From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id B588BC54E68 for ; Thu, 21 Mar 2024 08:25:23 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 41E9C6B007B; Thu, 21 Mar 2024 04:25:23 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 3CEDA6B0082; Thu, 21 Mar 2024 04:25:23 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 296CC6B0083; Thu, 21 Mar 2024 04:25:23 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id 1A7956B007B for ; Thu, 21 Mar 2024 04:25:23 -0400 (EDT) Received: from smtpin23.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id AA845A0735 for ; Thu, 21 Mar 2024 08:25:22 +0000 (UTC) X-FDA: 81920361684.23.6FE19DD Received: from mail-lj1-f169.google.com (mail-lj1-f169.google.com [209.85.208.169]) by imf26.hostedemail.com (Postfix) with ESMTP id BFB0F140009 for ; Thu, 21 Mar 2024 08:25:20 +0000 (UTC) Authentication-Results: imf26.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=ljwhKMgr; spf=pass (imf26.hostedemail.com: domain of huangzhaoyang@gmail.com designates 209.85.208.169 as permitted sender) smtp.mailfrom=huangzhaoyang@gmail.com; dmarc=pass (policy=none) header.from=gmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1711009520; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=WvfbnVb1eXdw0nR56d+eGwaeQ98n3D2nelDDY84opWQ=; b=qrZ2eui1fksfD2Z+90FdZIiP0D7O8NCGaCft1emo1+17+R7Ai1uzm4RZYY7jXl2p/fQeY1 mS3DJ1Dtmkffd/gBwHxAcsHtAilA4BjlUXBnEfHzAIvkrXRd/iHJEfAV0CB89UuafVW3Tq BVsJ3AVNhNeo+1lwoPmuAMjUhvWFLdk= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1711009520; a=rsa-sha256; cv=none; b=KPQ4dnmYcZ76skhxgv2Im8n4WcGl5Osb/KyXOMFA1OJqjVP4yOun+qEuxy9uKwetY7yvvO on7hDgom3VESUWMUbbuukhelzEMFD88e5nUNcfD72ysy54q48ljfDmw+iaguhDKvj73DJg cx5MJ+lUBix/6ZdCyRUjEJMW3RxMnwc= ARC-Authentication-Results: i=1; imf26.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=ljwhKMgr; spf=pass (imf26.hostedemail.com: domain of huangzhaoyang@gmail.com designates 209.85.208.169 as permitted sender) smtp.mailfrom=huangzhaoyang@gmail.com; dmarc=pass (policy=none) header.from=gmail.com Received: by mail-lj1-f169.google.com with SMTP id 38308e7fff4ca-2d4541bf57eso9599571fa.2 for ; Thu, 21 Mar 2024 01:25:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1711009519; x=1711614319; darn=kvack.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=WvfbnVb1eXdw0nR56d+eGwaeQ98n3D2nelDDY84opWQ=; b=ljwhKMgr3iKdBiqwJuOOsu3WqPCFJHuWQqjmypQfu7Fgj7I2l26+x55UpGDpk0KNyg a6ZTBQnvlk9+E8nfkUE3It3bhTNy1VPZFsyQs4Sb8NmNB2z5NJpkbUyyUflLyHCiJ5JT q8vEW7pXaJxXJ85J0HM1RPA7616Ia+hhFDTCPyeNsTMCJDQZQkLJe92AybFmqZQQx7am bKEx1PBQ8E3ZDWVt2fOPnmpIGnPCIqlzqfi+B9Tek28UlY/eS8gGSzL4i+DGAzTecH54 GZK9bqaiwmlZdIP8YOD3oAshPbwRzwDnBEgoRGN4M1+rFeVy4ZW9DMyMjQrkQN9P5ydV EGww== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1711009519; x=1711614319; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=WvfbnVb1eXdw0nR56d+eGwaeQ98n3D2nelDDY84opWQ=; b=eSqO894RFRpyMX0dsQslt9GxorW0fYrlO67kk92fksgW94qc76mF++sORs4nTifxeK aaVTj+9eq7QxcXsthZLZWwZ69dJaKbU3e8lh4vrh5yQ+Ox+KF1R/WWzhgDoOD1+u4DCK THhQe+EnHeJfro5Yw1u+d1ZXvvNOTG/8/VNV993CivTl+twRjo+BnEzeJWgpr7JZDAjM jcvyc5kvMY1l6+NJWQ3kbENbT7mbGVav1HETFJy32F8unTULsHqa8S0pi9DxjFutExSn PLa8zQ4fNBx37wycTPChOEdfWNtXdd9odGrm2HiG3LsHACYOiWY9eMaLVce7T7HumpbK fbIQ== X-Forwarded-Encrypted: i=1; AJvYcCWsnDzcEFdI6w+Ef6VT3Oex5hdQdkn9GLD6H9zBda8bIA6QDZsS8fQV6KwJjnqDnvIMuVC1DQc6ZxTjN2PeEzBhuZI= X-Gm-Message-State: AOJu0YxWa5N97cqdfFap5/lbBSSq3FJVDH4VY5Ccp8vGP/MIAPSUnS2s TQaIpyaleJ61wCJ37t+NNxaRSlxxvrXM3DyT0oIlbJQ0TLIA4dPka8V8gJBlJeWG2hkBjy8ISzZ XUVurHm5bsJqL0LcJCuzU7ne+LxY= X-Google-Smtp-Source: AGHT+IEt9k1X56Zro5+ZK8rC3NFut05nGKVcN4ug/t1dqN8rznCmffdfbnf8H7J+klnU07T6GWNLrSGA7labS9v/1LQ= X-Received: by 2002:a2e:95c8:0:b0:2d4:7285:b997 with SMTP id y8-20020a2e95c8000000b002d47285b997mr12064943ljh.27.1711009518775; Thu, 21 Mar 2024 01:25:18 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Zhaoyang Huang Date: Thu, 21 Mar 2024 16:25:07 +0800 Message-ID: Subject: Re: summarize all information again at bottom//reply: reply: [PATCH] mm: fix a race scenario in folio_isolate_lru To: Matthew Wilcox Cc: =?UTF-8?B?6buE5pyd6ZizIChaaGFveWFuZyBIdWFuZyk=?= , Andrew Morton , "linux-mm@kvack.org" , "linux-kernel@vger.kernel.org" , =?UTF-8?B?5bq357qq5ruoIChTdGV2ZSBLYW5nKQ==?= Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Stat-Signature: jdm158cx1oyjx98szj4bhgxep196b5r9 X-Rspamd-Server: rspam10 X-Rspamd-Queue-Id: BFB0F140009 X-Rspam-User: X-HE-Tag: 1711009520-424213 X-HE-Meta: U2FsdGVkX1+sa7hdrpJPeX861di3q3DeHAK58J94zdkCwslzX9dNrnX865tGRcPuLu7G/BoZJS+Uz8c2CtcgnZG/DDkBO4s7IFpbW7RNcydP/mGc/Dr6p8s6ulnP2aYN+IQLs0rwuE/3IitReVylRvgVvKfskwo+gE0FYZkQkbVJE208gTDGfZQ2LRqZoBFHvTwYh1XQaYRsbApe34XlV5r2qFmr8HHL8aFOTXCf9unqOhXe/4DdWgbBGFv4ntdOudKUPhAlKy8Esyi/2Au2isvlG5mQHEv0+CO9MeCnapNngvr45u1vxrHrwP82NnJJMM29c6K0qxjl2qfov4PZMBbNRKD1nfjrziCtOMvdP6Qsfzq2OgPCM56hNkNS5OHif9VBgMae2IbGqgvGt+orOChW6/zwOL+PCB+GzddDf052EIgnOs+93KJbzWcWW7OmJEOtSGJiRk/H3i5pCdPbGsaqUN624d16eYWFPo6NWPZipTVALHxmadiWNivkb26QxnA4VrRpNJucWNijNgjyO5QjP/2xfYeljd7/rWaVnaXTAGwIstFFE5hxxv87canSR/7lRMbAPPL5C53i4em4YxNW95gAL9jTEUUObkvQ2rDpbrI+FqmdZHHY7gnS8xN1K3QNhtHhRI5K5Y3BS4N2zOGbh3bFKecOENaXPA9ufLDUBQTYSuaavVFxbjWTw9kGvbgXn46fsd321qBRhkLDwV7NgIJuus46j1Kab+zX+1psJrwQ5sxqGSzxe0YiEbjVvLZV1dD/AhRqH9j100m+Yts1+4eSUzF06Rx/iSUdwoKeV/YELkX/fIEMBTBWNl+LEXrXyHkVMVXlbngPU+s/ROhOtVvaAI3u5PgpBgCImC7anjzSZ4TdafWVPD3AyurnS0vSjt4JbAPnZd+mzhopxAa+zIydbGgYKazunkxUVBhEN8SLrRwa5I7Vn/KOAVO+2L4Uldc/N5KGXklbxkJ FH/ucclT zTR7iEkfWOil3vkWehu9f01FXb+JQhmDviK5GdLD1XixiTclfIcSOpTZyvjEecisIpQuUcgNEWNASRWcvYHXQiridysYMPBudqujGOGaHRNSWBU7m324dy+/kLQzXJhe8sW28DFfaXXI/n0OqkhlscQLdw9ziOnZ7nKrOgwjlpttoJOfnGVAeDks08sk+oy9Y2graMMfxKWi1TTkxnHzRQjkXml09KDIWvD+QRyto45X6pZxP0j2Ozdej7IOrPiN9L5LV73RcCyCo7Rt/YyoIEABjNWpGPXAVdntH+lQrB25lrTT+NzYPapXQZcRVqHMKZHchfGVH+m9+6gY7hUUOfh3ZAf+Ce0FojaS1xJRAP3+w55p2V6XE5rZZsewaiTzaMQ8vKOTrnueKcSd493krxHd+meizc1kQT/s+FMexnUDvf7a1X48gZ2/87ALARXl+6lG36Fbrzeqd9mYOedGMAYJ1Dc6Ym9WO4RHKe0A6s7ZPk7tZZQktoj9Czg== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000969, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Tue, Mar 19, 2024 at 11:01=E2=80=AFAM Matthew Wilcox wrote: > > On Tue, Mar 19, 2024 at 08:48:42AM +0800, Zhaoyang Huang wrote: > > BTW, damon_pa_pageout is a potential risk over this race > > No it isn't. > > struct folio *folio =3D damon_get_folio(PHYS_PFN(addr)); > > if (!folio) > continue; > > if (damos_pa_filter_out(s, folio)) > goto put_folio; > > folio_clear_referenced(folio); > folio_test_clear_young(folio); > if (!folio_isolate_lru(folio)) > goto put_folio; > if (folio_test_unevictable(folio)) > folio_putback_lru(folio); > else > list_add(&folio->lru, &folio_list); > put_folio: > folio_put(folio); > > It clearly has a folio reference when it calls folio_isolate_lru(). ok. Could the scenario below be suspicious on leaving an orphan folio in step 7 and introduce the bug in step 8. In the scenario, Thread_filemap behaves as a backdoor for Thread_madv by creating the pte after Thread_truncate finishes cleaning all page tables. 0. Thread_bad gets the folio by folio_get_entry and stores it in its local fbatch_bad and go to sleep 1. Thread_filemap get the folio via filemap_map_pages->next_uptodate_folio->xas_next_entry and gets preempted refcnt =3D=3D 1(page_cache), PG_lru =3D=3D true 2. Thread_truncate get the folio via truncate_inode_pages_range->find_lock_entries refcnt =3D=3D 2(fbatch_trunc, page_cache), PG_lru =3D=3D true 3. Thread_truncate proceed to truncate_cleanup_folio refcnt =3D=3D 2(fbatch_trunc, page_cache), PG_lru =3D=3D true 4. Thread_truncate proceed to delete_from_page_cache_batch refcnt =3D=3D 1(fbatch_trunc), PG_lru =3D=3D true 5. Thread_filemap schedule back and proceed to setup a pte and have folio->_mapcnt =3D 0 & folio->refcnt +=3D 1 refcnt =3D=3D 2(pte, fbatch_temp), PG_lru =3D=3D true 6. Thread_madv clear folio's PG_lru by madvise_xxx_pte_range->folio_isolate_lru->folio_test_clear_lru refcnt =3D=3D 2(pte,fbatch_temp), PG_lru =3D=3D false 7. Thread_truncate call folio_fbatch_release and failed in freeing folio as refcnt not reach 0 refcnt =3D=3D 1(pte), PG_lru =3D=3D false ********folio becomes an orphan here which is not on the page cache but on the task's VM********** 8. Thread_xxx scheduled back from 0 to do release_pages(fbatch_bad) and have the folio introduce the bug.