUmPUyWKHNLbrw7YIkcMcoMLL2uTzGjy phLFcAN9AHHHN3d36KpWk1bkyD/704E= ARC-Authentication-Results: i=1; imf08.hostedemail.com; dkim=none; dmarc=pass (policy=none) header.from=alibaba.com; spf=pass (imf08.hostedemail.com: domain of rongwei.wang@linux.alibaba.com designates 115.124.30.97 as permitted sender) smtp.mailfrom=rongwei.wang@linux.alibaba.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1680834055; a=rsa-sha256; cv=none; b=cWiTWmeXpY3G/XgPCOHm+a5BB6AGMf51errn5i1UerGrSBbGRwg47hjl5Y9ockhnPz5jXk iUoi+b9lcBqN3UMb1y+vw6Z3sV834m6Wyu2JD7V+Sy5I9d/aXlfwlL8ZW2IbgCM8Ej9HXc DOdhMp4njIxMUukc1Xb6n3ArChfHnH8= X-Alimail-AntiSpam:AC=PASS;BC=-1|-1;BR=01201311R161e4;CH=green;DM=||false|;DS=||;FP=0|-1|-1|-1|0|-1|-1|-1;HT=ay29a033018045176;MF=rongwei.wang@linux.alibaba.com;NM=1;PH=DS;RN=7;SR=0;TI=SMTPD_---0VfUplq7_1680834049; Received: from 30.221.130.130(mailfrom:rongwei.wang@linux.alibaba.com fp:SMTPD_---0VfUplq7_1680834049) by smtp.aliyun-inc.com; Fri, 07 Apr 2023 10:20:50 +0800 Message-ID: <97551857-b2fe-eb26-88a0-780951b873d7@linux.alibaba.com> Date: Fri, 7 Apr 2023 10:20:48 +0800 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:102.0) Gecko/20100101 Thunderbird/102.9.1 Subject: Re: [PATCH v2] mm/swap: fix swap_info_struct race between swapoff and get_swap_pages() Content-Language: en-US To: Aaron Lu Cc: akpm@linux-foundation.org, bagasdotme@gmail.com, willy@infradead.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org, stable@vger.kernel.org References: <20230401221920.57986-1-rongwei.wang@linux.alibaba.com> <20230404154716.23058-1-rongwei.wang@linux.alibaba.com> <20230406140416.GA415291@ziqianlu-desk2> <20230406145754.GA440657@ziqianlu-desk2> From: Rongwei Wang In-Reply-To: <20230406145754.GA440657@ziqianlu-desk2> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Rspam-User: X-Rspamd-Server: rspam04 X-Rspamd-Queue-Id: AEAC8160008 X-Stat-Signature: pz9knb4stscxwfzxx39izy37ie5fhrgw X-HE-Tag: 1680834054-824404 X-HE-Meta: U2FsdGVkX19kGKUeyvrNf+OAP79p2mqV6akb453M0i7eXj57m2VjY0ufq9gsRfAD1tDSZHiHTQZzcZokeLljPRSUIQB6T3c+Pp1I666/80k9Q0oHJvz/gFQfI74NFPrK89ELdOL5NjkOA/ORcRkhvWd3yMwc+8uSXFvzMqtuPSW3rU8vzc2j/Dvx/1WrxLT5NLI5IUzhSsT9YNg6uyu8vQw6nBpM2ZPe1LVPgZ8QlWLa2oLaGB3imavIjqTwVFPAqyQc/rmKDCKf+fED81VqGDjmeWmjAh+wZHFTh0OTHj22f2xYbpbNMrRU3D2KVSaSnB5VpWDyVXw/GK6XMO5Xi8XG7EikpiQEJBOHJIHmAO8Lx4zvygLchFbAqJIPIlqrffGCbDW/Lhe72+GndFKUCZFWjW3iB9ZHilqdE6fl8mi91uowZRIKMrv0rHJqcVP5lfzWau36cNIEWE0OFjtp0LoqSPtpEmf6PyZY17jdZMONJyp32Z0eDLlt34jP6mRJotIADXLQDP9CBZ4pDTbS7WTUCFsujeo/PkkTIr6rL4s9wKa0UUB4WlOsMbU2tFw1tO0SZ6cY8aXDi1EvD/8yL+86cTcBaipM8N6VAOA1t+qZ8UWQjMlQ8EQ0sJgOHTcxz3IDBTTN/KGb1sLn3pkCsLQSdC/clfh8uuS8N92+yy0EHlznCM0/h03ODBAJEk14thVM2/dEl+KijAswtWx96vgRn9byecJMEHX0wc3uFG8KCMCWxNmePUaUw7k6kNL1tPe9MzHDwrO3hDOvuDT0yhGjJJ7ObQdsaVRz9SFmNNkqspQYl8UMAkJuvNmJISRiJof0CRY63rbUND3BigXeSoxRrmcRPxNyBiQ2lg06AUZg8Ol5TctKuiIH+pTyhDEXkCq9q0vrIV7tX2Tasp5cOfCOR+TxtvynCD0d5usF78B7Vb0CY+TwiX9We3kyjWPkh63st8RvYy3DSHYcyk1 8Vh6HYTA hQwC4rWiv5CFY1egUrqNNDJDVLml4YGiMgkEP1Bsg9Nvk0F5aPhnzYN141yavkVh21gvj2FtliSFmlpbv5tgOSE0HV9tVNTAdTke2RHssvPAZKsPQpBdMHpUZMeZ3JBI4iXIf6aKPPOb30bGXcYDgBCHwuB17OmLfDONb X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On 2023/4/6 22:57, Aaron Lu wrote: > On Thu, Apr 06, 2023 at 10:04:16PM +0800, Aaron Lu wrote: >> On Tue, Apr 04, 2023 at 11:47:16PM +0800, Rongwei Wang wrote: >>> The si->lock must be held when deleting the si from >>> the available list. Otherwise, another thread can >>> re-add the si to the available list, which can lead >>> to memory corruption. The only place we have found >>> where this happens is in the swapoff path. This case >>> can be described as below: >>> >>> core 0 core 1 >>> swapoff >>> >>> del_from_avail_list(si) waiting >>> >>> try lock si->lock acquire swap_avail_lock >>> and re-add si into >>> swap_avail_head >> confused here. >> >> If del_from_avail_list(si) finished in swaoff path, then this si should >> not exist in any of the per-node avail list and core 1 should not be >> able to re-add it. > I think a possible sequence could be like this: > > cpuX cpuY > swapoff put_swap_folio() > > del_from_avail_list(si) > taken si->lock > spin_lock(&si->lock); > > swap_range_free() > was_full && SWP_WRITEOK -> re-add! > drop si->lock > > taken si->lock > proceed removing si > > End result: si left on avail_list after being swapped off. > > The problem is, in add_to_avail_list(), it has no idea this si is being > swapped off and taking si->lock then del_from_avail_list() could avoid > this problem, so I think this patch did the right thing but the > changelog about how this happened needs updating and after that: Hi Aaron That's my fault. Actually, I don't refers specifically to swap_range_free() path in commit, mainly because cpuY can stand all threads which is waiting swap_avail_lock, then to call add_to_avail_list(), not only swap_range_free(), e.g. maybe swapon(). > > Reviewed-by: Aaron Lu Thanks for your time. -wrw > > Thanks, > Aaron >