From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=aGFf=KU=kvack.org=owner-linux-mm@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-13.3 required=3.0 tests=BAYES_00,DKIMWL_WL_MED,
	DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,
	MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_IN_DEF_DKIM_WL
	autolearn=no autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 1E570C2B9F8
	for <linux-mm@archiver.kernel.org>; Tue, 25 May 2021 15:33:54 +0000 (UTC)
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by mail.kernel.org (Postfix) with ESMTP id BAD9D613AB
	for <linux-mm@archiver.kernel.org>; Tue, 25 May 2021 15:33:53 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org BAD9D613AB
Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=google.com
Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix)
	id 48F776B0036; Tue, 25 May 2021 11:33:53 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 43FEF6B006E; Tue, 25 May 2021 11:33:53 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 2BA8E6B0070; Tue, 25 May 2021 11:33:53 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from forelay.hostedemail.com (smtprelay0040.hostedemail.com [216.40.44.40])
	by kanga.kvack.org (Postfix) with ESMTP id EA3896B0036
	for <linux-mm@kvack.org>; Tue, 25 May 2021 11:33:52 -0400 (EDT)
Received: from smtpin26.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251])
	by forelay03.hostedemail.com (Postfix) with ESMTP id 869828249980
	for <linux-mm@kvack.org>; Tue, 25 May 2021 15:33:52 +0000 (UTC)
X-FDA: 78180148704.26.08737B3
Received: from mail-lj1-f182.google.com (mail-lj1-f182.google.com [209.85.208.182])
	by imf17.hostedemail.com (Postfix) with ESMTP id 5433540B8CE4
	for <linux-mm@kvack.org>; Tue, 25 May 2021 15:33:48 +0000 (UTC)
Received: by mail-lj1-f182.google.com with SMTP id w7so25335154lji.6
        for <linux-mm@kvack.org>; Tue, 25 May 2021 08:33:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20161025;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=X49KMwK/wFJ5JRpDV/cPj1TnCcaYZUMIUrxY6R7DCKg=;
        b=im7/D+yVaQx6FpQ+llblSwQdRwG0A+5z3rqPbU+VMhK3kfxsYzfm9ktDfxJAPWcbak
         mIrqCt4KVwD1I0W+yIrbN3ZQvsLLtYbH1S+h/1a1et4secGpPSIN0HiA9Aa+hTBvyLPy
         0LS6+bGEDy3CYKRIcY8G0Y2ov96/5OqC0CTNtiPWe+kPaeob9WAui/xL572OdawACfX5
         qC6GoSPieg+nFJp0QocPu/DV+14vxwwH7gCf3HTIsc6SAbb/EiSZepvtgrQ/Wj5do4Oy
         eQaAYOPBrDSqTVbf8+ZN5jj/2S88yHdsY4x0lvMx8JSTs7nKGgDe7jobMwsi9ndtZJtT
         4xaQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=X49KMwK/wFJ5JRpDV/cPj1TnCcaYZUMIUrxY6R7DCKg=;
        b=Y5d83V1qN1dsprYePsh/Np7PtFbIKeJoZCugtVZcfSwL2wrrdj//H5yGbkfDCJJ/H7
         lSmO5lifx8ks5pAYBb/Ar6aXRdjMKNKfnoDa5AZLnsor0oyfAvsH7NavFMdzXIDGO8Pk
         CSDPP8edxNxeUxLNXgP7MwnGTUOI1M/NbeYb4NGlkEMQU7efkfbJgDRwFX7BJCahPN6y
         BBa+cBWVhgrxQAFc/EmqZjA9dFBSZ33yXS5UyxAQvqLC/tT8bSoTak+eKLlDLdAhWkU5
         l0SzYlJK8gySaufvmypbYGvqTtIMLFMFnHg6zdz9rzf/eveQnkuHO+wddRMCji5Rne9L
         vL8w==
X-Gm-Message-State: AOAM532EjUw/wMQrg4To19+nduRHHQtZ9tXnrKOlR26DIS+vKWMv+oQO
	UvvOaMPF0+oYUyveNLMTZcJQGdsyv857K0kP22ry3A==
X-Google-Smtp-Source: ABdhPJxW1F4wWTwQEstaJ2F6GBFViSsp+FTGJ5nQLzA4Hzj1FHhM7WeZcOf1WfX1bwG/4s89xV//q29rhiqnW9ZFaBw=
X-Received: by 2002:a2e:b80b:: with SMTP id u11mr22068665ljo.94.1621956830209;
 Tue, 25 May 2021 08:33:50 -0700 (PDT)
MIME-Version: 1.0
References: <20210524233946.20352-1-vbabka@suse.cz> <20210524233946.20352-26-vbabka@suse.cz>
In-Reply-To: <20210524233946.20352-26-vbabka@suse.cz>
From: Jann Horn <jannh@google.com>
Date: Tue, 25 May 2021 17:33:23 +0200
Message-ID: <CAG48ez1mvUuXwg0YPH5ANzhQLpbphqk-ZS+jbRz+H66fvm4FcA@mail.gmail.com>
Subject: Re: [RFC 25/26] mm, slub: use migrate_disable() in put_cpu_partial()
To: Vlastimil Babka <vbabka@suse.cz>
Cc: Linux-MM <linux-mm@kvack.org>, kernel list <linux-kernel@vger.kernel.org>, 
	Christoph Lameter <cl@linux.com>, David Rientjes <rientjes@google.com>, Pekka Enberg <penberg@kernel.org>, 
	Joonsoo Kim <iamjoonsoo.kim@lge.com>, Sebastian Andrzej Siewior <bigeasy@linutronix.de>, 
	Thomas Gleixner <tglx@linutronix.de>, Mel Gorman <mgorman@techsingularity.net>, 
	Jesper Dangaard Brouer <brouer@redhat.com>, Peter Zijlstra <peterz@infradead.org>
Content-Type: text/plain; charset="UTF-8"
Authentication-Results: imf17.hostedemail.com;
	dkim=pass header.d=google.com header.s=20161025 header.b="im7/D+yV";
	dmarc=pass (policy=reject) header.from=google.com;
	spf=pass (imf17.hostedemail.com: domain of jannh@google.com designates 209.85.208.182 as permitted sender) smtp.mailfrom=jannh@google.com
X-Stat-Signature: qrqwj9cyptu66jbq3xzxoxfmbpo3oo8c
X-Rspamd-Queue-Id: 5433540B8CE4
X-Rspamd-Server: rspam02
X-HE-Tag: 1621956828-406310
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

On Tue, May 25, 2021 at 1:40 AM Vlastimil Babka <vbabka@suse.cz> wrote:
> In put_cpu_partial, we need a stable cpu, but being preempted is not an issue.
> So, disable migration instead of preemption.

I wouldn't say "not an issue", more like "you're not making it worse".

>From what I can tell, the following race can already theoretically happen:

task A: put_cpu_partial() calls preempt_disable()
task A: oldpage = this_cpu_read(s->cpu_slab->partial)
interrupt: kfree() reaches unfreeze_partials() and discards the page
task B (on another CPU): reallocates page as page cache
task A: reads page->pages and page->pobjects, which are actually
halves of the pointer page->lru.prev
task B (on another CPU): frees page
interrupt: allocates page as SLUB page and places it on the percpu partial list
task A: this_cpu_cmpxchg() succeeds

which would cause page->pages and page->pobjects to end up containing
halves of pointers that would then influence when put_cpu_partial()
happens and show up in root-only sysfs files. Maybe that's acceptable,
I don't know. But there should probably at least be a comment for now
to point out that we're reading union fields of a page that might be
in a completely different state.

(Someone should probably fix that code sometime and get rid of
page->pobjects entirely, given how inaccurate it is...)